freya/dotfiles-guix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor installer, add curiass system

Browse source
This commit is contained in:
Freya Murphy 2024-10-22 21:02:08 -04:00
parent 26b671600e
commit a1d30ad8f3
Signed by: freya
GPG key ID: 744AB800E383AE52
5 changed files with 218 additions and 248 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

325
modules/freya/system.scm
View file

@ -1,66 +1,38 @@
(define-module (freya system) (define-module (freya system)
#:use-module (srfi srfi-1)
#:use-module (gnu) #:use-module (gnu)
#:use-module (gnu system setuid)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages admin) #:use-module (gnu packages linux)
#:use-module (gnu packages avahi) #:use-module (gnu packages libusb)
#:use-module (gnu packages shells) #:use-module (gnu packages shells)
#:use-module (gnu packages tls)
#:use-module (gnu packages gtk)
#:use-module (gnu packages gl)
#:use-module (gnu packages vpn)
#:use-module (gnu packages security-token) #:use-module (gnu packages security-token)
#:use-module (gnu packages virtualization)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services linux)
#:use-module (gnu services authentication)
#:use-module (gnu services security-token)
#:use-module (gnu services cups)
#:use-module (gnu services desktop)
#:use-module (gnu services networking)
#:use-module (gnu services xorg)
#:use-module (gnu services ssh) #:use-module (gnu services ssh)
#:use-module (gnu services nix) #:use-module (gnu services nix)
#:use-module (gnu services sound) #:use-module (gnu services cups)
#:use-module (gnu services docker) #:use-module (gnu services dbus)
#:use-module (gnu services avahi) #:use-module (gnu services avahi)
#:use-module (gnu services linux)
#:use-module (gnu services spice) #:use-module (gnu services spice)
#:use-module (gnu services docker)
#:use-module (gnu services desktop)
#:use-module (gnu services networking)
#:use-module (gnu services security-token)
#:use-module (gnu services virtualization) #:use-module (gnu services virtualization)
#:use-module (gnu system locale) #:use-module (gnu system locale)
#:use-module (gnu system setuid)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (nongnu packages linux) #:use-module (nongnu packages linux)
#:use-module (srfi srfi-1) #:use-module (freya packages qt)
#:use-module (freya bootloader uki)
#:use-module (freya packages certs) #:use-module (freya packages certs)
#:use-module (freya packages linux) #:use-module (freya packages linux)
#:use-module (freya packages qt)
#:use-module (freya packages wm)
#:use-module (freya packages pulseaudio) #:use-module (freya packages pulseaudio)
#:use-module (freya packages networking) #:use-module (freya packages virtualization)
#:use-module (freya packages virtualization)) #:use-module (freya bootloader uki))
;; locale
(define-public %freya-user-accounts (define-public %base-freya-locale
(cons* (user-account
(name "freya")
(comment "Freya Murphy")
(group "users")
(home-directory "/home/freya")
(shell (file-append zsh "/bin/zsh"))
(supplementary-groups '("wheel"
"audio"
"lp"
"docker"
"plugdev"
"libvirt"
"kvm"
"netdev"
"video"
"tty")))
%base-user-accounts))
(define-public %freya-locale
(list (locale-definition (list (locale-definition
(name "en_US.utf8") (name "en_US.utf8")
(source "en_US") (source "en_US")
@ -70,25 +42,68 @@
(source "ja_JP") (source "ja_JP")
(charset "UTF-8")))) (charset "UTF-8"))))
;; user groups
(define-public %freya-base-packages (define %base-freya-user-groups (list "wheel"
"audio"
"video"
"netdev"
"tty"))
(define %desktop-freya-user-groups
(append (append
;; append desktop freya groups
(list "lp"
"docker"
"plugdev"
"libvirt"
"kvm")
;; append base freya groups
%base-freya-user-groups))
;; append guix and nonguix base packages ;; user accounts
(define freya-user-accounts
(lambda (groups)
(cons* (user-account
(name "freya")
(comment "Freya Murphy")
(uid 1000)
(group "users")
(shell (file-append zsh "/bin/zsh"))
(home-directory "/home/freya")
(create-home-directory? #t)
(supplementary-groups groups))
%base-user-accounts)))
(define-public %base-freya-user-accounts
(freya-user-accounts %base-freya-user-groups))
(define-public %desktop-freya-user-accounts
(freya-user-accounts %desktop-freya-user-groups))
;; packages
(define-public %virt-freya-packages
(append
;; append needed virt packages
(specifications->packages (list ; video audio (specifications->packages (list ; video audio
"mesa" "mesa"
"mesa-utils" "mesa-utils"
; firmware
"sof-firmware"
"amd-microcode"
"v4l2loopback-linux-module"
; terrminal ; terrminal
"alsa-utils" "alsa-utils"
"vim" "vim"
"neovim" "neovim"
; file sys
"parted"
"gptfdisk"
"ddrescue"
"cryptsetup"
"dosfstools"
"btrfs-progs"
"e2fsprogs"
"f2fs-tools"
; basic utils ; basic utils
"curl" "curl"
"htop" "htop"
@ -107,18 +122,26 @@
"ncurses" "ncurses"
"jq" "jq"
"openssl")) "openssl"))
;; append freyanet certs
;; append certs
(list freya-ca-certs) (list freya-ca-certs)
;; append guix base packages ;; append guix base packages
%base-packages)) %base-packages))
(define-public %freya-packages (define-public %base-freya-packages
(append (append
;; append needed base packages
(specifications->packages (list ; firmware
"sof-firmware"
"amd-microcode"
"v4l2loopback-linux-module"))
;; apend virt freya packages
%virt-freya-packages))
;; append guix and nonguix packages
(define-public %desktop-freya-packages
(append
;; append needed desktop packages
(specifications->packages (list ; gtk (specifications->packages (list ; gtk
"wxwidgets" "wxwidgets"
"gtk+" "gtk+"
@ -126,13 +149,11 @@
"gnome-themes-extra" "gnome-themes-extra"
"adwaita-icon-theme" "adwaita-icon-theme"
"hicolor-icon-theme" "hicolor-icon-theme"
; wayland x11 ; wayland x11
"wl-clipboard" "wl-clipboard"
"libx11" "libx11"
"xorg-server-xwayland" "xorg-server-xwayland"
"xf86-video-qxl" "xf86-video-qxl"
; video audio ; video audio
"glu" "glu"
"libglvnd" "libglvnd"
@ -145,11 +166,9 @@
"sdl2" "sdl2"
"openal" "openal"
"freealut" "freealut"
; xdg ; xdg
"xdg-utils" "xdg-utils"
"xdg-desktop-portal" "xdg-desktop-portal"
; system daemons ; system daemons
"docker" "docker"
"containerd" "containerd"
@ -159,74 +178,63 @@
"brightnessctl" "brightnessctl"
"wireguard-tools" "wireguard-tools"
"libpcap" "libpcap"
; fonts ; fonts
"font-fira-mono" "font-fira-mono"
"font-google-noto-sans-cjk" "font-google-noto-sans-cjk"
"font-jetbrains-mono" "font-jetbrains-mono"
"font-dejavu" "font-dejavu"
; misc ; misc
"qemu")) "qemu"))
;; append custom packages ;; append custom packages
(list ; qt (list ; qt
qt5-styleplugins qt5-styleplugins
qt6gtk2 qt6gtk2
; bluetooth
bluez-new
; pactl
pulseaudio-new
; system
virt-manager-ovmf)
;; append base freya backages
%base-freya-packages))
; bluetooth ;; services
bluez-new
; pactl (define-public %base-freya-services
pulseaudio-new
; system
virt-manager-ovmf)
;; append freya base backages
%freya-base-packages))
(define-public %freya-base-services
(append (append
;; append needed base services
(list ; pam (list ; mtp
(simple-service 'mtp udev-service-type (list libmtp))
; polkit
polkit-wheel-service
; font config
fontconfig-file-system-service
; networking
(service ntp-service-type)
(service network-manager-service-type)
(service wpa-supplicant-service-type)
(service modem-manager-service-type)
(service usb-modeswitch-service-type)
; dbus
(service upower-service-type)
(service polkit-service-type)
(service pam-limits-service-type) (service pam-limits-service-type)
(service elogind-service-type)
(service dbus-root-service-type)
; openssh ; openssh
(service openssh-service-type)) (service openssh-service-type))
;; append guix base services
%base-services))
; base guix desktop services (define-public %desktop-freya-services
(modify-services %desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (local-file "../../certs/non-guix.pub"))
%default-authorized-guix-keys))))
(udev-service-type config =>
(udev-configuration
(inherit config)))
(delete pulseaudio-service-type)
(delete gdm-service-type)
(delete avahi-service-type)
(delete alsa-service-type)
(delete screen-locker-service-type))))
(define-public %freya-services
(append (append
%freya-base-services ;; append needed desktop services
(list ; nix (list ; nix
(service nix-service-type) (service nix-service-type)
; wirerguard ; wirerguard
(simple-service 'wireguard-module (simple-service 'wireguard-module
kernel-module-loader-service-type kernel-module-loader-service-type
'("wireguard")) '("wireguard"))
; printing ; printing
(service cups-service-type (service cups-service-type
(cups-configuration (cups-configuration
@ -235,11 +243,9 @@
(avahi-configuration (avahi-configuration
(publish? #f) (publish? #f)
(publish-workstation? #f))) (publish-workstation? #f)))
; docker ; docker
(service docker-service-type) (service docker-service-type)
(service containerd-service-type) (service containerd-service-type)
; libvirt ; libvirt
(service libvirt-service-type (service libvirt-service-type
(libvirt-configuration (libvirt-configuration
@ -248,58 +254,89 @@
(tls-port "16555"))) (tls-port "16555")))
(service virtlog-service-type) (service virtlog-service-type)
(service spice-vdagent-service-type) (service spice-vdagent-service-type)
; bluetooth
; audio
(service bluetooth-service-type (service bluetooth-service-type
(bluetooth-configuration (bluetooth-configuration
(bluez bluez-new) (bluez bluez-new)
(experimental #t) (experimental #t)
(fast-connectable? #t))) (fast-connectable? #t)))
; yubikey ; yubikey
(service pcscd-service-type) (service pcscd-service-type)
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))))) (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
;; append freya base services
%base-freya-services))
;; setuid programs
(define-public %freya-setuid-programs (define-public %base-freya-setuid-programs
(append (list ; doas (append
(file-like->setuid-program ;; append needed setuid programs
(file-append (list ; doas
(specification->package "opendoas") (file-like->setuid-program
"/bin/doas"))) (file-append
; base setuid programs (specification->package "opendoas")
%setuid-programs)) "/bin/doas")))
;; append guix setuid programs
%setuid-programs))
;; file systems
(define-public %freya-file-systems (define-public %base-freya-file-systems
(cons* (cons*
; /tmp ;; /tmp
(file-system (file-system
(mount-point "/tmp") (mount-point "/tmp")
(device "none") (device "none")
(type "tmpfs") (type "tmpfs")
(check? #f)) (check? #f))
;; append guix base file systems
%base-file-systems)) %base-file-systems))
;; firmware
(define-public base-operating-system (define-public %base-freya-firmware
(operating-system (append
(kernel linux-6.11) ;; append needed base firmware
(firmware (list linux-firmware (list linux-firmware
amd-microcode sof-firmware
sof-firmware)) amd-microcode)
(locale "en_US.UTF-8") ;; append guix base firmware
(locale-definitions %freya-locale) %base-firmware))
(timezone "America/New_York")
(keyboard-layout (keyboard-layout "us")) ;; operating system
(host-name "ThisWillChange")
(users %freya-user-accounts) (define-public %base-freya-operating-system
(packages %freya-packages) (operating-system
(services %freya-services) (kernel linux-6.11)
(name-service-switch %mdns-host-lookup-nss) (firmware %base-freya-firmware)
(setuid-programs %freya-setuid-programs) (locale "en_US.UTF-8")
(file-systems %freya-file-systems) (locale-definitions %base-freya-locale)
(bootloader (bootloader-configuration (timezone "America/New_York")
(bootloader uefi-uki-bootloader) (keyboard-layout (keyboard-layout "us"))
(targets (list "/boot/efi")) (host-name "guix")
(keyboard-layout keyboard-layout))))) (users %base-freya-user-accounts)
(packages %base-freya-packages)
(services %base-freya-services)
(name-service-switch %mdns-host-lookup-nss)
(setuid-programs %base-freya-setuid-programs)
(file-systems %base-freya-file-systems)
(bootloader (bootloader-configuration
(bootloader uefi-uki-bootloader)
(targets (list "/boot/efi"))
(keyboard-layout keyboard-layout)))))
(define-public %virt-freya-operating-system
(operating-system
(inherit %base-freya-operating-system)
(kernel linux-libre-lts)
(firmware %base-firmware)
(packages %virt-freya-packages)))
(define-public %desktop-freya-operating-system
(operating-system
(inherit %base-freya-operating-system)
(users %desktop-freya-user-accounts)
(packages %desktop-freya-packages)
(services %desktop-freya-services)))

24
systems/curiass.scm Normal file
View file

@ -0,0 +1,24 @@
(use-modules (freya system)
(gnu))
(operating-system
(inherit %virt-freya-operating-system)
(host-name "curiass")
(initrd-modules (cons* "virtio_scsi"
"mptspi"
(operating-system-initrd-modules
%virt-freya-operating-system)))
(file-systems (cons* (file-system
(mount-point "/")
(device (uuid "be5f9a76-8295-4710-95b1-370ae3eb0d95"))
(type "btrfs"))
(file-system
(mount-point "/boot")
(device (uuid "ACB1-EE58"
'fat32))
(type "vfat"))
(operating-system-file-systems
%virt-freya-operating-system)))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda"))))

102
systems/installer.scm
View file

@ -1,110 +1,22 @@
; base system for creating installer images ; base system for creating installer images
(use-modules (freya system) (use-modules (freya system)
(gnu packages disk) (freya services cow)
(gnu packages linux)
(gnu packages cryptsetup)
(gnu packages file-systems)
(gnu services shepherd)
(guix modules)
(gnu)) (gnu))
; copy over installer disk utilites
(define %installer-disk-utilities
(list parted gptfdisk ddrescue
lvm2-static
cryptsetup mdadm
dosfstools
btrfs-progs
e2fsprogs
f2fs-tools
jfsutils
xfsprogs))
; copy over cow store
(define %backing-directory
;; Sub-directory used as the backing store for copy-on-write.
"/tmp/guix-inst")
(define cow-store-service-type
(shepherd-service-type
'cow-store
(lambda _
(define (import-module? module)
;; Since we don't use deduplication support in 'populate-store', don't
;; import (guix store deduplication) and its dependencies, which
;; includes Guile-Gcrypt.
(and (guix-module-name? module)
(not (equal? module '(guix store deduplication)))))
(shepherd-service
(requirement '(root-file-system user-processes))
(provision '(cow-store))
(documentation
"Make the store copy-on-write, with writes going to \
the given target.")
;; This is meant to be explicitly started by the user.
(auto-start? #f)
(modules `((gnu build install)
,@%default-modules))
(start
(with-imported-modules (source-module-closure
'((gnu build install))
#:select? import-module?)
#~(case-lambda
((target)
(mount-cow-store target #$%backing-directory)
target)
(else
;; Do nothing, and mark the service as stopped.
#f))))
(stop #~(lambda (target)
;; Delete the temporary directory, but leave everything
;; mounted as there may still be processes using it since
;; 'user-processes' doesn't depend on us. The 'user-file-systems'
;; service will unmount TARGET eventually.
(delete-file-recursively
(string-append target #$%backing-directory))))))
(description "Make the store copy-on-write, with writes going to \
the given target.")))
(define (cow-store-service)
"Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
;; See <http://bugs.gnu.org/18061> for the initial report.
(service cow-store-service-type 'mooooh!))
; installer system ; installer system
(operating-system (operating-system
(inherit base-operating-system) (inherit %base-freya-operating-system)
(host-name "installer") (host-name "installer")
(file-systems (append %base-live-file-systems
(file-systems %base-file-systems))
(append %base-live-file-systems
%base-file-systems))
(users (list (user-account
(name "root")
(group "root")
(supplementary-groups '("wheel")) ; allow use of sudo
(password "")
(comment "root"))))
(pam-services (pam-services
;; Explicitly allow for empty passwords. ;; Explicitly allow for empty passwords.
(base-pam-services #:allow-empty-passwords? #t)) (base-pam-services #:allow-empty-passwords? #t))
(services (cons* (cow-store-service)
(packages (append %installer-disk-utilities (operating-system-services
%freya-base-packages)) %base-freya-operating-system)))
(services (append %freya-base-services
(list (cow-store-service))))
(bootloader (bootloader-configuration (bootloader (bootloader-configuration
(bootloader grub-bootloader) (bootloader grub-bootloader)
(targets '("/dev/sda"))))) (targets '("/dev/sda")))))

7
systems/kaworu.scm
View file

@ -2,15 +2,13 @@
(gnu)) (gnu))
(operating-system (operating-system
(inherit base-operating-system) (inherit %desktop-freya-operating-system)
(host-name "kaworu") (host-name "kaworu")
(mapped-devices (list (mapped-device (mapped-devices (list (mapped-device
(source (uuid (source (uuid
"89257280-202b-4565-b832-89f160d5e4e2")) "89257280-202b-4565-b832-89f160d5e4e2"))
(target "cryptroot") (target "cryptroot")
(type luks-device-mapping)))) (type luks-device-mapping))))
(file-systems (cons* (file-system (file-systems (cons* (file-system
(mount-point "/") (mount-point "/")
(device "/dev/mapper/cryptroot") (device "/dev/mapper/cryptroot")
@ -21,4 +19,5 @@
(device (uuid "099A-D668" (device (uuid "099A-D668"
'fat32)) 'fat32))
(type "vfat")) (type "vfat"))
%freya-file-systems))) (operating-system-file-systems
%desktop-freya-operating-system))))

8
systems/shinji.scm
View file

@ -2,19 +2,16 @@
(gnu)) (gnu))
(operating-system (operating-system
(inherit base-operating-system) (inherit %desktop-freya-operating-system)
(host-name "shinji") (host-name "shinji")
(mapped-devices (list (mapped-device (mapped-devices (list (mapped-device
(source (uuid (source (uuid
"ad489bfa-4280-44ea-8ad2-60347b516d60")) "ad489bfa-4280-44ea-8ad2-60347b516d60"))
(target "root") (target "root")
(type luks-device-mapping)))) (type luks-device-mapping))))
(swap-devices (list (swap-space (swap-devices (list (swap-space
(target (uuid (target (uuid
"57caa02d-8569-43e3-8bf9-09dd6f02b191"))))) "57caa02d-8569-43e3-8bf9-09dd6f02b191")))))
(file-systems (cons* (file-system (file-systems (cons* (file-system
(mount-point "/") (mount-point "/")
(device "/dev/mapper/root") (device "/dev/mapper/root")
@ -25,4 +22,5 @@
(device (uuid "6F93-6A0B" (device (uuid "6F93-6A0B"
'fat32)) 'fat32))
(type "vfat")) (type "vfat"))
%freya-file-systems))) (operating-system-file-systems
%desktop-freya-operating-system))))