cristiancmoises
/
radix
mirror of https://codeberg.org/anemofilia/radix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

operating-systems: buer: Define the buer operating-system

pull/1/head
Luis Guilherme Coelho 2023-12-30 11:53:32 -03:00
parent 619835ad12
commit 36aa98d445
No known key found for this signature in database
GPG Key ID: 1F2E76ACE3F531C8
1 changed files with 246 additions and 243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

489
operating-systems/buer.scm
View File

@ -1,7 +1,8 @@
#|Modules|#
(define-module (radix operating-systems buer) (define-module (radix operating-systems buer)
#|GNU|# #|GNU|#
#:use-module (gnu) #:use-module (gnu)
#:use-module ((gnu system) #:select (operating-system)
#:prefix gnu:)
#|GNU packages|# #|GNU packages|#
#|A|# #:use-module (gnu packages admin) #|A|# #:use-module (gnu packages admin)
@ -54,268 +55,270 @@
#|S|# #:use-module ((radix files substitute-keys) #:prefix public-key:) #|S|# #:use-module ((radix files substitute-keys) #:prefix public-key:)
#|T|# #:use-module ((radix files thinkfan) #:prefix file:thinkfan-)) #|T|# #:use-module ((radix files thinkfan) #:prefix file:thinkfan-))
#|Operating system definition|# (define operating-system
(operating-system (gnu:operating-system
(host-name "buer") (host-name "buer")
(timezone "America/Sao_Paulo") (timezone "America/Sao_Paulo")
(locale "en_US.utf8") (locale "en_US.utf8")
(keyboard-layout (keyboard-layout
(keyboard-layout "us,br" (keyboard-layout "us,br"
#:options `("grp:menu_switch" #:options `("grp:menu_switch"
"parens:swap_brackets" "parens:swap_brackets"
"caps:swapescape"))) "caps:swapescape")))
(bootloader (bootloader
(bootloader-configuration (bootloader-configuration
(bootloader grub-bootloader) (bootloader grub-bootloader)
(targets `("/dev/sda")) (targets `("/dev/sda"))
(timeout 1) (timeout 1)
(theme (grub-theme (theme (grub-theme
(image (file-append %artwork-repository (image (file-append %artwork-repository
"/backgrounds/guix-silver-16-9.svg")) "/backgrounds/guix-silver-16-9.svg"))
(gfxmode `("1280x720x32")))))) (gfxmode `("1280x720x32"))))))
(kernel-arguments (kernel-arguments
`("modprobe.blacklist=usbmouse,usbkbd,pcspkr" `("modprobe.blacklist=usbmouse,usbkbd,pcspkr"
"thinkpad_acpi.fan_control=1" "thinkpad_acpi.fan_control=1"
"loglevel=5" "loglevel=5"
"quiet")) "quiet"))
(file-systems (file-systems
(cons* (file-system (cons* (file-system
(device (file-system-label "guix-root")) (device (file-system-label "guix-root"))
(mount-point "/") (mount-point "/")
(type "ext4")) (type "ext4"))
(file-system (file-system
(device (file-system-label "home")) (device (file-system-label "home"))
(mount-point "/home") (mount-point "/home")
(type "ext4")) (type "ext4"))
%base-file-systems)) %base-file-systems))
(users (users
(cons* (user-account (cons* (user-account
(name "radio") (name "radio")
(password %radio-password) (password %radio-password)
(home-directory "/home/radio") (home-directory "/home/radio")
(shell (file-append dash-next "/bin/dash")) (shell (file-append dash-next "/bin/dash"))
(uid 1000) (uid 1000)
(group "users") (group "users")
(supplementary-groups `("audio" "adbusers" "video" "wheel"))) (supplementary-groups `("audio" "adbusers" "video" "wheel")))
(user-account (user-account
(name "root") (name "root")
(password %root-password) (password %root-password)
(system? #t) (system? #t)
(home-directory "/root") (home-directory "/root")
(uid 0) (uid 0)
(group "root") (group "root")
(shell (file-append dash-next "/bin/dash"))) (shell (file-append dash-next "/bin/dash")))
%base-user-accounts)) %base-user-accounts))
(groups (groups
(cons* (user-group (cons* (user-group
(name "adbusers")) (name "adbusers"))
%base-groups)) %base-groups))
#|System level packages|# #|System level packages|#
(packages (packages
(list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz (list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz
#|base |# coreutils diffutils findutils grep patch sed tar which #|base |# coreutils diffutils findutils grep patch sed tar which
#|certs |# nss-certs #|certs |# nss-certs
#|compression |# bzip2 gzip lzip unzip xz zstd #|compression |# bzip2 gzip lzip unzip xz zstd
#|gawk |# gawk #|gawk |# gawk
#|guile |# guile-3.0-latest guile-colorized guile-readline #|guile |# guile-3.0-latest guile-colorized guile-readline
#|less |# less #|less |# less
#|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux #|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux
#|man |# man-db mandoc man-pages #|man |# man-db mandoc man-pages
#|shells |# dash-next #|shells |# dash-next
#|texinfo |# info-reader #|texinfo |# info-reader
#|text-editors|# kakoune-git #|text-editors|# kakoune-git
#|vpn |# wireguard-tools)) #|vpn |# wireguard-tools))
#|Do not generate a sudoers file|# #|Do not generate a sudoers file|#
(sudoers-file #f) (sudoers-file #f)
#|Run some programs from each package with file owner privileges|# #|Run some programs from each package with file owner privileges|#
(setuid-programs (setuid-programs
(map-setuid-programs (map-setuid-programs
(shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap")) (shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap"))
(inetutils `("ping" "ping6")) (inetutils `("ping" "ping6"))
(opendoas `("doas")) (opendoas `("doas"))
(fuse-2 `("fusermount")) (fuse-2 `("fusermount"))
(fuse `("fusermount3")) (fuse `("fusermount3"))
(util-linux `("mount" "umount")))) (util-linux `("mount" "umount"))))
#|Allow resolution of '.local' host names with mDNS|# #|Allow resolution of '.local' host names with mDNS|#
(name-service-switch %mdns-host-lookup-nss) (name-service-switch %mdns-host-lookup-nss)
#|System services|# #|System services|#
(services (services
(list #|TTY services|# (list #|TTY services|#
(service virtual-terminal-service-type) (service virtual-terminal-service-type)
(service console-font-service-type (service console-font-service-type
(associate-right (associate-right
(%default-console-font `("tty1" "tty2")))) (%default-console-font `("tty1" "tty2"))))
(service agetty-service-type (service agetty-service-type
(agetty-configuration (agetty-configuration
(extra-options `("-L")) (extra-options `("-L"))
(term "vt100") (term "vt100")
(tty #f))) (tty #f)))
(service mingetty-service-type (service mingetty-service-type
(mingetty-configuration (tty "tty1"))) (mingetty-configuration (tty "tty1")))
(service mingetty-service-type (service mingetty-service-type
(mingetty-configuration (tty "tty2"))) (mingetty-configuration (tty "tty2")))
#|Login services|# #|Login services|#
(service login-service-type) (service login-service-type)
(service elogind-service-type) (service elogind-service-type)
#|Log services|# #|Log services|#
(service rottlog-service-type) (service rottlog-service-type)
(service syslog-service-type (service syslog-service-type
(syslog-configuration (syslog-configuration
(syslogd (file-append inetutils "/libexec/syslogd")) (syslogd (file-append inetutils "/libexec/syslogd"))
(config-file %default-syslog.conf))) (config-file %default-syslog.conf)))
(service log-cleanup-service-type (service log-cleanup-service-type
(log-cleanup-configuration (log-cleanup-configuration
(directory "/var/log/guix/drvs") (directory "/var/log/guix/drvs")
(expiry (* 3 30 24 3600)))) (expiry (* 3 30 24 3600))))
#|IPC services|# #|IPC services|#
(service dbus-root-service-type) (service dbus-root-service-type)
#|Avahi service|# #|Avahi service|#
(service avahi-service-type (service avahi-service-type
(avahi-configuration (avahi-configuration
(wide-area? #t))) (wide-area? #t)))
#|Guix services|# #|Guix services|#
(service guix-service-type (service guix-service-type
(guix-configuration (guix-configuration
(discover? #t) (discover? #t)
(build-accounts 16) (build-accounts 16)
(authorized-keys (authorized-keys
(cons* public-key:yuria (cons* public-key:yuria
%default-authorized-guix-keys)) %default-authorized-guix-keys))
(extra-options `("--max-jobs=8" "--cores=4")))) (extra-options `("--max-jobs=8" "--cores=4"))))
(service guix-publish-service-type (service guix-publish-service-type
(guix-publish-configuration (guix-publish-configuration
(port 8080) (port 8080)
(host "0.0.0.0") (host "0.0.0.0")
(advertise? #t) (advertise? #t)
(compression `(("zstd" 3))))) (compression `(("zstd" 3)))))
#|Mcron service|# #|Mcron service|#
(simple-service 'mcron-jobs mcron-service-type (simple-service 'mcron-jobs mcron-service-type
(list #~(job "5 0 * * *" (list #~(job "5 0 * * *"
"guix gc --optimize --free-space=5G"))) "guix gc --optimize --free-space=5G")))
#|Device management services|# #|Device management services|#
(service udev-service-type (service udev-service-type
(udev-configuration (udev-configuration
(udev eudev) (udev eudev)
(rules (list alsa-utils (rules (list alsa-utils
android-udev-rules android-udev-rules
crda crda
fuse fuse
lvm2)))) lvm2))))
#|Network services|# #|Network services|#
(service static-networking-service-type (service static-networking-service-type
(list (static-networking (list (static-networking
(addresses (addresses
(list (network-address (list (network-address
(device "lo") (device "lo")
(value "127.0.0.1/8")))) (value "127.0.0.1/8"))))
(provision '(loopback))))) (provision '(loopback)))))
(service ntp-service-type) (service ntp-service-type)
(service wpa-supplicant-service-type (service wpa-supplicant-service-type
(wpa-supplicant-configuration (wpa-supplicant-configuration
(config-file "/etc/wpa_supplicant.conf") (config-file "/etc/wpa_supplicant.conf")
(interface "wlp2s0") (interface "wlp2s0")
(extra-options `("-B")))) (extra-options `("-B"))))
(service dhcp-client-service-type (service dhcp-client-service-type
(dhcp-client-configuration (dhcp-client-configuration
(interfaces 'all))) (interfaces 'all)))
(service tor-service-type) (service tor-service-type)
#|Power management services|# #|Power management services|#
(service tlp-service-type (service tlp-service-type
(tlp-configuration (tlp-configuration
(cpu-scaling-governor-on-ac `("performance")) (cpu-scaling-governor-on-ac `("performance"))
(cpu-scaling-governor-on-bat `("powersave")) (cpu-scaling-governor-on-bat `("powersave"))
(cpu-scaling-min-freq-on-ac 1500000) (cpu-scaling-min-freq-on-ac 1500000)
(cpu-scaling-max-freq-on-ac 3500000) (cpu-scaling-max-freq-on-ac 3500000)
(cpu-scaling-min-freq-on-bat 1000000) (cpu-scaling-min-freq-on-bat 1000000)
(cpu-scaling-max-freq-on-bat 3000000) (cpu-scaling-max-freq-on-bat 3000000)
(cpu-min-perf-on-ac 0) (cpu-min-perf-on-ac 0)
(cpu-max-perf-on-ac 100) (cpu-max-perf-on-ac 100)
(cpu-min-perf-on-bat 0) (cpu-min-perf-on-bat 0)
(cpu-max-perf-on-bat 40) (cpu-max-perf-on-bat 40)
(cpu-boost-on-ac? #t) (cpu-boost-on-ac? #t)
(cpu-boost-on-bat? #f) (cpu-boost-on-bat? #f)
(nmi-watchdog? #t) (nmi-watchdog? #t)
(start-charge-thresh-bat0 70) (start-charge-thresh-bat0 70)
(stop-charge-thresh-bat0 90))) (stop-charge-thresh-bat0 90)))
(service thinkfan-service-type (service thinkfan-service-type
(thinkfan-configuration (thinkfan-configuration
(thinkfan thinkfan-next) (thinkfan thinkfan-next)
(config-file file:thinkfan-config))) (config-file file:thinkfan-config)))
(service thermald-service-type) (service thermald-service-type)
#|Memory management services|# #|Memory management services|#
(service zram-device-service-type (service zram-device-service-type
(zram-device-configuration (zram-device-configuration
(size "2G") (size "2G")
(compression-algorithm 'zstd))) (compression-algorithm 'zstd)))
#|Doas configuration services|# #|Doas configuration services|#
(simple-service 'miscellaneous-permissions doas-service-type (simple-service 'miscellaneous-permissions doas-service-type
(list (permit (identity ":wheel") (list (permit (identity ":wheel")
(setenv `(("GUILE_LOAD_PATH" . #t)))) (setenv `(("GUILE_LOAD_PATH" . #t))))
(permit (identity ":wheel") (permit (identity ":wheel")
(nopass? #t) (nopass? #t)
(command "guix") (command "guix")
(args `("pull"))))) (args `("pull")))))
(simple-service 'text-editors-permissions doas-service-type (simple-service 'text-editors-permissions doas-service-type
(map (lambda (cmd) (map (lambda (cmd)
(permit (identity ":wheel") (permit (identity ":wheel")
(keepenv? #t) (keepenv? #t)
(command cmd))) (command cmd)))
`("kak" "emacsclient"))) `("kak" "emacsclient")))
(simple-service 'power-management-permissions doas-service-type (simple-service 'power-management-permissions doas-service-type
(map (lambda (cmd) (map (lambda (cmd)
(permit (identity ":wheel") (permit (identity ":wheel")
(nopass? #t) (nopass? #t)
(command cmd) (command cmd)
(args '()))) (args '())))
`("zzz" "halt" "reboot"))) `("zzz" "halt" "reboot")))
(simple-service 'shepherd-status-permissions doas-service-type (simple-service 'shepherd-status-permissions doas-service-type
(map (lambda (action) (map (lambda (action)
(permit (identity ":wheel") (permit (identity ":wheel")
(nopass? #t) (nopass? #t)
(command "herd") (command "herd")
(args (list action)))) (args (list action))))
`("status" "detailed-status"))) `("status" "detailed-status")))
(simple-service 'service-management-permissions doas-service-type (simple-service 'service-management-permissions doas-service-type
(flat-map (lambda (service action) (flat-map (lambda (service action)
(permit (identity ":wheel") (permit (identity ":wheel")
(nopass? #t) (nopass? #t)
(command "herd") (command "herd")
(args (map symbol->string (args (map symbol->string
(list action service))))) (list action service)))))
'(tor networking wpa-supplicant) '(tor networking wpa-supplicant)
'(doc stop start enable status restart disable))) '(doc stop start enable status restart disable)))
#|Special file services|# #|Special file services|#
(service special-files-service-type (service special-files-service-type
`(("/bin/sh" ,(file-append dash-next "/bin/dash")) `(("/bin/sh" ,(file-append dash-next "/bin/dash"))
("/usr/bin/env" ,(file-append coreutils "/bin/env")))) ("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
#|Miscellaneous services|# #|Miscellaneous services|#
(service urandom-seed-service-type) (service urandom-seed-service-type)
(service nscd-service-type) (service nscd-service-type)
(service sysctl-service-type (service sysctl-service-type
(sysctl-configuration (sysctl-configuration
(sysctl (file-append procps "/sbin/sysctl")) (sysctl (file-append procps "/sbin/sysctl"))
(settings `(("fs.protected_hardlinks" . "1") (settings `(("fs.protected_hardlinks" . "1")
("fs.protected_symlinks" . "1")))))))) ("fs.protected_symlinks" . "1")))))))))
operating-system