2023-05-19 00:27:16 -04:00
|
|
|
(define-module (ryan-config base-system)
|
|
|
|
#:use-module (gnu)
|
|
|
|
#:use-module (nongnu packages linux)
|
|
|
|
#:use-module (gnu system setuid)
|
|
|
|
#:use-module (gnu packages admin)
|
2023-08-31 10:11:42 -04:00
|
|
|
#:use-module (gnu packages avahi)
|
2024-10-21 11:40:52 -04:00
|
|
|
#:use-module (gnu packages wm)
|
2023-05-19 00:27:16 -04:00
|
|
|
#:use-module (guix packages)
|
|
|
|
#:use-module (gnu packages shells)
|
|
|
|
#:use-module (guix build-system trivial)
|
|
|
|
#:use-module (guix licenses)
|
|
|
|
#:use-module (gnu packages tls)
|
2024-02-09 16:20:47 -05:00
|
|
|
#:use-module (gnu packages spice)
|
2023-05-19 00:27:16 -04:00
|
|
|
#:use-module (srfi srfi-1)
|
|
|
|
#:use-module (ryan-packages freedesktop)
|
2024-10-08 09:40:47 -04:00
|
|
|
;#:use-module (ryan-packages hyprland)
|
2023-05-19 00:27:16 -04:00
|
|
|
#:use-module (ryan-packages wm)
|
2023-09-07 14:45:05 -04:00
|
|
|
#:use-module (ryan-packages virtualization)
|
2024-02-04 19:12:46 -05:00
|
|
|
#:use-module (ryan-packages linux)
|
|
|
|
#:use-module (ryan-packages networking)
|
2023-06-09 22:19:29 -04:00
|
|
|
#:use-module (rosenthal packages wm)
|
2024-05-21 02:22:10 -04:00
|
|
|
#:use-module (rosenthal services networking)
|
2023-05-19 00:27:16 -04:00
|
|
|
#:use-module (gnu packages security-token)
|
|
|
|
#:use-module (gnu services security-token)
|
|
|
|
#:use-module (gnu services cups)
|
|
|
|
#:use-module (gnu services desktop)
|
|
|
|
#:use-module (gnu services networking)
|
|
|
|
#:use-module (gnu services xorg)
|
|
|
|
#:use-module (gnu services ssh)
|
|
|
|
#:use-module (gnu services nix)
|
|
|
|
#:use-module (gnu services sound)
|
|
|
|
#:use-module (gnu services docker)
|
2023-08-31 10:11:42 -04:00
|
|
|
#:use-module (gnu services avahi)
|
2024-02-09 16:20:47 -05:00
|
|
|
#:use-module (gnu services dbus)
|
2023-05-19 00:27:16 -04:00
|
|
|
#:use-module (gnu services virtualization))
|
2023-05-19 00:09:31 -04:00
|
|
|
|
|
|
|
; Define package that installs my root ca public keys
|
|
|
|
(define my-ca-certs
|
|
|
|
(package
|
|
|
|
(name "my-ca-certs")
|
|
|
|
(version "1")
|
|
|
|
(source (local-file "./CACerts"
|
|
|
|
#:recursive? #t))
|
|
|
|
(build-system trivial-build-system)
|
|
|
|
(license mpl2.0)
|
|
|
|
(home-page "https://rschanz.org")
|
|
|
|
(arguments
|
|
|
|
`(#:modules
|
|
|
|
((guix build utils))
|
|
|
|
#:builder
|
|
|
|
(begin
|
|
|
|
(use-modules (guix build utils)
|
|
|
|
(srfi srfi-1)
|
|
|
|
(srfi srfi-26)
|
|
|
|
(ice-9 ftw))
|
|
|
|
(let* ((ca-certificates (assoc-ref %build-inputs "source"))
|
|
|
|
(crt-suffix ".crt")
|
|
|
|
(is-certificate? (cut string-suffix? crt-suffix <>))
|
|
|
|
(certificates (filter is-certificate?
|
|
|
|
(scandir ca-certificates)))
|
|
|
|
(out (assoc-ref %outputs "out"))
|
|
|
|
(certificate-directory (string-append out "/etc/ssl/certs"))
|
|
|
|
(openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
|
|
|
|
(mkdir-p certificate-directory)
|
|
|
|
(for-each
|
|
|
|
(lambda (cert)
|
|
|
|
(invoke
|
|
|
|
openssl "x509"
|
|
|
|
"-in" (string-append ca-certificates "/" cert)
|
|
|
|
"-outform" "PEM"
|
|
|
|
"-out" (string-append certificate-directory "/" cert ".pem")))
|
|
|
|
certificates)
|
|
|
|
#t))))
|
|
|
|
(native-inputs
|
|
|
|
(list openssl))
|
|
|
|
(synopsis "My CA Certs")
|
|
|
|
(description synopsis)))
|
|
|
|
|
|
|
|
; Re-define the base packages to remove sudo
|
|
|
|
(define %my-base-packages
|
|
|
|
(remove (lambda (package)
|
|
|
|
(member (package-name package)
|
|
|
|
(list "sudo" "nano")))
|
|
|
|
%base-packages ))
|
|
|
|
|
|
|
|
(define %backlight-udev-rule
|
|
|
|
(udev-rule
|
|
|
|
"90-backlight.rules"
|
|
|
|
(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
|
|
|
|
"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
|
|
|
|
"\n"
|
|
|
|
"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
|
|
|
|
"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
|
|
|
|
|
2024-03-18 01:00:08 -04:00
|
|
|
(define %flipper-udev-rule
|
|
|
|
(udev-rule
|
|
|
|
"42-flipperzero.rules"
|
|
|
|
(string-append "SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"0483\", ATTRS{idProduct}==\"5740\", ATTRS{manufacturer}==\"Flipper Devices Inc.\", TAG+=\"uaccess\""
|
|
|
|
"\n"
|
|
|
|
"SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"0483\", ATTRS{idProduct}==\"df11\", ATTRS{manufacturer}==\"STMicroelectronics\", TAG+=\"uaccess\""
|
|
|
|
"\n"
|
|
|
|
"SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"303a\", ATTRS{idProduct}==\"40??\", ATTRS{manufacturer}==\"Flipper Devices Inc.\", TAG+=\"uaccess\"")))
|
|
|
|
|
2023-05-19 00:27:16 -04:00
|
|
|
(define-public base-operating-system
|
2023-05-19 01:24:44 -04:00
|
|
|
(operating-system
|
2024-06-19 23:20:16 -04:00
|
|
|
(kernel linux)
|
2023-05-19 01:24:44 -04:00
|
|
|
(firmware (list linux-firmware))
|
|
|
|
(locale "en_US.utf8")
|
|
|
|
(timezone "America/New_York")
|
|
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
|
|
(host-name "ThisWillChange")
|
2023-05-19 00:09:31 -04:00
|
|
|
|
2023-05-19 01:24:44 -04:00
|
|
|
;; The list of user accounts ('root' is implicit).
|
|
|
|
(users (cons* (user-account
|
|
|
|
(name "ryan")
|
|
|
|
(comment "Ryan")
|
|
|
|
(group "users")
|
2024-04-12 23:06:03 -04:00
|
|
|
(shell (file-append fish "/bin/fish"))
|
2023-05-19 01:24:44 -04:00
|
|
|
(home-directory "/home/ryan")
|
2024-03-19 09:51:55 -04:00
|
|
|
(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker" "libvirt" "kvm" "dialout")))
|
2023-05-19 01:24:44 -04:00
|
|
|
%base-user-accounts))
|
2023-05-19 00:09:31 -04:00
|
|
|
|
2023-05-19 01:24:44 -04:00
|
|
|
;; Packages installed system-wide. Users can also install packages
|
|
|
|
;; under their own account: use 'guix search KEYWORD' to search
|
|
|
|
;; for packages and 'guix install PACKAGE' to install a package.
|
|
|
|
(packages (append (map specification->package (list "sway"
|
2024-10-19 00:11:58 -04:00
|
|
|
;"hyprland"
|
2023-05-19 01:24:44 -04:00
|
|
|
"swaybg"
|
2024-03-20 01:21:39 -04:00
|
|
|
;"swayidle"
|
2023-05-19 01:24:44 -04:00
|
|
|
;"swaylock-effects"
|
|
|
|
"fuzzel"
|
2023-10-12 10:40:43 -04:00
|
|
|
"foot"
|
2023-05-19 01:24:44 -04:00
|
|
|
"pinentry-qt"
|
|
|
|
"adwaita-icon-theme"
|
|
|
|
"hicolor-icon-theme"
|
|
|
|
"git"
|
2024-10-08 09:40:47 -04:00
|
|
|
"waybar-experimental"
|
2023-05-19 01:24:44 -04:00
|
|
|
"gnupg"
|
|
|
|
"light"
|
2023-08-31 10:11:42 -04:00
|
|
|
"avahi"
|
2023-05-19 01:24:44 -04:00
|
|
|
"mako"
|
|
|
|
"grim"
|
2023-06-09 22:19:29 -04:00
|
|
|
"grimblast"
|
2023-05-19 01:24:44 -04:00
|
|
|
"slurp"
|
|
|
|
"wl-clipboard"
|
2024-02-04 19:12:46 -05:00
|
|
|
;"bluez"
|
|
|
|
;"blueman"
|
2023-05-19 01:24:44 -04:00
|
|
|
"ldacbt"
|
|
|
|
"libfreeaptx"
|
|
|
|
"libfdk"
|
|
|
|
"opendoas"
|
|
|
|
;"xdg-desktop-portal-wlr"
|
2024-10-08 09:40:47 -04:00
|
|
|
;"xdg-desktop-portal"
|
2024-10-19 00:11:58 -04:00
|
|
|
;"xdg-desktop-portal-gtk"
|
2023-06-03 13:51:23 -04:00
|
|
|
"v4l2loopback-linux-module"
|
2023-05-19 01:24:44 -04:00
|
|
|
"pipewire"
|
|
|
|
"docker"
|
2023-09-07 14:45:05 -04:00
|
|
|
;"libvirt" ;New version inherited from service
|
|
|
|
;"virt-manager"
|
2023-09-05 15:47:21 -04:00
|
|
|
"dconf"
|
2023-05-19 01:24:44 -04:00
|
|
|
"wireplumber"
|
2023-05-30 23:27:30 -04:00
|
|
|
"wireshark"
|
2024-09-10 15:34:53 -04:00
|
|
|
"webkitgtk-with-libsoup2" ; Needed for Go wails development
|
2023-05-19 01:24:44 -04:00
|
|
|
"zsh"))
|
2024-10-19 00:11:58 -04:00
|
|
|
(list my-ca-certs virt-manager-ovmf bluez-ryan blueman-ryan swayidle-new)
|
2023-05-19 01:24:44 -04:00
|
|
|
%my-base-packages ))
|
2023-05-19 00:09:31 -04:00
|
|
|
|
2023-05-19 01:24:44 -04:00
|
|
|
;; Below is the list of system services. To search for available
|
|
|
|
;; services, run 'guix system search KEYWORD' in a terminal.
|
|
|
|
(services
|
|
|
|
(append (list
|
2023-05-19 00:09:31 -04:00
|
|
|
|
2023-05-19 01:24:44 -04:00
|
|
|
;; To configure OpenSSH, pass an 'openssh-configuration'
|
|
|
|
;; record as a second argument to 'service' below.
|
|
|
|
(service openssh-service-type)
|
|
|
|
(service pcscd-service-type)
|
2023-08-31 10:11:42 -04:00
|
|
|
(service cups-service-type
|
|
|
|
(cups-configuration
|
|
|
|
(web-interface? #t)))
|
|
|
|
;; Avahi is only present for CUPS to support "automagic" printing
|
|
|
|
(service avahi-service-type
|
|
|
|
(avahi-configuration
|
|
|
|
(publish? #f) ;; do not advertise this machine
|
|
|
|
(publish-workstation? #f))) ;; do not advertise, I want this to be as silent as possible
|
2023-05-19 01:24:44 -04:00
|
|
|
(service docker-service-type)
|
2024-05-21 02:22:10 -04:00
|
|
|
; Tailscale daemon from rosenthal
|
2024-10-11 16:54:40 -04:00
|
|
|
(service tailscale-service-type
|
|
|
|
(tailscale-configuration
|
|
|
|
(socket "/var/run/tailscale/tailscaled.sock")))
|
2024-10-08 09:40:47 -04:00
|
|
|
(service containerd-service-type)
|
2023-05-19 01:24:44 -04:00
|
|
|
(service nix-service-type)
|
|
|
|
(service libvirt-service-type
|
|
|
|
(libvirt-configuration
|
2023-09-07 16:29:27 -04:00
|
|
|
(libvirt libvirt-ovmf)
|
2023-05-19 01:24:44 -04:00
|
|
|
(unix-sock-group "libvirt")))
|
2023-06-04 18:53:39 -04:00
|
|
|
(service virtlog-service-type)
|
2024-10-21 11:40:52 -04:00
|
|
|
(service screen-locker-service-type
|
|
|
|
(screen-locker-configuration
|
|
|
|
(name "hyprlock")
|
|
|
|
(program (file-append swaylock "/bin/swaylock"))
|
|
|
|
(using-pam? #t)))
|
2024-02-09 16:20:47 -05:00
|
|
|
(simple-service 'spice-polkit polkit-service-type (list spice-gtk))
|
2024-03-26 10:05:44 -04:00
|
|
|
(simple-service 'hwdb-creation etc-service-type (list `("udev-here-oneoneone" ,(plain-file "issue" "test\n"))))
|
2023-09-08 00:57:58 -04:00
|
|
|
(service bluetooth-service-type
|
|
|
|
(bluetooth-configuration
|
2024-02-04 19:12:46 -05:00
|
|
|
(bluez bluez-ryan)
|
2023-09-08 01:02:42 -04:00
|
|
|
(experimental #t)
|
|
|
|
(fast-connectable? #t)))
|
2023-05-19 01:24:44 -04:00
|
|
|
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
|
2023-05-19 00:09:31 -04:00
|
|
|
|
2023-05-19 01:24:44 -04:00
|
|
|
;; This is the default list of services we
|
|
|
|
;; are appending to.
|
|
|
|
(modify-services %desktop-services
|
|
|
|
(guix-service-type config =>
|
|
|
|
(guix-configuration
|
|
|
|
(inherit config)
|
|
|
|
(substitute-urls
|
|
|
|
(append (list "https://substitutes.nonguix.org")
|
|
|
|
%default-substitute-urls))
|
|
|
|
(authorized-keys
|
|
|
|
(cons* (plain-file "non-guix.pub"
|
|
|
|
"(public-key
|
|
|
|
(ecc
|
|
|
|
(curve Ed25519)
|
|
|
|
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
|
|
|
|
)
|
|
|
|
)" ) %default-authorized-guix-keys))))
|
|
|
|
(udev-service-type config =>
|
|
|
|
(udev-configuration
|
|
|
|
(inherit config)
|
2024-03-18 01:00:08 -04:00
|
|
|
(rules (cons* %backlight-udev-rule
|
|
|
|
%flipper-udev-rule
|
2023-05-19 01:24:44 -04:00
|
|
|
(udev-configuration-rules config)))))
|
2024-02-04 18:15:29 -05:00
|
|
|
(elogind-service-type config =>
|
|
|
|
(elogind-configuration
|
|
|
|
(inherit config)
|
|
|
|
(handle-power-key `ignore)
|
|
|
|
(handle-suspend-key `ignore)
|
2024-03-08 14:05:30 -05:00
|
|
|
(handle-lid-switch `ignore)
|
|
|
|
(kill-user-processes? #t)))
|
2023-05-19 01:24:44 -04:00
|
|
|
(delete pulseaudio-service-type)
|
|
|
|
(delete gdm-service-type)
|
2023-08-31 10:11:42 -04:00
|
|
|
(delete avahi-service-type)
|
2023-06-04 18:53:39 -04:00
|
|
|
;(delete xorg-server-service-type)
|
2023-05-19 01:24:44 -04:00
|
|
|
(delete alsa-service-type) )))
|
2023-08-31 10:11:42 -04:00
|
|
|
(name-service-switch %mdns-host-lookup-nss) ;; Enable .local lookup
|
2023-05-19 01:24:44 -04:00
|
|
|
(setuid-programs
|
2024-10-08 09:40:47 -04:00
|
|
|
(append (list ;(file-like->setuid-program
|
|
|
|
;(file-append
|
2023-05-19 01:24:44 -04:00
|
|
|
;(specification->package "swaylock-effects")
|
2024-10-08 09:40:47 -04:00
|
|
|
; swaylock-effects-new
|
|
|
|
; "/bin/swaylock"))
|
2023-05-30 23:27:30 -04:00
|
|
|
(file-like->setuid-program
|
|
|
|
(file-append
|
|
|
|
(specification->package "wireshark")
|
|
|
|
"/bin/dumpcap"))
|
2023-06-04 19:10:05 -04:00
|
|
|
(file-like->setuid-program
|
|
|
|
(file-append
|
|
|
|
(specification->package "spice-gtk")
|
|
|
|
"/libexec/spice-client-glib-usb-acl-helper"))
|
2023-05-19 01:24:44 -04:00
|
|
|
(file-like->setuid-program
|
|
|
|
(file-append
|
|
|
|
(specification->package "opendoas")
|
|
|
|
"/bin/doas")))
|
|
|
|
(delete sudo %setuid-programs)))
|
|
|
|
(file-systems (cons*
|
|
|
|
(file-system
|
|
|
|
(mount-point "/tmp")
|
|
|
|
(device "none")
|
|
|
|
(type "tmpfs")
|
|
|
|
(check? #f))
|
|
|
|
%base-file-systems))
|
|
|
|
(bootloader (bootloader-configuration
|
|
|
|
(bootloader grub-efi-bootloader)
|
|
|
|
(targets (list "/boot/efi"))
|
2023-05-30 23:27:30 -04:00
|
|
|
(keyboard-layout keyboard-layout)))))
|