(use-modules (gnu) (gnu system nss) (gnu system setuid) (rg packages suckless) (rg services base)) (use-package-modules aspell certs disk fonts fontutils freedesktop glib gnome gstreamer kde-frameworks linux lisp package-management polkit qt wm xorg xdisorg) (use-service-modules authentication avahi certbot cups dbus desktop dns linux networking nix pm security-token sound virtualization vpn xorg) (operating-system ;; Use LTS versions of the kernel. (kernel linux-libre-lts) (kernel-arguments (append (list ;; Enable fan control from userspace. "thinkpad_acpi.fan_control=1") %default-kernel-arguments)) (initrd-modules ;; Remove incompatible modules. (delete "simplefb" %base-initrd-modules)) (keyboard-layout (keyboard-layout "us")) (bootloader (bootloader-configuration (bootloader ;; Don't install Grub binaries on disk, ;; but still generate Grub configuration. (bootloader (inherit grub-bootloader) (installer #~(const #t)))) (keyboard-layout keyboard-layout))) (label "secondary") (host-name "secondary") (mapped-devices (append ;; LUKS (list (mapped-device (source (uuid "7a0cbb90-7f10-4db9-a5cb-0c923f8e560a")) (targets (list "secondary")) (type luks-device-mapping))) ;; LVM (list (mapped-device (source "secondary") (targets (list "secondary-root" "secondary-swap")) (type lvm-device-mapping))))) (file-systems (append (list (file-system (type "btrfs") (mount-point "/") (device "/dev/mapper/secondary-root") (flags '(no-atime)) (options "space_cache=v2") (needed-for-boot? #t) (dependencies mapped-devices))) %base-file-systems)) (swap-devices (append (list (swap-space (target "/dev/mapper/secondary-swap") (dependencies mapped-devices))))) (users (append (list (user-account (name "rg") (comment "Raghav Gururajan") (group "users") (supplementary-groups '("audio" "cdrom" "kvm" "libvirt" "lp" "netdev" "tape" "tor" "video" "wheel")))) %base-user-accounts)) (packages (append ;; Certificates (list nss-certs) ;; Dictionaries (list aspell-dict-en hunspell-dict-en hunspell-dict-en-ca) ;; Fonts (list font-google-noto) ;; Icons (list adwaita-icon-theme breeze-icons hicolor-icon-theme oxygen-icons) ;; Languages (list sbcl) ;; Modules (list sbcl-stumpwm-ttf-fonts) ;; Plugins (list gst-plugins-base gst-plugins-bad gst-plugins-good gst-plugins-ugly) ;; Programs (list dbus desec-certbot-hook flatpak network-manager-applet nix st-custom stumpwm `(,stumpwm "lib") xinit) %base-packages)) (timezone "America/Toronto") (locale "en_IN.UTF-8") (name-service-switch %mdns-host-lookup-nss) (services (append ;; Device (list (service cups-service-type (cups-configuration (web-interface? #t))) (service inputattach-service-type (inputattach-configuration (device-type "wacom") (device "/dev/ttyS4") (baud-rate 38400))) (service sane-service-type) (service udisks-service-type (udisks-configuration))) ;; Display (list (service colord-service-type) (service xorg-server-service-type (xorg-configuration (modules ;; Load these driver modules only. (list xf86-input-libinput xf86-video-intel)) (drivers ;; Use intel specific video driver. (list "intel")) (keyboard-layout keyboard-layout)))) ;; Memory (list (service earlyoom-service-type)) ;; Network (list (service avahi-service-type) (service bitmask-service-type) (service bluetooth-service-type (bluetooth-configuration (auto-enable? #t))) (service modem-manager-service-type) (service network-manager-service-type) (service ntp-service-type) (service tor-service-type) (service usb-modeswitch-service-type) (service wpa-supplicant-service-type)) ;; Operation (list (service nix-service-type)) ;; Power (list (service thermald-service-type (thermald-configuration (ignore-cpuid-check? #t))) (service tlp-service-type) (service upower-service-type)) ;; Security (list (service accountsservice-service-type) (service certbot-service-type (certbot-configuration (email "admin@raghavgururajan.name") (certificates (list (certificate-configuration (name "nearlyfreespeech") (domains '("www.raghavgururajan.name")) (challenge "dns") (authentication-hook "/run/current-system/profile/etc/desec/hook.sh") (cleanup-hook "/run/current-system/profile/etc/desec/hook.sh")))))) (service elogind-service-type) ;(service fprintd-service-type) (service polkit-service-type) (service pcscd-service-type)) ;; Sound (list (service alsa-service-type) (service pulseaudio-service-type)) ;; Virtualization (list (service libvirt-service-type) (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "x86_64")))) (service virtlog-service-type)) (modify-services %base-services ;; Automatically login at startup. (mingetty-service-type config => (auto-login-to-tty config "tty2" "rg")) (guix-service-type config => (guix-configuration (inherit config) (substitute-urls (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys (append (list (plain-file "0cool.pub" "(public-key (ecc (curve Ed25519) (q #284DEDDA9B73063F7CFCDFDF06DD7C543DF25E5254621388D3152320A5A5EF14#)))") (plain-file "guixrus.pub" "(public-key (ecc (curve Ed25519) (q #5397B4B2CF9034070FB4248EFFBD794000E4AEA4741E65D48081064AD8FC65DA#)))") (plain-file "nonguix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) %default-authorized-guix-keys))))))) (setuid-programs (append (list (setuid-program (program (file-append util-linux "/sbin/losetup")))) %setuid-programs)))