#|Modules|# (use-modules #|GNU |# (gnu) #|Guix |# (guix) #|Radix|# (radix artwork) (radix packages admin) (radix packages linux) (radix packages text-editors) (radix packages shells) (radix services admin) (radix services pm) (radix system setuid) (radix secrets) (radix utils) ((radix files substitute-keys) #:prefix public-key:) ((radix files thinkfan) #:prefix file:thinkfan-)) (use-service-modules #|A|# admin avahi #|D|# desktop #|M|# mcron #|N|# linux networking #|P|# pm #|S|# sound sysctl) (use-package-modules #|A|# admin android #|B|# base #|C|# certs compression curl #|G|# gawk glib guile guile-xyz #|L|# less linux #|M|# man #|T|# texinfo tmux #|V|# vpn) #|Operating system definition|# (operating-system (host-name "buer") (timezone "America/Sao_Paulo") (locale "en_US.utf8") (keyboard-layout (keyboard-layout "us,br" #:options `("grp:menu_switch" "parens:swap_brackets" "caps:swapescape"))) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets `("/dev/sda")) (timeout 1) (theme (grub-theme (image (file-append %artwork-repository "/backgrounds/guix-silver-16-9.svg")) (gfxmode `("1280x720x32")))))) (kernel-arguments `("modprobe.blacklist=usbmouse,usbkbd,pcspkr" "thinkpad_acpi.fan_control=1" "loglevel=5" "quiet")) (file-systems (cons* (file-system (device (file-system-label "guix-root")) (mount-point "/") (type "ext4")) (file-system (device (file-system-label "home")) (mount-point "/home") (type "ext4")) %base-file-systems)) (users (cons* (user-account (name "radio") (password %radio-password) (home-directory "/home/radio") (shell (file-append dash-next "/bin/dash")) (uid 1000) (group "users") (supplementary-groups `("audio" "adbusers" "video" "wheel"))) (user-account (name "root") (password %root-password) (system? #t) (home-directory "/root") (uid 0) (group "root") (shell (file-append dash-next "/bin/dash"))) %base-user-accounts)) (groups (cons* (user-group (name "adbusers")) %base-groups)) #|System level packages|# (packages (list #|admin |# htop inetutils isc-dhcp opendoas shadow zzz #|base |# coreutils diffutils findutils grep patch sed tar which #|certs |# nss-certs #|compression |# bzip2 gzip lzip unzip xz zstd #|curl |# curl #|gawk |# gawk #|guile |# guile-3.0-latest guile-colorized guile-readline #|less |# less #|linux |# e2fsprogs eudev fuse iproute kbd kmod lm-sensors procps psmisc thinkfan-next util-linux #|man |# man-db mandoc man-pages #|shells |# dash-next #|texinfo |# info-reader #|text-editors|# kakoune-git #|tmux |# tmux #|vpn |# wireguard-tools)) #|Do not generate a sudoers file|# (sudoers-file #f) #|Run some programs from each package with file owner privileges|# (setuid-programs (map-setuid-programs (shadow `("passwd" "chfn" "sg" "su" "newgrp" "newuidmap" "newgidmap")) (inetutils `("ping" "ping6")) (opendoas `("doas")) (fuse-2 `("fusermount")) (fuse `("fusermount3")) (util-linux `("mount" "umount")))) #|Allow resolution of '.local' host names with mDNS|# (name-service-switch %mdns-host-lookup-nss) #|System services|# (services (list #|TTY services|# (service virtual-terminal-service-type) (service console-font-service-type (associate-right (%default-console-font `("tty1" "tty2")))) (service agetty-service-type (agetty-configuration (extra-options `("-L")) (term "vt100") (tty #f))) (service mingetty-service-type (mingetty-configuration (tty "tty1"))) (service mingetty-service-type (mingetty-configuration (tty "tty2"))) #|Login services|# (service login-service-type) (service elogind-service-type) #|Log services|# (service rottlog-service-type) (service syslog-service-type (syslog-configuration (syslogd (file-append inetutils "/libexec/syslogd")) (config-file %default-syslog.conf))) (service log-cleanup-service-type (log-cleanup-configuration (directory "/var/log/guix/drvs") (expiry (* 3 30 24 3600)))) #|Avahi service|# (service avahi-service-type (avahi-configuration (wide-area? #t))) #|Guix services|# (service guix-service-type (guix-configuration (discover? #t) (build-accounts 16) (authorized-keys (cons* public-key:yuria %default-authorized-guix-keys)) (extra-options `("--max-jobs=8" "--cores=4")))) (service guix-publish-service-type (guix-publish-configuration (port 8080) (host "0.0.0.0") (advertise? #t) (compression `(("zstd" 3))))) #|Mcron service|# (simple-service 'mcron-jobs mcron-service-type (list #~(job "5 0 * * *" "guix gc --optimize --free-space=5G"))) #|Device management services|# (service udev-service-type (udev-configuration (udev eudev) (rules (list alsa-utils android-udev-rules crda fuse lvm2)))) #|Sound services|# (service alsa-service-type) #|Network services|# (service static-networking-service-type (list (static-networking (addresses (list (network-address (device "lo") (value "127.0.0.1/8")))) (provision '(loopback))))) (service ntp-service-type) (service wpa-supplicant-service-type (wpa-supplicant-configuration (config-file "/etc/wpa_supplicant.conf") (interface "wlp2s0") (extra-options `("-B")))) (service dhcp-client-service-type (dhcp-client-configuration (interfaces 'all))) (service tor-service-type) #|Power management services|# (service tlp-service-type (tlp-configuration (cpu-scaling-governor-on-ac `("performance")) (cpu-scaling-governor-on-bat `("powersave")) (cpu-scaling-min-freq-on-ac 1500000) (cpu-scaling-max-freq-on-ac 3500000) (cpu-scaling-min-freq-on-bat 1000000) (cpu-scaling-max-freq-on-bat 3000000) (cpu-min-perf-on-ac 0) (cpu-max-perf-on-ac 100) (cpu-min-perf-on-bat 0) (cpu-max-perf-on-bat 40) (cpu-boost-on-ac? #t) (cpu-boost-on-bat? #f) (nmi-watchdog? #t) (start-charge-thresh-bat0 70) (stop-charge-thresh-bat0 90))) (service thermald-service-type) #|Memory management services|# (service zram-device-service-type (zram-device-configuration (size "2G") (compression-algorithm 'zstd))) #|Thinkfan services|# (service thinkfan-service-type (thinkfan-configuration (config-file file:thinkfan-config))) #|Doas configuration services|# (simple-service 'miscellaneous-permissions doas-service-type (list (permit (identity ":wheel") (setenv `(("GUILE_LOAD_PATH" . #t)))) (permit (identity ":wheel") (nopass? #t) (command "guix") (args `("pull"))))) (simple-service 'text-editors-permissions doas-service-type (map (lambda (cmd) (permit (identity ":wheel") (keepenv? #t) (command cmd))) `("kak" "emacsclient"))) (simple-service 'power-management-permissions doas-service-type (map (lambda (cmd) (permit (identity ":wheel") (nopass? #t) (command cmd) (args '()))) `("zzz" "halt" "reboot"))) (simple-service 'shepherd-status-permissions doas-service-type (map (lambda (action) (permit (identity ":wheel") (nopass? #t) (command "herd") (args (list action)))) `("status" "detailed-status"))) (simple-service 'service-management-permissions doas-service-type (flat-map (lambda (service action) (permit (identity ":wheel") (nopass? #t) (command "herd") (args (map symbol->string (list action service))))) '(tor networking wpa-supplicant) '(doc stop start enable status restart disable))) #|Special file services|# (service special-files-service-type `(("/bin/sh" ,(file-append dash-next "/bin/dash")) ("/usr/bin/env" ,(file-append coreutils "/bin/env")))) #|Miscellaneous services|# (service urandom-seed-service-type) (service nscd-service-type) (service sysctl-service-type (sysctl-configuration (sysctl (file-append procps "/sbin/sysctl")) (settings `(("fs.protected_hardlinks" . "1") ("fs.protected_symlinks" . "1"))))))))