hosts: split wifi and bluetooth pairings into the "client" role

flake.lock

@@ -61,11 +61,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-m+zWb62u+aq/x6VX82khojR2GNhWRIAo+csqaN1ixGA=",
-        "path": "/nix/store/l3d7c7jglbgslp60cwpp3sikwd9vlr1q-source/nixpatches",
+        "path": "/nix/store/2zybrs7rz5h2mxhfnkffvdjs9apyzx5z-source/nixpatches",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/l3d7c7jglbgslp60cwpp3sikwd9vlr1q-source/nixpatches",
+        "path": "/nix/store/2zybrs7rz5h2mxhfnkffvdjs9apyzx5z-source/nixpatches",
         "type": "path"
       }
     },

hosts/common/bluetooth.nix

@@ -1,16 +0,0 @@
-{ lib, pkgs, ... }:
-
-{
-  # persist external pairings by default
-  sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
-
-  sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
-  sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
-    wantedBeforeBy = [ "bluetooth.service" ];
-    # XXX: install-bluetooth uses sed, but that's part of the default systemd unit path, it seems
-    generated.script.script = builtins.readFile ../../scripts/install-bluetooth + ''
-      touch "/var/lib/bluetooth/.secrets.stamp"
-    '';
-    generated.script.scriptArgs = [ "/run/secrets/bt" ];
-  };
-}

hosts/common/default.nix

@@ -1,7 +1,6 @@
 { pkgs, ... }:
 {
   imports = [
-    ./bluetooth.nix
     ./cross.nix
     ./feeds.nix
     ./fs.nix

hosts/common/net.nix

@@ -30,14 +30,4 @@
     General.RoamThreshold = "-52";  # default -70
     General.RoamThreshold5G = "-52";  # default -76
   };
-
-  sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
-    wantedBeforeBy = [ "iwd.service" ];
-    generated.acl.mode = "0600";
-    # XXX: install-iwd uses sed, but that's part of the default systemd unit path, it seems
-    generated.script.script = builtins.readFile ../../scripts/install-iwd + ''
-      touch "/var/lib/iwd/.secrets.psk.stamp"
-    '';
-    generated.script.scriptArgs = [ "/run/secrets/iwd" "/var/lib/iwd" ];
-  };
 }

hosts/modules/roles/client/bluetooth-pairings.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.sane.roles.client {
+    # persist external pairings by default
+    sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
+
+    sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
+    sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
+      wantedBeforeBy = [ "bluetooth.service" ];
+      # XXX: install-bluetooth uses sed, but that's part of the default systemd unit path, it seems
+      generated.script.script = builtins.readFile ../../../../scripts/install-bluetooth + ''
+        touch "/var/lib/bluetooth/.secrets.stamp"
+      '';
+      generated.script.scriptArgs = [ "/run/secrets/bt" ];
+    };
+  };
+}

hosts/modules/roles/client/default.nix

@@ -4,6 +4,11 @@ let
   inherit (lib) mkIf mkOption types;
 in
 {
+  imports = [
+    ./bluetooth-pairings.nix
+    ./wifi-pairings.nix
+  ];
+
   options.sane.roles.client = mkOption {
     type = types.bool;
     default = false;

hosts/modules/roles/client/wifi-pairings.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.sane.roles.client {
+    sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
+      wantedBeforeBy = [ "iwd.service" ];
+      generated.acl.mode = "0600";
+      # XXX: install-iwd uses sed, but that's part of the default systemd unit path, it seems
+      generated.script.script = builtins.readFile ../../../../scripts/install-iwd + ''
+        touch "/var/lib/iwd/.secrets.psk.stamp"
+      '';
+      generated.script.scriptArgs = [ "/run/secrets/iwd" "/var/lib/iwd" ];
+    };
+  };
+}

hosts/modules/roles/default.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
   imports = [
-    ./client.nix
+    ./client
   ];
 }