diff --git a/.guix/rekahsoft/guix-config/desktop.scm b/.guix/rekahsoft/guix-config/desktop.scm new file mode 100644 index 0000000..b367aee --- /dev/null +++ b/.guix/rekahsoft/guix-config/desktop.scm @@ -0,0 +1,158 @@ +(define-module (rekahsoft guix-config desktop) + #:use-module (gnu) + #:use-module (gnu system nss) + #:use-module (gnu packages gnome) + #:use-module (gnu packages linux) + #:use-module (gnu packages wm) + #:use-module (gnu packages shells) + #:use-module (gnu services virtualization) + #:use-module (gnu services docker) + #:use-module (gnu services desktop) + #:use-module (gnu services nix) + #:use-module (gnu services networking) + #:use-module (gnu services xorg) + #:use-module (gnu services security-token) + #:use-module (nongnu packages linux) + #:use-module (nongnu system linux-initrd) + #:export (%rkd-desktop-services + rkd-desktop)) + +(define %rkd-desktop-services + (append + (list (service bluetooth-service-type) + (service nix-service-type + (nix-configuration + (extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n" + "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o=")))) + (udev-rules-service 'android (specification->package "android-udev-rules") + #:groups '("adbusers")) + (udev-rules-service 'u2f (specification->package "libu2f-host") + #:groups '("plugdev")) + (service pcscd-service-type) + (service libvirt-service-type + (libvirt-configuration + (unix-sock-group "libvirt") + (listen-tls? #f) + (listen-tcp? #f))) + (service docker-service-type) + + (service qemu-binfmt-service-type + (qemu-binfmt-configuration + (platforms (lookup-qemu-platforms "arm" "aarch64")))) + (service screen-locker-service-type + (screen-locker-configuration + (name "i3lock") + (program (file-append i3lock "/bin/i3lock"))))) + (modify-services %desktop-services + ;; Enable network-manager-open plugin + (network-manager-service-type config => + (network-manager-configuration + (inherit config) + (vpn-plugins (list network-manager-openvpn)))) + ;; Add and authorize non-guix substitute server + (guix-service-type config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org" + "https://guix-ci.home.rekahsoft.ca") + %default-substitute-urls)) + (authorized-keys + (append (list (plain-file "non-guix.pub" + "(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) + ) + )") + (plain-file "rekahsoft-guix.pub" + "(public-key + (ecc + (curve Ed25519) + (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#) + ) + )")) + %default-authorized-guix-keys))))))) + +(define (rkd-desktop host-name root-uuid efi-boot-uuid) + (operating-system + (host-name host-name) + (timezone "America/Toronto") + (locale "en_US.utf8") + + ;; Choose US English keyboard layout. + (keyboard-layout (keyboard-layout "us")) + + ;; Use the UEFI variant of GRUB with the EFI System + ;; Partition mounted on /boot/efi. + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + (keyboard-layout keyboard-layout))) + + ;; Use non-free kernel, intel microcode and proprietary firmware + (kernel linux) + (initrd microcode-initrd) + (firmware (list linux-firmware)) + + ;; Specify a mapped device for the encrypted root partition. + ;; The UUID is that returned by 'cryptsetup luksUUID'. + (mapped-devices + (list (mapped-device + (source (uuid root-uuid)) + (target "crypt") + (type luks-device-mapping)) + (mapped-device + (source "vg0") + (targets (list "vg0-root" "vg0-swap")) + (type lvm-device-mapping)))) + + (file-systems (append + (list (file-system + (device (file-system-label "root")) + (mount-point "/") + (type "btrfs") + (options "subvol=@,compress=zstd") + (dependencies mapped-devices)) + (file-system + (device (uuid efi-boot-uuid 'fat)) + (mount-point "/boot/efi") + (type "vfat"))) + %base-file-systems)) + + (swap-devices + (list (swap-space + (target (file-system-label "swap")) + (dependencies mapped-devices)))) + + (users (cons* (user-account + (name "collin") + (comment "Collin J Doering") + (shell (file-append zsh "/bin/zsh")) + (group "users") + (supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark" "plugdev" "adbusers" + "kvm" "audio" "video"))) + %base-user-accounts)) + + (groups (cons* (user-group (name "wireshark")) + %base-groups)) + + (packages + (append + (map specification->package + '("nss-certs" ;; for HTTPS access + "gvfs" ;; for user mounts + "docker-compose" + "btrfs-progs" ;; for btrfs root filesystem + "xinitrc-xsession" ;; for starting users .xinitrc from display manager + "nix" + "tmux" + "recutils" + "emacs" + "emacs-guix")) + %base-packages)) + + (services %rkd-desktop-services) + + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss))) diff --git a/.guix/rekahsoft/guix-config/manual/laptop-dell-precision.scm b/.guix/rekahsoft/guix-config/manual/laptop-dell-precision.scm new file mode 100644 index 0000000..4694944 --- /dev/null +++ b/.guix/rekahsoft/guix-config/manual/laptop-dell-precision.scm @@ -0,0 +1,29 @@ +(define-module (rekahsoft guix-config manual laptop-dell-precision) + #:use-module (gnu) + #:use-module (gnu system) + #:use-module (gnu services xorg) + #:use-module (nongnu packages nvidia) + #:use-module (nongnu packages linux) + #:use-module (nongnu services nvidia) + #:use-module (rekahsoft guix-config desktop) + #:export (%system)) + +(define base-system (rkd-desktop "rekahsoft-little" "43e2445a-bcb8-4ade-a2b1-40bc311034f6" "427E-E72A")) + +(define %system + (operating-system + (inherit base-system) + + ;; Use linux@6.1 (lts) kernel as nvidia does not yet build on 6.6 + ;; See: https://gitlab.com/nonguix/nonguix/-/issues/298 + (kernel linux-lts) + + (services + (append + (list (service nvidia-service-type) + (set-xorg-configuration + (xorg-configuration + (modules (cons* nvidia-driver %default-xorg-modules)) + (drivers '("nvidia" "intel")) + (keyboard-layout (operating-system-keyboard-layout base-system))))) + %rkd-desktop-services)))) diff --git a/.guix/rekahsoft/guix-config/manual/laptop-lenovo-t480s.scm b/.guix/rekahsoft/guix-config/manual/laptop-lenovo-t480s.scm index 60f8361..a8e6f7f 100644 --- a/.guix/rekahsoft/guix-config/manual/laptop-lenovo-t480s.scm +++ b/.guix/rekahsoft/guix-config/manual/laptop-lenovo-t480s.scm @@ -1,154 +1,22 @@ (define-module (rekahsoft guix-config manual laptop-lenovo-t480s) #:use-module (gnu) - #:use-module (gnu system nss) - #:use-module (gnu packages gnome) - #:use-module (gnu packages linux) - #:use-module (gnu packages wm) - #:use-module (gnu packages shells) - #:use-module (gnu services virtualization) - #:use-module (gnu services docker) - #:use-module (gnu services desktop) - #:use-module (gnu services nix) - #:use-module (gnu services networking) + #:use-module (gnu system) #:use-module (gnu services xorg) - #:use-module (gnu services security-token) + #:use-module (nongnu packages nvidia) #:use-module (nongnu packages linux) - #:use-module (nongnu system linux-initrd) + #:use-module (nongnu services nvidia) + #:use-module (rekahsoft guix-config desktop) #:export (%system)) +(define base-system (rkd-desktop "rekahsoft-mini" "c811a95f-7de8-4c25-8b96-f4d223e5a06e" "8767-90D2")) + (define %system (operating-system - (host-name "rekahsoft-mini") - (timezone "America/Toronto") - (locale "en_US.utf8") + (inherit base-system) - ;; Choose US English keyboard layout. - (keyboard-layout (keyboard-layout "us")) - - ;; Use the UEFI variant of GRUB with the EFI System - ;; Partition mounted on /boot/efi. - (bootloader (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets '("/boot/efi")) - (keyboard-layout keyboard-layout))) - - ;; Use non-free kernel, intel microcode and proprietary firmware - (kernel linux) - (initrd microcode-initrd) - (firmware (list linux-firmware)) - - ;; Specify a mapped device for the encrypted root partition. - ;; The UUID is that returned by 'cryptsetup luksUUID'. - (mapped-devices - (list (mapped-device - (source (uuid "c811a95f-7de8-4c25-8b96-f4d223e5a06e")) - (target "crypt") - (type luks-device-mapping)) - (mapped-device - (source "vg0") - (targets (list "vg0-root" "vg0-swap")) - (type lvm-device-mapping)))) - - (file-systems (append - (list (file-system - (device (file-system-label "root")) - (mount-point "/") - (type "btrfs") - (options "subvol=@,compress=zstd") - (dependencies mapped-devices)) - (file-system - (device (uuid "8767-90D2" 'fat)) - (mount-point "/boot/efi") - (type "vfat"))) - %base-file-systems)) - - (swap-devices - (list (swap-space - (target (file-system-label "swap")) - (dependencies mapped-devices)))) - - (users (cons* (user-account - (name "collin") - (comment "Collin J Doering") - (shell (file-append zsh "/bin/zsh")) - (group "users") - (supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark" "plugdev" "adbusers" - "kvm" "audio" "video"))) - %base-user-accounts)) - - (groups (cons* (user-group (name "wireshark")) - %base-groups)) - - (packages - (append - (map specification->package - '("nss-certs" ;; for HTTPS access - "gvfs" ;; for user mounts - "docker-compose" - "btrfs-progs" ;; for btrfs root filesystem - "xinitrc-xsession" ;; for starting users .xinitrc from display manager - "nix" - "tmux" - "recutils" - "emacs" - "emacs-guix")) - %base-packages)) - - (services - (append - (list (service bluetooth-service-type) - (service nix-service-type - (nix-configuration - (extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n" - "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o=")))) - (udev-rules-service 'android (specification->package "android-udev-rules") - #:groups '("adbusers")) - (udev-rules-service 'u2f (specification->package "libu2f-host") - #:groups '("plugdev")) - (service pcscd-service-type) - (service libvirt-service-type - (libvirt-configuration - (unix-sock-group "libvirt") - (listen-tls? #f) - (listen-tcp? #f))) - (service docker-service-type) - (service qemu-binfmt-service-type - (qemu-binfmt-configuration - (platforms (lookup-qemu-platforms "arm" "aarch64")))) - (screen-locker-service i3lock) - (set-xorg-configuration - (xorg-configuration - (keyboard-layout keyboard-layout)))) - (modify-services %desktop-services - ;; Enable network-manager-open plugin - (network-manager-service-type config => - (network-manager-configuration - (inherit config) - (vpn-plugins (list network-manager-openvpn)))) - ;; Add and authorize non-guix substitute server - (guix-service-type config => - (guix-configuration - (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org" - "https://guix-ci.home.rekahsoft.ca") - %default-substitute-urls)) - (authorized-keys - (append (list (plain-file "non-guix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) - ) - )") - (plain-file "rekahsoft-guix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#) - ) - )")) - %default-authorized-guix-keys))))))) - - ;; Allow resolution of '.local' host names with mDNS. - (name-service-switch %mdns-host-lookup-nss))) + (services + (append + (list (set-xorg-configuration + (xorg-configuration + (keyboard-layout (operating-system-keyboard-layout base-system)))))) + %rkd-desktop-services))))