148 lines
5.9 KiB
Scheme
148 lines
5.9 KiB
Scheme
(define-module (rekahsoft guix-config manual laptop-lenovo-t480s)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu system nss)
|
|
#:use-module (gnu packages linux)
|
|
#:use-module (gnu packages shells)
|
|
#:use-module (gnu services virtualization)
|
|
#:use-module (gnu services docker)
|
|
#:use-module (gnu services desktop)
|
|
#:use-module (gnu services xorg)
|
|
#:use-module (gnu services security-token)
|
|
#:use-module (nongnu packages linux)
|
|
#:use-module (nongnu system linux-initrd)
|
|
#:export (system))
|
|
|
|
(define system
|
|
(operating-system
|
|
(host-name "rekahsoft-mini")
|
|
(timezone "America/Toronto")
|
|
(locale "en_US.utf8")
|
|
|
|
;; Choose US English keyboard layout.
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
|
|
;; Use the UEFI variant of GRUB with the EFI System
|
|
;; Partition mounted on /boot/efi.
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-efi-bootloader)
|
|
(targets '("/boot/efi"))
|
|
(keyboard-layout keyboard-layout)))
|
|
|
|
;; Use non-free kernel, intel microcode and proprietary firmware
|
|
(kernel linux)
|
|
(initrd microcode-initrd)
|
|
(firmware (list linux-firmware))
|
|
|
|
;; Specify a mapped device for the encrypted root partition.
|
|
;; The UUID is that returned by 'cryptsetup luksUUID'.
|
|
(mapped-devices
|
|
(list (mapped-device
|
|
(source (uuid "c811a95f-7de8-4c25-8b96-f4d223e5a06e"))
|
|
(target "crypt")
|
|
(type luks-device-mapping))
|
|
(mapped-device
|
|
(source "vg0")
|
|
(targets (list "vg0-root" "vg0-swap"))
|
|
(type lvm-device-mapping))))
|
|
|
|
(file-systems (append
|
|
(list (file-system
|
|
(device (file-system-label "root"))
|
|
(mount-point "/")
|
|
(type "btrfs")
|
|
(options "subvol=@,compress=zstd")
|
|
(dependencies mapped-devices))
|
|
(file-system
|
|
(device (uuid "8767-90D2" 'fat))
|
|
(mount-point "/boot/efi")
|
|
(type "vfat")))
|
|
%base-file-systems))
|
|
|
|
(swap-devices
|
|
(list (swap-space
|
|
(target (file-system-label "swap"))
|
|
(dependencies mapped-devices))))
|
|
|
|
(users (cons* (user-account
|
|
(name "collin")
|
|
(comment "Collin J Doering")
|
|
(shell (file-append zsh "/bin/zsh"))
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker"
|
|
"audio" "video")))
|
|
(user-account
|
|
(name "test")
|
|
(comment "Test user")
|
|
(shell (file-append zsh "/bin/zsh"))
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker"
|
|
"audio" "video")))
|
|
%base-user-accounts))
|
|
|
|
(packages
|
|
(append
|
|
(map specification->package
|
|
'("nss-certs" ;; for HTTPS access
|
|
"gvfs" ;; for user mounts
|
|
"btrfs-progs" ;; for btrfs root filesystem
|
|
"xinitrc-xsession" ;; for starting users .xinitrc from display manager
|
|
"tmux"
|
|
"recutils"
|
|
"emacs"
|
|
"emacs-guix"))
|
|
%base-packages))
|
|
|
|
(services
|
|
(append
|
|
(list (bluetooth-service)
|
|
(service pcscd-service-type)
|
|
(service libvirt-service-type
|
|
(libvirt-configuration
|
|
(unix-sock-group "libvirt")
|
|
(listen-tls? #f)
|
|
(listen-tcp? #f)))
|
|
(service docker-service-type)
|
|
(service qemu-binfmt-service-type
|
|
(qemu-binfmt-configuration
|
|
(platforms (lookup-qemu-platforms "arm" "aarch64"))))
|
|
(set-xorg-configuration
|
|
(xorg-configuration
|
|
(keyboard-layout keyboard-layout))))
|
|
(modify-services %desktop-services
|
|
;; Add and authorize non-guix substitute server
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append (list "https://substitutes.nonguix.org"
|
|
"https://guix-ci.home.rekahsoft.ca")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(append (list (plain-file "non-guix.pub"
|
|
"(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
|
|
)
|
|
)")
|
|
(plain-file "rekahsoft-guix.pub"
|
|
"(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
|
|
)
|
|
)"))
|
|
%default-authorized-guix-keys))))
|
|
|
|
;; Add udev rule for yubikeys
|
|
;; See: https://lists.gnu.org/archive/html/guix-devel/2020-01/msg00418.html
|
|
(udev-service-type
|
|
config =>
|
|
(udev-configuration (inherit config)
|
|
(rules (cons (specification->package "libu2f-host")
|
|
(udev-configuration-rules
|
|
config))))))))
|
|
|
|
;; Allow resolution of '.local' host names with mDNS.
|
|
(name-service-switch %mdns-host-lookup-nss)))
|