From 438488f09d1dc3d85a6dd851ad61c58fe3a4b5bd Mon Sep 17 00:00:00 2001 From: 7032 <7032@noreply.localhost> Date: Tue, 2 Jan 2024 12:54:31 +0100 Subject: [PATCH] =?UTF-8?q?T=C3=A9l=C3=A9verser=20les=20fichiers=20vers=20?= =?UTF-8?q?"/"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- channels.scm | 10 +++ config.scm | 172 ++++++++++++++++++++++++++++++++++++++ config.scm (nvidia) | 182 +++++++++++++++++++++++++++++++++++++++++ home-configuration.scm | 40 +++++++++ manifest.scm | 117 ++++++++++++++++++++++++++ 5 files changed, 521 insertions(+) create mode 100644 channels.scm create mode 100644 config.scm create mode 100644 config.scm (nvidia) create mode 100644 home-configuration.scm create mode 100644 manifest.scm diff --git a/channels.scm b/channels.scm new file mode 100644 index 0000000..0554922 --- /dev/null +++ b/channels.scm @@ -0,0 +1,10 @@ +(cons* (channel + (name 'nonguix) + (url "https://gitlab.com/nonguix/nonguix") + ;; Enable signature verification: + (introduction + (make-channel-introduction + "897c1a470da759236cc11798f4e0a5f7d4d59fbc" + (openpgp-fingerprint + "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) + %default-channels) diff --git a/config.scm b/config.scm new file mode 100644 index 0000000..13d52ab --- /dev/null +++ b/config.scm @@ -0,0 +1,172 @@ +;; Ceci est une configuration de système d'exploitation générée par +;; l'installateur graphique. +;; +;; Une fois l'installation terminée, vous pouvez apprendre à modifier +;; ce fichier pour ajuster la configuration du système et le passer à +;; la commande « guix system reconfigure » pour rendre vos changements +;; effectifs. + + +;; Indique quels modules importer pour accéder aux variables +;; utilisées dans cette configuration. +(use-modules (gnu)) +(use-modules (srfi srfi-1)) +(use-modules (gnu system setuid) (gnu packages cups)) +(use-modules (nongnu packages linux) (nongnu system linux-initrd)) +(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token) + +;; Configuration spice personnalisée +;; Permet le partage de périphériques USB via virt-manager +;; Permet l'utilisation d'une nitrokey +(define %spice-rules + (udev-rule + "41-spice-and-nitrokey.rules" + (string-append "\ +SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\" +SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" +ACTION!=\"add|change\", GOTO=\"u2f_end\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\" +LABEL=\"u2f_end\" +SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\" +ACTION!=\"add\", GOTO=\"gnupg_rules_end\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +LABEL=\"gnupg_rules_end\" +KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\" +"))) + +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr" "oss")) + (host-name "HCX") + + (kernel linux) + + (initrd microcode-initrd) + (firmware (list linux-firmware)) + + ;; La liste des comptes utilisateurs (« root » est implicite). + (users (cons* (user-account + (name "Larry") + (comment "Larry") + (group "users") + (home-directory "/home/Larry") + (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin"))) + %base-user-accounts)) + + ;; Quelques paquets installés au niveau du système. + ;; On installe notamment network-manager et son extension pour openvpn, + ;; ou encore libvirt/virt-manager pour la virtualisation + (packages (append (list (specification->package "nss-certs") + (specification->package "qemu") + (specification->package "virt-manager") + (specification->package "libvirt") + (specification->package "lvm2") + (specification->package "mdadm") + (specification->package "network-manager") + (specification->package "network-manager-openvpn") + (specification->package "atheros-firmware") + (specification->package "xrandr") + (specification->package "udisks") + (specification->package "gvfs") + (specification->package "thin-provisioning-tools")) + %base-packages)) + + ;; Voici la liste des services du système. Pour trouver les services disponibles, + ;; lancez « guix system search MOT-CLÉ » dans un terminal. + (services + (modify-services (append (list + (service gnome-desktop-service-type) + + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + + (service cups-service-type + (cups-configuration + (web-interface? #t) + (extensions + (list cups-filters brlaser epson-inkjet-printer-escpr hplip-minimal)))) + + ;; Service KVM/Libvirt pour virt-manager + (service libvirt-service-type) + (service virtlog-service-type) + + ;; Application de la configuration spice personnalisée (définie plus haut) + (udev-rules-service 'spice %spice-rules #:groups '("spice")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (pam-limits-service + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + ;; Configuration de l'environnement graphique (notamment clavier) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + %desktop-services) + + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN + (network-manager-service-type config => (network-manager-configuration + (inherit config) + (vpn-plugins + (list (specification->package "network-manager-openvpn"))))) + + (guix-service-type config => (guix-configuration + (inherit config) + (extra-options '("--cores=10")) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append + (list + (plain-file "non-guix.pub" + (string-append + "(public-key" + " (ecc " + " (curve Ed25519)" + " (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))) + %default-authorized-guix-keys)))))) + + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + (mapped-devices (list (mapped-device + (source (uuid + "7d5e5911-f761-47ed-8b84-bcbe72abedf9")) + (target "cryptroot") + (type luks-device-mapping)))) + + ;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants + ;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent + ;; en exécutant « blkid » dans un terminal. + (file-systems (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "EF6D-F817" + 'fat32)) + (type "vfat")) + (file-system + (mount-point "/mnt") + (create-mount-point? #t) + (device (uuid "64194eb3-1fc6-4e73-b535-af3404a45b1f" + 'ext4)) + (type "ext4")) + (file-system + (mount-point "/") + (device "/dev/mapper/cryptroot") + (type "ext4") + (dependencies mapped-devices)) %base-file-systems))) diff --git a/config.scm (nvidia) b/config.scm (nvidia) new file mode 100644 index 0000000..8d81440 --- /dev/null +++ b/config.scm (nvidia) @@ -0,0 +1,182 @@ +;; Ceci est une configuration de système d'exploitation générée par +;; l'installateur graphique. +;; +;; Une fois l'installation terminée, vous pouvez apprendre à modifier +;; ce fichier pour ajuster la configuration du système et le passer à +;; la commande « guix system reconfigure » pour rendre vos changements +;; effectifs. + + +;; Indique quels modules importer pour accéder aux variables +;; utilisées dans cette configuration. +(use-modules (gnu)) +(use-modules (srfi srfi-1)) +(use-modules (gnu system setuid) (gnu packages cups)) +(use-modules (nongnu packages linux) (nongnu system linux-initrd) (nongnu packages nvidia) (nongnu services nvidia)) +(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token) + +;; Configuration spice personnalisée +;; Permet le partage de périphériques USB via virt-manager +;; Permet l'utilisation d'une nitrokey +(define %spice-rules + (udev-rule + "41-spice-and-nitrokey.rules" + (string-append "\ +SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\" +SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" +ACTION!=\"add|change\", GOTO=\"u2f_end\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\" +LABEL=\"u2f_end\" +SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\" +ACTION!=\"add\", GOTO=\"gnupg_rules_end\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +LABEL=\"gnupg_rules_end\" +KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\" +"))) + +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr")) + (host-name "HCX") + + (kernel linux-lts) + (kernel-loadable-modules (list nvidia-module)) + (kernel-arguments (append '("modprobe.blacklist=nouveau") + %default-kernel-arguments)) + + (initrd microcode-initrd) + (firmware (list linux-firmware)) + + ;; La liste des comptes utilisateurs (« root » est implicite). + (users (cons* (user-account + (name "larry") + (comment "Larry") + (group "users") + (home-directory "/home/larry") + (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin"))) + %base-user-accounts)) + + ;; Quelques paquets installés au niveau du système. + ;; On installe notamment network-manager et son extension pour openvpn, + ;; ou encore libvirt/virt-manager pour la virtualisation + (packages (append (list (specification->package "nss-certs") + (specification->package "qemu") + (specification->package "virt-manager") + (specification->package "libvirt") + (specification->package "lvm2") + (specification->package "mdadm") + (specification->package "network-manager") + (specification->package "network-manager-openvpn") + (specification->package "atheros-firmware") + (specification->package "mesa-utils") + (specification->package "xrandr") + (specification->package "libglvnd") + (specification->package "nvidia-driver") + (specification->package "nvidia-module") + (specification->package "nvidia-settings") + (specification->package "thin-provisioning-tools")) + %base-packages)) + + ;; Voici la liste des services du système. Pour trouver les services disponibles, + ;; lancez « guix system search MOT-CLÉ » dans un terminal. + (services + (modify-services (append (list + (service gnome-desktop-service-type) + (service nvidia-service-type) + + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + + (service cups-service-type + (cups-configuration + (web-interface? #t) + (extensions + (list cups-filters brlaser epson-inkjet-printer-escpr hplip-minimal)))) + + ;; Service KVM/Libvirt pour virt-manager + (service libvirt-service-type) + (service virtlog-service-type) + + ;; Application de la configuration spice personnalisée (définie plus haut) + (udev-rules-service 'spice %spice-rules #:groups '("spice")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (pam-limits-service + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + ;; Configuration de l'environnement graphique (notamment clavier) + (set-xorg-configuration + (xorg-configuration + (keyboard-layout keyboard-layout) + (modules (cons* nvidia-driver %default-xorg-modules)) + (drivers '("nvidia"))))) + %desktop-services) + + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN + (network-manager-service-type config => (network-manager-configuration + (inherit config) + (vpn-plugins + (list (specification->package "network-manager-openvpn"))))) + + (guix-service-type config => (guix-configuration + (inherit config) + (extra-options '("--cores=10")) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append + (list + (plain-file "non-guix.pub" + (string-append + "(public-key" + " (ecc " + " (curve Ed25519)" + " (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))) + %default-authorized-guix-keys)))))) + + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + (mapped-devices (list (mapped-device + (source (uuid + "À CHANGER")) + (target "cryptroot") + (type luks-device-mapping)))) + + ;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants + ;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent + ;; en exécutant « blkid » dans un terminal. + (file-systems (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "À CHANGER" + 'fat32)) + (type "vfat")) + (file-system + (mount-point "/mnt") + (create-mount-point? #t) + (device (uuid "À CHANGER" + 'ext4)) + (type "ext4")) + (file-system + (mount-point "/") + (device "/dev/mapper/cryptroot") + (type "ext4") + (dependencies mapped-devices)) %base-file-systems))) diff --git a/home-configuration.scm b/home-configuration.scm new file mode 100644 index 0000000..aa45789 --- /dev/null +++ b/home-configuration.scm @@ -0,0 +1,40 @@ +;; Ce fichier « home-environment » peut être passé à « guix home reconfigure » pour reproduire +;; le contenu de votre profil. Son contenu est « symbolique » : il ne spécifie que les +;; noms des paquets. Pour reproduire exactement le même profil, vous devez aussi +;; retenir les canaux utilisés, ceux renvoyés par « guix describe ». +;; Voir la section « Répliquer Guix » dans le manuel. + + +(use-modules (gnu home) + (gnu services) + (gnu packages) + (gnu packages gnupg) + (guix gexp) + (gnu home services shells) + (gnu home services gnupg)) + +(home-environment + (services + (list (service home-bash-service-type + (home-bash-configuration + (aliases '( + ("clear" . "printf '\\033c'") + ("dir" . "dir --color=auto") + ("egrep" . "egrep --color=auto") + ("fgrep" . "fgrep --color=auto") + ("grep" . "grep --color=auto") + ("la" . "ls -A") + ("ll" . "ls -l") + ("l" . "ls -CF") + ("ls" . "ls -p --color=auto") + ("vdir" . "vdir --color=auto"))) + (bashrc (list (local-file "/home/Larry/.config/guix/.bashrc" "bashrc"))) + (bash-profile (list (local-file + "/home/Larry/.config/guix/.bash_profile" + "bash_profile"))))) + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry-gnome3 "/bin/pinentry-gnome3")) + (ssh-support? #t)))))) + diff --git a/manifest.scm b/manifest.scm new file mode 100644 index 0000000..d362714 --- /dev/null +++ b/manifest.scm @@ -0,0 +1,117 @@ +;; Ce fichier « manifeste » peut être passé à « guix package -m » pour reproduire +;; le contenu de votre profil. Son contenu est « symbolique » : il ne spécifie que les +;; noms des paquets. Pour reproduire exactement le même profil, vous devez aussi +;; retenir les canaux utilisés, ceux renvoyés par « guix describe ». +;; Voir la section « Répliquer Guix » dans le manuel. + +(specifications->manifest + (list "kdenlive" + "icecat" + "audacity" + "0ad" + "nextcloud-client" + "gnome-font-viewer" + "xdg-desktop-portal" + "xdg-desktop-portal-gtk" + "dino" + "ardour" + "gnome-tweaks" + "gnome-builder" + "endeavour" + "dconf-editor" + "ffmpeg" + "avidemux" + "mpv" + "ungoogled-chromium" + "ublock-origin-chromium" + "pavucontrol" + "alsa-plugins" + "flatpak" + "yt-dlp" + "vlc" + "musescore" + "mumble" + "gimp" + "ghostwriter" + "supertuxkart" + "supertux" + "seahorse" + "hplip" + "inkscape" + "simplescreenrecorder" + "youtube-dl" + "obs" + "pngquant" + "icedove" + "meld" + "xournalpp" + "libreoffice" + "minetest" + "system-config-printer" + "lm-sensors" + "pinentry" + "gparted" + "openssh" + "gajim" + "gajim-omemo" + "git" + "dosage" + "licensecheck" + "rsync" + "recutils" + "gnupg" + "gzip" + "python" + "pandoc" + "fastboot" + "adb" + "ntfs-3g" + "man-pages" + "alsa-utils" + "font-liberation" + "gdb" + "testdisk" + "bind:utils" + "tig" + "bsd-games" + "gnome-shell-extension-dash-to-dock" + "curl" + "make" + "font-openmoji" + "gnome-shell-extension-transparent-window" + "gnome-shell-extension-appindicator" + "gnome-shell-extension-burn-my-windows" + "gnome-shell-extension-blur-my-shell" + "gnome-shell-extension-just-perfection" + "gnome-shell-extension-clipboard-indicator" + "neofetch" + "bash-completion" + "blender" + "aircrack-ng" + "nmap" + "kodi" + "rhythmbox" + "filezilla" + "retroarch" + "clamav" + "calibre" + "bitmask" + "tor-client" + "steam" + "signal-desktop" + "giara" + "pipe-viewer" + "gaupol" + "emacs" + "handbrake" + "darktable" + "krita" + "mediainfo" + "shotcut" + "pdfarranger" + "tuba" + "josm" + "marble-qt" + "deluge" + "lmms" + "komikku"))