7 files changed, 280 insertions, 4 deletions
diff --git a/CACerts/ryanca_intermediate.crt b/CACerts/ryancaintermediate.crt
index 48d70f4..48d70f4 100644
--- a/CACerts/ryanca_intermediate.crt
+++ b/CACerts/ryancaintermediate.crt
diff --git a/channels.scm b/channels.scm
index 5c5027b..4321cc3 100644
--- a/channels.scm
+++ b/channels.scm
@@ -19,4 +19,9 @@
          (make-channel-introduction
            "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
            (openpgp-fingerprint
-              "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5")))))
+              "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
+      ;(channel
+      ;  (name 'ryan-home-services)
+      ;  (url "https://git.ryanserver.home.arpa")
+      ;  (branch "main"))
+      )
diff --git a/home-config/bashrc b/home-config/bashrc
index c8e6503..6d22d87 100644
--- a/home-config/bashrc
+++ b/home-config/bashrc
@@ -38,6 +38,7 @@ alias grep='grep --color=auto'
 alias quit='exit'
 export EDITOR=nvim
 alias cat='bat --paging=never'
+export XDG_DATA_DIRS=$XDG_DATA_DIRS:/var/lib/flatpak/exports/share:/home/ryan/.local/share/flatpak/exports/share
 # GPG SETUP FOR SSH
 export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
diff --git a/home-config/home-configuration.scm b/home-config/home-configuration.scm
index 746b043..9a5953d 100644
--- a/home-config/home-configuration.scm
+++ b/home-config/home-configuration.scm
@@ -68,8 +68,7 @@
                                                    "gimp"
                                                    "python"
                                                    "python:tk"
-                                                    ;"tk"
+                                                    "file"
-                                                    ;"tcl"
                                                    "python-lsp-server"
                                                    "sqlite"
                                                    "git"))
diff --git a/home-config/nvim/config/init.vim b/home-config/nvim/config/init.vim
index 0934e02..447da4a 100644
--- a/home-config/nvim/config/init.vim
+++ b/home-config/nvim/config/init.vim
@@ -53,7 +53,7 @@ require('orgmode').setup({
 vim.opt.conceallevel = 2
 vim.opt.concealcursor = nc
-local lspconfig = require('lspconfig')
+--local lspconfig = require('lspconfig')
 END
 "asynccomplete Auto Complete Config
diff --git a/sys b/sys
new file mode 100644
index 0000000..c9747b0
--- /dev/null
+++ b/sys
@@ -0,0 +1,212 @@
+;; This is an operating system configuration generated
+;; by the graphical installer.
+;;
+;; Once installation is complete, you can learn and modify
+;; this file to tweak the system configuration, and pass it
+;; to the 'guix system reconfigure' command to effect your
+;; changes.
+;; Indicate which modules to import to access the variables
+;; used in this configuration.
+(use-modules (gnu) (nongnu packages linux))
+(use-modules (gnu system setuid))
+(use-modules (gnu packages admin))
+(use-modules (guix packages))
+(use-modules (gnu services authentication))
+(use-modules (gnu packages shells))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
+(use-modules (srfi srfi-1))
+(use-package-modules security-token)
+(use-service-modules cups desktop networking ssh xorg sound security-token docker)
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+    (name "my-ca-certs")
+    (version "1")
+    (source (local-file "./CACerts"
+                        #:recursive? #t))
+    (build-system trivial-build-system)
+    (license mpl2.0)
+    (home-page "https://rschanz.org")
+    (arguments
+      `(#:modules
+        ((guix build utils))
+        #:builder
+        (begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-26)
+                       (ice-9 ftw))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+                 (crt-suffix ".crt")
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (certificates (filter is-certificate?
+                                       (scandir ca-certificates)))
+                 (out (assoc-ref %outputs "out"
+                                 "/etc/ssl/certs"))
+                 (openssl (assoc-ref %build-inputs
+                                    "openssl")))
+            (mkdir-p certificate-directory)
+            (for-each
+              (lambda (certificate)
+                (invoke
+                  openssl "x509"
+                  "-in" (string-append ca-certificates "/" certificate)
+                  "-outform" "PEM"
+                  "-out" (string-append
+                           certificate-directory "/"
+                           (basename certificate crt-suffix) ".pem")))
+              certificates)
+            #t))))
+    (native-inputs
+      (list openssl))
+    (synopsis "My CA Certs")
+    (description synopsis)))
+; Re-define the base packages to remove sudo
+(define %my-base-packages
+  (remove (lambda (package)
+            (member (package-name package)
+                    (list "sudo" "nano")))
+          %base-packages ))
+(define %backlight-udev-rule
+  (udev-rule
+    "90-backlight.rules"
+    (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                   "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
+                   "\n"
+                   "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                    "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
+(operating-system
+  (kernel linux)
+  (firmware (list linux-firmware))
+  (locale "en_US.utf8")
+  (timezone "America/New_York")
+  (keyboard-layout (keyboard-layout "us"))
+  (host-name "RyanThinkpad")
+  ;; The list of user accounts ('root' is implicit).
+  (users (cons* (user-account
+                  (name "ryan")
+                  (comment "Ryan")
+                  (group "users")
+                  ;(shell (file-append zsh "/bin/zsh"))
+                  (home-directory "/home/ryan")
+                  (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
+                %base-user-accounts))
+  ;; Packages installed system-wide.  Users can also install packages
+  ;; under their own account: use 'guix search KEYWORD' to search
+  ;; for packages and 'guix install PACKAGE' to install a package.
+  (packages (append (map specification->package (list   "sway"
+                                                        "swaybg"
+                                                                    "swayidle"
+                                                                    "swaylock-effects"
+                                                                    "fuzzel"
+                                                                    "alacritty"
+                                                        "pinentry-qt"
+                                                        "adwaita-icon-theme"
+                                                        "hicolor-icon-theme"
+                                                                    "git"
+                                                                    "nss-certs"
+                                                                    "waybar"
+                                                                    "gnupg"
+                                                        "light"
+                                                        "mako"
+                                                        "grim"
+                                                        "slurp"
+                                                        "wl-clipboard"
+                                                        "bluez"
+                                                        "blueman"
+                                                        "opendoas"
+                                                        "xdg-desktop-portal-wlr"
+                                                        "xdg-desktop-portal"
+                                                        "pipewire"
+                                                        "fprintd"
+                                                        "docker"
+                                                        "wireplumber"
+                                                        "zsh"))
+                         (list my-ca-certs)
+                         %my-base-packages ))
+  ;; Below is the list of system services.  To search for available
+  ;; services, run 'guix system search KEYWORD' in a terminal.
+  (services
+   (append (list
+                 ;; To configure OpenSSH, pass an 'openssh-configuration'
+                 ;; record as a second argument to 'service' below.
+                 (service openssh-service-type)
+                 (service pcscd-service-type)
+                 (service fprintd-service-type)
+                 (service docker-service-type)
+                 (service bluetooth-service-type)
+                 (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
+                 (set-xorg-configuration
+                  (xorg-configuration (keyboard-layout keyboard-layout))))
+           ;; This is the default list of services we
+           ;; are appending to.
+        (modify-services %desktop-services
+        (guix-service-type config =>
+                       (guix-configuration
+                         (inherit config)
+                         (substitute-urls
+                           (append (list "https://substitutes.nonguix.org")
+                                   %default-substitute-urls))
+                         (authorized-keys
+                           (cons* (plain-file "non-guix.pub"
+                                                      "(public-key 
+                                                        (ecc 
+                                                         (curve Ed25519)
+                                                         (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
+                                                        )
+                                                       )" ) %default-authorized-guix-keys))))
+    (udev-service-type config =>
+                (udev-configuration
+                  (inherit config)
+                  (rules (cons %backlight-udev-rule
+                               (udev-configuration-rules config)))))
+    (delete pulseaudio-service-type)
+    (delete gdm-service-type) )))
+  (setuid-programs
+    (append (list (file-like->setuid-program
+                    (file-append
+                      (specification->package "swaylock-effects")
+                       "/bin/swaylock"))
+                  (file-like->setuid-program
+                    (file-append
+                      (specification->package "opendoas")
+                      "/bin/doas")))
+            (delete sudo %setuid-programs)))
+  (bootloader (bootloader-configuration
+                (bootloader grub-efi-bootloader)
+                (targets (list "/boot/efi"))
+                (keyboard-layout keyboard-layout)))
+  (mapped-devices (list (mapped-device
+                          (source (uuid
+                                   "adcaf322-7ee5-48ec-abf6-4a9b10643878"))
+                          (target "sysroot")
+                          (type luks-device-mapping))))
+  ;; The list of file systems that get "mounted".  The unique
+  ;; file system identifiers there ("UUIDs") can be obtained
+  ;; by running 'blkid' in a terminal.
+  (file-systems (cons* (file-system
+                         (mount-point "/")
+                         (device "/dev/mapper/sysroot")
+                         (type "ext4")
+                         (dependencies mapped-devices))
+                       (file-system
+                         (mount-point "/boot/efi")
+                         (device (uuid "DFE8-32EF"
+                                       'fat32))
+                         (type "vfat")) %base-file-systems))
+  (swap-devices
+    (list
+      (swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))
diff --git a/system.scm b/system.scm
index 649146b..7a9cfb4 100644
--- a/system.scm
+++ b/system.scm
@@ -15,10 +15,68 @@
 (use-modules (guix packages))
 (use-modules (gnu services authentication))
 (use-modules (gnu packages shells))
+(use-modules (gnu packages perl))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
 (use-modules (srfi srfi-1))
 (use-package-modules security-token)
 (use-service-modules cups desktop networking ssh xorg sound security-token docker)
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+   (name "my-ca-certs")
+   (version "1")
+   (source (local-file "./CACerts/"
+                       #:recursive? #t))
+   (home-page "https://rschanz.org")
+   (license agpl3+)
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules
+      ((guix build utils))
+      #:builder
+      (begin
+        (use-modules (guix build utils)
+                     (srfi srfi-1)
+                     (srfi srfi-26)
+                     (ice-9 ftw))
+        (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+               (crt-suffix ".crt")
+               (is-certificate? (cut string-suffix? crt-suffix <>))
+               (certificates (filter is-certificate?
+                                     (scandir ca-certificates)))
+               (out (assoc-ref %outputs "out"))
+               (certificate-directory (string-append out
+                                                     "/etc/ssl/certs"))
+               (openssl (string-append (assoc-ref %build-inputs
+                                                  "openssl")
+                                       "/bin/openssl")))
+          (mkdir-p certificate-directory)
+          ;; When this package is installed into a profile, any files in the
+          ;; package output's etc/ssl/certs directory ending in ".pem" will
+          ;; also be put into a ca-certificates.crt bundle.  In the case of a
+          ;; system profile, this bundle will be made available to the system
+          ;; at activation time.  See the profile hooks defined in (guix
+          ;; profiles) and the etc-service-type define in (gnu services) for
+          ;; details.
+          (for-each
+           ;; Ensure the certificate is in an appropriate format.
+           (lambda (certificate)
+             (invoke
+              openssl "x509"
+              "-in" (string-append ca-certificates "/" certificate)
+              "-outform" "PEM"
+              "-out" (string-append
+                      certificate-directory "/"
+                      (basename certificate crt-suffix) ".pem")))
+           certificates)
+          #t))))
+   (inputs
+    (list openssl))
+   (synopsis "My certificate authority certificates")
+   (description synopsis)))
 ; Re-define the base packages to remove sudo
 (define %my-base-packages
  (remove (lambda (package)
@@ -84,6 +142,7 @@
                                                        "docker"
                                                        "wireplumber"
                                                        "zsh"))
+                         (list my-ca-certs)
                         %my-base-packages ))
  ;; Below is the list of system services.  To search for available

diff --git a/CACerts/ryanca_intermediate.crt b/CACerts/ryancaintermediate.crt index 48d70f4..48d70f4 100644 --- a/CACerts/ryanca_intermediate.crt +++ b/CACerts/ryancaintermediate.crt


diff --git a/channels.scm b/channels.scm index 5c5027b..4321cc3 100644 --- a/channels.scm +++ b/channels.scm
@@ -19,4 +19,9 @@
19	(make-channel-introduction	19	(make-channel-introduction
20	"897c1a470da759236cc11798f4e0a5f7d4d59fbc"	20	"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
21	(openpgp-fingerprint	21	(openpgp-fingerprint
22	"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))))	22	"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
		23	;(channel
		24	; (name 'ryan-home-services)
		25	; (url "https://git.ryanserver.home.arpa")
		26	; (branch "main"))
		27	)


diff --git a/home-config/bashrc b/home-config/bashrc index c8e6503..6d22d87 100644 --- a/home-config/bashrc +++ b/home-config/bashrc
@@ -38,6 +38,7 @@ alias grep='grep --color=auto'
38	alias quit='exit'	38	alias quit='exit'
39	export EDITOR=nvim	39	export EDITOR=nvim
40	alias cat='bat --paging=never'	40	alias cat='bat --paging=never'
		41	export XDG_DATA_DIRS=$XDG_DATA_DIRS:/var/lib/flatpak/exports/share:/home/ryan/.local/share/flatpak/exports/share
41		42
42	# GPG SETUP FOR SSH	43	# GPG SETUP FOR SSH
43	export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)	44	export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)


diff --git a/home-config/home-configuration.scm b/home-config/home-configuration.scm index 746b043..9a5953d 100644 --- a/home-config/home-configuration.scm +++ b/home-config/home-configuration.scm
@@ -68,8 +68,7 @@
68	"gimp"	68	"gimp"
69	"python"	69	"python"
70	"python:tk"	70	"python:tk"
71	;"tk"	71	"file"
72	;"tcl"
73	"python-lsp-server"	72	"python-lsp-server"
74	"sqlite"	73	"sqlite"
75	"git"))	74	"git"))


diff --git a/home-config/nvim/config/init.vim b/home-config/nvim/config/init.vim index 0934e02..447da4a 100644 --- a/home-config/nvim/config/init.vim +++ b/home-config/nvim/config/init.vim
@@ -53,7 +53,7 @@ require('orgmode').setup({
53	vim.opt.conceallevel = 2	53	vim.opt.conceallevel = 2
54	vim.opt.concealcursor = nc	54	vim.opt.concealcursor = nc
55		55
56	local lspconfig = require('lspconfig')	56	--local lspconfig = require('lspconfig')
57	END	57	END
58		58
59	"asynccomplete Auto Complete Config	59	"asynccomplete Auto Complete Config


diff --git a/sys b/sys new file mode 100644 index 0000000..c9747b0 --- /dev/null +++ b/sys
@@ -0,0 +1,212 @@
		1	;; This is an operating system configuration generated
		2	;; by the graphical installer.
		3	;;
		4	;; Once installation is complete, you can learn and modify
		5	;; this file to tweak the system configuration, and pass it
		6	;; to the 'guix system reconfigure' command to effect your
		7	;; changes.
		8
		9
		10	;; Indicate which modules to import to access the variables
		11	;; used in this configuration.
		12	(use-modules (gnu) (nongnu packages linux))
		13	(use-modules (gnu system setuid))
		14	(use-modules (gnu packages admin))
		15	(use-modules (guix packages))
		16	(use-modules (gnu services authentication))
		17	(use-modules (gnu packages shells))
		18	(use-modules (guix build-system trivial))
		19	(use-modules (guix licenses))
		20	(use-modules (srfi srfi-1))
		21	(use-package-modules security-token)
		22	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
		23
		24	; Define package that installs my root ca public keys
		25	(define my-ca-certs
		26	(package
		27	(name "my-ca-certs")
		28	(version "1")
		29	(source (local-file "./CACerts"
		30	#:recursive? #t))
		31	(build-system trivial-build-system)
		32	(license mpl2.0)
		33	(home-page "https://rschanz.org")
		34	(arguments
		35	`(#:modules
		36	((guix build utils))
		37	#:builder
		38	(begin
		39	(use-modules (guix build utils)
		40	(srfi srfi-1)
		41	(srfi srfi-26)
		42	(ice-9 ftw))
		43	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
		44	(crt-suffix ".crt")
		45	(is-certificate? (cut string-suffix? crt-suffix <>))
		46	(certificates (filter is-certificate?
		47	(scandir ca-certificates)))
		48	(out (assoc-ref %outputs "out"
		49	"/etc/ssl/certs"))
		50	(openssl (assoc-ref %build-inputs
		51	"openssl")))
		52	(mkdir-p certificate-directory)
		53	(for-each
		54	(lambda (certificate)
		55	(invoke
		56	openssl "x509"
		57	"-in" (string-append ca-certificates "/" certificate)
		58	"-outform" "PEM"
		59	"-out" (string-append
		60	certificate-directory "/"
		61	(basename certificate crt-suffix) ".pem")))
		62	certificates)
		63	#t))))
		64	(native-inputs
		65	(list openssl))
		66	(synopsis "My CA Certs")
		67	(description synopsis)))
		68
		69	; Re-define the base packages to remove sudo
		70	(define %my-base-packages
		71	(remove (lambda (package)
		72	(member (package-name package)
		73	(list "sudo" "nano")))
		74	%base-packages ))
		75
		76	(define %backlight-udev-rule
		77	(udev-rule
		78	"90-backlight.rules"
		79	(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
		80	"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
		81	"\n"
		82	"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
		83	"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
		84
		85	(operating-system
		86	(kernel linux)
		87	(firmware (list linux-firmware))
		88	(locale "en_US.utf8")
		89	(timezone "America/New_York")
		90	(keyboard-layout (keyboard-layout "us"))
		91	(host-name "RyanThinkpad")
		92
		93	;; The list of user accounts ('root' is implicit).
		94	(users (cons* (user-account
		95	(name "ryan")
		96	(comment "Ryan")
		97	(group "users")
		98	;(shell (file-append zsh "/bin/zsh"))
		99	(home-directory "/home/ryan")
		100	(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
		101	%base-user-accounts))
		102
		103	;; Packages installed system-wide. Users can also install packages
		104	;; under their own account: use 'guix search KEYWORD' to search
		105	;; for packages and 'guix install PACKAGE' to install a package.
		106	(packages (append (map specification->package (list "sway"
		107	"swaybg"
		108	"swayidle"
		109	"swaylock-effects"
		110	"fuzzel"
		111	"alacritty"
		112	"pinentry-qt"
		113	"adwaita-icon-theme"
		114	"hicolor-icon-theme"
		115	"git"
		116	"nss-certs"
		117	"waybar"
		118	"gnupg"
		119	"light"
		120	"mako"
		121	"grim"
		122	"slurp"
		123	"wl-clipboard"
		124	"bluez"
		125	"blueman"
		126	"opendoas"
		127	"xdg-desktop-portal-wlr"
		128	"xdg-desktop-portal"
		129	"pipewire"
		130	"fprintd"
		131	"docker"
		132	"wireplumber"
		133	"zsh"))
		134	(list my-ca-certs)
		135	%my-base-packages ))
		136
		137	;; Below is the list of system services. To search for available
		138	;; services, run 'guix system search KEYWORD' in a terminal.
		139	(services
		140	(append (list
		141
		142	;; To configure OpenSSH, pass an 'openssh-configuration'
		143	;; record as a second argument to 'service' below.
		144	(service openssh-service-type)
		145	(service pcscd-service-type)
		146	(service fprintd-service-type)
		147	(service docker-service-type)
		148	(service bluetooth-service-type)
		149	(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
		150	(set-xorg-configuration
		151	(xorg-configuration (keyboard-layout keyboard-layout))))
		152
		153	;; This is the default list of services we
		154	;; are appending to.
		155	(modify-services %desktop-services
		156	(guix-service-type config =>
		157	(guix-configuration
		158	(inherit config)
		159	(substitute-urls
		160	(append (list "https://substitutes.nonguix.org")
		161	%default-substitute-urls))
		162	(authorized-keys
		163	(cons* (plain-file "non-guix.pub"
		164	"(public-key
		165	(ecc
		166	(curve Ed25519)
		167	(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
		168	)
		169	)" ) %default-authorized-guix-keys))))
		170	(udev-service-type config =>
		171	(udev-configuration
		172	(inherit config)
		173	(rules (cons %backlight-udev-rule
		174	(udev-configuration-rules config)))))
		175	(delete pulseaudio-service-type)
		176	(delete gdm-service-type) )))
		177	(setuid-programs
		178	(append (list (file-like->setuid-program
		179	(file-append
		180	(specification->package "swaylock-effects")
		181	"/bin/swaylock"))
		182	(file-like->setuid-program
		183	(file-append
		184	(specification->package "opendoas")
		185	"/bin/doas")))
		186	(delete sudo %setuid-programs)))
		187	(bootloader (bootloader-configuration
		188	(bootloader grub-efi-bootloader)
		189	(targets (list "/boot/efi"))
		190	(keyboard-layout keyboard-layout)))
		191	(mapped-devices (list (mapped-device
		192	(source (uuid
		193	"adcaf322-7ee5-48ec-abf6-4a9b10643878"))
		194	(target "sysroot")
		195	(type luks-device-mapping))))
		196
		197	;; The list of file systems that get "mounted". The unique
		198	;; file system identifiers there ("UUIDs") can be obtained
		199	;; by running 'blkid' in a terminal.
		200	(file-systems (cons* (file-system
		201	(mount-point "/")
		202	(device "/dev/mapper/sysroot")
		203	(type "ext4")
		204	(dependencies mapped-devices))
		205	(file-system
		206	(mount-point "/boot/efi")
		207	(device (uuid "DFE8-32EF"
		208	'fat32))
		209	(type "vfat")) %base-file-systems))
		210	(swap-devices
		211	(list
		212	(swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))


diff --git a/system.scm b/system.scm index 649146b..7a9cfb4 100644 --- a/system.scm +++ b/system.scm
@@ -15,10 +15,68 @@
15	(use-modules (guix packages))	15	(use-modules (guix packages))
16	(use-modules (gnu services authentication))	16	(use-modules (gnu services authentication))
17	(use-modules (gnu packages shells))	17	(use-modules (gnu packages shells))
		18	(use-modules (gnu packages perl))
		19	(use-modules (guix build-system trivial))
		20	(use-modules (guix licenses))
18	(use-modules (srfi srfi-1))	21	(use-modules (srfi srfi-1))
19	(use-package-modules security-token)	22	(use-package-modules security-token)
20	(use-service-modules cups desktop networking ssh xorg sound security-token docker)	23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
21		24
		25	; Define package that installs my root ca public keys
		26	(define my-ca-certs
		27	(package
		28	(name "my-ca-certs")
		29	(version "1")
		30	(source (local-file "./CACerts/"
		31	#:recursive? #t))
		32	(home-page "https://rschanz.org")
		33	(license agpl3+)
		34	(build-system trivial-build-system)
		35	(arguments
		36	`(#:modules
		37	((guix build utils))
		38	#:builder
		39	(begin
		40	(use-modules (guix build utils)
		41	(srfi srfi-1)
		42	(srfi srfi-26)
		43	(ice-9 ftw))
		44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
		45	(crt-suffix ".crt")
		46	(is-certificate? (cut string-suffix? crt-suffix <>))
		47	(certificates (filter is-certificate?
		48	(scandir ca-certificates)))
		49	(out (assoc-ref %outputs "out"))
		50	(certificate-directory (string-append out
		51	"/etc/ssl/certs"))
		52	(openssl (string-append (assoc-ref %build-inputs
		53	"openssl")
		54	"/bin/openssl")))
		55	(mkdir-p certificate-directory)
		56	;; When this package is installed into a profile, any files in the
		57	;; package output's etc/ssl/certs directory ending in ".pem" will
		58	;; also be put into a ca-certificates.crt bundle. In the case of a
		59	;; system profile, this bundle will be made available to the system
		60	;; at activation time. See the profile hooks defined in (guix
		61	;; profiles) and the etc-service-type define in (gnu services) for
		62	;; details.
		63	(for-each
		64	;; Ensure the certificate is in an appropriate format.
		65	(lambda (certificate)
		66	(invoke
		67	openssl "x509"
		68	"-in" (string-append ca-certificates "/" certificate)
		69	"-outform" "PEM"
		70	"-out" (string-append
		71	certificate-directory "/"
		72	(basename certificate crt-suffix) ".pem")))
		73	certificates)
		74	#t))))
		75	(inputs
		76	(list openssl))
		77	(synopsis "My certificate authority certificates")
		78	(description synopsis)))
		79
22	; Re-define the base packages to remove sudo	80	; Re-define the base packages to remove sudo
23	(define %my-base-packages	81	(define %my-base-packages
24	(remove (lambda (package)	82	(remove (lambda (package)
@@ -84,6 +142,7 @@
84	"docker"	142	"docker"
85	"wireplumber"	143	"wireplumber"
86	"zsh"))	144	"zsh"))
		145	(list my-ca-certs)
87	%my-base-packages ))	146	%my-base-packages ))
88		147
89	;; Below is the list of system services. To search for available	148	;; Below is the list of system services. To search for available