(use-modules (gnu) (guix) (srfi srfi-1) (nongnu packages linux) (gnu system locale)) (use-service-modules desktop mcron networking spice ssh xorg sddm avahi security-token) (use-package-modules bootloaders fonts password-utils ssh gnupg version-control screen disk linux cryptsetup file-systems texinfo guile python security-token package-management xdisorg xorg) (define bare-bones-os (operating-system (host-name "komputilo") (timezone "Europe/Berlin") (locale "en_US.utf8") ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the ;; target hard disk, and "my-root" is the label of the target ;; root file system. ;; (bootloader (bootloader-configuration ;; (bootloader grub-bootloader) ;; (targets '("/dev/sdX")))) (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets '("/boot/efi")))) ;; It's fitting to support the equally bare bones ‘-nographic’ ;; QEMU option, which also nicely sidesteps forcing QWERTY. (kernel-arguments (list "console=ttyS0,115200")) (file-systems (cons* (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4")) (file-system (device (uuid "1234-ABCD" 'fat)) (mount-point "/boot/efi") (type "vfat")) %base-file-systems)) ;; This is where user accounts are specified. The "root" ;; account is implicit, and is initially created with the ;; empty password. (users (cons (user-account (name "alice") (comment "Bob's sister") (group "users") ;; Adding the account to the "wheel" group ;; makes it a sudoer. Adding it to "audio" ;; and "video" allows the user to play sound ;; and access the webcam. (supplementary-groups '("wheel" "audio" "video"))) %base-user-accounts)) ;; Globally-installed packages. (packages (cons screen %base-packages)) ;; Add services to the baseline: a DHCP client and an SSH ;; server. You may wish to add an NTP service here. (services (append (list (service dhcp-client-service-type) (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) (port-number 2222)))) %base-services)))) (operating-system (host-name "gnu") (timezone "Etc/UTC") (locale "en_US.utf8") (keyboard-layout (keyboard-layout "us" "altgr-intl")) ;; Label for the GRUB boot menu. (label (string-append "GNU Guix " (or (getenv "GUIX_DISPLAYED_VERSION") (package-version guix)))) (kernel linux-6.13) (firmware (cons* linux-firmware %base-firmware)) (kernel-arguments '()) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sda")))) (file-systems ;; Note: the disk image build code overrides this root file system with ;; the appropriate one. (append %base-live-file-systems ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need ;; elogind's cgroup file systems. (list %pseudo-terminal-file-system %shared-memory-file-system %efivars-file-system %immutable-store))) (users (cons (user-account (name "ruther") (comment "GNU Guix Live") (password "") ;no password (group "users") (supplementary-groups '("wheel" "netdev" "audio" "video"))) %base-user-accounts)) (sudoers-file (plain-file "sudoers" "\ root ALL=(ALL) ALL %wheel ALL=NOPASSWD: ALL\n")) (packages (cons* password-store pass-otp gnupg python python-yubikey-manager yubikey-personalization pinentry-tty git openssh parted gptfdisk ddrescue ;; Use the static LVM2 because it's already pulled in by the installer. lvm2-static ;; We used to provide fdisk from GNU fdisk, but as of version 2.0.0a ;; it pulls Guile 1.8, which takes unreasonable space; furthermore ;; util-linux's fdisk is already available, in %base-packages-linux. cryptsetup mdadm dosfstools btrfs-progs e2fsprogs f2fs-tools jfsutils xfsprogs %base-packages)) (pam-services ;; Explicitly allow for empty passwords. (base-pam-services #:allow-empty-passwords? #t)) (services (cons* ;; Add the 'cow-store' service, which users have to start manually ;; since it takes the installation directory as an argument. ((@@ (gnu system install) cow-store-service)) ;; Uncomment the line below to add an SSH server. (service openssh-service-type (openssh-configuration (permit-root-login #t) (allow-empty-passwords? #f) (password-authentication? #f) (%auto-start? #f))) ;; Use the DHCP client service rather than NetworkManager. (service dhcp-client-service-type) ;; yubikey (service pcscd-service-type) (service gc-root-service-type (append (list bare-bones-os (libc-utf8-locales-for-target (%current-system)) texinfo guile-3.0) %default-locale-libcs)) ;; Remove some services that don't make sense in a VM. (modify-services %desktop-services (delete gdm-service-type) ;; (delete sddm-service-type) (delete network-manager-service-type) (delete modem-manager-service-type) (guix-service-type config => (guix-configuration (inherit config) ;; Register the default substitute server key(s) as ;; trusted to allow the installation process to use ;; substitutes by default. (authorize-key? #t) (guix (current-guix))))))))