206 lines
11 KiB
Scheme
206 lines
11 KiB
Scheme
(define-module (home-config base-system)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu system setuid)
|
|
#:use-module (gnu packages)
|
|
#:use-module (gnu packages admin)
|
|
#:use-module (gnu packages avahi)
|
|
#:use-module (gnu packages shells)
|
|
#:use-module (gnu packages tls)
|
|
#:use-module (gnu packages vpn)
|
|
#:use-module (gnu packages security-token)
|
|
#:use-module (gnu packages virtualization)
|
|
#:use-module (guix packages)
|
|
#:use-module (nongnu packages linux)
|
|
#:use-module (srfi srfi-1)
|
|
#:use-module (gnu services)
|
|
#:use-module (gnu services linux)
|
|
#:use-module (gnu services authentication)
|
|
#:use-module (gnu services security-token)
|
|
#:use-module (gnu services cups)
|
|
#:use-module (gnu services desktop)
|
|
#:use-module (gnu services networking)
|
|
#:use-module (gnu services xorg)
|
|
#:use-module (gnu services ssh)
|
|
#:use-module (gnu services nix)
|
|
#:use-module (gnu services sound)
|
|
#:use-module (gnu services avahi)
|
|
#:use-module (gnu services spice)
|
|
#:use-module (gnu services virtualization)
|
|
#:use-module (home-packages wm)
|
|
#:use-module (home-packages certs)
|
|
#:use-module (home-packages virtualization))
|
|
|
|
(define %my-base-packages
|
|
(remove (lambda (package)
|
|
(member (package-name package)
|
|
(list "sudo" "nano")))
|
|
%base-packages))
|
|
|
|
(define %backlight-udev-rule
|
|
(udev-rule
|
|
"90-backlight.rules"
|
|
(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
|
|
"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
|
|
"\n"
|
|
"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
|
|
"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
|
|
|
|
(define-public base-operating-system
|
|
(operating-system
|
|
(kernel linux)
|
|
(firmware (list linux-firmware intel-microcode sof-firmware))
|
|
(locale "en_US.utf8")
|
|
(timezone "America/New_York")
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
(host-name "ThisWillChange")
|
|
|
|
;; The list of user accounts ('root' is implicit).
|
|
(users (cons* (user-account
|
|
(name "tylerm")
|
|
(comment "Tyler Murphy")
|
|
(group "users")
|
|
(home-directory "/home/tylerm")
|
|
(shell (file-append zsh "/bin/zsh"))
|
|
(supplementary-groups '("wheel" "audio" "lp" "plugdev" "libvirt" "kvm" "netdev" "video" "tty")))
|
|
%base-user-accounts))
|
|
|
|
(packages (append (map specification->package (list "sof-firmware" ;; core system
|
|
"intel-microcode" ;; kernel utils,drivers, firmware, etc.
|
|
"mesa"
|
|
"mesa-utils"
|
|
"linux-pam"
|
|
|
|
|
|
"openssl" ;; system packages
|
|
"ncurses" ;; usefull packages needed by scripts or packages
|
|
"acpi"
|
|
"git"
|
|
"binutils"
|
|
"nss-certs"
|
|
"opendoas"
|
|
"chrony"
|
|
"gnupg"
|
|
"flatpak"
|
|
|
|
|
|
"alsa-utils" ;; sound and bluetooth
|
|
"pulseaudio" ;; i am the one who knocks (and you hear it :3)
|
|
"bluez"
|
|
"blueman"
|
|
"wireplumber"
|
|
|
|
|
|
"glu" ;; drivers or modules s runtime packages or headers
|
|
"vulkan-loader" ;; usefull for devlopmet as headers or runtime dependicies with those headers
|
|
"vulkan-validationlayers" ;; mostly graphics
|
|
"vulkan-tools"
|
|
"vulkan-headers"
|
|
"spirv-tools"
|
|
"spirv-headers"
|
|
"sdl2"
|
|
"openal"
|
|
"freealut"
|
|
"xf86-video-qxl"
|
|
"v4l2loopback-linux-module"
|
|
|
|
|
|
"xdg-desktop-portal" ;; graphics
|
|
"xdg-desktop-portal-wlr" ;; xdg and other display utilities
|
|
"xorg-server-xwayland"
|
|
"libx11"
|
|
|
|
|
|
"wireguard-tools" ;; misc
|
|
"qemu" ;; shit i cant sort, they exist
|
|
"dconf"
|
|
"avahi"
|
|
"libpcap"
|
|
"neovim"))
|
|
(list swaylock-effects-new virt-manager-new freya-ca-certs)
|
|
%my-base-packages))
|
|
|
|
;; Below is the list of system services. TO search for available
|
|
;; services. run 'guix system search KEYWORD' in a terminal.
|
|
(services
|
|
(append (list
|
|
;; To configure OpenSSH, pass an 'openssh-configuration'
|
|
;; record as a second argument to 'service' below.
|
|
(service openssh-service-type)
|
|
(service pcscd-service-type)
|
|
(service spice-vdagent-service-type)
|
|
(simple-service 'wireguard-module
|
|
kernel-module-loader-service-type
|
|
'("wireguard"))
|
|
(service cups-service-type
|
|
(cups-configuration
|
|
(web-interface? #t)))
|
|
;; Avahi is only present for CUPS to support "automagic" printing
|
|
(service avahi-service-type
|
|
(avahi-configuration
|
|
(publish? #f) ;; do not advertise this machiene
|
|
(publish-workstation? #f))) ; do not advertise, I want this to be as silent as possible
|
|
(service nix-service-type)
|
|
(service libvirt-service-type
|
|
(libvirt-configuration
|
|
(libvirt libvirt-new)
|
|
(unix-sock-group "libvirt")
|
|
(tls-port "16555")))
|
|
(service virtlog-service-type)
|
|
(service bluetooth-service-type
|
|
(bluetooth-configuration
|
|
(experimental #t)
|
|
(fast-connectable? #t)))
|
|
(service pam-limits-service-type)
|
|
(service fprintd-service-type)
|
|
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
|
|
|
|
;; This is the default list of services we
|
|
;; are appending to.
|
|
(modify-services %desktop-services
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append (list "https://substitutes.nonguix.org")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(cons* (plain-file "non-guix.pub"
|
|
"(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
|
|
)
|
|
)" ) %default-authorized-guix-keys))))
|
|
(udev-service-type config =>
|
|
(udev-configuration
|
|
(inherit config)))
|
|
(delete pulseaudio-service-type)
|
|
(delete gdm-service-type)
|
|
(delete avahi-service-type)
|
|
(delete alsa-service-type))))
|
|
|
|
(name-service-switch %mdns-host-lookup-nss)
|
|
|
|
(setuid-programs
|
|
(append (list (file-like->setuid-program
|
|
(file-append
|
|
swaylock-effects-new
|
|
"/bin/swaylock"))
|
|
(file-like->setuid-program
|
|
(file-append
|
|
(specification->package "opendoas")
|
|
"/bin/doas")))
|
|
(delete sudo %setuid-programs)))
|
|
|
|
(file-systems (cons*
|
|
(file-system
|
|
(mount-point "/tmp")
|
|
(device "none")
|
|
(type "tmpfs")
|
|
(check? #f))
|
|
%base-file-systems))
|
|
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-efi-bootloader)
|
|
(targets (list "/boot/efi"))
|
|
(keyboard-layout keyboard-layout)))))
|