174 lines
7.7 KiB
Scheme
174 lines
7.7 KiB
Scheme
(define-module (rekahsoft guix-config desktop)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu system nss)
|
|
#:use-module (gnu packages gnome)
|
|
#:use-module (gnu packages linux)
|
|
#:use-module (gnu packages firmware)
|
|
#:use-module (gnu packages wm)
|
|
#:use-module (gnu packages shells)
|
|
#:use-module (gnu services virtualization)
|
|
#:use-module (gnu services docker)
|
|
#:use-module (gnu services desktop)
|
|
#:use-module (gnu services nix)
|
|
#:use-module (gnu services networking)
|
|
#:use-module (gnu services xorg)
|
|
#:use-module (gnu services security-token)
|
|
#:use-module (nongnu packages linux)
|
|
#:use-module (nongnu system linux-initrd)
|
|
#:export (%rkd-desktop-services
|
|
rkd-desktop))
|
|
|
|
(define %rkd-desktop-services
|
|
(append
|
|
(list (service bluetooth-service-type)
|
|
(service nix-service-type
|
|
(nix-configuration
|
|
(extra-config (list "substituters = https://cache.nixos.org https://nri.cachix.org\n"
|
|
"trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nri.cachix.org-1:9/BMj3Obc+uio3O5rYGT+egHzkBzDunAzlZZfhCGj6o="))))
|
|
(udev-rules-service 'android (specification->package "android-udev-rules")
|
|
#:groups '("adbusers"))
|
|
(udev-rules-service 'u2f (specification->package "libu2f-host")
|
|
#:groups '("plugdev"))
|
|
(udev-rules-service 'hackrf (specification->package "hackrf")
|
|
#:groups '("dialout"))
|
|
(service pcscd-service-type)
|
|
(service libvirt-service-type
|
|
(libvirt-configuration
|
|
(unix-sock-group "libvirt")
|
|
(listen-tls? #f)
|
|
(listen-tcp? #f)))
|
|
(service docker-service-type)
|
|
|
|
(service qemu-binfmt-service-type
|
|
(qemu-binfmt-configuration
|
|
(platforms (lookup-qemu-platforms "arm" "aarch64"))))
|
|
|
|
(simple-service 'libvirt-configuration etc-service-type
|
|
(list `("libvirt/qemu.conf" ,(mixed-text-file "qemu.conf"
|
|
"stdio_handler=\"file\"\n"
|
|
"nvram = [\n"
|
|
" \"" ovmf "/share/firmware/ovmf_x64.bin:" ovmf "/share/firmware/ovmf_vars_x64.bin\"\n"
|
|
"]\n"))))
|
|
|
|
(service screen-locker-service-type
|
|
(screen-locker-configuration
|
|
(name "i3lock")
|
|
(program (file-append i3lock "/bin/i3lock")))))
|
|
(modify-services %desktop-services
|
|
;; Enable network-manager-open plugin
|
|
(network-manager-service-type config =>
|
|
(network-manager-configuration
|
|
(inherit config)
|
|
(vpn-plugins (list network-manager-openvpn))))
|
|
;; Add and authorize non-guix substitute server
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append (list "https://substitutes.nonguix.org"
|
|
"https://guix-ci.home.rekahsoft.ca")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(append (list (plain-file "non-guix.pub"
|
|
"(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
|
|
)
|
|
)")
|
|
(plain-file "rekahsoft-guix.pub"
|
|
"(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
|
|
)
|
|
)"))
|
|
%default-authorized-guix-keys)))))))
|
|
|
|
(define (rkd-desktop host-name root-uuid efi-boot-uuid)
|
|
(operating-system
|
|
(host-name host-name)
|
|
(timezone "America/Toronto")
|
|
(locale "en_US.utf8")
|
|
|
|
;; Choose US English keyboard layout.
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
|
|
;; Use the UEFI variant of GRUB with the EFI System
|
|
;; Partition mounted on /boot/efi.
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-efi-bootloader)
|
|
(targets '("/boot/efi"))
|
|
(keyboard-layout keyboard-layout)))
|
|
|
|
;; Use non-free kernel, intel microcode and proprietary firmware
|
|
(kernel linux)
|
|
(initrd microcode-initrd)
|
|
(firmware (list linux-firmware))
|
|
|
|
;; Specify a mapped device for the encrypted root partition.
|
|
;; The UUID is that returned by 'cryptsetup luksUUID'.
|
|
(mapped-devices
|
|
(list (mapped-device
|
|
(source (uuid root-uuid))
|
|
(target "crypt")
|
|
(type luks-device-mapping))
|
|
(mapped-device
|
|
(source "vg0")
|
|
(targets (list "vg0-root" "vg0-swap"))
|
|
(type lvm-device-mapping))))
|
|
|
|
(file-systems (append
|
|
(list (file-system
|
|
(device (file-system-label "root"))
|
|
(mount-point "/")
|
|
(type "btrfs")
|
|
(options "subvol=@,compress=zstd")
|
|
(dependencies mapped-devices))
|
|
(file-system
|
|
(device (uuid efi-boot-uuid 'fat))
|
|
(mount-point "/boot/efi")
|
|
(type "vfat")))
|
|
%base-file-systems))
|
|
|
|
(swap-devices
|
|
(list (swap-space
|
|
(target (file-system-label "swap"))
|
|
(dependencies mapped-devices))))
|
|
|
|
(users (cons* (user-account
|
|
(name "collin")
|
|
(comment "Collin J Doering")
|
|
(shell (file-append zsh "/bin/zsh"))
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker" "wireshark"
|
|
"plugdev" "adbusers" "dialout" "kvm" "audio" "video")))
|
|
%base-user-accounts))
|
|
|
|
(groups (cons* (user-group (name "wireshark"))
|
|
%base-groups))
|
|
|
|
(packages
|
|
(append
|
|
(map specification->package
|
|
'("xinitrc-xsession" ;; for starting users .xinitrc from display manager
|
|
"btrfs-progs" ;; for btrfs root filesystem
|
|
"docker-compose"
|
|
"emacs"
|
|
"emacs-guix"
|
|
"gvfs" ;; for user mounts
|
|
"hackrf" ;; for hackrf user space tools
|
|
"soapysdr" ;; SoapySDRUtil and library
|
|
"soapyhackrf" ;; SoapySDR library support for the hackrf one
|
|
"lvm2" ;; for lvm2 tools
|
|
"nix"
|
|
"nss-certs" ;; for HTTPS access
|
|
"recutils"
|
|
"tmux"))
|
|
%base-packages))
|
|
|
|
(services %rkd-desktop-services)
|
|
|
|
;; Allow resolution of '.local' host names with mDNS.
|
|
(name-service-switch %mdns-host-lookup-nss)))
|