cristiancmoises
/
my-guix
mirror of https://codeberg.org/berkeley/guix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upload files to "etc"

main
Berkeley 2024-02-04 07:36:54 +00:00
parent 2124ed8d5a
commit 10adbad6dd
1 changed files with 114 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
etc/config.scm
View File

@ -21,12 +21,18 @@
(gnu packages gnuzilla)
(gnu packages image)
(gnu packages image-viewers)
(gnu packages messaging)
;; for nyxt
(gnu packages gstreamer)
(gnu packages virtualization)
(gnu packages web-browsers)
;;---------
(gnu services)
(gnu services vpn)
(gnu services dbus)
(gnu services shepherd)
(gnu system shadow)
(gnu services configuration)
(gnu packages build-tools)
(gnu packages admin)
(gnu packages lxde)
@ -76,6 +82,7 @@
(gnu home services gnupg)
(gnu home services xdg)
(gnu packages security-token)
(gnu packages tls)
(nongnu packages compression)
(nongnu packages clojure)
(nongnu packages linux)
@ -85,6 +92,19 @@
(use-service-modules base cups desktop networking ssh xorg linux virtualization)
(use-package-modules linux )
(define my-kernel linux-6.7)
(define-public bitmask-service-type
(service-type
(name 'bitmask)
(description "Setup the @uref{https://bitmask.net, Bitmask} VPN
application.")
(default-value bitmask)
(extensions
(list
;; To configure polkit policy of bitmask.
(service-extension polkit-service-type list)
;; To add bitmask to the system profile.
(service-extension profile-service-type list)))))
(operating-system
(kernel my-kernel)
@ -103,17 +123,30 @@
(group "users")
(home-directory "/home/berkeley")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
(user-account
(name "leti")
(comment "Letícia")
(group "users")
(home-directory "/home/leti")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
%base-user-accounts))
;; Packages installed system-wide. Users can also install packages
;; under their own account: use 'guix search KEYWORD' to search
;; for packages and 'guix install PACKAGE' to install a package.
(packages (append (list
;;emacs-org-roam
;;emacs-org-roam-ui
;; -----
;;necessary for nyxt
gstreamer
gst-plugins-bad
gst-plugins-good
;;------
nyxt
;;------
cmus
glances
zstd
mpv
kitty
@ -121,7 +154,11 @@
procps
scrot
alacritty
anki
wipe
unzip
compton
p7zip
gedit
htop
netdiscover
@ -135,15 +172,17 @@
pfetch
icecat
hashcat
openssl
flameshot
openshot
obs
ffmpeg
lm-sensors
vlc
guix
nsxiv
git
vmware-open-vm-tools
inxi
tor
torsocks
tor-client
@ -159,6 +198,7 @@
nmap
firejail
bitmask
;;
xf86-video-amdgpu
alsa-lib
alsa-utils
@ -168,6 +208,7 @@
lxrandr
dosfstools
elogind
qtox
exfat-utils
exfatprogs
fuse-exfat
@ -178,10 +219,12 @@
xf86-input-libinput
xf86-input-mouse
xf86-input-synaptics
;;emacs-org-timeblock
xrandr
ungoogled-chromium
qbittorrent
macchanger
;;guile
emacs-geiser
emacs-geiser-guile
fontconfig
@ -193,6 +236,9 @@
rofi
coreutils
qemu
xwininfo
xprop
xpra
libfido2
grep
iptables
@ -259,7 +305,9 @@
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
@ -270,13 +318,14 @@
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
-A FORWARD -m recent --name portscan --remove
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
;-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
;-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
;-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
;-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
;-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
COMMIT
"))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
@ -287,7 +336,20 @@ COMMIT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
COMMIT
"))))
(service tor-service-type)
(service tor-service-type
(tor-configuration
(config-file (plain-file "tor-config"
"HttpTunnelPort 9050"
; "VirtualAddrNetwork 10.192.0.0/10
; AutomapHostsOnResolve 1
; TransPort 9040
; DNSPort 53
; SOCKSPort 0
; ORPort 443
; BridgeRelay 1
; ExitRelay 0"
))))
(service libvirt-service-type
(libvirt-configuration