(use-modules (gnu) (srfi srfi-1) (gnu system nss) (gnu services pm) (g

1. (use-modules
2. (gnu)
3. (srfi srfi-1)
4. (gnu system nss)
5. (gnu services pm)
6. (gnu services ssh)
7. (gnu services cups)
8. (gnu services guix)
9. (gnu services desktop)
10. (gnu services docker)
11. (gnu services networking)
12. (gnu services virtualization)
13. (gnu packages wm)
14. (gnu packages cups)
15. (gnu packages vim)
16. (gnu packages gtk)
17. (gnu packages xorg)
18. (gnu packages emacs)
19. (gnu packages file-systems)
20. (gnu packages gnome)
21. (gnu packages mtools)
22. (gnu packages linux)
23. (gnu packages audio)
24. (gnu packages gnuzilla)
25. (gnu packages web-browsers)
26. (gnu packages version-control)
27. (gnu packages package-management)
28. (nongnu packages linux)
29. (nongnu system linux-initrd))
30.  
31. (use-service-modules nix desktop networking xorg ssh)
32. (use-package-modules certs shells ssh)
33.  
34. ;; Allow members of the "video" group to change the screen brightness.
35. (define %backlight-udev-rule
36. (udev-rule
37. "90-backlight.rules"
38. (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
39. "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
40. "\n"
41. "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
42. "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
43.  
44. ;; Modify configurations of default %desktop-services
45. (define %my-desktop-services
46. (modify-services %desktop-services
47. ;; Configure the substitute server for the Nonguix repo
48. (guix-service-type
49. config =>
50. (guix-configuration
51. (inherit config)
52. (substitute-urls
53. (append (list "https://substitutes.nonguix.org")
54. %default-substitute-urls))
55. (authorized-keys
56. (append (list (plain-file "nonguix.pub" "(public-key
57. (ecc
58. (curve Ed25519)
59. (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
60. )
61. )"))
62. %default-authorized-guix-keys))))
63.  
64. ;; Suspend the machine when the laptop lid is closed
65. (elogind-service-type config =>
66. (elogind-configuration (inherit config)
67. (handle-lid-switch-external-power 'suspend)))
68.  
69. ;; Enable backlight control rules for users
70. (udev-service-type config =>
71. (udev-configuration (inherit config)
72. (rules (cons %backlight-udev-rule
73. (udev-configuration-rules config)))))
74.  
75. ;; Add OpenVPN support to NetworkManager
76. (network-manager-service-type config =>
77. (network-manager-configuration (inherit config)
78. (vpn-plugins (list network-manager-openvpn))))))
79.  
80. ;; Define a libinput configuration that works well for modern touchpads
81. (define %xorg-libinput-config
82. "Section \"InputClass\"
83. Identifier \"Touchpads\"
84. Driver \"libinput\"
85. MatchDevicePath \"/dev/input/event*\"
86. MatchIsTouchpad \"on\"
87.  
88. Option \"Tapping\" \"on\"
89. Option \"TappingDrag\" \"on\"
90. Option \"DisableWhileTyping\" \"on\"
91. Option \"MiddleEmulation\" \"on\"
92. Option \"ScrollMethod\" \"twofinger\"
93. EndSection
94. Section \"InputClass\"
95. Identifier \"Keyboards\"
96. Driver \"libinput\"
97. MatchDevicePath \"/dev/input/event*\"
98. MatchIsKeyboard \"on\"
99. EndSection
100. ")
101.  
102. (define-public base-operating-system
103. (operating-system
104. (host-name "proto")
105. (timezone "Europe/Zurich")
106. ;(timezone "America/Los_Angeles")
107. (locale "en_US.utf8")
108.  
109. ;; Use non-free Linux and firmware
110. (kernel linux)
111. (firmware (list linux-firmware))
112. (initrd microcode-initrd)
113.  
114. ;; Additional kernel modules
115. (kernel-loadable-modules (list v4l2loopback-linux-module))
116.  
117. ;; Choose US English keyboard layout. The "altgr-intl"
118. ;; variant provides dead keys for accented characters.
119. (keyboard-layout (keyboard-layout "us"))
120.  
121. ;; Use the UEFI variant of GRUB with the EFI System
122. ;; Partition mounted on /boot/efi.
123. (bootloader (bootloader-configuration
124. (bootloader grub-efi-bootloader)
125. (targets '("/boot/efi"))
126. (keyboard-layout keyboard-layout)))
127.  
128.  
129. ;; Guix doesn't like it when there isn't a file-systems
130. ;; entry, so add one that is meant to be overridden
131. (file-systems (cons*
132. (file-system
133. (device (file-system-label "system-root"))
134. (mount-point "/")
135. (type "ext4")
136. (dependencies mapped-devices))
137. (file-system
138. (device "/dev/nvme0n1p2")
139. (mount-point "/boot/efi")
140. (type "vfat"))
141. %base-file-systems))))
142.  
143.  
144. (users (cons (user-account
145. (name "rostick")
146. (comment "rostick")
147. (group "users")
148. (home-directory "/home/rostick")
149. (supplementary-groups '("wheel" ;; sudo
150. "netdev" ;; network devices
151. "kvm"
152. "tty"
153. "input"
154. "docker"
155. "realtime" ;; Enable realtime scheduling
156. "lp" ;; control bluetooth devices
157. "audio" ;; control audio devices
158. "video"))) ;; control video devices
159.  
160. %base-user-accounts))
161.  
162. ;; Add the 'realtime' group
163. (groups (cons (user-group (system? #t) (name "realtime"))
164. %base-groups))
165.  
166. ;; Install bare-minimum system packages
167. (packages (append (map specification->package
168. '("git"
169. "ntfs-3g"
170. "exfat-utils"
171. "fuse-exfat"
172. "stow"
173. "vim"
174. "emacs"
175. "xterm"
176. "bluez"
177. "bluez-alsa"
178. "tlp"
179. "xf86-input-libinput"
180. "nss-certs" ;; SSL root certificates
181. "gvfs")) ;; Enable user mounts
182. %base-packages))
183.  
184. ;; Use the "desktop" services, which include the X11 log-in service,
185. ;; networking with NetworkManager, and more
186. (services (cons* (service slim-service-type
187. (slim-configuration
188. (xorg-configuration
189. (xorg-configuration
190. (keyboard-layout keyboard-layout)
191. (extra-config (list %xorg-libinput-config))))))
192.  
193. ;; Power and thermal management services
194. (service thermald-service-type)
195. (service tlp-service-type
196. (tlp-configuration
197. (cpu-boost-on-ac? #t)
198. (wifi-pwr-on-bat? #t)))
199.  
200. ;; Enable JACK to enter realtime mode
201. (pam-limits-service
202. (list
203. (pam-limits-entry "@realtime" 'both 'rtprio 99)
204. (pam-limits-entry "@realtime" 'both 'nice -19)
205. (pam-limits-entry "@realtime" 'both 'memlock 'unlimited)))
206.  
207. ;; Enable /usr/bin/env in shell scripts
208. (extra-special-file "/usr/bin/env"
209. (file-append coreutils "/bin/env"))
210.  
211. ;; Enable Docker containers and virtual machines
212. (service docker-service-type)
213. (service libvirt-service-type
214. (libvirt-configuration
215. (unix-sock-group "libvirt")
216. (tls-port "16555")))
217.  
218. ;; Enable SSH access
219. (service openssh-service-type
220. (openssh-configuration
221. (openssh openssh-sans-x)
222. (port-number 2222)))
223.  
224. ;; Enable the printing service
225. (service cups-service-type
226. (cups-configuration
227. (web-interface? #t)
228. (extensions
229. (list cups-filters))))
230.  
231. ;; Add udev rules to enable PipeWire use
232. (udev-rules-service 'pipewire-add-udev-rules pipewire-0.3)
233.  
234. ;; Enable the build service for Nix package manager
235. (service nix-service-type)
236.  
237. ;; Enable the bluetooth service
238. (bluetooth-service #:auto-enable? #t)
239.  
240. ;; Remove GDM, we're using SLiM instead
241. (remove (lambda (service)
242. (eq? (service-kind service) gdm-service-type))
243. %my-desktop-services)))
244.  
245. ;; Allow resolution of '.local' host names with mDNS
246. (name-service-switch %mdns-host-lookup-nss)))
247.