diff --git a/etc/config.scm b/etc/config.scm index ccfe2ec..dd9280e 100644 --- a/etc/config.scm +++ b/etc/config.scm @@ -14,19 +14,25 @@ (guix store) (guix packages) (gnu packages glib) -(gnu packages pulseaudio) + (gnu packages pulseaudio) (gnu packages texinfo) (gnu packages disk) (gnu packages freedesktop) (gnu packages gnuzilla) (gnu packages image) (gnu packages image-viewers) + (gnu packages messaging) ;; for nyxt (gnu packages gstreamer) (gnu packages virtualization) (gnu packages web-browsers) ;;--------- (gnu services) + (gnu services vpn) + (gnu services dbus) + (gnu services shepherd) + (gnu system shadow) + (gnu services configuration) (gnu packages build-tools) (gnu packages admin) (gnu packages lxde) @@ -76,6 +82,7 @@ (gnu home services gnupg) (gnu home services xdg) (gnu packages security-token) + (gnu packages tls) (nongnu packages compression) (nongnu packages clojure) (nongnu packages linux) @@ -85,6 +92,19 @@ (use-service-modules base cups desktop networking ssh xorg linux virtualization) (use-package-modules linux ) (define my-kernel linux-6.7) +(define-public bitmask-service-type + (service-type + (name 'bitmask) + (description "Setup the @uref{https://bitmask.net, Bitmask} VPN +application.") + (default-value bitmask) + (extensions + (list + ;; To configure polkit policy of bitmask. + (service-extension polkit-service-type list) + ;; To add bitmask to the system profile. + (service-extension profile-service-type list))))) + (operating-system (kernel my-kernel) @@ -103,51 +123,70 @@ (group "users") (home-directory "/home/berkeley") (supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev"))) + (user-account + (name "leti") + (comment "Letícia") + (group "users") + (home-directory "/home/leti") + (supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev"))) %base-user-accounts)) ;; Packages installed system-wide. Users can also install packages ;; under their own account: use 'guix search KEYWORD' to search ;; for packages and 'guix install PACKAGE' to install a package. (packages (append (list - gstreamer - gst-plugins-bad - gst-plugins-good - nyxt - cmus - zstd - mpv - kitty - maim + ;;emacs-org-roam + ;;emacs-org-roam-ui + ;; ----- + ;;necessary for nyxt + gstreamer + gst-plugins-bad + gst-plugins-good + ;;------ + nyxt + ;;------ + cmus + glances + zstd + mpv + kitty + maim procps - scrot + scrot alacritty + anki wipe + unzip + compton + p7zip gedit htop netdiscover fping gparted - bcachefs-tools + bcachefs-tools whois setxkbmap xfe - neofetch - pfetch - icecat + neofetch + pfetch + icecat hashcat + openssl flameshot - openshot + openshot obs ffmpeg + lm-sensors vlc - guix - nsxiv - git - vmware-open-vm-tools + guix + nsxiv + git + inxi tor torsocks tor-client - privoxy + privoxy terminator openvpn pavucontrol @@ -158,9 +197,10 @@ tcpdump nmap firejail - bitmask - xf86-video-amdgpu - alsa-lib + bitmask + ;; + xf86-video-amdgpu + alsa-lib alsa-utils binutils dbus @@ -168,6 +208,7 @@ lxrandr dosfstools elogind + qtox exfat-utils exfatprogs fuse-exfat @@ -178,21 +219,26 @@ xf86-input-libinput xf86-input-mouse xf86-input-synaptics - xrandr - ungoogled-chromium - qbittorrent - macchanger - emacs-geiser - emacs-geiser-guile + ;;emacs-org-timeblock + xrandr + ungoogled-chromium + qbittorrent + macchanger + ;;guile + emacs-geiser + emacs-geiser-guile fontconfig - picom - feh + picom + feh gimp fzf - xmodmap - rofi + xmodmap + rofi coreutils qemu + xwininfo + xprop + xpra libfido2 grep iptables @@ -226,19 +272,19 @@ font-misc-misc font-mutt-misc font-schumacher-misc font-screen-cyrillic font-sony-misc font-sun-misc font-util font-winitzki-cyrillic font-xfree86-type1 - sbcl-stumpwm-swm-gaps - sbcl-stumpwm-pamixer - sbcl-stumpwm-screenshot - sbcl-stumpwm-disk - sbcl-stumpwm-ttf-fonts - stumpwm `(,stumpwm "lib") - sbcl-stumpwm-mem - sbcl-stumpwm-cpu - sbcl-stumpwm-net - emacs-stumpwm-mode - stumpish - youtube-dl - linux-firmware + sbcl-stumpwm-swm-gaps + sbcl-stumpwm-pamixer + sbcl-stumpwm-screenshot + sbcl-stumpwm-disk + sbcl-stumpwm-ttf-fonts + stumpwm `(,stumpwm "lib") + sbcl-stumpwm-mem + sbcl-stumpwm-cpu + sbcl-stumpwm-net + emacs-stumpwm-mode + stumpish + youtube-dl + linux-firmware (specification->package "i3-wm") (specification->package "i3status") (specification->package "dmenu") @@ -259,7 +305,9 @@ ;; services, run 'guix system search KEYWORD' in a terminal. (services (append (list + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) + (service iptables-service-type (iptables-configuration (ipv4-rules (plain-file "iptables.rules" "*filter @@ -270,13 +318,14 @@ -A INPUT -j REJECT --reject-with icmp-port-unreachable -A FORWARD -m state --state INVALID -j DROP -A OUTPUT -m state --state INVALID -j DROP --A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP --A FORWARD -m recent --name portscan --remove --A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" --A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT -A OUTPUT -m owner --gid-owner openvpn -j ACCEPT +;-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040 +;-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53 +;-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT +;-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT +;-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP COMMIT ")) (ipv6-rules (plain-file "ip6tables.rules" "*filter @@ -287,7 +336,20 @@ COMMIT -A INPUT -j REJECT --reject-with icmp6-port-unreachable COMMIT ")))) - (service tor-service-type) + + (service tor-service-type + (tor-configuration + (config-file (plain-file "tor-config" + "HttpTunnelPort 9050" + ; "VirtualAddrNetwork 10.192.0.0/10 + ; AutomapHostsOnResolve 1 + ; TransPort 9040 + ; DNSPort 53 + ; SOCKSPort 0 + ; ORPort 443 + ; BridgeRelay 1 +; ExitRelay 0" + )))) (service libvirt-service-type (libvirt-configuration