half baked changes that need fixing

author: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-05 01:22:35 -0400
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-05 01:22:35 -0400
commit: b081473eaa08537dee157d6810de49ca71adf0e1 (patch)
tree: 3a6e0d0f4f4852e2d7183c0a478767f41e6db031 /sys
parent: e7779b9f07b77b113550b82070825fa7f08d8f72 (diff)
1 files changed, 212 insertions, 0 deletions
diff --git a/sys b/sys
new file mode 100644
index 0000000..c9747b0
--- /dev/null
+++ b/sys
@@ -0,0 +1,212 @@
+;; This is an operating system configuration generated
+;; by the graphical installer.
+;;
+;; Once installation is complete, you can learn and modify
+;; this file to tweak the system configuration, and pass it
+;; to the 'guix system reconfigure' command to effect your
+;; changes.
+;; Indicate which modules to import to access the variables
+;; used in this configuration.
+(use-modules (gnu) (nongnu packages linux))
+(use-modules (gnu system setuid))
+(use-modules (gnu packages admin))
+(use-modules (guix packages))
+(use-modules (gnu services authentication))
+(use-modules (gnu packages shells))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
+(use-modules (srfi srfi-1))
+(use-package-modules security-token)
+(use-service-modules cups desktop networking ssh xorg sound security-token docker)
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+    (name "my-ca-certs")
+    (version "1")
+    (source (local-file "./CACerts"
+                        #:recursive? #t))
+    (build-system trivial-build-system)
+    (license mpl2.0)
+    (home-page "https://rschanz.org")
+    (arguments
+      `(#:modules
+        ((guix build utils))
+        #:builder
+        (begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-26)
+                       (ice-9 ftw))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+                 (crt-suffix ".crt")
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (certificates (filter is-certificate?
+                                       (scandir ca-certificates)))
+                 (out (assoc-ref %outputs "out"
+                                 "/etc/ssl/certs"))
+                 (openssl (assoc-ref %build-inputs
+                                    "openssl")))
+            (mkdir-p certificate-directory)
+            (for-each
+              (lambda (certificate)
+                (invoke
+                  openssl "x509"
+                  "-in" (string-append ca-certificates "/" certificate)
+                  "-outform" "PEM"
+                  "-out" (string-append
+                           certificate-directory "/"
+                           (basename certificate crt-suffix) ".pem")))
+              certificates)
+            #t))))
+    (native-inputs
+      (list openssl))
+    (synopsis "My CA Certs")
+    (description synopsis)))
+; Re-define the base packages to remove sudo
+(define %my-base-packages
+  (remove (lambda (package)
+            (member (package-name package)
+                    (list "sudo" "nano")))
+          %base-packages ))
+(define %backlight-udev-rule
+  (udev-rule
+    "90-backlight.rules"
+    (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                   "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
+                   "\n"
+                   "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                    "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
+(operating-system
+  (kernel linux)
+  (firmware (list linux-firmware))
+  (locale "en_US.utf8")
+  (timezone "America/New_York")
+  (keyboard-layout (keyboard-layout "us"))
+  (host-name "RyanThinkpad")
+  ;; The list of user accounts ('root' is implicit).
+  (users (cons* (user-account
+                  (name "ryan")
+                  (comment "Ryan")
+                  (group "users")
+                  ;(shell (file-append zsh "/bin/zsh"))
+                  (home-directory "/home/ryan")
+                  (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
+                %base-user-accounts))
+  ;; Packages installed system-wide.  Users can also install packages
+  ;; under their own account: use 'guix search KEYWORD' to search
+  ;; for packages and 'guix install PACKAGE' to install a package.
+  (packages (append (map specification->package (list   "sway"
+                                                        "swaybg"
+                                                                    "swayidle"
+                                                                    "swaylock-effects"
+                                                                    "fuzzel"
+                                                                    "alacritty"
+                                                        "pinentry-qt"
+                                                        "adwaita-icon-theme"
+                                                        "hicolor-icon-theme"
+                                                                    "git"
+                                                                    "nss-certs"
+                                                                    "waybar"
+                                                                    "gnupg"
+                                                        "light"
+                                                        "mako"
+                                                        "grim"
+                                                        "slurp"
+                                                        "wl-clipboard"
+                                                        "bluez"
+                                                        "blueman"
+                                                        "opendoas"
+                                                        "xdg-desktop-portal-wlr"
+                                                        "xdg-desktop-portal"
+                                                        "pipewire"
+                                                        "fprintd"
+                                                        "docker"
+                                                        "wireplumber"
+                                                        "zsh"))
+                         (list my-ca-certs)
+                         %my-base-packages ))
+  ;; Below is the list of system services.  To search for available
+  ;; services, run 'guix system search KEYWORD' in a terminal.
+  (services
+   (append (list
+                 ;; To configure OpenSSH, pass an 'openssh-configuration'
+                 ;; record as a second argument to 'service' below.
+                 (service openssh-service-type)
+                 (service pcscd-service-type)
+                 (service fprintd-service-type)
+                 (service docker-service-type)
+                 (service bluetooth-service-type)
+                 (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
+                 (set-xorg-configuration
+                  (xorg-configuration (keyboard-layout keyboard-layout))))
+           ;; This is the default list of services we
+           ;; are appending to.
+        (modify-services %desktop-services
+        (guix-service-type config =>
+                       (guix-configuration
+                         (inherit config)
+                         (substitute-urls
+                           (append (list "https://substitutes.nonguix.org")
+                                   %default-substitute-urls))
+                         (authorized-keys
+                           (cons* (plain-file "non-guix.pub"
+                                                      "(public-key 
+                                                        (ecc 
+                                                         (curve Ed25519)
+                                                         (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
+                                                        )
+                                                       )" ) %default-authorized-guix-keys))))
+    (udev-service-type config =>
+                (udev-configuration
+                  (inherit config)
+                  (rules (cons %backlight-udev-rule
+                               (udev-configuration-rules config)))))
+    (delete pulseaudio-service-type)
+    (delete gdm-service-type) )))
+  (setuid-programs
+    (append (list (file-like->setuid-program
+                    (file-append
+                      (specification->package "swaylock-effects")
+                       "/bin/swaylock"))
+                  (file-like->setuid-program
+                    (file-append
+                      (specification->package "opendoas")
+                      "/bin/doas")))
+            (delete sudo %setuid-programs)))
+  (bootloader (bootloader-configuration
+                (bootloader grub-efi-bootloader)
+                (targets (list "/boot/efi"))
+                (keyboard-layout keyboard-layout)))
+  (mapped-devices (list (mapped-device
+                          (source (uuid
+                                   "adcaf322-7ee5-48ec-abf6-4a9b10643878"))
+                          (target "sysroot")
+                          (type luks-device-mapping))))
+  ;; The list of file systems that get "mounted".  The unique
+  ;; file system identifiers there ("UUIDs") can be obtained
+  ;; by running 'blkid' in a terminal.
+  (file-systems (cons* (file-system
+                         (mount-point "/")
+                         (device "/dev/mapper/sysroot")
+                         (type "ext4")
+                         (dependencies mapped-devices))
+                       (file-system
+                         (mount-point "/boot/efi")
+                         (device (uuid "DFE8-32EF"
+                                       'fat32))
+                         (type "vfat")) %base-file-systems))
+  (swap-devices
+    (list
+      (swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))
author	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-05 01:22:35 -0400
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-05 01:22:35 -0400
commit	b081473eaa08537dee157d6810de49ca71adf0e1 (patch)
tree	3a6e0d0f4f4852e2d7183c0a478767f41e6db031 /sys
parent	e7779b9f07b77b113550b82070825fa7f08d8f72 (diff)

diff --git a/sys b/sys new file mode 100644 index 0000000..c9747b0 --- /dev/null +++ b/sys
@@ -0,0 +1,212 @@
	1	;; This is an operating system configuration generated
	2	;; by the graphical installer.
	3	;;
	4	;; Once installation is complete, you can learn and modify
	5	;; this file to tweak the system configuration, and pass it
	6	;; to the 'guix system reconfigure' command to effect your
	7	;; changes.
	8
	9
	10	;; Indicate which modules to import to access the variables
	11	;; used in this configuration.
	12	(use-modules (gnu) (nongnu packages linux))
	13	(use-modules (gnu system setuid))
	14	(use-modules (gnu packages admin))
	15	(use-modules (guix packages))
	16	(use-modules (gnu services authentication))
	17	(use-modules (gnu packages shells))
	18	(use-modules (guix build-system trivial))
	19	(use-modules (guix licenses))
	20	(use-modules (srfi srfi-1))
	21	(use-package-modules security-token)
	22	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
	23
	24	; Define package that installs my root ca public keys
	25	(define my-ca-certs
	26	(package
	27	(name "my-ca-certs")
	28	(version "1")
	29	(source (local-file "./CACerts"
	30	#:recursive? #t))
	31	(build-system trivial-build-system)
	32	(license mpl2.0)
	33	(home-page "https://rschanz.org")
	34	(arguments
	35	`(#:modules
	36	((guix build utils))
	37	#:builder
	38	(begin
	39	(use-modules (guix build utils)
	40	(srfi srfi-1)
	41	(srfi srfi-26)
	42	(ice-9 ftw))
	43	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
	44	(crt-suffix ".crt")
	45	(is-certificate? (cut string-suffix? crt-suffix <>))
	46	(certificates (filter is-certificate?
	47	(scandir ca-certificates)))
	48	(out (assoc-ref %outputs "out"
	49	"/etc/ssl/certs"))
	50	(openssl (assoc-ref %build-inputs
	51	"openssl")))
	52	(mkdir-p certificate-directory)
	53	(for-each
	54	(lambda (certificate)
	55	(invoke
	56	openssl "x509"
	57	"-in" (string-append ca-certificates "/" certificate)
	58	"-outform" "PEM"
	59	"-out" (string-append
	60	certificate-directory "/"
	61	(basename certificate crt-suffix) ".pem")))
	62	certificates)
	63	#t))))
	64	(native-inputs
	65	(list openssl))
	66	(synopsis "My CA Certs")
	67	(description synopsis)))
	68
	69	; Re-define the base packages to remove sudo
	70	(define %my-base-packages
	71	(remove (lambda (package)
	72	(member (package-name package)
	73	(list "sudo" "nano")))
	74	%base-packages ))
	75
	76	(define %backlight-udev-rule
	77	(udev-rule
	78	"90-backlight.rules"
	79	(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
	80	"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
	81	"\n"
	82	"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
	83	"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
	84
	85	(operating-system
	86	(kernel linux)
	87	(firmware (list linux-firmware))
	88	(locale "en_US.utf8")
	89	(timezone "America/New_York")
	90	(keyboard-layout (keyboard-layout "us"))
	91	(host-name "RyanThinkpad")
	92
	93	;; The list of user accounts ('root' is implicit).
	94	(users (cons* (user-account
	95	(name "ryan")
	96	(comment "Ryan")
	97	(group "users")
	98	;(shell (file-append zsh "/bin/zsh"))
	99	(home-directory "/home/ryan")
	100	(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
	101	%base-user-accounts))
	102
	103	;; Packages installed system-wide. Users can also install packages
	104	;; under their own account: use 'guix search KEYWORD' to search
	105	;; for packages and 'guix install PACKAGE' to install a package.
	106	(packages (append (map specification->package (list "sway"
	107	"swaybg"
	108	"swayidle"
	109	"swaylock-effects"
	110	"fuzzel"
	111	"alacritty"
	112	"pinentry-qt"
	113	"adwaita-icon-theme"
	114	"hicolor-icon-theme"
	115	"git"
	116	"nss-certs"
	117	"waybar"
	118	"gnupg"
	119	"light"
	120	"mako"
	121	"grim"
	122	"slurp"
	123	"wl-clipboard"
	124	"bluez"
	125	"blueman"
	126	"opendoas"
	127	"xdg-desktop-portal-wlr"
	128	"xdg-desktop-portal"
	129	"pipewire"
	130	"fprintd"
	131	"docker"
	132	"wireplumber"
	133	"zsh"))
	134	(list my-ca-certs)
	135	%my-base-packages ))
	136
	137	;; Below is the list of system services. To search for available
	138	;; services, run 'guix system search KEYWORD' in a terminal.
	139	(services
	140	(append (list
	141
	142	;; To configure OpenSSH, pass an 'openssh-configuration'
	143	;; record as a second argument to 'service' below.
	144	(service openssh-service-type)
	145	(service pcscd-service-type)
	146	(service fprintd-service-type)
	147	(service docker-service-type)
	148	(service bluetooth-service-type)
	149	(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
	150	(set-xorg-configuration
	151	(xorg-configuration (keyboard-layout keyboard-layout))))
	152
	153	;; This is the default list of services we
	154	;; are appending to.
	155	(modify-services %desktop-services
	156	(guix-service-type config =>
	157	(guix-configuration
	158	(inherit config)
	159	(substitute-urls
	160	(append (list "https://substitutes.nonguix.org")
	161	%default-substitute-urls))
	162	(authorized-keys
	163	(cons* (plain-file "non-guix.pub"
	164	"(public-key
	165	(ecc
	166	(curve Ed25519)
	167	(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
	168	)
	169	)" ) %default-authorized-guix-keys))))
	170	(udev-service-type config =>
	171	(udev-configuration
	172	(inherit config)
	173	(rules (cons %backlight-udev-rule
	174	(udev-configuration-rules config)))))
	175	(delete pulseaudio-service-type)
	176	(delete gdm-service-type) )))
	177	(setuid-programs
	178	(append (list (file-like->setuid-program
	179	(file-append
	180	(specification->package "swaylock-effects")
	181	"/bin/swaylock"))
	182	(file-like->setuid-program
	183	(file-append
	184	(specification->package "opendoas")
	185	"/bin/doas")))
	186	(delete sudo %setuid-programs)))
	187	(bootloader (bootloader-configuration
	188	(bootloader grub-efi-bootloader)
	189	(targets (list "/boot/efi"))
	190	(keyboard-layout keyboard-layout)))
	191	(mapped-devices (list (mapped-device
	192	(source (uuid
	193	"adcaf322-7ee5-48ec-abf6-4a9b10643878"))
	194	(target "sysroot")
	195	(type luks-device-mapping))))
	196
	197	;; The list of file systems that get "mounted". The unique
	198	;; file system identifiers there ("UUIDs") can be obtained
	199	;; by running 'blkid' in a terminal.
	200	(file-systems (cons* (file-system
	201	(mount-point "/")
	202	(device "/dev/mapper/sysroot")
	203	(type "ext4")
	204	(dependencies mapped-devices))
	205	(file-system
	206	(mount-point "/boot/efi")
	207	(device (uuid "DFE8-32EF"
	208	'fat32))
	209	(type "vfat")) %base-file-systems))
	210	(swap-devices
	211	(list
	212	(swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))