configurations-guix/config.scm

;;;
;;; Configurations GNU Guix des ordinateurs de neox
;;;
;;; Copyright (C) 2023 Adrien 'neox' Bourmault <neox@a-lec.org>
;;;
;;; This is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; This is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this.  If not, see <http://www.gnu.org/licenses/>.


;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration.
(use-modules
  (gnu)
  (gnu home)
  (gnu home services shells)
  (gnu home services gnupg)
  (gnu packages)
  (gnu packages gnupg)
  (gnu packages freedesktop)
  (gnu packages cups)
  (gnu services)
  (srfi srfi-1)
  (guix gexp))

(use-service-modules
  cups
  desktop
  guix
  networking
  ssh
  xorg
  virtualization
  vpn
  security-token)

;; Configuration sudoer personnalisée
(define %sudoers-specification
  (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
"))

;; Configuration spice personnalisée
;; Permet le partage de périphériques USB via virt-manager
(define %spice-rules
  (udev-rule
    "41-spice-and-nitrokey.rules"
    (string-append "\
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
ACTION!=\"add|change\", GOTO=\"u2f_end\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\"
LABEL=\"u2f_end\"
SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\"
ACTION!=\"add\", GOTO=\"gnupg_rules_end\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
LABEL=\"gnupg_rules_end\"
KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
")))

(define %bashrc_content
  (plain-file "bashrc" "\
if [ -n \"$GUIX_ENVIRONMENT\" ]
then
    PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
else
    PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
fi

if [[ ! -n \"$SSH_CLIENT\" ]]; then
	unset SSH_AGENT_PID
	if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
		export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
	fi
fi"))

(define %profile_content
  (plain-file "profile" "\
if [[ ! -n \"$SSH_CLIENT\" ]]; then
        unset SSH_AGENT_PID
        if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
                export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
        fi
fi"))

(define %home_configuration
  (home-environment
    (services
      (list
        (service home-bash-service-type
          (home-bash-configuration
            (environment-variables
              '(
                ("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
                ("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
                ("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
                ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
                ("LV2_PATH" . "$HOME/.guix-profile/lib/lv2")))
            (aliases 
              '(
                ("clear" . "printf '\\033c'")
                ("dir" . "dir --color=auto")
                ("egrep" . "grep -E --color=auto")  
                ("fgrep" . "grep -F --color=auto")
                ("grep" . "grep --color=auto")
                ("la" . "ls -lthA -p --color=auto")
                ("ll" . "ls -lth -p --color=auto")
                ("ls" . "ls -p --color=auto")
                ("vdir" . "vdir --color=auto")))
            (bashrc
              (list
                %bashrc_content))))
        
        (service home-gpg-agent-service-type
          (home-gpg-agent-configuration
            (pinentry-program
              (file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
            (ssh-support? #t)))))))

;; Configuration du système
;; C'est le point d'entrée de la configuration
(operating-system
  (locale "fr_FR.utf8")
  (timezone "Europe/Paris")
  (keyboard-layout (keyboard-layout "fr" "oss"))
  (host-name "n-guix-port")


  ;; Application de la configuration sudoer personnalisée (définie plus haut)
  (kernel-arguments
    (list
      "modprobe.blacklist=usbmouse,usbkbd,i2c-hid" 
      "psmouse.synaptics_intertouch=1"))

  (sudoers-file %sudoers-specification)

  ;; La liste des comptes utilisateurs (« root » est implicite).
  (users
    (cons*
      (user-account
        (name "neox")
        (comment "neox")
        (password (crypt "password" "$6$abc"))
        (group "users")
        (home-directory "/home/neox")
        (supplementary-groups
          '("wheel"
            "netdev"
            "audio"
            "video"
            "libvirt"
            "kvm"
            "scanner"
            "spice"
            "lp")))
      %base-user-accounts))

  ;; Quelques paquets installés au niveau du système.
  ;; On installe notamment network-manager et son extension pour openvpn, 
  ;; ou encore libvirt/virt-manager pour la virtualisation
  (packages
    (append
      (specifications->packages
        (list
          "adb"
          "alsa-plugins"
          "alsa-utils"
          "ardour"
          "audacity"
          "bind:utils"
          "binutils"
          "blueman"
          "bmaptools"
          "cabextract"
          "claws-mail"
          "cmatrix"
          "cpupower"
          "cryptsetup"
          "curl"
          "cvs"
          "dconf-editor"
          "dino"
          "emacs"
          "endeavour"
          "evolution"
          "exfatprogs"
          "fastboot"
          "ffmpeg"
          "file"
          "flashrom"
          "flatpak"
          "font-awesome"
          "font-liberation"
          "font-openmoji"
          "gallery-dl"
          "gdb"
          "ghostscript"
          "ghostwriter"
          "gimp"
          "git"
          "git-lfs"
          "git:send-email"
          "glmark2"
          "gnome-bluetooth"
          "gnome-builder"
          "gnome-font-viewer"
          "gnome-maps"
          "gnome-power-manager"
          "gnome-shell-extension-appindicator"
          "gnome-shell-extension-blur-my-shell"
          "gnome-shell-extension-burn-my-windows"
          "gnome-shell-extension-dash-to-dock"
          "gnome-shell-extension-night-theme-switcher"
          "gnome-shell-extension-noannoyance"
          "gnome-shell-extension-vitals"
          "gnome-tweaks"
          "gnupg"
          "gnuplot"
          "gparted"
          "gpgme"
          "graphviz"
          "grub"
          "hexchat"
          "hplip"
          "htop"
          "hwloc"
          "icecat"
          "inetutils"
          "inkscape"
          "jack"
          "jp2a"
          "kajongg"
          "kcachegrind"
          "kgraphviewer"
          "ldns"
          "libreoffice"
          "libtree"
          "libvirt"
          "lm-sensors"
          "lsof"
          "lvm2"
          "lynx"
          "make"
          "man-pages"
          "mdadm"
          "mediainfo"
          "megatools"
          "meld"
          "microcom"
          "minetest"
          "minicom"
          "minisat"
          "mpv"
          "mtr"
          "mumble"
          "nbd"
          "ncftp"
          "ndisc6"
          "neofetch"
          "network-manager"
          "network-manager-openvpn"
          "nextcloud-client"
          "nitrocli"
          "nmap"
          "ntfs-3g"
          "openssh"
          "openssl"
          "openvpn"
          "pam-u2f"
          "pandoc"
          "parted"
          "patchelf"
          "pavucontrol"
          "pkg-config"
          "poppler"
          "powertop"
          "profanity"
          "python"
          "python2"
          "python-logutils"
          "python-markdown"
          "python-paramiko"
          "qbittorrent"
          "qemu"
          "qjackctl"
          "qpdf"
          "recutils"
          "rsync"
          "rubber"
          "screen"
          "seahorse"
          "setxkbmap"
          "simplescreenrecorder"
          "sl"
          "speedtest-cli"
          "sqlitebrowser"
          "sshpass"
          "system-config-printer"
          "testdisk"
          "texlive"
          "texlive-biber"
          "texmaker"
          "tig"
          "tilix"
          "transmission"
          "tree"
          "uefitool"
          "ungoogled-chromium"
          "virt-manager"
          "vlc"
          "wine64"
          "xauth"
          "xdg-desktop-portal"
          "xdg-desktop-portal-gnome"
          "xdg-desktop-portal-gtk"
          "xdg-utils"
          "xdot"
          "xdotool"
          "xeyes"
          "xournalpp"
          "xrdp"
          "yt-dlp"
          "zstd"))
      %base-packages))

  ;; Services du système.
  ;; On en profite pour modifier le comportement par défaut de quelques services.
  (services
    (modify-services 
      (append 
        (list
          ;; Service guix home (reconfiguration auto des profils)
          (service guix-home-service-type
            `(("neox" ,%home_configuration)))

          ;; Service bluetooth
          (service bluetooth-service-type)

          ;; Service de gestion des clés de chiffrement physique
          (service pcscd-service-type)

          ;; Service OpenSSH
          (service openssh-service-type
            (openssh-configuration
               (x11-forwarding? #t)
               (password-authentication? #f)
               (permit-root-login 'prohibit-password)))
          
          ;; Service d'impression
          (service cups-service-type
            (cups-configuration
              (web-interface? #t)
              (extensions
                (list cups-filters epson-inkjet-printer-escpr hplip-minimal))))

          ;; Service KVM/Libvirt pour virt-manager
          (service libvirt-service-type)
          (service virtlog-service-type)

          ;; Application de la configuration spice personnalisée (définie plus haut)
          (udev-rules-service 'spice %spice-rules #:groups '("spice"))

          ;; Modification des limites mémoires pour les accès audio temps réel
          ;; (utile notamment pour Ardour)
          (service pam-limits-service-type
            (list
              (pam-limits-entry "@audio" 'both 'rtprio 99)
              (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))

          ;; Service Gnome/GDM
          (service gnome-desktop-service-type)

          ;; Configuration de l'environnement graphique (notamment clavier)
          (set-xorg-configuration
            (xorg-configuration (keyboard-layout keyboard-layout))))
        
        ;; Services par défaut du système
        %desktop-services)
  
      ;; Modification de services par défaut
        ;; Configuration du service upower pour éviter la mise en veille lors
        ;; de la fermeture de capot
        (upower-service-type config => (upower-configuration
          (inherit config)
          (ignore-lid? #t)))

        ;; Configuration du service elogind pour éviter la mise en veille lors
        ;; de la fermeture du capot
        (elogind-service-type config => (elogind-configuration
          (inherit config)
          (handle-lid-switch 'ignore)
          (handle-lid-switch-external-power 'ignore)))

        ;; Configuration du service network-manager pour prendre en charge
        ;; OpenVPN
        (network-manager-service-type config => (network-manager-configuration 
          (inherit config)
          (vpn-plugins
            (list (specification->package "network-manager-openvpn")))))))

  ;; Chargeur de démarrage (GRUB)
  ;; On indique ici où il doit être installé et comment le configurer
  (bootloader 
    (bootloader-configuration
      (bootloader grub-efi-bootloader)
      (targets (list "/boot/efi"))
      (keyboard-layout keyboard-layout)))
  
  ;; Périphériques mappés
  ;; On configure notamment ici les partitions chiffrées (LUKS)
  (mapped-devices 
    (list 
      (mapped-device
        (source
          (uuid "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0"))
        (target "crypthome")
        (type luks-device-mapping))))

  ;; Specify a swap file for the system, which resides on the
  ;; root file system.
  (swap-devices 
    (list
      (swap-space
        (target "/swapfile"))))

  ;; La liste des systèmes de fichiers montés au démarrage
  ;; On configure ici le montage des partitions chiffrées et non chiffrées
  (file-systems 
    (cons* 
      (file-system
        (mount-point "/home")
        (device "/dev/mapper/crypthome")
        (type "ext4")
        (dependencies mapped-devices))
      (file-system
        (mount-point "/boot/efi")
        (device (uuid "A012-A17A" 'fat32))
        (type "vfat"))
      (file-system
        (mount-point "/")
        (device
          (file-system-label "root"))
        (type "ext4")) %base-file-systems)))
Remise en forme 2023-08-21 09:57:06 +02:00			`;;;`
			`;;; Configurations GNU Guix des ordinateurs de neox`
			`;;;`
			`;;; Copyright (C) 2023 Adrien 'neox' Bourmault <neox@a-lec.org>`
			`;;;`
			`;;; This is free software; you can redistribute it and/or modify it`
			`;;; under the terms of the GNU General Public License as published by`
			`;;; the Free Software Foundation; either version 3 of the License, or (at`
			`;;; your option) any later version.`
			`;;;`
			`;;; This is distributed in the hope that it will be useful, but`
			`;;; WITHOUT ANY WARRANTY; without even the implied warranty of`
			`;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`;;; GNU General Public License for more details.`
			`;;;`
			`;;; You should have received a copy of the GNU General Public License`
			`;;; along with this. If not, see <http://www.gnu.org/licenses/>.`
Ajout de la configuration 2023-01-10 16:30:23 +01:00

			`;; Indique quels modules importer pour accéder aux variables`
			`;; utilisées dans cette configuration.`
config avec home intégré 2024-07-17 15:49:14 +02:00			`(use-modules`
			`(gnu)`
			`(gnu home)`
			`(gnu home services shells)`
			`(gnu home services gnupg)`
			`(gnu packages)`
			`(gnu packages gnupg)`
			`(gnu packages freedesktop)`
			`(gnu packages cups)`
			`(gnu services)`
			`(srfi srfi-1)`
			`(guix gexp))`

			`(use-service-modules`
			`cups`
			`desktop`
			`guix`
			`networking`
			`ssh`
			`xorg`
			`virtualization`
			`vpn`
			`security-token)`
Ajout de la configuration 2023-01-10 16:30:23 +01:00
Remise en forme 2023-08-21 09:57:06 +02:00			`;; Configuration sudoer personnalisée`
8 avril 2023 2023-04-08 15:21:57 +02:00			`(define %sudoers-specification`
			`(plain-file "sudoers" "\`
			`root ALL=(ALL) ALL`
			`%wheel ALL=(ALL) NOPASSWD: ALL`
			`"))`

Remise en forme 2023-08-21 09:57:06 +02:00			`;; Configuration spice personnalisée`
			`;; Permet le partage de périphériques USB via virt-manager`
8 avril 2023 2023-04-08 15:21:57 +02:00			`(define %spice-rules`
			`(udev-rule`
Amélioration de la doc 2023-10-02 22:08:37 +02:00			`"41-spice-and-nitrokey.rules"`
8 avril 2023 2023-04-08 15:21:57 +02:00			`(string-append "\`
			`SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"`
			`SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"`
Amélioration de la doc 2023-10-02 22:08:37 +02:00			`ACTION!=\"add\|change\", GOTO=\"u2f_end\"`
			`KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"`
			`KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\"`
			`KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\"`
			`KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"`
			`KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\"`
			`ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\"`
			`LABEL=\"u2f_end\"`
			`SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\"`
			`ACTION!=\"add\", GOTO=\"gnupg_rules_end\"`
			`ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"`
			`ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"`
			`ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\"`
			`ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"`
			`ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\"`
			`ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"`
			`ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"`
			`LABEL=\"gnupg_rules_end\"`
			`KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"`
8 avril 2023 2023-04-08 15:21:57 +02:00			`")))`

config avec home intégré 2024-07-17 15:49:14 +02:00			`(define %bashrc_content`
			`(plain-file "bashrc" "\`
			`if [ -n \"$GUIX_ENVIRONMENT\" ]`
			`then`
			`PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '`
			`else`
			`PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '`
			`fi`

			`if [[ ! -n \"$SSH_CLIENT\" ]]; then`
			`unset SSH_AGENT_PID`
			`if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then`
			`export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"`
			`fi`
			`fi"))`

			`(define %profile_content`
			`(plain-file "profile" "\`
			`if [[ ! -n \"$SSH_CLIENT\" ]]; then`
			`unset SSH_AGENT_PID`
			`if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then`
			`export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"`
			`fi`
			`fi"))`

			`(define %home_configuration`
			`(home-environment`
			`(services`
			`(list`
			`(service home-bash-service-type`
			`(home-bash-configuration`
			`(environment-variables`
			`'(`
			`("BSD_GAMES_DIR" . "~/.local/share/bsd-games")`
			`("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")`
			`("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")`
			`("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")`
			`("LV2_PATH" . "$HOME/.guix-profile/lib/lv2")))`
			`(aliases`
			`'(`
			`("clear" . "printf '\\033c'")`
			`("dir" . "dir --color=auto")`
			`("egrep" . "grep -E --color=auto")`
			`("fgrep" . "grep -F --color=auto")`
			`("grep" . "grep --color=auto")`
			`("la" . "ls -lthA -p --color=auto")`
			`("ll" . "ls -lth -p --color=auto")`
			`("ls" . "ls -p --color=auto")`
			`("vdir" . "vdir --color=auto")))`
			`(bashrc`
			`(list`
			`%bashrc_content))))`

			`(service home-gpg-agent-service-type`
			`(home-gpg-agent-configuration`
			`(pinentry-program`
			`(file-append pinentry-gnome3 "/bin/pinentry-gnome3"))`
			`(ssh-support? #t)))))))`

Remise en forme 2023-08-21 09:57:06 +02:00			`;; Configuration du système`
			`;; C'est le point d'entrée de la configuration`
Ajout de la configuration 2023-01-10 16:30:23 +01:00			`(operating-system`
			`(locale "fr_FR.utf8")`
			`(timezone "Europe/Paris")`
			`(keyboard-layout (keyboard-layout "fr" "oss"))`
			`(host-name "n-guix-port")`

Amélioration de la doc 2023-10-02 22:08:37 +02:00
Remise en forme 2023-08-21 09:57:06 +02:00			`;; Application de la configuration sudoer personnalisée (définie plus haut)`
Amélioration de la doc 2023-10-02 22:08:37 +02:00			`(kernel-arguments`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(list`
			`"modprobe.blacklist=usbmouse,usbkbd,i2c-hid"`
			`"psmouse.synaptics_intertouch=1"))`
Amélioration de la doc 2023-10-02 22:08:37 +02:00
8 avril 2023 2023-04-08 15:21:57 +02:00			`(sudoers-file %sudoers-specification)`

Ajout de la configuration 2023-01-10 16:30:23 +01:00			`;; La liste des comptes utilisateurs (« root » est implicite).`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(users`
			`(cons*`
			`(user-account`
			`(name "neox")`
			`(comment "neox")`
			`(password (crypt "password" "$6$abc"))`
			`(group "users")`
			`(home-directory "/home/neox")`
			`(supplementary-groups`
			`'("wheel"`
			`"netdev"`
			`"audio"`
			`"video"`
			`"libvirt"`
			`"kvm"`
			`"scanner"`
			`"spice"`
			`"lp")))`
			`%base-user-accounts))`
Remise en forme 2023-08-21 09:57:06 +02:00
			`;; Quelques paquets installés au niveau du système.`
			`;; On installe notamment network-manager et son extension pour openvpn,`
			`;; ou encore libvirt/virt-manager pour la virtualisation`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(packages`
			`(append`
			`(specifications->packages`
			`(list`
			`"adb"`
			`"alsa-plugins"`
			`"alsa-utils"`
			`"ardour"`
			`"audacity"`
			`"bind:utils"`
			`"binutils"`
			`"blueman"`
			`"bmaptools"`
			`"cabextract"`
			`"claws-mail"`
			`"cmatrix"`
			`"cpupower"`
			`"cryptsetup"`
			`"curl"`
			`"cvs"`
			`"dconf-editor"`
			`"dino"`
			`"emacs"`
			`"endeavour"`
			`"evolution"`
			`"exfatprogs"`
			`"fastboot"`
			`"ffmpeg"`
			`"file"`
			`"flashrom"`
			`"flatpak"`
			`"font-awesome"`
			`"font-liberation"`
			`"font-openmoji"`
			`"gallery-dl"`
			`"gdb"`
			`"ghostscript"`
			`"ghostwriter"`
			`"gimp"`
			`"git"`
			`"git-lfs"`
			`"git:send-email"`
			`"glmark2"`
			`"gnome-bluetooth"`
			`"gnome-builder"`
			`"gnome-font-viewer"`
			`"gnome-maps"`
			`"gnome-power-manager"`
			`"gnome-shell-extension-appindicator"`
			`"gnome-shell-extension-blur-my-shell"`
			`"gnome-shell-extension-burn-my-windows"`
			`"gnome-shell-extension-dash-to-dock"`
			`"gnome-shell-extension-night-theme-switcher"`
			`"gnome-shell-extension-noannoyance"`
			`"gnome-shell-extension-vitals"`
			`"gnome-tweaks"`
			`"gnupg"`
			`"gnuplot"`
			`"gparted"`
			`"gpgme"`
			`"graphviz"`
			`"grub"`
			`"hexchat"`
			`"hplip"`
			`"htop"`
			`"hwloc"`
			`"icecat"`
			`"inetutils"`
			`"inkscape"`
			`"jack"`
			`"jp2a"`
			`"kajongg"`
			`"kcachegrind"`
			`"kgraphviewer"`
			`"ldns"`
			`"libreoffice"`
			`"libtree"`
			`"libvirt"`
			`"lm-sensors"`
			`"lsof"`
			`"lvm2"`
			`"lynx"`
			`"make"`
			`"man-pages"`
			`"mdadm"`
			`"mediainfo"`
			`"megatools"`
			`"meld"`
			`"microcom"`
			`"minetest"`
			`"minicom"`
			`"minisat"`
			`"mpv"`
			`"mtr"`
			`"mumble"`
			`"nbd"`
			`"ncftp"`
			`"ndisc6"`
			`"neofetch"`
			`"network-manager"`
			`"network-manager-openvpn"`
			`"nextcloud-client"`
			`"nitrocli"`
			`"nmap"`
			`"ntfs-3g"`
			`"openssh"`
			`"openssl"`
			`"openvpn"`
			`"pam-u2f"`
			`"pandoc"`
			`"parted"`
			`"patchelf"`
			`"pavucontrol"`
			`"pkg-config"`
			`"poppler"`
			`"powertop"`
			`"profanity"`
			`"python"`
			`"python2"`
			`"python-logutils"`
			`"python-markdown"`
			`"python-paramiko"`
			`"qbittorrent"`
			`"qemu"`
			`"qjackctl"`
			`"qpdf"`
			`"recutils"`
			`"rsync"`
			`"rubber"`
			`"screen"`
			`"seahorse"`
			`"setxkbmap"`
			`"simplescreenrecorder"`
			`"sl"`
			`"speedtest-cli"`
			`"sqlitebrowser"`
			`"sshpass"`
			`"system-config-printer"`
			`"testdisk"`
			`"texlive"`
			`"texlive-biber"`
			`"texmaker"`
			`"tig"`
			`"tilix"`
			`"transmission"`
			`"tree"`
			`"uefitool"`
			`"ungoogled-chromium"`
			`"virt-manager"`
			`"vlc"`
			`"wine64"`
			`"xauth"`
			`"xdg-desktop-portal"`
			`"xdg-desktop-portal-gnome"`
			`"xdg-desktop-portal-gtk"`
			`"xdg-utils"`
			`"xdot"`
			`"xdotool"`
			`"xeyes"`
			`"xournalpp"`
			`"xrdp"`
			`"yt-dlp"`
			`"zstd"))`
			`%base-packages))`
Remise en forme 2023-08-21 09:57:06 +02:00
			`;; Services du système.`
			`;; On en profite pour modifier le comportement par défaut de quelques services.`
Ajout de la configuration 2023-01-10 16:30:23 +01:00			`(services`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(modify-services`
			`(append`
Remise en forme 2023-08-21 09:57:06 +02:00			`(list`
config avec home intégré 2024-07-17 15:49:14 +02:00			`;; Service guix home (reconfiguration auto des profils)`
			`(service guix-home-service-type`
			`(("neox" ,%home_configuration)))

			`;; Service bluetooth`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(service bluetooth-service-type)`

			`;; Service de gestion des clés de chiffrement physique`
			`(service pcscd-service-type)`

			`;; Service OpenSSH`
			`(service openssh-service-type`
			`(openssh-configuration`
			`(x11-forwarding? #t)`
			`(password-authentication? #f)`
			`(permit-root-login 'prohibit-password)))`

			`;; Service d'impression`
			`(service cups-service-type`
			`(cups-configuration`
			`(web-interface? #t)`
			`(extensions`
			`(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))`

			`;; Service KVM/Libvirt pour virt-manager`
			`(service libvirt-service-type)`
			`(service virtlog-service-type)`
Remise en forme 2023-08-21 09:57:06 +02:00
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`;; Application de la configuration spice personnalisée (définie plus haut)`
			`(udev-rules-service 'spice %spice-rules #:groups '("spice"))`

			`;; Modification des limites mémoires pour les accès audio temps réel`
			`;; (utile notamment pour Ardour)`
			`(service pam-limits-service-type`
			`(list`
			`(pam-limits-entry "@audio" 'both 'rtprio 99)`
			`(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))`

config avec home intégré 2024-07-17 15:49:14 +02:00			`;; Service Gnome/GDM`
			`(service gnome-desktop-service-type)`

intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`;; Configuration de l'environnement graphique (notamment clavier)`
			`(set-xorg-configuration`
			`(xorg-configuration (keyboard-layout keyboard-layout))))`

			`;; Services par défaut du système`
Remise en forme 2023-08-21 09:57:06 +02:00			`%desktop-services)`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00
			`;; Modification de services par défaut`
			`;; Configuration du service upower pour éviter la mise en veille lors`
			`;; de la fermeture de capot`
			`(upower-service-type config => (upower-configuration`
			`(inherit config)`
			`(ignore-lid? #t)))`
Remise en forme 2023-08-21 09:57:06 +02:00
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`;; Configuration du service elogind pour éviter la mise en veille lors`
			`;; de la fermeture du capot`
			`(elogind-service-type config => (elogind-configuration`
			`(inherit config)`
			`(handle-lid-switch 'ignore)`
			`(handle-lid-switch-external-power 'ignore)))`

			`;; Configuration du service network-manager pour prendre en charge`
			`;; OpenVPN`
			`(network-manager-service-type config => (network-manager-configuration`
			`(inherit config)`
			`(vpn-plugins`
			`(list (specification->package "network-manager-openvpn")))))))`
Ajout de la configuration 2023-01-10 16:30:23 +01:00
Remise en forme 2023-08-21 09:57:06 +02:00			`;; Chargeur de démarrage (GRUB)`
			`;; On indique ici où il doit être installé et comment le configurer`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(bootloader`
			`(bootloader-configuration`
			`(bootloader grub-efi-bootloader)`
			`(targets (list "/boot/efi"))`
			`(keyboard-layout keyboard-layout)))`
Remise en forme 2023-08-21 09:57:06 +02:00
			`;; Périphériques mappés`
			`;; On configure notamment ici les partitions chiffrées (LUKS)`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(mapped-devices`
			`(list`
			`(mapped-device`
			`(source`
			`(uuid "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0"))`
			`(target "crypthome")`
			`(type luks-device-mapping))))`

			`;; Specify a swap file for the system, which resides on the`
			`;; root file system.`
			`(swap-devices`
			`(list`
			`(swap-space`
			`(target "/swapfile"))))`
Remise en forme 2023-08-21 09:57:06 +02:00
			`;; La liste des systèmes de fichiers montés au démarrage`
			`;; On configure ici le montage des partitions chiffrées et non chiffrées`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(file-systems`
			`(cons*`
			`(file-system`
			`(mount-point "/home")`
			`(device "/dev/mapper/crypthome")`
			`(type "ext4")`
			`(dependencies mapped-devices))`
			`(file-system`
			`(mount-point "/boot/efi")`
			`(device (uuid "A012-A17A" 'fat32))`
			`(type "vfat"))`
			`(file-system`
			`(mount-point "/")`
			`(device`
Configuration finale incluant le Guix Home et tous les paquets 2024-07-18 17:43:54 +02:00			`(file-system-label "root"))`
intégration des paquets dans la config + reformat 2024-07-16 13:57:18 +02:00			`(type "ext4")) %base-file-systems)))`