configurations-guix/config.scm

;; Ceci est une configuration de système d'exploitation générée par
;; l'installateur graphique.
;;
;; Une fois l'installation terminée, vous pouvez apprendre à modifier
;; ce fichier pour ajuster la configuration du système et le passer à
;; la commande « guix system reconfigure » pour rendre vos changements
;; effectifs.


;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration.
(use-modules (gnu))
(use-modules (guix inferior) (guix channels))
(use-modules (srfi srfi-1))
(use-modules (gnu system setuid) (gnu packages cups))
(use-modules (nongnu packages linux) (nongnu system linux-initrd))
(use-service-modules cups desktop networking ssh xorg virtualization vpn)

;; Définitions

(define %sudoers-specification
  (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
"))

(define %spice-rules
  (udev-rule
    "50-spice.rules"
    (string-append "\
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
")))

(define channels
  ;; This is the old revision from which we want to
  ;; extract guile-json.
  (list (channel
         (name 'guix)
         (url "https://git.savannah.gnu.org/git/guix.git")
         (commit
          "306737c6797cc209a4f034e51c4057c15c6cc311"))))

(define inferior
  ;; An inferior representing the above revision.
  (inferior-for-channels channels))

;; Début de la configuration
(operating-system
  (locale "fr_FR.utf8")
  (timezone "Europe/Paris")
  (keyboard-layout (keyboard-layout "fr" "oss"))
  (host-name "n-guix-fix")

  (kernel linux)

  (initrd microcode-initrd)
  (firmware (list linux-firmware))

  (kernel-arguments
    (list "modprobe.blacklist=nouveau,pcspkr,usbmouse,usbkbd" "iommu=pt"))

  (initrd-modules (append (list "vfio-pci" "vfio_iommu_type1" "dm-raid" "dm-cache" "dm-crypt" "radeon") %base-initrd-modules))
      
  (sudoers-file %sudoers-specification)

  ;; La liste des comptes utilisateurs (« root » est implicite).
  (users (cons* (user-account
                  (name "neox")
                  (comment "neox")
                  (group "users")
                  (home-directory "/home/neox")
                  (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin")))
                %base-user-accounts))

  (setuid-programs
    (append (list 
              (setuid-program
                (program (file-append (specification->package "cdrtools") "/bin/cdrecord")))
              (setuid-program
                (program (file-append (specification->package "cdrtools") "/bin/readcd")))
              (setuid-program
                (program (file-append (specification->package "cdrtools") "/bin/mkisofs")))
              (setuid-program
                (program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))	
            %setuid-programs))

  ;; Packages installed system-wide.  Users can also install packages
  ;; under their own account: use 'guix search KEYWORD' to search
  ;; for packages and 'guix install PACKAGE' to install a package.
  (packages (append (list (specification->package "nss-certs")
                          (specification->package "qemu")
                          (specification->package "virt-manager")
                          (specification->package "libvirt") 
                          (specification->package "lvm2") 
                          (specification->package "mdadm") 
                          (specification->package "network-manager")
                          (specification->package "network-manager-openvpn")
                          (specification->package "xf86-video-ati")
                          (specification->package "thin-provisioning-tools"))
;                          (first (lookup-inferior-packages inferior "icecat")))
                    %base-packages))

  ;; Voici la liste des services du système.  Pour trouver les services disponibles,
  ;; lancez « guix system search MOT-CLÉ » dans un terminal.
  (services
    (modify-services  (append  
                        (list 
                          (service gnome-desktop-service-type)
                          (service openssh-service-type
                            (openssh-configuration
                              (x11-forwarding? #t)
                              (permit-root-login 'prohibit-password)
                              (authorized-keys
                                `(("neox" ,(local-file "/home/neox/.ssh/id_rsa.pub"))))))
                          (service cups-service-type
                            (cups-configuration
                              (web-interface? #t)
                              (extensions
                                (list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
                          (service libvirt-service-type
                            (libvirt-configuration
                              (unix-sock-group "libvirt")))
                          (udev-rules-service 'spice %spice-rules #:groups '("spice"))
                          (service virtlog-service-type)
                          (pam-limits-service
                            (list
                              (pam-limits-entry "@audio" 'both 'rtprio 99)
                              (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))

                          (set-xorg-configuration
                            (xorg-configuration (keyboard-layout keyboard-layout))))
                        %desktop-services)

    (network-manager-service-type config => (network-manager-configuration 
      (inherit config)
      (vpn-plugins
        (list (specification->package "network-manager-openvpn")))))

    (guix-service-type config => (guix-configuration
      (inherit config)
      (extra-options '("--cores=10"))
      (substitute-urls
                (append (list "https://substitutes.nonguix.org")
                  %default-substitute-urls))
      (authorized-keys
        (append 
          (list 
            (plain-file "non-guix.pub" 
              (string-append 
                "(public-key"
                " (ecc "
                "  (curve Ed25519)"
                "  (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))
            %default-authorized-guix-keys))))))

  (bootloader (bootloader-configuration
                (bootloader grub-efi-bootloader)
                (targets (list "/boot/efi"))
                (keyboard-layout keyboard-layout)))

  ;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants
  ;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent
  ;; en exécutant « blkid » dans un terminal.
  
  (mapped-devices
   (list
    (mapped-device
      (source "HOMERAID")
      (target "HOMERAID-HOMERAID_data")
      (type lvm-device-mapping))
    (mapped-device
      (source "/dev/mapper/HOMERAID-HOMERAID_data")
      (target "luks-f0a72a6c-499b-4445-8d13-21dc99337752")
      (type luks-device-mapping))))

  (file-systems 
    (cons* 
      (file-system
        (mount-point "/wiab")
        (device (uuid "2a13cf03-fc71-44ac-8e1a-d6744201336f" 'ext4))
        (type "ext4"))
      (file-system
        (mount-point "/")
        (device (uuid "2e44f3f7-bb6b-43ac-933a-e8992bf10d29" 'ext4))
        (type "ext4"))
      (file-system
        (mount-point "/home")
        (device "/dev/mapper/luks-f0a72a6c-499b-4445-8d13-21dc99337752")
        (type "ext4")
        (dependencies mapped-devices))
      (file-system
        (mount-point "/boot/efi")
        (device (uuid "DC58-946E" 'fat32))
        (type "vfat"))
     %base-file-systems)))
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`;; Ceci est une configuration de système d'exploitation générée par`
			`;; l'installateur graphique.`
			`;;`
			`;; Une fois l'installation terminée, vous pouvez apprendre à modifier`
			`;; ce fichier pour ajuster la configuration du système et le passer à`
			`;; la commande « guix system reconfigure » pour rendre vos changements`
			`;; effectifs.`


			`;; Indique quels modules importer pour accéder aux variables`
			`;; utilisées dans cette configuration.`
			`(use-modules (gnu))`
CUPS now works and we use 10 cores to build things with guix 2023-09-01 19:02:56 +02:00			`(use-modules (guix inferior) (guix channels))`
			`(use-modules (srfi srfi-1))`
			`(use-modules (gnu system setuid) (gnu packages cups))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(use-modules (nongnu packages linux) (nongnu system linux-initrd))`
			`(use-service-modules cups desktop networking ssh xorg virtualization vpn)`

			`;; Définitions`

			`(define %sudoers-specification`
			`(plain-file "sudoers" "\`
			`root ALL=(ALL) ALL`
			`%wheel ALL=(ALL) NOPASSWD: ALL`
			`"))`

			`(define %spice-rules`
			`(udev-rule`
			`"50-spice.rules"`
			`(string-append "\`
			`SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"`
			`SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"`
			`")))`

CUPS now works and we use 10 cores to build things with guix 2023-09-01 19:02:56 +02:00			`(define channels`
			`;; This is the old revision from which we want to`
			`;; extract guile-json.`
			`(list (channel`
			`(name 'guix)`
			`(url "https://git.savannah.gnu.org/git/guix.git")`
			`(commit`
			`"306737c6797cc209a4f034e51c4057c15c6cc311"))))`

			`(define inferior`
			`;; An inferior representing the above revision.`
			`(inferior-for-channels channels))`

Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`;; Début de la configuration`
			`(operating-system`
			`(locale "fr_FR.utf8")`
			`(timezone "Europe/Paris")`
			`(keyboard-layout (keyboard-layout "fr" "oss"))`
			`(host-name "n-guix-fix")`

			`(kernel linux)`

Modifs globales 2023-06-13 00:00:22 +02:00			`(initrd microcode-initrd)`
			`(firmware (list linux-firmware))`

Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(kernel-arguments`
Suppression de quiet et correction config IOMMU 2023-09-19 22:54:51 +02:00			`(list "modprobe.blacklist=nouveau,pcspkr,usbmouse,usbkbd" "iommu=pt"))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00
Modifs globales 2023-06-13 00:00:22 +02:00			`(initrd-modules (append (list "vfio-pci" "vfio_iommu_type1" "dm-raid" "dm-cache" "dm-crypt" "radeon") %base-initrd-modules))`

Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(sudoers-file %sudoers-specification)`

			`;; La liste des comptes utilisateurs (« root » est implicite).`
			`(users (cons* (user-account`
			`(name "neox")`
			`(comment "neox")`
			`(group "users")`
			`(home-directory "/home/neox")`
Modifs globales 2023-06-13 00:00:22 +02:00			`(supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin")))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`%base-user-accounts))`

Modifs globales 2023-06-13 00:00:22 +02:00			`(setuid-programs`
			`(append (list`
			`(setuid-program`
			`(program (file-append (specification->package "cdrtools") "/bin/cdrecord")))`
			`(setuid-program`
			`(program (file-append (specification->package "cdrtools") "/bin/readcd")))`
			`(setuid-program`
			`(program (file-append (specification->package "cdrtools") "/bin/mkisofs")))`
			`(setuid-program`
			`(program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))`
			`%setuid-programs))`

Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`;; Packages installed system-wide. Users can also install packages`
			`;; under their own account: use 'guix search KEYWORD' to search`
			`;; for packages and 'guix install PACKAGE' to install a package.`
			`(packages (append (list (specification->package "nss-certs")`
			`(specification->package "qemu")`
			`(specification->package "virt-manager")`
			`(specification->package "libvirt")`
			`(specification->package "lvm2")`
			`(specification->package "mdadm")`
			`(specification->package "network-manager")`
Modifs globales 2023-06-13 00:00:22 +02:00			`(specification->package "network-manager-openvpn")`
			`(specification->package "xf86-video-ati")`
			`(specification->package "thin-provisioning-tools"))`
CUPS now works and we use 10 cores to build things with guix 2023-09-01 19:02:56 +02:00			`; (first (lookup-inferior-packages inferior "icecat")))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`%base-packages))`

			`;; Voici la liste des services du système. Pour trouver les services disponibles,`
			`;; lancez « guix system search MOT-CLÉ » dans un terminal.`
			`(services`
			`(modify-services (append`
			`(list`
			`(service gnome-desktop-service-type)`
Correctly defined ssh server and nonguix substitutes 2023-09-10 15:52:08 +02:00			`(service openssh-service-type`
			`(openssh-configuration`
			`(x11-forwarding? #t)`
			`(permit-root-login 'prohibit-password)`
			`(authorized-keys`
			`(("neox" ,(local-file "/home/neox/.ssh/id_rsa.pub"))))))
CUPS now works and we use 10 cores to build things with guix 2023-09-01 19:02:56 +02:00			`(service cups-service-type`
			`(cups-configuration`
			`(web-interface? #t)`
			`(extensions`
			`(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))`
Modifs globales 2023-06-13 00:00:22 +02:00			`(service libvirt-service-type`
			`(libvirt-configuration`
			`(unix-sock-group "libvirt")))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(udev-rules-service 'spice %spice-rules #:groups '("spice"))`
			`(service virtlog-service-type)`
Modifs globales 2023-06-13 00:00:22 +02:00			`(pam-limits-service`
			`(list`
			`(pam-limits-entry "@audio" 'both 'rtprio 99)`
			`(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))`

Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(set-xorg-configuration`
			`(xorg-configuration (keyboard-layout keyboard-layout))))`
			`%desktop-services)`

			`(network-manager-service-type config => (network-manager-configuration`
			`(inherit config)`
			`(vpn-plugins`
			`(list (specification->package "network-manager-openvpn")))))`

			`(guix-service-type config => (guix-configuration`
			`(inherit config)`
Correctly defined ssh server and nonguix substitutes 2023-09-10 15:52:08 +02:00			`(extra-options '("--cores=10"))`
			`(substitute-urls`
			`(append (list "https://substitutes.nonguix.org")`
			`%default-substitute-urls))`
			`(authorized-keys`
			`(append`
			`(list`
			`(plain-file "non-guix.pub"`
			`(string-append`
			`"(public-key"`
			`" (ecc "`
			`" (curve Ed25519)"`
			`" (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))`
			`%default-authorized-guix-keys))))))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00
			`(bootloader (bootloader-configuration`
			`(bootloader grub-efi-bootloader)`
			`(targets (list "/boot/efi"))`
			`(keyboard-layout keyboard-layout)))`

			`;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants`
			`;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent`
			`;; en exécutant « blkid » dans un terminal.`

			`(mapped-devices`
			`(list`
			`(mapped-device`
Modifs globales 2023-06-13 00:00:22 +02:00			`(source "HOMERAID")`
			`(target "HOMERAID-HOMERAID_data")`
			`(type lvm-device-mapping))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(mapped-device`
Modifs globales 2023-06-13 00:00:22 +02:00			`(source "/dev/mapper/HOMERAID-HOMERAID_data")`
			`(target "luks-f0a72a6c-499b-4445-8d13-21dc99337752")`
			`(type luks-device-mapping))))`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00
			`(file-systems`
			`(cons*`
			`(file-system`
			`(mount-point "/wiab")`
			`(device (uuid "2a13cf03-fc71-44ac-8e1a-d6744201336f" 'ext4))`
			`(type "ext4"))`
			`(file-system`
			`(mount-point "/")`
			`(device (uuid "2e44f3f7-bb6b-43ac-933a-e8992bf10d29" 'ext4))`
			`(type "ext4"))`
			`(file-system`
			`(mount-point "/home")`
Modifs globales 2023-06-13 00:00:22 +02:00			`(device "/dev/mapper/luks-f0a72a6c-499b-4445-8d13-21dc99337752")`
Ajout du fichier de config 2023-01-10 13:21:01 +01:00			`(type "ext4")`
			`(dependencies mapped-devices))`
			`(file-system`
			`(mount-point "/boot/efi")`
			`(device (uuid "DC58-946E" 'fat32))`
			`(type "vfat"))`
			`%base-file-systems)))`