Fresh repo without sensitive data.

machines/Leviathan/Leviathan.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+let
+ cfg = import ./configuration.nix;
+in {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  services = {
+    udev.extraRules = ''
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
+      KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_mode=uinput"
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [ xdiskusage ];
+
+  system.stateVersion = "18.09";
+}

machines/Leviathan/configuration.nix

@@ -0,0 +1,26 @@
+{
+  confPath = ./Leviathan.nix;
+  pkgs = [
+    "base"
+    "emacs"
+    "haskell"
+    "python3"
+    "rustpkgs"
+    "xpkgs"
+  ];
+  services = [
+    ../../services/openssh.nix
+    ../../services/xserver.nix
+  ];
+  conf = {
+    allowUnfree = true;
+    networking = {
+      hostName = "Leviathan";
+      firewall = {
+        allowPing = true;
+        allowedUDPPorts = [ 22 ];
+        allowedTCPPorts = [];
+      };
+    };
+  };
+}

machines/Leviathan/hardware-configuration.nix

@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+  ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    cleanTmpDir = true;
+    kernelPackages = pkgs.linuxPackages_4_19;
+    initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+    kernelModules = [ "kvm-intel" "wl" ];
+    extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+  };
+
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    enableAllFirmware = true;
+    enableKSM = true;
+    opengl = {
+      driSupport = true;
+      extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
+      driSupport32Bit = true;
+      extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
+    };
+
+    pulseaudio = {
+      enable = true;
+      support32Bit = true;
+      package = pkgs.pulseaudioFull;
+      zeroconf.discovery.enable = false;
+      extraClientConf = ''
+        autospawn = no
+      '';
+    };
+
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/4f0a49f8-04f6-437c-ad5d-b0a82a7251ef";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2860-11F4";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/c50ad046-8bfd-4248-8195-7a0d370b641f"; }
+    ];
+
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "powersave";
+  };
+
+  time.timeZone = "Europe/Berlin";
+}

machines/Lilim/Lilim.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+let
+ cfg = import ./configuration.nix;
+in {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  services = {
+    gnome3.gnome-terminal-server.enable = true;
+    udev.extraRules = ''
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
+      KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_mode=uinput"
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [ surface-firmware xdiskusage ];
+
+  system.stateVersion = "18.09";
+}

machines/Lilim/configuration.nix

@@ -0,0 +1,30 @@
+{
+  confPath = ./Lilim.nix;
+  pkgs = [
+    "base"
+    "emacs"
+    "extra"
+    "cpp"
+    "haskell"
+    "mailutils"
+    "python3"
+    "rustpkgs"
+    "xpkgs"
+  ];
+  services = [
+    ../../services/xserver.nix
+    ../../services/udev.nix
+    ../../services/cups.nix
+  ];
+  conf = {
+    allowUnfree = true;
+    networking = {
+      hostName = "Lilim";
+      firewall = {
+        allowPing = true;
+        allowedUDPPorts = [];
+        allowedTCPPorts = [];
+      };
+    };
+  };
+}

machines/Lilim/hardware-configuration.nix

@@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+
+let
+ surfacepkgs = import <linux-surface> {};
+in {
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    cleanTmpDir = true;
+#    kernelPackages = pkgs.linuxPackages_surface;
+    kernelPackages = surfacepkgs.linuxPackages_surface;
+    initrd.kernelModules = [ "hid-multitouch" ];
+    initrd.availableKernelModules = [ "hid-microsoft" "hid-multitouch" "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+    kernelModules = [ "kvm-intel" "hid-microsoft" "hid-multitouch" "uinput" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/8c3a5a07-9ee1-4154-9f3f-6abc379073aa";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D2A2-C705";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  hardware = {
+    firmware = with pkgs; [ firmwareLinuxNonfree surface-firmware ];
+    cpu.intel.updateMicrocode = true;
+    enableAllFirmware = true;
+    enableKSM = true;
+    opengl = {
+      driSupport = true;
+      extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
+      driSupport32Bit = true;
+      extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ];
+    };
+
+    pulseaudio = {
+      enable = true;
+      support32Bit = true;
+      package = pkgs.pulseaudioFull;
+      zeroconf.discovery.enable = false;
+      extraClientConf = ''
+        autospawn = no
+      '';
+    };
+
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+  };
+
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "powersave";
+  };
+
+  time.timeZone = "Europe/Berlin";
+}

machines/Ophanim/Ophanim.nix

@@ -0,0 +1,29 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+      ./hardware-configuration.nix
+    ];
+
+  system.autoUpgrade.enable = false;
+
+#    services.vsftp = {
+#      enable = true;
+#      ssl_sslv3 = true;
+#      forceLocalDataSSL = true;
+#      writeEnable = false;
+#      userlist = [];
+#    };
+  services.haveged.enable = true;
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "18.09";
+
+}

machines/Ophanim/configuration.nix

@@ -0,0 +1,27 @@
+{
+  confPath = ./Ophanim.nix;
+  pkgs = [
+    "base"
+    "emacs"
+    "server"
+  ];
+  services = [
+    ../../services/gitea.nix
+    ../../services/hydra.nix
+    ../../services/mailserver.nix
+    ../../services/mariaDB.nix
+    ../../services/nginx.nix
+    ../../services/openssh.nix
+  ];
+  conf = {
+    allowUnfree = true;
+    networking = {
+      hostName = "Ophanim";
+      firewall = {
+        allowPing = false;
+        allowedUDPPorts = [ 22 80 443 ];
+        allowedTCPPorts = [ 80 443 5222 5269 ];
+      };
+    };
+  };
+}

machines/Ophanim/hardware-configuration.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot = {
+    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+    loader.grub = {
+      enable = true;
+      version = 2;
+      device = "/dev/sda"; # or "nodev" for efi only
+    };
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/fa0c2ff3-59f9-4c00-8153-c2c2ef0f0e84";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+}