source: dotfiles/guix/config-desktop.scm@ eb58262

Last change on this file since eb58262 was eb58262, checked in by Mikhail Kirillov <w96k@…>, on Dec 16, 2024 at 6:04:55 AM

Update guix config
  • Property mode set to 100644
File size: 7.6 KB
Line 
1;; This is an operating system configuration template
2;; for a "desktop" setup with GNOME and Xfce where the
3;; root partition is encrypted with LUKS, and a swap file.
4
5(use-modules (gnu)
6 (guix transformations)
7 (gnu home)
8 (gnu system privilege)
9 (guix gexp)
10 (gnu home services shells))
11
12(use-service-modules guix cups desktop networking ssh xorg docker nix admin vnc lightdm syncthing virtualization databases linux web backup telephony file-sharing spice security-token)
13(use-package-modules gnome xdisorg vnc databases virtualization firmware security-token)
14
15(load "/home/w96k/projects/dotfiles/guix/.dotfiles/home-configuration.scm")
16
17(operating-system
18 (host-name "wkz")
19 (timezone "Asia/Tbilisi")
20 (locale "en_US.utf8")
21 (kernel-arguments '("quiet" "intel_iommu=on" "amd_iommu=on" "iommu=on" "video=HDMI-1:1920x1080@240"))
22 (initrd-modules (append '("raid1" "br_netfilter" "vfio_iommu_type1" "vfio_pci" "vfio") %base-initrd-modules))
23
24 ;; Choose US English keyboard layout. The "altgr-intl"
25 ;; variant provides dead keys for accented characters.
26 (keyboard-layout (keyboard-layout "us,ru"
27 #:options '("grp:shifts_toggle" "ctrl:nocaps" "ctrl:escape")))
28
29 ;; Use the UEFI variant of GRUB with the EFI System
30 ;; Partition mounted on /boot/efi.
31 (bootloader (bootloader-configuration
32 (bootloader grub-efi-bootloader)
33 (targets '("/boot/efi"))
34 (keyboard-layout keyboard-layout)))
35
36 ;; Specify a mapped device for the encrypted root partition.
37 ;; The UUID is that returned by 'cryptsetup luksUUID'.
38
39 (mapped-devices
40 (list
41 (mapped-device
42 (source (list "/dev/sda1" "/dev/sdc1"))
43 ;; (source (list (uuid "ed5b96c3-fa7f-6de7-259d-6eb8e73a631e") (uuid "daeb6a6e-290d-7792-e7b6-edf45cef2076")))
44 (target "/dev/md0")
45 (type raid-device-mapping))
46
47 (mapped-device
48 ;; (source "/dev/md0")
49 (source (uuid "4e2ee2d8-735d-49bd-8b3d-cd9102170a1f"))
50 (target "home")
51 (type luks-device-mapping))
52
53 (mapped-device
54 (source (uuid "03db8d78-051b-4a11-a7e5-b62ae0f530d4"))
55 (target "guix_old")
56 (type luks-device-mapping))
57 )
58 )
59
60 (file-systems (append
61 (list
62 (file-system
63 (device "/dev/mapper/home")
64 (mount-point "/home")
65 (type "ext4")
66 (dependencies mapped-devices))
67
68 (file-system
69 (device "/dev/mapper/guix_old")
70 (mount-point "/home/storage")
71 (type "btrfs")
72 (dependencies mapped-devices))
73
74 (file-system
75 (device (file-system-label "root"))
76 (mount-point "/")
77 (type "ext4"))
78
79 (file-system
80 (device (uuid "17C5-3E35" 'fat))
81 (mount-point "/boot/efi")
82 (type "vfat")))
83 %base-file-systems))
84
85 ;; Specify a swap file for the system, which resides on the
86 ;; root file system.
87 (swap-devices (list (swap-space
88 (target "/swapfile"))))
89
90 (groups
91 (append
92 (list
93 (user-group (name "storage"))) %base-groups))
94
95 (users (append (list
96 (user-account
97 (name "w96k")
98 (group "users")
99 (home-directory "/home/w96k")
100 (supplementary-groups '("wheel" "netdev" "audio" "video" "kvm" "httpd" "libvirt" "postgres" "transmission" "nitrokey")))
101
102 (user-account
103 (name "torrent")
104 (group "users")
105 (supplementary-groups '("wheel" "transmission"))
106 (home-directory "/home/torrent"))
107
108 (user-account
109 (name "storage")
110 (group "users")
111 (supplementary-groups '("wheel" "transmission"))
112 (home-directory "/home/storage"))
113 )
114 %base-user-accounts))
115
116 (packages
117 (append
118 (map
119 specification->package
120 '("font-gnu-freefont" "font-gnu-unifont" "nix" "virt-manager" "bridge-utils" "xmodmap" "gvfs" "ovmf-x86-64" "efibootmgr"
121 "cryptsetup" "mdadm"))
122 %base-packages))
123
124 (services
125 (append (list
126 (service guix-home-service-type `(("w96k" ,wkz-home)))
127 (service gpm-service-type)
128
129 (service tor-service-type)
130 (service openssh-service-type)
131
132 (service transmission-daemon-service-type)
133
134 (service libvirt-service-type
135 (libvirt-configuration
136 (unix-sock-group "libvirt")
137 (tls-port "16555")))
138
139 (service virtlog-service-type)
140
141 (service postgresql-service-type
142 (postgresql-configuration
143 (postgresql postgresql-15)))
144
145 (service dhcp-client-service-type)
146
147 (extra-special-file "/usr/share/OVMF/OVMF_VARS.fd"
148 (file-append ovmf "/share/firmware/ovmf_x64.bin"))
149
150 (service httpd-service-type
151 (httpd-configuration
152 (config
153 (httpd-config-file
154 (modules (cons*
155 (httpd-module
156 (name "proxy_module")
157 (file "modules/mod_proxy.so"))
158 (httpd-module
159 (name "proxy_fcgi_module")
160 (file "modules/mod_proxy_fcgi.so"))
161 %default-httpd-modules))
162 (extra-config (list "\
163<FilesMatch \\.php$>
164 SetHandler \"proxy:unix:/var/run/php-fpm.sock|fcgi://localhost/\"
165</FilesMatch>"))))))
166 (service php-fpm-service-type
167 (php-fpm-configuration
168 (display-errors #t)
169 (socket "/var/run/php-fpm.sock")
170 (socket-group "httpd")))
171
172 (service pcscd-service-type)
173 (udev-rules-service 'nitrokey libnitrokey #:groups '("nitrokey"))
174
175 (service screen-locker-service-type
176 (screen-locker-configuration
177 (name "xlock")
178 (program (file-append xlockmore "/bin/xlock"))))
179
180 (service qemu-binfmt-service-type
181 (qemu-binfmt-configuration
182 (platforms (lookup-qemu-platforms "aarch64"))))
183
184 ;; (service virtual-build-machine-service-type
185 ;; (virtual-build-machine
186 ;; (qemu "qemu")
187 ;; (cpu-count 8)
188 ;; (memory-size (* 1 8096))
189 ;; (systems (list ("aarch64-linux")))
190 ;; (auto-start? #t)))
191
192 (extra-special-file "/etc/qemu/host.conf" "allow br0\n")
193 (service spice-vdagent-service-type))
194
195 (modify-services %desktop-services
196 (delete screen-locker-service-type)
197 (delete modem-manager-service-type)
198 (delete upower-service-type)
199 (delete network-manager-service-type)
200 (delete wpa-supplicant-service-type)
201 ;; (delete usb-modeswitch-service-type)
202 (delete geoclue-service-type)
203 ;;(delete elogind-service-type)
204 (delete colord-service-type)
205 (delete ntp-service-type)
206
207
208 (guix-service-type config => (guix-configuration
209 (inherit config)
210 (authorized-keys (append (list
211"(public-key
212 (ecc
213 (curve Ed25519)
214 (q #784779217C0B279976C1F69C514797B26EB927EA9D0E9DE95B92983D37DF13B8#)
215 )
216 )
217"
218
219;; nonguix
220;; "(public-key
221;; (ecc
222;; (curve Ed25519)
223;; (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
224;; )
225;; )"
226 ) %default-authorized-guix-keys))
227 ;; (substitute-urls
228 ;; (append (list "https://substitutes.nonguix.org")
229 ;; %default-substitute-urls))
230 ;; (extra-options '("--max-jobs=10"))
231 ;; (http-proxy "http://localhost:9250")
232 ))
233
234 (delete gdm-service-type))
235
236 ))
237
238 ;; Allow resolution of '.local' host names with mDNS.
239 (name-service-switch %mdns-host-lookup-nss))
Note: See TracBrowser for help on using the repository browser.