freya/dotfiles-guix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor system, add installer config

Browse source
This commit is contained in:
Freya Murphy 2024-10-21 22:51:40 -04:00
parent 11fedb159c
commit fe5b074aae
Signed by: freya
GPG key ID: 744AB800E383AE52
4 changed files with 371 additions and 216 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

426
modules/freya/system.scm
View file

@ -38,6 +38,238 @@
#:use-module (freya packages networking)
#:use-module (freya packages virtualization))
(define-public %freya-user-accounts
(cons* (user-account
(name "freya")
(comment "Freya Murphy")
(group "users")
(home-directory "/home/freya")
(shell (file-append zsh "/bin/zsh"))
(supplementary-groups '("wheel"
"audio"
"lp"
"docker"
"plugdev"
"libvirt"
"kvm"
"netdev"
"video"
"tty")))
%base-user-accounts))
(define-public %freya-base-packages
(append
;; append guix and nonguix base packages
(specifications->packages (list ; video audio
"mesa"
"mesa-utils"
; firmware
"sof-firmware"
"amd-microcode"
"v4l2loopback-linux-module"
; terrminal
"alsa-utils"
"vim"
"neovim"
; basic utils
"curl"
"htop"
"git"
"zsh"
"opendoas"
"linux-pam"
"bind:utils"
"unzip"
"p7zip"
"acpi"
"tree"
"rlwrap"
"netcat"
"ripgrep"
"ncurses"
"jq"
"openssl"))
;; append certs
(list freya-ca-certs)
;; append guix base packages
%base-packages))
(define-public %freya-packages
(append
;; append guix and nonguix packages
(specifications->packages (list ; gtk
"wxwidgets"
"gtk+"
"dconf"
"gnome-themes-extra"
"adwaita-icon-theme"
"hicolor-icon-theme"
; wayland x11
"wl-clipboard"
"libx11"
"xorg-server-xwayland"
"xf86-video-qxl"
; video audio
"glu"
"libglvnd"
"vulkan-loader"
"vulkan-validationlayers"
"vulkan-tools"
"vulkan-headers"
"spirv-tools"
"spirv-headers"
"sdl2"
"openal"
"freealut"
; xdg
"xdg-utils"
"xdg-desktop-portal"
; system daemons
"docker"
"containerd"
"avahi"
"gnupg"
"light"
"brightnessctl"
"wireguard-tools"
"libpcap"
; fonts
"font-fira-mono"
"font-google-noto-sans-cjk"
"font-jetbrains-mono"
"font-dejavu"
; misc
"qemu"))
;; append custom packages
(list ; qt
qt5-styleplugins
qt6gtk2
; bluetooth
bluez-new
; pactl
pulseaudio-new
; system
virt-manager-ovmf)
;; append freya base backages
%freya-base-packages))
(define-public %freya-base-services
(append
(list ; pam
(service pam-limits-service-type)
; openssh
(service openssh-service-type))
; base guix desktop services
(modify-services %desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (local-file "../../certs/non-guix.pub"))
%default-authorized-guix-keys))))
(udev-service-type config =>
(udev-configuration
(inherit config)))
(delete pulseaudio-service-type)
(delete gdm-service-type)
(delete avahi-service-type)
(delete alsa-service-type)
(delete screen-locker-service-type))))
(define-public %freya-services
(append
%freya-base-services
(list ; nix
(service nix-service-type)
; wirerguard
(simple-service 'wireguard-module
kernel-module-loader-service-type
'("wireguard"))
; printing
(service cups-service-type
(cups-configuration
(web-interface? #t)))
(service avahi-service-type
(avahi-configuration
(publish? #f)
(publish-workstation? #f)))
; docker
(service docker-service-type)
(service containerd-service-type)
; libvirt
(service libvirt-service-type
(libvirt-configuration
(libvirt libvirt-ovmf)
(unix-sock-group "libvirt")
(tls-port "16555")))
(service virtlog-service-type)
(service spice-vdagent-service-type)
; audio
(service bluetooth-service-type
(bluetooth-configuration
(bluez bluez-new)
(experimental #t)
(fast-connectable? #t)))
; yubikey
(service pcscd-service-type)
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))))
(define-public %freya-setuid-programs
(append (list ; doas
(file-like->setuid-program
(file-append
(specification->package "opendoas")
"/bin/doas")))
; base setuid programs
%setuid-programs))
(define-public %freya-file-systems
(cons*
; /tmp
(file-system
(mount-point "/tmp")
(device "none")
(type "tmpfs")
(check? #f))
%base-file-systems))
(define-public base-operating-system
(operating-system
(kernel linux-6.11)
@ -48,196 +280,12 @@
(timezone "America/New_York")
(keyboard-layout (keyboard-layout "us"))
(host-name "ThisWillChange")
(users (cons* (user-account
(name "freya")
(comment "Freya Murphy")
(group "users")
(home-directory "/home/freya")
(shell (file-append zsh "/bin/zsh"))
(supplementary-groups '("wheel"
"audio"
"lp"
"docker"
"plugdev"
"libvirt"
"kvm"
"netdev"
"video"
"tty")))
%base-user-accounts))
(packages (append (specifications->packages (list ; gtk
"wxwidgets"
"gtk+"
"dconf"
"gnome-themes-extra"
"adwaita-icon-theme"
"hicolor-icon-theme"
; wayland x11
"wl-clipboard"
"libx11"
"xorg-server-xwayland"
"xf86-video-qxl"
; video audio
"mesa"
"mesa-utils"
"glu"
"libglvnd"
"vulkan-loader"
"vulkan-validationlayers"
"vulkan-tools"
"vulkan-headers"
"spirv-tools"
"spirv-headers"
"sdl2"
"openal"
"freealut"
; xdg
"xdg-utils"
"xdg-desktop-portal"
; firmware
"sof-firmware"
"amd-microcode"
"v4l2loopback-linux-module"
; needed programs
"qemu"
"alsa-utils"
"neovim"
; basic utils
"curl"
"htop"
"git"
"zsh"
"opendoas"
"linux-pam"
"bind:utils"
"unzip"
"p7zip"
"acpi"
"tree"
"rlwrap"
"netcat"
"ripgrep"
"ncurses"
"jq"
"openssl"
; system daemons
"docker"
"containerd"
"avahi"
"gnupg"
"light"
"brightnessctl"
"wireguard-tools"
"libpcap"
; fonts
"font-fira-mono"
"font-google-noto-sans-cjk"
"font-jetbrains-mono"
"font-dejavu"))
(list ; qt
qt5-styleplugins
qt6gtk2
; bluetooth
bluez-new
; pactl
pulseaudio-new
; system
virt-manager-ovmf
freya-ca-certs)
%base-packages))
(services
(append (list
; system
(service nix-service-type)
(service pam-limits-service-type)
(service openssh-service-type)
; networking
(simple-service 'wireguard-module
kernel-module-loader-service-type
'("wireguard"))
; printing
(service cups-service-type
(cups-configuration
(web-interface? #t)))
(service avahi-service-type
(avahi-configuration
(publish? #f)
(publish-workstation? #f)))
; docker
(service docker-service-type)
(service containerd-service-type)
; vms
(service libvirt-service-type
(libvirt-configuration
(libvirt libvirt-ovmf)
(unix-sock-group "libvirt")
(tls-port "16555")))
(service virtlog-service-type)
(service spice-vdagent-service-type)
; audio
(service bluetooth-service-type
(bluetooth-configuration
(bluez bluez-new)
(experimental #t)
(fast-connectable? #t)))
; yubikey
(service pcscd-service-type)
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
(modify-services %desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (local-file "../../certs/non-guix.pub"))
%default-authorized-guix-keys))))
(udev-service-type config =>
(udev-configuration
(inherit config)))
(delete pulseaudio-service-type)
(delete gdm-service-type)
(delete avahi-service-type)
(delete alsa-service-type)
(delete screen-locker-service-type))))
(users %freya-user-accounts)
(packages %freya-packages)
(services %freya-services)
(name-service-switch %mdns-host-lookup-nss)
(setuid-programs
(append (list (file-like->setuid-program
(file-append
swaylock-effects-new
"/bin/swaylock"))
(file-like->setuid-program
(file-append
(specification->package "opendoas")
"/bin/doas")))
(delete sudo %setuid-programs)))
(file-systems (cons*
(file-system
(mount-point "/tmp")
(device "none")
(type "tmpfs")
(check? #f))
%base-file-systems))
(setuid-programs %freya-setuid-programs)
(file-systems %freya-file-systems)
(bootloader (bootloader-configuration
(bootloader uefi-uki-bootloader)
(targets (list "/boot/efi"))

111
systems/installer.scm Normal file
View file

@ -0,0 +1,111 @@
; base system for creating installer images
(use-modules (freya system)
(gnu packages disk)
(gnu packages linux)
(gnu packages cryptsetup)
(gnu packages file-systems)
(gnu services shepherd)
(guix modules)
(gnu))
; copy over installer disk utilites
(define %installer-disk-utilities
(list parted gptfdisk ddrescue
lvm2-static
cryptsetup mdadm
dosfstools
btrfs-progs
e2fsprogs
f2fs-tools
jfsutils
xfsprogs))
; copy over cow store
(define %backing-directory
;; Sub-directory used as the backing store for copy-on-write.
"/tmp/guix-inst")
(define cow-store-service-type
(shepherd-service-type
'cow-store
(lambda _
(define (import-module? module)
;; Since we don't use deduplication support in 'populate-store', don't
;; import (guix store deduplication) and its dependencies, which
;; includes Guile-Gcrypt.
(and (guix-module-name? module)
(not (equal? module '(guix store deduplication)))))
(shepherd-service
(requirement '(root-file-system user-processes))
(provision '(cow-store))
(documentation
"Make the store copy-on-write, with writes going to \
the given target.")
;; This is meant to be explicitly started by the user.
(auto-start? #f)
(modules `((gnu build install)
,@%default-modules))
(start
(with-imported-modules (source-module-closure
'((gnu build install))
#:select? import-module?)
#~(case-lambda
((target)
(mount-cow-store target #$%backing-directory)
target)
(else
;; Do nothing, and mark the service as stopped.
#f))))
(stop #~(lambda (target)
;; Delete the temporary directory, but leave everything
;; mounted as there may still be processes using it since
;; 'user-processes' doesn't depend on us. The 'user-file-systems'
;; service will unmount TARGET eventually.
(delete-file-recursively
(string-append target #$%backing-directory))))))
(description "Make the store copy-on-write, with writes going to \
the given target.")))
(define (cow-store-service)
"Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
;; See <http://bugs.gnu.org/18061> for the initial report.
(service cow-store-service-type 'mooooh!))
; installer system
(operating-system
(inherit base-operating-system)
(host-name "installer")
(file-systems
(append %base-live-file-systems
%base-file-systems))
(users (list (user-account
(name "root")
(group "root")
(supplementary-groups '("wheel")) ; allow use of sudo
(password "")
(comment "root"))))
(pam-services
;; Explicitly allow for empty passwords.
(base-pam-services #:allow-empty-passwords? #t))
(packages (append %installer-disk-utilities
%freya-base-packages))
(services (append %freya-base-services
(list (cow-store-service))))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets '("/dev/sda")))))

9
systems/kaworu.scm
View file

@ -6,13 +6,13 @@
(host-name "kaworu")
(mapped-devices (list (mapped-device
(source (uuid
"89257280-202b-4565-b832-89f160d5e4e2"))
(source (uuid
"89257280-202b-4565-b832-89f160d5e4e2"))
(target "cryptroot")
(type luks-device-mapping))))
(file-systems (cons* (file-system
(mount-point "/")
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "btrfs")
(dependencies mapped-devices))
@ -20,4 +20,5 @@
(mount-point "/boot/efi")
(device (uuid "099A-D668"
'fat32))
(type "vfat")) %base-file-systems)))
(type "vfat"))
%freya-file-systems)))

41
systems/shinji.scm
View file

@ -2,28 +2,23 @@
(gnu))
(operating-system
(inherit base-operating-system)
(host-name "shinji")
(inherit base-operating-system)
(host-name "shinji")
(kernel-arguments (append (list "intel_iommu=on")
%default-kernel-arguments))
(mapped-devices (list (mapped-device
(source (uuid
"5c5dcb22-62b1-41af-9116-b8fdfba83ca2"))
(target "cryptroot")
(type luks-device-mapping))))
(initrd-modules (cons* "vfio_pci" "vfio" "vfio_iommu_type1"
%base-initrd-modules))
(mapped-devices (list (mapped-device
(source (uuid
"5c5dcb22-62b1-41af-9116-b8fdfba83ca2"))
(target "cryptroot")
(type luks-device-mapping))))
(file-systems (cons* (file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "btrfs")
(dependencies mapped-devices))
(file-system
(mount-point "/boot/efi")
(device (uuid "AD5A-4DF3"
'fat32))
(type "vfat")) %base-file-systems)))
(file-systems (cons* (file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "btrfs")
(dependencies mapped-devices))
(file-system
(mount-point "/boot/efi")
(device (uuid "AD5A-4DF3"
'fat32))
(type "vfat"))
%freya-file-systems)))