Config_Guix/config.scm

173 lines
8.0 KiB
Scheme
Raw Normal View History

2024-01-02 12:54:31 +01:00
;; Ceci est une configuration de système d'exploitation générée par
;; l'installateur graphique.
;;
;; Une fois l'installation terminée, vous pouvez apprendre à modifier
;; ce fichier pour ajuster la configuration du système et le passer à
;; la commande « guix system reconfigure » pour rendre vos changements
;; effectifs.
;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration.
(use-modules (gnu))
(use-modules (srfi srfi-1))
(use-modules (gnu system setuid) (gnu packages cups))
(use-modules (nongnu packages linux) (nongnu system linux-initrd))
(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token)
;; Configuration spice personnalisée
;; Permet le partage de périphériques USB via virt-manager
;; Permet l'utilisation d'une nitrokey
(define %spice-rules
(udev-rule
"41-spice-and-nitrokey.rules"
(string-append "\
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
ACTION!=\"add|change\", GOTO=\"u2f_end\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\"
LABEL=\"u2f_end\"
SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\"
ACTION!=\"add\", GOTO=\"gnupg_rules_end\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
LABEL=\"gnupg_rules_end\"
KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
")))
(operating-system
(locale "fr_FR.utf8")
(timezone "Europe/Paris")
(keyboard-layout (keyboard-layout "fr" "oss"))
(host-name "HCX")
(kernel linux)
(initrd microcode-initrd)
(firmware (list linux-firmware))
;; La liste des comptes utilisateurs (« root » est implicite).
(users (cons* (user-account
(name "Larry")
(comment "Larry")
(group "users")
(home-directory "/home/Larry")
(supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin")))
%base-user-accounts))
;; Quelques paquets installés au niveau du système.
;; On installe notamment network-manager et son extension pour openvpn,
;; ou encore libvirt/virt-manager pour la virtualisation
(packages (append (list (specification->package "nss-certs")
(specification->package "qemu")
(specification->package "virt-manager")
(specification->package "libvirt")
(specification->package "lvm2")
(specification->package "mdadm")
(specification->package "network-manager")
(specification->package "network-manager-openvpn")
(specification->package "atheros-firmware")
(specification->package "xrandr")
(specification->package "udisks")
(specification->package "gvfs")
(specification->package "thin-provisioning-tools"))
%base-packages))
;; Voici la liste des services du système. Pour trouver les services disponibles,
;; lancez « guix system search MOT-CLÉ » dans un terminal.
(services
(modify-services (append (list
(service gnome-desktop-service-type)
;; Service de gestion des clés de chiffrement physique
(service pcscd-service-type)
(service cups-service-type
(cups-configuration
(web-interface? #t)
(extensions
2024-03-06 12:14:00 +01:00
(list cups-filters brlaser epson-inkjet-printer-escpr hplip-minimal))))
2024-01-02 12:54:31 +01:00
;; Service KVM/Libvirt pour virt-manager
(service libvirt-service-type)
(service virtlog-service-type)
;; Application de la configuration spice personnalisée (définie plus haut)
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
;; Modification des limites mémoires pour les accès audio temps réel
;; (utile notamment pour Ardour)
(pam-limits-service
(list
(pam-limits-entry "@audio" 'both 'rtprio 99)
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
;; Configuration de l'environnement graphique (notamment clavier)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))))
%desktop-services)
;; Configuration du service network-manager pour prendre en charge
;; OpenVPN
(network-manager-service-type config => (network-manager-configuration
(inherit config)
(vpn-plugins
(list (specification->package "network-manager-openvpn")))))
(guix-service-type config => (guix-configuration
(inherit config)
(extra-options '("--cores=10"))
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append
(list
(plain-file "non-guix.pub"
(string-append
"(public-key"
" (ecc "
" (curve Ed25519)"
" (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))
%default-authorized-guix-keys))))))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets (list "/boot/efi"))
(keyboard-layout keyboard-layout)))
(mapped-devices (list (mapped-device
(source (uuid
"7d5e5911-f761-47ed-8b84-bcbe72abedf9"))
(target "cryptroot")
(type luks-device-mapping))))
;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants
;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent
;; en exécutant « blkid » dans un terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "EF6D-F817"
'fat32))
(type "vfat"))
(file-system
(mount-point "/mnt")
(create-mount-point? #t)
(device (uuid "64194eb3-1fc6-4e73-b535-af3404a45b1f"
'ext4))
(type "ext4"))
(file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "ext4")
(dependencies mapped-devices)) %base-file-systems)))