279 lines
6.6 KiB
Scheme
Executable File
279 lines
6.6 KiB
Scheme
Executable File
(use-modules
|
|
(gnu)
|
|
(gnu system nss)
|
|
(gnu system setuid)
|
|
(rg packages suckless)
|
|
(rg services base))
|
|
(use-package-modules
|
|
aspell
|
|
certs
|
|
disk
|
|
fonts
|
|
fontutils
|
|
freedesktop
|
|
glib
|
|
gnome
|
|
gstreamer
|
|
kde-frameworks
|
|
linux
|
|
lisp
|
|
polkit
|
|
qt
|
|
wm
|
|
xorg
|
|
xdisorg)
|
|
(use-service-modules
|
|
authentication
|
|
avahi
|
|
certbot
|
|
cups
|
|
dbus
|
|
desktop
|
|
dns
|
|
linux
|
|
networking
|
|
pm
|
|
security-token
|
|
sound
|
|
virtualization
|
|
vpn
|
|
xorg)
|
|
|
|
(operating-system
|
|
;; Use LTS versions of the kernel.
|
|
(kernel linux-libre-lts)
|
|
(kernel-arguments
|
|
(append
|
|
(list
|
|
;; Enable fan control from userspace.
|
|
"thinkpad_acpi.fan_control=1")
|
|
%default-kernel-arguments))
|
|
(keyboard-layout
|
|
(keyboard-layout "us"))
|
|
(bootloader
|
|
(bootloader-configuration
|
|
(bootloader
|
|
;; Don't install Grub binaries on disk,
|
|
;; but still generate Grub configuration.
|
|
(bootloader
|
|
(inherit grub-bootloader)
|
|
(installer #~(const #t))))
|
|
(keyboard-layout keyboard-layout)))
|
|
(label "secondary")
|
|
(host-name "secondary")
|
|
(mapped-devices
|
|
(append
|
|
;; LUKS
|
|
(list
|
|
(mapped-device
|
|
(source
|
|
(uuid "7a0cbb90-7f10-4db9-a5cb-0c923f8e560a"))
|
|
(targets
|
|
(list
|
|
"secondary"))
|
|
(type luks-device-mapping)))
|
|
;; LVM
|
|
(list
|
|
(mapped-device
|
|
(source "secondary")
|
|
(targets
|
|
(list
|
|
"secondary-root"
|
|
"secondary-swap"))
|
|
(type lvm-device-mapping)))))
|
|
(file-systems
|
|
(append
|
|
(list
|
|
(file-system
|
|
(type "btrfs")
|
|
(mount-point "/")
|
|
(device "/dev/mapper/secondary-root")
|
|
(flags '(no-atime))
|
|
(options "space_cache=v2")
|
|
(needed-for-boot? #t)
|
|
(dependencies mapped-devices)))
|
|
%base-file-systems))
|
|
(swap-devices
|
|
(append
|
|
(list
|
|
(swap-space
|
|
(target "/dev/mapper/secondary-swap")
|
|
(dependencies mapped-devices)))))
|
|
(users
|
|
(append
|
|
(list
|
|
(user-account
|
|
(name "rg")
|
|
(comment "Raghav Gururajan")
|
|
(group "users")
|
|
(supplementary-groups
|
|
'("audio" "cdrom" "kvm" "libvirt" "lp"
|
|
"netdev" "tape" "tor" "video" "wheel"))))
|
|
%base-user-accounts))
|
|
(packages
|
|
(append
|
|
;; Certificates
|
|
(list
|
|
nss-certs)
|
|
;; Dictionaries
|
|
(list
|
|
aspell-dict-en
|
|
hunspell-dict-en
|
|
hunspell-dict-en-ca)
|
|
;; Fonts
|
|
(list
|
|
font-google-noto)
|
|
;; Icons
|
|
(list
|
|
adwaita-icon-theme
|
|
breeze-icons
|
|
hicolor-icon-theme
|
|
oxygen-icons)
|
|
;; Languages
|
|
(list
|
|
sbcl)
|
|
;; Modules
|
|
(list
|
|
sbcl-stumpwm-ttf-fonts)
|
|
;; Plugins
|
|
(list
|
|
gst-plugins-base
|
|
gst-plugins-bad
|
|
gst-plugins-good
|
|
gst-plugins-ugly)
|
|
;; Programs
|
|
(list
|
|
dbus
|
|
desec-certbot-hook
|
|
network-manager-applet
|
|
st-custom
|
|
stumpwm
|
|
`(,stumpwm "lib")
|
|
xinit)
|
|
%base-packages))
|
|
(timezone "America/Toronto")
|
|
(locale "en_CA.UTF-8")
|
|
(name-service-switch %mdns-host-lookup-nss)
|
|
(services
|
|
(append
|
|
;; Device
|
|
(list
|
|
(service cups-service-type
|
|
(cups-configuration
|
|
(web-interface? #t)))
|
|
(service inputattach-service-type
|
|
(inputattach-configuration
|
|
(device-type "wacom")
|
|
(device "/dev/ttyS4")
|
|
(baud-rate 38400)))
|
|
(service sane-service-type)
|
|
(service udisks-service-type
|
|
(udisks-configuration)))
|
|
;; Display
|
|
(list
|
|
(service colord-service-type)
|
|
(service xorg-server-service-type
|
|
(xorg-configuration
|
|
(modules
|
|
;; Load these driver modules only.
|
|
(list
|
|
xf86-input-libinput
|
|
xf86-video-intel))
|
|
(drivers
|
|
;; Use intel specific video driver.
|
|
(list
|
|
"intel"))
|
|
(keyboard-layout keyboard-layout))))
|
|
;; Memory
|
|
(list
|
|
(service earlyoom-service-type))
|
|
;; Network
|
|
(list
|
|
(service avahi-service-type)
|
|
(service bitmask-service-type)
|
|
(service bluetooth-service-type
|
|
(bluetooth-configuration
|
|
(auto-enable? #t)))
|
|
(service dnsmasq-service-type
|
|
(dnsmasq-configuration
|
|
(no-resolv? #t)
|
|
(servers
|
|
(list
|
|
"9.9.9.9"
|
|
"2620:fe::fe"
|
|
"149.112.112.112"
|
|
"2620:fe::9"))))
|
|
(service modem-manager-service-type)
|
|
(service network-manager-service-type
|
|
(network-manager-configuration
|
|
(dns "none")))
|
|
(service ntp-service-type)
|
|
(service tor-service-type)
|
|
(service usb-modeswitch-service-type)
|
|
(service wpa-supplicant-service-type))
|
|
;; Power
|
|
(list
|
|
(service thermald-service-type
|
|
(thermald-configuration
|
|
(ignore-cpuid-check? #t)))
|
|
(service tlp-service-type)
|
|
(service upower-service-type))
|
|
;; Security
|
|
(list
|
|
(service accountsservice-service-type)
|
|
(service certbot-service-type
|
|
(certbot-configuration
|
|
(email "admin@raghavgururajan.name")
|
|
(certificates
|
|
(list
|
|
(certificate-configuration
|
|
(name "nearlyfreespeech")
|
|
(domains '("www.raghavgururajan.name"))
|
|
(challenge "dns")
|
|
(authentication-hook "/run/current-system/profile/etc/desec/hook.sh")
|
|
(cleanup-hook "/run/current-system/profile/etc/desec/hook.sh"))))))
|
|
(service elogind-service-type)
|
|
(service fprintd-service-type)
|
|
(service polkit-service-type)
|
|
(service pcscd-service-type))
|
|
;; Sound
|
|
(list
|
|
(service alsa-service-type)
|
|
(service pulseaudio-service-type))
|
|
;; Virtualization
|
|
(list
|
|
(service libvirt-service-type)
|
|
(service qemu-binfmt-service-type
|
|
(qemu-binfmt-configuration
|
|
(platforms
|
|
(lookup-qemu-platforms "x86_64"))))
|
|
(service virtlog-service-type))
|
|
(modify-services %base-services
|
|
;; Automatically login at startup.
|
|
(mingetty-service-type config =>
|
|
(auto-login-to-tty
|
|
config "tty2" "rg"))
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append
|
|
(list
|
|
"https://substitutes.nonguix.org")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(append
|
|
(list
|
|
(plain-file "0cool.pub" "(public-key (ecc (curve Ed25519) (q #284DEDDA9B73063F7CFCDFDF06DD7C543DF25E5254621388D3152320A5A5EF14#)))")
|
|
(plain-file "guixrus.pub" "(public-key (ecc (curve Ed25519) (q #5397B4B2CF9034070FB4248EFFBD794000E4AEA4741E65D48081064AD8FC65DA#)))")
|
|
(plain-file "nonguix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
|
|
%default-authorized-guix-keys)))))))
|
|
(setuid-programs
|
|
(append
|
|
(list
|
|
(setuid-program
|
|
(program
|
|
(file-append util-linux "/sbin/losetup"))))
|
|
%setuid-programs)))
|
|
|