diff --git a/nix/home/default.nix b/nix/home/default.nix
index 46dec074..0b1d4647 100644
--- a/nix/home/default.nix
+++ b/nix/home/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./profiles
     ./news.nix
+    ./modules/aquaskk.nix
     ./modules/gnupg
     ./modules/emacs.nix
     ./modules/firefox.nix
diff --git a/nix/home/modules/aquaskk.nix b/nix/home/modules/aquaskk.nix
new file mode 100644
index 00000000..71a7deb7
--- /dev/null
+++ b/nix/home/modules/aquaskk.nix
@@ -0,0 +1,109 @@
+{ config, lib, pkgs, dotfiles, ... }:
+
+let
+  cfg = config.dotfiles.aquaskk;
+  dictTypes = [ "euc-jp" "online" "skkserv" "kotoeri" "program" "utf-8" ];
+
+  dictionarySet = lib.mapAttrsToList
+    (name: config: {
+      inherit (config) active location;
+      type =
+        let
+          index = dotfiles.lib.indexOf config.type dictTypes;
+          option = "dotfiles.aquaskk.dictionaries.${name}";
+          value = config.type;
+        in
+        if index >= 0 then index
+        else throw "Option '${option}' has unknown value '${value}'.";
+    })
+    cfg.dictionaries;
+in
+{
+  options.dotfiles.aquaskk = {
+    enable = lib.mkEnableOption "AquaSKK";
+
+    config = lib.mkOption {
+      type = with lib.types; attrsOf anything;
+      default = { };
+      description = ''
+        Configuration for AquaSKK. See the list of available options
+        [here](https://github.com/codefirst/aquaskk/blob/master/platform/mac/plist/UserDefaults.plist).
+      '';
+    };
+
+    dictionaries = lib.mkOption {
+      type = with lib.types; attrsOf (submodule ({ name, ... }: {
+        options = {
+          active = lib.mkOption {
+            type = bool;
+            default = true;
+            description = "Whether to enable the dictionary \"${name}\".";
+          };
+          location = lib.mkOption {
+            type = str;
+            default = name;
+            description = "Location of the dictionary \"${name}\".";
+          };
+          type = lib.mkOption {
+            type = enum dictTypes;
+            description = "Type of the dictionary \"${name}\".";
+          };
+        };
+      }));
+
+      default = {
+        "SKK-JISYO.L" = {
+          location = "${pkgs.skk-dicts}/share/SKK-JISYO.L";
+          type = "utf-8";
+        };
+      };
+
+      example = {
+        "~/.skk-jisyo".type = "euc-jp";
+        "SKK-JISYO.L".type = "online";
+      };
+
+      description = ''
+        Dictionaries to use for SKK conversion.
+
+        Dictionaries of type `online` will be fetched from
+        {option}`dotfiles.aquaskk.config.openlab_host`. The list of available
+        dictionaries can be seen at <https://skk-dev.github.io/dict/>.
+
+        ::: {.warning}
+        Setting this option to a non-empty value will make the dictionary
+        settings immutable. Because of this, you won't be able to add or remove
+        dictionaries from the graphical UI.
+        :::
+
+        ::: {.warning}
+        As of 4.7.5, [AquaSKK downloads dictionaries of the `online` type over
+        unverified HTTP connections][httpdict]. This means that the dictionaries
+        can be tampered with in transit. The consequences can range from messed
+        up SKK conversions to attempted attacks on any potential weaknesses in
+        the dictionary parsing code.
+
+        Prefer local dictionaries if malicious network operators are a concern.
+        :::
+
+        [httpdict]: https://github.com/codefirst/aquaskk/blob/4.7.5/src/engine/dictionary/SKKHttpDictionaryLoader.cpp#L59
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      (lib.hm.assertions.assertPlatform "dotfiles.aquaskk" pkgs
+        lib.platforms.darwin)
+    ];
+
+    targets.darwin.defaults = {
+      "jp.sourceforge.inputmethod.aquaskk.plist" = cfg.config;
+    };
+
+    home.file."Library/Application Support/AquaSKK/DictionarySet.plist" =
+      lib.mkIf (cfg.dictionaries != { }) {
+        text = lib.generators.toPlist { } dictionarySet;
+      };
+  };
+}
diff --git a/nix/home/news.nix b/nix/home/news.nix
index 6977f628..3e75b7c0 100644
--- a/nix/home/news.nix
+++ b/nix/home/news.nix
@@ -287,5 +287,11 @@
         macOS support for the syncthing module was upstreamed to Home Manager.
       '';
     }
+    {
+      time = "2023-11-08T19:00:56+00:00";
+      message = ''
+        A new module is available: 'dotfiles.aquaskk'
+      '';
+    }
   ];
 }
diff --git a/nix/home/profiles/macos.nix b/nix/home/profiles/macos.nix
index 6b44941b..2565f919 100644
--- a/nix/home/profiles/macos.nix
+++ b/nix/home/profiles/macos.nix
@@ -76,5 +76,16 @@ in
         "^w" = mkDefault "deleteWordBackward:";
       };
     };
+
+    dotfiles.aquaskk = {
+      enable = mkDefault true;
+      config = {
+        beep_on_registration = mkDefault false;
+        enable_annotation = mkDefault true;
+        enable_dynamic_completion = mkDefault true;
+        enable_extended_completion = mkDefault true;
+        show_input_mode_icon = mkDefault true;
+      };
+    };
   };
 }
diff --git a/nix/lib/default.nix b/nix/lib/default.nix
index 4de981e4..baede9bc 100644
--- a/nix/lib/default.nix
+++ b/nix/lib/default.nix
@@ -2,9 +2,9 @@
 
 let
   inherit (inputs) self flake-utils home darwin nixpkgs nixos;
+  inherit (nixpkgs) lib;
   inherit (home.lib) homeManagerConfiguration;
   inherit (darwin.lib) darwinSystem;
-  inherit (nixpkgs.lib) importTOML mkDefault recursiveUpdate;
   inherit (nixos.lib) nixosSystem;
 
   nixpkgsArgs = {
@@ -13,7 +13,7 @@ let
   };
 in
 rec {
-  config = importTOML ../config.toml;
+  config = lib.importTOML ../config.toml;
 
   supportedPlatforms = [
     "aarch64-darwin"
@@ -163,7 +163,7 @@ rec {
   # Sets hardening options for systemd services.
   #
   hardenSystemdService = args:
-    recursiveUpdate args {
+    lib.recursiveUpdate args {
       serviceConfig = {
         # this enables the following options:
         #  - PrivateTmp       = true
@@ -172,22 +172,34 @@ rec {
         #  - RestrictSUIDSGID = true
         #  - ProtectSystem    = strict
         #  - ProtectHome      = read-only
-        DynamicUser = mkDefault true;
+        DynamicUser = lib.mkDefault true;
 
-        PrivateDevices = mkDefault true;
-        PrivateUsers = mkDefault true;
-        ProtectHostname = mkDefault true;
-        ProtectClock = mkDefault true;
-        ProtectProc = mkDefault "invisible";
-        ProtectKernelTunables = mkDefault true;
-        ProtectKernelModules = mkDefault true;
-        ProtectKernelLogs = mkDefault true;
-        ProtectControlGroups = mkDefault true;
-        RestrictNamespaces = mkDefault true;
-        LockPersonality = mkDefault true;
-        MemoryDenyWriteExecute = mkDefault true;
-        RestrictRealtime = mkDefault true;
-        SystemCallFilter = mkDefault [ "@system-service" "~@mount" ];
+        PrivateDevices = lib.mkDefault true;
+        PrivateUsers = lib.mkDefault true;
+        ProtectHostname = lib.mkDefault true;
+        ProtectClock = lib.mkDefault true;
+        ProtectProc = lib.mkDefault "invisible";
+        ProtectKernelTunables = lib.mkDefault true;
+        ProtectKernelModules = lib.mkDefault true;
+        ProtectKernelLogs = lib.mkDefault true;
+        ProtectControlGroups = lib.mkDefault true;
+        RestrictNamespaces = lib.mkDefault true;
+        LockPersonality = lib.mkDefault true;
+        MemoryDenyWriteExecute = lib.mkDefault true;
+        RestrictRealtime = lib.mkDefault true;
+        SystemCallFilter = lib.mkDefault [ "@system-service" "~@mount" ];
       };
     };
+
+  indexOf = target: lib.foldl'
+    (index: el:
+      if index < 0 then
+        if el == target then
+          - index - 1
+        else
+          index - 1
+      else
+        index
+    )
+    (-1);
 }