367 lines
13 KiB
Scheme
367 lines
13 KiB
Scheme
(define-module (freya system)
|
|
#:use-module (srfi srfi-1)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu packages)
|
|
#:use-module (gnu packages linux)
|
|
#:use-module (gnu packages libusb)
|
|
#:use-module (gnu packages shells)
|
|
#:use-module (gnu packages security-token)
|
|
#:use-module (gnu services)
|
|
#:use-module (gnu services ssh)
|
|
#:use-module (gnu services nix)
|
|
#:use-module (gnu services cups)
|
|
#:use-module (gnu services dbus)
|
|
#:use-module (gnu services avahi)
|
|
#:use-module (gnu services linux)
|
|
#:use-module (gnu services spice)
|
|
#:use-module (gnu services docker)
|
|
#:use-module (gnu services desktop)
|
|
#:use-module (gnu services networking)
|
|
#:use-module (gnu services security-token)
|
|
#:use-module (gnu services virtualization)
|
|
#:use-module (gnu system locale)
|
|
#:use-module (gnu system setuid)
|
|
#:use-module (guix packages)
|
|
#:use-module (nongnu packages linux)
|
|
#:use-module (freya certs)
|
|
#:use-module (sakura packages qt)
|
|
#:use-module (sakura packages linux)
|
|
#:use-module (sakura packages pulseaudio)
|
|
#:use-module (sakura packages virtualization)
|
|
#:use-module (sakura bootloader uki))
|
|
|
|
;; locale
|
|
|
|
(define-public %base-freya-locale
|
|
(list (locale-definition
|
|
(name "en_US.utf8")
|
|
(source "en_US")
|
|
(charset "UTF-8"))
|
|
(locale-definition
|
|
(name "ja_JP.utf8")
|
|
(source "ja_JP")
|
|
(charset "UTF-8"))))
|
|
|
|
;; user groups
|
|
|
|
(define %base-freya-user-groups (list "wheel"
|
|
"audio"
|
|
"video"
|
|
"netdev"
|
|
"tty"))
|
|
|
|
|
|
(define %desktop-freya-user-groups
|
|
(append
|
|
;; append desktop freya groups
|
|
(list "lp"
|
|
"docker"
|
|
"plugdev"
|
|
"libvirt"
|
|
"kvm")
|
|
;; append base freya groups
|
|
%base-freya-user-groups))
|
|
|
|
;; user accounts
|
|
|
|
(define freya-user-accounts
|
|
(lambda (groups)
|
|
(cons* (user-account
|
|
(name "freya")
|
|
(comment "Freya Murphy")
|
|
(uid 1000)
|
|
(group "users")
|
|
(shell (file-append zsh "/bin/zsh"))
|
|
(home-directory "/home/freya")
|
|
(create-home-directory? #t)
|
|
(supplementary-groups groups))
|
|
%base-user-accounts)))
|
|
|
|
(define-public %base-freya-user-accounts
|
|
(freya-user-accounts %base-freya-user-groups))
|
|
|
|
(define-public %desktop-freya-user-accounts
|
|
(freya-user-accounts %desktop-freya-user-groups))
|
|
|
|
;; packages
|
|
|
|
(define-public %virt-freya-packages
|
|
(append
|
|
;; append needed virt packages
|
|
(specifications->packages (list ; video audio
|
|
"mesa"
|
|
"mesa-utils"
|
|
; terrminal
|
|
"alsa-utils"
|
|
"vim"
|
|
"neovim"
|
|
; file sys
|
|
"parted"
|
|
"gptfdisk"
|
|
"ddrescue"
|
|
"cryptsetup"
|
|
"dosfstools"
|
|
"btrfs-progs"
|
|
"e2fsprogs"
|
|
"f2fs-tools"
|
|
; basic utils
|
|
"curl"
|
|
"htop"
|
|
"git"
|
|
"zsh"
|
|
"opendoas"
|
|
"linux-pam"
|
|
"bind:utils"
|
|
"unzip"
|
|
"p7zip"
|
|
"acpi"
|
|
"tree"
|
|
"rlwrap"
|
|
"netcat"
|
|
"ripgrep"
|
|
"ncurses"
|
|
"jq"
|
|
"openssl"))
|
|
;; append freyanet certs
|
|
(list freya-ca-certs)
|
|
;; append guix base packages
|
|
%base-packages))
|
|
|
|
|
|
(define-public %base-freya-packages
|
|
(append
|
|
;; append needed base packages
|
|
(specifications->packages (list ; firmware
|
|
"sof-firmware"
|
|
"amd-microcode"
|
|
"v4l2loopback-linux-module"))
|
|
;; apend virt freya packages
|
|
%virt-freya-packages))
|
|
|
|
|
|
(define-public %desktop-freya-packages
|
|
(append
|
|
;; append needed desktop packages
|
|
(specifications->packages (list ; gtk
|
|
"wxwidgets"
|
|
"gtk+"
|
|
"dconf"
|
|
"gnome-themes-extra"
|
|
"adwaita-icon-theme"
|
|
"hicolor-icon-theme"
|
|
; wayland x11
|
|
"wl-clipboard"
|
|
"libx11"
|
|
"xorg-server-xwayland"
|
|
"xf86-video-qxl"
|
|
; video audio
|
|
"glu"
|
|
"libglvnd"
|
|
"vulkan-loader"
|
|
"vulkan-validationlayers"
|
|
"vulkan-tools"
|
|
"vulkan-headers"
|
|
"spirv-tools"
|
|
"spirv-headers"
|
|
"sdl2"
|
|
"openal"
|
|
"freealut"
|
|
; xdg
|
|
"xdg-utils"
|
|
"xdg-desktop-portal"
|
|
; system daemons
|
|
"docker"
|
|
"containerd"
|
|
"avahi"
|
|
"gnupg"
|
|
"light"
|
|
"brightnessctl"
|
|
"wireguard-tools"
|
|
"libpcap"
|
|
; fonts
|
|
"font-fira-mono"
|
|
"font-google-noto-sans-cjk"
|
|
"font-jetbrains-mono"
|
|
"font-dejavu"
|
|
; misc
|
|
"qemu"))
|
|
;; append custom packages
|
|
(list ; qt
|
|
qt5-styleplugins
|
|
qt6gtk2
|
|
; bluetooth
|
|
bluez-new
|
|
; pactl
|
|
pulseaudio-new
|
|
; system
|
|
virt-manager-ovmf)
|
|
;; append base freya backages
|
|
%base-freya-packages))
|
|
|
|
;; services
|
|
|
|
(define-public %base-freya-services
|
|
(append
|
|
;; append needed base services
|
|
(list ; mtp
|
|
(simple-service 'mtp udev-service-type (list libmtp))
|
|
; polkit
|
|
polkit-wheel-service
|
|
; font config
|
|
fontconfig-file-system-service
|
|
; networking
|
|
(service ntp-service-type)
|
|
(service network-manager-service-type)
|
|
(service wpa-supplicant-service-type)
|
|
(service modem-manager-service-type)
|
|
(service usb-modeswitch-service-type)
|
|
; dbus
|
|
(service upower-service-type)
|
|
(service polkit-service-type)
|
|
(service pam-limits-service-type)
|
|
(service elogind-service-type)
|
|
(service dbus-root-service-type)
|
|
; openssh
|
|
(service openssh-service-type
|
|
(openssh-configuration
|
|
(authorized-keys
|
|
`(("freya" ,(local-file "../../certs/gpgkey.pub"))
|
|
("root" ,(local-file "../../certs/gpgkey.pub"))))
|
|
(permit-root-login #t)
|
|
(allow-empty-passwords? #t)
|
|
(password-authentication? #f)
|
|
(public-key-authentication? #t)
|
|
(x11-forwarding? #t)
|
|
(allow-tcp-forwarding? #t))))
|
|
;; append guix base services
|
|
(modify-services %base-services
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append (list "https://substitutes.nonguix.org"
|
|
"https://substitutes.freya.cat")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(append (list (local-file "../../certs/non-guix.pub")
|
|
(local-file "../../certs/sakura.pub"))
|
|
%default-authorized-guix-keys)))))))
|
|
|
|
(define-public %desktop-freya-services
|
|
(append
|
|
;; append needed desktop services
|
|
(list ; nix
|
|
(service nix-service-type)
|
|
; wirerguard
|
|
(simple-service 'wireguard-module
|
|
kernel-module-loader-service-type
|
|
'("wireguard"))
|
|
; printing
|
|
(service cups-service-type
|
|
(cups-configuration
|
|
(web-interface? #t)))
|
|
(service avahi-service-type
|
|
(avahi-configuration
|
|
(publish? #f)
|
|
(publish-workstation? #f)))
|
|
; docker
|
|
(service docker-service-type)
|
|
(service containerd-service-type)
|
|
; libvirt
|
|
(service libvirt-service-type
|
|
(libvirt-configuration
|
|
(libvirt libvirt-ovmf)
|
|
(unix-sock-group "libvirt")
|
|
(tls-port "16555")))
|
|
(service virtlog-service-type)
|
|
(service spice-vdagent-service-type)
|
|
; bluetooth
|
|
(service bluetooth-service-type
|
|
(bluetooth-configuration
|
|
(bluez bluez-new)
|
|
(experimental #t)
|
|
(fast-connectable? #t)))
|
|
; yubikey
|
|
(service pcscd-service-type)
|
|
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
|
|
;; append freya base services
|
|
%base-freya-services))
|
|
|
|
;; setuid programs
|
|
|
|
(define-public %base-freya-setuid-programs
|
|
(append
|
|
;; append needed setuid programs
|
|
(list ; doas
|
|
(file-like->setuid-program
|
|
(file-append
|
|
(specification->package "opendoas")
|
|
"/bin/doas")))
|
|
;; append guix setuid programs
|
|
%setuid-programs))
|
|
|
|
;; file systems
|
|
|
|
(define-public %base-freya-file-systems
|
|
(cons*
|
|
;; /tmp
|
|
(file-system
|
|
(mount-point "/tmp")
|
|
(device "none")
|
|
(type "tmpfs")
|
|
(check? #f))
|
|
;; append guix base file systems
|
|
%base-file-systems))
|
|
|
|
;; firmware
|
|
|
|
(define-public %base-freya-firmware
|
|
(append
|
|
;; append needed base firmware
|
|
(list linux-firmware
|
|
sof-firmware
|
|
amd-microcode)
|
|
;; append guix base firmware
|
|
%base-firmware))
|
|
|
|
;; operating system
|
|
|
|
(define-public %base-freya-operating-system
|
|
(operating-system
|
|
(kernel linux-6.11)
|
|
(firmware %base-freya-firmware)
|
|
(locale "en_US.UTF-8")
|
|
(locale-definitions %base-freya-locale)
|
|
(timezone "America/New_York")
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
(host-name "guix")
|
|
(users %base-freya-user-accounts)
|
|
(packages %base-freya-packages)
|
|
(services %base-freya-services)
|
|
(name-service-switch %mdns-host-lookup-nss)
|
|
(setuid-programs %base-freya-setuid-programs)
|
|
(file-systems %base-freya-file-systems)
|
|
(bootloader (bootloader-configuration
|
|
(bootloader uefi-uki-bootloader)
|
|
(targets (list "/boot/efi"))
|
|
(keyboard-layout keyboard-layout)))))
|
|
|
|
|
|
(define-public %virt-freya-operating-system
|
|
(operating-system
|
|
(inherit %base-freya-operating-system)
|
|
(initrd-modules (cons* "virtio_scsi"
|
|
"mptspi"
|
|
(operating-system-initrd-modules
|
|
%base-freya-operating-system)))
|
|
(kernel linux-libre-lts)
|
|
(firmware %base-firmware)
|
|
(packages %virt-freya-packages)))
|
|
|
|
|
|
(define-public %desktop-freya-operating-system
|
|
(operating-system
|
|
(inherit %base-freya-operating-system)
|
|
(users %desktop-freya-user-accounts)
|
|
(packages %desktop-freya-packages)
|
|
(services %desktop-freya-services)))
|