From 36aa98d445dc7df43b1fbdd8cdda75f2ccd8c4d7 Mon Sep 17 00:00:00 2001 From: Luis Guilherme Coelho Date: Sat, 30 Dec 2023 11:53:32 -0300 Subject: [PATCH] operating-systems: buer: Define the buer operating-system --- operating-systems/buer.scm | 489 +++++++++++++++++++------------------ 1 file changed, 246 insertions(+), 243 deletions(-) diff --git a/operating-systems/buer.scm b/operating-systems/buer.scm index 4ba89c9..b000fd2 100644 --- a/operating-systems/buer.scm +++ b/operating-systems/buer.scm @@ -1,7 +1,8 @@ -#|Modules|# (define-module (radix operating-systems buer) #|GNU|# #:use-module (gnu) + #:use-module ((gnu system) #:select (operating-system) + #:prefix gnu:) #|GNU packages|# #|A|# #:use-module (gnu packages admin) @@ -54,268 +55,270 @@ #|S|# #:use-module ((radix files substitute-keys) #:prefix public-key:) #|T|# #:use-module ((radix files thinkfan) #:prefix file:thinkfan-)) -#|Operating system definition|# -(operating-system - (host-name "buer") - (timezone "America/Sao_Paulo") - (locale "en_US.utf8") +(define operating-system + (gnu:operating-system + (host-name "buer") + (timezone "America/Sao_Paulo") + (locale "en_US.utf8") - (keyboard-layout - (keyboard-layout "us,br" - #:options `("grp:menu_switch" - "parens:swap_brackets" - "caps:swapescape"))) + (keyboard-layout + (keyboard-layout "us,br" + #:options `("grp:menu_switch" + "parens:swap_brackets" + "caps:swapescape"))) - (bootloader - (bootloader-configuration - (bootloader grub-bootloader) - (targets `("/dev/sda")) - (timeout 1) - (theme (grub-theme - (image (file-append %artwork-repository - "/backgrounds/guix-silver-16-9.svg")) - (gfxmode `("1280x720x32")))))) + (bootloader + (bootloader-configuration + (bootloader grub-bootloader) + (targets `("/dev/sda")) + (timeout 1) + (theme (grub-theme + (image (file-append %artwork-repository + "/backgrounds/guix-silver-16-9.svg")) + (gfxmode `("1280x720x32")))))) - (kernel-arguments - `("modprobe.blacklist=usbmouse,usbkbd,pcspkr" - "thinkpad_acpi.fan_control=1" - "loglevel=5" - "quiet")) + (kernel-arguments + `("modprobe.blacklist=usbmouse,usbkbd,pcspkr" + "thinkpad_acpi.fan_control=1" + "loglevel=5" + "quiet")) - (file-systems - (cons* (file-system - (device (file-system-label "guix-root")) - (mount-point "/") - (type "ext4")) - (file-system - (device (file-system-label "home")) - (mount-point "/home") - (type "ext4")) - %base-file-systems)) + (file-systems + (cons* (file-system + (device (file-system-label "guix-root")) + (mount-point "/") + (type "ext4")) + (file-system + (device (file-system-label "home")) + (mount-point "/home") + (type "ext4")) + %base-file-systems)) - (users - (cons* (user-account - (name "radio") - (password %radio-password) - (home-directory "/home/radio") - (shell (file-append dash-next "/bin/dash")) - (uid 1000) - (group "users") - (supplementary-groups `("audio" "adbusers" "video" "wheel"))) - (user-account - (name "root") - (password %root-password) - (system? #t) - (home-directory "/root") - (uid 0) - (group "root") - (shell (file-append dash-next "/bin/dash"))) - %base-user-accounts)) + (users + (cons* (user-account + (name "radio") + (password %radio-password) + (home-directory "/home/radio") + (shell (file-append dash-next "/bin/dash")) + (uid 1000) + (group "users") + (supplementary-groups `("audio" "adbusers" "video" "wheel"))) + (user-account + (name "root") + (password %root-password) + (system? #t) + (home-directory "/root") + (uid 0) + (group "root") + (shell (file-append dash-next "/bin/dash"))) + %base-user-accounts)) - (groups - (cons* (user-group - (name "adbusers")) - %base-groups)) + (groups + (cons* (user-group + (name "adbusers")) + %base-groups)) - #|System level packages|# - (packages - (list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz - #|base |# coreutils diffutils findutils grep patch sed tar which - #|certs |# nss-certs - #|compression |# bzip2 gzip lzip unzip xz zstd - #|gawk |# gawk - #|guile |# guile-3.0-latest guile-colorized guile-readline - #|less |# less - #|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux - #|man |# man-db mandoc man-pages - #|shells |# dash-next - #|texinfo |# info-reader - #|text-editors|# kakoune-git - #|vpn |# wireguard-tools)) + #|System level packages|# + (packages + (list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz + #|base |# coreutils diffutils findutils grep patch sed tar which + #|certs |# nss-certs + #|compression |# bzip2 gzip lzip unzip xz zstd + #|gawk |# gawk + #|guile |# guile-3.0-latest guile-colorized guile-readline + #|less |# less + #|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux + #|man |# man-db mandoc man-pages + #|shells |# dash-next + #|texinfo |# info-reader + #|text-editors|# kakoune-git + #|vpn |# wireguard-tools)) - #|Do not generate a sudoers file|# - (sudoers-file #f) + #|Do not generate a sudoers file|# + (sudoers-file #f) - #|Run some programs from each package with file owner privileges|# - (setuid-programs - (map-setuid-programs - (shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap")) - (inetutils `("ping" "ping6")) - (opendoas `("doas")) - (fuse-2 `("fusermount")) - (fuse `("fusermount3")) - (util-linux `("mount" "umount")))) + #|Run some programs from each package with file owner privileges|# + (setuid-programs + (map-setuid-programs + (shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap")) + (inetutils `("ping" "ping6")) + (opendoas `("doas")) + (fuse-2 `("fusermount")) + (fuse `("fusermount3")) + (util-linux `("mount" "umount")))) - #|Allow resolution of '.local' host names with mDNS|# - (name-service-switch %mdns-host-lookup-nss) + #|Allow resolution of '.local' host names with mDNS|# + (name-service-switch %mdns-host-lookup-nss) - #|System services|# - (services - (list #|TTY services|# - (service virtual-terminal-service-type) - (service console-font-service-type - (associate-right - (%default-console-font `("tty1" "tty2")))) - (service agetty-service-type - (agetty-configuration - (extra-options `("-L")) - (term "vt100") - (tty #f))) - (service mingetty-service-type - (mingetty-configuration (tty "tty1"))) - (service mingetty-service-type - (mingetty-configuration (tty "tty2"))) + #|System services|# + (services + (list #|TTY services|# + (service virtual-terminal-service-type) + (service console-font-service-type + (associate-right + (%default-console-font `("tty1" "tty2")))) + (service agetty-service-type + (agetty-configuration + (extra-options `("-L")) + (term "vt100") + (tty #f))) + (service mingetty-service-type + (mingetty-configuration (tty "tty1"))) + (service mingetty-service-type + (mingetty-configuration (tty "tty2"))) - #|Login services|# - (service login-service-type) - (service elogind-service-type) + #|Login services|# + (service login-service-type) + (service elogind-service-type) - #|Log services|# - (service rottlog-service-type) - (service syslog-service-type - (syslog-configuration - (syslogd (file-append inetutils "/libexec/syslogd")) - (config-file %default-syslog.conf))) - (service log-cleanup-service-type - (log-cleanup-configuration - (directory "/var/log/guix/drvs") - (expiry (* 3 30 24 3600)))) + #|Log services|# + (service rottlog-service-type) + (service syslog-service-type + (syslog-configuration + (syslogd (file-append inetutils "/libexec/syslogd")) + (config-file %default-syslog.conf))) + (service log-cleanup-service-type + (log-cleanup-configuration + (directory "/var/log/guix/drvs") + (expiry (* 3 30 24 3600)))) - #|IPC services|# - (service dbus-root-service-type) + #|IPC services|# + (service dbus-root-service-type) - #|Avahi service|# - (service avahi-service-type - (avahi-configuration - (wide-area? #t))) + #|Avahi service|# + (service avahi-service-type + (avahi-configuration + (wide-area? #t))) - #|Guix services|# - (service guix-service-type - (guix-configuration - (discover? #t) - (build-accounts 16) - (authorized-keys - (cons* public-key:yuria - %default-authorized-guix-keys)) - (extra-options `("--max-jobs=8" "--cores=4")))) - (service guix-publish-service-type - (guix-publish-configuration - (port 8080) - (host "0.0.0.0") - (advertise? #t) - (compression `(("zstd" 3))))) + #|Guix services|# + (service guix-service-type + (guix-configuration + (discover? #t) + (build-accounts 16) + (authorized-keys + (cons* public-key:yuria + %default-authorized-guix-keys)) + (extra-options `("--max-jobs=8" "--cores=4")))) + (service guix-publish-service-type + (guix-publish-configuration + (port 8080) + (host "0.0.0.0") + (advertise? #t) + (compression `(("zstd" 3))))) - #|Mcron service|# - (simple-service 'mcron-jobs mcron-service-type - (list #~(job "5 0 * * *" - "guix gc --optimize --free-space=5G"))) + #|Mcron service|# + (simple-service 'mcron-jobs mcron-service-type + (list #~(job "5 0 * * *" + "guix gc --optimize --free-space=5G"))) - #|Device management services|# - (service udev-service-type - (udev-configuration - (udev eudev) - (rules (list alsa-utils - android-udev-rules - crda - fuse - lvm2)))) + #|Device management services|# + (service udev-service-type + (udev-configuration + (udev eudev) + (rules (list alsa-utils + android-udev-rules + crda + fuse + lvm2)))) - #|Network services|# - (service static-networking-service-type - (list (static-networking - (addresses - (list (network-address - (device "lo") - (value "127.0.0.1/8")))) - (provision '(loopback))))) - (service ntp-service-type) - (service wpa-supplicant-service-type - (wpa-supplicant-configuration - (config-file "/etc/wpa_supplicant.conf") - (interface "wlp2s0") - (extra-options `("-B")))) - (service dhcp-client-service-type - (dhcp-client-configuration - (interfaces 'all))) - (service tor-service-type) + #|Network services|# + (service static-networking-service-type + (list (static-networking + (addresses + (list (network-address + (device "lo") + (value "127.0.0.1/8")))) + (provision '(loopback))))) + (service ntp-service-type) + (service wpa-supplicant-service-type + (wpa-supplicant-configuration + (config-file "/etc/wpa_supplicant.conf") + (interface "wlp2s0") + (extra-options `("-B")))) + (service dhcp-client-service-type + (dhcp-client-configuration + (interfaces 'all))) + (service tor-service-type) - #|Power management services|# - (service tlp-service-type - (tlp-configuration - (cpu-scaling-governor-on-ac `("performance")) - (cpu-scaling-governor-on-bat `("powersave")) - (cpu-scaling-min-freq-on-ac 1500000) - (cpu-scaling-max-freq-on-ac 3500000) - (cpu-scaling-min-freq-on-bat 1000000) - (cpu-scaling-max-freq-on-bat 3000000) - (cpu-min-perf-on-ac 0) - (cpu-max-perf-on-ac 100) - (cpu-min-perf-on-bat 0) - (cpu-max-perf-on-bat 40) - (cpu-boost-on-ac? #t) - (cpu-boost-on-bat? #f) - (nmi-watchdog? #t) - (start-charge-thresh-bat0 70) - (stop-charge-thresh-bat0 90))) - (service thinkfan-service-type - (thinkfan-configuration - (thinkfan thinkfan-next) - (config-file file:thinkfan-config))) - (service thermald-service-type) + #|Power management services|# + (service tlp-service-type + (tlp-configuration + (cpu-scaling-governor-on-ac `("performance")) + (cpu-scaling-governor-on-bat `("powersave")) + (cpu-scaling-min-freq-on-ac 1500000) + (cpu-scaling-max-freq-on-ac 3500000) + (cpu-scaling-min-freq-on-bat 1000000) + (cpu-scaling-max-freq-on-bat 3000000) + (cpu-min-perf-on-ac 0) + (cpu-max-perf-on-ac 100) + (cpu-min-perf-on-bat 0) + (cpu-max-perf-on-bat 40) + (cpu-boost-on-ac? #t) + (cpu-boost-on-bat? #f) + (nmi-watchdog? #t) + (start-charge-thresh-bat0 70) + (stop-charge-thresh-bat0 90))) + (service thinkfan-service-type + (thinkfan-configuration + (thinkfan thinkfan-next) + (config-file file:thinkfan-config))) + (service thermald-service-type) - #|Memory management services|# - (service zram-device-service-type - (zram-device-configuration - (size "2G") - (compression-algorithm 'zstd))) + #|Memory management services|# + (service zram-device-service-type + (zram-device-configuration + (size "2G") + (compression-algorithm 'zstd))) - #|Doas configuration services|# - (simple-service 'miscellaneous-permissions doas-service-type - (list (permit (identity ":wheel") - (setenv `(("GUILE_LOAD_PATH" . #t)))) - (permit (identity ":wheel") - (nopass? #t) - (command "guix") - (args `("pull"))))) - (simple-service 'text-editors-permissions doas-service-type - (map (lambda (cmd) - (permit (identity ":wheel") - (keepenv? #t) - (command cmd))) - `("kak" "emacsclient"))) - (simple-service 'power-management-permissions doas-service-type - (map (lambda (cmd) - (permit (identity ":wheel") - (nopass? #t) - (command cmd) - (args '()))) - `("zzz" "halt" "reboot"))) - (simple-service 'shepherd-status-permissions doas-service-type - (map (lambda (action) - (permit (identity ":wheel") - (nopass? #t) - (command "herd") - (args (list action)))) - `("status" "detailed-status"))) - (simple-service 'service-management-permissions doas-service-type - (flat-map (lambda (service action) - (permit (identity ":wheel") - (nopass? #t) - (command "herd") - (args (map symbol->string - (list action service))))) - '(tor networking wpa-supplicant) - '(doc stop start enable status restart disable))) - #|Special file services|# - (service special-files-service-type - `(("/bin/sh" ,(file-append dash-next "/bin/dash")) - ("/usr/bin/env" ,(file-append coreutils "/bin/env")))) + #|Doas configuration services|# + (simple-service 'miscellaneous-permissions doas-service-type + (list (permit (identity ":wheel") + (setenv `(("GUILE_LOAD_PATH" . #t)))) + (permit (identity ":wheel") + (nopass? #t) + (command "guix") + (args `("pull"))))) + (simple-service 'text-editors-permissions doas-service-type + (map (lambda (cmd) + (permit (identity ":wheel") + (keepenv? #t) + (command cmd))) + `("kak" "emacsclient"))) + (simple-service 'power-management-permissions doas-service-type + (map (lambda (cmd) + (permit (identity ":wheel") + (nopass? #t) + (command cmd) + (args '()))) + `("zzz" "halt" "reboot"))) + (simple-service 'shepherd-status-permissions doas-service-type + (map (lambda (action) + (permit (identity ":wheel") + (nopass? #t) + (command "herd") + (args (list action)))) + `("status" "detailed-status"))) + (simple-service 'service-management-permissions doas-service-type + (flat-map (lambda (service action) + (permit (identity ":wheel") + (nopass? #t) + (command "herd") + (args (map symbol->string + (list action service))))) + '(tor networking wpa-supplicant) + '(doc stop start enable status restart disable))) + #|Special file services|# + (service special-files-service-type + `(("/bin/sh" ,(file-append dash-next "/bin/dash")) + ("/usr/bin/env" ,(file-append coreutils "/bin/env")))) - #|Miscellaneous services|# - (service urandom-seed-service-type) - (service nscd-service-type) - (service sysctl-service-type - (sysctl-configuration - (sysctl (file-append procps "/sbin/sysctl")) - (settings `(("fs.protected_hardlinks" . "1") - ("fs.protected_symlinks" . "1")))))))) + #|Miscellaneous services|# + (service urandom-seed-service-type) + (service nscd-service-type) + (service sysctl-service-type + (sysctl-configuration + (sysctl (file-append procps "/sbin/sysctl")) + (settings `(("fs.protected_hardlinks" . "1") + ("fs.protected_symlinks" . "1"))))))))) + +operating-system