refactor: import nixosModules unconditionally, add enable options

flake.nix

@@ -9,7 +9,6 @@
     };
 
     #keep-sorted start block=yes
-
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
       #inputs.nixpkgs.follows = "nixpkgs";
@@ -103,8 +102,8 @@
       niri,
       nix-vscode-extensions,
       nixos-generators,
-      nixos-raspberrypi,
       nixpkgs-unstable,
+      nova-shell,
       servicepoint-cli,
       servicepoint-simulator,
       servicepoint-tanks,
@@ -157,26 +156,26 @@
 
       nixosModules = (importModuleDir ./nixosModules) // {
         niri =
-          { pkgs, ... }:
+          { lib, config, ... }:
           {
             imports = [ niri.nixosModules.niri ];
-            nixpkgs.overlays = [ niri.overlays.niri ];
 
+            options.my.niri.enable = lib.mkEnableOption "niri wayland compositor";
+
+            config = lib.mkIf config.my.niri.enable {
+              nixpkgs.overlays = [ niri.overlays.niri ];
               programs.niri = {
                 enable = true;
                 #package = pkgs.niri-stable;
               };
             };
+          };
         pkgs-unstable = {
           nixpkgs.overlays = [ self.overlays.unstable-packages ];
         };
         pkgs-vscode-extensions = {
           nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
         };
-        # required modules to use other modules, should not do anything on their own
-        default = {
-          imports = [ self.nixosModules.allowed-unfree-list ];
-        };
       };
 
       homeModules = importModuleDir ./homeModules;
@@ -201,18 +200,87 @@
         nixosSystem {
           inherit specialArgs;
           modules = [
-            {
-              imports = [
             ./nixosConfigurations/${device}
-                self.nixosModules.global-settings
+            self.nixosModules.default
-              ]
-              ++ (lib.optionals (home-manager-users != { }) [
-                self.nixosModules.global-settings-desktop
-              ]);
 
-              nixpkgs = {
+            # keep-sorted start
-                hostPlatform = lib.mkDefault system;
+            home-manager.nixosModules.home-manager
+            lanzaboote.nixosModules.lanzaboote
+            nova-shell.nixosModules.default
+            self.nixosModules.niri
+            self.nixosModules.pkgs-vscode-extensions
+            servicepoint-cli.nixosModules.default
+            servicepoint-simulator.nixosModules.default
+            servicepoint-tanks.nixosModules.default
+            stylix.nixosModules.stylix
+            zerforschen-plus.nixosModules.default
+            # keep-sorted end
+
+            # Base config (replaces global-settings.nix)
+            {
+              nixpkgs.hostPlatform = lib.mkDefault system;
+              networking.hostName = device;
+              system = {
+                stateVersion = "22.11";
+                autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
               };
+              nix.settings.experimental-features = [
+                "nix-command"
+                "flakes"
+              ];
+              documentation = {
+                info.enable = false;
+                doc.enable = false;
+              };
+
+              my.autoupdate.enable = true;
+              my.distributedBuilds.enable = true;
+              my.extraCaches.enable = true;
+              my.globalinstalls.enable = true;
+              my.lixIsNix.enable = true;
+              my.openssh.enable = true;
+              my.prometheusNode.enable = true;
+              my.systemdBoot.enable = true;
+              my.tailscale.enable = true;
+            }
+          ]
+          ++ lib.optionals (home-manager-users != { }) [
+            # Desktop config (replaces global-settings-desktop.nix)
+            {
+              home-manager = {
+                extraSpecialArgs = specialArgs;
+                useGlobalPkgs = true;
+                useUserPackages = true;
+                users = home-manager-users;
+                sharedModules = [
+                  { home.stateVersion = "22.11"; }
+                  # keep-sorted start
+                  self.homeModules.git
+                  self.homeModules.gnome-extensions
+                  self.homeModules.nano
+                  self.homeModules.templates
+                  self.homeModules.zsh-basics
+                  # keep-sorted end
+                ];
+              };
+
+              time.timeZone = "Europe/Berlin";
+
+              # on desktops, keep the device useable interactively during expensive builds
+              nix = {
+                daemonCPUSchedPolicy = "idle";
+                daemonIOSchedClass = "idle";
+              };
+
+              my.enDe.enable = true;
+              my.firmwareUpdates.enable = true;
+              my.gnome.enable = true;
+              my.kdeconnect.enable = true;
+              my.modernDesktop.enable = true;
+              my.niri.enable = true;
+              my.nixLd.enable = true;
+              my.quietBoot.enable = true;
+              my.stylix.enable = true;
             }
           ];
         }

nixosConfigurations/epimetheus/default.nix

@@ -1,8 +1,6 @@
-{ self, ... }:
+{ ... }:
 {
-  imports = [ self.nixosModules.pxvirt-guest ];
-
   config = {
-
+    my.pxvirtGuest.enable = true;
   };
 }

nixosConfigurations/forgejo-runner-1/default.nix

@@ -1,12 +1,13 @@
-{ self, ... }:
+{ ... }:
 {
   imports = [
     ./hardware.nix
     ./forgejo-runner.nix
-    self.nixosModules.podman
   ];
 
   config = {
+    my.podman.enable = true;
+
     # uncomment for build check on non arm system (requires --impure)
     # nixpkgs.buildPlatform = builtins.currentSystem;
     services.tailscale.useRoutingFeatures = "both";

nixosConfigurations/muede-lpt2/default.nix

@@ -2,17 +2,17 @@
 {
   imports = [
     ./hardware.nix
-    self.nixosModules.user-muede
-    self.nixosModules.gnome
-    self.nixosModules.wine-gaming
-    self.nixosModules.steam
-    self.nixosModules.podman
-    self.nixosModules.muede-desktop-settings
-    self.nixosModules.intel-graphics
-    self.nixosModules.secure-boot
   ];
 
   config = {
+    my.users.muede.enable = true;
+    my.wineGaming.enable = true;
+    my.steam.enable = true;
+    my.podman.enable = true;
+    my.muedeDesktopSettings.enable = true;
+    my.intelGraphics.enable = true;
+    my.secureBoot.enable = true;
+
     nix.settings.extra-platforms = [
       "aarch64-linux"
       "i686-linux"

nixosConfigurations/muede-pc2/default.nix

@@ -1,21 +1,20 @@
-{ pkgs, self, ... }:
+{ pkgs, ... }:
 {
   imports = [
     ./hardware.nix
     #    ./vscode-server.nix
     #    ./hass.nix
-
-    self.nixosModules.user-muede
-    self.nixosModules.gnome
-    self.nixosModules.wine-gaming
-    self.nixosModules.steam
-    self.nixosModules.podman
-    self.nixosModules.muede-desktop-settings
-    self.nixosModules.amd-graphics
-    self.nixosModules.secure-boot
   ];
 
   config = {
+    my.users.muede.enable = true;
+    my.wineGaming.enable = true;
+    my.steam.enable = true;
+    my.podman.enable = true;
+    my.muedeDesktopSettings.enable = true;
+    my.amdGraphics.enable = true;
+    my.secureBoot.enable = true;
+
     nix.settings.extra-platforms = [
       "aarch64-linux"
       "i686-linux"

nixosConfigurations/ronja-pc/default.nix

@@ -1,20 +1,15 @@
-{
+{ pkgs, ... }:
-  config,
-  pkgs,
-  self,
-  ...
-}:
 {
   imports = [
     ./hardware.nix
-    self.nixosModules.user-ronja
-    self.nixosModules.gnome
-    self.nixosModules.steam
-    self.nixosModules.wine-gaming
-    self.nixosModules.muede-desktop-settings
   ];
 
   config = {
+    my.users.ronja.enable = true;
+    my.steam.enable = true;
+    my.wineGaming.enable = true;
+    my.muedeDesktopSettings.enable = true;
+
     # Configure keymap in X11
     services.xserver.xkb = {
       layout = "de";
@@ -24,8 +19,6 @@
     # Configure console keymap
     console.keyMap = "de";
 
-    # List packages installed in system profile. To search, run:
-    # $ nix search wget
     environment.systemPackages = with pkgs; [
       #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
       #  wget

nixosModules/amd-graphics.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.amdGraphics.enable = lib.mkEnableOption "AMD graphics drivers";
+
+  config = lib.mkIf config.my.amdGraphics.enable {
     boot.kernelModules = [ "amdgpu" ];
     services.xserver.videoDrivers = [ "amdgpu" ];
 
@@ -12,4 +20,5 @@
     };
 
     environment.systemPackages = with pkgs; [ nvtopPackages.amd ];
+  };
 }

nixosModules/autoupdate.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.autoupdate.enable = lib.mkEnableOption "automatic Nix GC and system upgrades";
+
+  config = lib.mkIf config.my.autoupdate.enable {
     nix = {
       optimise.automatic = true;
       gc = {
@@ -13,4 +17,5 @@
       dates = "daily";
       # do not forget to set `flake` when using this module!
     };
+  };
 }

nixosModules/default.nix

@@ -0,0 +1,37 @@
+{ ... }:
+{
+  imports = [
+    # keep-sorted start
+    ./allowed-unfree-list.nix
+    ./amd-graphics.nix
+    ./autoupdate.nix
+    ./distributed-builds.nix
+    ./en-de.nix
+    ./extra-caches.nix
+    ./firmware-updates.nix
+    ./globalinstalls.nix
+    ./gnome.nix
+    ./intel-graphics.nix
+    ./kdeconnect.nix
+    ./latex.nix
+    ./lix-is-nix.nix
+    ./modern-desktop.nix
+    ./muede-desktop-settings.nix
+    ./nix-ld.nix
+    ./openssh.nix
+    ./podman.nix
+    ./printing.nix
+    ./prometheus-node.nix
+    ./pxvirt-guest.nix
+    ./quiet-boot.nix
+    ./secure-boot.nix
+    ./steam.nix
+    ./stylix.nix
+    ./systemd-boot.nix
+    ./tailscale.nix
+    ./user-muede.nix
+    ./user-ronja.nix
+    ./wine-gaming.nix
+    # keep-sorted end
+  ];
+}

nixosModules/distributed-builds.nix

@@ -32,43 +32,57 @@ let
   #   distributedBuilds.hostPublicKey = "ssh-ed25519 AAAA...";  # from: ssh-keyscan -t ed25519 <hostname>
   # All machines automatically discover and use it after the next rebuild.
 
-  buildServerDevices = lib.filterAttrs (_: v: (v.distributedBuilds or { }).isBuilder or false) devices;
+  buildServerDevices = lib.filterAttrs (
+    _: v: (v.distributedBuilds or { }).isBuilder or false
+  ) devices;
 
   knownHosts = lib.pipe buildServerDevices [
     (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
-    (lib.mapAttrs (hostName: v: {
+    (lib.mapAttrs (
+      _: v: {
         publicKey = v.distributedBuilds.hostPublicKey;
-    }))
+      }
+    ))
   ];
 
-  buildMachineList = lib.mapAttrsToList (hostName: v: {
+  buildMachineList = lib.mapAttrsToList (
+    hostName: v:
+    {
       inherit hostName;
       systems = [ v.system ];
       sshUser = buildUser;
       sshKey = sshKeyPath;
       protocol = "ssh-ng";
-  } // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
+    }
+    // lib.optionalAttrs (v.distributedBuilds ? speedFactor) {
       speedFactor = v.distributedBuilds.speedFactor;
-  } // {
+    }
+    // {
       supportedFeatures = [
         "nixos-test"
         "big-parallel"
         "kvm"
         "benchmark"
       ];
-  }) buildServerDevices;
+    }
+  ) buildServerDevices;
 
   remoteMachines = builtins.filter (m: m.hostName != config.networking.hostName) buildMachineList;
 in
 {
-  # Dedicated user for receiving distributed build connections
+  options.my.distributedBuilds.enable = lib.mkEnableOption "distributed Nix builds";
+
+  config = lib.mkIf config.my.distributedBuilds.enable {
     programs.ssh.knownHosts = knownHosts;
 
+    # Dedicated user for receiving distributed build connections
     users.users.${buildUser} = {
       isSystemUser = true;
       group = buildUser;
       useDefaultShell = true;
-    openssh.authorizedKeys.keys = map (k: ''command="nix daemon --stdio",restrict ${k}'') authorizedPublicKeys;
+      openssh.authorizedKeys.keys = map (
+        k: ''command="nix daemon --stdio",restrict ${k}''
+      ) authorizedPublicKeys;
     };
     users.groups.${buildUser} = { };
 
@@ -90,4 +104,5 @@ in
       MemoryMax = "90%";
       OOMScoreAdjust = 500;
     };
+  };
 }

nixosModules/en-de.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.enDe.enable = lib.mkEnableOption "English/German locale and language packs";
+
+  config = lib.mkIf config.my.enDe.enable {
     i18n = {
       defaultLocale = "en_US.UTF-8";
       extraLocales = [
@@ -28,4 +36,5 @@
       pkgs.hunspellDicts.de-de
       pkgs.hunspellDicts.en-us
     ];
+  };
 }

nixosModules/extra-caches.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.extraCaches.enable = lib.mkEnableOption "extra Nix binary caches";
+
+  config = lib.mkIf config.my.extraCaches.enable {
     nix.settings = {
       substituters = [
         # keep-sorted start
@@ -19,4 +23,5 @@
         # keep-sorted end
       ];
     };
+  };
 }

nixosModules/firmware-updates.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.firmwareUpdates.enable = lib.mkEnableOption "firmware updates and microcode";
+
+  config = lib.mkIf config.my.firmwareUpdates.enable {
     hardware = {
       enableRedistributableFirmware = true;
       cpu = {
@@ -8,4 +12,5 @@
     };
 
     services.fwupd.enable = true;
+  };
 }

nixosModules/global-settings-desktop.nix

@@ -1,61 +0,0 @@
-{
-  home-manager-users,
-  self,
-  home-manager,
-  servicepoint-cli,
-  servicepoint-simulator,
-  servicepoint-tanks,
-  stylix,
-  specialArgs,
-  nova-shell,
-  ...
-}:
-{
-  imports = [
-    # keep-sorted start
-    home-manager.nixosModules.home-manager
-    nova-shell.nixosModules.default
-    self.nixosModules.en-de
-    self.nixosModules.firmware-updates
-    self.nixosModules.gnome
-    self.nixosModules.kdeconnect
-    self.nixosModules.modern-desktop
-    self.nixosModules.niri
-    self.nixosModules.nix-ld
-    self.nixosModules.pkgs-vscode-extensions
-    self.nixosModules.quiet-boot
-    self.nixosModules.stylix
-    servicepoint-cli.nixosModules.default
-    servicepoint-simulator.nixosModules.default
-    servicepoint-tanks.nixosModules.default
-    stylix.nixosModules.stylix
-    # keep-sorted end
-  ];
-
-  config = {
-    home-manager = {
-      extraSpecialArgs = specialArgs;
-      useGlobalPkgs = true;
-      useUserPackages = true;
-      users = home-manager-users;
-      sharedModules = [
-        { home.stateVersion = "22.11"; }
-        # keep-sorted start
-        self.homeModules.git
-        self.homeModules.gnome-extensions
-        self.homeModules.nano
-        self.homeModules.templates
-        self.homeModules.zsh-basics
-        # keep-sorted end
-      ];
-    };
-
-    time.timeZone = "Europe/Berlin";
-
-    # on desktops, keep the device useable interactively during expensive builds
-    nix = {
-      daemonCPUSchedPolicy = "idle";
-      daemonIOSchedClass = "idle";
-    };
-  };
-}

nixosModules/global-settings.nix

@@ -1,44 +0,0 @@
-{
-  device,
-  self,
-  lanzaboote,
-  zerforschen-plus,
-  ...
-}:
-{
-  imports = [
-    # keep-sorted start
-    lanzaboote.nixosModules.lanzaboote
-    self.nixosModules.allowed-unfree-list
-    self.nixosModules.autoupdate
-    self.nixosModules.default
-    self.nixosModules.distributed-builds
-    self.nixosModules.extra-caches
-    self.nixosModules.globalinstalls
-    self.nixosModules.lix-is-nix
-    self.nixosModules.openssh
-    self.nixosModules.prometheus-node
-    self.nixosModules.systemd-boot
-    self.nixosModules.tailscale
-    zerforschen-plus.nixosModules.default
-    # keep-sorted end
-  ];
-
-  config = {
-    networking.hostName = device;
-    system = {
-      stateVersion = "22.11";
-      autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
-    };
-
-    nix.settings.experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
-
-    documentation = {
-      info.enable = false; # info pages and the info command
-      doc.enable = false; # documentation distributed in packages' /share/doc
-    };
-  };
-}

nixosModules/globalinstalls.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.globalinstalls.enable = lib.mkEnableOption "global system packages and tools";
+
+  config = lib.mkIf config.my.globalinstalls.enable {
     environment.systemPackages = with pkgs; [
       ncdu
       glances
@@ -27,4 +35,5 @@
         helper = oauth
         credentialStore = cache
     '';
+  };
 }

nixosModules/gnome.nix

@@ -1,15 +1,17 @@
 {
-  pkgs,
   lib,
   config,
+  pkgs,
   ...
 }:
 {
-  options.muede = {
+  options = {
-    keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
+    my.gnome.enable = lib.mkEnableOption "GNOME desktop environment";
+    muede.keep-gnome-default-apps = lib.mkEnableOption "keep gnome default apps";
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf config.my.gnome.enable (
+    lib.mkMerge [
       {
         services = {
           xserver.excludePackages = [ pkgs.xterm ];
@@ -58,5 +60,6 @@
           baobab # disk usage
         ];
       })
-  ];
+    ]
+  );
 }

nixosModules/intel-graphics.nix

@@ -1,6 +1,13 @@
-{ pkgs, ... }:
 {
-  config = {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.intelGraphics.enable = lib.mkEnableOption "Intel graphics drivers";
+
+  config = lib.mkIf config.my.intelGraphics.enable {
     hardware.graphics = {
       extraPackages = with pkgs; [
         intel-media-driver

nixosModules/kdeconnect.nix

@@ -5,7 +5,10 @@
   ...
 }:
 {
-  config = lib.mkMerge [
+  options.my.kdeconnect.enable = lib.mkEnableOption "KDE Connect / GSConnect";
+
+  config = lib.mkIf config.my.kdeconnect.enable (
+    lib.mkMerge [
       {
         networking.firewall =
           let
@@ -49,5 +52,6 @@
           )
         ];
       })
-  ];
+    ]
+  );
 }

nixosModules/latex.nix

@@ -1,6 +1,13 @@
-{ pkgs, ... }:
 {
-  config = {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.latex.enable = lib.mkEnableOption "LaTeX (texliveFull + TeXstudio)";
+
+  config = lib.mkIf config.my.latex.enable {
     environment.systemPackages = with pkgs; [
       fontconfig
       texliveFull

nixosModules/lix-is-nix.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.lixIsNix.enable = lib.mkEnableOption "Lix as the Nix implementation";
+
+  config = lib.mkIf config.my.lixIsNix.enable {
     nixpkgs.overlays = [
       (final: prev: {
         inherit (prev.lixPackageSets.stable)
@@ -12,4 +20,5 @@
     ];
 
     nix.package = pkgs.lixPackageSets.latest.lix;
+  };
 }

nixosModules/modern-desktop.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.modernDesktop.enable = lib.mkEnableOption "modern desktop base (pipewire, flatpak, earlyoom)";
+
+  config = lib.mkIf config.my.modernDesktop.enable {
     services = {
       xserver.enable = true;
       libinput.enable = true;
@@ -44,4 +48,5 @@
       allowReboot = false;
       operation = "boot";
     };
+  };
 }

nixosModules/muede-desktop-settings.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.muedeDesktopSettings.enable = lib.mkEnableOption "muede desktop settings (Firefox, Logitech, RDP)";
+
+  config = lib.mkIf config.my.muedeDesktopSettings.enable {
     programs.firefox.enable = true;
 
     environment.systemPackages = with pkgs; [
@@ -18,4 +26,5 @@
     # RDP connections
     services.gnome.gnome-remote-desktop.enable = true;
     networking.firewall.allowedTCPPorts = [ 3389 ];
+  };
 }

nixosModules/nix-ld.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.nixLd.enable = lib.mkEnableOption "nix-ld for running unpatched dynamic binaries";
+
+  config = lib.mkIf config.my.nixLd.enable {
     programs.nix-ld = {
       enable = true;
       libraries = with pkgs; [
@@ -20,4 +28,5 @@
         icu
       ];
     };
+  };
 }

nixosModules/openssh.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.openssh.enable = lib.mkEnableOption "OpenSSH server";
+
+  config = lib.mkIf config.my.openssh.enable {
     services.openssh = {
       enable = true;
       openFirewall = true;
@@ -8,4 +12,5 @@
         KbdInteractiveAuthentication = false;
       };
     };
+  };
 }

nixosModules/podman.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.podman.enable = lib.mkEnableOption "Podman container runtime";
+
+  config = lib.mkIf config.my.podman.enable {
     virtualisation = {
       containers.enable = true;
       podman = {
@@ -8,4 +12,5 @@
         autoPrune.enable = true;
       };
     };
+  };
 }

nixosModules/printing.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.printing.enable = lib.mkEnableOption "printing (CUPS + Avahi)";
+
+  config = lib.mkIf config.my.printing.enable {
     services = {
       # Enable CUPS to print documents.
       printing.enable = true;
@@ -9,4 +13,5 @@
         openFirewall = true; # opens the firewall for UDP port 5353
       };
     };
+  };
 }

nixosModules/prometheus-node.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.prometheusNode.enable = lib.mkEnableOption "Prometheus node exporter";
+
+  config = lib.mkIf config.my.prometheusNode.enable {
     services.prometheus.exporters = {
       node = {
         enable = true;
@@ -17,4 +21,5 @@
         ];
       };
     };
+  };
 }

nixosModules/pxvirt-guest.nix

@@ -1,8 +1,16 @@
-{ modulesPath, lib, ... }:
 {
+  modulesPath,
+  lib,
+  config,
+  ...
+}:
+{
+  # Import unconditionally — the module only defines options, activating nothing by default.
   imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
 
-  config = {
+  options.my.pxvirtGuest.enable = lib.mkEnableOption "Proxmox LXC guest configuration";
+
+  config = lib.mkIf config.my.pxvirtGuest.enable {
     # TODO is this needed?
     # nix.settings.sandbox = false;
 

nixosModules/quiet-boot.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.quietBoot.enable = lib.mkEnableOption "quiet boot with Plymouth splash";
+
+  config = lib.mkIf config.my.quietBoot.enable {
     boot = {
       kernelParams = [
         "quiet"
@@ -22,4 +30,5 @@
         ];
       };
     };
+  };
 }

nixosModules/secure-boot.nix

@@ -1,9 +1,17 @@
-{ pkgs, lib, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.secureBoot.enable = lib.mkEnableOption "Secure Boot via lanzaboote";
+
+  config = lib.mkIf config.my.secureBoot.enable {
     # https://github.com/nix-community/lanzaboote/blob/70be03ab23d0988224e152f5b52e2fbf44a6d8ee/docs/QUICK_START.md
     # To enroll:
     # 1. sudo sbctl create-keys
-  # 2. import this module, rebuild
+    # 2. enable this module, rebuild
     # 3. Put Secure Boot in Setup mode
     # 4. sudo sbctl verify
     # 5. sudo sbctl enroll-keys --microsoft
@@ -25,4 +33,5 @@
       enable = true;
       pkiBundle = "/var/lib/sbctl";
     };
+  };
 }

nixosModules/steam.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.steam.enable = lib.mkEnableOption "Steam gaming platform";
+
+  config = lib.mkIf config.my.steam.enable {
     hardware.steam-hardware.enable = true;
 
     programs = {
@@ -42,4 +46,5 @@
       "steam-run"
       "steam-unwrapped"
     ];
+  };
 }

nixosModules/stylix.nix

@@ -1,5 +1,13 @@
-{ pkgs, config, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.stylix.enable = lib.mkEnableOption "Stylix theming (Catppuccin Mocha)";
+
+  config = lib.mkIf config.my.stylix.enable {
     stylix = {
       enable = true;
       base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
@@ -83,4 +91,5 @@
         package = pkgs.adwaita-icon-theme;
       };
     };
+  };
 }

nixosModules/systemd-boot.nix

@@ -1,4 +1,8 @@
+{ lib, config, ... }:
 {
+  options.my.systemdBoot.enable = lib.mkEnableOption "systemd-boot bootloader";
+
+  config = lib.mkIf config.my.systemdBoot.enable {
     boot.loader = {
       timeout = 3;
       efi.canTouchEfiVariables = true;
@@ -8,4 +12,5 @@
         consoleMode = "max";
       };
     };
+  };
 }

nixosModules/tailscale.nix

@@ -1,8 +1,13 @@
+{ lib, config, ... }:
 {
+  options.my.tailscale.enable = lib.mkEnableOption "Tailscale VPN";
+
+  config = lib.mkIf config.my.tailscale.enable {
     services.tailscale = {
       enable = true;
       openFirewall = true;
     };
 
     networking.firewall.checkReversePath = "loose";
+  };
 }

nixosModules/user-muede.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.users.muede.enable = lib.mkEnableOption "muede user account";
+
+  config = lib.mkIf config.my.users.muede.enable {
     users.users.muede = {
       isNormalUser = true;
       uid = 1000;
@@ -34,4 +42,5 @@
 
       "claude-code"
     ];
+  };
 }

nixosModules/user-ronja.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.users.ronja.enable = lib.mkEnableOption "ronja user account";
+
+  config = lib.mkIf config.my.users.ronja.enable {
     users.users.ronja = {
       isNormalUser = true;
       name = "ronja";
@@ -16,4 +24,5 @@
     };
 
     nix.settings.trusted-users = [ "ronja" ];
+  };
 }

nixosModules/wine-gaming.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
 {
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options.my.wineGaming.enable = lib.mkEnableOption "Wine gaming (DXVK, MangoHud, xpadneo)";
+
+  config = lib.mkIf config.my.wineGaming.enable {
     hardware = {
       graphics = {
         enable32Bit = true;
@@ -19,4 +27,5 @@
       vulkan-tools
       mesa-demos
     ];
+  };
 }