home/packages/cli/desktop.nix

@@ -1,5 +1,15 @@
-{pkgs, ...}: {
+{
-  # TODO: Only apply this to workstations
+  osConfig,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  devType = osConfig.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem devType acceptedTypes) {
     home.packages = with pkgs; [
       libnotify # send desktop notifications
       imagemagick # create/edit images
@@ -12,4 +22,5 @@
       glow # render markdown
       ffmpeg # record, convert and stream audio and video
     ];
+  };
 }

home/programs/terminal/coding/cpp.nix

@@ -1,3 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [ninja];
-}

home/programs/terminal/coding/default.nix

@@ -1,6 +1,5 @@
 {
   imports = [
     ./python
-    ./cpp.nix
   ];
 }

home/programs/terminal/editors/neovim/default.nix

@@ -33,7 +33,6 @@
       nixd
       emmet-language-server
       vscode-langservers-extracted
-      kotlin-language-server
 
       # Linters / formatters
       stylua
@@ -50,7 +49,6 @@
       alejandra
       deadnix
       statix
-      ktlint
 
       # Other tools / utilities
       ripgrep

hosts/default.nix

@@ -4,14 +4,10 @@
 
   # A list of shared modules that ALL systems need
   shared = [
-    ../system/shared
+    ../system
     ../home
     ../options
   ];
-
-  workstationRole = ../system/roles/workstation;
-  laptopRole = ../system/roles/laptop;
-  uniRole = ../system/roles/uni;
 in {
   herugrim = lib.nixosSystem {
     system = "x86_64-linux";
@@ -22,8 +18,6 @@ in {
         inputs.home-manager.nixosModules.home-manager
         inputs.impermanence.nixosModules.impermanence
         inputs.lanzaboote.nixosModules.lanzaboote
-        workstationRole
-        laptopRole
       ]
       ++ shared;
   };
@@ -37,9 +31,6 @@ in {
         inputs.home-manager.nixosModules.home-manager
         inputs.impermanence.nixosModules.impermanence
         inputs.lanzaboote.nixosModules.lanzaboote
-        workstationRole
-        laptopRole
-        uniRole
       ]
       ++ shared;
   };

hosts/voyager/default.nix

@@ -98,11 +98,6 @@
             ".local/share/cargo"
             ".local/share/go"
             ".config/rye"
-
-            # University crap
-            "Android/Sdk"
-            "AndroidStudioProjects"
-            ".android"
           ];
           extraFiles = [
             ".config/gtk-3.0/bookmarks"
@@ -143,7 +138,10 @@
     };
 
     device = {
-      roles.virtual-machine = false;
+      roles = {
+        type = "laptop";
+        virtual-machine = false;
+      };
       cpu.type = "amd";
       gpu.type = "amd";
       hasTPM = true;
@@ -184,10 +182,10 @@
           "eDP-1, 1920x1200@60, 0x1080, 1"
 
           # HDMI-A-1 above primary
-          #"HDMI-A-1, 1920x1080@60, 0x0, 1"
+          "HDMI-A-1, 1920x1080@60, 0x0, 1"
 
           # HDMI-A-1 left to primary
-          "HDMI-A-1, 1920x1080@60, 1920x1080, 1"
+          #"HDMI-A-1, 1920x1080@60, 1920x1080, 1"
 
           # Mirror the primary (laptop) monitor on externals
           ", preferred, auto, 1, mirror, eDP-1"

options/device/roles.nix

@@ -1,11 +1,39 @@
-{lib, ...}: let
+{
-  inherit (lib) mkOption;
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkOption types;
+
+  cfg = config.myOptions.device.roles;
 in {
   options.myOptions.device.roles = {
+    type = mkOption {
+      type = types.enum ["laptop" "desktop" "server"];
+      default = "";
+      description = ''
+        The type/purpoes of the device that will be used within the rest of the configuration.
+          - laptop: portable devices with battery optimizations
+          - desktop: stationary devices configured for maximum performance
+          - server: server and infrastructure
+      '';
+    };
+
     virtual-machine = mkOption {
       type = lib.types.bool;
       default = false;
       description = "Is this system a virtual machine?";
     };
+
+    isWorkstation = mkOption {
+      type = lib.types.bool;
+      default = builtins.elem cfg.type ["laptop" "desktop"];
+      readOnly = true;
+      description = ''
+        Is this machine a workstation?
+
+        Workstation machines are meant for regular day-to-day use.
+      '';
+    };
   };
 }

system/roles/default.nix

@@ -0,0 +1,11 @@
+{
+  # We import all of the roles here, with the type checks being handled
+  # in the individual files each time. This is a bit ugly, but necessary
+  # as NixOS doesn't support optional imports, due to circual imports
+  # (there might be a change of the config value inside one of the
+  # imported files).
+  imports = [
+    ./workstation
+    ./laptop
+  ];
+}

system/roles/laptop/power/acpi.nix

@@ -1,8 +1,14 @@
 {
   pkgs,
+  lib,
   config,
   ...
-}: {
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     hardware.acpilight.enable = true;
 
     environment.systemPackages = with pkgs; [acpi];
@@ -17,4 +23,5 @@
         cpupower
       ];
     };
+  };
 }

system/roles/laptop/power/default.nix

@@ -1,4 +1,13 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
   imports = [
     ./power-profiles-daemon
     ./upower.nix
@@ -6,7 +15,7 @@
     ./systemd.nix
   ];
 
-  config = {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     environment.systemPackages = with pkgs; [powertop];
   };
 }

system/roles/laptop/power/power-profiles-daemon/default.nix

@@ -1,11 +1,16 @@
 {
   pkgs,
   lib,
+  config,
   ...
 }: let
+  inherit (lib) mkIf;
   inherit (lib.modules) mkForce;
   inherit (lib.strings) makeBinPath;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
 in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # allows changing system behavior based upon user-selected power profiles
     # (with `powerprofilesctl` command)
     services.power-profiles-daemon.enable = true;
@@ -34,4 +39,5 @@ in {
       wants = ["power-profiles-daemon.service"];
       wantedBy = ["default.target"];
     };
+  };
 }

system/roles/laptop/power/upower.nix

@@ -1,4 +1,14 @@
 {
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services = {
       # DBus service that provides power management support to applications
       upower = {
@@ -9,4 +19,5 @@
         criticalPowerAction = "Hibernate";
       };
     };
+  };
 }

system/roles/laptop/touchpad.nix

@@ -1,4 +1,13 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services.libinput = {
       # enable libinput
       enable = true;
@@ -19,4 +28,5 @@
         disableWhileTyping = true;
       };
     };
+  };
 }

system/roles/uni/android.nix

@@ -1,3 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = [pkgs.android-studio];
-}

system/roles/uni/default.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ./android.nix
-  ];
-}

system/roles/workstation/display/login/greetd.nix

@@ -4,9 +4,12 @@
   lib,
   ...
 }: let
-  inherit (lib) getExe;
+  inherit (lib) mkIf getExe;
   inherit (lib.strings) concatStringsSep;
 
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+
   greetingMsg = "'Access is restricted to authorized personnel only.'";
   tuiGreetTheme = "'border=magenta;text=cyan;prompt=green;time=red;action=white;button=yellow;container=black;input=gray'";
 
@@ -43,6 +46,7 @@
     ];
   };
 in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services.greetd = {
       enable = true;
       vt = 1;
@@ -70,4 +74,5 @@ in {
 
     # Persist info about previous session & user
     myOptions.system.impermanence.root.extraDirectories = ["/var/cache/tuigreet"];
+  };
 }

system/roles/workstation/display/login/pam.nix

@@ -1,4 +1,13 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # unlock GPG keyring on login
     security.pam.services = let
       gnupg = {
@@ -22,4 +31,5 @@
         inherit gnupg;
       };
     };
+  };
 }

system/roles/workstation/fonts.nix

@@ -1,4 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     fonts = {
       enableDefaultPackages = false;
 
@@ -106,4 +116,5 @@
       # Tool for searching and previewing installed fonts
       font-manager
     ];
+  };
 }

system/roles/workstation/programs/misc.nix

@@ -1,4 +1,13 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     programs = {
       # allow non-root users to mount fuse filesystems with allow_other
       fuse.userAllowOther = true;
@@ -15,4 +24,5 @@
       # registry for linux (thanks to Gnome)
       dconf.enable = true;
     };
+  };
 }

system/roles/workstation/programs/physlock.nix

@@ -1,4 +1,13 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # Screen locker which works across all virtual terminals
     # Use `systemctl start physlock` to securely lock the screen
     services.physlock = {
@@ -14,4 +23,5 @@
         hibernate = true;
       };
     };
+  };
 }

system/roles/workstation/programs/steam.nix

@@ -5,8 +5,10 @@
 }: let
   inherit (lib) mkIf;
   cfg = config.myOptions.home-manager.programs.games.steam;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf cfg.enable {
+  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
     programs.steam = {
       enable = true;
       remotePlay.openFirewall = false;

system/roles/workstation/programs/thunar.nix

@@ -1,4 +1,14 @@
-{pkgs, ...}: {
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # Unconditionally enable thunar file manager here as a relatively
     # lightweight fallback option for my default file manager.
     programs.thunar = {
@@ -22,4 +32,5 @@
 
     # thumbnail support on thunar
     services.tumbler.enable = true;
+  };
 }

system/roles/workstation/programs/virtualbox.nix

@@ -6,8 +6,10 @@
   inherit (lib) mkIf;
   cfgUser = config.myOptions.system.username;
   cfg = config.myOptions.home-manager.programs.applications.virtualbox;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf cfg.enable {
+  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
     virtualisation.virtualbox.host = {
       enable = true;
 

system/roles/workstation/programs/wireshark.nix

@@ -7,8 +7,10 @@
   inherit (lib) mkIf;
   cfgUser = config.myOptions.system.username;
   cfg = config.myOptions.home-manager.programs.applications.wireshark;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
 in {
-  config = mkIf cfg.enable {
+  config = mkIf ((builtins.elem deviceType acceptedTypes) && cfg.enable) {
     programs.wireshark = {
       enable = true;
       package = pkgs.wireshark;

system/roles/workstation/runners.nix

@@ -1,8 +1,15 @@
 {
+  config,
   pkgs,
   lib,
   ...
-}: {
+}: let
+  inherit (lib) mkIf;
+
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     environment.systemPackages = [pkgs.appimage-run];
 
     # run appimages with appimage-run
@@ -46,4 +53,5 @@
     # symlink there for compatibility.
     # - For example the rye installed python binaries look there
     environment.etc."ssl/cert.pem".source = "/etc/ssl/certs/ca-certificates.crt";
+  };
 }

system/roles/workstation/services/default.nix

@@ -6,6 +6,5 @@
     ./misc.nix
     ./logind.nix
     ./gnome-keyring.nix
-    ./flatpak.nix
   ];
 }

system/roles/workstation/services/earlyoom.nix

@@ -1,4 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # https://dataswamp.org/~solene/2022-09-28-earlyoom.html
     # avoid the linux kernel locking itself when we're putting too much strain on the memory
     # this helps avoid having to shut down forcefully when we OOM
@@ -19,4 +29,5 @@
         echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed"
       '';
     };
+  };
 }

system/roles/workstation/services/flatpak.nix

@@ -1,3 +0,0 @@
-{
-  services.flatpak.enable = true;
-}

system/roles/workstation/services/gnome-keyring.nix

@@ -1,4 +1,14 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services = {
       udev.packages = with pkgs; [gnome.gnome-settings-daemon];
       gnome.gnome-keyring.enable = true;
@@ -11,4 +21,5 @@
     xdg.portal.config.common = {
       "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
     };
+  };
 }

system/roles/workstation/services/logind.nix

@@ -1,4 +1,13 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     # despite being under logind, this has nothing to do with login
     # it's about power management
     services.logind = {
@@ -9,4 +18,5 @@
         HibernateDelaySec=3600
       '';
     };
+  };
 }

system/roles/workstation/services/misc.nix

@@ -1,4 +1,14 @@
 {
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services = {
       # enable GVfs - a userspace virtual filesystem
       gvfs.enable = true;
@@ -6,4 +16,5 @@
       # storage daemon required for udiskie auto-mount
       udisks2.enable = true;
     };
+  };
 }

system/roles/workstation/services/mount.nix

@@ -1,4 +1,13 @@
-{config, ...}: {
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
+in {
+  config = mkIf (builtins.elem deviceType acceptedTypes) {
     services = {
       # enable GVfs, a userspace virtual filesystem
       # (allows viewing ftp,sftp,... directly from the file manager)
@@ -7,4 +16,5 @@
       # Storage daemon required for udiskie auto-mount
       udisks2.enable = !config.boot.isContainer;
     };
+  };
 }

system/roles/workstation/services/printing.nix

@@ -5,11 +5,13 @@
   ...
 }: let
   inherit (lib) mkIf optional;
+  deviceType = config.myOptions.device.roles.type;
+  acceptedTypes = ["laptop" "desktop"];
 
   cfg = config.myOptions.workstation.printing;
   cfgUser = config.myOptions.system.username;
 in {
-  config = mkIf cfg.enable {
+  config = mkIf (builtins.elem deviceType acceptedTypes && cfg.enable) {
     # enable cups and add some drivers for common printers
     services = {
       printing = {