#|Modules|# (use-modules #|GNU |# (gnu) (gnu artwork) (gnu services) #|Guix |# (guix gexp) (guix packages) (guix records) #|Misc |# (ice-9 match) #|Radix|# (radix packages linux) (radix services linux) (radix system setuid) (radix secrets) (radix utils)) (use-system-modules #|N|# nss) (use-service-modules #|A|# admin #|C|# configuration #|D|# desktop #|L|# linux #|M|# mcron #|N|# networking #|S|# sound sysctl shepherd) (use-package-modules #|A|# admin #|B|# base bash #|C|# certs compression curl #|F|# file #|G|# gawk glib guile guile-xyz #|L|# less linux #|M|# man maths #|P|# pulseaudio #|T|# texinfo text-editors tmux #|V|# vpn) (define* (permit #:key (persist #f) (keepenv #f) (nopass #f) (group "wheel") (commands '(""))) (format #f "~{~a~%~}" (map (lambda (command) (match (string-split command #\space) ((command . args) (format #f "permit ~:[~;persist ~]~ ~:[~;keepenv ~]~ ~:[~;nopass ~]:~a~:[ cmd ~a args~{ ~a~}~;~]" persist keepenv nopass group (string-null? command) command args)))) commands))) #|Mcron jobs|# (define garbage-collector-job #~(job "5 0 * * *" "guix gc --optimize -F 5G")) #|Kernel modules configuration|# (define modprobe-thinkfan-config (plain-file "thinkfan.conf" "options thinkpad_acpi experimental=1 fan_control=1")) #|etc files|# (define thinkfan-config (plain-file "thinkfan.conf" (format #f "~@{~a~%~}" "fans:" "- tpacpi: /proc/acpi/ibm/fan" "sensors:" " - hwmon: /sys/devices/platform/coretemp.0/hwmon" " indices: [1,2,3]" "levels:" " - [0, 0, 35]" " - [1, 30, 40]" " - [2, 35, 45]" " - [3, 40, 50]" " - [4, 45, 55]" " - [5, 50, 60]" " - [6, 55, 65]" " - [7, 60, 70]" " - [\"level full-speed\", 65, 260]"))) (define doas-config (plain-file "doas.conf" (format #f "~@{~a~%~}" "permit setenv { GUILE_LOAD_PATH } :wheel" (permit #:keepenv #t #:commands '("kak" "emacsclient")) (permit #:nopass #t #:commands '("halt" "reboot" "guix pull" "herd status")) (permit #:nopass #t #:commands (flatmap (lambda (service-name action) (format #f "herd ~a ~a" action service-name)) '("thinkfan" "wpa-supplicant") '("doc" "stop" "start" "status" "restart")))))) #|Operating system definition|# (operating-system (host-name "buer") (timezone "America/Sao_Paulo") (locale "en_US.utf8") (keyboard-layout (keyboard-layout "us,br" #:options '("grp:menu_switch" "parens:swap_brackets" "caps:swapescape"))) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sda")) (theme (grub-theme (image (file-append %artwork-repository "/backgrounds/guix-silver-checkered-16-9.svg")) (resolution '(1280 . 720)) (gfxmode '("1280x720x32")))))) (kernel linux-libre-6.4) (kernel-arguments '("modprobe.blacklist=usbmouse,usbkbd" "thinkpad_acpi.fan_control=1" "loglevel=5" "quiet")) (file-systems (cons* (file-system (device (file-system-label "guix-root")) (mount-point "/") (type "ext4")) (file-system (device (file-system-label "HOME")) ;doas e2label /dev/sda5 home (mount-point "/home") (type "ext4")) %base-file-systems)) (swap-devices (list (swap-space (target (file-system-label "swap"))))) (users (cons (user-account (name "radio") (password %radio-password) (group "users") (supplementary-groups `("audio" "input" "video" "wheel"))) %base-user-accounts)) #|System level packages|# (packages (list #|admin |# htop inetutils isc-dhcp opendoas shadow #|base |# bash coreutils diffutils findutils grep patch sed tar which #|certs |# nss-certs #|compression |# bzip2 gzip lzip unzip xz #|curl |# curl #|file |# file #|gawk |# gawk #|glib |# dbus #|guile |# guile-3.0-latest guile-colorized guile-irregex guile-reader guile-readline #|less |# less #|linux |# acpi alsa-lib alsa-plugins alsa-utils e2fsprogs eudev fuse inetutils inotify-tools iproute kbd kmod lm-sensors procps psmisc thinkfan-next usbutils util-linux #|man |# man-db mandoc man-pages #|math |# libqalculate #|pulseaudio |# pulseaudio #|texinfo |# info-reader #|text-editors|# kak-lsp kakoune #|tmux |# tmux #|vpn |# wireguard-tools)) #|Do not generate a sudoers file|# (sudoers-file #f) #|Run some programs from each package with file owner privileges|# (setuid-programs (map-setuid-programs (shadow '("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap")) (inetutils '("ping" "ping6")) (opendoas '("doas")) (fuse '("fusermount")) (util-linux '("mount" "umount")))) #|Allow resolution of '.local' host names with mDNS|# (name-service-switch %mdns-host-lookup-nss) #|System services|# (services (list #|TTY services|# (service virtual-terminal-service-type) (service console-font-service-type (associate-right (%default-console-font '("tty1" "tty2")))) (service agetty-service-type (agetty-configuration (extra-options '("-L")) (term "vt100") (tty #f))) (service mingetty-service-type (mingetty-configuration (tty "tty1"))) (service mingetty-service-type (mingetty-configuration (tty "tty2"))) #|Login services|# (service login-service-type) (service elogind-service-type) #|Log services|# (service rottlog-service-type) (service syslog-service-type (syslog-configuration (syslogd (file-append inetutils "/libexec/syslogd")) (config-file %default-syslog.conf))) (service log-cleanup-service-type (log-cleanup-configuration (directory "/var/log/guix/drvs") (expiry (* 3 30 24 3600)))) #|Guix services|# (service guix-service-type (guix-configuration (build-accounts 16) (extra-options '("--max-jobs=8" "--cores=4")))) #|Mcron service|# (simple-service 'mcron-jobs mcron-service-type (list garbage-collector-job)) #|Device management services|# (service udev-service-type (udev-configuration (udev eudev) (rules (list lvm2 fuse alsa-utils crda)))) #|Sound services|# (service alsa-service-type) #|Network services|# (service static-networking-service-type (list (static-networking (addresses (list (network-address (device "lo") (value "127.0.0.1/8")))) (provision '(loopback))))) (service wpa-supplicant-service-type (wpa-supplicant-configuration (config-file "/etc/wpa_supplicant.conf") (interface "wlp2s0") (extra-options '("-B")))) (service dhcp-client-service-type (dhcp-client-configuration (interfaces 'all))) #|Thinkfan services|# (simple-service 'thinkfan-config etc-service-type `(("modprobe.d/thinkfan.conf" ,modprobe-thinkfan-config) ("thinkfan.conf" ,thinkfan-config))) (service thinkfan-service-type (thinkfan-configuration (config-file thinkfan-config) (respawn? #f))) #|Doas config service|# (simple-service 'doas-config etc-service-type `(("doas.conf" ,doas-config))) #|Special file services|# (service special-files-service-type `(("/bin/sh" ,(file-append bash "/bin/bash")) ("/usr/bin/env" ,(file-append coreutils "/bin/env")))) #|Miscellaneous services|# (service urandom-seed-service-type) (service nscd-service-type) (service sysctl-service-type (sysctl-configuration (sysctl (file-append procps "/sbin/sysctl")) (settings '(("fs.protected_hardlinks" . "1") ("fs.protected_symlinks" . "1"))))))))