rekahsoft
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: rekahsoft:a6d6ed12edbcdff9309a7ac54ee00b501b0e86d8
Branches Tags
rekahsoft:master
rekahsoft:keyring
...
compare: rekahsoft:90834a439758d22576bb2dbb9bb22edcc784e180
Branches Tags
rekahsoft:master
rekahsoft:keyring

3 Commits
a6d6ed12ed ... 90834a4397

Author SHA1 Message Date
Collin J. Doering 90834a4397
emacs-configuration: Update transient values 2024-05-16 11:25:33 -04:00
Collin J. Doering ee9dfd6c0c
home: Add include gpg.conf file 2024-05-16 11:24:01 -04:00
Collin J. Doering 3d91f3b690
desktop: Add system configuration, porting it from guix-machines 
* .guix/rekahsoft/guix-config/desktop.scm: Now that guix-home-service-type is available,
system configuration can be connected with guix home configurations, allowing both the
system, and user homes to be updated.
* .guix/rekahsoft/guix-config/machines/laptop-dell-precision.scm: Guix system configuration
for dell precision laptop, ported from guix-machines.
* .guix/rekahsoft/guix-config/machines/laptop-lenovo-t480s.scm: Guix system configuration
for lenovo t480s laptop, ported from guix-machines.
* .guix/rekahsoft/guix-config/machines/laptop-pinebook-pro.scm: Guix system configuration
for pinebook pro laptop, ported from guix-machines.
* channels.scm: Update guix, nonguix, and rekahsoft-guix channels.
 2024-05-16 11:23:03 -04:00
8 changed files with 363 additions and 3 deletions
Show Stats Expand all files Collapse all files

174
.guix/rekahsoft/guix-config/desktop.scm Normal file
View File

@ -0,0 +1,174 @@
(define-module (rekahsoft guix-config desktop)
#:use-module (gnu)
#:use-module (gnu system nss)
#:use-module (gnu packages gnome)
#:use-module (gnu packages linux)
#:use-module (gnu packages wm)
#:use-module (gnu packages shells)
#:use-module (gnu services guix)
#:use-module (gnu services virtualization)
#:use-module (gnu services docker)
#:use-module (gnu services desktop)
#:use-module (gnu services nix)
#:use-module (gnu services networking)
#:use-module (gnu services xorg)
#:use-module (gnu services security-token)
#:use-module (nongnu packages linux)
#:use-module (nongnu system linux-initrd)
#:use-module (rekahsoft guix-config home)
#:export (%rkd-desktop-services
%rkd-desktop-kernel-arguments
rkd-desktop))
(define %rkd-desktop-services
(append
(list (service guix-home-service-type
`(("collin" ,%home)))
(service bluetooth-service-type)
(service nix-service-type
(nix-configuration
(extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n"
"trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o="))))
(udev-rules-service 'android (specification->package "android-udev-rules")
#:groups '("adbusers"))
(udev-rules-service 'u2f (specification->package "libu2f-host")
#:groups '("plugdev"))
(udev-rules-service 'hackrf (specification->package "hackrf")
#:groups '("dialout"))
(service pcscd-service-type)
(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")
(listen-tls? #f)
(listen-tcp? #f)))
(service docker-service-type)
(service qemu-binfmt-service-type
(qemu-binfmt-configuration
(platforms (lookup-qemu-platforms "arm" "aarch64"))))
(service screen-locker-service-type
(screen-locker-configuration
(name "i3lock")
(program (file-append i3lock "/bin/i3lock")))))
(modify-services %desktop-services
;; Enable network-manager-openvpn plugin
(network-manager-service-type config =>
(network-manager-configuration
(inherit config)
(vpn-plugins (list network-manager-openvpn))))
;; Add and authorize non-guix substitute server
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org"
"https://guix-ci.home.rekahsoft.ca")
%default-substitute-urls))
(authorized-keys
(append (list (plain-file "non-guix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
)
)")
(plain-file "rekahsoft-guix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
)
)"))
%default-authorized-guix-keys)))))))
(define %rkd-desktop-kernel-arguments
(cons* "resume=/dev/mapper/vg0-swap"
%default-kernel-arguments))
(define (rkd-desktop host-name root-uuid efi-boot-uuid)
(operating-system
(host-name host-name)
(timezone "America/Toronto")
(locale "en_US.utf8")
;; Choose US English keyboard layout.
(keyboard-layout (keyboard-layout "us"))
;; Use the UEFI variant of GRUB with the EFI System
;; Partition mounted on /boot/efi.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets '("/boot/efi"))
(keyboard-layout keyboard-layout)))
;; Use non-free kernel, intel microcode and proprietary firmware
(kernel linux)
(kernel-arguments %rkd-desktop-kernel-arguments)
(initrd microcode-initrd)
(firmware (list linux-firmware))
;; Specify a mapped device for the encrypted root partition.
;; The UUID is that returned by 'cryptsetup luksUUID'.
(mapped-devices
(list (mapped-device
(source (uuid root-uuid))
(target "crypt")
(type luks-device-mapping))
(mapped-device
(source "vg0")
(targets (list "vg0-root" "vg0-swap"))
(type lvm-device-mapping))))
(file-systems (append
(list (file-system
(device (file-system-label "root"))
(mount-point "/")
(type "btrfs")
(options "subvol=@,compress=zstd")
(dependencies mapped-devices))
(file-system
(device (uuid efi-boot-uuid 'fat))
(mount-point "/boot/efi")
(type "vfat")))
%base-file-systems))
(swap-devices
(list (swap-space
(target (file-system-label "swap"))
(dependencies mapped-devices))))
(users (cons* (user-account
(name "collin")
(comment "Collin J Doering")
(shell (file-append zsh "/bin/zsh"))
(group "users")
(supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark"
"plugdev" "adbusers" "dialout" "kvm" "audio" "video")))
%base-user-accounts))
(groups (cons* (user-group (name "wireshark"))
%base-groups))
(packages
(append
(map specification->package
'("xinitrc-xsession" ;; for starting users .xinitrc from display manager
"btrfs-progs" ;; provide btrfs tools
"cryptsetup" ;; provide cryptsetup tools
"docker-compose"
"emacs"
"emacs-guix"
"gvfs" ;; for user mounts
"hackrf" ;; for hackrf user space tools
"soapysdr" ;; SoapySDRUtil and library
"soapyhackrf" ;; SoapySDR library support for the hackrf one
"lvm2" ;; for lvm2 tools
"nix"
"recutils"
"tmux"))
%base-packages))
(services %rkd-desktop-services)
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss)))

1
.guix/rekahsoft/guix-config/home.scm
View File

@ -493,6 +493,7 @@ single certifcate used for local development with caddy.")
(".guile" ,(local-file "../../../user-config/guile/.guile" "guilerc"))
(".ghci" ,(local-file "../../../user-config/haskell/.ghci" "ghci"))
(".gnupg/gpg.conf" ,(local-file "../../../user-config/gnupg/gpg.conf" "gpg.conf"))
(".bin/emacs-mail.sh" ,(local-file "../../../user-config/emacs/.bin/emacs-mail.sh" "emacs-mail.sh" #:recursive? #t))
(".bin/org-protocol-open.sh" ,(local-file "../../../user-config/emacs/.bin/org-protocol-open.sh" "org-protocol-open.sh" #:recursive? #t))
(".emacs.d/init.el" ,(local-file "../../../user-config/emacs/.emacs.d/init.el"))

26
.guix/rekahsoft/guix-config/machines/laptop-dell-precision.scm Normal file
View File

@ -0,0 +1,26 @@
(define-module (rekahsoft guix-config machines laptop-dell-precision)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu services xorg)
#:use-module (nongnu packages nvidia)
#:use-module (nongnu packages linux)
#:use-module (nongnu services nvidia)
#:use-module (rekahsoft guix-config desktop)
#:export (%system))
(define base-system (rkd-desktop "rekahsoft-little" "43e2445a-bcb8-4ade-a2b1-40bc311034f6" "7C07-B4DE"))
(define %system
(operating-system
(inherit base-system)
(kernel-arguments
(append '("modprobe.blacklist=nouveau"
"nvidia_drm.modeset=1"
"quiet")
%rkd-desktop-kernel-arguments))
(services
(append
(list (service nvidia-service-type))
%rkd-desktop-services))))

22
.guix/rekahsoft/guix-config/machines/laptop-lenovo-t480s.scm Normal file
View File

@ -0,0 +1,22 @@
(define-module (rekahsoft guix-config machines laptop-lenovo-t480s)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu services xorg)
#:use-module (nongnu packages nvidia)
#:use-module (nongnu packages linux)
#:use-module (nongnu services nvidia)
#:use-module (rekahsoft guix-config desktop)
#:export (%system))
(define base-system (rkd-desktop "rekahsoft-mini" "c811a95f-7de8-4c25-8b96-f4d223e5a06e" "8767-90D2"))
(define %system
(operating-system
(inherit base-system)
(services
(append
(list (set-xorg-configuration
(xorg-configuration
(keyboard-layout (operating-system-keyboard-layout base-system)))))
%rkd-desktop-services))))

52
.guix/rekahsoft/guix-config/machines/laptop-pinebook-pro.scm Normal file
View File

@ -0,0 +1,52 @@
(define-module (rekahsoft guix-config machines laptop-pinebook-pro)
#:use-module (gnu)
#:use-module (gnu image)
#:use-module (gnu system)
#:use-module (gnu system image)
#:use-module (gnu system images pinebook-pro)
#:use-module (gnu system linux-initrd)
#:use-module (gnu services xorg)
#:use-module (gnu bootloader)
#:use-module (gnu bootloader u-boot)
#:use-module (nongnu packages nvidia)
#:use-module (nongnu packages linux)
#:use-module (nongnu services nvidia)
#:use-module (rekahsoft guix-config desktop)
#:export (%system %image))
(define base-system (rkd-desktop "rekahsoft-pine" "TODO-uuid-root" "TODO-uuid-efi"))
(define %system
(operating-system
; (inherit base-system)
(inherit pinebook-pro-barebones-os)
(host-name "rekahsoft-pine")
;; (bootloader (bootloader-configuration
;; (bootloader u-boot-pinebook-pro-rk3399-bootloader)
;; (targets '("/dev/vda"))))
(initrd-modules '())
(initrd base-initrd)
(kernel linux-arm64-generic)
(file-systems (cons (file-system
(device (file-system-label "root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(mapped-devices '())
(swap-devices '())
(services (cons (service agetty-service-type
(agetty-configuration
(extra-options '("-L")) ; no carrier detect
(baud-rate "1500000")
(term "vt100")
(tty "ttyS2")))
%rkd-desktop-services))))
(define %image
(image
(inherit pinebook-pro-barebones-raw-image)
(operating-system %system)))

6
channels.scm
View File

@ -3,7 +3,7 @@
(url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
(commit
"ef9a2f9e91d37c0d93e689eb26ebeb6483655968")
"703ae431f4ad28658e34675310b4fdf58685ccdd")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
@ -14,7 +14,7 @@
(url "https://gitlab.com/nonguix/nonguix")
(branch "master")
(commit
"80b273e86a19ceaee6d9b6650ed56e853409a799")
"7081518be7d2dbb58f3fbfeb1785254a6f0059c8")
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
@ -25,7 +25,7 @@
(url "https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix.git")
(branch "master")
(commit
"7bb41e9c8194998b0af78ef105077c461730501a")
"deef3bf38160928b803d498db45288d5150a244b")
(introduction
(make-channel-introduction
"d910ac4ca1e1a115934b10921bc23f50bd481043"

1
user-config/emacs/.emacs.d/etc/transient/values.el Normal file
View File

@ -0,0 +1 @@
((magit-log:magit-log-mode "-n256" "--graph" "--color" "--decorate" "--show-signature"))

84
user-config/gnupg/gpg.conf Normal file
View File

@ -0,0 +1,84 @@
#
# This is an implementation of the Riseup OpenPGP Best Practices
# https://riseup.net/en/security/message-security/openpgp/best-practices
# Source: https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf
#-----------------------------
# default key
#-----------------------------
# The default key to sign with. If this option is not used, the default key is
# the first key found in the secret keyring
default-key 0xF7BDDC6DBBE6B16B2C711A025FAB9938E05BFEC8
# Use the default key user ID as the default recipient of a public-key encrypted document
default-recipient-self
default-recipient collin@rekahsoft.ca
# Use my personal key as an additional recipient for all files that are encrypted
encrypt-to 0xF7BDDC6DBBE6B16B2C711A025FAB9938E05BFEC8
#-----------------------------
# behavior
#-----------------------------
# Disable inclusion of the version string in ASCII armored output
no-emit-version
# Disable comment string in clear text signatures and ASCII armored messages
no-comments
# Display long key IDs
keyid-format 0xlong
# List all subkey fingerprints
with-subkey-fingerprint
# Show keygrip
with-keygrip
# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
# the agent before it asks for a passphrase.
use-agent
#-----------------------------
# keyserver
#-----------------------------
# keyserver.ubuntu.com is the default keyserver used in gpg 2.2.39
keyserver hkps://keyserver.ubuntu.com
# Upload to keys.opengpg.org using 'gpg --export collin@rekahsoft.ca | curl -T - https://keys.openpgp.org'
# OR uncomment the below line and us 'gpg --send-keys ..'
#keyserver hkps://keys.openpgp.org
# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked
#-----------------------------
# algorithm and ciphers
#-----------------------------
# list of personal digest preferences. When multiple digests are supported by
# all recipients, choose the strongest one
personal-cipher-preferences AES256 AES192 AES CAST5
# list of personal digest preferences. When multiple ciphers are supported by
# all recipients, choose the strongest one
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
# message digest algorithm used when signing a key
cert-digest-algo SHA512
# This preference list is used for new keys and becomes the default for
# "setpref" in the edit menu
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed