1 | ;; This is an operating system configuration template
|
---|
2 | ;; for a "desktop" setup with GNOME and Xfce where the
|
---|
3 | ;; root partition is encrypted with LUKS, and a swap file.
|
---|
4 |
|
---|
5 | (use-modules (gnu)
|
---|
6 | (guix transformations)
|
---|
7 | (gnu home)
|
---|
8 | (gnu system privilege)
|
---|
9 | (guix gexp)
|
---|
10 | (gnu home services shells))
|
---|
11 |
|
---|
12 | (use-service-modules guix cups desktop networking ssh xorg docker nix admin vnc lightdm syncthing virtualization databases linux web backup telephony file-sharing spice security-token)
|
---|
13 | (use-package-modules gnome xdisorg vnc databases virtualization firmware security-token)
|
---|
14 |
|
---|
15 | (load "/home/w96k/projects/dotfiles/guix/.dotfiles/home-configuration.scm")
|
---|
16 |
|
---|
17 | (operating-system
|
---|
18 | (host-name "wkz")
|
---|
19 | (timezone "Asia/Tbilisi")
|
---|
20 | (locale "en_US.utf8")
|
---|
21 | (kernel-arguments '("quiet" "intel_iommu=on" "amd_iommu=on" "iommu=on" "video=HDMI-1:1920x1080@240"))
|
---|
22 | (initrd-modules (append '("raid1" "br_netfilter" "vfio_iommu_type1" "vfio_pci" "vfio") %base-initrd-modules))
|
---|
23 |
|
---|
24 | ;; Choose US English keyboard layout. The "altgr-intl"
|
---|
25 | ;; variant provides dead keys for accented characters.
|
---|
26 | (keyboard-layout (keyboard-layout "us,ru"
|
---|
27 | #:options '("grp:shifts_toggle" "ctrl:nocaps" "ctrl:escape")))
|
---|
28 |
|
---|
29 | ;; Use the UEFI variant of GRUB with the EFI System
|
---|
30 | ;; Partition mounted on /boot/efi.
|
---|
31 | (bootloader (bootloader-configuration
|
---|
32 | (bootloader grub-efi-bootloader)
|
---|
33 | (targets '("/boot/efi"))
|
---|
34 | (keyboard-layout keyboard-layout)))
|
---|
35 |
|
---|
36 | ;; Specify a mapped device for the encrypted root partition.
|
---|
37 | ;; The UUID is that returned by 'cryptsetup luksUUID'.
|
---|
38 |
|
---|
39 | (mapped-devices
|
---|
40 | (list
|
---|
41 | (mapped-device
|
---|
42 | (source (list "/dev/sda1" "/dev/sdc1"))
|
---|
43 | ;; (source (list (uuid "ed5b96c3-fa7f-6de7-259d-6eb8e73a631e") (uuid "daeb6a6e-290d-7792-e7b6-edf45cef2076")))
|
---|
44 | (target "/dev/md0")
|
---|
45 | (type raid-device-mapping))
|
---|
46 |
|
---|
47 | (mapped-device
|
---|
48 | ;; (source "/dev/md0")
|
---|
49 | (source (uuid "4e2ee2d8-735d-49bd-8b3d-cd9102170a1f"))
|
---|
50 | (target "home")
|
---|
51 | (type luks-device-mapping))
|
---|
52 |
|
---|
53 | (mapped-device
|
---|
54 | (source (uuid "03db8d78-051b-4a11-a7e5-b62ae0f530d4"))
|
---|
55 | (target "guix_old")
|
---|
56 | (type luks-device-mapping))
|
---|
57 | )
|
---|
58 | )
|
---|
59 |
|
---|
60 | (file-systems (append
|
---|
61 | (list
|
---|
62 | (file-system
|
---|
63 | (device "/dev/mapper/home")
|
---|
64 | (mount-point "/home")
|
---|
65 | (type "ext4")
|
---|
66 | (dependencies mapped-devices))
|
---|
67 |
|
---|
68 | (file-system
|
---|
69 | (device "/dev/mapper/guix_old")
|
---|
70 | (mount-point "/home/storage")
|
---|
71 | (type "btrfs")
|
---|
72 | (dependencies mapped-devices))
|
---|
73 |
|
---|
74 | (file-system
|
---|
75 | (device (file-system-label "root"))
|
---|
76 | (mount-point "/")
|
---|
77 | (type "ext4"))
|
---|
78 |
|
---|
79 | (file-system
|
---|
80 | (device (uuid "17C5-3E35" 'fat))
|
---|
81 | (mount-point "/boot/efi")
|
---|
82 | (type "vfat")))
|
---|
83 | %base-file-systems))
|
---|
84 |
|
---|
85 | ;; Specify a swap file for the system, which resides on the
|
---|
86 | ;; root file system.
|
---|
87 | (swap-devices (list (swap-space
|
---|
88 | (target "/swapfile"))))
|
---|
89 |
|
---|
90 | (groups
|
---|
91 | (append
|
---|
92 | (list
|
---|
93 | (user-group (name "storage"))) %base-groups))
|
---|
94 |
|
---|
95 | (users (append (list
|
---|
96 | (user-account
|
---|
97 | (name "w96k")
|
---|
98 | (group "users")
|
---|
99 | (home-directory "/home/w96k")
|
---|
100 | (supplementary-groups '("wheel" "netdev" "audio" "video" "kvm" "httpd" "libvirt" "postgres" "transmission" "nitrokey")))
|
---|
101 |
|
---|
102 | (user-account
|
---|
103 | (name "torrent")
|
---|
104 | (group "users")
|
---|
105 | (supplementary-groups '("wheel" "transmission"))
|
---|
106 | (home-directory "/home/torrent"))
|
---|
107 |
|
---|
108 | (user-account
|
---|
109 | (name "storage")
|
---|
110 | (group "users")
|
---|
111 | (supplementary-groups '("wheel" "transmission"))
|
---|
112 | (home-directory "/home/storage"))
|
---|
113 | )
|
---|
114 | %base-user-accounts))
|
---|
115 |
|
---|
116 | (packages
|
---|
117 | (append
|
---|
118 | (map
|
---|
119 | specification->package
|
---|
120 | '("font-gnu-freefont" "font-gnu-unifont" "virt-manager" "bridge-utils" "xmodmap" "gvfs" "ovmf-x86-64" "efibootmgr"
|
---|
121 | "cryptsetup" "mdadm"))
|
---|
122 | %base-packages))
|
---|
123 |
|
---|
124 | (services
|
---|
125 | (append (list
|
---|
126 | (service guix-home-service-type `(("w96k" ,wkz-home)))
|
---|
127 | (service gpm-service-type)
|
---|
128 |
|
---|
129 | (service tor-service-type)
|
---|
130 | (service openssh-service-type)
|
---|
131 |
|
---|
132 | (service transmission-daemon-service-type)
|
---|
133 |
|
---|
134 | (service libvirt-service-type
|
---|
135 | (libvirt-configuration
|
---|
136 | (unix-sock-group "libvirt")
|
---|
137 | (tls-port "16555")))
|
---|
138 |
|
---|
139 | (service virtlog-service-type)
|
---|
140 |
|
---|
141 | (service postgresql-service-type
|
---|
142 | (postgresql-configuration
|
---|
143 | (postgresql postgresql-15)))
|
---|
144 |
|
---|
145 | (service dhcp-client-service-type)
|
---|
146 |
|
---|
147 | (extra-special-file "/usr/share/OVMF/OVMF_VARS.fd"
|
---|
148 | (file-append ovmf "/share/firmware/ovmf_x64.bin"))
|
---|
149 |
|
---|
150 | (service httpd-service-type
|
---|
151 | (httpd-configuration
|
---|
152 | (config
|
---|
153 | (httpd-config-file
|
---|
154 | (modules (cons*
|
---|
155 | (httpd-module
|
---|
156 | (name "proxy_module")
|
---|
157 | (file "modules/mod_proxy.so"))
|
---|
158 | (httpd-module
|
---|
159 | (name "proxy_fcgi_module")
|
---|
160 | (file "modules/mod_proxy_fcgi.so"))
|
---|
161 | %default-httpd-modules))
|
---|
162 | (extra-config (list "\
|
---|
163 | <FilesMatch \\.php$>
|
---|
164 | SetHandler \"proxy:unix:/var/run/php-fpm.sock|fcgi://localhost/\"
|
---|
165 | </FilesMatch>"))))))
|
---|
166 | (service php-fpm-service-type
|
---|
167 | (php-fpm-configuration
|
---|
168 | (display-errors #t)
|
---|
169 | (socket "/var/run/php-fpm.sock")
|
---|
170 | (socket-group "httpd")))
|
---|
171 |
|
---|
172 | (service pcscd-service-type)
|
---|
173 | (udev-rules-service 'nitrokey libnitrokey #:groups '("nitrokey"))
|
---|
174 |
|
---|
175 | (service screen-locker-service-type
|
---|
176 | (screen-locker-configuration
|
---|
177 | (name "xlock")
|
---|
178 | (program (file-append xlockmore "/bin/xlock"))))
|
---|
179 |
|
---|
180 | (service qemu-binfmt-service-type
|
---|
181 | (qemu-binfmt-configuration
|
---|
182 | (platforms (lookup-qemu-platforms "aarch64"))))
|
---|
183 |
|
---|
184 | ;; (service virtual-build-machine-service-type
|
---|
185 | ;; (virtual-build-machine
|
---|
186 | ;; (qemu "qemu")
|
---|
187 | ;; (cpu-count 8)
|
---|
188 | ;; (memory-size (* 1 8096))
|
---|
189 | ;; (systems (list ("aarch64-linux")))
|
---|
190 | ;; (auto-start? #t)))
|
---|
191 |
|
---|
192 | (extra-special-file "/etc/qemu/host.conf" "allow br0\n")
|
---|
193 | (service spice-vdagent-service-type))
|
---|
194 |
|
---|
195 | (modify-services %desktop-services
|
---|
196 | (delete screen-locker-service-type)
|
---|
197 | (delete modem-manager-service-type)
|
---|
198 | (delete upower-service-type)
|
---|
199 | (delete network-manager-service-type)
|
---|
200 | (delete wpa-supplicant-service-type)
|
---|
201 | ;; (delete usb-modeswitch-service-type)
|
---|
202 | (delete geoclue-service-type)
|
---|
203 | ;;(delete elogind-service-type)
|
---|
204 | (delete colord-service-type)
|
---|
205 | (delete ntp-service-type)
|
---|
206 |
|
---|
207 |
|
---|
208 | (guix-service-type config => (guix-configuration
|
---|
209 | (inherit config)
|
---|
210 | (authorized-keys (append (list
|
---|
211 | (plain-file "droidian"
|
---|
212 | "(public-key
|
---|
213 | (ecc
|
---|
214 | (curve Ed25519)
|
---|
215 | (q #C6BDBCB27C8A5F9312483D7C4F125AB946B6572393DF8058F7A9CE220178F10A#)
|
---|
216 | )
|
---|
217 | )"
|
---|
218 | )
|
---|
219 | ) %default-authorized-guix-keys))
|
---|
220 | ;; (substitute-urls
|
---|
221 | ;; (append (list "https://substitutes.nonguix.org")
|
---|
222 | ;; %default-substitute-urls))
|
---|
223 | ;; (extra-options '("--max-jobs=10"))
|
---|
224 | ;; (http-proxy "http://localhost:9250")
|
---|
225 | ))
|
---|
226 |
|
---|
227 | (delete gdm-service-type))
|
---|
228 |
|
---|
229 | ))
|
---|
230 |
|
---|
231 | ;; Allow resolution of '.local' host names with mDNS.
|
---|
232 | (name-service-switch %mdns-host-lookup-nss))
|
---|