~ruther/guix-config

ref: db7e745cfe9910d5e21cbc6ce7e549fdcd12b318 guix-config/config.scm -rw-r--r-- 6.9 KiB
db7e745c — Rutherther feat: remove gdm, xorg 6 months ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

;; -*- mode: scheme; -*-
;; This is an operating system configuration template
;; for a "desktop" setup with GNOME and Xfce where the
;; root partition is encrypted with LUKS, and a swap file.

(use-modules
 (nongnu packages linux)
 (nongnu system linux-initrd)
 (gnu)
 (gnu system nss)
 (guix utils))
(use-service-modules desktop sddm xorg base nix pm virtualization vpn sound dbus cups)
(use-package-modules gnome package-management shells networking wm vim wget curl bash compression glib)

(operating-system
 (kernel linux)
 (initrd microcode-initrd)
 (firmware (cons* linux-firmware
                  %base-firmware))
 (host-name "laptop-ruther")
 (timezone "Europe/Prague")
 (locale "en_US.utf8")

 ;; Choose US English keyboard layout.  The "altgr-intl"
 ;; variant provides dead keys for accented characters.
 (keyboard-layout (keyboard-layout "us" "altgr-intl"))

 ;; Use the UEFI variant of GRUB with the EFI System
 ;; Partition mounted on /boot/efi.
 (bootloader (bootloader-configuration
              (bootloader grub-efi-bootloader)
              (targets '("/boot"))
              (keyboard-layout keyboard-layout)))

 ;; Specify a mapped device for the encrypted root partition.
 ;; The UUID is that returned by 'cryptsetup luksUUID'.
 (mapped-devices
  (list (mapped-device
         (source (uuid "55787ccb-decb-46b6-a190-6597dff68c68"))
         (target "cryptedguix")
         (type luks-device-mapping))))

 (file-systems (append
                (list (file-system
                       (device (file-system-label "guix-root"))
			                 ;; (device "/dev/mapper/cryptedguix")
                       (mount-point "/")
                       (type "ext4")
                       (dependencies mapped-devices))
                      (file-system
                       (device (file-system-label "BOOT"))
                       (mount-point "/boot")
                       (type "vfat")))
                %base-file-systems))

 ;; Specify a swap file for the system, which resides on the
 ;; root file system.
 (swap-devices (list ;; (swap-space
                     ;;  (target "/swapfile"))
                     ))

 ;; Create user `bob' with `alice' as its initial password.
 (users (cons (user-account
               (name "ruther")
               (comment "Rutherther")
               (group "users")
               (supplementary-groups '("wheel" "netdev"
                                       "audio" "video"
                                       "libvirt"))
               (shell (file-append zsh "/bin/zsh")))
              %base-user-accounts))

 ;; Add the `students' group
 (groups (cons* ;; (user-group
                ;;  (name "users"))
                %base-groups))

 ;; This is where we specify system-wide packages.
 (packages (append (list
                    ;; for user mounts
                    gvfs
                    zip unzip
                    wget curl
                    vim
                    nix)
                   %base-packages))

 (services
  (append (list (service bluetooth-service-type)
                (service nix-service-type
                         (nix-configuration
                          (extra-config
                           '("experimental-features = nix-command flakes\n"
                             "extra-platforms = aarch64-linux"))))
                (service power-profiles-daemon-service-type)

                (service screen-locker-service-type
                         (screen-locker-configuration
                          (name "swaylock")
                          (program (file-append swaylock "/bin/swaylock"))
                          (using-pam? #t)
                          (using-setuid? #f)))

                (service cups-service-type
                         (cups-configuration
                          (web-interface? #t)))

                (service pam-limits-service-type
                         (list
                          (pam-limits-entry "@wheel" 'both 'core 'unlimited)))

                ;; For starting blueman mechanism.
                ;; It needs privileges, so cannot be started from a user dbus session.
                (simple-service 'dbus-extras
                                dbus-root-service-type
                                (list blueman))

                (service libvirt-service-type)

                (service qemu-binfmt-service-type
                         (qemu-binfmt-configuration
                          (platforms (lookup-qemu-platforms "arm" "aarch64"))))

                (service wireguard-service-type
                         (wireguard-configuration
                          (private-key "/etc/wireguard/private.key")
                          (addresses '("192.168.32.25/32"))
                          (peers
                           (list
                            (wireguard-peer
                             (name "server")
                             (endpoint "78.46.201.50:51820")
                             (keep-alive 25)
                             (public-key "ZOVjmgUak67kLhNVgZwyb0bro3Yi4vCJbGArv+35IWQ=")
                             (allowed-ips '("192.168.32.0/24"))))))))
          (modify-services
           %desktop-services
           (delete gdm-service-type)
           (mingetty-service-type config => (if (string=? (mingetty-configuration-tty config) "tty1")
                                                (mingetty-configuration
                                                 (inherit config)
                                                 (auto-login "ruther")
                                                 (login-pause? #t))
                                                config))
           (elogind-service-type config => (elogind-configuration
                                            (handle-lid-switch-external-power 'ignore)))
           (pulseaudio-service-type config => (pulseaudio-configuration
                                                (inherit config)
                                                (client-conf
                                                 (append
                                                  (pulseaudio-configuration-client-conf config)
                                                 '((autospawn . no))))))
           (guix-service-type config => (guix-configuration
                                         (inherit config)
                                         (substitute-urls
                                          (append (list "https://substitutes.nonguix.org")
                                                  %default-substitute-urls))
                                         (authorized-keys
                                          (append (list (local-file "keys/nonguix-signing-key.pub"))
                                                  %default-authorized-guix-keys)))))))


 ;; Allow resolution of '.local' host names with mDNS.
 (name-service-switch %mdns-host-lookup-nss))

;; TODO syncthing
;;  udev rules, could nix fpga stuff work?
Do not follow this link