diff --git a/system/config.scm b/system/config.scm new file mode 100755 index 0000000..973d38d --- /dev/null +++ b/system/config.scm @@ -0,0 +1,278 @@ +(use-modules + (gnu) + (gnu system nss) + (gnu system setuid) + (rg packages suckless) + (rg services base)) +(use-package-modules + aspell + certs + disk + fonts + fontutils + freedesktop + glib + gnome + gstreamer + kde-frameworks + linux + lisp + polkit + qt + wm + xorg + xdisorg) +(use-service-modules + authentication + avahi + certbot + cups + dbus + desktop + dns + linux + networking + pm + security-token + sound + virtualization + vpn + xorg) + +(operating-system + ;; Use LTS versions of the kernel. + (kernel linux-libre-lts) + (kernel-arguments + (append + (list + ;; Enable fan control from userspace. + "thinkpad_acpi.fan_control=1") + %default-kernel-arguments)) + (keyboard-layout + (keyboard-layout "us")) + (bootloader + (bootloader-configuration + (bootloader + ;; Don't install Grub binaries on disk, + ;; but still generate Grub configuration. + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))) + (keyboard-layout keyboard-layout))) + (label "secondary") + (host-name "secondary") + (mapped-devices + (append + ;; LUKS + (list + (mapped-device + (source + (uuid "7a0cbb90-7f10-4db9-a5cb-0c923f8e560a")) + (targets + (list + "secondary")) + (type luks-device-mapping))) + ;; LVM + (list + (mapped-device + (source "secondary") + (targets + (list + "secondary-root" + "secondary-swap")) + (type lvm-device-mapping))))) + (file-systems + (append + (list + (file-system + (type "btrfs") + (mount-point "/") + (device "/dev/mapper/secondary-root") + (flags '(no-atime)) + (options "space_cache=v2") + (needed-for-boot? #t) + (dependencies mapped-devices))) + %base-file-systems)) + (swap-devices + (append + (list + (swap-space + (target "/dev/mapper/secondary-swap") + (dependencies mapped-devices))))) + (users + (append + (list + (user-account + (name "rg") + (comment "Raghav Gururajan") + (group "users") + (supplementary-groups + '("audio" "cdrom" "kvm" "libvirt" "lp" + "netdev" "tape" "tor" "video" "wheel")))) + %base-user-accounts)) + (packages + (append + ;; Certificates + (list + nss-certs) + ;; Dictionaries + (list + aspell-dict-en + hunspell-dict-en + hunspell-dict-en-ca) + ;; Fonts + (list + font-google-noto) + ;; Icons + (list + adwaita-icon-theme + breeze-icons + hicolor-icon-theme + oxygen-icons) + ;; Languages + (list + sbcl) + ;; Modules + (list + sbcl-stumpwm-ttf-fonts) + ;; Plugins + (list + gst-plugins-base + gst-plugins-bad + gst-plugins-good + gst-plugins-ugly) + ;; Programs + (list + dbus + desec-certbot-hook + network-manager-applet + st-custom + stumpwm + `(,stumpwm "lib") + xinit) + %base-packages)) + (timezone "America/Toronto") + (locale "en_CA.UTF-8") + (name-service-switch %mdns-host-lookup-nss) + (services + (append + ;; Device + (list + (service cups-service-type + (cups-configuration + (web-interface? #t))) + (service inputattach-service-type + (inputattach-configuration + (device-type "wacom") + (device "/dev/ttyS4") + (baud-rate 38400))) + (service sane-service-type) + (service udisks-service-type + (udisks-configuration))) + ;; Display + (list + (service colord-service-type) + (service xorg-server-service-type + (xorg-configuration + (modules + ;; Load these driver modules only. + (list + xf86-input-libinput + xf86-video-intel)) + (drivers + ;; Use intel specific video driver. + (list + "intel")) + (keyboard-layout keyboard-layout)))) + ;; Memory + (list + (service earlyoom-service-type)) + ;; Network + (list + (service avahi-service-type) + (service bitmask-service-type) + (service bluetooth-service-type + (bluetooth-configuration + (auto-enable? #t))) + (service dnsmasq-service-type + (dnsmasq-configuration + (no-resolv? #t) + (servers + (list + "9.9.9.9" + "2620:fe::fe" + "149.112.112.112" + "2620:fe::9")))) + (service modem-manager-service-type) + (service network-manager-service-type + (network-manager-configuration + (dns "none"))) + (service ntp-service-type) + (service tor-service-type) + (service usb-modeswitch-service-type) + (service wpa-supplicant-service-type)) + ;; Power + (list + (service thermald-service-type + (thermald-configuration + (ignore-cpuid-check? #t))) + (service tlp-service-type) + (service upower-service-type)) + ;; Security + (list + (service accountsservice-service-type) + (service certbot-service-type + (certbot-configuration + (email "admin@raghavgururajan.name") + (certificates + (list + (certificate-configuration + (name "nearlyfreespeech") + (domains '("www.raghavgururajan.name")) + (challenge "dns") + (authentication-hook "/run/current-system/profile/etc/desec/hook.sh") + (cleanup-hook "/run/current-system/profile/etc/desec/hook.sh")))))) + (service elogind-service-type) + (service fprintd-service-type) + (service polkit-service-type) + (service pcscd-service-type)) + ;; Sound + (list + (service alsa-service-type) + (service pulseaudio-service-type)) + ;; Virtualization + (list + (service libvirt-service-type) + (service qemu-binfmt-service-type + (qemu-binfmt-configuration + (platforms + (lookup-qemu-platforms "x86_64")))) + (service virtlog-service-type)) + (modify-services %base-services + ;; Automatically login at startup. + (mingetty-service-type config => + (auto-login-to-tty + config "tty2" "rg")) + (guix-service-type config => + (guix-configuration + (inherit config) + (substitute-urls + (append + (list + "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append + (list + (plain-file "0cool.pub" "(public-key (ecc (curve Ed25519) (q #284DEDDA9B73063F7CFCDFDF06DD7C543DF25E5254621388D3152320A5A5EF14#)))") + (plain-file "guixrus.pub" "(public-key (ecc (curve Ed25519) (q #5397B4B2CF9034070FB4248EFFBD794000E4AEA4741E65D48081064AD8FC65DA#)))") + (plain-file "nonguix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) + %default-authorized-guix-keys))))))) + (setuid-programs + (append + (list + (setuid-program + (program + (file-append util-linux "/sbin/losetup")))) + %setuid-programs))) +