Use roles properly

Originally, I was including all role configurations for all hosts, and controlling which get applied in the role configs with a check in each file. This is a very repetetive and annoying approach. Instead, now the role directory is included manually from the hosts config for devices which meet that role, removing the role options.
2024-11-14 16:17:17 +00:00 · 2024-09-24 11:40:42 +02:00 · 2024-09-24 11:40:42 +02:00 · 00016063fe
parent c6c3ecb1e9
commit 00016063fe
27 changed files with 375 additions and 610 deletions
--- a/home/packages/cli/desktop.nix
+++ b/home/packages/cli/desktop.nix
@ -1,15 +1,5 @@
-{
+{pkgs, ...}: {
-  osConfig,
+  # TODO: Only apply this to workstations
  lib,
  pkgs,
  ...
 }: let
  inherit (lib) mkIf;
  devType = osConfig.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem devType acceptedTypes) {
  home.packages = with pkgs; [
    libnotify # send desktop notifications
    imagemagick # create/edit images
@ -22,5 +12,4 @@ in {
    glow # render markdown
    ffmpeg # record, convert and stream audio and video
  ];
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -4,10 +4,14 @@
  # A list of shared modules that ALL systems need
  shared = [
-    ../system
+    ../system/shared
    ../home
    ../options
  ];
  workstationRole = ../system/roles/workstation;
  laptopRole = ../system/roles/laptop;
  uniRole = ../system/roles/uni;
 in {
  herugrim = lib.nixosSystem {
    system = "x86_64-linux";
@ -18,6 +22,8 @@ in {
        inputs.home-manager.nixosModules.home-manager
        inputs.impermanence.nixosModules.impermanence
        inputs.lanzaboote.nixosModules.lanzaboote
        workstationRole
        laptopRole
      ]
      ++ shared;
  };
@ -31,6 +37,9 @@ in {
        inputs.home-manager.nixosModules.home-manager
        inputs.impermanence.nixosModules.impermanence
        inputs.lanzaboote.nixosModules.lanzaboote
        workstationRole
        laptopRole
        uniRole
      ]
      ++ shared;
  };
--- a/hosts/voyager/default.nix
+++ b/hosts/voyager/default.nix
@ -143,11 +143,7 @@
    };
    device = {
-      roles = {
+      roles.virtual-machine = false;
        type = "laptop";
        virtual-machine = false;
        isUniMachine = true;
      };
      cpu.type = "amd";
      gpu.type = "amd";
      hasTPM = true;
--- a/options/device/roles.nix
+++ b/options/device/roles.nix
@ -1,49 +1,11 @@
-{
+{lib, ...}: let
-  lib,
+  inherit (lib) mkOption;
  config,
  ...
 }: let
  inherit (lib) mkOption types;
  cfg = config.myOptions.device.roles;
 in {
  options.myOptions.device.roles = {
    type = mkOption {
      type = types.enum ["laptop" "desktop" "server"];
      default = "";
      description = ''
        The type/purpoes of the device that will be used within the rest of the configuration.
          - laptop: portable devices with battery optimizations
          - desktop: stationary devices configured for maximum performance
          - server: server and infrastructure
      '';
    };
    virtual-machine = mkOption {
      type = lib.types.bool;
      default = false;
      description = "Is this system a virtual machine?";
    };
    isWorkstation = mkOption {
      type = lib.types.bool;
      default = builtins.elem cfg.type ["laptop" "desktop"];
      readOnly = true;
      description = ''
        Is this machine a workstation?
        Workstation machines are meant for regular day-to-day use.
      '';
    };
    isUniMachine = mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Should University specific configuration be applied?
        (Things like University specific software, etc.)
      '';
    };
  };
 }
--- a/system/roles/default.nix
+++ b/system/roles/default.nix
@ -1,12 +0,0 @@
 {
  # We import all of the roles here, with the type checks being handled
  # in the individual files each time. This is a bit ugly, but necessary
  # as NixOS doesn't support optional imports, due to circual imports
  # (there might be a change of the config value inside one of the
  # imported files).
  imports = [
    ./workstation
    ./laptop
    ./uni
  ];
 }
--- a/system/roles/laptop/power/acpi.nix
+++ b/system/roles/laptop/power/acpi.nix
@ -1,14 +1,8 @@
 {
  pkgs,
  lib,
  config,
  ...
-}: let
+}: {
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  hardware.acpilight.enable = true;
  environment.systemPackages = with pkgs; [acpi];
@ -23,5 +17,4 @@ in {
      cpupower
    ];
  };
  };
 }
--- a/system/roles/laptop/power/default.nix
+++ b/system/roles/laptop/power/default.nix
@ -1,13 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop"];
 in {
  imports = [
    ./power-profiles-daemon
    ./upower.nix
@ -15,7 +6,7 @@ in {
    ./systemd.nix
  ];
-  config = mkIf (builtins.elem deviceType acceptedTypes) {
+  config = {
    environment.systemPackages = with pkgs; [powertop];
  };
 }
--- a/system/roles/laptop/power/power-profiles-daemon/default.nix
+++ b/system/roles/laptop/power/power-profiles-daemon/default.nix
@ -1,16 +1,11 @@
 {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  inherit (lib.modules) mkForce;
  inherit (lib.strings) makeBinPath;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # allows changing system behavior based upon user-selected power profiles
  # (with `powerprofilesctl` command)
  services.power-profiles-daemon.enable = true;
@ -39,5 +34,4 @@ in {
    wants = ["power-profiles-daemon.service"];
    wantedBy = ["default.target"];
  };
  };
 }
--- a/system/roles/laptop/power/upower.nix
+++ b/system/roles/laptop/power/upower.nix
@ -1,14 +1,4 @@
 {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services = {
    # DBus service that provides power management support to applications
    upower = {
@ -19,5 +9,4 @@ in {
      criticalPowerAction = "Hibernate";
    };
  };
  };
 }
--- a/system/roles/laptop/touchpad.nix
+++ b/system/roles/laptop/touchpad.nix
@ -1,13 +1,4 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services.libinput = {
    # enable libinput
    enable = true;
@ -28,5 +19,4 @@ in {
      disableWhileTyping = true;
    };
  };
  };
 }
--- a/system/roles/uni/android.nix
+++ b/system/roles/uni/android.nix
@ -1,13 +1,3 @@
-{
+{pkgs, ...}: {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  inherit (config.myOptions.device.roles) isUniMachine;
 in {
  config = mkIf isUniMachine {
  environment.systemPackages = [pkgs.android-studio];
  };
 }
--- a/system/roles/workstation/display/login/greetd.nix
+++ b/system/roles/workstation/display/login/greetd.nix
@ -4,12 +4,9 @@
  lib,
  ...
 }: let
-  inherit (lib) mkIf getExe;
+  inherit (lib) getExe;
  inherit (lib.strings) concatStringsSep;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
  greetingMsg = "'Access is restricted to authorized personnel only.'";
  tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
@ -46,7 +43,6 @@
    ];
  };
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services.greetd = {
    enable = true;
    vt = 1;
@ -74,5 +70,4 @@ in {
  # Persist info about previous session & user
  myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
  };
 }
--- a/system/roles/workstation/display/login/pam.nix
+++ b/system/roles/workstation/display/login/pam.nix
@ -1,13 +1,4 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # unlock GPG keyring on login
  security.pam.services = let
    gnupg = {
@ -31,5 +22,4 @@ in {
      inherit gnupg;
    };
  };
  };
 }
--- a/system/roles/workstation/fonts.nix
+++ b/system/roles/workstation/fonts.nix
@ -1,14 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  fonts = {
    enableDefaultPackages = false;
@ -116,5 +106,4 @@ in {
    # Tool for searching and previewing installed fonts
    font-manager
  ];
  };
 }
--- a/system/roles/workstation/programs/misc.nix
+++ b/system/roles/workstation/programs/misc.nix
@ -1,13 +1,4 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  programs = {
    # allow non-root users to mount fuse filesystems with allow_other
    fuse.userAllowOther = true;
@ -24,5 +15,4 @@ in {
    # registry for linux (thanks to Gnome)
    dconf.enable = true;
  };
  };
 }
--- a/system/roles/workstation/programs/physlock.nix
+++ b/system/roles/workstation/programs/physlock.nix
@ -1,13 +1,4 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # Screen locker which works across all virtual terminals
  # Use `systemctl start physlock` to securely lock the screen
  services.physlock = {
@ -23,5 +14,4 @@ in {
      hibernate = true;
    };
  };
  };
 }
--- a/system/roles/workstation/programs/steam.nix
+++ b/system/roles/workstation/programs/steam.nix
@ -5,10 +5,8 @@
 }: let
  inherit (lib) mkIf;
  cfg = config.myOptions.home-manager.programs.games.steam;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+  config = mkIf cfg.enable {
    programs.steam = {
      enable = true;
      remotePlay.openFirewall = false;
--- a/system/roles/workstation/programs/thunar.nix
+++ b/system/roles/workstation/programs/thunar.nix
@ -1,14 +1,4 @@
-{
+{pkgs, ...}: {
  lib,
  pkgs,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # Unconditionally enable thunar file manager here as a relatively
  # lightweight fallback option for my default file manager.
  programs.thunar = {
@ -32,5 +22,4 @@ in {
  # thumbnail support on thunar
  services.tumbler.enable = true;
  };
 }
--- a/system/roles/workstation/programs/virtualbox.nix
+++ b/system/roles/workstation/programs/virtualbox.nix
@ -6,10 +6,8 @@
  inherit (lib) mkIf;
  cfgUser = config.myOptions.system.username;
  cfg = config.myOptions.home-manager.programs.applications.virtualbox;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+  config = mkIf cfg.enable {
    virtualisation.virtualbox.host = {
      enable = true;
--- a/system/roles/workstation/programs/wireshark.nix
+++ b/system/roles/workstation/programs/wireshark.nix
@ -7,10 +7,8 @@
  inherit (lib) mkIf;
  cfgUser = config.myOptions.system.username;
  cfg = config.myOptions.home-manager.programs.applications.wireshark;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
+  config = mkIf cfg.enable {
    programs.wireshark = {
      enable = true;
      package = pkgs.wireshark;
--- a/system/roles/workstation/runners.nix
+++ b/system/roles/workstation/runners.nix
@ -1,15 +1,8 @@
 {
  config,
  pkgs,
  lib,
  ...
-}: let
+}: {
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  environment.systemPackages = [pkgs.appimage-run];
  # run appimages with appimage-run
@ -53,5 +46,4 @@ in {
  # symlink there for compatibility.
  # - For example the rye installed python binaries look there
  environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
  };
 }
--- a/system/roles/workstation/services/earlyoom.nix
+++ b/system/roles/workstation/services/earlyoom.nix
@ -1,14 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
  # avoid the linux kernel locking itself when we're putting too much strain on the memory
  # this helps avoid having to shut down forcefully when we OOM
@ -29,5 +19,4 @@ in {
      echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
    '';
  };
  };
 }
--- a/system/roles/workstation/services/gnome-keyring.nix
+++ b/system/roles/workstation/services/gnome-keyring.nix
@ -1,14 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services = {
    udev.packages = with pkgs; [gnome.gnome-settings-daemon];
    gnome.gnome-keyring.enable = true;
@ -21,5 +11,4 @@ in {
  xdg.portal.config.common = {
    "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
  };
  };
 }
--- a/system/roles/workstation/services/logind.nix
+++ b/system/roles/workstation/services/logind.nix
@ -1,13 +1,4 @@
 {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  # despite being under logind, this has nothing to do with login
  # it's about power management
  services.logind = {
@ -18,5 +9,4 @@ in {
      HibernateDelaySec=3600
    '';
  };
  };
 }
--- a/system/roles/workstation/services/misc.nix
+++ b/system/roles/workstation/services/misc.nix
@ -1,14 +1,4 @@
 {
  config,
  lib,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services = {
    # enable GVfs - a userspace virtual filesystem
    gvfs.enable = true;
@ -16,5 +6,4 @@ in {
    # storage daemon required for udiskie auto-mount
    udisks2.enable = true;
  };
  };
 }
--- a/system/roles/workstation/services/mount.nix
+++ b/system/roles/workstation/services/mount.nix
@ -1,13 +1,4 @@
-{
+{config, ...}: {
  lib,
  config,
  ...
 }: let
  inherit (lib) mkIf;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
 in {
  config = mkIf (builtins.elem deviceType acceptedTypes) {
  services = {
    # enable GVfs, a userspace virtual filesystem
    # (allows viewing ftp,sftp,... directly from the file manager)
@ -16,5 +7,4 @@ in {
    # Storage daemon required for udiskie auto-mount
    udisks2.enable = !config.boot.isContainer;
  };
  };
 }
--- a/system/roles/workstation/services/printing.nix
+++ b/system/roles/workstation/services/printing.nix
@ -5,13 +5,11 @@
  ...
 }: let
  inherit (lib) mkIf optional;
  deviceType = config.myOptions.device.roles.type;
  acceptedTypes = ["laptop" "desktop"];
  cfg = config.myOptions.workstation.printing;
  cfgUser = config.myOptions.system.username;
 in {
-  config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
+  config = mkIf cfg.enable {
    # enable cups and add some drivers for common printers
    services = {
      printing = {