Don’t do conditional imports - import everything and then just toggle things on and off.
The pattern that I have been using for work (and personally for that matter):
- a machine has one role (and one role only - prometheus server instance, mail relay, ruby based application server, etc)
- a role has one or more profiles
- a profile has one or more programs/services
Everything happens as if it’s a regular nixos module.