configurations-guix/config.scm

716 lines
21 KiB
Scheme
Raw Normal View History

;;;
;;; Configurations GNU Guix des ordinateurs de neox
;;;
;;; Copyright (C) 2023-2024 Adrien 'neox' Bourmault <neox@a-lec.org>
;;;
;;; This is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; This is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
2023-01-10 13:21:01 +01:00
;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration.
(use-modules
(gnu)
(gnu home)
(gnu home services gnupg)
2024-12-15 13:25:42 +01:00
(gnu home services shells)
(gnu packages)
2024-12-15 13:25:42 +01:00
(gnu packages autotools)
(gnu packages avahi)
(gnu packages base)
(gnu packages bash)
(gnu packages boost)
(gnu packages build-tools)
(gnu packages compression)
(gnu packages cups)
2024-12-15 13:25:42 +01:00
(gnu packages freedesktop)
(gnu packages freedesktop)
(gnu packages ftp)
(gnu packages gettext)
(gnu packages ghostscript)
(gnu packages glib)
(gnu packages gnome)
(gnu packages gnupg)
(gnu packages gtk)
(gnu packages image)
(gnu packages imagemagick)
(gnu packages libusb)
(gnu packages linux)
(gnu packages messaging)
(gnu packages pkg-config)
(gnu packages python)
(gnu packages scanner)
(gnu packages textutils)
(gnu packages tls)
(gnu packages xml)
(gnu services)
(gnu services shepherd)
(gnu system setuid)
2024-12-15 13:25:42 +01:00
(guix build-system gnu)
(guix gexp)
(guix git-download)
(guix download)
((guix licenses) #:prefix license:)
(guix packages)
(guix utils)
(srfi srfi-1))
(use-service-modules
cups
desktop
guix
networking
ssh
xorg
virtualization
vpn
pm
security-token)
;; Service custom fancontrol
(define (fancontrol-shepherd-service config)
(shepherd-service
(documentation "Run the fancontrol daemon (fancontrol-daemon)." )
(provision '(fancontrol))
(requirement '(udev user-processes))
(start #~(make-forkexec-constructor
(list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol")
#$config)
#:user "root" #:group "root"
#:log-file "/var/log/fancontrol.log"))
(stop #~(make-kill-destructor))))
(define fancontrol-service-type
(service-type
(name 'fancontrol)
(description
"Run fancontrol as a daemon.")
(extensions
(list (service-extension shepherd-root-service-type
(compose list fancontrol-shepherd-service))))))
2023-01-10 13:21:01 +01:00
2024-12-02 21:55:55 +01:00
;; Outils GNU Boot
(define gnuboot-version "0.1-rc4")
(define gnuboot-source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/gnuboot/gnuboot-" gnuboot-version
"/gnuboot-" gnuboot-version "_src.tar.xz"))
(sha256
(base32
"0nc0qjbrnxvs20g36irj11prmrmyk8d8f256xiyxcarnxc0sigfw"))))
(define
(make-gnuboot-utils-package
name
source
version
synopsis
description)
(package
(name name)
(version version)
(source source)
(build-system gnu-build-system)
(arguments
(list
#:tests? #f
#:make-flags
#~(list
(string-append "CC=" #$(cc-for-target))
(string-append "DESTDIR=" #$output)
"INSTALL=install"
"PREFIX=/")
#:phases
#~(modify-phases
%standard-phases
(delete 'configure)
(add-after
'unpack 'enter-source
(lambda _
(chdir (string-append "coreboot/default/util/" #$name)))))))
(synopsis synopsis)
(description description)
(home-page "https://www.gnu.org/software/gnuboot")
(license license:gpl2)))
(define cbfstool
(make-gnuboot-utils-package
"cbfstool"
gnuboot-source
gnuboot-version
"Tool to manipulate Coreboot image files"
"This package provides @command{cbfstool}, a program that can
add a wide variety of files (bootblock, stage, payload, configuration
files, etc) to Coreboot File System (CBFS) images. It supports
original CBFS images as well as images in the newer FMAP format. It
also supports compressing files when requested."))
(define ifdtool
(make-gnuboot-utils-package
"ifdtool"
gnuboot-source
gnuboot-version
""
""))
(define nvramtool
(make-gnuboot-utils-package
"nvramtool"
gnuboot-source
gnuboot-version
""
""))
2024-12-15 13:25:42 +01:00
(define gnupload
(package
(name "gnupload")
(version (package-version gnulib))
(source (package-source gnulib))
(arguments
(list #:tests? #f
#:phases
#~(modify-phases
%standard-phases
(add-after 'unpack 'chdir
(lambda _ (chdir "build-aux")))
(delete 'bootstrap)
(delete 'configure)
(delete 'build)
(replace
'install
(lambda _
(install-file
"gnupload"
(string-append #$output "/bin/")))))))
(build-system gnu-build-system)
(inputs (list
bash ;; case esac break read eval shift exit
coreutils ;; echo test shift rm cat
gnupg ;; gpg gpg-agent
grep ;; grep
ncftp ;; ncftpput
sed)) ;; sed
(synopsis "")
(description "")
(home-page "")
(license license:gpl2+)))
;; Configuration sudoer personnalisée
2023-01-10 13:21:01 +01:00
(define %sudoers-specification
(plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
"))
;; Configuration spice personnalisée
;; Permet le partage de périphériques USB via virt-manager
2023-01-10 13:21:01 +01:00
(define %spice-rules
(udev-rule
"41-spice-and-nitrokey.rules"
2023-01-10 13:21:01 +01:00
(string-append "\
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
ACTION!=\"add|change\", GOTO=\"u2f_end\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\"
LABEL=\"u2f_end\"
SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\"
ACTION!=\"add\", GOTO=\"gnupg_rules_end\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
LABEL=\"gnupg_rules_end\"
KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
2023-01-10 13:21:01 +01:00
")))
(define %bashrc_content
(plain-file "bashrc" "\
if [ -n \"$GUIX_ENVIRONMENT\" ]
then
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
else
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
fi
guix() {
if [[ \"$1\" == \"install\" ]]; then
echo \"Tu es débile, ou bien ?\"
elif [[ \"$1\" == \"remove\" ]]; then
echo \"Tu es débile, ou bien ?\"
else
command guix \"$@\"
fi
}
PATH=\"$PATH:/home/neox/.local/bin\"
if [[ ! -n \"$SSH_CLIENT\" ]]; then
unset SSH_AGENT_PID
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
fi
fi"))
(define %profile_content
(plain-file "profile" "\
if [[ ! -n \"$SSH_CLIENT\" ]]; then
unset SSH_AGENT_PID
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
fi
fi"))
(define %home_configuration
(home-environment
(services
(list
(service home-bash-service-type
(home-bash-configuration
(environment-variables
'(
("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
("PATH" . "$PATH:/home/neox/.local/bin")
("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
2024-12-02 21:55:55 +01:00
("LV2_PATH" . "/run/current-system/profile/lib/lv2")))
(aliases
'(
("clear" . "printf '\\033c'")
("dir" . "dir --color=auto")
("egrep" . "grep -E --color=auto")
("fgrep" . "grep -F --color=auto")
("grep" . "grep --color=auto")
("la" . "ls -lthA -p --color=auto")
("ll" . "ls -lth -p --color=auto")
("ls" . "ls -p --color=auto")
("vdir" . "vdir --color=auto")))
(bashrc
(list
%bashrc_content))))
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program
(file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
(ssh-support? #t)))))))
2024-05-09 12:53:57 +02:00
;; Configuration du système
;; C'est le point d'entrée de la configuration
2023-01-10 13:21:01 +01:00
(operating-system
(locale "fr_FR.utf8")
(timezone "Europe/Paris")
(keyboard-layout (keyboard-layout "fr" "oss"))
(host-name "n-guix-fix")
;; Application de la configuration sudoer personnalisée (définie plus haut)
2023-01-10 13:21:01 +01:00
(kernel-arguments
(list
"nohz=on"
"modprobe.blacklist=pcspkr,usbmouse,usbkbd"
"iommu=pt"
"nouveau.config=NvClkMode=15"))
(initrd-modules
(append
(list
"w83795"
"vfio-pci"
"vfio_iommu_type1"
"mpt3sas"
"dm-raid"
"dm-cache"
"dm-crypt")
%base-initrd-modules))
2023-01-10 13:21:01 +01:00
(sudoers-file %sudoers-specification)
;; La liste des comptes utilisateurs (« root » est implicite).
(users
(cons*
(user-account
(name "neox")
(comment "neox")
(password (crypt "password" "$6$abc"))
(group "users")
(home-directory "/home/neox")
(supplementary-groups
'("wheel"
"netdev"
"audio"
"video"
"libvirt"
"kvm"
"scanner"
"spice"
"cdrom"
"lpadmin"
"lp")))
%base-user-accounts))
;; Quelques paquets installés au niveau du système.
;; On installe notamment network-manager et son extension pour openvpn,
;; ou encore libvirt/virt-manager pour la virtualisation
(packages
(append
(specifications->packages
(list
"adb"
"alsa-plugins"
"alsa-utils"
"ardour"
"audacity"
"bind:utils"
"binutils"
"cabextract"
2024-12-02 21:55:55 +01:00
"calf"
"cdrdao"
2024-12-15 13:25:42 +01:00
"cdrtools"
"claws-mail"
"cmatrix"
"cpupower"
"cryptsetup"
"curl"
"cvs"
"dconf-editor"
"dino"
"emacs"
"endeavour"
2024-12-15 13:25:42 +01:00
"eudev"
"evolution"
"exfatprogs"
"fastboot"
;"ffmpeg"
"file"
"flashrom"
"flatpak"
"font-awesome"
"font-liberation"
"font-openmoji"
2024-12-15 13:25:42 +01:00
"freehdl"
"gallery-dl"
"gdb"
2024-12-02 21:55:55 +01:00
"ghex"
"ghostscript"
"ghostwriter"
"gimp"
"git"
"git-lfs"
"git:send-email"
"glmark2"
"gnome-bluetooth"
"gnome-builder"
"gnome-font-viewer"
"gnome-maps"
"gnome-power-manager"
"gnome-shell-extension-appindicator"
"gnome-shell-extension-blur-my-shell"
"gnome-shell-extension-burn-my-windows"
"gnome-shell-extension-dash-to-dock"
"gnome-shell-extension-night-theme-switcher"
"gnome-shell-extension-noannoyance"
"gnome-shell-extension-vitals"
"gnome-tweaks"
"gnupg"
"gnuplot"
"gparted"
"gpgme"
"graphviz"
"grub"
"hexchat"
"hplip"
"htop"
"hwloc"
"icecat"
"inetutils"
"inkscape"
"iptables"
"jack"
"jp2a"
"kajongg"
"kcachegrind"
"kgraphviewer"
"kicad"
"kicad-doc"
2024-12-15 13:25:42 +01:00
"kicad-footprints"
"kicad-packages3d"
"kicad-symbols"
"kicad-templates"
"ldns"
"libreoffice"
"libtree"
"libvirt"
"licensecheck"
"lm-sensors"
"lsof"
"lvm2"
"lynx"
"make"
"man-pages"
"mdadm"
"mediainfo"
"megatools"
"meld"
"microcom"
"minetest"
"minicom"
"minisat"
"mpv"
"mtr"
"mumble"
"nbd"
"ncftp"
"ndisc6"
"neofetch"
"network-manager"
"network-manager-openvpn"
"nextcloud-client"
"nitrocli"
"nmap"
"ntfs-3g"
"openssh"
"openssl"
"openvpn"
"pam-u2f"
"pandoc"
"parallel"
"parted"
"patchelf"
"pavucontrol"
"perl6-mime-base64"
"perl-email-mime-encodings"
2024-12-15 13:25:42 +01:00
"perl-mime-base64"
"pkg-config"
"poppler"
"powertop"
"profanity"
"progress"
"pv"
"python"
"python-logutils"
"python-markdown"
"python-paramiko"
"python-virtualenv"
2024-12-15 13:25:42 +01:00
;"python-woob"
"python-wrapper"
"qbittorrent"
"qemu"
"qjackctl"
"qpdf"
"recutils"
"rsync"
"rubber"
"ruby-pygmentize"
"screen"
"seahorse"
"setxkbmap"
"simplescreenrecorder"
"sl"
"speedtest-cli"
"sqlitebrowser"
"sshpass"
"system-config-printer"
"testdisk"
"texlive"
"texlive-biber"
"texmaker"
"thin-provisioning-tools"
"tig"
"tilix"
2024-12-02 21:55:55 +01:00
"tor"
"torbrowser"
2024-12-15 13:25:42 +01:00
"translate2geda"
"transmission"
"tree"
"uefitool"
"ungoogled-chromium"
"virt-manager"
"vlc"
"wine64"
"xauth"
;"xdg-desktop-portal"
"xdg-desktop-portal-gnome"
"xdg-desktop-portal-gtk"
"xdg-utils"
"xdot"
"xdotool"
"xeyes"
"xournalpp"
"xrdp"
"yt-dlp"
"zstd"))
2024-12-15 13:25:42 +01:00
(list
gnupload)
%base-packages))
2023-01-10 13:21:01 +01:00
2024-12-15 13:25:42 +01:00
;; Quelques programmes auquels donner des accès spéciaux (setuid)
;; (en particulier, logiciels de gravure)
2023-06-13 00:00:22 +02:00
(setuid-programs
(append (list
2023-06-13 00:00:22 +02:00
(setuid-program
(program (file-append (specification->package "cdrtools") "/bin/cdrecord")))
(setuid-program
(program (file-append (specification->package "cdrtools") "/bin/readcd")))
(setuid-program
(program (file-append (specification->package "cdrtools") "/bin/mkisofs")))
(setuid-program
(program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))
2023-06-13 00:00:22 +02:00
%setuid-programs))
;; Services du système.
;; On en profite pour modifier le comportement par défaut de quelques services.
2023-01-10 13:21:01 +01:00
(services
(modify-services
(append
(list
;; Service guix home (reconfiguration auto des profils)
(service guix-home-service-type
`(("neox" ,%home_configuration)))
;; Service bluetooth
(service bluetooth-service-type)
;; Service de contrôle des ventilateurs
(service fancontrol-service-type "/etc/fancontrol")
;; Service de gestion des clés de chiffrement physique
(service pcscd-service-type)
;; Service OpenSSH
(service openssh-service-type
(openssh-configuration
(x11-forwarding? #t)
(password-authentication? #f)
(permit-root-login 'prohibit-password)))
2024-12-02 21:55:55 +01:00
;; Service Tor
(service tor-service-type)
;; Service d'impression
(service cups-service-type
(cups-configuration
(web-interface? #f)
(extensions
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
;; Service KVM/Libvirt pour virt-manager
(service libvirt-service-type)
(service virtlog-service-type)
;; Application de la configuration spice personnalisée (définie plus haut)
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
;; Modification des limites mémoires pour les accès audio temps réel
;; (utile notamment pour Ardour)
(service pam-limits-service-type
(list
(pam-limits-entry "@audio" 'both 'rtprio 99)
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
;; Service Gnome/GDM
(service gnome-desktop-service-type)
;; Configuration de l'environnement graphique (notamment clavier)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))))
;; Services par défaut du système
%desktop-services)
;; Modification de services par défaut
;; Configuration du service upower pour éviter la mise en veille lors
;; de la fermeture de capot
(upower-service-type config => (upower-configuration
(inherit config)
(ignore-lid? #t)))
;; Configuration du service elogind pour éviter la mise en veille lors
;; de la fermeture du capot
(elogind-service-type config => (elogind-configuration
(inherit config)
(handle-lid-switch 'ignore)
(handle-lid-switch-external-power 'ignore)))
2023-01-10 13:21:01 +01:00
;; Configuration du service network-manager pour prendre en charge
;; OpenVPN
(network-manager-service-type config => (network-manager-configuration
(inherit config)
(vpn-plugins
(list (specification->package "network-manager-openvpn")))))))
2023-01-10 13:21:01 +01:00
;; Chargeur de démarrage (GRUB)
;; On indique ici où il doit être installé et comment le configurer
(bootloader
2024-05-09 12:53:57 +02:00
(bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/nvme0n1"))
(terminal-outputs '(console))
(keyboard-layout keyboard-layout)
(theme
2024-05-09 12:53:57 +02:00
(grub-theme
(inherit (grub-theme))
(gfxmode '("640x480-24"))))))
;; Périphériques mappés
;; On configure notamment ici les partitions chiffrées (LUKS)
2023-01-10 13:21:01 +01:00
(mapped-devices
(list
(mapped-device
(source (uuid "ecac05ea-298a-4565-a054-dc8e5bf4a2f8"))
(target "luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
2023-06-13 00:00:22 +02:00
(type luks-device-mapping))))
2023-01-10 13:21:01 +01:00
;; Specify a swap file for the system, which resides on the
;; root file system.
;(swap-devices
; (list
; (swap-space
; (target "/swapfile"))))
;; La liste des systèmes de fichiers montés au démarrage
;; On configure ici le montage des partitions chiffrées et non chiffrées
(file-systems
(cons*
2023-01-10 13:21:01 +01:00
(file-system
(mount-point "/")
(device (uuid "2e44f3f7-bb6b-43ac-933a-e8992bf10d29" 'ext4))
(type "ext4"))
(file-system
(mount-point "/home")
(device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
2023-01-10 13:21:01 +01:00
(type "ext4")
(dependencies mapped-devices))
(file-system
(mount-point "/home/neox/.local/share/flatpak")
(device (uuid "6e27560f-62c7-434f-a278-45fd3aaf27ba" 'ext4))
(type "ext4")
(dependencies
(list
(file-system
(mount-point "/home")
(device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
(type "ext4")
(dependencies mapped-devices)))))
2023-01-10 13:21:01 +01:00
%base-file-systems)))