~ruther/guix-config

ref: 0eb49edba3aa10d3dca13c9c6c8edb2583b4e9b5 guix-config/isos/simple.scm -rw-r--r-- 6.6 KiB
0eb49edb — Rutherther feat: add simple iso for making openpgp keys 5 days ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

(use-modules (gnu) (guix) (srfi srfi-1)
             (nongnu packages linux)
             (gnu system locale))
(use-service-modules desktop mcron networking spice ssh xorg sddm
                     avahi security-token)
(use-package-modules bootloaders fonts password-utils ssh
                     gnupg version-control screen disk
                     linux cryptsetup file-systems
                     texinfo guile python security-token
                     package-management xdisorg xorg)

(define bare-bones-os
  (operating-system
    (host-name "komputilo")
    (timezone "Europe/Berlin")
    (locale "en_US.utf8")

    ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
    ;; target hard disk, and "my-root" is the label of the target
    ;; root file system.
    ;; (bootloader (bootloader-configuration
    ;;              (bootloader grub-bootloader)
    ;;              (targets '("/dev/sdX"))))
    (bootloader (bootloader-configuration
                 (bootloader grub-efi-bootloader)
                 (targets '("/boot/efi"))))
    ;; It's fitting to support the equally bare bones ‘-nographic’
    ;; QEMU option, which also nicely sidesteps forcing QWERTY.
    (kernel-arguments (list "console=ttyS0,115200"))
    (file-systems (cons* (file-system
                           (device (file-system-label "my-root"))
                           (mount-point "/")
                           (type "ext4"))
                         (file-system
                           (device (uuid "1234-ABCD" 'fat))
                           (mount-point "/boot/efi")
                           (type "vfat"))
                         %base-file-systems))

    ;; This is where user accounts are specified.  The "root"
    ;; account is implicit, and is initially created with the
    ;; empty password.
    (users (cons (user-account
                  (name "alice")
                  (comment "Bob's sister")
                  (group "users")

                  ;; Adding the account to the "wheel" group
                  ;; makes it a sudoer.  Adding it to "audio"
                  ;; and "video" allows the user to play sound
                  ;; and access the webcam.
                  (supplementary-groups '("wheel"
                                          "audio" "video")))
                 %base-user-accounts))

    ;; Globally-installed packages.
    (packages (cons screen %base-packages))

    ;; Add services to the baseline: a DHCP client and an SSH
    ;; server.  You may wish to add an NTP service here.
    (services (append (list (service dhcp-client-service-type)
                            (service openssh-service-type
                                     (openssh-configuration
                                      (openssh openssh-sans-x)
                                      (port-number 2222))))
                      %base-services))))

(operating-system
  (host-name "gnu")
  (timezone "Etc/UTC")
  (locale "en_US.utf8")
  (keyboard-layout (keyboard-layout "us" "altgr-intl"))

  ;; Label for the GRUB boot menu.
  (label (string-append "GNU Guix "
                        (or (getenv "GUIX_DISPLAYED_VERSION")
                            (package-version guix))))


  (kernel linux-6.13)
  (firmware (cons* linux-firmware
                   %base-firmware))

  (kernel-arguments '())

  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
  (file-systems
   ;; Note: the disk image build code overrides this root file system with
   ;; the appropriate one.
   (append %base-live-file-systems

           ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
           ;; elogind's cgroup file systems.
           (list %pseudo-terminal-file-system
                 %shared-memory-file-system
                 %efivars-file-system
                 %immutable-store)))

  (users (cons (user-account
                (name "ruther")
                (comment "GNU Guix Live")
                (password "")           ;no password
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video")))
               %base-user-accounts))

  (sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n"))

  (packages
   (cons* password-store
          pass-otp
          gnupg
          python
          python-yubikey-manager
          yubikey-personalization
          pinentry-tty
          git
          openssh
          parted gptfdisk ddrescue
          ;; Use the static LVM2 because it's already pulled in by the installer.
          lvm2-static
          ;; We used to provide fdisk from GNU fdisk, but as of version 2.0.0a
          ;; it pulls Guile 1.8, which takes unreasonable space; furthermore
          ;; util-linux's fdisk is already available, in %base-packages-linux.
          cryptsetup mdadm
          dosfstools
          btrfs-progs
          e2fsprogs
          f2fs-tools
          jfsutils
          xfsprogs
          %base-packages))

  (pam-services
   ;; Explicitly allow for empty passwords.
   (base-pam-services #:allow-empty-passwords? #t))

  (services
   (cons*
    ;; Add the 'cow-store' service, which users have to start manually
    ;; since it takes the installation directory as an argument.
    ((@@ (gnu system install) cow-store-service))

    ;; Uncomment the line below to add an SSH server.
    (service openssh-service-type
             (openssh-configuration
              (permit-root-login #t)
              (allow-empty-passwords? #f)
              (password-authentication? #f)
              (%auto-start? #f)))

    ;; Use the DHCP client service rather than NetworkManager.
    (service dhcp-client-service-type)

    ;; yubikey
    (service pcscd-service-type)

    (service gc-root-service-type
             (append
              (list bare-bones-os
                    (libc-utf8-locales-for-target (%current-system))
                    texinfo
                    guile-3.0)
              %default-locale-libcs))

    ;; Remove some services that don't make sense in a VM.
    (modify-services %desktop-services
      (delete gdm-service-type)
      ;; (delete sddm-service-type)
      (delete network-manager-service-type)
      (delete modem-manager-service-type)
      (guix-service-type config =>
                         (guix-configuration
                          (inherit config)
                          ;; Register the default substitute server key(s) as
                          ;; trusted to allow the installation process to use
                          ;; substitutes by default.
                          (authorize-key? #t)
                          (guix (current-guix))))))))
Do not follow this link