guix-machines/.guix/rekahsoft/guix-config/manual/laptop-lenovo-t480s.scm

(define-module (rekahsoft guix-config manual laptop-lenovo-t480s)
  #:use-module (gnu)
  #:use-module (gnu system nss)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages shells)
  #:use-module (gnu services virtualization)
  #:use-module (gnu services docker)
  #:use-module (gnu services desktop)
  #:use-module (gnu services xorg)
  #:use-module (gnu services security-token)
  #:use-module (nongnu packages linux)
  #:use-module (nongnu system linux-initrd)
  #:export (system))

(define system
  (operating-system
    (host-name "rekahsoft-mini")
    (timezone "America/Toronto")
    (locale "en_US.utf8")

    ;; Choose US English keyboard layout. 
    (keyboard-layout (keyboard-layout "us"))

    ;; Use the UEFI variant of GRUB with the EFI System
    ;; Partition mounted on /boot/efi.
    (bootloader (bootloader-configuration
                 (bootloader grub-efi-bootloader)
                 (targets '("/boot/efi"))
                 (keyboard-layout keyboard-layout)))

    ;; Use non-free kernel, intel microcode and proprietary firmware
    (kernel linux)
    (initrd microcode-initrd)
    (firmware (list linux-firmware))

    ;; Specify a mapped device for the encrypted root partition.
    ;; The UUID is that returned by 'cryptsetup luksUUID'.
    (mapped-devices
     (list (mapped-device
            (source (uuid "c811a95f-7de8-4c25-8b96-f4d223e5a06e"))
            (target "crypt")
            (type luks-device-mapping))
           (mapped-device
            (source "vg0")
            (targets (list "vg0-root" "vg0-swap"))
            (type lvm-device-mapping))))

    (file-systems (append
                   (list (file-system
                           (device (file-system-label "root"))
                           (mount-point "/")
                           (type "btrfs")
                           (options "subvol=@,compress=zstd")
                           (dependencies mapped-devices))
                         (file-system
                           (device (uuid "8767-90D2" 'fat))
                           (mount-point "/boot/efi")
                           (type "vfat")))
                   %base-file-systems))

    (swap-devices
     (list (swap-space
            (target (file-system-label "swap"))
            (dependencies mapped-devices))))

    (users (cons* (user-account
                   (name "collin")
                   (comment "Collin J Doering")
		   (shell (file-append zsh "/bin/zsh"))
                   (group "users")
                   (supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker"
                                           "audio" "video")))
                  (user-account
                   (name "test")
                   (comment "Test user")
		   (shell (file-append zsh "/bin/zsh"))
                   (group "users")
                   (supplementary-groups '("wheel" "netdev" "lp" "libvirt" "docker"
                                           "audio" "video")))
                  %base-user-accounts))

    (packages
     (append 
      (map specification->package
           '("nss-certs"      ;; for HTTPS access
             "gvfs"           ;; for user mounts
             "btrfs-progs"    ;; for btrfs root filesystem
	     "xinitrc-xsession" ;; for starting users .xinitrc from display manager
             "tmux"
             "recutils"
             "emacs"
             "emacs-guix"))
      %base-packages))

    (services
     (append
      (list (bluetooth-service)
            (service pcscd-service-type)
            (service libvirt-service-type
                     (libvirt-configuration
                      (unix-sock-group "libvirt")
                      (listen-tls? #f)
                      (listen-tcp? #f)))
	    (service docker-service-type)
            (service qemu-binfmt-service-type
                     (qemu-binfmt-configuration
                      (platforms (lookup-qemu-platforms "arm" "aarch64"))))
            (set-xorg-configuration
             (xorg-configuration
              (keyboard-layout keyboard-layout))))
      (modify-services %desktop-services
        ;; Add and authorize non-guix substitute server
        (guix-service-type config =>
                           (guix-configuration
	                    (inherit config)
	                    (substitute-urls
	                     (append (list "https://substitutes.nonguix.org"
                                           "https://guix-ci.home.rekahsoft.ca")
		                     %default-substitute-urls))
	                    (authorized-keys
	                     (append (list (plain-file "non-guix.pub"
				                       "(public-key
                                       (ecc
                                        (curve Ed25519)
                                        (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
                                        )
                                       )")
                                           (plain-file "rekahsoft-guix.pub"
                                                       "(public-key 
                                       (ecc 
                                        (curve Ed25519)
                                        (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
                                        )
                                       )"))
                                     %default-authorized-guix-keys))))

        ;; Add udev rule for yubikeys
        ;; See: https://lists.gnu.org/archive/html/guix-devel/2020-01/msg00418.html
        (udev-service-type
         config =>
         (udev-configuration (inherit config)
                             (rules (cons (specification->package "libu2f-host")
                                          (udev-configuration-rules
                                           config))))))))

    ;; Allow resolution of '.local' host names with mDNS.
    (name-service-switch %mdns-host-lookup-nss)))