Upload files to "etc"

main
Berkeley 2024-02-04 07:36:54 +00:00
parent 2124ed8d5a
commit 10adbad6dd
1 changed files with 114 additions and 52 deletions

View File

@ -14,19 +14,25 @@
(guix store)
(guix packages)
(gnu packages glib)
(gnu packages pulseaudio)
(gnu packages pulseaudio)
(gnu packages texinfo)
(gnu packages disk)
(gnu packages freedesktop)
(gnu packages gnuzilla)
(gnu packages image)
(gnu packages image-viewers)
(gnu packages messaging)
;; for nyxt
(gnu packages gstreamer)
(gnu packages virtualization)
(gnu packages web-browsers)
;;---------
(gnu services)
(gnu services vpn)
(gnu services dbus)
(gnu services shepherd)
(gnu system shadow)
(gnu services configuration)
(gnu packages build-tools)
(gnu packages admin)
(gnu packages lxde)
@ -76,6 +82,7 @@
(gnu home services gnupg)
(gnu home services xdg)
(gnu packages security-token)
(gnu packages tls)
(nongnu packages compression)
(nongnu packages clojure)
(nongnu packages linux)
@ -85,6 +92,19 @@
(use-service-modules base cups desktop networking ssh xorg linux virtualization)
(use-package-modules linux )
(define my-kernel linux-6.7)
(define-public bitmask-service-type
(service-type
(name 'bitmask)
(description "Setup the @uref{https://bitmask.net, Bitmask} VPN
application.")
(default-value bitmask)
(extensions
(list
;; To configure polkit policy of bitmask.
(service-extension polkit-service-type list)
;; To add bitmask to the system profile.
(service-extension profile-service-type list)))))
(operating-system
(kernel my-kernel)
@ -103,51 +123,70 @@
(group "users")
(home-directory "/home/berkeley")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
(user-account
(name "leti")
(comment "Letícia")
(group "users")
(home-directory "/home/leti")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
%base-user-accounts))
;; Packages installed system-wide. Users can also install packages
;; under their own account: use 'guix search KEYWORD' to search
;; for packages and 'guix install PACKAGE' to install a package.
(packages (append (list
gstreamer
gst-plugins-bad
gst-plugins-good
nyxt
cmus
zstd
mpv
kitty
maim
;;emacs-org-roam
;;emacs-org-roam-ui
;; -----
;;necessary for nyxt
gstreamer
gst-plugins-bad
gst-plugins-good
;;------
nyxt
;;------
cmus
glances
zstd
mpv
kitty
maim
procps
scrot
scrot
alacritty
anki
wipe
unzip
compton
p7zip
gedit
htop
netdiscover
fping
gparted
bcachefs-tools
bcachefs-tools
whois
setxkbmap
xfe
neofetch
pfetch
icecat
neofetch
pfetch
icecat
hashcat
openssl
flameshot
openshot
openshot
obs
ffmpeg
lm-sensors
vlc
guix
nsxiv
git
vmware-open-vm-tools
guix
nsxiv
git
inxi
tor
torsocks
tor-client
privoxy
privoxy
terminator
openvpn
pavucontrol
@ -158,9 +197,10 @@
tcpdump
nmap
firejail
bitmask
xf86-video-amdgpu
alsa-lib
bitmask
;;
xf86-video-amdgpu
alsa-lib
alsa-utils
binutils
dbus
@ -168,6 +208,7 @@
lxrandr
dosfstools
elogind
qtox
exfat-utils
exfatprogs
fuse-exfat
@ -178,21 +219,26 @@
xf86-input-libinput
xf86-input-mouse
xf86-input-synaptics
xrandr
ungoogled-chromium
qbittorrent
;;emacs-org-timeblock
xrandr
ungoogled-chromium
qbittorrent
macchanger
emacs-geiser
emacs-geiser-guile
;;guile
emacs-geiser
emacs-geiser-guile
fontconfig
picom
feh
picom
feh
gimp
fzf
xmodmap
rofi
xmodmap
rofi
coreutils
qemu
xwininfo
xprop
xpra
libfido2
grep
iptables
@ -226,19 +272,19 @@
font-misc-misc font-mutt-misc font-schumacher-misc
font-screen-cyrillic font-sony-misc font-sun-misc font-util
font-winitzki-cyrillic font-xfree86-type1
sbcl-stumpwm-swm-gaps
sbcl-stumpwm-pamixer
sbcl-stumpwm-screenshot
sbcl-stumpwm-disk
sbcl-stumpwm-ttf-fonts
stumpwm `(,stumpwm "lib")
sbcl-stumpwm-mem
sbcl-stumpwm-cpu
sbcl-stumpwm-net
emacs-stumpwm-mode
stumpish
youtube-dl
linux-firmware
sbcl-stumpwm-swm-gaps
sbcl-stumpwm-pamixer
sbcl-stumpwm-screenshot
sbcl-stumpwm-disk
sbcl-stumpwm-ttf-fonts
stumpwm `(,stumpwm "lib")
sbcl-stumpwm-mem
sbcl-stumpwm-cpu
sbcl-stumpwm-net
emacs-stumpwm-mode
stumpish
youtube-dl
linux-firmware
(specification->package "i3-wm")
(specification->package "i3status")
(specification->package "dmenu")
@ -259,7 +305,9 @@
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
@ -270,13 +318,14 @@
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
-A FORWARD -m recent --name portscan --remove
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
-A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
;-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
;-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
;-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
;-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
;-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
COMMIT
"))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
@ -287,7 +336,20 @@ COMMIT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
COMMIT
"))))
(service tor-service-type)
(service tor-service-type
(tor-configuration
(config-file (plain-file "tor-config"
"HttpTunnelPort 9050"
; "VirtualAddrNetwork 10.192.0.0/10
; AutomapHostsOnResolve 1
; TransPort 9040
; DNSPort 53
; SOCKSPort 0
; ORPort 443
; BridgeRelay 1
; ExitRelay 0"
))))
(service libvirt-service-type
(libvirt-configuration