@@ 0,0 1,184 @@
+(use-modules (gnu) (guix) (srfi srfi-1)
+ (nongnu packages linux)
+ (gnu system locale))
+(use-service-modules desktop mcron networking spice ssh xorg sddm
+ avahi security-token)
+(use-package-modules bootloaders fonts password-utils ssh
+ gnupg version-control screen disk
+ linux cryptsetup file-systems
+ texinfo guile python security-token
+ package-management xdisorg xorg)
+
+(define bare-bones-os
+ (operating-system
+ (host-name "komputilo")
+ (timezone "Europe/Berlin")
+ (locale "en_US.utf8")
+
+ ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
+ ;; target hard disk, and "my-root" is the label of the target
+ ;; root file system.
+ ;; (bootloader (bootloader-configuration
+ ;; (bootloader grub-bootloader)
+ ;; (targets '("/dev/sdX"))))
+ (bootloader (bootloader-configuration
+ (bootloader grub-efi-bootloader)
+ (targets '("/boot/efi"))))
+ ;; It's fitting to support the equally bare bones ‘-nographic’
+ ;; QEMU option, which also nicely sidesteps forcing QWERTY.
+ (kernel-arguments (list "console=ttyS0,115200"))
+ (file-systems (cons* (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ (file-system
+ (device (uuid "1234-ABCD" 'fat))
+ (mount-point "/boot/efi")
+ (type "vfat"))
+ %base-file-systems))
+
+ ;; This is where user accounts are specified. The "root"
+ ;; account is implicit, and is initially created with the
+ ;; empty password.
+ (users (cons (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (group "users")
+
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer. Adding it to "audio"
+ ;; and "video" allows the user to play sound
+ ;; and access the webcam.
+ (supplementary-groups '("wheel"
+ "audio" "video")))
+ %base-user-accounts))
+
+ ;; Globally-installed packages.
+ (packages (cons screen %base-packages))
+
+ ;; Add services to the baseline: a DHCP client and an SSH
+ ;; server. You may wish to add an NTP service here.
+ (services (append (list (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (port-number 2222))))
+ %base-services))))
+
+(operating-system
+ (host-name "gnu")
+ (timezone "Etc/UTC")
+ (locale "en_US.utf8")
+ (keyboard-layout (keyboard-layout "us" "altgr-intl"))
+
+ ;; Label for the GRUB boot menu.
+ (label (string-append "GNU Guix "
+ (or (getenv "GUIX_DISPLAYED_VERSION")
+ (package-version guix))))
+
+
+ (kernel linux-6.13)
+ (firmware (cons* linux-firmware
+ %base-firmware))
+
+ (kernel-arguments '())
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/sda"))))
+ (file-systems
+ ;; Note: the disk image build code overrides this root file system with
+ ;; the appropriate one.
+ (append %base-live-file-systems
+
+ ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
+ ;; elogind's cgroup file systems.
+ (list %pseudo-terminal-file-system
+ %shared-memory-file-system
+ %efivars-file-system
+ %immutable-store)))
+
+ (users (cons (user-account
+ (name "ruther")
+ (comment "GNU Guix Live")
+ (password "") ;no password
+ (group "users")
+ (supplementary-groups '("wheel" "netdev"
+ "audio" "video")))
+ %base-user-accounts))
+
+ (sudoers-file (plain-file "sudoers" "\
+root ALL=(ALL) ALL
+%wheel ALL=NOPASSWD: ALL\n"))
+
+ (packages
+ (cons* password-store
+ pass-otp
+ gnupg
+ python
+ python-yubikey-manager
+ yubikey-personalization
+ pinentry-tty
+ git
+ openssh
+ parted gptfdisk ddrescue
+ ;; Use the static LVM2 because it's already pulled in by the installer.
+ lvm2-static
+ ;; We used to provide fdisk from GNU fdisk, but as of version 2.0.0a
+ ;; it pulls Guile 1.8, which takes unreasonable space; furthermore
+ ;; util-linux's fdisk is already available, in %base-packages-linux.
+ cryptsetup mdadm
+ dosfstools
+ btrfs-progs
+ e2fsprogs
+ f2fs-tools
+ jfsutils
+ xfsprogs
+ %base-packages))
+
+ (pam-services
+ ;; Explicitly allow for empty passwords.
+ (base-pam-services #:allow-empty-passwords? #t))
+
+ (services
+ (cons*
+ ;; Add the 'cow-store' service, which users have to start manually
+ ;; since it takes the installation directory as an argument.
+ ((@@ (gnu system install) cow-store-service))
+
+ ;; Uncomment the line below to add an SSH server.
+ (service openssh-service-type
+ (openssh-configuration
+ (permit-root-login #t)
+ (allow-empty-passwords? #f)
+ (password-authentication? #f)
+ (%auto-start? #f)))
+
+ ;; Use the DHCP client service rather than NetworkManager.
+ (service dhcp-client-service-type)
+
+ ;; yubikey
+ (service pcscd-service-type)
+
+ (service gc-root-service-type
+ (append
+ (list bare-bones-os
+ (libc-utf8-locales-for-target (%current-system))
+ texinfo
+ guile-3.0)
+ %default-locale-libcs))
+
+ ;; Remove some services that don't make sense in a VM.
+ (modify-services %desktop-services
+ (delete gdm-service-type)
+ ;; (delete sddm-service-type)
+ (delete network-manager-service-type)
+ (delete modem-manager-service-type)
+ (guix-service-type config =>
+ (guix-configuration
+ (inherit config)
+ ;; Register the default substitute server key(s) as
+ ;; trusted to allow the installation process to use
+ ;; substitutes by default.
+ (authorize-key? #t)
+ (guix (current-guix))))))))