feat: pulumi, nix-std, ...

.gitignore

@@ -1,2 +1,4 @@
-result
+*.pyc
+venv/
 .direnv/
+result

Pulumi.yaml

@@ -0,0 +1,6 @@
+name: kittywitch
+description: The Katzian Monorepo
+runtime:
+    name: python
+    options:
+        virtualenv: venv

__main__.py

@@ -0,0 +1,22 @@
+"""The Katzian Monorepo Pulumi Stack"""
+
+import pulumi
+from pulumi import Output
+import pulumi_tailscale as tailscale
+#import pulumi_cloudflare as cloudflare
+
+tailnet = tailscale.get_devices()
+
+domain_names = [
+    "inskip.me",
+    "gensokyo.zone",
+    "kittywit.ch",
+    "dork.dev"
+]
+
+#domains = {zone: cloudflare.Zone(
+#    jump_start = False,
+#    resource_name = zone,
+#    zone = zone,
+#    plan = "free"
+#) for zone in domain_names}

common/home.nix

@@ -3,10 +3,10 @@
   tree,
   machine,
   systemType,
-  lib,
+  std,
   ...
 }: let
-  inherit (lib.lists) optional;
+  inherit (std) list;
 in {
   home-manager = {
     useGlobalPkgs = true;
@@ -15,13 +15,13 @@ in {
       [
         modules.home
       ]
-      ++ optional (tree.${systemType} ? home) tree.${systemType}.home;
+      ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home;
 
     users.kat.imports = with tree.kat; [
       common
     ];
     extraSpecialArgs = {
-      inherit tree machine;
+      inherit tree machine std;
       parent = config;
     };
   };

common/nix.nix

@@ -1,19 +1,22 @@
 {
   config,
   lib,
+  std,
   inputs,
+  tree,
   ...
 }: let
-  inherit (lib.attrsets) mapAttrs mapAttrsToList;
+  inherit (std) set tuple list;
-  inherit (lib.lists) optional;
   inherit (lib.strings) versionAtLeast;
+  renameAttrs = names: set.remap ({_0, _1}: tuple.tuple2 (names.${_0} or _0) _1);
+  renameAttr = oldName: newName: renameAttrs { ${oldName} = newName; };
 in {
   nix = {
-    nixPath = mapAttrsToList (name: flake: "${name}=${flake}") inputs;
+    nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") (renameAttr "self" "kat" inputs);
-    registry = mapAttrs (_: flake: {inherit flake;}) inputs;
+    registry = set.map (_: flake: {inherit flake;}) inputs;
 
     settings = {
-      experimental-features = optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
+      experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
       substituters = ["https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org"];
       trusted-public-keys = ["arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
       auto-optimise-store = true;

darwin/common/homebrew.nix

@@ -3,7 +3,7 @@ _: {
     enable = true;
     onActivation = {
       upgrade = true;
-      cleanup = "zap";
+      cleanup = "uninstall";
     };
     brews = [
       "mas"

default.nix

@@ -1,9 +1,11 @@
 let
-  inputs = import ./inputs.nix;
+  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-  self = import ./outputs.nix ({
+  flakeCompat = fetchTarball {
-      inherit self inputs;
+    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-      system = builtins.currentSystem;
+    sha256 = lock.nodes.flake-compat.locked.narHash;
-    }
+  };
-    // inputs);
+  kittywitch = import flakeCompat {
+    src = ./.;
+  };
 in
-  self
+  kittywitch.defaultNix

flake.lock

@@ -98,11 +98,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1673948101,
+        "lastModified": 1674041176,
-        "narHash": "sha256-cD0OzFfnLFeeaz4jVszH9QiMTn+PBxmcYzrp+xujpwM=",
+        "narHash": "sha256-cMf1BQzI39nHQ0H/mOatthbbI3392qLmJ9gU0u520P4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bd3efacb82c721edad1ce9eda583df5fb62ab00a",
+        "rev": "2c29ae48f9a149151bdd82f429ac61d4412c312a",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
     "pypi-deps-db": {
       "flake": false,
       "locked": {
-        "lastModified": 1673954576,
+        "lastModified": 1674040379,
-        "narHash": "sha256-fsnuDr954gveIRxcqIq2UKJDppQpYdoLbtl5MZlIDrE=",
+        "narHash": "sha256-g0TSvbl31l81qYIMGIM7p1buPaA9rHM3N/WFD6Zk/RY=",
         "owner": "DavHau",
         "repo": "pypi-deps-db",
-        "rev": "7def05c2f169bc69abd2217e1410ef0cf0cd03c8",
+        "rev": "322a4f20c357704644abe8c2e50412e9b9c16909",
         "type": "github"
       },
       "original": {
@@ -228,6 +228,7 @@
         "pypi-deps-db": "pypi-deps-db",
         "ragenix": "ragenix",
         "scalpel": "scalpel",
+        "std": "std",
         "tree": "tree",
         "utils": "utils_2"
       }
@@ -280,18 +281,36 @@
         "type": "github"
       }
     },
+    "std": {
+      "locked": {
+        "lastModified": 1671250799,
+        "narHash": "sha256-uPIakP98gOf6504NtrAb2/0O0BgRRXNShM0PTV8z+T0=",
+        "owner": "chessai",
+        "repo": "nix-std",
+        "rev": "b300fd6dfeae8cc331c7d8cde0e81b404d50d40c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "chessai",
+        "repo": "nix-std",
+        "type": "github"
+      }
+    },
     "tree": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
+        ],
+        "std": [
+          "std"
         ]
       },
       "locked": {
-        "lastModified": 1670085069,
+        "lastModified": 1674066361,
-        "narHash": "sha256-IO9HcAjncPp/0sUGcCUWVwa0XoBVFQKx+oY+8EBRcTc=",
+        "narHash": "sha256-1f7L1be7u3x0jNDJ+W641kM9pZfd2ZLkjziRvKIZMvw=",
         "owner": "kittywitch",
         "repo": "tree",
-        "rev": "501675588cb663a9bd18056002de697f4e91b667",
+        "rev": "638ad6549febe360b0120375cae2bc3bb3b477f3",
         "type": "github"
       },
       "original": {

flake.nix

@@ -6,6 +6,10 @@
       url = "github:edolstra/flake-compat";
       flake = false;
     };
+    # better than nixpkgs.lib
+    std = {
+      url = "github:chessai/nix-std";
+    };
     # used for overriding unwanted flake inputs
     empty.url = "github:input-output-hk/empty-flake";
     # self-explanatory
@@ -25,6 +29,7 @@
     # file structure -> attrset
     tree = {
       url = "github:kittywitch/tree";
+      inputs.std.follows = "std";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     # secrets
@@ -71,5 +76,5 @@
       flake = false;
     };
   };
-  outputs = inputs: import ./outputs.nix inputs;
+  outputs = inputs: import ./outputs.nix { inherit inputs; };
 }

inputs.nix

@@ -1,11 +0,0 @@
-let
-  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-  flakeCompat = fetchTarball {
-    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-    sha256 = lock.nodes.flake-compat.locked.narHash;
-  };
-  kittywitch = import flakeCompat {
-    src = ./.;
-  };
-in
-  kittywitch.defaultNix.inputs

kat/base16.nix

@@ -2,7 +2,9 @@
   pkgs,
   lib,
   ...
-}: {
+}: let
+  inherit (lib.modules) mkMerge;
+in {
   base16 = {
     vim.enable = false;
     vim.template = data: let
@@ -32,7 +34,7 @@
           ];
       });
     shell.enable = true;
-    schemes = lib.mkMerge [
+    schemes = mkMerge [
       {
         light = "atelier.atelier-cave-light";
         dark = "atelier.atelier-cave";

kat/default.nix

@@ -1,14 +1,14 @@
 {
   tree,
-  lib,
+  std,
   ...
 }: let
-  inherit (lib.attrsets) mapAttrs;
+  inherit (std) set list;
   wrapImports = imports:
-    mapAttrs
+    set.map
     (_: paths: {config, ...}: {
       config.home-manager.users.kat = {
-        imports = lib.singleton paths;
+        imports = list.singleton paths;
       };
     })
     imports;

kat/neovim/default.nix

@@ -1,12 +1,12 @@
 {
   config,
   lib,
+  std,
   pkgs,
   ...
 }: let
   inherit (lib.modules) mkIf;
-  inherit (lib.strings) fixedWidthNumber hasInfix;
+  inherit (std) string set;
-  inherit (lib.attrsets) mapAttrs filterAttrs;
   packDir = builtins.toString (pkgs.vimUtils.packDir config.programs.neovim.generatedConfigViml.configure.packages);
   initLua = pkgs.substituteAll ({
       name = "init.lua";
@@ -16,8 +16,8 @@
       inherit (config.base16) defaultSchemeName;
       defaultSchemeSlug = config.base16.defaultScheme.slug;
     }
-    // mapAttrs (_: col: fixedWidthNumber 2 col.ansiIndex)
+    // set.map (_: col: string.justifyRight 2 "0" (builtins.toString col.ansiIndex))
-    (filterAttrs (var: _: hasInfix "base" var) config.base16.defaultScheme));
+    (set.filter (var: _: string.hasInfix "base" var) config.base16.defaultScheme));
 in {
   home.sessionVariables = mkIf config.programs.neovim.enable {EDITOR = "nvim";};
 

kat/shell/bitw.nix

@@ -7,7 +7,7 @@
     enable = true;
     package = pkgs.rbw-bitw;
     settings = {
-      inherit (import tree.kat.user.data) email;
+      inherit (tree.kat.user.data) email;
       base_url = "https://vault.kittywit.ch";
       identity_url = null;
       lock_timeout = 3600;

kat/shell/fzf.nix

@@ -1,15 +1,15 @@
 {
   pkgs,
-  lib,
+  std,
   ...
 }: let
-  inherit (lib.lists) optional;
+  inherit (std) list;
 in {
   programs.fzf = {
     enable = true;
     enableZshIntegration = true;
   };
-  programs.zsh.plugins = optional (pkgs.hostPlatform == pkgs.buildPlatform) {
+  programs.zsh.plugins = list.optional (pkgs.hostPlatform == pkgs.buildPlatform) {
     name = "fzf-tab";
     src = "${pkgs.zsh-fzf-tab}/share/fzf-tab";
   };

kat/shell/git.nix

@@ -2,9 +2,7 @@
   pkgs,
   tree,
   ...
-}: let
+}: {
-  kat = import tree.kat.user.data;
-in {
   home.packages = with pkgs; [
     gitAndTools.git-remote-gcrypt
     git-crypt
@@ -12,7 +10,7 @@ in {
   ];
 
   programs.git = {
-    inherit (kat) userName userEmail;
+    inherit (tree.kat.user.data) userName userEmail;
     package = pkgs.gitAndTools.gitFull;
     enable = true;
     extraConfig = {
@@ -25,7 +23,7 @@ in {
       };
     };
     signing = {
-      inherit (kat) key;
+      inherit (tree.kat.user.data) key;
       signByDefault = true;
     };
   };

kat/shell/rink.nix

@@ -1,16 +1,16 @@
 {
   pkgs,
-  lib,
+  std,
   ...
 }: let
-  inherit (lib) toTOML;
+  inherit (std) serde;
 in {
   home.packages = with pkgs; [
     #rink-readline TODO: wait for fix
     rink
   ];
 
-  xdg.configFile."rink/config.toml".text = toTOML {
+  xdg.configFile."rink/config.toml".text = serde.toTOML {
     colors = {
       enabled = true;
       theme = "my_theme";

kat/shell/tmux.nix

@@ -1,9 +1,9 @@
 {
-  lib,
+  std,
   pkgs,
   ...
 }: let
-  inherit (lib.attrsets) mapAttrs;
+  inherit (std) set;
 in {
   programs.zsh.shellAliases = {
     tt = "tmux new -AD -s";
@@ -13,7 +13,7 @@ in {
     terminal = "tmux-256color";
     keyMode = "vi";
     baseIndex = 1;
-    extraConfig = with mapAttrs (_: v: "colour${toString v}") pkgs.base16.shell.shell256; ''
+    extraConfig = with set.map (_: v: "colour${builtins.toString v}") pkgs.base16.shell.shell256; ''
       # proper title handling
       set -g set-titles on
       set -g set-titles-string "#T"

kat/shell/zsh.nix

@@ -1,15 +1,19 @@
 {
   config,
   lib,
+  std,
   pkgs,
   ...
-}: {
+}: let
+  inherit (lib.modules) mkMerge mkIf;
+  inherit (std) string list serde;
+in {
   home.packages = with pkgs; [
     # programs.zsh.enableAutosuggestions only includes nix-zsh-autocompletions
     zsh-completions
   ];
 
-  xdg.configFile."kattheme_immutable.json".text = builtins.toJSON rec {
+  xdg.configFile."kattheme_immutable.json".text = serde.toJSON rec {
     default = config.base16.defaultSchemeName;
     current = default;
   };
@@ -73,7 +77,7 @@
                 zstyle ':completion:*:complete:pass:*:*' matcher 'r:|[./_-]=** r:|=*' 'l:|=* r:|=*'
                 zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
       zstyle ':fzf-tab:complete:cd:*' fzf-preview 'exa -1lb --color=always $realpath'
-        ${lib.concatStringsSep "\n" (map (opt: "setopt ${opt}") zshOpts)}
+        ${string.concatSep "\n" (map (opt: "setopt ${opt}") zshOpts)}
       bindkey '^ ' autosuggest-accept
         ${
         if pkgs.hostPlatform.isDarwin
@@ -83,13 +87,13 @@
         else ""
       }
     '';
-    shellAliases = lib.mkMerge [
+    shellAliases = mkMerge [
       {
         nixdirfmt = "nixpkgs-fmt $(fd -e nix)";
         dmesg = "dmesg -HP";
         hg = "history 0 | rg";
       }
-      (lib.mkIf pkgs.hostPlatform.isLinux {
+      (mkIf pkgs.hostPlatform.isLinux {
         sys = "systemctl";
         sysu = "systemctl --user";
         logu = "journalctl --user";
@@ -101,7 +105,7 @@
       ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=3,bold";
       ZSH_AUTOSUGGEST_USE_ASYNC = 1;
     };
-    plugins = with pkgs.zsh-plugins; (map (plugin: plugin.zshPlugin) [
+    plugins = with pkgs.zsh-plugins; (list.map (plugin: plugin.zshPlugin) [
       tab-title
       vim-mode
       evil-registers

kat/user/common.nix

@@ -4,7 +4,7 @@
   ...
 }: {
   users.users.kat = {
-    inherit (import tree.kat.user.data) description;
+    inherit (tree.kat.user.data) description;
     shell = pkgs.zsh;
   };
 }

kat/user/data.nix

@@ -1,4 +1,4 @@
-rec {
+_: rec {
   description = "Kat Inskip";
   email = "kat@inskip.me";
   keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== pgp-${email}"];

kat/user/nixos.nix

@@ -3,7 +3,7 @@
     uid = 1000;
     isNormalUser = true;
     openssh.authorizedKeys = {
-      inherit (import tree.kat.user.data) keys;
+      inherit (tree.kat.user.data) keys;
     };
     extraGroups = [
       "wheel"

nixos/server.nix

@@ -1,5 +1,5 @@
-{lib, ...}: let
+{std, ...}: let
-  inherit (lib.attrsets) mapAttrsToList;
+  inherit (std) set;
 in {
-  systemd.tmpfiles.rules = mapAttrsToList (username: _: "f /var/lib/systemd/linger/${username}") config.users.users;
+  systemd.tmpfiles.rules = set.mapToValues (username: _: "f /var/lib/systemd/linger/${username}") config.users.users;
 }

outputs.nix

@@ -1,7 +1,8 @@
-inputs: let
+{ inputs }: let
   inherit (inputs.nixpkgs) lib;
+  std = import ./std.nix {inherit inputs;};
   tree = import ./tree.nix {inherit inputs;};
-  systems = import ./systems {inherit inputs tree lib;};
+  systems = import ./systems {inherit inputs tree lib std;};
-  shells = import ./shells {inherit inputs tree lib;};
+  shells = import ./shells {inherit inputs tree lib std;};
 in
-  {inherit inputs tree lib;} // systems // shells
+  {inherit inputs tree lib std;} // systems // shells

requirements.txt

@@ -0,0 +1,3 @@
+pulumi>=3.0.0,<4.0.0
+pulumi-tailscale
+pulumi-cloudflare

shells/default.nix

@@ -2,17 +2,17 @@
   lib,
   tree,
   inputs,
+  std,
   ...
 }: let
-  inherit (lib.attrsets) mapAttrs;
+  inherit (std) set;
 in
   inputs.utils.lib.eachDefaultSystem (system: {
     devShells = let
-      shells = mapAttrs (_: path:
+      shells = set.map (_: path:
         import path rec {
-          inherit tree inputs system;
+          inherit tree inputs system lib std;
           pkgs = inputs.nixpkgs.legacyPackages.${system};
-          inherit (inputs.nixpkgs) lib;
         })
       tree.shells;
     in

shells/repo.nix

@@ -1,22 +1,38 @@
 {
   pkgs,
   inputs,
-  system,
+  std,
   ...
 }:
 with pkgs; let
-  repo = import ../outputs.nix (inputs // {inherit inputs system;});
+  repo = import ../outputs.nix { inherit inputs; };
-  inherit (lib.attrsets) mapAttrsToList;
+  inherit (std) set list;
-in
+  python = "python39";
-  mkShell {
+  mergeEnvs = envs:
+    pkgs.mkShell (list.foldl'
+      (a: v: {
+        buildInputs = a.buildInputs ++ v.buildInputs;
+        nativeBuildInputs = a.nativeBuildInputs ++ v.nativeBuildInputs;
+      })
+      (pkgs.mkShell { })
+      envs);
+  requirements = builtins.readFile ../requirements.txt;
+  mach-nix-wrapper = import inputs.mach-nix { inherit pkgs python; };
+  pythonShell = mach-nix-wrapper.mkPythonShell { inherit requirements; };
+  repoShell = mkShell {
     nativeBuildInputs =
       [
+        go # Required for pulumi
+        pulumi # Infrastructure as code
+        python39Packages.pulumi # Pulumi for Python!
+        pulumiPackages.pulumi-language-python # Python!
         deadnix # dead-code scanner
         alejandra # code formatter
         statix # anti-pattern finder
       ]
-      ++ mapAttrsToList (name: _: (pkgs.writeShellScriptBin "${name}-rebuild" ''
+      ++ set.values (set.map (name: _: (pkgs.writeShellScriptBin "${name}-rebuild" ''
         darwin-rebuild switch --flake $REPO_ROOT#${name}
       ''))
-      repo.darwinConfigurations;
+      repo.darwinConfigurations);
-  }
+  };
+in mergeEnvs [ repoShell pythonShell ]

std.nix

@@ -0,0 +1,63 @@
+{ inputs, ... }: let
+  std = let
+    baseStd = inputs.std.lib;
+    inherit (baseStd) set function list bool types optional;
+    mergeWith = let
+      append = {
+        path
+      , values
+      , canMerge
+      , mapToSet
+      }: let
+        mergeWith' = values: mergeWith {
+          inherit canMerge mapToSet path;
+          sets = list.map (v: (mapToSet path v).value) values;
+        };
+        mergeUntil = list.findIndex (function.not (canMerge path)) values;
+        len = list.length values;
+      in if len == 0 then { }
+      else if len == 1 then list.unsafeHead values
+      else if list.all (canMerge path) values then mergeWith' values
+      else optional.match mergeUntil {
+        just = i: let
+          split = list.splitAt i values;
+        in if i > 0
+          then mergeWith' split._0
+          else list.unsafeHead values;
+        nothing = list.unsafeHead values;
+      };
+    in {
+      canMerge ? path: v: optional.isJust (mapToSet path v),
+      mapToSet ? path: v: bool.toOptional (types.attrs.check v) v,
+      path ? [ ],
+      sets
+    }: set.mapZip (name: values: append {
+      path = path ++ list.One name;
+      inherit canMerge mapToSet values;
+    }) sets;
+    merge = sets: mergeWith {
+      inherit sets;
+    };
+  in merge [
+    baseStd
+    {
+      function = {
+        pipe = list.foldl' (function.flip function.compose) function.id;
+      };
+      set = {
+        inherit merge mergeWith;
+        remap = f: s: set.fromList (list.map f (set.toList s));
+        recursiveMap = f: s: let
+          recurse = str: s: let
+            g = str1: str2:
+              if types.attrs.check str2
+              then f (str ++ [str1]) (recurse (str ++ [str1]) str2)
+              else f (str ++ [str1]) str2;
+          in
+            set.map g s;
+        in
+          f [] (recurse [] s);
+      };
+    }
+  ];
+in std

systems/default.nix

@@ -2,25 +2,24 @@
   inputs,
   tree,
   lib,
+  std,
   ...
 }: let
   # The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain.
-  inherit (lib.lists) fold;
-  inherit (lib.attrsets) mapAttrs mapAttrsToList recursiveUpdate;
-  inherit (lib.strings) toLower;
-  inherit (lib.options) mkOption;
-  inherit (lib.types) str listOf attrs unspecified;
   inherit (lib.modules) evalModules;
-  recursiveMergeAttrs = fold recursiveUpdate {};
+  inherit (std) string list function types bool optional set;
   defaultSpecialArgs = {
-    inherit inputs tree;
+    inherit inputs tree std;
   };
   hostModule = {
     config,
     machine,
     ...
   }: {
-    options = {
+    options = let
+      inherit (lib.types) str listOf attrs unspecified;
+      inherit (lib.options) mkOption;
+    in {
       arch = mkOption {
         description = "Processor architecture of the host";
         type = str;
@@ -60,7 +59,7 @@
             darwin = "darwin";
             linux = "linux";
           }
-          .${toLower config.type};
+          .${string.toLower config.type};
       in "${config.arch}-${kernel}";
       folder =
         {
@@ -69,7 +68,7 @@
           darwin = "darwin";
           linux = "linux";
         }
-        .${toLower config.type};
+        .${string.toLower config.type};
       modules = with tree; [
         tree.modules.${config.folder}
         tree.${config.folder}.common
@@ -82,7 +81,7 @@
           darwin = inputs.darwin.lib.darwinSystem;
           macos = inputs.darwin.lib.darwinSystem;
         }
-        .${toLower config.type};
+        .${string.toLower config.type};
       specialArgs =
         {
           inherit machine;
@@ -91,7 +90,7 @@
         // defaultSpecialArgs;
     };
   };
-  hostConfigs = mapAttrs (name: path:
+  hostConfigs = set.map (name: path:
     evalModules {
       modules = [
         hostModule
@@ -123,4 +122,4 @@
       else hostConfig;
   };
 in
-  recursiveMergeAttrs (mapAttrsToList processHost hostConfigs)
+  set.merge (set.mapToValues processHost hostConfigs)

systems/sumireko.nix

@@ -68,16 +68,19 @@ _: let
         "brave-browser"
         "disk-inventory-x"
         "dozer"
-        "firefox"
         "devtoys"
         "cyberduck"
         "docker"
         "pycharm-ce"
+        "vscode"
         "slack"
         "boop"
         "obsidian"
         "contexts"
       ];
+      taps = [
+        "pulumi/tap"
+      ];
       masApps = {
         Tailscale = 1475387142;
         Dato = 1470584107;

tree.nix

@@ -29,6 +29,7 @@
     # Re-map home directory profiles
     kat.evaluateDefault = true;
     "kat/user".evaluateDefault = true;
+    "kat/user/data".evaluate = true;
     # Allow profile importing
     "nixos/*".functor.enable = true;
     "darwin/*".functor.enable = true;