Use roles properly

Originally, I was including all role configurations for all hosts, and
controlling which get applied in the role configs with a check in each
file. This is a very repetetive and annoying approach. Instead, now the
role directory is included manually from the hosts config for devices
which meet that role, removing the role options.

system/roles/workstation/display/login/greetd.nix

@@ -4,12 +4,9 @@
   lib,
   ...
 }: let
-  inherit (lib) mkIf getExe;
+  inherit (lib) getExe;
   inherit (lib.strings) concatStringsSep;
 
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-
   greetingMsg = "'Access is restricted to authorized personnel only.'";
   tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
 
@@ -46,33 +43,31 @@
     ];
   };
 in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    services.greetd = {
-      enable = true;
-      vt = 1;
+  services.greetd = {
+    enable = true;
+    vt = 1;
 
-      # <https://man.sr.ht/~kennylevinsen/greetd/>
-      settings = {
-        # default session is what will be used if no session is selected
-        # in this case it'll be a TUI greeter
-        default_session = defaultSession;
-      };
+    # <https://man.sr.ht/~kennylevinsen/greetd/>
+    settings = {
+      # default session is what will be used if no session is selected
+      # in this case it'll be a TUI greeter
+      default_session = defaultSession;
     };
-
-    # Suppress error messages on tuigreet. They sometimes obscure the TUI
-    # boundaries of the greeter.
-    # See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
-    systemd.services.greetd.serviceConfig = {
-      Type = "idle";
-      StandardInput = "tty";
-      StandardOutput = "tty";
-      StandardError = "journal";
-      TTYReset = true;
-      TTYVHangup = true;
-      TTYVTDisallocate = true;
-    };
-
-    # Persist info about previous session & user
-    myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
   };
+
+  # Suppress error messages on tuigreet. They sometimes obscure the TUI
+  # boundaries of the greeter.
+  # See: https://github.com/apognu/tuigreet/issues/68#issuecomment-1586359960
+  systemd.services.greetd.serviceConfig = {
+    Type = "idle";
+    StandardInput = "tty";
+    StandardOutput = "tty";
+    StandardError = "journal";
+    TTYReset = true;
+    TTYVHangup = true;
+    TTYVTDisallocate = true;
+  };
+
+  # Persist info about previous session & user
+  myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
 }

system/roles/workstation/display/login/pam.nix

@@ -1,35 +1,25 @@
 {
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    # unlock GPG keyring on login
-    security.pam.services = let
-      gnupg = {
-        enable = true;
-        noAutostart = true;
-        storeOnly = true;
-      };
-    in {
-      login = {
-        enableGnomeKeyring = true;
-        inherit gnupg;
-      };
+  # unlock GPG keyring on login
+  security.pam.services = let
+    gnupg = {
+      enable = true;
+      noAutostart = true;
+      storeOnly = true;
+    };
+  in {
+    login = {
+      enableGnomeKeyring = true;
+      inherit gnupg;
+    };
 
-      greetd = {
-        enableGnomeKeyring = true;
-        inherit gnupg;
-      };
+    greetd = {
+      enableGnomeKeyring = true;
+      inherit gnupg;
+    };
 
-      tuigreet = {
-        enableGnomeKeyring = true;
-        inherit gnupg;
-      };
+    tuigreet = {
+      enableGnomeKeyring = true;
+      inherit gnupg;
     };
   };
 }