raghavgururajan
/
guix-config
mirror of https://git.sr.ht/~raghavgururajan/guix-config
2
0
Fork 0
Code Releases Activity
guix-config/system/config.scm

289 lines
6.8 KiB
Scheme
Executable File
Raw Blame History

(use-modules
(gnu)
(gnu system nss)
(gnu system setuid)
(rg packages suckless)
(rg services base))
(use-package-modules
aspell
certs
disk
fonts
fontutils
freedesktop
glib
gnome
gstreamer
kde-frameworks
linux
lisp
package-management
polkit
qt
wm
xorg
xdisorg)
(use-service-modules
authentication
avahi
certbot
cups
dbus
desktop
dns
linux
networking
nix
pm
security-token
sound
virtualization
vpn
xorg)
(operating-system
;; Use LTS versions of the kernel.
(kernel linux-libre-lts)
(kernel-arguments
(append
(list
;; Enable fan control from userspace.
"thinkpad_acpi.fan_control=1")
%default-kernel-arguments))
(initrd-modules
;; Remove incompatible modules.
(delete "simplefb" %base-initrd-modules))
(keyboard-layout
(keyboard-layout "us"))
(bootloader
(bootloader-configuration
(bootloader
;; Don't install Grub binaries on disk,
;; but still generate Grub configuration.
(bootloader
(inherit grub-bootloader)
(installer #~(const #t))))
(keyboard-layout keyboard-layout)))
(label "secondary")
(host-name "secondary")
(mapped-devices
(append
;; LUKS
(list
(mapped-device
(source
(uuid "7a0cbb90-7f10-4db9-a5cb-0c923f8e560a"))
(targets
(list
"secondary"))
(type luks-device-mapping)))
;; LVM
(list
(mapped-device
(source "secondary")
(targets
(list
"secondary-root"
"secondary-swap"))
(type lvm-device-mapping)))))
(file-systems
(append
(list
(file-system
(type "btrfs")
(mount-point "/")
(device "/dev/mapper/secondary-root")
(flags '(no-atime))
(options "space_cache=v2")
(needed-for-boot? #t)
(dependencies mapped-devices)))
%base-file-systems))
(swap-devices
(append
(list
(swap-space
(target "/dev/mapper/secondary-swap")
(dependencies mapped-devices)))))
(users
(append
(list
(user-account
(name "rg")
(comment "Raghav Gururajan")
(group "users")
(supplementary-groups
'("audio" "cdrom" "kvm" "libvirt" "lp"
"netdev" "tape" "tor" "video" "wheel"))))
%base-user-accounts))
(packages
(append
;; Certificates
(list
nss-certs)
;; Dictionaries
(list
aspell-dict-en
hunspell-dict-en
hunspell-dict-en-ca)
;; Fonts
(list
font-google-noto)
;; Icons
(list
adwaita-icon-theme
breeze-icons
hicolor-icon-theme
oxygen-icons)
;; Languages
(list
sbcl)
;; Modules
(list
sbcl-stumpwm-ttf-fonts)
;; Plugins
(list
gst-plugins-base
gst-plugins-bad
gst-plugins-good
gst-plugins-ugly)
;; Programs
(list
dbus
desec-certbot-hook
flatpak
network-manager-applet
nix
st-custom
stumpwm
`(,stumpwm "lib")
xinit)
%base-packages))
(timezone "America/Toronto")
(locale "en_CA.UTF-8")
(name-service-switch %mdns-host-lookup-nss)
(services
(append
;; Device
(list
(service cups-service-type
(cups-configuration
(web-interface? #t)))
(service inputattach-service-type
(inputattach-configuration
(device-type "wacom")
(device "/dev/ttyS4")
(baud-rate 38400)))
(service sane-service-type)
(service udisks-service-type
(udisks-configuration)))
;; Display
(list
(service colord-service-type)
(service xorg-server-service-type
(xorg-configuration
(modules
;; Load these driver modules only.
(list
xf86-input-libinput
xf86-video-intel))
(drivers
;; Use intel specific video driver.
(list
"intel"))
(keyboard-layout keyboard-layout))))
;; Memory
(list
(service earlyoom-service-type))
;; Network
(list
(service avahi-service-type)
(service bitmask-service-type)
(service bluetooth-service-type
(bluetooth-configuration
(auto-enable? #t)))
(service dnsmasq-service-type
(dnsmasq-configuration
(no-resolv? #t)
(servers
(list
"9.9.9.9"
"2620:fe::fe"
"149.112.112.112"
"2620:fe::9"))))
(service modem-manager-service-type)
(service network-manager-service-type
(network-manager-configuration
(dns "none")))
(service ntp-service-type)
(service tor-service-type)
(service usb-modeswitch-service-type)
(service wpa-supplicant-service-type))
;; Operation
(list
(service nix-service-type))
;; Power
(list
(service thermald-service-type
(thermald-configuration
(ignore-cpuid-check? #t)))
(service tlp-service-type)
(service upower-service-type))
;; Security
(list
(service accountsservice-service-type)
(service certbot-service-type
(certbot-configuration
(email "admin@raghavgururajan.name")
(certificates
(list
(certificate-configuration
(name "nearlyfreespeech")
(domains '("www.raghavgururajan.name"))
(challenge "dns")
(authentication-hook "/run/current-system/profile/etc/desec/hook.sh")
(cleanup-hook "/run/current-system/profile/etc/desec/hook.sh"))))))
(service elogind-service-type)
(service fprintd-service-type)
(service polkit-service-type)
(service pcscd-service-type))
;; Sound
(list
(service alsa-service-type)
(service pulseaudio-service-type))
;; Virtualization
(list
(service libvirt-service-type)
(service qemu-binfmt-service-type
(qemu-binfmt-configuration
(platforms
(lookup-qemu-platforms "x86_64"))))
(service virtlog-service-type))
(modify-services %base-services
;; Automatically login at startup.
(mingetty-service-type config =>
(auto-login-to-tty
config "tty2" "rg"))
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(append
(list
"https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append
(list
(plain-file "0cool.pub" "(public-key (ecc (curve Ed25519) (q #284DEDDA9B73063F7CFCDFDF06DD7C543DF25E5254621388D3152320A5A5EF14#)))")
(plain-file "guixrus.pub" "(public-key (ecc (curve Ed25519) (q #5397B4B2CF9034070FB4248EFFBD794000E4AEA4741E65D48081064AD8FC65DA#)))")
(plain-file "nonguix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
%default-authorized-guix-keys)))))))
(setuid-programs
(append
(list
(setuid-program
(program
(file-append util-linux "/sbin/losetup"))))
%setuid-programs)))
View Git Blame Copy Permalink