;; Ceci est une configuration de système d'exploitation générée par
;; l'installateur graphique.
;;
;; Une fois l'installation terminée, vous pouvez apprendre à modifier
;; ce fichier pour ajuster la configuration du système et le passer à
;; la commande « guix system reconfigure » pour rendre vos changements
;; effectifs.


;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration.
(use-modules (gnu))
(use-modules (srfi srfi-1))
(use-modules (gnu system setuid) (gnu packages cups))
(use-modules (nongnu packages linux) (nongnu system linux-initrd))
(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token)

(operating-system
  (locale "en_US.utf8")
  (timezone "Europe/Paris")
  (keyboard-layout (keyboard-layout "fr" "oss"))
  (host-name "HCX")
  
    (kernel linux)

  (initrd microcode-initrd)
  (firmware (list linux-firmware))

  ;; La liste des comptes utilisateurs (« root » est implicite).
  (users (cons* (user-account
                  (name "Lcx")
                  (comment "Lcx")
                  (group "users")
                  (home-directory "/home/Lcx")
                  (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin")))
                %base-user-accounts))

    ;; Quelques paquets installés au niveau du système.
  ;; On installe notamment network-manager et son extension pour openvpn, 
  ;; ou encore libvirt/virt-manager pour la virtualisation
  (packages (append (list (specification->package "nss-certs")  
                          (specification->package "qemu")  
                          (specification->package "virt-manager")  
                          (specification->package "libvirt")  
                          (specification->package "lvm2")  
                          (specification->package "mdadm")  
                          (specification->package "network-manager")  
                          (specification->package "network-manager-openvpn")  
                          (specification->package "atheros-firmware")  
                          (specification->package "xrandr")  
                          (specification->package "udisks")  
                          (specification->package "gvfs")  
                          (specification->package "ntfs-3g")  
                          (specification->package "testdisk")  
                          (specification->package "openssh")  
                          (specification->package "bind:utils")  
                          (specification->package "gnome-tweaks")  
                          (specification->package "os-prober")  
                          (specification->package "thin-provisioning-tools"))
                    %base-packages))

  ;; Voici la liste des services du système.  Pour trouver les services disponibles,
  ;; lancez « guix system search MOT-CLÉ » dans un terminal.
    (services
    (modify-services (append (list
      (service gnome-desktop-service-type)
      
      ;; Service de gestion des clés de chiffrement physique
      (service pcscd-service-type)

        (service cups-service-type
          (cups-configuration
            (web-interface? #t)
            (extensions
              (list cups-filters brlaser epson-inkjet-printer-escpr hplip-minimal))))
              
      ;; Service KVM/Libvirt pour virt-manager
      (service libvirt-service-type)
      (service virtlog-service-type)

      ;; Modification des limites mémoires pour les accès audio temps réel
      ;; (utile notamment pour Ardour)
      (pam-limits-service
        (list
          (pam-limits-entry "@audio" 'both 'rtprio 99)
          (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))

      ;; Configuration de l'environnement graphique (notamment clavier)
      (set-xorg-configuration
        (xorg-configuration (keyboard-layout keyboard-layout))))
        %desktop-services)

    ;; Configuration du service network-manager pour prendre en charge
    ;; OpenVPN
    (network-manager-service-type config => (network-manager-configuration 
      (inherit config)
      (vpn-plugins
        (list (specification->package "network-manager-openvpn")))))

    (guix-service-type config => (guix-configuration
      (inherit config)
      (extra-options '("--cores=10"))
      (substitute-urls
                (append (list "https://substitutes.nonguix.org")
                  %default-substitute-urls))
      (authorized-keys
        (append 
          (list 
            (plain-file "non-guix.pub" 
              (string-append 
                "(public-key"
                " (ecc "
                "  (curve Ed25519)"
                "  (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))
            %default-authorized-guix-keys))))))

  (bootloader (bootloader-configuration
                (bootloader grub-efi-bootloader)
                (targets (list "/boot/efi"))
                (keyboard-layout keyboard-layout)))
  (mapped-devices (list (mapped-device
                          (source (uuid
                                   "c2b84995-ab04-401c-a82b-41038b91548b"))
                          (target "cryptroot")
                          (type luks-device-mapping))))

  ;; The list of file systems that get "mounted".  The unique
  ;; file system identifiers there ("UUIDs") can be obtained
  ;; by running 'blkid' in a terminal.
  (file-systems (cons* (file-system
                         (mount-point "/boot/efi")
                         (device (uuid "1154-7620"
                                       'fat32))
                         (type "vfat"))
                       (file-system
                         (mount-point "/")
                         (device "/dev/mapper/cryptroot")
                         (type "ext4")
                         (dependencies mapped-devices)) %base-file-systems)))