...Everything can be a specialArg. Anything can be hidden in trusted.

config/users/kat/default.nix

@@ -1,7 +1,7 @@
 let katUser = { lib }: let
   trustedImport = {
     config.home-manager.users.kat = {
-      imports = lib.optional (builtins.pathExists ../../trusted/users/kat) (import ../../trusted/users/kat);
+      imports = lib.optional (builtins.pathExists ../../trusted/users/kat) (import ../../trusted/users/kat/home.nix);
     };
   }; userImport = profile: { config, ... }: {
   config.home-manager.users.kat = {

default.nix

@@ -1,49 +1,73 @@
 let
+  # Sources are from niv.
   sources = import ./nix/sources.nix;
+  # We pass sources through to pkgs and get our nixpkgs + overlays.
   pkgs = import ./pkgs { inherit sources; };
+  # We want our overlaid lib.
   inherit (pkgs) lib;
-  sourceCache = import ./cache.nix {
+  # This is used for caching niv sources in CI.
-    inherit sources lib;
+  sourceCache = import ./cache.nix { inherit sources lib; };
-  };
+
-  publicServices = lib.modList {
+  /*
-    modulesDir = ./config/services;
+  This is used to generate specialArgs + the like. It works as such:
-  };
+    * A <argGenName> can exist at config/<argGenName>.
-  privateServices-base = lib.mkIf (builtins.pathExists ./config/trusted/services) (lib.modList {
+    * A <argGenName> can exist at config/trusted/<argGenName>.
-    modulesDir = ./config/trusted/services;
+  If only one exists, the path for that one is returned.
-  });
+  Otherwise a module is generated which contains both import paths.
-  privateServices = privateServices-base.content;
+  */
-  services = lib.modListMerge publicServices privateServices;
+  argGenNames = [ "profiles" "users" "targets" "services" ];
-  profiles = lib.modList {
+  argGen = lib.mapListToAttrs (folder: lib.nameValuePair folder (lib.domainMerge { inherit folder; })) argGenNames;
-    modulesDir = ./config/profiles;
+
-  };
+  /*
-  targets = lib.removeAttrs (lib.modList {
+  This produces an attrSet of hosts based upon:
-    modulesDir = ./config/targets;
+    * hosts being located within config/hosts/<hostname>/
-  }) ["common"];
+  */
-  users = lib.modList {
+  hosts = lib.domainMerge {
-    modulesDir = ./config/users;
+    folder = "hosts";
+    defaultFile = "meta.nix";
   };
+
+  /*
+  We use this to make the meta runner use this file and to use `--show-trace` on nix-builds.
+  We also pass through pkgs to meta this way.
+  */
   metaConfig = import ./meta-base.nix {
     inherit pkgs lib;
   };
-  hostNames = [
+
-    "dummy"
+  # This is where the meta config is evaluated.
-    "athame"
-    "beltane"
-    "samhain"
-    "yule"
-    # "mabon"
-    # "ostara"
-  ];
   eval = lib.evalModules {
     modules = [
       metaConfig
-      targets.personal
+      argGen.targets.personal
-      targets.infra
+      argGen.targets.infra
+      hosts.dummy
+      hosts.athame
+      hosts.beltane
+      hosts.samhain
+      hosts.yule
       ./config/modules/meta/default.nix
-    ] ++ map (hostName: ./config/hosts + "/${hostName}/meta.nix") hostNames;
+    ] ++ (lib.optional (builtins.pathExists ./config/trusted/meta.nix) ./config/trusted/meta.nix);
     specialArgs = {
-      inherit sources profiles users services;
+      inherit sources;
+      inherit (argGen) profiles users services;
     };
   };
+
+  # The evaluated meta config.
   inherit (eval) config;
-in config // { inherit pkgs sourceCache sources; }
+
+/*
+  Please note all specialArg generated specifications use the folder common to both import paths.
+  Those import paths are as mentioned above next to `argGenNames`.
+
+  This provides us with a ./. that contains (most relevantly):
+    * deploy.targets -> a mapping of target name to host names
+    * network.nodes -> host names to host NixOS + home-manager configs
+    * profiles -> the specialArg generated from profiles/
+    * users -> the specialArg generated from users/
+    * targets -> the specialArg generated from targets/
+      * do not use common, it is tf-nix specific config ingested at line 66 of config/modules/meta/deploy.nix for every target.
+    * services -> the specialArg generated from services/
+*/
+in config // { inherit pkgs hosts sourceCache sources; } // argGen

pkgs/lib/default.nix

@@ -12,6 +12,7 @@
 {
   inherit (colorHelpers) hextorgba;
   hostImport = import ./host-import.nix { inherit lib; };
+  domainMerge = import ./domain-merge.nix { inherit lib; };
   modListMerge = import ./intersect-merge.nix { inherit lib; };
   modList = import ./module-list.nix { inherit lib; };
 }; in katlib

pkgs/lib/domain-merge.nix

@@ -0,0 +1,7 @@
+{ lib }: { folder, defaultFile ? "default.nix" }: with lib; let
+  folderNames = [ (../../config + "/${folder}") (../../config/trusted + "/${folder}") ];
+  folderModLists = map (folderName: modList {
+    modulesDir = folderName;
+    inherit defaultFile;
+  }) (filter builtins.pathExists folderNames);
+in foldl modListMerge { } folderModLists

pkgs/lib/module-list.nix

@@ -12,7 +12,7 @@ let
   directories =
     filterAttrNamesToList (_: type: type == "directory") (readDir modulesDir);
   files = map (dir: nameValuePair dir (modulesDir + "/${dir}/${defaultFile}"))
-    directories;
+  (filter (f: builtins.pathExists (modulesDir + "/${f}/${defaultFile}")) directories);
   modules = map
     ({ name, value }:
       # if the file contains a function, assume it to be a module and pass the path