(define-module (default) #:use-module (gnu) #:use-module (gnu system nss) #:use-module (gnu system mapped-devices) #:use-module (nongnu packages linux) #:use-module (gnu packages linux) ; For ntfs-3g #:use-module (gnu packages mtools) ; For exfat #:use-module (gnu packages emacs-xyz) ; For EXWM #:use-module (gnu packages lisp) ; For stumpwm ;; #:use-module (gnu services docker) ;; For tor #:use-module (gnu services networking)) (use-service-modules desktop) (use-package-modules certs) (use-package-modules gnome) ;; (use-service-modules nix) ;; (use-package-modules bootloaders certs suckless) ; xorg (define %ambrevar/cdemu-vhba-udev-rule ;; For the "uaccess" tag to be applied properly, the rule must be executed ;; before the uaccess rule ;; (/run/current-system/profile/lib/udev/rules.d/70-uaccess.rules). (udev-rule "69-cdemu-vhba.rules" (string-append "KERNEL==\"vhba_ctl\", SUBSYSTEM==\"misc\", TAG+=\"uaccess\""))) ;; Mount Nitrokey ;; TODO: Check if plugdev works instead of users. If not, report to Nitrokey. ;; https://www.nitrokey.com/sites/default/files/41-nitrokey.rules (define %nitrokey-udev-rule (udev-rule "41-nitrokey.rules" (string-append "ACTION==\"add\", SUBSYSTEM==\"usb\", " "ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", " "ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", GROUP+=\"users\", MODE=\"0666\""))) ;; (define %nitrokey-udev-rule ;; (file->udev-rule ;; "41-nitrokey.rules" ;; (let ((version "20170910")) ;; (origin ;; (method url-fetch) ;; (uri "https://www.nitrokey.com/sites/default/files/41-nitrokey.rules") ;; (sha256 ;; (base32 "127nghkfd4dl5mkf5xl1mij2ylxhkgg08nlh912xwrrjyjv4y9sa")))))) (define-public %ambrevar/tor-config "ExitNodes {se},{nl},{fr},{ee},{no},{dk},{fi} StrictNodes 1") (define-public %ambrevar/services (cons* ;; (service nix-service-type) ;; (service docker-service-type) ;; (service cups-service-type ;; (cups-configuration ;; (web-interface? #t) ;; ;; hplip depends on a lot of Qt libraries. Use hplip-minimal instead? ;; ;; (extensions ;; ;; (list cups-filters escpr hplip)) ;; )) (service tor-service-type (tor-configuration (config-file (plain-file "tor.conf" %ambrevar/tor-config)))) ;; Use the "desktop" services, which include the X11 log-in service, networking ;; with Wicd, and more. (modify-services %desktop-services (guix-service-type config => (guix-configuration (inherit config) ;; Don't clean build deps. ;; See (info "(guix) Invoking guix-daemon"). ;; WARNING: This tends to yield an ever-growing store. ;; (extra-options '("--gc-keep-outputs")) ;; Specify substitutes manually. Defaults ;; should be good enough in most cases. (substitute-urls (list "https://ci.guix.gnu.org" "https://gx.bufio.org" ;; "https://qualif.ci.guix.gnu.org" ;; "https://berlin.guixsd.org" ;; "https://mirror.hydra.gnu.org" ;; "https://hydra.gnu.org" )))) (udev-service-type config => (udev-configuration (inherit config) (rules (append (udev-configuration-rules config) (list ;; %nitrokey-udev-rule %ambrevar/cdemu-vhba-udev-rule)))))))) (define-public default-operating-system (operating-system (host-name "ambrevar-system") (timezone "Europe/Paris") (locale "en_US.utf8") ;; TODO: Remove this once everything has been rebuilt using 2.29. (locale-libcs (list glibc-2.28 (canonical-package glibc))) ;; Use the UEFI variant of GRUB with the EFI System ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (timeout 1) (target "/boot/efi"))) (kernel linux) ;; (kernel-arguments ;; '("modprobe.blacklist=pcspkr" ;; "modprobe.blacklist=nouveau" ;; "pcie_port_pm=off")) (firmware (append (list iwlwifi-firmware vhba-module) %base-firmware)) ;; TODO: Remove all virtio modules. (initrd-modules (delete "virtio-rng" %base-initrd-modules)) ;; Assume the target root file system is labelled "guix", ;; and the EFI System Partition is specified by its UUID. (file-systems (cons* (file-system (device (file-system-label "guix")) (mount-point "/") (type "ext4")) ;; (file-system ;; (device (file-system-label "home")) ;; (mount-point "/home") ;; (type "ext4")) (file-system (device (uuid "4E30-891F" 'fat)) (mount-point "/boot/efi") (type "vfat")) (file-system (mount-point "/tmp") (device "none") (type "tmpfs") (check? #f)) %base-file-systems)) ;; (groups (cons* (user-group ;; (name "plugdev") ;; (system? #t)) ;; %base-groups)) (users (cons* (user-account (name "ambrevar") (group "users") (supplementary-groups '("wheel" "netdev" ; netdev is needed for networking. ;; "plugdev" ; TODO: Needed for nitrokey? ;; "audio" "lp" ; TODO: Needed for bluetooth? "video")) ;; TODO: Can we default to name? (home-directory "/home/ambrevar")) %base-user-accounts)) (packages (cons* nss-certs ; for HTTPS access ;; gvfs ; for user mounts ;; nix ntfs-3g exfat-utils ; TODO: Needed for macOS drives? fuse-exfat stumpwm emacs-exwm %base-packages)) (services %ambrevar/services) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)))