837 lines
26 KiB
Scheme
837 lines
26 KiB
Scheme
|
;;;
|
|||
|
;;; Configurations GNU Guix des ordinateurs de neox
|
|||
|
;;;
|
|||
|
;;; Copyright (C) 2024 Adrien 'neox' Bourmault <neox@gnu.org>
|
|||
|
;;;
|
|||
|
;;; This is free software; you can redistribute it and/or modify it
|
|||
|
;;; under the terms of the GNU General Public License as published by
|
|||
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|||
|
;;; your option) any later version.
|
|||
|
;;;
|
|||
|
;;; This is distributed in the hope that it will be useful, but
|
|||
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|||
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|||
|
;;; GNU General Public License for more details.
|
|||
|
;;;
|
|||
|
;;; You should have received a copy of the GNU General Public License
|
|||
|
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
|
|||
|
|
|||
|
|
|||
|
;; Indique quels modules importer pour accéder aux variables
|
|||
|
;; utilisées dans cette configuration.
|
|||
|
(use-modules
|
|||
|
(gnu)
|
|||
|
(gnu home)
|
|||
|
(gnu home services gnupg)
|
|||
|
(gnu home services shells)
|
|||
|
(gnu packages)
|
|||
|
(gnu packages autotools)
|
|||
|
(gnu packages avahi)
|
|||
|
(gnu packages base)
|
|||
|
(gnu packages bash)
|
|||
|
(gnu packages boost)
|
|||
|
(gnu packages build-tools)
|
|||
|
(gnu packages compression)
|
|||
|
(gnu packages cups)
|
|||
|
(gnu packages freedesktop)
|
|||
|
(gnu packages freedesktop)
|
|||
|
(gnu packages ftp)
|
|||
|
(gnu packages gettext)
|
|||
|
(gnu packages ghostscript)
|
|||
|
(gnu packages glib)
|
|||
|
(gnu packages gnome)
|
|||
|
(gnu packages gnupg)
|
|||
|
(gnu packages gtk)
|
|||
|
(gnu packages image)
|
|||
|
(gnu packages imagemagick)
|
|||
|
(gnu packages libusb)
|
|||
|
(gnu packages linux)
|
|||
|
(gnu packages messaging)
|
|||
|
(gnu packages pkg-config)
|
|||
|
(gnu packages python)
|
|||
|
(gnu packages scanner)
|
|||
|
(gnu packages textutils)
|
|||
|
(gnu packages tls)
|
|||
|
(gnu packages xml)
|
|||
|
(gnu services)
|
|||
|
(guix build-system gnu)
|
|||
|
(guix gexp)
|
|||
|
(guix git-download)
|
|||
|
(guix download)
|
|||
|
((guix licenses) #:prefix license:)
|
|||
|
(guix packages)
|
|||
|
(guix utils)
|
|||
|
(srfi srfi-1))
|
|||
|
|
|||
|
(use-service-modules
|
|||
|
cups
|
|||
|
desktop
|
|||
|
guix
|
|||
|
networking
|
|||
|
ssh
|
|||
|
xorg
|
|||
|
virtualization
|
|||
|
vpn
|
|||
|
security-token)
|
|||
|
|
|||
|
;; Paquets personnalisés
|
|||
|
|
|||
|
;; Outils GNU Boot
|
|||
|
(define gnuboot-version "0.1-rc4")
|
|||
|
(define gnuboot-source
|
|||
|
(origin
|
|||
|
(method url-fetch)
|
|||
|
(uri (string-append "mirror://gnu/gnuboot/gnuboot-" gnuboot-version
|
|||
|
"/gnuboot-" gnuboot-version "_src.tar.xz"))
|
|||
|
(sha256
|
|||
|
(base32
|
|||
|
"0nc0qjbrnxvs20g36irj11prmrmyk8d8f256xiyxcarnxc0sigfw"))))
|
|||
|
|
|||
|
(define
|
|||
|
(make-gnuboot-utils-package
|
|||
|
name
|
|||
|
source
|
|||
|
version
|
|||
|
synopsis
|
|||
|
description)
|
|||
|
(package
|
|||
|
(name name)
|
|||
|
(version version)
|
|||
|
(source source)
|
|||
|
(build-system gnu-build-system)
|
|||
|
(arguments
|
|||
|
(list
|
|||
|
#:tests? #f
|
|||
|
#:make-flags
|
|||
|
#~(list
|
|||
|
(string-append "CC=" #$(cc-for-target))
|
|||
|
(string-append "DESTDIR=" #$output)
|
|||
|
"INSTALL=install"
|
|||
|
"PREFIX=/")
|
|||
|
#:phases
|
|||
|
#~(modify-phases
|
|||
|
%standard-phases
|
|||
|
(delete 'configure)
|
|||
|
(add-after
|
|||
|
'unpack 'enter-source
|
|||
|
(lambda _
|
|||
|
(chdir (string-append "coreboot/default/util/" #$name)))))))
|
|||
|
(synopsis synopsis)
|
|||
|
(description description)
|
|||
|
(home-page "https://www.gnu.org/software/gnuboot")
|
|||
|
(license license:gpl2)))
|
|||
|
|
|||
|
(define cbfstool
|
|||
|
(make-gnuboot-utils-package
|
|||
|
"cbfstool"
|
|||
|
gnuboot-source
|
|||
|
gnuboot-version
|
|||
|
"Tool to manipulate Coreboot image files"
|
|||
|
"This package provides @command{cbfstool}, a program that can
|
|||
|
add a wide variety of files (bootblock, stage, payload, configuration
|
|||
|
files, etc) to Coreboot File System (CBFS) images. It supports
|
|||
|
original CBFS images as well as images in the newer FMAP format. It
|
|||
|
also supports compressing files when requested."))
|
|||
|
|
|||
|
(define ifdtool
|
|||
|
(make-gnuboot-utils-package
|
|||
|
"ifdtool"
|
|||
|
gnuboot-source
|
|||
|
gnuboot-version
|
|||
|
""
|
|||
|
""))
|
|||
|
|
|||
|
(define nvramtool
|
|||
|
(make-gnuboot-utils-package
|
|||
|
"nvramtool"
|
|||
|
gnuboot-source
|
|||
|
gnuboot-version
|
|||
|
""
|
|||
|
""))
|
|||
|
|
|||
|
(define gnupload
|
|||
|
(package
|
|||
|
(name "gnupload")
|
|||
|
(version (package-version gnulib))
|
|||
|
(source (package-source gnulib))
|
|||
|
(arguments
|
|||
|
(list #:tests? #f
|
|||
|
#:phases
|
|||
|
#~(modify-phases
|
|||
|
%standard-phases
|
|||
|
(add-after 'unpack 'chdir
|
|||
|
(lambda _ (chdir "build-aux")))
|
|||
|
(delete 'bootstrap)
|
|||
|
(delete 'configure)
|
|||
|
(delete 'build)
|
|||
|
(replace
|
|||
|
'install
|
|||
|
(lambda _
|
|||
|
(install-file
|
|||
|
"gnupload"
|
|||
|
(string-append #$output "/bin/")))))))
|
|||
|
(build-system gnu-build-system)
|
|||
|
(inputs (list
|
|||
|
bash ;; case esac break read eval shift exit
|
|||
|
coreutils ;; echo test shift rm cat
|
|||
|
gnupg ;; gpg gpg-agent
|
|||
|
grep ;; grep
|
|||
|
ncftp ;; ncftpput
|
|||
|
sed)) ;; sed
|
|||
|
(synopsis "")
|
|||
|
(description "")
|
|||
|
(home-page "")
|
|||
|
(license license:gpl2+)))
|
|||
|
|
|||
|
(define sane-custom-minimal
|
|||
|
(package
|
|||
|
(name "sane-custom-minimal")
|
|||
|
(version "1.3.1")
|
|||
|
(source (origin
|
|||
|
(method git-fetch)
|
|||
|
(uri (git-reference
|
|||
|
(url "https://gitlab.com/sane-project/backends")
|
|||
|
(commit version)))
|
|||
|
(file-name (git-file-name name version))
|
|||
|
(sha256
|
|||
|
(base32 "1fb6shx9bz0svcyasmyqs93rbbwq7kzg6l0h1zh3kjvcwhchyv72"))
|
|||
|
(modules '((guix build utils)))
|
|||
|
(snippet
|
|||
|
;; Generated HTML files and udev rules normally embed a
|
|||
|
;; timestamp. Work around that to build things reproducibly.
|
|||
|
'(begin
|
|||
|
(substitute* "tools/sane-desc.c"
|
|||
|
(("asctime \\(localtime \\(¤t_time\\)\\)")
|
|||
|
"\"1970-01-01\""))))))
|
|||
|
(build-system gnu-build-system)
|
|||
|
(native-inputs
|
|||
|
`(("autoconf" ,autoconf)
|
|||
|
("autoconf-archive" ,autoconf-archive)
|
|||
|
("automake" ,automake)
|
|||
|
("gettext" ,gettext-minimal)
|
|||
|
("libtool" ,libtool)
|
|||
|
("pkg-config" ,pkg-config)
|
|||
|
;; For scripts/pixma_gen_options.py.
|
|||
|
("python" ,python-wrapper)))
|
|||
|
(inputs
|
|||
|
(list libusb))
|
|||
|
(arguments
|
|||
|
`(#:configure-flags '("--with-lockdir=/var/lock/sane") ;; Avoid errors with plustek
|
|||
|
#:phases
|
|||
|
(modify-phases %standard-phases
|
|||
|
(add-before 'bootstrap 'zap-unnecessary-git-dependency
|
|||
|
(lambda _
|
|||
|
;; This runs before default patch-shebangs phase.
|
|||
|
(substitute* "tools/git-version-gen"
|
|||
|
(("/bin/sh") (which "sh")))
|
|||
|
(with-output-to-file ".tarball-version"
|
|||
|
(lambda _ (format #t ,version)))))
|
|||
|
(add-before 'configure 'disable-lockdir-creation
|
|||
|
(lambda _
|
|||
|
;; Modify the Makefile.am to prevent the creation of the lock dir
|
|||
|
(substitute* "backend/Makefile.am"
|
|||
|
(("^install-lockpath:.*$")
|
|||
|
"install-lockpath: # pass"))))
|
|||
|
(add-before 'configure 'disable-backends
|
|||
|
(lambda _
|
|||
|
(setenv "BACKENDS" " ")
|
|||
|
|
|||
|
;; Disable tests that may require back ends to be built.
|
|||
|
(substitute* "testsuite/Makefile.in"
|
|||
|
((" backend ") " "))))
|
|||
|
(add-before 'configure 'disable-failing-tests
|
|||
|
(lambda _
|
|||
|
;; Disable unmaintained tests that that fail with errors resembling:
|
|||
|
;;
|
|||
|
;; < # by sane-desc 3.5 from sane-backends 1.0.24git on Jul 31 2013
|
|||
|
;; ---
|
|||
|
;; > # by sane-desc 3.5 from sane-backends 1.0.27 on 1970-01-01#
|
|||
|
;; FAIL: sane-desc -m usermap -s ./data
|
|||
|
(for-each
|
|||
|
(lambda (pattern)
|
|||
|
(substitute* "testsuite/tools/Makefile.in"
|
|||
|
(((string-append " " pattern " ")) " ")))
|
|||
|
(list "usermap" "db" "udev" "udev\\+acl" "udev\\+hwdb" "hwdb"))
|
|||
|
|
|||
|
;; Disable tests that try to connect to actual USB hardware & fail
|
|||
|
;; with the following error when no USB access is allowed at all:
|
|||
|
;;
|
|||
|
;; sanei_usb_test: sanei_usb_test.c:849: main: Assertion
|
|||
|
;; `test_init (1)' failed.
|
|||
|
(substitute* "testsuite/sanei/Makefile.in"
|
|||
|
(("sanei_usb_test\\$\\(EXEEXT\\) ") ""))))
|
|||
|
(add-before 'build 'build-pixma_sane_options.c
|
|||
|
;; "No rule to make target '../backend/pixma/pixma_sane_options.c',
|
|||
|
;; needed by 'sane-backends.pot-update'."
|
|||
|
(lambda _
|
|||
|
(invoke "make" "-C" "backend" "pixma/pixma_sane_options.c")))
|
|||
|
(add-after 'install 'install-udev-rules
|
|||
|
(lambda* (#:key outputs #:allow-other-keys)
|
|||
|
(let ((out (assoc-ref outputs "out")))
|
|||
|
(mkdir-p (string-append out "/lib/udev/rules.d"))
|
|||
|
(copy-file "tools/udev/libsane.rules"
|
|||
|
(string-append out
|
|||
|
"/lib/udev/rules.d/"
|
|||
|
"60-libsane.rules")))))
|
|||
|
(add-after 'install 'make-reproducible
|
|||
|
;; XXX Work around an old bug <https://issues.guix.gnu.org/26247>.
|
|||
|
;; Then work around "Throw to key `decoding-error' ..." by using sed.
|
|||
|
(lambda* (#:key outputs #:allow-other-keys)
|
|||
|
(let* ((out (assoc-ref outputs "out"))
|
|||
|
(locale (string-append out "/share/locale")))
|
|||
|
(with-directory-excursion locale
|
|||
|
(for-each (lambda (file)
|
|||
|
(invoke "sed" "-i" "/^PO-Revision-Date:/d" file))
|
|||
|
(list "en@boldquot/LC_MESSAGES/sane-backends.mo"
|
|||
|
"en@quot/LC_MESSAGES/sane-backends.mo")))))))))
|
|||
|
(home-page "http://www.sane-project.org")
|
|||
|
(synopsis
|
|||
|
"Raster image scanner library and drivers, without scanner support")
|
|||
|
(description "SANE stands for \"Scanner Access Now Easy\" and is an API
|
|||
|
proving access to any raster image scanner hardware (flatbed scanner,
|
|||
|
hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The
|
|||
|
package contains the library, but no drivers.")
|
|||
|
(license license:gpl2+))) ; plus linking exception
|
|||
|
|
|||
|
(define sane-custom-backends
|
|||
|
(package/inherit sane-custom-minimal
|
|||
|
(name "sane-custom-backends")
|
|||
|
(inputs
|
|||
|
`(("hplip" ,(@ (gnu packages cups) hplip-minimal))
|
|||
|
("libjpeg" ,libjpeg-turbo) ; for pixma/epsonds/other back ends
|
|||
|
("libpng" ,libpng) ; support ‘scanimage --format=png’
|
|||
|
("libxml2" ,libxml2) ; for pixma back end
|
|||
|
,@(package-inputs sane-backends-minimal)))
|
|||
|
(arguments
|
|||
|
(substitute-keyword-arguments (package-arguments sane-custom-minimal)
|
|||
|
((#:phases phases)
|
|||
|
`(modify-phases ,phases
|
|||
|
(delete 'disable-backends)
|
|||
|
(add-after 'disable-failing-tests 'disable-failing-backend-tests
|
|||
|
(lambda _
|
|||
|
;; Disable test that fails on i686:
|
|||
|
;; <https://bugs.gnu.org/39449>
|
|||
|
(substitute* "testsuite/backend/genesys/Makefile.in"
|
|||
|
((" genesys_unit_tests\\$\\(EXEEXT\\)") ""))
|
|||
|
#t))
|
|||
|
(add-after 'unpack 'add-backends
|
|||
|
(lambda _
|
|||
|
(substitute* "backend/dll.conf.in"
|
|||
|
(("hp5590" all) (format #f "~a~%~a" all "hpaio")))
|
|||
|
#t))
|
|||
|
(add-after 'install 'install-hpaio
|
|||
|
(lambda* (#:key inputs outputs #:allow-other-keys)
|
|||
|
(define hplip (string-append (assoc-ref inputs "hplip")
|
|||
|
"/lib/sane"))
|
|||
|
(define out (string-append (assoc-ref outputs "out")
|
|||
|
"/lib/sane"))
|
|||
|
(for-each
|
|||
|
(lambda (file)
|
|||
|
(symlink file (string-append out "/" (basename file))))
|
|||
|
(find-files hplip))
|
|||
|
#t))))))
|
|||
|
(synopsis
|
|||
|
"Raster image scanner library and drivers, with scanner support")
|
|||
|
(description "SANE stands for \"Scanner Access Now Easy\" and is an API
|
|||
|
proving access to any raster image scanner hardware (flatbed scanner,
|
|||
|
hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The
|
|||
|
package contains the library and drivers.")))
|
|||
|
|
|||
|
(define simple-scan-custom
|
|||
|
(package
|
|||
|
(inherit simple-scan) ; Inherit from the original 'simple-scan'
|
|||
|
(name "simple-scan-custom") ; Override the package name
|
|||
|
(inputs
|
|||
|
(modify-inputs (package-inputs simple-scan)
|
|||
|
(replace "sane-backends" sane-custom-backends))))) ; Replace the input
|
|||
|
|
|||
|
;; Service personnalisé
|
|||
|
|
|||
|
(define %sane-custom-accounts
|
|||
|
;; The '60-libsane.rules' udev rules refers to the "scanner" group.
|
|||
|
(list (user-group (name "scanner") (system? #t))))
|
|||
|
|
|||
|
(define %sane-custom-activation
|
|||
|
#~(begin
|
|||
|
(use-modules (guix build utils))
|
|||
|
(let ((lockpath "/var/lock/sane")
|
|||
|
(gid (vector-ref (getgrnam "scanner") 2)))
|
|||
|
;; Create the lock directory at runtime and give right perms
|
|||
|
(mkdir-p lockpath)
|
|||
|
(chown lockpath -1 gid)
|
|||
|
(chmod lockpath #o770))
|
|||
|
#t))
|
|||
|
|
|||
|
(define sane-custom-service-type
|
|||
|
(service-type
|
|||
|
(name 'sane)
|
|||
|
(description
|
|||
|
"Custom SANE service")
|
|||
|
(default-value sane-custom-minimal)
|
|||
|
(extensions
|
|||
|
(list (service-extension udev-service-type list)
|
|||
|
(service-extension activation-service-type
|
|||
|
(const %sane-custom-activation))
|
|||
|
(service-extension account-service-type
|
|||
|
(const %sane-custom-accounts))))))
|
|||
|
|
|||
|
;; Configuration sudoer personnalisée
|
|||
|
|
|||
|
(define %sudoers-specification
|
|||
|
(plain-file "sudoers" "\
|
|||
|
root ALL=(ALL) ALL
|
|||
|
%wheel ALL=(ALL) NOPASSWD: ALL
|
|||
|
"))
|
|||
|
|
|||
|
;; Configuration spice personnalisée
|
|||
|
(define %nk3-rules
|
|||
|
(udev-rule
|
|||
|
"42-nk3.rules"
|
|||
|
(string-append "\
|
|||
|
ACTION!=\"add|change\", GOTO=\"u2f_end\"
|
|||
|
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
|
|||
|
LABEL=\"u2f_end\"
|
|||
|
")))
|
|||
|
|
|||
|
|
|||
|
;; Fichiers de configuration du home
|
|||
|
|
|||
|
(define %bashrc_content
|
|||
|
(plain-file "bashrc" "\
|
|||
|
if [ -n \"$GUIX_ENVIRONMENT\" ]
|
|||
|
then
|
|||
|
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
|
|||
|
else
|
|||
|
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
|
|||
|
fi
|
|||
|
|
|||
|
PATH=\"$PATH:~/.local/bin\"
|
|||
|
|
|||
|
guix() {
|
|||
|
if [[ \"$1\" == \"install\" ]]; then
|
|||
|
echo \"Tu es débile, ou bien ?\"
|
|||
|
elif [[ \"$1\" == \"remove\" ]]; then
|
|||
|
echo \"Tu es débile, ou bien ?\"
|
|||
|
else
|
|||
|
command guix \"$@\"
|
|||
|
fi
|
|||
|
}
|
|||
|
|
|||
|
if [[ ! -n \"$SSH_CLIENT\" ]]; then
|
|||
|
unset SSH_AGENT_PID
|
|||
|
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
|
|||
|
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
|
|||
|
fi
|
|||
|
fi"))
|
|||
|
|
|||
|
(define %profile_content
|
|||
|
(plain-file "profile" "\
|
|||
|
if [[ ! -n \"$SSH_CLIENT\" ]]; then
|
|||
|
unset SSH_AGENT_PID
|
|||
|
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
|
|||
|
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
|
|||
|
fi
|
|||
|
fi"))
|
|||
|
|
|||
|
(define %home_configuration
|
|||
|
(home-environment
|
|||
|
(services
|
|||
|
(list
|
|||
|
(service home-bash-service-type
|
|||
|
(home-bash-configuration
|
|||
|
(environment-variables
|
|||
|
'(
|
|||
|
("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
|
|||
|
("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
|
|||
|
("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
|
|||
|
("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
|
|||
|
("LV2_PATH" . "/run/current-system/profile/lib/lv2")))
|
|||
|
(aliases
|
|||
|
'(
|
|||
|
("clear" . "printf '\\033c'")
|
|||
|
("dir" . "dir --color=auto")
|
|||
|
("egrep" . "grep -E --color=auto")
|
|||
|
("fgrep" . "grep -F --color=auto")
|
|||
|
("grep" . "grep --color=auto")
|
|||
|
("la" . "ls -lthA -p --color=auto")
|
|||
|
("ll" . "ls -lth -p --color=auto")
|
|||
|
("ls" . "ls -p --color=auto")
|
|||
|
("vdir" . "vdir --color=auto")))
|
|||
|
(bashrc
|
|||
|
(list
|
|||
|
%bashrc_content))))
|
|||
|
|
|||
|
(service home-gpg-agent-service-type
|
|||
|
(home-gpg-agent-configuration
|
|||
|
(pinentry-program
|
|||
|
(file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
|
|||
|
(ssh-support? #t)))))))
|
|||
|
|
|||
|
;; Configuration du système
|
|||
|
;; C'est le point d'entrée de la configuration
|
|||
|
(operating-system
|
|||
|
(locale "fr_FR.utf8")
|
|||
|
(timezone "Europe/Paris")
|
|||
|
(keyboard-layout (keyboard-layout "fr" "oss"))
|
|||
|
(host-name "n-t400s")
|
|||
|
|
|||
|
|
|||
|
;; Application de la configuration sudoer personnalisée (définie plus haut)
|
|||
|
(kernel-arguments
|
|||
|
(list
|
|||
|
"tsc=unstable"
|
|||
|
"clocksource=hpet"
|
|||
|
"trace_clock=local"
|
|||
|
;"lsm=landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
|
|||
|
"rd.udev.event-timeout=5"))
|
|||
|
|
|||
|
(sudoers-file %sudoers-specification)
|
|||
|
|
|||
|
;; La liste des comptes utilisateurs (« root » est implicite).
|
|||
|
(users
|
|||
|
(cons*
|
|||
|
(user-account
|
|||
|
(name "neox")
|
|||
|
(comment "neox")
|
|||
|
(password (crypt "password" "$6$abc"))
|
|||
|
(group "users")
|
|||
|
(home-directory "/home/neox")
|
|||
|
(supplementary-groups
|
|||
|
'("wheel"
|
|||
|
"dialout"
|
|||
|
"netdev"
|
|||
|
"audio"
|
|||
|
"video"
|
|||
|
"plugdev"
|
|||
|
"kvm"
|
|||
|
"scanner"
|
|||
|
"lp")))
|
|||
|
%base-user-accounts))
|
|||
|
|
|||
|
;; Quelques paquets installés au niveau du système.
|
|||
|
;; On installe notamment network-manager et son extension pour openvpn
|
|||
|
(packages
|
|||
|
(append
|
|||
|
(specifications->packages
|
|||
|
(list
|
|||
|
"adb"
|
|||
|
"alsa-plugins"
|
|||
|
"alsa-utils"
|
|||
|
"ardour"
|
|||
|
"audacity"
|
|||
|
"beep"
|
|||
|
"bind:utils"
|
|||
|
"binutils"
|
|||
|
;"bmaptools"
|
|||
|
"cabextract"
|
|||
|
"calf"
|
|||
|
"cmatrix"
|
|||
|
"cpupower"
|
|||
|
"cryptsetup"
|
|||
|
"curl"
|
|||
|
"cvs"
|
|||
|
"dconf-editor"
|
|||
|
"dino"
|
|||
|
"dosbox"
|
|||
|
"gocryptfs"
|
|||
|
"emacs"
|
|||
|
"endeavour"
|
|||
|
"python-esptool"
|
|||
|
"evolution"
|
|||
|
"exfatprogs"
|
|||
|
"fastboot"
|
|||
|
"file"
|
|||
|
"flashrom"
|
|||
|
"flatpak"
|
|||
|
"font-awesome"
|
|||
|
"font-ipa-ex"
|
|||
|
"font-ipa"
|
|||
|
"font-ipa-mj-mincho"
|
|||
|
"font-liberation"
|
|||
|
"font-mplus-testflight"
|
|||
|
"font-openmoji"
|
|||
|
"font-wqy-zenhei"
|
|||
|
"gallery-dl"
|
|||
|
"gdb"
|
|||
|
"ghostscript"
|
|||
|
"ghostwriter"
|
|||
|
"gimp"
|
|||
|
"git"
|
|||
|
"git-lfs"
|
|||
|
"git:send-email"
|
|||
|
"glmark2"
|
|||
|
"gnome-builder"
|
|||
|
"gnome-font-viewer"
|
|||
|
"gnome-maps"
|
|||
|
"gnome-power-manager"
|
|||
|
"gnome-shell-extension-appindicator"
|
|||
|
"gnome-shell-extension-blur-my-shell"
|
|||
|
"gnome-shell-extension-burn-my-windows"
|
|||
|
"gnome-shell-extension-dash-to-dock"
|
|||
|
"gnome-shell-extension-night-theme-switcher"
|
|||
|
"gnome-shell-extension-noannoyance"
|
|||
|
"gnome-shell-extension-vitals"
|
|||
|
"gnome-tweaks"
|
|||
|
"gnupg"
|
|||
|
"gnuplot"
|
|||
|
"gparted"
|
|||
|
"gpgme"
|
|||
|
"graphviz"
|
|||
|
"grub"
|
|||
|
"hexchat"
|
|||
|
"htop"
|
|||
|
"hwloc"
|
|||
|
"icecat"
|
|||
|
"inetutils"
|
|||
|
"inkscape"
|
|||
|
"ipp-usb"
|
|||
|
"iptables"
|
|||
|
"jack"
|
|||
|
"jp2a"
|
|||
|
"kcachegrind"
|
|||
|
"kgraphviewer"
|
|||
|
"librecad"
|
|||
|
"ldns"
|
|||
|
"libreoffice"
|
|||
|
"libtree"
|
|||
|
"lm-sensors"
|
|||
|
"lsof"
|
|||
|
"lvm2"
|
|||
|
"lynx"
|
|||
|
"make"
|
|||
|
"man-pages"
|
|||
|
"mdadm"
|
|||
|
"mediainfo"
|
|||
|
"megatools"
|
|||
|
"meld"
|
|||
|
"microcom"
|
|||
|
"minetest"
|
|||
|
"minicom"
|
|||
|
"minisat"
|
|||
|
"mpv"
|
|||
|
"mtr"
|
|||
|
"mumble"
|
|||
|
"nbd"
|
|||
|
"ncftp"
|
|||
|
"ndisc6"
|
|||
|
"neofetch"
|
|||
|
"netcat"
|
|||
|
"network-manager"
|
|||
|
"network-manager-openvpn"
|
|||
|
"nextcloud-client"
|
|||
|
"ngspice"
|
|||
|
"nitrocli"
|
|||
|
"nmap"
|
|||
|
"ntfs-3g"
|
|||
|
"openssh"
|
|||
|
"openssl"
|
|||
|
"openvpn"
|
|||
|
"pam-u2f"
|
|||
|
"pandoc"
|
|||
|
"paprefs"
|
|||
|
"parted"
|
|||
|
"patchelf"
|
|||
|
"pavucontrol"
|
|||
|
"pipe-viewer"
|
|||
|
"pkg-config"
|
|||
|
"poppler"
|
|||
|
"powertop"
|
|||
|
"profanity"
|
|||
|
"python"
|
|||
|
"python2"
|
|||
|
"python-logutils"
|
|||
|
"python-markdown"
|
|||
|
"python-paramiko"
|
|||
|
"python-prettytable"
|
|||
|
"python-virtualenv"
|
|||
|
"qbittorrent"
|
|||
|
"qemu"
|
|||
|
"qjackctl"
|
|||
|
"qpdf"
|
|||
|
"recutils"
|
|||
|
"rsync"
|
|||
|
"rubber"
|
|||
|
"ruby-pygmentize"
|
|||
|
"screen"
|
|||
|
"perl-digest-sha"
|
|||
|
"strace"
|
|||
|
"seahorse"
|
|||
|
"setxkbmap"
|
|||
|
"simplescreenrecorder"
|
|||
|
"sl"
|
|||
|
"speedtest-cli"
|
|||
|
"sqlitebrowser"
|
|||
|
"sshpass"
|
|||
|
"system-config-printer"
|
|||
|
"testdisk"
|
|||
|
"texlive"
|
|||
|
"texlive-biber"
|
|||
|
"texmaker"
|
|||
|
"tig"
|
|||
|
"tilix"
|
|||
|
"tree"
|
|||
|
"tor"
|
|||
|
"torbrowser"
|
|||
|
"tuba"
|
|||
|
"uefitool"
|
|||
|
"ungoogled-chromium"
|
|||
|
"unzip"
|
|||
|
"vlc"
|
|||
|
"wine64"
|
|||
|
"xauth"
|
|||
|
"xdg-desktop-portal-gnome"
|
|||
|
"xdg-utils"
|
|||
|
"xdot"
|
|||
|
"xdotool"
|
|||
|
"xeyes"
|
|||
|
"xournalpp"
|
|||
|
"xrdp"
|
|||
|
"yt-dlp"
|
|||
|
"zip"
|
|||
|
"zstd"))
|
|||
|
|
|||
|
(list
|
|||
|
cbfstool
|
|||
|
gnupload
|
|||
|
nvramtool
|
|||
|
sane-custom-backends
|
|||
|
simple-scan-custom)
|
|||
|
|
|||
|
(remove
|
|||
|
(lambda (pkg)
|
|||
|
(string=? (package-name pkg) "simple-scan"))
|
|||
|
%base-packages)))
|
|||
|
|
|||
|
;; Services du système.
|
|||
|
;; On en profite pour modifier le comportement par défaut de quelques services.
|
|||
|
(services
|
|||
|
(modify-services
|
|||
|
(append
|
|||
|
(list
|
|||
|
;; Service guix home (reconfiguration auto des profils)
|
|||
|
(service guix-home-service-type
|
|||
|
`(("neox" ,%home_configuration)))
|
|||
|
|
|||
|
;; Service bluetooth
|
|||
|
(service bluetooth-service-type)
|
|||
|
|
|||
|
;; Service de gestion des clés de chiffrement physique
|
|||
|
(service pcscd-service-type)
|
|||
|
|
|||
|
;; Service OpenSSH
|
|||
|
(service openssh-service-type
|
|||
|
(openssh-configuration
|
|||
|
(x11-forwarding? #t)
|
|||
|
(password-authentication? #f)
|
|||
|
(permit-root-login 'prohibit-password)))
|
|||
|
|
|||
|
;; Service d'impression
|
|||
|
(service cups-service-type
|
|||
|
(cups-configuration
|
|||
|
(web-interface? #t)
|
|||
|
(extensions
|
|||
|
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
|
|||
|
|
|||
|
;; Application de la configuration udev personnalisée
|
|||
|
(udev-rules-service 'plugdev %nk3-rules #:groups '("plugdev"))
|
|||
|
|
|||
|
;; Modification des limites mémoires pour les accès audio temps réel
|
|||
|
;; (utile notamment pour Ardour)
|
|||
|
(service pam-limits-service-type
|
|||
|
(list
|
|||
|
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
|||
|
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
|||
|
|
|||
|
;; Service Gnome/GDM
|
|||
|
(service gnome-desktop-service-type)
|
|||
|
|
|||
|
;; Service Tor
|
|||
|
(service tor-service-type)
|
|||
|
|
|||
|
;; Service de scanners
|
|||
|
(service sane-custom-service-type)
|
|||
|
|
|||
|
;; Configuration de l'environnement graphique (notamment clavier)
|
|||
|
(set-xorg-configuration
|
|||
|
(xorg-configuration (keyboard-layout keyboard-layout))))
|
|||
|
|
|||
|
;; Services par défaut du système
|
|||
|
%desktop-services)
|
|||
|
|
|||
|
;; Modification de services par défaut
|
|||
|
;; Configuration du service upower pour éviter la mise en veille lors
|
|||
|
;; de la fermeture de capot
|
|||
|
(upower-service-type config => (upower-configuration
|
|||
|
(inherit config)
|
|||
|
(ignore-lid? #t)))
|
|||
|
|
|||
|
;; Configuration du service elogind pour éviter la mise en veille lors
|
|||
|
;; de la fermeture du capot
|
|||
|
(elogind-service-type config => (elogind-configuration
|
|||
|
(inherit config)
|
|||
|
(handle-lid-switch 'ignore)
|
|||
|
(handle-lid-switch-external-power 'ignore)))
|
|||
|
|
|||
|
;; Configuration des scanners
|
|||
|
;(sane-service-type _ => sane-backends)
|
|||
|
(delete sane-service-type)
|
|||
|
(sane-custom-service-type _ => sane-custom-backends)
|
|||
|
|
|||
|
;; Configuration du garbage collector
|
|||
|
(guix-service-type config => (guix-configuration
|
|||
|
(inherit config)
|
|||
|
(extra-options '("--gc-keep-derivations=yes" "--gc-keep-output=yes"))))
|
|||
|
|
|||
|
|
|||
|
;; Configuration du service network-manager pour prendre en charge
|
|||
|
;; OpenVPN
|
|||
|
(network-manager-service-type config => (network-manager-configuration
|
|||
|
(inherit config)
|
|||
|
(vpn-plugins
|
|||
|
(list (specification->package "network-manager-openvpn")))))))
|
|||
|
|
|||
|
;; Chargeur de démarrage (GRUB)
|
|||
|
;; On indique ici où il doit être installé et comment le configurer
|
|||
|
(bootloader
|
|||
|
(bootloader-configuration
|
|||
|
(bootloader
|
|||
|
(bootloader
|
|||
|
(inherit grub-bootloader)
|
|||
|
(installer #~(const #t))))
|
|||
|
(keyboard-layout keyboard-layout)))
|
|||
|
|
|||
|
;; Périphériques mappés
|
|||
|
;; On configure notamment ici les partitions chiffrées (LUKS)
|
|||
|
(mapped-devices
|
|||
|
(list
|
|||
|
(mapped-device
|
|||
|
(source
|
|||
|
(uuid "e200ab4d-6e65-4e4f-afc8-9230011141cf"))
|
|||
|
(target "fde")
|
|||
|
(type luks-device-mapping))
|
|||
|
(mapped-device
|
|||
|
(source "matrix")
|
|||
|
(targets
|
|||
|
(list
|
|||
|
"matrix-root"))
|
|||
|
(type lvm-device-mapping))))
|
|||
|
|
|||
|
;; Specify a swap file for the system, which resides on the
|
|||
|
;; root file system.
|
|||
|
(swap-devices
|
|||
|
(list
|
|||
|
(swap-space
|
|||
|
(target "/swapfile"))))
|
|||
|
|
|||
|
;; La liste des systèmes de fichiers montés au démarrage
|
|||
|
;; On configure ici le montage des partitions chiffrées et non chiffrées
|
|||
|
(file-systems
|
|||
|
(cons*
|
|||
|
(file-system
|
|||
|
(mount-point "/")
|
|||
|
(device (file-system-label "root"))
|
|||
|
(needed-for-boot? #t)
|
|||
|
(dependencies mapped-devices)
|
|||
|
(type "ext4"))
|
|||
|
%base-file-systems)))
|