Started work on modularized machine config, does not quite work yet. Changed Ophanim's kernel to hardened.

machines/Lilim/configuration.nix

@@ -1,32 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
 {
-  confPath = ./Lilim.nix;
-  pkgs = [
-    "base"
-    "emacs"
-    "extra"
-    "cpp"
-    "haskell"
-    "mailutils"
-    "python3"
-    "rustpkgs"
-    "xpkgs"
-  ];
-  services = [
-    ../../services/xserver.nix
-    ../../services/udev.nix
-    ../../services/cups.nix
-  ];
-  conf = {
+  imports = [ ../../options/machine.nix ];
+
+  config.machine = {
+    confPath = ./Lilim.nix;
+    pkgs = [
+      "base"
+      "dict"
+      "emacs"
+      "extra"
+      "cpp"
+      "haskell"
+      "mailutils"
+      "python3"
+      "rustpkgs"
+      "xpkgs"
+    ];
+    services = [
+      ../../services/xserver.nix
+      ../../services/docker.nix
+      ../../services/udev.nix
+      ../../services/cups.nix
+    ];
     allowUnfree = true;
-    networking = {
-      hostName = "Lilim";
-      firewall = {
-        allowPing = true;
-        allowedUDPPorts = [];
-        allowedTCPPorts = [];
-        allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
-        allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
-      };
+    hostName = "Lilim";
+    firewall = {
+      allowPing = true;
+      allowedUDPPorts = [];
+      allowedTCPPorts = [];
+      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
+      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
     };
   };
 }

machines/Ophanim/hardware-configuration.nix

@@ -7,7 +7,7 @@
 
   boot = {
     initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_latest_hardened;
     kernelModules = [ ];
     extraModulePackages = [ ];
     loader.grub = {