feat(roles): Parameterize hardcoded values in printing, nfs-mounts, and virtualisation roles

- printing role: Add configurable printerName, printerUri, and printerModel options
  to replace hardcoded Brother printer values
- nfs-mounts role: Add configurable server, remotePath, and mountPoint options
  to replace hardcoded NFS server IP (10.0.0.43)
- virtualisation role: Add configurable dockerUsers option as list type
  to replace hardcoded 'johno' docker group membership

All options have sensible defaults matching the original hardcoded values,
ensuring backward compatibility while allowing per-host customization.

Implements bead: nixos-configs-fkt

flake.nix

@@ -56,75 +56,94 @@
   };
 
   outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
-    # Shared overlay function to reduce duplication across module sets
+    nixosModules = [
-    # Parameters:
+      ./roles
-    #   unstableOverlays: Additional overlays to apply when importing nixpkgs-unstable
+    ] ++ [
-    mkBaseOverlay = { unstableOverlays ? [] }: (final: prev: {
+      inputs.home-manager.nixosModules.home-manager
+      {
+        nixpkgs.overlays = [
+          (final: prev: {
             unstable = import nixpkgs-unstable {
               system = prev.stdenv.hostPlatform.system;
               config.allowUnfree = true;
-        overlays = unstableOverlays;
             };
             custom = prev.callPackage ./packages {};
             # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
             bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
-    });
+          })
-
+        ];
-    # Shared home-manager configuration factory
-    # Parameters:
-    #   sharedModules: Additional modules to include in home-manager.sharedModules
-    mkHomeManagerConfig = { sharedModules ? [] }: {
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
-      home-manager.sharedModules = sharedModules ++ [
+        home-manager.sharedModules = [
+          inputs.plasma-manager.homeModules.plasma-manager
           inputs.nix-doom-emacs-unstraightened.homeModule
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
         };
-    };
-
-    nixosModules = [
-      ./roles
-      inputs.home-manager.nixosModules.home-manager
-      {
-        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
       }
-      (mkHomeManagerConfig {
-        sharedModules = [ inputs.plasma-manager.homeModules.plasma-manager ];
-      })
     ];
-
     # Modules for unstable-based systems (like nix-deck)
     nixosModulesUnstable = [
       ./roles
+    ] ++ [
       inputs.home-manager-unstable.nixosModules.home-manager
       inputs.jovian.nixosModules.jovian
       {
-        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
+        nixpkgs.overlays = [
-      }
+          (final: prev: {
-      (mkHomeManagerConfig {
+            unstable = import nixpkgs-unstable {
-        sharedModules = [ inputs.plasma-manager-unstable.homeModules.plasma-manager ];
+              system = prev.stdenv.hostPlatform.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
           })
         ];
-
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.plasma-manager-unstable.homeModules.plasma-manager
+          inputs.nix-doom-emacs-unstraightened.homeModule
+        ];
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
     darwinModules = [
       ./roles/darwin.nix
+    ] ++ [
       inputs.home-manager.darwinModules.home-manager
       {
         nixpkgs.overlays = [
-          (mkBaseOverlay {
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.stdenv.hostPlatform.system;
+              config.allowUnfree = true;
+              overlays = [
                 # Override claude-code in unstable to use our custom GCS-based build
                 # (needed for corporate networks that block npm registry)
-            unstableOverlays = [
                 (ufinal: uprev: {
-                claude-code = uprev.callPackage ./packages/claude-code {};
+                  claude-code = prev.custom.claude-code or (prev.callPackage ./packages {}).claude-code;
                 })
               ];
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
           })
         ];
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.nix-doom-emacs-unstraightened.homeModule
+        ];
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
       }
-      (mkHomeManagerConfig { sharedModules = []; })
     ];
 
   in {

roles/nfs-mounts/default.nix

@@ -8,6 +8,21 @@ in
 {
   options.roles.nfs-mounts = {
     enable = mkEnableOption "Enable default NFS mounts";
+    server = mkOption {
+      type = types.str;
+      default = "10.0.0.43";
+      description = "IP address or hostname of the NFS server";
+    };
+    remotePath = mkOption {
+      type = types.str;
+      default = "/media";
+      description = "Remote path to mount from the NFS server";
+    };
+    mountPoint = mkOption {
+      type = types.str;
+      default = "/media";
+      description = "Local mount point for the NFS share";
+    };
     # TODO: implement requireMount
     requireMount = mkOption {
       type = types.bool;
@@ -18,8 +33,8 @@ in
 
   config = mkIf cfg.enable
     {
-      fileSystems."/media" = {
+      fileSystems.${cfg.mountPoint} = {
-        device = "10.0.0.43:/media";
+        device = "${cfg.server}:${cfg.remotePath}";
         fsType = "nfs";
         options = [
           "defaults"

roles/printing/default.nix

@@ -8,6 +8,21 @@ in
 {
   options.roles.printing = {
     enable = mkEnableOption "Enable default printing setup";
+    printerName = mkOption {
+      type = types.str;
+      default = "MFC-L8900CDW_series";
+      description = "Name for the default printer";
+    };
+    printerUri = mkOption {
+      type = types.str;
+      default = "ipp://brother.oglehome/ipp/print";
+      description = "Device URI for the default printer (e.g., ipp://hostname/ipp/print)";
+    };
+    printerModel = mkOption {
+      type = types.str;
+      default = "everywhere";
+      description = "PPD model for the printer (use 'everywhere' for driverless IPP)";
+    };
   };
 
   config = mkIf cfg.enable
@@ -21,11 +36,11 @@ in
       };
 
       hardware.printers.ensurePrinters = [{
-        name = "MFC-L8900CDW_series";
+        name = cfg.printerName;
-        deviceUri = "ipp://brother.oglehome/ipp/print";
+        deviceUri = cfg.printerUri;
-        model = "everywhere";
+        model = cfg.printerModel;
       }];
-      hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";
+      hardware.printers.ensureDefaultPrinter = cfg.printerName;
 
       # Fix ensure-printers service to wait for network availability
       systemd.services.ensure-printers = {

roles/virtualisation/default.nix

@@ -8,6 +8,11 @@ in
 {
   options.roles.virtualisation = {
     enable = mkEnableOption "Enable virtualisation";
+    dockerUsers = mkOption {
+      type = types.listOf types.str;
+      default = [ "johno" ];
+      description = "List of users to add to the docker group";
+    };
   };
 
   config = mkIf cfg.enable
@@ -15,6 +20,6 @@ in
       virtualisation.libvirtd.enable = true;
       programs.virt-manager.enable = true;
       virtualisation.docker.enable = true;
-      users.extraGroups.docker.members = [ "johno" ];
+      users.extraGroups.docker.members = cfg.dockerUsers;
     };
 }