Actually enforce the roles

This commit is contained in:
ItsDrike 2024-04-13 21:15:25 +02:00
parent 01e3567653
commit dd00ed5f70
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
9 changed files with 238 additions and 193 deletions

View file

@ -59,6 +59,10 @@
hasTPM = true;
};
workstation = {
printing.enable = true;
};
home-manager = {
enable = true;
stateVersion = "23.11";

View file

@ -1,4 +1,9 @@
{
# We import all of the roles here, with the type checks being handled
# in the individual files each time. This is a bit ugly, but necessary
# as NixOS doesn't support optional imports, due to circual imports
# (there might be a change of the config value inside one of the
# imported files).
imports = [
./workstation
./laptop

View file

@ -1,6 +1,9 @@
{lib, config, pkgs, ...}: let
inherit (lib) mkDefault;
in{
{ pkgs, lib, config, ...}: let
inherit (lib) mkIf mkDefault;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
hardware.acpilight.enable = true;
environment.systemPackages = with pkgs; [
@ -63,4 +66,5 @@ in{
cpupower
];
};
};
}

View file

@ -1,4 +1,9 @@
{
{ lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services.xserver.libinput = {
# enable libinput
enable = true;
@ -19,4 +24,5 @@
disableWhileTyping = true;
};
};
};
}

View file

@ -1,4 +1,9 @@
{pkgs, ...}: {
{pkgs, lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
fonts = {
enableDefaultPackages = false;
@ -90,4 +95,5 @@
})
];
};
};
}

View file

@ -1,4 +1,9 @@
{
{ lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
programs = {
# allow non-root users to mount fuse filesystems with allow_other
fuse.userAllowOther = true;
@ -12,4 +17,5 @@
# gnome's keyring manager
seahorse.enable = true;
};
};
}

View file

@ -1,4 +1,9 @@
{pkgs, ...}: {
{pkgs, lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
# https://dataswamp.org/~solene/2022-09-28-earlyoom.html
# avoid the linux kernel locking itself when we're putting too much strain on the memory
# this helps avoid having to shut down forcefully when we OOM
@ -19,4 +24,5 @@
echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
'';
};
};
}

View file

@ -1,5 +1,9 @@
{ config, ... }:
{
{ lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
in {
config = mkIf (builtins.elem deviceType acceptedTypes) {
services = {
# enable GVfs, a userspace virtual filesystem
# (allows viewing ftp,sftp,... directly from the file manager)
@ -8,4 +12,5 @@
# Storage daemon required for udiskie auto-mount
udisks2.enable = !config.boot.isContainer;
};
};
}

View file

@ -1,9 +1,12 @@
{ config, lib, pkgs, ... }: let
{ pkgs, lib, config, ...}: let
inherit (lib) mkIf;
deviceType = config.myOptions.device.roles.type;
acceptedTypes = ["laptop" "desktop"];
cfg = config.myOptions.workstation.printing;
in {
config = mkIf cfg.enable {
config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
# enable cups and add some drivers for common printers
services = {
printing = {