Use roles properly

Originally, I was including all role configurations for all hosts, and controlling which get applied in the role configs with a check in each file. This is a very repetetive and annoying approach. Instead, now the role directory is included manually from the hosts config for devices which meet that role, removing the role options.
2025-06-29 20:30:43 +00:00 · 2024-09-24 11:40:42 +02:00 · 2024-09-24 11:40:42 +02:00 · 00016063fe
commit 00016063fe
parent c6c3ecb1e9
27 changed files with 375 additions and 610 deletions
--- a/system/roles/workstation/services/earlyoom.nix
+++ b/system/roles/workstation/services/earlyoom.nix
@ -1,33 +1,22 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
-    # avoid the linux kernel locking itself when we're putting too much strain on the memory
-    # this helps avoid having to shut down forcefully when we OOM
-    services.earlyoom = {
-      enable = true;
-      enableNotifications = true; # annoying, but we want to know what's killed
-      freeSwapThreshold = 2;
-      freeMemThreshold = 2;
-      extraArgs = [
-        "-g" # kill all processes within a process group
-        "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
-        "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
-      ];
+{pkgs, ...}: {
+  # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
+  # avoid the linux kernel locking itself when we're putting too much strain on the memory
+  # this helps avoid having to shut down forcefully when we OOM
+  services.earlyoom = {
+    enable = true;
+    enableNotifications = true; # annoying, but we want to know what's killed
+    freeSwapThreshold = 2;
+    freeMemThreshold = 2;
+    extraArgs = [
+      "-g" # kill all processes within a process group
+      "--avoid 'Hyprland|soffice|soffice.bin|firefox|thunderbird)$'" # things we want to not kill
+      "--prefer '^(electron|.*.exe)$'" # I wish we could kill electron permanently
+    ];

-      # we should ideally write the logs into a designated log file; or even better, to the journal
-      # for now we can hope this echo sends the log to somewhere we can observe later
-      killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
-        echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
-      '';
-    };
+    # we should ideally write the logs into a designated log file; or even better, to the journal
+    # for now we can hope this echo sends the log to somewhere we can observe later
+    killHook = pkgs.writeShellScript "earlyoom-kill-hook" ''
+      echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
+    '';
  };
 }
--- a/system/roles/workstation/services/gnome-keyring.nix
+++ b/system/roles/workstation/services/gnome-keyring.nix
@ -1,25 +1,14 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    services = {
-      udev.packages = with pkgs; [gnome.gnome-settings-daemon];
-      gnome.gnome-keyring.enable = true;
-    };
+{pkgs, ...}: {
+  services = {
+    udev.packages = with pkgs; [gnome.gnome-settings-daemon];
+    gnome.gnome-keyring.enable = true;
+  };

-    # seahorse is an application for managing encryption keys
-    # and passwords in the gnome keyring
-    programs.seahorse.enable = true;
+  # seahorse is an application for managing encryption keys
+  # and passwords in the gnome keyring
+  programs.seahorse.enable = true;

-    xdg.portal.config.common = {
-      "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
-    };
+  xdg.portal.config.common = {
+    "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
  };
 }
--- a/system/roles/workstation/services/logind.nix
+++ b/system/roles/workstation/services/logind.nix
@ -1,22 +1,12 @@
 {
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    # despite being under logind, this has nothing to do with login
-    # it's about power management
-    services.logind = {
-      lidSwitch = "suspend";
-      lidSwitchExternalPower = "suspend";
-      extraConfig = ''
-        HandlePowerKey=suspend
-        HibernateDelaySec=3600
-      '';
-    };
+  # despite being under logind, this has nothing to do with login
+  # it's about power management
+  services.logind = {
+    lidSwitch = "suspend";
+    lidSwitchExternalPower = "suspend";
+    extraConfig = ''
+      HandlePowerKey=suspend
+      HibernateDelaySec=3600
+    '';
  };
 }
--- a/system/roles/workstation/services/misc.nix
+++ b/system/roles/workstation/services/misc.nix
@ -1,20 +1,9 @@
 {
-  config,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf;
+  services = {
+    # enable GVfs - a userspace virtual filesystem
+    gvfs.enable = true;

-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    services = {
-      # enable GVfs - a userspace virtual filesystem
-      gvfs.enable = true;
-
-      # storage daemon required for udiskie auto-mount
-      udisks2.enable = true;
-    };
+    # storage daemon required for udiskie auto-mount
+    udisks2.enable = true;
  };
 }
--- a/system/roles/workstation/services/mount.nix
+++ b/system/roles/workstation/services/mount.nix
@ -1,20 +1,10 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  inherit (lib) mkIf;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];
-in {
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
-    services = {
-      # enable GVfs, a userspace virtual filesystem
-      # (allows viewing ftp,sftp,... directly from the file manager)
-      gvfs.enable = true;
+{config, ...}: {
+  services = {
+    # enable GVfs, a userspace virtual filesystem
+    # (allows viewing ftp,sftp,... directly from the file manager)
+    gvfs.enable = true;

-      # Storage daemon required for udiskie auto-mount
-      udisks2.enable = !config.boot.isContainer;
-    };
+    # Storage daemon required for udiskie auto-mount
+    udisks2.enable = !config.boot.isContainer;
  };
 }
--- a/system/roles/workstation/services/printing.nix
+++ b/system/roles/workstation/services/printing.nix
@ -5,13 +5,11 @@
  ...
 }: let
  inherit (lib) mkIf optional;
-  deviceType = config.myOptions.device.roles.type;
-  acceptedTypes = ["laptop" "desktop"];

  cfg = config.myOptions.workstation.printing;
  cfgUser = config.myOptions.system.username;
 in {
-  config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
+  config = mkIf cfg.enable {
    # enable cups and add some drivers for common printers
    services = {
      printing = {