1 files changed, 186 insertions, 0 deletions
diff --git a/modules/ryan-config/base-system.scm b/modules/ryan-config/base-system.scm
new file mode 100644
index 0000000..ce4b5ab
--- /dev/null
+++ b/modules/ryan-config/base-system.scm
@@ -0,0 +1,186 @@
+(use-modules (gnu) (nongnu packages linux))
+(use-modules (gnu system setuid))
+(use-modules (gnu packages admin))
+(use-modules (guix packages))
+(use-modules (gnu packages shells))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
+(use-modules (gnu packages tls))
+(use-modules (srfi srfi-1))
+(use-modules (ryan-packages freedesktop))
+(use-modules (ryan-packages wm))
+(use-package-modules security-token)
+(use-service-modules cups desktop networking xorg ssh nix sound security-token docker virtualization)
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+    (name "my-ca-certs")
+    (version "1")
+    (source (local-file "./CACerts"
+                        #:recursive? #t))
+    (build-system trivial-build-system)
+    (license mpl2.0)
+    (home-page "https://rschanz.org")
+    (arguments
+      `(#:modules
+        ((guix build utils))
+        #:builder
+        (begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-26)
+                       (ice-9 ftw))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+                 (crt-suffix ".crt")
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (certificates (filter is-certificate?
+                                       (scandir ca-certificates)))
+                 (out (assoc-ref %outputs "out"))
+                 (certificate-directory (string-append out "/etc/ssl/certs"))
+                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
+            (mkdir-p certificate-directory)
+            (for-each
+              (lambda (cert)
+                (invoke
+                  openssl "x509"
+                  "-in" (string-append ca-certificates "/" cert)
+                  "-outform" "PEM"
+                  "-out" (string-append certificate-directory "/" cert ".pem")))
+              certificates)
+            #t))))
+    (native-inputs
+      (list openssl))
+    (synopsis "My CA Certs")
+    (description synopsis)))
+; Re-define the base packages to remove sudo
+(define %my-base-packages
+  (remove (lambda (package)
+            (member (package-name package)
+                    (list "sudo" "nano")))
+          %base-packages ))
+(define %backlight-udev-rule
+  (udev-rule
+    "90-backlight.rules"
+    (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                   "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
+                   "\n"
+                   "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
+                    "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
+(operating-system
+  (kernel linux)
+  (firmware (list linux-firmware))
+  (locale "en_US.utf8")
+  (timezone "America/New_York")
+  (keyboard-layout (keyboard-layout "us"))
+  (host-name "ThisWillChange")
+  ;; The list of user accounts ('root' is implicit).
+  (users (cons* (user-account
+                  (name "ryan")
+                  (comment "Ryan")
+                  (group "users")
+                  ;(shell (file-append zsh "/bin/zsh"))
+                  (home-directory "/home/ryan")
+                  (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker" "libvirt" "kvm")))
+                %base-user-accounts))
+  ;; Packages installed system-wide.  Users can also install packages
+  ;; under their own account: use 'guix search KEYWORD' to search
+  ;; for packages and 'guix install PACKAGE' to install a package.
+  (packages (append (map specification->package (list   "sway"
+                                                        "swaybg"
+                                                                    "swayidle"
+                                                                    ;"swaylock-effects"
+                                                                    "fuzzel"
+                                                                    "alacritty"
+                                                        "pinentry-qt"
+                                                        "adwaita-icon-theme"
+                                                        "hicolor-icon-theme"
+                                                                    "git"
+                                                                    "nss-certs"
+                                                                    "waybar"
+                                                                    "gnupg"
+                                                        "light"
+                                                        "mako"
+                                                        "grim"
+                                                        "slurp"
+                                                        "wl-clipboard"
+                                                        "bluez"
+                                                        "blueman"
+                                                        "ldacbt"
+                                                        "libfreeaptx"
+                                                        "libfdk"
+                                                        "opendoas"
+                                                        ;"xdg-desktop-portal-wlr"
+                                                        "xdg-desktop-portal"
+                                                        "pipewire"
+                                                        "docker"
+                                                        "libvirt"
+                                                        "virt-manager"
+                                                        "wireplumber"
+                                                        "zsh"))
+                         (list my-ca-certs xdg-desktop-portal-wlr-new swaylock-effects-new)
+                         %my-base-packages ))
+  ;; Below is the list of system services.  To search for available
+  ;; services, run 'guix system search KEYWORD' in a terminal.
+  (services
+   (append (list
+                 ;; To configure OpenSSH, pass an 'openssh-configuration'
+                 ;; record as a second argument to 'service' below.
+                 (service openssh-service-type)
+                 (service pcscd-service-type)
+                 (service docker-service-type)
+                 (service nix-service-type)
+                 (service libvirt-service-type
+                          (libvirt-configuration
+                            (unix-sock-group "libvirt")))
+                 (service bluetooth-service-type)
+                 (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
+           ;; This is the default list of services we
+           ;; are appending to.
+        (modify-services %desktop-services
+        (guix-service-type config =>
+                       (guix-configuration
+                         (inherit config)
+                         (substitute-urls
+                           (append (list "https://substitutes.nonguix.org")
+                                   %default-substitute-urls))
+                         (authorized-keys
+                           (cons* (plain-file "non-guix.pub"
+                                                      "(public-key 
+                                                        (ecc 
+                                                         (curve Ed25519)
+                                                         (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
+                                                        )
+                                                       )" ) %default-authorized-guix-keys))))
+    (udev-service-type config =>
+                (udev-configuration
+                  (inherit config)
+                  (rules (cons %backlight-udev-rule
+                               (udev-configuration-rules config)))))
+    (delete pulseaudio-service-type) 
+    (delete gdm-service-type)
+    (delete xorg-server-service-type)
+    (delete alsa-service-type) )))
+  (setuid-programs
+    (append (list (file-like->setuid-program
+                    (file-append
+                      ;(specification->package "swaylock-effects")
+                      swaylock-effects-new
+                       "/bin/swaylock"))
+                  (file-like->setuid-program
+                    (file-append
+                      (specification->package "opendoas")
+                      "/bin/doas")))
+            (delete sudo %setuid-programs)))
+  (bootloader (bootloader-configuration
+                (bootloader grub-efi-bootloader)
+                (targets (list "/boot/efi"))
+                (keyboard-layout keyboard-layout))))))))

diff --git a/modules/ryan-config/base-system.scm b/modules/ryan-config/base-system.scm new file mode 100644 index 0000000..ce4b5ab --- /dev/null +++ b/modules/ryan-config/base-system.scm
@@ -0,0 +1,186 @@
	1	(use-modules (gnu) (nongnu packages linux))
	2	(use-modules (gnu system setuid))
	3	(use-modules (gnu packages admin))
	4	(use-modules (guix packages))
	5	(use-modules (gnu packages shells))
	6	(use-modules (guix build-system trivial))
	7	(use-modules (guix licenses))
	8	(use-modules (gnu packages tls))
	9	(use-modules (srfi srfi-1))
	10	(use-modules (ryan-packages freedesktop))
	11	(use-modules (ryan-packages wm))
	12	(use-package-modules security-token)
	13	(use-service-modules cups desktop networking xorg ssh nix sound security-token docker virtualization)
	14
	15	; Define package that installs my root ca public keys
	16	(define my-ca-certs
	17	(package
	18	(name "my-ca-certs")
	19	(version "1")
	20	(source (local-file "./CACerts"
	21	#:recursive? #t))
	22	(build-system trivial-build-system)
	23	(license mpl2.0)
	24	(home-page "https://rschanz.org")
	25	(arguments
	26	`(#:modules
	27	((guix build utils))
	28	#:builder
	29	(begin
	30	(use-modules (guix build utils)
	31	(srfi srfi-1)
	32	(srfi srfi-26)
	33	(ice-9 ftw))
	34	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
	35	(crt-suffix ".crt")
	36	(is-certificate? (cut string-suffix? crt-suffix <>))
	37	(certificates (filter is-certificate?
	38	(scandir ca-certificates)))
	39	(out (assoc-ref %outputs "out"))
	40	(certificate-directory (string-append out "/etc/ssl/certs"))
	41	(openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
	42	(mkdir-p certificate-directory)
	43	(for-each
	44	(lambda (cert)
	45	(invoke
	46	openssl "x509"
	47	"-in" (string-append ca-certificates "/" cert)
	48	"-outform" "PEM"
	49	"-out" (string-append certificate-directory "/" cert ".pem")))
	50	certificates)
	51	#t))))
	52	(native-inputs
	53	(list openssl))
	54	(synopsis "My CA Certs")
	55	(description synopsis)))
	56
	57	; Re-define the base packages to remove sudo
	58	(define %my-base-packages
	59	(remove (lambda (package)
	60	(member (package-name package)
	61	(list "sudo" "nano")))
	62	%base-packages ))
	63
	64	(define %backlight-udev-rule
	65	(udev-rule
	66	"90-backlight.rules"
	67	(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
	68	"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
	69	"\n"
	70	"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
	71	"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
	72
	73	(operating-system
	74	(kernel linux)
	75	(firmware (list linux-firmware))
	76	(locale "en_US.utf8")
	77	(timezone "America/New_York")
	78	(keyboard-layout (keyboard-layout "us"))
	79	(host-name "ThisWillChange")
	80
	81	;; The list of user accounts ('root' is implicit).
	82	(users (cons* (user-account
	83	(name "ryan")
	84	(comment "Ryan")
	85	(group "users")
	86	;(shell (file-append zsh "/bin/zsh"))
	87	(home-directory "/home/ryan")
	88	(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker" "libvirt" "kvm")))
	89	%base-user-accounts))
	90
	91	;; Packages installed system-wide. Users can also install packages
	92	;; under their own account: use 'guix search KEYWORD' to search
	93	;; for packages and 'guix install PACKAGE' to install a package.
	94	(packages (append (map specification->package (list "sway"
	95	"swaybg"
	96	"swayidle"
	97	;"swaylock-effects"
	98	"fuzzel"
	99	"alacritty"
	100	"pinentry-qt"
	101	"adwaita-icon-theme"
	102	"hicolor-icon-theme"
	103	"git"
	104	"nss-certs"
	105	"waybar"
	106	"gnupg"
	107	"light"
	108	"mako"
	109	"grim"
	110	"slurp"
	111	"wl-clipboard"
	112	"bluez"
	113	"blueman"
	114	"ldacbt"
	115	"libfreeaptx"
	116	"libfdk"
	117	"opendoas"
	118	;"xdg-desktop-portal-wlr"
	119	"xdg-desktop-portal"
	120	"pipewire"
	121	"docker"
	122	"libvirt"
	123	"virt-manager"
	124	"wireplumber"
	125	"zsh"))
	126	(list my-ca-certs xdg-desktop-portal-wlr-new swaylock-effects-new)
	127	%my-base-packages ))
	128
	129	;; Below is the list of system services. To search for available
	130	;; services, run 'guix system search KEYWORD' in a terminal.
	131	(services
	132	(append (list
	133
	134	;; To configure OpenSSH, pass an 'openssh-configuration'
	135	;; record as a second argument to 'service' below.
	136	(service openssh-service-type)
	137	(service pcscd-service-type)
	138	(service docker-service-type)
	139	(service nix-service-type)
	140	(service libvirt-service-type
	141	(libvirt-configuration
	142	(unix-sock-group "libvirt")))
	143	(service bluetooth-service-type)
	144	(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
	145
	146	;; This is the default list of services we
	147	;; are appending to.
	148	(modify-services %desktop-services
	149	(guix-service-type config =>
	150	(guix-configuration
	151	(inherit config)
	152	(substitute-urls
	153	(append (list "https://substitutes.nonguix.org")
	154	%default-substitute-urls))
	155	(authorized-keys
	156	(cons* (plain-file "non-guix.pub"
	157	"(public-key
	158	(ecc
	159	(curve Ed25519)
	160	(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
	161	)
	162	)" ) %default-authorized-guix-keys))))
	163	(udev-service-type config =>
	164	(udev-configuration
	165	(inherit config)
	166	(rules (cons %backlight-udev-rule
	167	(udev-configuration-rules config)))))
	168	(delete pulseaudio-service-type)
	169	(delete gdm-service-type)
	170	(delete xorg-server-service-type)
	171	(delete alsa-service-type) )))
	172	(setuid-programs
	173	(append (list (file-like->setuid-program
	174	(file-append
	175	;(specification->package "swaylock-effects")
	176	swaylock-effects-new
	177	"/bin/swaylock"))
	178	(file-like->setuid-program
	179	(file-append
	180	(specification->package "opendoas")
	181	"/bin/doas")))
	182	(delete sudo %setuid-programs)))
	183	(bootloader (bootloader-configuration
	184	(bootloader grub-efi-bootloader)
	185	(targets (list "/boot/efi"))
	186	(keyboard-layout keyboard-layout))))))))