cristiancmoises
/
radix
mirror of https://codeberg.org/anemofilia/radix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

operating-systems: buer: Define the buer operating-system

pull/1/head
Luis Guilherme Coelho 2023-12-30 11:53:32 -03:00
parent 619835ad12
commit 36aa98d445
No known key found for this signature in database
GPG Key ID: 1F2E76ACE3F531C8
1 changed files with 246 additions and 243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

489
operating-systems/buer.scm
View File

@ -1,7 +1,8 @@
#|Modules|#
(define-module (radix operating-systems buer)
#|GNU|#
#:use-module (gnu)
#:use-module ((gnu system) #:select (operating-system)
#:prefix gnu:)
#|GNU packages|#
#|A|# #:use-module (gnu packages admin)
@ -54,268 +55,270 @@
#|S|# #:use-module ((radix files substitute-keys) #:prefix public-key:)
#|T|# #:use-module ((radix files thinkfan) #:prefix file:thinkfan-))
#|Operating system definition|#
(operating-system
(host-name "buer")
(timezone "America/Sao_Paulo")
(locale "en_US.utf8")
(define operating-system
(gnu:operating-system
(host-name "buer")
(timezone "America/Sao_Paulo")
(locale "en_US.utf8")
(keyboard-layout
(keyboard-layout "us,br"
#:options `("grp:menu_switch"
"parens:swap_brackets"
"caps:swapescape")))
(keyboard-layout
(keyboard-layout "us,br"
#:options `("grp:menu_switch"
"parens:swap_brackets"
"caps:swapescape")))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets `("/dev/sda"))
(timeout 1)
(theme (grub-theme
(image (file-append %artwork-repository
"/backgrounds/guix-silver-16-9.svg"))
(gfxmode `("1280x720x32"))))))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets `("/dev/sda"))
(timeout 1)
(theme (grub-theme
(image (file-append %artwork-repository
"/backgrounds/guix-silver-16-9.svg"))
(gfxmode `("1280x720x32"))))))
(kernel-arguments
`("modprobe.blacklist=usbmouse,usbkbd,pcspkr"
"thinkpad_acpi.fan_control=1"
"loglevel=5"
"quiet"))
(kernel-arguments
`("modprobe.blacklist=usbmouse,usbkbd,pcspkr"
"thinkpad_acpi.fan_control=1"
"loglevel=5"
"quiet"))
(file-systems
(cons* (file-system
(device (file-system-label "guix-root"))
(mount-point "/")
(type "ext4"))
(file-system
(device (file-system-label "home"))
(mount-point "/home")
(type "ext4"))
%base-file-systems))
(file-systems
(cons* (file-system
(device (file-system-label "guix-root"))
(mount-point "/")
(type "ext4"))
(file-system
(device (file-system-label "home"))
(mount-point "/home")
(type "ext4"))
%base-file-systems))
(users
(cons* (user-account
(name "radio")
(password %radio-password)
(home-directory "/home/radio")
(shell (file-append dash-next "/bin/dash"))
(uid 1000)
(group "users")
(supplementary-groups `("audio" "adbusers" "video" "wheel")))
(user-account
(name "root")
(password %root-password)
(system? #t)
(home-directory "/root")
(uid 0)
(group "root")
(shell (file-append dash-next "/bin/dash")))
%base-user-accounts))
(users
(cons* (user-account
(name "radio")
(password %radio-password)
(home-directory "/home/radio")
(shell (file-append dash-next "/bin/dash"))
(uid 1000)
(group "users")
(supplementary-groups `("audio" "adbusers" "video" "wheel")))
(user-account
(name "root")
(password %root-password)
(system? #t)
(home-directory "/root")
(uid 0)
(group "root")
(shell (file-append dash-next "/bin/dash")))
%base-user-accounts))
(groups
(cons* (user-group
(name "adbusers"))
%base-groups))
(groups
(cons* (user-group
(name "adbusers"))
%base-groups))
#|System level packages|#
(packages
(list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz
#|base |# coreutils diffutils findutils grep patch sed tar which
#|certs |# nss-certs
#|compression |# bzip2 gzip lzip unzip xz zstd
#|gawk |# gawk
#|guile |# guile-3.0-latest guile-colorized guile-readline
#|less |# less
#|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux
#|man |# man-db mandoc man-pages
#|shells |# dash-next
#|texinfo |# info-reader
#|text-editors|# kakoune-git
#|vpn |# wireguard-tools))
#|System level packages|#
(packages
(list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz
#|base |# coreutils diffutils findutils grep patch sed tar which
#|certs |# nss-certs
#|compression |# bzip2 gzip lzip unzip xz zstd
#|gawk |# gawk
#|guile |# guile-3.0-latest guile-colorized guile-readline
#|less |# less
#|linux |# e2fsprogs eudev iproute kmod procps psmisc util-linux
#|man |# man-db mandoc man-pages
#|shells |# dash-next
#|texinfo |# info-reader
#|text-editors|# kakoune-git
#|vpn |# wireguard-tools))
#|Do not generate a sudoers file|#
(sudoers-file #f)
#|Do not generate a sudoers file|#
(sudoers-file #f)
#|Run some programs from each package with file owner privileges|#
(setuid-programs
(map-setuid-programs
(shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap"))
(inetutils `("ping" "ping6"))
(opendoas `("doas"))
(fuse-2 `("fusermount"))
(fuse `("fusermount3"))
(util-linux `("mount" "umount"))))
#|Run some programs from each package with file owner privileges|#
(setuid-programs
(map-setuid-programs
(shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap"))
(inetutils `("ping" "ping6"))
(opendoas `("doas"))
(fuse-2 `("fusermount"))
(fuse `("fusermount3"))
(util-linux `("mount" "umount"))))
#|Allow resolution of '.local' host names with mDNS|#
(name-service-switch %mdns-host-lookup-nss)
#|Allow resolution of '.local' host names with mDNS|#
(name-service-switch %mdns-host-lookup-nss)
#|System services|#
(services
(list #|TTY services|#
(service virtual-terminal-service-type)
(service console-font-service-type
(associate-right
(%default-console-font `("tty1" "tty2"))))
(service agetty-service-type
(agetty-configuration
(extra-options `("-L"))
(term "vt100")
(tty #f)))
(service mingetty-service-type
(mingetty-configuration (tty "tty1")))
(service mingetty-service-type
(mingetty-configuration (tty "tty2")))
#|System services|#
(services
(list #|TTY services|#
(service virtual-terminal-service-type)
(service console-font-service-type
(associate-right
(%default-console-font `("tty1" "tty2"))))
(service agetty-service-type
(agetty-configuration
(extra-options `("-L"))
(term "vt100")
(tty #f)))
(service mingetty-service-type
(mingetty-configuration (tty "tty1")))
(service mingetty-service-type
(mingetty-configuration (tty "tty2")))
#|Login services|#
(service login-service-type)
(service elogind-service-type)
#|Login services|#
(service login-service-type)
(service elogind-service-type)
#|Log services|#
(service rottlog-service-type)
(service syslog-service-type
(syslog-configuration
(syslogd (file-append inetutils "/libexec/syslogd"))
(config-file %default-syslog.conf)))
(service log-cleanup-service-type
(log-cleanup-configuration
(directory "/var/log/guix/drvs")
(expiry (* 3 30 24 3600))))
#|Log services|#
(service rottlog-service-type)
(service syslog-service-type
(syslog-configuration
(syslogd (file-append inetutils "/libexec/syslogd"))
(config-file %default-syslog.conf)))
(service log-cleanup-service-type
(log-cleanup-configuration
(directory "/var/log/guix/drvs")
(expiry (* 3 30 24 3600))))
#|IPC services|#
(service dbus-root-service-type)
#|IPC services|#
(service dbus-root-service-type)
#|Avahi service|#
(service avahi-service-type
(avahi-configuration
(wide-area? #t)))
#|Avahi service|#
(service avahi-service-type
(avahi-configuration
(wide-area? #t)))
#|Guix services|#
(service guix-service-type
(guix-configuration
(discover? #t)
(build-accounts 16)
(authorized-keys
(cons* public-key:yuria
%default-authorized-guix-keys))
(extra-options `("--max-jobs=8" "--cores=4"))))
(service guix-publish-service-type
(guix-publish-configuration
(port 8080)
(host "0.0.0.0")
(advertise? #t)
(compression `(("zstd" 3)))))
#|Guix services|#
(service guix-service-type
(guix-configuration
(discover? #t)
(build-accounts 16)
(authorized-keys
(cons* public-key:yuria
%default-authorized-guix-keys))
(extra-options `("--max-jobs=8" "--cores=4"))))
(service guix-publish-service-type
(guix-publish-configuration
(port 8080)
(host "0.0.0.0")
(advertise? #t)
(compression `(("zstd" 3)))))
#|Mcron service|#
(simple-service 'mcron-jobs mcron-service-type
(list #~(job "5 0 * * *"
"guix gc --optimize --free-space=5G")))
#|Mcron service|#
(simple-service 'mcron-jobs mcron-service-type
(list #~(job "5 0 * * *"
"guix gc --optimize --free-space=5G")))
#|Device management services|#
(service udev-service-type
(udev-configuration
(udev eudev)
(rules (list alsa-utils
android-udev-rules
crda
fuse
lvm2))))
#|Device management services|#
(service udev-service-type
(udev-configuration
(udev eudev)
(rules (list alsa-utils
android-udev-rules
crda
fuse
lvm2))))
#|Network services|#
(service static-networking-service-type
(list (static-networking
(addresses
(list (network-address
(device "lo")
(value "127.0.0.1/8"))))
(provision '(loopback)))))
(service ntp-service-type)
(service wpa-supplicant-service-type
(wpa-supplicant-configuration
(config-file "/etc/wpa_supplicant.conf")
(interface "wlp2s0")
(extra-options `("-B"))))
(service dhcp-client-service-type
(dhcp-client-configuration
(interfaces 'all)))
(service tor-service-type)
#|Network services|#
(service static-networking-service-type
(list (static-networking
(addresses
(list (network-address
(device "lo")
(value "127.0.0.1/8"))))
(provision '(loopback)))))
(service ntp-service-type)
(service wpa-supplicant-service-type
(wpa-supplicant-configuration
(config-file "/etc/wpa_supplicant.conf")
(interface "wlp2s0")
(extra-options `("-B"))))
(service dhcp-client-service-type
(dhcp-client-configuration
(interfaces 'all)))
(service tor-service-type)
#|Power management services|#
(service tlp-service-type
(tlp-configuration
(cpu-scaling-governor-on-ac `("performance"))
(cpu-scaling-governor-on-bat `("powersave"))
(cpu-scaling-min-freq-on-ac 1500000)
(cpu-scaling-max-freq-on-ac 3500000)
(cpu-scaling-min-freq-on-bat 1000000)
(cpu-scaling-max-freq-on-bat 3000000)
(cpu-min-perf-on-ac 0)
(cpu-max-perf-on-ac 100)
(cpu-min-perf-on-bat 0)
(cpu-max-perf-on-bat 40)
(cpu-boost-on-ac? #t)
(cpu-boost-on-bat? #f)
(nmi-watchdog? #t)
(start-charge-thresh-bat0 70)
(stop-charge-thresh-bat0 90)))
(service thinkfan-service-type
(thinkfan-configuration
(thinkfan thinkfan-next)
(config-file file:thinkfan-config)))
(service thermald-service-type)
#|Power management services|#
(service tlp-service-type
(tlp-configuration
(cpu-scaling-governor-on-ac `("performance"))
(cpu-scaling-governor-on-bat `("powersave"))
(cpu-scaling-min-freq-on-ac 1500000)
(cpu-scaling-max-freq-on-ac 3500000)
(cpu-scaling-min-freq-on-bat 1000000)
(cpu-scaling-max-freq-on-bat 3000000)
(cpu-min-perf-on-ac 0)
(cpu-max-perf-on-ac 100)
(cpu-min-perf-on-bat 0)
(cpu-max-perf-on-bat 40)
(cpu-boost-on-ac? #t)
(cpu-boost-on-bat? #f)
(nmi-watchdog? #t)
(start-charge-thresh-bat0 70)
(stop-charge-thresh-bat0 90)))
(service thinkfan-service-type
(thinkfan-configuration
(thinkfan thinkfan-next)
(config-file file:thinkfan-config)))
(service thermald-service-type)
#|Memory management services|#
(service zram-device-service-type
(zram-device-configuration
(size "2G")
(compression-algorithm 'zstd)))
#|Memory management services|#
(service zram-device-service-type
(zram-device-configuration
(size "2G")
(compression-algorithm 'zstd)))
#|Doas configuration services|#
(simple-service 'miscellaneous-permissions doas-service-type
(list (permit (identity ":wheel")
(setenv `(("GUILE_LOAD_PATH" . #t))))
(permit (identity ":wheel")
(nopass? #t)
(command "guix")
(args `("pull")))))
(simple-service 'text-editors-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(keepenv? #t)
(command cmd)))
`("kak" "emacsclient")))
(simple-service 'power-management-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(nopass? #t)
(command cmd)
(args '())))
`("zzz" "halt" "reboot")))
(simple-service 'shepherd-status-permissions doas-service-type
(map (lambda (action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (list action))))
`("status" "detailed-status")))
(simple-service 'service-management-permissions doas-service-type
(flat-map (lambda (service action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (map symbol->string
(list action service)))))
'(tor networking wpa-supplicant)
'(doc stop start enable status restart disable)))
#|Special file services|#
(service special-files-service-type
`(("/bin/sh" ,(file-append dash-next "/bin/dash"))
("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
#|Doas configuration services|#
(simple-service 'miscellaneous-permissions doas-service-type
(list (permit (identity ":wheel")
(setenv `(("GUILE_LOAD_PATH" . #t))))
(permit (identity ":wheel")
(nopass? #t)
(command "guix")
(args `("pull")))))
(simple-service 'text-editors-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(keepenv? #t)
(command cmd)))
`("kak" "emacsclient")))
(simple-service 'power-management-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(nopass? #t)
(command cmd)
(args '())))
`("zzz" "halt" "reboot")))
(simple-service 'shepherd-status-permissions doas-service-type
(map (lambda (action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (list action))))
`("status" "detailed-status")))
(simple-service 'service-management-permissions doas-service-type
(flat-map (lambda (service action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (map symbol->string
(list action service)))))
'(tor networking wpa-supplicant)
'(doc stop start enable status restart disable)))
#|Special file services|#
(service special-files-service-type
`(("/bin/sh" ,(file-append dash-next "/bin/dash"))
("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
#|Miscellaneous services|#
(service urandom-seed-service-type)
(service nscd-service-type)
(service sysctl-service-type
(sysctl-configuration
(sysctl (file-append procps "/sbin/sysctl"))
(settings `(("fs.protected_hardlinks" . "1")
("fs.protected_symlinks" . "1"))))))))
#|Miscellaneous services|#
(service urandom-seed-service-type)
(service nscd-service-type)
(service sysctl-service-type
(sysctl-configuration
(sysctl (file-append procps "/sbin/sysctl"))
(settings `(("fs.protected_hardlinks" . "1")
("fs.protected_symlinks" . "1")))))))))
operating-system