Actually enforce the roles

hosts/herugrim/default.nix

@@ -59,6 +59,10 @@
       hasTPM = true;
     };
 
+    workstation = {
+      printing.enable = true;
+    };
+
     home-manager = {
       enable = true;
       stateVersion = "23.11";

system/roles/default.nix

@@ -1,4 +1,9 @@
 {
+  # We import all of the roles here, with the type checks being handled
+  # in the individual files each time. This is a bit ugly, but necessary
+  # as NixOS doesn't support optional imports, due to circual imports
+  # (there might be a change of the config value inside one of the
+  # imported files).
   imports = [
     ./workstation
     ./laptop

system/roles/laptop/power/default.nix

@@ -1,6 +1,9 @@
-{lib, config, pkgs, ...}: let
-  inherit (lib) mkDefault;
-in{
+{ pkgs, lib, config, ...}: let
+  inherit (lib) mkIf mkDefault;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     hardware.acpilight.enable = true;
 
     environment.systemPackages = with pkgs; [
@@ -63,4 +66,5 @@ in{
         cpupower
       ];
     };
+  };
 }

system/roles/laptop/touchpad.nix

@@ -1,4 +1,9 @@
-{
+{ lib, config, ...}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services.xserver.libinput = {
       # enable libinput
       enable = true;
@@ -19,4 +24,5 @@
         disableWhileTyping = true;
       };
     };
+  };
 }

system/roles/workstation/fonts.nix

@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{pkgs, lib, config, ...}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     fonts = {
       enableDefaultPackages = false;
 
@@ -90,4 +95,5 @@
         })
       ];
     };
+  };
 }

system/roles/workstation/programs/misc.nix

@@ -1,4 +1,9 @@
-{
+{ lib, config, ...}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     programs = {
       # allow non-root users to mount fuse filesystems with allow_other
       fuse.userAllowOther = true;
@@ -12,4 +17,5 @@
       # gnome's keyring manager
       seahorse.enable = true;
     };
+  };
 }

system/roles/workstation/services/earlyoom.nix

@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{pkgs, lib, config, ...}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
     # avoid the linux kernel locking itself when we're putting too much strain on the memory
     # this helps avoid having to shut down forcefully when we OOM
@@ -19,4 +24,5 @@
         echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
       '';
     };
+  };
 }

system/roles/workstation/services/mount.nix

@@ -1,5 +1,9 @@
-{ config, ... }:
-{
+{ lib, config, ...}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services = {
       # enable GVfs, a userspace virtual filesystem
       # (allows viewing ftp,sftp,... directly from the file manager)
@@ -8,4 +12,5 @@
       # Storage daemon required for udiskie auto-mount
       udisks2.enable = !config.boot.isContainer;
     };
+  };
 }

system/roles/workstation/services/printing.nix

@@ -1,9 +1,12 @@
-{ config, lib, pkgs, ... }: let
+{ pkgs, lib, config, ...}: let
   inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
 
   cfg = config.myOptions.workstation.printing;
 in {
-  config = mkIf cfg.enable {
+
+  config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
     # enable cups and add some drivers for common printers
     services = {
       printing = {