From be3d2b5d0e8c88307cb4cec8ffca7d5d91f0cb0b Mon Sep 17 00:00:00 2001 From: Tissevert Date: Sat, 11 Mar 2023 23:28:19 +0100 Subject: [PATCH] Add config for pine and rework services a bit --- config.scm | 85 ------------------------------------ files/authorized_keys | 1 + nonguix.signing-key.scm | 6 +++ packages.scm | 36 ++++++++++------ pine.packages.scm | 3 ++ pine.system.scm | 36 ++++++++++++++++ rose.packages.scm | 3 ++ rose.system.scm | 30 +++++++++++++ system.scm | 96 +++++++++++++++++++++++++++++++++++++++++ 9 files changed, 197 insertions(+), 99 deletions(-) delete mode 100755 config.scm create mode 100644 files/authorized_keys create mode 100644 nonguix.signing-key.scm create mode 100644 pine.packages.scm create mode 100644 pine.system.scm create mode 100644 rose.packages.scm create mode 100644 rose.system.scm create mode 100644 system.scm diff --git a/config.scm b/config.scm deleted file mode 100755 index c335493..0000000 --- a/config.scm +++ /dev/null @@ -1,85 +0,0 @@ -(use-modules (gnu) - ((gnu packages anthy) #:select (anthy)) - ((gnu packages certs) #:select (nss-certs)) - ((gnu packages gnome) #:select (gvfs)) - ((gnu packages file-systems) #:select (davfs2)) - ((gnu packages ibus) #:select (ibus ibus-anthy)) - ((gnu packages wm) #:select (i3-wm)) - ((gnu services desktop) #:select (xfce-desktop-service-type %desktop-services)) - ((gnu services xorg) #:select (set-xorg-configuration xorg-configuration)) - (gnu system)) -(use-modules (nongnu packages linux) - (nongnu system linux-initrd)) - -(define %utils - (list anthy davfs2 gvfs i3-wm ibus ibus-anthy nss-certs)) - -(define (my-services keyboard-layout) - (append - (list - (service xfce-desktop-service-type) - (set-xorg-configuration - (xorg-configuration (keyboard-layout keyboard-layout)))) - (modify-services %desktop-services - (guix-service-type config => - (guix-configuration - (inherit config) - (substitute-urls - (cons* "https://substitutes.nonguix.org" - %default-substitute-urls)) - (authorized-keys - (cons* (local-file "./nonguix.key.pub") - %default-authorized-guix-keys))))))) - -(operating-system - (locale "fr_FR.utf8") - (timezone "Europe/Paris") - (keyboard-layout (keyboard-layout "fr" "bepo" #:options '("ctrl:swapcaps"))) - (host-name "rose") - (users (cons* (user-account - (name "kook") - (comment "Grou-grou") - (group "users") - (home-directory "/home") - (supplementary-groups - '("wheel" "netdev" "audio" "video" "kvm"))) - %base-user-accounts)) - (packages - (append - %utils - %base-packages)) - (services (my-services keyboard-layout)) - (kernel linux) - (initrd microcode-initrd) - (firmware (list linux-firmware)) - (bootloader - (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets '("/boot/efi")) - (keyboard-layout keyboard-layout))) - (mapped-devices - (list (mapped-device - (source (uuid "c896e07f-d2ed-4390-8ce0-b82080d1bdc2")) - (target "HOME") - (type luks-device-mapping)))) - (file-systems - (cons* (file-system - (mount-point "/") - (device (uuid "60c115b5-08f2-435b-95e5-d3b81ffba4f4" 'ext4)) - (type "ext4")) - (file-system - (mount-point "/home") - (device (uuid "73dc31f8-844d-4a87-bf54-4fb86a49469c" 'ext4)) - (type "ext4") - (dependencies mapped-devices)) - (file-system - (mount-point "/boot/efi") - (device (uuid "545B-970F" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/tmp") - (device "tmpfs") - (type "tmpfs") - (check? #f) - (options "size=50%")) - %base-file-systems))) diff --git a/files/authorized_keys b/files/authorized_keys new file mode 100644 index 0000000..12d7207 --- /dev/null +++ b/files/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGOChJhdXFjPLFb218mVPSD9IsL7kyHqFdh/u2qcyJsjc5hFNPdnTvHHjQhsX33PaA5IfKM830AziWX/pwnePQQHR1nfw8knEpQaCNPmmHLQkepTeHlXKdSIXrv5fa9I27AWH+8NtAtJIY1F8jbEAGWXF8F6p8vZLybEljsmVOygWrkQmKtmYn/aOo+R7DlX4SnBfXmqWkzoilgI9FmNfaomv6FeU9VVQtemO4XPz/PMIYYvUNCJ2zaVbjNBmA6ZhHmZf3XlK4swnMW49Py2HboKs/MXLPpfwfU+KlLXYUs2wAtL+UFK/6/IUcIpaFdfTid183KQ07jf+uxtpUTEVT kook@burra diff --git a/nonguix.signing-key.scm b/nonguix.signing-key.scm new file mode 100644 index 0000000..56ee811 --- /dev/null +++ b/nonguix.signing-key.scm @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) + ) + ) diff --git a/packages.scm b/packages.scm index c1312fc..a02cf05 100644 --- a/packages.scm +++ b/packages.scm @@ -23,40 +23,49 @@ (gnu packages vim) (gnu packages virtualization) (gnu packages wm) + (gnu packages web) (gnu packages xfce) - (gnu packages xorg)) + (gnu packages xorg) + (loom packages eyecandy)) (define %desktop (list arc-icon-theme arc-theme - claws-mail evince font-google-noto font-openmoji - gcc-toolchain - ghc - git - ;guide htop mplayer nitrogen - openssh pavucontrol - pragha pwgen + quodlibet recutils - rsync tmux - ungoogled-chromium + toon-cursors unzip vim-full vim-solarized xarchiver xfce4-screenshooter xrandr + yaru-theme zip)) +(define %dev + (list + gcc-toolchain + ghc + git + jq)) + +(define %web + (list + claws-mail + ungoogled-chromium + )) + (define %heavy (list libreoffice @@ -64,10 +73,9 @@ pandoc qemu)) - (define %network (list curl - netcat)) - -(packages->manifest (append %desktop %heavy %network)) + netcat + openssh + rsync)) diff --git a/pine.packages.scm b/pine.packages.scm new file mode 100644 index 0000000..d795c25 --- /dev/null +++ b/pine.packages.scm @@ -0,0 +1,3 @@ +(load "packages.scm") + +(packages->manifest (append %desktop %dev %heavy %network %web)) diff --git a/pine.system.scm b/pine.system.scm new file mode 100644 index 0000000..4871c88 --- /dev/null +++ b/pine.system.scm @@ -0,0 +1,36 @@ +(use-modules (gnu) + (gnu services desktop) + (gnu services ssh) + (gnu system)) +(use-modules (nongnu packages linux) + (nongnu system linux-initrd)) + +(load "system.scm") + +(let ((os (install-to (uuid "a942a6ac-012a-46c5-984e-5f53532a3253" 'ext4)))) + (operating-system + (inherit os) + (host-name "pine") + (services + (append + (list + (pam-mount "kook" "/dev/md0") + pam-audio + (ssh-only `(("kook" ,(local-file "files/authorized_keys"))))) + (desktop-environment (operating-system-keyboard-layout os)) + (nonguix %desktop-services))) + (kernel linux) + (initrd microcode-initrd) + (firmware (list linux-firmware)) + (mapped-devices + (list (mapped-device + (source (list "/dev/sdb" "/dev/sdc")) + (target "/dev/md0") + (type raid-device-mapping)) + )) + (file-systems + (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "7974-61F4" 'fat32)) + (type "vfat")) + (operating-system-file-systems os))))) diff --git a/rose.packages.scm b/rose.packages.scm new file mode 100644 index 0000000..d795c25 --- /dev/null +++ b/rose.packages.scm @@ -0,0 +1,3 @@ +(load "packages.scm") + +(packages->manifest (append %desktop %dev %heavy %network %web)) diff --git a/rose.system.scm b/rose.system.scm new file mode 100644 index 0000000..7a4769c --- /dev/null +++ b/rose.system.scm @@ -0,0 +1,30 @@ +(use-modules (gnu) + (gnu services desktop) + (gnu system)) +(use-modules (nongnu packages linux) + (nongnu system linux-initrd)) + +(load "system.scm") + +(let ((os (install-to (uuid "60c115b5-08f2-435b-95e5-d3b81ffba4f4" 'ext4)))) + (operating-system + (inherit os) + (host-name "rose") + (services + (append + (list + (pam-mount + "kook" + "/dev/disk/by-uuid/c896e07f-d2ed-4390-8ce0-b82080d1bdc2") + pam-audio) + (desktop-environment (operating-system-keyboard-layout os)) + (nonguix %desktop-services))) + (kernel linux) + (initrd microcode-initrd) + (firmware (list linux-firmware)) + (file-systems + (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "545B-970F" 'fat32)) + (type "vfat")) + (operating-system-file-systems os))))) diff --git a/system.scm b/system.scm new file mode 100644 index 0000000..859ed5b --- /dev/null +++ b/system.scm @@ -0,0 +1,96 @@ +(use-modules (gnu) + ((gnu packages anthy) #:select (anthy)) + ((gnu packages certs) #:select (nss-certs)) + ((gnu packages gnome) #:select (gvfs)) + ((gnu packages file-systems) #:select (davfs2)) + ((gnu packages ibus) #:select (ibus ibus-anthy)) + ((gnu packages wm) #:select (i3-wm)) + ((gnu services desktop) #:select (xfce-desktop-service-type)) + ((gnu services pam-mount) #:select (pam-mount-service-type pam-mount-configuration)) + ((gnu services xorg) #:select (set-xorg-configuration xorg-configuration)) + (gnu system)) + +(define %utils + (list anthy davfs2 gvfs i3-wm ibus ibus-anthy nss-certs)) + +(define (install-to root-fs) + (operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr" "bepo" #:options '("ctrl:swapcaps"))) + (host-name "stub") + (users (cons* (user-account + (name "kook") + (comment "Grou-grou") + (group "users") + (home-directory "/home") + (supplementary-groups + '("wheel" "netdev" "audio" "video" "kvm"))) + %base-user-accounts)) + (packages + (append %utils %base-packages)) + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + (keyboard-layout keyboard-layout))) + (file-systems + (cons (file-system + (mount-point "/") + (device root-fs) + (type "ext4")) + %base-file-systems)))) + +(define pam-audio + (pam-limits-service + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))) + +(define (pam-mount userName device) + (service pam-mount-service-type + (pam-mount-configuration + (rules `((debug (@ (enable "0"))) + (volume (@ (user ,userName) + (fstype "crypt") + (path ,device) + (mountpoint "/home/"))) + (mntoptions (@ (allow ,(string-join + '("nosuid" "nodev" "loop" + "encryption" "fsck" "nonempty" + "allow_root" "allow_other") + ",")))) + (mntoptions (@ (require "nosuid,nodev"))) + (logout (@ (wait "0") + (hup "0") + (term "no") + (kill "no"))) + (mkmountpoint (@ (enable "1") + (remove "false")))))))) + +(define (desktop-environment keyboard-layout) + (list + (service xfce-desktop-service-type) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout))))) + +(define (ssh-only authorized-keys) + (service openssh-service-type + (openssh-configuration + (password-authentication? #f) + (permit-root-login #f) + (authorized-keys authorized-keys)))) + +(define nonguix + (lambda (services) + (modify-services services + (guix-service-type + config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "./nonguix.signing-key.scm")) + %default-authorized-guix-keys)))))))