Changeset 9bc0481 in dotfiles for guix/config-desktop.scm
- Timestamp:
- Dec 12, 2024, 4:57:35 PM (5 weeks ago)
- Branches:
- master
- Children:
- eb58262
- Parents:
- f30e1cd
- File:
-
- 1 edited
-
guix/config-desktop.scm (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
guix/config-desktop.scm
rf30e1cd r9bc0481 1 ;; This is an operating system configuration template 2 ;; for a "desktop" setup with GNOME and Xfce where the 3 ;; root partition is encrypted with LUKS, and a swap file. 4 1 5 (use-modules (gnu) 2 6 (guix transformations) 3 7 (gnu home) 8 (gnu system privilege) 4 9 (guix gexp) 5 (nongnu packages linux)6 (nongnu system linux-initrd)7 10 (gnu home services shells)) 8 11 9 (use-service-modules guix cups desktop networking ssh xorg docker nix admin vnc lightdm syncthing virtualization databases linux web backup telephony file-sharing )10 (use-package-modules gnome xdisorg vnc databases )12 (use-service-modules guix cups desktop networking ssh xorg docker nix admin vnc lightdm syncthing virtualization databases linux web backup telephony file-sharing spice security-token) 13 (use-package-modules gnome xdisorg vnc databases virtualization firmware security-token) 11 14 12 15 (load "/home/w96k/projects/dotfiles/guix/.dotfiles/home-configuration.scm") 13 16 14 (define wkz-transform15 ;; The package transformation procedure.16 (options->transformation17 '((tune . "skylake"))))18 19 17 (operating-system 20 (locale "en_US.utf8") 21 (timezone "Asia/Tbilisi") 22 (kernel linux) 23 (kernel-arguments '("video=HDMI-A-1:1920x1080@240")) 24 (initrd microcode-initrd) 25 (firmware (list linux-firmware)) 26 (keyboard-layout (keyboard-layout "us,ru" 27 #:options '("grp:shifts_toggle" "ctrl:nocaps"))) 28 (host-name "wkz-guix") 29 30 ;; The list of user accounts ('root' is implicit). 31 (users (cons* (user-account 32 (name "w96k") 33 (comment "W96K") 34 (group "users") 35 (home-directory "/home/w96k") 36 (supplementary-groups '("wheel" "netdev" "audio" "video" "kvm" "httpd"))) 18 (host-name "wkz") 19 (timezone "Asia/Tbilisi") 20 (locale "en_US.utf8") 21 (kernel-arguments '("quiet" "intel_iommu=on" "amd_iommu=on" "iommu=on" "video=HDMI-1:1920x1080@240")) 22 (initrd-modules (append '("raid1" "br_netfilter" "vfio_iommu_type1" "vfio_pci" "vfio") %base-initrd-modules)) 23 24 ;; Choose US English keyboard layout. The "altgr-intl" 25 ;; variant provides dead keys for accented characters. 26 (keyboard-layout (keyboard-layout "us,ru" 27 #:options '("grp:shifts_toggle" "ctrl:nocaps" "ctrl:escape"))) 28 29 ;; Use the UEFI variant of GRUB with the EFI System 30 ;; Partition mounted on /boot/efi. 31 (bootloader (bootloader-configuration 32 (bootloader grub-efi-bootloader) 33 (targets '("/boot/efi")) 34 (keyboard-layout keyboard-layout))) 35 36 ;; Specify a mapped device for the encrypted root partition. 37 ;; The UUID is that returned by 'cryptsetup luksUUID'. 38 39 (mapped-devices 40 (list 41 (mapped-device 42 (source (list "/dev/sda1" "/dev/sdc1")) 43 ;; (source (list (uuid "ed5b96c3-fa7f-6de7-259d-6eb8e73a631e") (uuid "daeb6a6e-290d-7792-e7b6-edf45cef2076"))) 44 (target "/dev/md0") 45 (type raid-device-mapping)) 46 47 (mapped-device 48 ;; (source "/dev/md0") 49 (source (uuid "4e2ee2d8-735d-49bd-8b3d-cd9102170a1f")) 50 (target "home") 51 (type luks-device-mapping)) 52 53 (mapped-device 54 (source (uuid "03db8d78-051b-4a11-a7e5-b62ae0f530d4")) 55 (target "guix_old") 56 (type luks-device-mapping)) 57 ) 58 ) 59 60 (file-systems (append 61 (list 62 (file-system 63 (device "/dev/mapper/home") 64 (mount-point "/home") 65 (type "ext4") 66 (dependencies mapped-devices)) 67 68 (file-system 69 (device "/dev/mapper/guix_old") 70 (mount-point "/home/storage") 71 (type "btrfs") 72 (dependencies mapped-devices)) 73 74 (file-system 75 (device (file-system-label "root")) 76 (mount-point "/") 77 (type "ext4")) 78 79 (file-system 80 (device (uuid "17C5-3E35" 'fat)) 81 (mount-point "/boot/efi") 82 (type "vfat"))) 83 %base-file-systems)) 84 85 ;; Specify a swap file for the system, which resides on the 86 ;; root file system. 87 (swap-devices (list (swap-space 88 (target "/swapfile")))) 89 90 (groups 91 (append 92 (list 93 (user-group (name "storage"))) %base-groups)) 94 95 (users (append (list 96 (user-account 97 (name "w96k") 98 (group "users") 99 (home-directory "/home/w96k") 100 (supplementary-groups '("wheel" "netdev" "audio" "video" "kvm" "httpd" "libvirt" "postgres" "transmission" "nitrokey"))) 101 102 (user-account 103 (name "torrent") 104 (group "users") 105 (supplementary-groups '("wheel" "transmission")) 106 (home-directory "/home/torrent")) 107 108 (user-account 109 (name "storage") 110 (group "users") 111 (supplementary-groups '("wheel" "transmission")) 112 (home-directory "/home/storage")) 113 ) 37 114 %base-user-accounts)) 38 115 39 ;; (packages %base-packages) 40 (packages 116 (packages 41 117 (append 42 118 (map 43 119 specification->package 44 '( 45 "font-gnu-freefont" "font-gnu-unifont" 46 )) 120 '("font-gnu-freefont" "font-gnu-unifont" "nix" "virt-manager" "bridge-utils" "xmodmap" "gvfs" "ovmf-x86-64" "efibootmgr" 121 "cryptsetup" "mdadm")) 47 122 %base-packages)) 48 123 49 ;; Below is the list of system services. To search for available 50 ;; services, run 'guix system search KEYWORD' in a terminal. 51 (services 52 (append (list 53 (service guix-home-service-type `(("w96k" ,wkz-home))) 54 (service block-facebook-hosts-service-type) 55 56 (service zram-device-service-type 57 (zram-device-configuration 58 (compression-algorithm 'zlib) 59 (priority 100))) 60 61 (service tor-service-type 62 (tor-configuration 63 (config-file (plain-file "tor-config" 64 "HTTPTunnelPort 127.0.0.1:9250")))) 65 (service openssh-service-type) 66 67 (service transmission-daemon-service-type) 68 69 ;; (service containerd-service-type) 70 ;; (service docker-service-type) 71 ;; (service restic-backup-service-type) 72 73 ;; (service hurd-vm-service-type 74 ;; (hurd-vm-configuration 75 ;; (disk-size (* 5000 (expt 2 20))) ;5G 76 ;; (memory-size 1024))) 77 78 ;; (service nix-service-type) 79 80 ;; (service xvnc-service-type (xvnc-configuration 81 ;; (display-number 10) 82 ;; (localhost? #f) 83 ;; (geometry "1280x800"))) 84 85 ;; (service syncthing-service-type 86 ;; (syncthing-configuration 87 ;; (user "w96k"))) 88 89 ;; (service postgresql-service-type 90 ;; (postgresql-configuration 91 ;; (postgresql postgresql-15))) 92 93 (service dhcp-client-service-type) 124 (services 125 (append (list 126 (service guix-home-service-type `(("w96k" ,wkz-home))) 127 (service gpm-service-type) 128 129 (service tor-service-type) 130 (service openssh-service-type) 131 132 (service transmission-daemon-service-type) 133 134 (service libvirt-service-type 135 (libvirt-configuration 136 (unix-sock-group "libvirt") 137 (tls-port "16555"))) 138 139 (service virtlog-service-type) 140 141 (service postgresql-service-type 142 (postgresql-configuration 143 (postgresql postgresql-15))) 144 145 (service dhcp-client-service-type) 146 147 (extra-special-file "/usr/share/OVMF/OVMF_VARS.fd" 148 (file-append ovmf "/share/firmware/ovmf_x64.bin")) 94 149 95 150 (service httpd-service-type … … 115 170 (socket-group "httpd"))) 116 171 117 ;; (service screen-locker-service-type 118 ;; (screen-locker-configuration 119 ;; (name "xlock") 120 ;; (program (file-append xlockmore "/bin/xlock")))) 121 ) 172 (service pcscd-service-type) 173 (udev-rules-service 'nitrokey libnitrokey #:groups '("nitrokey")) 174 175 (service screen-locker-service-type 176 (screen-locker-configuration 177 (name "xlock") 178 (program (file-append xlockmore "/bin/xlock")))) 179 180 (extra-special-file "/etc/qemu/host.conf" "allow br0\n") 181 (service spice-vdagent-service-type)) 122 182 123 183 (modify-services %desktop-services 124 184 (delete screen-locker-service-type) 125 185 (delete modem-manager-service-type) 126 ;; (delete udisks-service-type)127 186 (delete upower-service-type) 128 187 (delete network-manager-service-type) … … 135 194 136 195 137 (guix-service-type config => (guix-configuration 138 (inherit config) 139 ;; Rely on btrfs compression. 140 (log-compression 'none) 141 (extra-options '("--max-jobs=10")) 142 (substitute-urls 143 (list 144 "https://4zwzi66wwdaalbhgnix55ea3ab4pvvw66ll2ow53kjub6se4q2bclcyd.onion" 145 "https://substitutes.nonguix.org")) 146 (http-proxy "http://localhost:9250") 147 (authorized-keys 148 (append (list (plain-file "non-guix.pub" 149 " 150 (public-key 151 (ecc 152 (curve Ed25519) 153 (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) 154 ) 155 ) 156 ")) 157 %default-authorized-guix-keys)))) 196 ;; (guix-service-type config => (guix-configuration 197 ;; (inherit config) 198 ;; (extra-options '("--max-jobs=10")) 199 ;; ;; (http-proxy "http://localhost:9250") 200 ;; )) 158 201 159 (delete gdm-service-type)))) 160 161 (mapped-devices (list (mapped-device 162 (source (uuid 163 "03db8d78-051b-4a11-a7e5-b62ae0f530d4")) 164 (target "cryptroot") 165 (type luks-device-mapping)))) 166 167 ;; The list of file systems that get "mounted". The unique 168 ;; file system identifiers there ("UUIDs") can be obtained 169 ;; by running 'blkid' in a terminal. 170 (file-systems (cons* (file-system 171 (mount-point "/") 172 (device "/dev/mapper/cryptroot") 173 (type "btrfs") 174 (options "compress=zlib:9,autodefrag") 175 (dependencies mapped-devices)) 176 (file-system 177 (mount-point "/home/w96k/") 178 (device "/dev/mapper/cryptroot") 179 (type "btrfs") 180 (options "compress=zlib:7,autodefrag,subvol=/home/w96k/") 181 (dependencies mapped-devices)) 182 (file-system 183 (mount-point "/home/w96k/Snapshots/") 184 (device "/dev/mapper/cryptroot") 185 (type "btrfs") 186 (options "compress=zlib:9,autodefrag,subvol=/home/w96k/Snapshots") 187 (dependencies mapped-devices)) 188 (file-system 189 (mount-point "/boot/efi") 190 (device (uuid "6ECD-551F" 191 'fat32)) 192 (type "vfat")) %base-file-systems)) 193 194 (bootloader (bootloader-configuration 195 (bootloader grub-efi-bootloader) 196 (targets (list "/boot/efi")) 197 (keyboard-layout keyboard-layout)))) 202 (delete gdm-service-type)) 203 204 )) 205 206 ;; Allow resolution of '.local' host names with mDNS. 207 (name-service-switch %mdns-host-lookup-nss))
Note:
See TracChangeset
for help on using the changeset viewer.
