(define-module (rekahsoft guix-config desktop) #:use-module (gnu) #:use-module (gnu system nss) #:use-module (gnu packages gnome) #:use-module (gnu packages linux) #:use-module (gnu packages firmware) #:use-module (gnu packages wm) #:use-module (gnu packages shells) #:use-module (gnu services virtualization) #:use-module (gnu services docker) #:use-module (gnu services desktop) #:use-module (gnu services nix) #:use-module (gnu services networking) #:use-module (gnu services xorg) #:use-module (gnu services security-token) #:use-module (nongnu packages linux) #:use-module (nongnu system linux-initrd) #:export (%rkd-desktop-services rkd-desktop)) (define %rkd-desktop-services (append (list (service bluetooth-service-type) (service nix-service-type (nix-configuration (extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n" "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o=")))) (udev-rules-service 'android (specification->package "android-udev-rules") #:groups '("adbusers")) (udev-rules-service 'u2f (specification->package "libu2f-host") #:groups '("plugdev")) (udev-rules-service 'hackrf (specification->package "hackrf") #:groups '("dialout")) (service pcscd-service-type) (service libvirt-service-type (libvirt-configuration (unix-sock-group "libvirt") (listen-tls? #f) (listen-tcp? #f))) (service docker-service-type) (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64")))) (simple-service 'libvirt-configuration etc-service-type (list `("libvirt/qemu.conf" ,(mixed-text-file "qemu.conf" "stdio_handler=\"file\"\n" "nvram = [\n" " \"" ovmf "/share/firmware/ovmf_x64.bin:" ovmf "/share/firmware/ovmf_vars_x64.bin\"\n" "]\n")))) (service screen-locker-service-type (screen-locker-configuration (name "i3lock") (program (file-append i3lock "/bin/i3lock"))))) (modify-services %desktop-services ;; Enable network-manager-open plugin (network-manager-service-type config => (network-manager-configuration (inherit config) (vpn-plugins (list network-manager-openvpn)))) ;; Add and authorize non-guix substitute server (guix-service-type config => (guix-configuration (inherit config) (substitute-urls (append (list "https://substitutes.nonguix.org" "https://guix-ci.home.rekahsoft.ca") %default-substitute-urls)) (authorized-keys (append (list (plain-file "non-guix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) ) )") (plain-file "rekahsoft-guix.pub" "(public-key (ecc (curve Ed25519) (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#) ) )")) %default-authorized-guix-keys))))))) (define (rkd-desktop host-name root-uuid efi-boot-uuid) (operating-system (host-name host-name) (timezone "America/Toronto") (locale "en_US.utf8") ;; Choose US English keyboard layout. (keyboard-layout (keyboard-layout "us")) ;; Use the UEFI variant of GRUB with the EFI System ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets '("/boot/efi")) (keyboard-layout keyboard-layout))) ;; Use non-free kernel, intel microcode and proprietary firmware (kernel linux) (kernel-arguments (cons* "resume=/dev/mapper/vg0-swap" %default-kernel-arguments)) (initrd microcode-initrd) (firmware (list linux-firmware)) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. (mapped-devices (list (mapped-device (source (uuid root-uuid)) (target "crypt") (type luks-device-mapping)) (mapped-device (source "vg0") (targets (list "vg0-root" "vg0-swap")) (type lvm-device-mapping)))) (file-systems (append (list (file-system (device (file-system-label "root")) (mount-point "/") (type "btrfs") (options "subvol=@,compress=zstd") (dependencies mapped-devices)) (file-system (device (uuid efi-boot-uuid 'fat)) (mount-point "/boot/efi") (type "vfat"))) %base-file-systems)) (swap-devices (list (swap-space (target (file-system-label "swap")) (dependencies mapped-devices)))) (users (cons* (user-account (name "collin") (comment "Collin J Doering") (shell (file-append zsh "/bin/zsh")) (group "users") (supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark" "plugdev" "adbusers" "dialout" "kvm" "audio" "video"))) %base-user-accounts)) (groups (cons* (user-group (name "wireshark")) %base-groups)) (packages (append (map specification->package '("xinitrc-xsession" ;; for starting users .xinitrc from display manager "btrfs-progs" ;; for btrfs root filesystem "docker-compose" "emacs" "emacs-guix" "gvfs" ;; for user mounts "hackrf" ;; for hackrf user space tools "soapysdr" ;; SoapySDRUtil and library "soapyhackrf" ;; SoapySDR library support for the hackrf one "lvm2" ;; for lvm2 tools "nix" "nss-certs" ;; for HTTPS access "recutils" "tmux")) %base-packages)) (services %rkd-desktop-services) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)))