zero/operating-systems/buer.scm

330 lines
12 KiB
Scheme
Raw Normal View History

2024-03-08 14:32:05 +00:00
(define-module (operating-systems buer)
#|GNU bootloader|#
#||# #:use-module (gnu bootloader)
#|G|# #:use-module (gnu bootloader grub)
2024-03-08 14:32:05 +00:00
#|GNU packages|#
#|A|# #:use-module (gnu packages admin)
#|B|# #:use-module (gnu packages base)
#|S|# #:use-module (gnu packages bash)
2024-03-08 14:32:05 +00:00
#|C|# #:use-module (gnu packages certs)
#:use-module (gnu packages compression)
#|G|# #:use-module (gnu packages gawk)
#:use-module (gnu packages guile)
#:use-module (gnu packages guile-xyz)
#|L|# #:use-module (gnu packages less)
#:use-module (gnu packages linux)
#|M|# #:use-module (gnu packages man)
#|P|# #:use-module (gnu packages package-management)
#:use-module (gnu packages pciutils)
2024-03-08 14:32:05 +00:00
#|T|# #:use-module (gnu packages texinfo)
#|V|# #:use-module (gnu packages vpn)
#|GNU services|#
#||# #:use-module (gnu services)
2024-03-08 14:32:05 +00:00
#|A|# #:use-module (gnu services admin)
#:use-module (gnu services avahi)
#|B|# #:use-module (gnu services base)
2024-03-08 14:32:05 +00:00
#|D|# #:use-module (gnu services dbus)
#:use-module (gnu services desktop)
#|G|# #:use-module (gnu services guix)
2024-03-08 14:32:05 +00:00
#|M|# #:use-module (gnu services mcron)
#|L|# #:use-module (gnu services linux)
#|N|# #:use-module (gnu services networking)
2024-03-08 14:32:05 +00:00
#|P|# #:use-module (gnu services pm)
#|S|# #:use-module (gnu services sysctl)
#|GNU system|#
#||# #:use-module (gnu system)
#|A|# #:use-module (gnu system accounts)
#|F|# #:use-module (gnu system file-systems)
#|K|# #:use-module (gnu system keyboard)
#|N|# #:use-module (gnu system nss)
#|S|# #:use-module (gnu system shadow)
2024-03-08 14:32:05 +00:00
#|Guix|#
#|G|# #:use-module (guix gexp)
2024-03-08 14:32:05 +00:00
#|Home environments|#
#|R|# #:use-module ((home-environments radio)
#:prefix home-environment:)
2024-03-08 14:32:05 +00:00
#|Radix|#
#|A|# #:use-module (radix artwork)
#|C|# #:use-module (radix combinators)
#|U|# #:use-module (radix utils)
#|Radix packages|#
#|A|# #:use-module (radix packages admin)
#|L|# #:use-module (radix packages linux)
#|T|# #:use-module (radix packages text-editors)
2024-03-08 14:32:05 +00:00
#|Radix services|#
#|A|# #:use-module (radix services admin)
#|P|# #:use-module (radix services pm)
#|Radix system|#
#|S|# #:use-module (radix system security)
#:use-module (radix system setuid)
#|M|# #:use-module (radix system monitoring)
#|Buer|#
#|B|# #:use-module ((buer build-machines)
#:prefix build-machine:)
#|C|# #:use-module ((buer channels)
#:prefix channel:)
#|F|# #:use-module ((buer files)
#:prefix file:)
#|F|# #:use-module ((buer file-systems)
#:prefix file-system:)
#|P|# #:use-module ((buer privilege)
#:prefix privileged-programs:)
#|R|# #:use-module ((buer rules)
#:prefix rules:)
#|S|# #:use-module ((buer substitute-keys)
#:prefix substitute-key:)
#|U|# #:use-module ((buer users)
#:prefix user:)
2024-03-08 14:32:05 +00:00
#|SRFIs|#
#|1|# #:use-module (srfi srfi-1)
2024-03-08 14:32:05 +00:00
#:export (buer))
2024-03-08 14:32:05 +00:00
(define buer
(operating-system
2024-03-08 14:32:05 +00:00
(host-name "buer")
(timezone "America/Sao_Paulo")
(locale "en_US.utf8")
(keyboard-layout
(keyboard-layout "us,br"
#:options `("grp:menu_switch"
"parens:swap_brackets"
"caps:swapescape")))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets `("/dev/disk/by-id/wwn-0x50026b7785a0a591"))
2024-03-08 14:32:05 +00:00
(theme (grub-theme
(color-normal
'((fg . light-gray) (bg . black)))
(color-highlight
'((fg . black) (bg . light-gray)))
(image (file-append %artwork-repository
"/backgrounds/guix-silver-16-9.svg"))
(gfxmode `("1280x720x32"))))))
(kernel linux-libre-6.11)
2024-03-08 14:32:05 +00:00
(kernel-arguments
(cons* "modprobe.blacklist=usbmouse,usbkbd,pcspkr"
"thinkpad_acpi.fan_control=1"
(filter (negate ((on disjoin
(partial partial string-prefix?))
"debugfs" "l1tf" "mds" "mitigations" "nosmt"))
2024-03-08 14:32:05 +00:00
%kicksecure-kernel-arguments)))
(file-systems
(append file-system:volumes
file-system:persistent-directories))
2024-03-08 14:32:05 +00:00
(users
(cons* user:radio
user:root
2024-03-08 14:32:05 +00:00
%base-user-accounts))
#|System level packages|#
(packages
(list #|admin |# btop inetutils isc-dhcp shadow zzz
2024-03-08 14:32:05 +00:00
#|base |# coreutils diffutils findutils grep patch sed tar which
#|bash |# bash bash-completion
2024-03-08 14:32:05 +00:00
#|certs |# nss-certs
#|compression |# gzip xz zstd
#|gawk |# gawk
#|guile |# guile-next guile-colorized guile-readline
#|less |# less
#|linux |# e2fsprogs iproute kmod procps psmisc usbutils
util-linux
2024-03-08 14:32:05 +00:00
#|man |# man-db man-pages
#|pciutils |# pciutils
2024-03-08 14:32:05 +00:00
#|texinfo |# info-reader
#|text-editors|# kakoune
#|vpn |# wireguard-tools))
#|Do not generate a sudoers file|#
(sudoers-file #f)
#|Run some programs from with file privileges|#
(privileged-programs
(append privileged-programs:authentication
privileged-programs:file-systems
privileged-programs:network))
2024-03-08 14:32:05 +00:00
#|Allow resolution of '.local' host names with mDNS|#
(name-service-switch %mdns-host-lookup-nss)
#|System services|#
(services
(list #|TTY services|#
(service virtual-terminal-service-type)
(service console-font-service-type
(associate-right
(%default-console-font `("tty1" "tty2"))))
#|Login services|#
(service seatd-service-type)
(service greetd-service-type
(greetd-configuration
(greeter-supplementary-groups `("seat"))
(terminals
(map (lambda (x)
(greetd-terminal-configuration
(terminal-vt (number->string x))
(terminal-switch (= x 1))
(default-session-command
(greetd-agreety-session
(command #~(getenv "SHELL"))))))
(iota 2 1)))))
2024-03-08 14:32:05 +00:00
#|Home environment services|#
(service guix-home-service-type
(if (file-exists? "/run/current-system/provenance") '()
`(("radio" ,home-environment:radio))))
2024-03-08 14:32:05 +00:00
#|Log services|#
(service rottlog-service-type)
(service syslog-service-type)
2024-03-08 14:32:05 +00:00
(service log-cleanup-service-type
(log-cleanup-configuration
(directory "/var/log/guix/drvs")
(expiry (* 2 30 24 3600))))
2024-03-08 14:32:05 +00:00
#|IPC services|#
(service dbus-root-service-type)
#|Avahi service|#
(service avahi-service-type
(avahi-configuration
(wide-area? #t)))
#|Guix services|#
(service guix-service-type
(guix-configuration
(build-accounts 16)
(discover? #t)
(guix (guix-for-channels
(list channel:guix
channel:radix)))
(authorized-keys
(cons* substitute-key:genenetwork.pub
substitute-key:inria.pub
substitute-key:yumiko.pub
%default-authorized-guix-keys))
(substitute-urls
`("https://bordeaux.guix.gnu.org"
"https://cuirass.genenetwork.org"
"https://ci.guix.gnu.org"
"https://guix.bordeaux.inria.fr"))
(extra-options
`("--max-jobs=8"
"--cores=4"
"--gc-keep-derivations=yes"
"--gc-keep-outputs=yes"))))
2024-03-08 14:32:05 +00:00
(service guix-publish-service-type
(guix-publish-configuration
(port 8080)
(host "0.0.0.0")
(advertise? #t)
(compression `(("zstd" 3)))))
#|Mcron service|#
(service mcron-service-type
(mcron-configuration
(jobs (list #~(job "* * * * Sun"
"guix gc --optimize --free-space=10G")))))
2024-03-08 14:32:05 +00:00
#|Device management services|#
(service udev-service-type
(udev-configuration
(rules (list alsa-utils crda fuse))))
2024-03-08 14:32:05 +00:00
#|Network services|#
(service static-networking-service-type
(list %loopback-static-networking))
2024-03-08 14:32:05 +00:00
(service ntp-service-type)
(service wpa-supplicant-service-type
(wpa-supplicant-configuration
(config-file "/etc/wpa-supplicant.conf")
2024-03-08 14:32:05 +00:00
(interface "wlp2s0")
(extra-options `("-B"))))
(service dhcp-client-service-type
(dhcp-client-configuration
(interfaces 'all)))
(simple-service 'extra-hosts
hosts-service-type
(list (host "192.168.100.33" "yumiko.local"
`("yumiko" "substitutes.yumiko"))))
#|Power management services|#
(service tlp-service-type
(tlp-configuration
(cpu-scaling-governor-on-ac `("performance"))
(cpu-scaling-governor-on-bat `("powersave"))
(cpu-scaling-min-freq-on-ac 1500000)
(cpu-scaling-max-freq-on-ac 3500000)
(cpu-scaling-min-freq-on-bat 1000000)
(cpu-scaling-max-freq-on-bat 3000000)
(cpu-min-perf-on-ac 0)
(cpu-max-perf-on-ac 100)
(cpu-min-perf-on-bat 0)
(cpu-max-perf-on-bat 40)
(cpu-boost-on-ac? #t)
(cpu-boost-on-bat? #f)
(nmi-watchdog? #t)
(start-charge-thresh-bat0 70)
(stop-charge-thresh-bat0 90)))
(service thinkfan-service-type
(thinkfan-configuration
(thinkfan thinkfan-next)
(config-file file:thinkfan-config)))
#|Memory management services|#
(service zram-device-service-type
(zram-device-configuration
(size (round/ (ram-total) 2))
2024-03-08 14:32:05 +00:00
(compression-algorithm 'lz4)))
#|Permission services|#
(service opendoas-service-type
(opendoas-configuration
(rules (append rules:general
rules:text-editors
rules:power-management
rules:service-management))))
2024-03-08 14:32:05 +00:00
#|Special file services|#
(service special-files-service-type
`(("/bin/sh" ,(file-append bash "/bin/bash"))
2024-03-08 14:32:05 +00:00
("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
(simple-service 'persistent-files-service
special-files-service-type
(map (juxt identity
(partial string-append "/gnu/persist/"))
file-system:persistent-files))
2024-03-08 14:32:05 +00:00
#|Sysctl services|#
2024-03-08 14:32:05 +00:00
(simple-service 'extra-sysctl-settings sysctl-service-type
`(("vm.swappiness" . "180")
("vm.watermark_boost_factor" . "0")
("vm.watermark_scale_factor" . "125")
("vm.page-cluster" . "0")))
(simple-service 'security-syctl-settings sysctl-service-type
(alist-delete "net.core.bpf_jit_harden"
%kicksecure-sysctl-rules))
#|Base services|#
(service urandom-seed-service-type)
(service nscd-service-type)))))
buer