Compare commits
3 Commits
a6d6ed12ed
...
90834a4397
Author | SHA1 | Date |
---|---|---|
Collin J. Doering | 90834a4397 | |
Collin J. Doering | ee9dfd6c0c | |
Collin J. Doering | 3d91f3b690 |
|
@ -0,0 +1,174 @@
|
|||
(define-module (rekahsoft guix-config desktop)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu system nss)
|
||||
#:use-module (gnu packages gnome)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages wm)
|
||||
#:use-module (gnu packages shells)
|
||||
#:use-module (gnu services guix)
|
||||
#:use-module (gnu services virtualization)
|
||||
#:use-module (gnu services docker)
|
||||
#:use-module (gnu services desktop)
|
||||
#:use-module (gnu services nix)
|
||||
#:use-module (gnu services networking)
|
||||
#:use-module (gnu services xorg)
|
||||
#:use-module (gnu services security-token)
|
||||
#:use-module (nongnu packages linux)
|
||||
#:use-module (nongnu system linux-initrd)
|
||||
#:use-module (rekahsoft guix-config home)
|
||||
#:export (%rkd-desktop-services
|
||||
%rkd-desktop-kernel-arguments
|
||||
rkd-desktop))
|
||||
|
||||
(define %rkd-desktop-services
|
||||
(append
|
||||
(list (service guix-home-service-type
|
||||
`(("collin" ,%home)))
|
||||
(service bluetooth-service-type)
|
||||
(service nix-service-type
|
||||
(nix-configuration
|
||||
(extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n"
|
||||
"trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o="))))
|
||||
(udev-rules-service 'android (specification->package "android-udev-rules")
|
||||
#:groups '("adbusers"))
|
||||
(udev-rules-service 'u2f (specification->package "libu2f-host")
|
||||
#:groups '("plugdev"))
|
||||
(udev-rules-service 'hackrf (specification->package "hackrf")
|
||||
#:groups '("dialout"))
|
||||
(service pcscd-service-type)
|
||||
(service libvirt-service-type
|
||||
(libvirt-configuration
|
||||
(unix-sock-group "libvirt")
|
||||
(listen-tls? #f)
|
||||
(listen-tcp? #f)))
|
||||
(service docker-service-type)
|
||||
|
||||
(service qemu-binfmt-service-type
|
||||
(qemu-binfmt-configuration
|
||||
(platforms (lookup-qemu-platforms "arm" "aarch64"))))
|
||||
(service screen-locker-service-type
|
||||
(screen-locker-configuration
|
||||
(name "i3lock")
|
||||
(program (file-append i3lock "/bin/i3lock")))))
|
||||
(modify-services %desktop-services
|
||||
;; Enable network-manager-openvpn plugin
|
||||
(network-manager-service-type config =>
|
||||
(network-manager-configuration
|
||||
(inherit config)
|
||||
(vpn-plugins (list network-manager-openvpn))))
|
||||
;; Add and authorize non-guix substitute server
|
||||
(guix-service-type config =>
|
||||
(guix-configuration
|
||||
(inherit config)
|
||||
(substitute-urls
|
||||
(append (list "https://substitutes.nonguix.org"
|
||||
"https://guix-ci.home.rekahsoft.ca")
|
||||
%default-substitute-urls))
|
||||
(authorized-keys
|
||||
(append (list (plain-file "non-guix.pub"
|
||||
"(public-key
|
||||
(ecc
|
||||
(curve Ed25519)
|
||||
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
|
||||
)
|
||||
)")
|
||||
(plain-file "rekahsoft-guix.pub"
|
||||
"(public-key
|
||||
(ecc
|
||||
(curve Ed25519)
|
||||
(q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
|
||||
)
|
||||
)"))
|
||||
%default-authorized-guix-keys)))))))
|
||||
|
||||
(define %rkd-desktop-kernel-arguments
|
||||
(cons* "resume=/dev/mapper/vg0-swap"
|
||||
%default-kernel-arguments))
|
||||
|
||||
(define (rkd-desktop host-name root-uuid efi-boot-uuid)
|
||||
(operating-system
|
||||
(host-name host-name)
|
||||
(timezone "America/Toronto")
|
||||
(locale "en_US.utf8")
|
||||
|
||||
;; Choose US English keyboard layout.
|
||||
(keyboard-layout (keyboard-layout "us"))
|
||||
|
||||
;; Use the UEFI variant of GRUB with the EFI System
|
||||
;; Partition mounted on /boot/efi.
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-efi-bootloader)
|
||||
(targets '("/boot/efi"))
|
||||
(keyboard-layout keyboard-layout)))
|
||||
|
||||
;; Use non-free kernel, intel microcode and proprietary firmware
|
||||
(kernel linux)
|
||||
(kernel-arguments %rkd-desktop-kernel-arguments)
|
||||
(initrd microcode-initrd)
|
||||
(firmware (list linux-firmware))
|
||||
|
||||
;; Specify a mapped device for the encrypted root partition.
|
||||
;; The UUID is that returned by 'cryptsetup luksUUID'.
|
||||
(mapped-devices
|
||||
(list (mapped-device
|
||||
(source (uuid root-uuid))
|
||||
(target "crypt")
|
||||
(type luks-device-mapping))
|
||||
(mapped-device
|
||||
(source "vg0")
|
||||
(targets (list "vg0-root" "vg0-swap"))
|
||||
(type lvm-device-mapping))))
|
||||
|
||||
(file-systems (append
|
||||
(list (file-system
|
||||
(device (file-system-label "root"))
|
||||
(mount-point "/")
|
||||
(type "btrfs")
|
||||
(options "subvol=@,compress=zstd")
|
||||
(dependencies mapped-devices))
|
||||
(file-system
|
||||
(device (uuid efi-boot-uuid 'fat))
|
||||
(mount-point "/boot/efi")
|
||||
(type "vfat")))
|
||||
%base-file-systems))
|
||||
|
||||
(swap-devices
|
||||
(list (swap-space
|
||||
(target (file-system-label "swap"))
|
||||
(dependencies mapped-devices))))
|
||||
|
||||
(users (cons* (user-account
|
||||
(name "collin")
|
||||
(comment "Collin J Doering")
|
||||
(shell (file-append zsh "/bin/zsh"))
|
||||
(group "users")
|
||||
(supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark"
|
||||
"plugdev" "adbusers" "dialout" "kvm" "audio" "video")))
|
||||
%base-user-accounts))
|
||||
|
||||
(groups (cons* (user-group (name "wireshark"))
|
||||
%base-groups))
|
||||
|
||||
(packages
|
||||
(append
|
||||
(map specification->package
|
||||
'("xinitrc-xsession" ;; for starting users .xinitrc from display manager
|
||||
"btrfs-progs" ;; provide btrfs tools
|
||||
"cryptsetup" ;; provide cryptsetup tools
|
||||
"docker-compose"
|
||||
"emacs"
|
||||
"emacs-guix"
|
||||
"gvfs" ;; for user mounts
|
||||
"hackrf" ;; for hackrf user space tools
|
||||
"soapysdr" ;; SoapySDRUtil and library
|
||||
"soapyhackrf" ;; SoapySDR library support for the hackrf one
|
||||
"lvm2" ;; for lvm2 tools
|
||||
"nix"
|
||||
"recutils"
|
||||
"tmux"))
|
||||
%base-packages))
|
||||
|
||||
(services %rkd-desktop-services)
|
||||
|
||||
;; Allow resolution of '.local' host names with mDNS.
|
||||
(name-service-switch %mdns-host-lookup-nss)))
|
|
@ -493,6 +493,7 @@ single certifcate used for local development with caddy.")
|
|||
(".guile" ,(local-file "../../../user-config/guile/.guile" "guilerc"))
|
||||
(".ghci" ,(local-file "../../../user-config/haskell/.ghci" "ghci"))
|
||||
|
||||
(".gnupg/gpg.conf" ,(local-file "../../../user-config/gnupg/gpg.conf" "gpg.conf"))
|
||||
(".bin/emacs-mail.sh" ,(local-file "../../../user-config/emacs/.bin/emacs-mail.sh" "emacs-mail.sh" #:recursive? #t))
|
||||
(".bin/org-protocol-open.sh" ,(local-file "../../../user-config/emacs/.bin/org-protocol-open.sh" "org-protocol-open.sh" #:recursive? #t))
|
||||
(".emacs.d/init.el" ,(local-file "../../../user-config/emacs/.emacs.d/init.el"))
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
(define-module (rekahsoft guix-config machines laptop-dell-precision)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu system)
|
||||
#:use-module (gnu services xorg)
|
||||
#:use-module (nongnu packages nvidia)
|
||||
#:use-module (nongnu packages linux)
|
||||
#:use-module (nongnu services nvidia)
|
||||
#:use-module (rekahsoft guix-config desktop)
|
||||
#:export (%system))
|
||||
|
||||
(define base-system (rkd-desktop "rekahsoft-little" "43e2445a-bcb8-4ade-a2b1-40bc311034f6" "7C07-B4DE"))
|
||||
|
||||
(define %system
|
||||
(operating-system
|
||||
(inherit base-system)
|
||||
|
||||
(kernel-arguments
|
||||
(append '("modprobe.blacklist=nouveau"
|
||||
"nvidia_drm.modeset=1"
|
||||
"quiet")
|
||||
%rkd-desktop-kernel-arguments))
|
||||
|
||||
(services
|
||||
(append
|
||||
(list (service nvidia-service-type))
|
||||
%rkd-desktop-services))))
|
|
@ -0,0 +1,22 @@
|
|||
(define-module (rekahsoft guix-config machines laptop-lenovo-t480s)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu system)
|
||||
#:use-module (gnu services xorg)
|
||||
#:use-module (nongnu packages nvidia)
|
||||
#:use-module (nongnu packages linux)
|
||||
#:use-module (nongnu services nvidia)
|
||||
#:use-module (rekahsoft guix-config desktop)
|
||||
#:export (%system))
|
||||
|
||||
(define base-system (rkd-desktop "rekahsoft-mini" "c811a95f-7de8-4c25-8b96-f4d223e5a06e" "8767-90D2"))
|
||||
|
||||
(define %system
|
||||
(operating-system
|
||||
(inherit base-system)
|
||||
|
||||
(services
|
||||
(append
|
||||
(list (set-xorg-configuration
|
||||
(xorg-configuration
|
||||
(keyboard-layout (operating-system-keyboard-layout base-system)))))
|
||||
%rkd-desktop-services))))
|
|
@ -0,0 +1,52 @@
|
|||
(define-module (rekahsoft guix-config machines laptop-pinebook-pro)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu image)
|
||||
#:use-module (gnu system)
|
||||
#:use-module (gnu system image)
|
||||
#:use-module (gnu system images pinebook-pro)
|
||||
#:use-module (gnu system linux-initrd)
|
||||
#:use-module (gnu services xorg)
|
||||
#:use-module (gnu bootloader)
|
||||
#:use-module (gnu bootloader u-boot)
|
||||
#:use-module (nongnu packages nvidia)
|
||||
#:use-module (nongnu packages linux)
|
||||
#:use-module (nongnu services nvidia)
|
||||
#:use-module (rekahsoft guix-config desktop)
|
||||
#:export (%system %image))
|
||||
|
||||
(define base-system (rkd-desktop "rekahsoft-pine" "TODO-uuid-root" "TODO-uuid-efi"))
|
||||
|
||||
(define %system
|
||||
(operating-system
|
||||
; (inherit base-system)
|
||||
(inherit pinebook-pro-barebones-os)
|
||||
(host-name "rekahsoft-pine")
|
||||
|
||||
;; (bootloader (bootloader-configuration
|
||||
;; (bootloader u-boot-pinebook-pro-rk3399-bootloader)
|
||||
;; (targets '("/dev/vda"))))
|
||||
|
||||
(initrd-modules '())
|
||||
(initrd base-initrd)
|
||||
(kernel linux-arm64-generic)
|
||||
|
||||
(file-systems (cons (file-system
|
||||
(device (file-system-label "root"))
|
||||
(mount-point "/")
|
||||
(type "ext4"))
|
||||
%base-file-systems))
|
||||
(mapped-devices '())
|
||||
(swap-devices '())
|
||||
|
||||
(services (cons (service agetty-service-type
|
||||
(agetty-configuration
|
||||
(extra-options '("-L")) ; no carrier detect
|
||||
(baud-rate "1500000")
|
||||
(term "vt100")
|
||||
(tty "ttyS2")))
|
||||
%rkd-desktop-services))))
|
||||
|
||||
(define %image
|
||||
(image
|
||||
(inherit pinebook-pro-barebones-raw-image)
|
||||
(operating-system %system)))
|
|
@ -3,7 +3,7 @@
|
|||
(url "https://git.savannah.gnu.org/git/guix.git")
|
||||
(branch "master")
|
||||
(commit
|
||||
"ef9a2f9e91d37c0d93e689eb26ebeb6483655968")
|
||||
"703ae431f4ad28658e34675310b4fdf58685ccdd")
|
||||
(introduction
|
||||
(make-channel-introduction
|
||||
"9edb3f66fd807b096b48283debdcddccfea34bad"
|
||||
|
@ -14,7 +14,7 @@
|
|||
(url "https://gitlab.com/nonguix/nonguix")
|
||||
(branch "master")
|
||||
(commit
|
||||
"80b273e86a19ceaee6d9b6650ed56e853409a799")
|
||||
"7081518be7d2dbb58f3fbfeb1785254a6f0059c8")
|
||||
(introduction
|
||||
(make-channel-introduction
|
||||
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
|
||||
|
@ -25,7 +25,7 @@
|
|||
(url "https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix.git")
|
||||
(branch "master")
|
||||
(commit
|
||||
"7bb41e9c8194998b0af78ef105077c461730501a")
|
||||
"deef3bf38160928b803d498db45288d5150a244b")
|
||||
(introduction
|
||||
(make-channel-introduction
|
||||
"d910ac4ca1e1a115934b10921bc23f50bd481043"
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
((magit-log:magit-log-mode "-n256" "--graph" "--color" "--decorate" "--show-signature"))
|
|
@ -0,0 +1,84 @@
|
|||
#
|
||||
# This is an implementation of the Riseup OpenPGP Best Practices
|
||||
# https://riseup.net/en/security/message-security/openpgp/best-practices
|
||||
# Source: https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf
|
||||
|
||||
|
||||
#-----------------------------
|
||||
# default key
|
||||
#-----------------------------
|
||||
|
||||
# The default key to sign with. If this option is not used, the default key is
|
||||
# the first key found in the secret keyring
|
||||
|
||||
default-key 0xF7BDDC6DBBE6B16B2C711A025FAB9938E05BFEC8
|
||||
|
||||
# Use the default key user ID as the default recipient of a public-key encrypted document
|
||||
default-recipient-self
|
||||
default-recipient collin@rekahsoft.ca
|
||||
|
||||
# Use my personal key as an additional recipient for all files that are encrypted
|
||||
encrypt-to 0xF7BDDC6DBBE6B16B2C711A025FAB9938E05BFEC8
|
||||
|
||||
|
||||
#-----------------------------
|
||||
# behavior
|
||||
#-----------------------------
|
||||
|
||||
# Disable inclusion of the version string in ASCII armored output
|
||||
no-emit-version
|
||||
|
||||
# Disable comment string in clear text signatures and ASCII armored messages
|
||||
no-comments
|
||||
|
||||
# Display long key IDs
|
||||
keyid-format 0xlong
|
||||
|
||||
# List all subkey fingerprints
|
||||
with-subkey-fingerprint
|
||||
|
||||
# Show keygrip
|
||||
with-keygrip
|
||||
|
||||
# Display the calculated validity of user IDs during key listings
|
||||
list-options show-uid-validity
|
||||
verify-options show-uid-validity
|
||||
|
||||
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
|
||||
# the agent before it asks for a passphrase.
|
||||
use-agent
|
||||
|
||||
|
||||
#-----------------------------
|
||||
# keyserver
|
||||
#-----------------------------
|
||||
|
||||
# keyserver.ubuntu.com is the default keyserver used in gpg 2.2.39
|
||||
keyserver hkps://keyserver.ubuntu.com
|
||||
|
||||
# Upload to keys.opengpg.org using 'gpg --export collin@rekahsoft.ca | curl -T - https://keys.openpgp.org'
|
||||
# OR uncomment the below line and us 'gpg --send-keys ..'
|
||||
#keyserver hkps://keys.openpgp.org
|
||||
|
||||
# When searching for a key with --search-keys, include keys that are marked on
|
||||
# the keyserver as revoked
|
||||
keyserver-options include-revoked
|
||||
|
||||
#-----------------------------
|
||||
# algorithm and ciphers
|
||||
#-----------------------------
|
||||
|
||||
# list of personal digest preferences. When multiple digests are supported by
|
||||
# all recipients, choose the strongest one
|
||||
personal-cipher-preferences AES256 AES192 AES CAST5
|
||||
|
||||
# list of personal digest preferences. When multiple ciphers are supported by
|
||||
# all recipients, choose the strongest one
|
||||
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
|
||||
|
||||
# message digest algorithm used when signing a key
|
||||
cert-digest-algo SHA512
|
||||
|
||||
# This preference list is used for new keys and becomes the default for
|
||||
# "setpref" in the edit menu
|
||||
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
Loading…
Reference in New Issue