From 18de9f83c1e3c22fab0c4a7f7624860090b782ac Mon Sep 17 00:00:00 2001 From: Adrien 'neox' Bourmault Date: Thu, 12 Dec 2024 16:40:44 +0100 Subject: [PATCH] initial: add config.scm and host keys (pub) --- config.scm | 836 +++++++++++++++++++++++++++++++++++ ssh/ssh_host_ecdsa_key.pub | 1 + ssh/ssh_host_ed25519_key.pub | 1 + ssh/ssh_host_rsa_key.pub | 1 + 4 files changed, 839 insertions(+) create mode 100644 config.scm create mode 100644 ssh/ssh_host_ecdsa_key.pub create mode 100644 ssh/ssh_host_ed25519_key.pub create mode 100644 ssh/ssh_host_rsa_key.pub diff --git a/config.scm b/config.scm new file mode 100644 index 0000000..d5d2264 --- /dev/null +++ b/config.scm @@ -0,0 +1,836 @@ +;;; +;;; Configurations GNU Guix des ordinateurs de neox +;;; +;;; Copyright (C) 2024 Adrien 'neox' Bourmault +;;; +;;; This is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; This is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this. If not, see . + + +;; Indique quels modules importer pour accéder aux variables +;; utilisées dans cette configuration. +(use-modules + (gnu) + (gnu home) + (gnu home services gnupg) + (gnu home services shells) + (gnu packages) + (gnu packages autotools) + (gnu packages avahi) + (gnu packages base) + (gnu packages bash) + (gnu packages boost) + (gnu packages build-tools) + (gnu packages compression) + (gnu packages cups) + (gnu packages freedesktop) + (gnu packages freedesktop) + (gnu packages ftp) + (gnu packages gettext) + (gnu packages ghostscript) + (gnu packages glib) + (gnu packages gnome) + (gnu packages gnupg) + (gnu packages gtk) + (gnu packages image) + (gnu packages imagemagick) + (gnu packages libusb) + (gnu packages linux) + (gnu packages messaging) + (gnu packages pkg-config) + (gnu packages python) + (gnu packages scanner) + (gnu packages textutils) + (gnu packages tls) + (gnu packages xml) + (gnu services) + (guix build-system gnu) + (guix gexp) + (guix git-download) + (guix download) + ((guix licenses) #:prefix license:) + (guix packages) + (guix utils) + (srfi srfi-1)) + +(use-service-modules + cups + desktop + guix + networking + ssh + xorg + virtualization + vpn + security-token) + +;; Paquets personnalisés + +;; Outils GNU Boot +(define gnuboot-version "0.1-rc4") +(define gnuboot-source + (origin + (method url-fetch) + (uri (string-append "mirror://gnu/gnuboot/gnuboot-" gnuboot-version + "/gnuboot-" gnuboot-version "_src.tar.xz")) + (sha256 + (base32 + "0nc0qjbrnxvs20g36irj11prmrmyk8d8f256xiyxcarnxc0sigfw")))) + +(define + (make-gnuboot-utils-package + name + source + version + synopsis + description) + (package + (name name) + (version version) + (source source) + (build-system gnu-build-system) + (arguments + (list + #:tests? #f + #:make-flags + #~(list + (string-append "CC=" #$(cc-for-target)) + (string-append "DESTDIR=" #$output) + "INSTALL=install" + "PREFIX=/") + #:phases + #~(modify-phases + %standard-phases + (delete 'configure) + (add-after + 'unpack 'enter-source + (lambda _ + (chdir (string-append "coreboot/default/util/" #$name))))))) + (synopsis synopsis) + (description description) + (home-page "https://www.gnu.org/software/gnuboot") + (license license:gpl2))) + +(define cbfstool + (make-gnuboot-utils-package + "cbfstool" + gnuboot-source + gnuboot-version + "Tool to manipulate Coreboot image files" + "This package provides @command{cbfstool}, a program that can +add a wide variety of files (bootblock, stage, payload, configuration +files, etc) to Coreboot File System (CBFS) images. It supports +original CBFS images as well as images in the newer FMAP format. It +also supports compressing files when requested.")) + +(define ifdtool + (make-gnuboot-utils-package + "ifdtool" + gnuboot-source + gnuboot-version + "" + "")) + +(define nvramtool + (make-gnuboot-utils-package + "nvramtool" + gnuboot-source + gnuboot-version + "" + "")) + +(define gnupload + (package + (name "gnupload") + (version (package-version gnulib)) + (source (package-source gnulib)) + (arguments + (list #:tests? #f + #:phases + #~(modify-phases + %standard-phases + (add-after 'unpack 'chdir + (lambda _ (chdir "build-aux"))) + (delete 'bootstrap) + (delete 'configure) + (delete 'build) + (replace + 'install + (lambda _ + (install-file + "gnupload" + (string-append #$output "/bin/"))))))) + (build-system gnu-build-system) + (inputs (list + bash ;; case esac break read eval shift exit + coreutils ;; echo test shift rm cat + gnupg ;; gpg gpg-agent + grep ;; grep + ncftp ;; ncftpput + sed)) ;; sed + (synopsis "") + (description "") + (home-page "") + (license license:gpl2+))) + +(define sane-custom-minimal + (package + (name "sane-custom-minimal") + (version "1.3.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.com/sane-project/backends") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1fb6shx9bz0svcyasmyqs93rbbwq7kzg6l0h1zh3kjvcwhchyv72")) + (modules '((guix build utils))) + (snippet + ;; Generated HTML files and udev rules normally embed a + ;; timestamp. Work around that to build things reproducibly. + '(begin + (substitute* "tools/sane-desc.c" + (("asctime \\(localtime \\(¤t_time\\)\\)") + "\"1970-01-01\"")))))) + (build-system gnu-build-system) + (native-inputs + `(("autoconf" ,autoconf) + ("autoconf-archive" ,autoconf-archive) + ("automake" ,automake) + ("gettext" ,gettext-minimal) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config) + ;; For scripts/pixma_gen_options.py. + ("python" ,python-wrapper))) + (inputs + (list libusb)) + (arguments + `(#:configure-flags '("--with-lockdir=/var/lock/sane") ;; Avoid errors with plustek + #:phases + (modify-phases %standard-phases + (add-before 'bootstrap 'zap-unnecessary-git-dependency + (lambda _ + ;; This runs before default patch-shebangs phase. + (substitute* "tools/git-version-gen" + (("/bin/sh") (which "sh"))) + (with-output-to-file ".tarball-version" + (lambda _ (format #t ,version))))) + (add-before 'configure 'disable-lockdir-creation + (lambda _ + ;; Modify the Makefile.am to prevent the creation of the lock dir + (substitute* "backend/Makefile.am" + (("^install-lockpath:.*$") + "install-lockpath: # pass")))) + (add-before 'configure 'disable-backends + (lambda _ + (setenv "BACKENDS" " ") + + ;; Disable tests that may require back ends to be built. + (substitute* "testsuite/Makefile.in" + ((" backend ") " ")))) + (add-before 'configure 'disable-failing-tests + (lambda _ + ;; Disable unmaintained tests that that fail with errors resembling: + ;; + ;; < # by sane-desc 3.5 from sane-backends 1.0.24git on Jul 31 2013 + ;; --- + ;; > # by sane-desc 3.5 from sane-backends 1.0.27 on 1970-01-01# + ;; FAIL: sane-desc -m usermap -s ./data + (for-each + (lambda (pattern) + (substitute* "testsuite/tools/Makefile.in" + (((string-append " " pattern " ")) " "))) + (list "usermap" "db" "udev" "udev\\+acl" "udev\\+hwdb" "hwdb")) + + ;; Disable tests that try to connect to actual USB hardware & fail + ;; with the following error when no USB access is allowed at all: + ;; + ;; sanei_usb_test: sanei_usb_test.c:849: main: Assertion + ;; `test_init (1)' failed. + (substitute* "testsuite/sanei/Makefile.in" + (("sanei_usb_test\\$\\(EXEEXT\\) ") "")))) + (add-before 'build 'build-pixma_sane_options.c + ;; "No rule to make target '../backend/pixma/pixma_sane_options.c', + ;; needed by 'sane-backends.pot-update'." + (lambda _ + (invoke "make" "-C" "backend" "pixma/pixma_sane_options.c"))) + (add-after 'install 'install-udev-rules + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (mkdir-p (string-append out "/lib/udev/rules.d")) + (copy-file "tools/udev/libsane.rules" + (string-append out + "/lib/udev/rules.d/" + "60-libsane.rules"))))) + (add-after 'install 'make-reproducible + ;; XXX Work around an old bug . + ;; Then work around "Throw to key `decoding-error' ..." by using sed. + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (locale (string-append out "/share/locale"))) + (with-directory-excursion locale + (for-each (lambda (file) + (invoke "sed" "-i" "/^PO-Revision-Date:/d" file)) + (list "en@boldquot/LC_MESSAGES/sane-backends.mo" + "en@quot/LC_MESSAGES/sane-backends.mo"))))))))) + (home-page "http://www.sane-project.org") + (synopsis + "Raster image scanner library and drivers, without scanner support") + (description "SANE stands for \"Scanner Access Now Easy\" and is an API +proving access to any raster image scanner hardware (flatbed scanner, +hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The +package contains the library, but no drivers.") + (license license:gpl2+))) ; plus linking exception + +(define sane-custom-backends + (package/inherit sane-custom-minimal + (name "sane-custom-backends") + (inputs + `(("hplip" ,(@ (gnu packages cups) hplip-minimal)) + ("libjpeg" ,libjpeg-turbo) ; for pixma/epsonds/other back ends + ("libpng" ,libpng) ; support ‘scanimage --format=png’ + ("libxml2" ,libxml2) ; for pixma back end + ,@(package-inputs sane-backends-minimal))) + (arguments + (substitute-keyword-arguments (package-arguments sane-custom-minimal) + ((#:phases phases) + `(modify-phases ,phases + (delete 'disable-backends) + (add-after 'disable-failing-tests 'disable-failing-backend-tests + (lambda _ + ;; Disable test that fails on i686: + ;; + (substitute* "testsuite/backend/genesys/Makefile.in" + ((" genesys_unit_tests\\$\\(EXEEXT\\)") "")) + #t)) + (add-after 'unpack 'add-backends + (lambda _ + (substitute* "backend/dll.conf.in" + (("hp5590" all) (format #f "~a~%~a" all "hpaio"))) + #t)) + (add-after 'install 'install-hpaio + (lambda* (#:key inputs outputs #:allow-other-keys) + (define hplip (string-append (assoc-ref inputs "hplip") + "/lib/sane")) + (define out (string-append (assoc-ref outputs "out") + "/lib/sane")) + (for-each + (lambda (file) + (symlink file (string-append out "/" (basename file)))) + (find-files hplip)) + #t)))))) + (synopsis + "Raster image scanner library and drivers, with scanner support") + (description "SANE stands for \"Scanner Access Now Easy\" and is an API +proving access to any raster image scanner hardware (flatbed scanner, +hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The +package contains the library and drivers."))) + +(define simple-scan-custom + (package + (inherit simple-scan) ; Inherit from the original 'simple-scan' + (name "simple-scan-custom") ; Override the package name + (inputs + (modify-inputs (package-inputs simple-scan) + (replace "sane-backends" sane-custom-backends))))) ; Replace the input + +;; Service personnalisé + +(define %sane-custom-accounts + ;; The '60-libsane.rules' udev rules refers to the "scanner" group. + (list (user-group (name "scanner") (system? #t)))) + +(define %sane-custom-activation + #~(begin + (use-modules (guix build utils)) + (let ((lockpath "/var/lock/sane") + (gid (vector-ref (getgrnam "scanner") 2))) + ;; Create the lock directory at runtime and give right perms + (mkdir-p lockpath) + (chown lockpath -1 gid) + (chmod lockpath #o770)) + #t)) + +(define sane-custom-service-type + (service-type + (name 'sane) + (description + "Custom SANE service") + (default-value sane-custom-minimal) + (extensions + (list (service-extension udev-service-type list) + (service-extension activation-service-type + (const %sane-custom-activation)) + (service-extension account-service-type + (const %sane-custom-accounts)))))) + +;; Configuration sudoer personnalisée + +(define %sudoers-specification + (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=(ALL) NOPASSWD: ALL +")) + +;; Configuration spice personnalisée +(define %nk3-rules + (udev-rule + "42-nk3.rules" + (string-append "\ +ACTION!=\"add|change\", GOTO=\"u2f_end\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\" +LABEL=\"u2f_end\" +"))) + + +;; Fichiers de configuration du home + +(define %bashrc_content + (plain-file "bashrc" "\ +if [ -n \"$GUIX_ENVIRONMENT\" ] +then + PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ ' +else + PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ ' +fi + +PATH=\"$PATH:~/.local/bin\" + +guix() { + if [[ \"$1\" == \"install\" ]]; then + echo \"Tu es débile, ou bien ?\" + elif [[ \"$1\" == \"remove\" ]]; then + echo \"Tu es débile, ou bien ?\" + else + command guix \"$@\" + fi +} + +if [[ ! -n \"$SSH_CLIENT\" ]]; then + unset SSH_AGENT_PID + if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then + export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\" + fi +fi")) + +(define %profile_content + (plain-file "profile" "\ +if [[ ! -n \"$SSH_CLIENT\" ]]; then + unset SSH_AGENT_PID + if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then + export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\" + fi +fi")) + +(define %home_configuration + (home-environment + (services + (list + (service home-bash-service-type + (home-bash-configuration + (environment-variables + '( + ("BSD_GAMES_DIR" . "~/.local/share/bsd-games") + ("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'") + ("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs") + ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share") + ("LV2_PATH" . "/run/current-system/profile/lib/lv2"))) + (aliases + '( + ("clear" . "printf '\\033c'") + ("dir" . "dir --color=auto") + ("egrep" . "grep -E --color=auto") + ("fgrep" . "grep -F --color=auto") + ("grep" . "grep --color=auto") + ("la" . "ls -lthA -p --color=auto") + ("ll" . "ls -lth -p --color=auto") + ("ls" . "ls -p --color=auto") + ("vdir" . "vdir --color=auto"))) + (bashrc + (list + %bashrc_content)))) + + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry-gnome3 "/bin/pinentry-gnome3")) + (ssh-support? #t))))))) + +;; Configuration du système +;; C'est le point d'entrée de la configuration +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr" "oss")) + (host-name "n-t400s") + + + ;; Application de la configuration sudoer personnalisée (définie plus haut) + (kernel-arguments + (list + "tsc=unstable" + "clocksource=hpet" + "trace_clock=local" + ;"lsm=landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" + "rd.udev.event-timeout=5")) + + (sudoers-file %sudoers-specification) + + ;; La liste des comptes utilisateurs (« root » est implicite). + (users + (cons* + (user-account + (name "neox") + (comment "neox") + (password (crypt "password" "$6$abc")) + (group "users") + (home-directory "/home/neox") + (supplementary-groups + '("wheel" + "dialout" + "netdev" + "audio" + "video" + "plugdev" + "kvm" + "scanner" + "lp"))) + %base-user-accounts)) + + ;; Quelques paquets installés au niveau du système. + ;; On installe notamment network-manager et son extension pour openvpn + (packages + (append + (specifications->packages + (list + "adb" + "alsa-plugins" + "alsa-utils" + "ardour" + "audacity" + "beep" + "bind:utils" + "binutils" + ;"bmaptools" + "cabextract" + "calf" + "cmatrix" + "cpupower" + "cryptsetup" + "curl" + "cvs" + "dconf-editor" + "dino" + "dosbox" + "gocryptfs" + "emacs" + "endeavour" + "python-esptool" + "evolution" + "exfatprogs" + "fastboot" + "file" + "flashrom" + "flatpak" + "font-awesome" + "font-ipa-ex" + "font-ipa" + "font-ipa-mj-mincho" + "font-liberation" + "font-mplus-testflight" + "font-openmoji" + "font-wqy-zenhei" + "gallery-dl" + "gdb" + "ghostscript" + "ghostwriter" + "gimp" + "git" + "git-lfs" + "git:send-email" + "glmark2" + "gnome-builder" + "gnome-font-viewer" + "gnome-maps" + "gnome-power-manager" + "gnome-shell-extension-appindicator" + "gnome-shell-extension-blur-my-shell" + "gnome-shell-extension-burn-my-windows" + "gnome-shell-extension-dash-to-dock" + "gnome-shell-extension-night-theme-switcher" + "gnome-shell-extension-noannoyance" + "gnome-shell-extension-vitals" + "gnome-tweaks" + "gnupg" + "gnuplot" + "gparted" + "gpgme" + "graphviz" + "grub" + "hexchat" + "htop" + "hwloc" + "icecat" + "inetutils" + "inkscape" + "ipp-usb" + "iptables" + "jack" + "jp2a" + "kcachegrind" + "kgraphviewer" + "librecad" + "ldns" + "libreoffice" + "libtree" + "lm-sensors" + "lsof" + "lvm2" + "lynx" + "make" + "man-pages" + "mdadm" + "mediainfo" + "megatools" + "meld" + "microcom" + "minetest" + "minicom" + "minisat" + "mpv" + "mtr" + "mumble" + "nbd" + "ncftp" + "ndisc6" + "neofetch" + "netcat" + "network-manager" + "network-manager-openvpn" + "nextcloud-client" + "ngspice" + "nitrocli" + "nmap" + "ntfs-3g" + "openssh" + "openssl" + "openvpn" + "pam-u2f" + "pandoc" + "paprefs" + "parted" + "patchelf" + "pavucontrol" + "pipe-viewer" + "pkg-config" + "poppler" + "powertop" + "profanity" + "python" + "python2" + "python-logutils" + "python-markdown" + "python-paramiko" + "python-prettytable" + "python-virtualenv" + "qbittorrent" + "qemu" + "qjackctl" + "qpdf" + "recutils" + "rsync" + "rubber" + "ruby-pygmentize" + "screen" + "perl-digest-sha" + "strace" + "seahorse" + "setxkbmap" + "simplescreenrecorder" + "sl" + "speedtest-cli" + "sqlitebrowser" + "sshpass" + "system-config-printer" + "testdisk" + "texlive" + "texlive-biber" + "texmaker" + "tig" + "tilix" + "tree" + "tor" + "torbrowser" + "tuba" + "uefitool" + "ungoogled-chromium" + "unzip" + "vlc" + "wine64" + "xauth" + "xdg-desktop-portal-gnome" + "xdg-utils" + "xdot" + "xdotool" + "xeyes" + "xournalpp" + "xrdp" + "yt-dlp" + "zip" + "zstd")) + + (list + cbfstool + gnupload + nvramtool + sane-custom-backends + simple-scan-custom) + + (remove + (lambda (pkg) + (string=? (package-name pkg) "simple-scan")) + %base-packages))) + + ;; Services du système. + ;; On en profite pour modifier le comportement par défaut de quelques services. + (services + (modify-services + (append + (list + ;; Service guix home (reconfiguration auto des profils) + (service guix-home-service-type + `(("neox" ,%home_configuration))) + + ;; Service bluetooth + (service bluetooth-service-type) + + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + + ;; Service OpenSSH + (service openssh-service-type + (openssh-configuration + (x11-forwarding? #t) + (password-authentication? #f) + (permit-root-login 'prohibit-password))) + + ;; Service d'impression + (service cups-service-type + (cups-configuration + (web-interface? #t) + (extensions + (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) + + ;; Application de la configuration udev personnalisée + (udev-rules-service 'plugdev %nk3-rules #:groups '("plugdev")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (service pam-limits-service-type + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + ;; Service Gnome/GDM + (service gnome-desktop-service-type) + + ;; Service Tor + (service tor-service-type) + + ;; Service de scanners + (service sane-custom-service-type) + + ;; Configuration de l'environnement graphique (notamment clavier) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + + ;; Services par défaut du système + %desktop-services) + + ;; Modification de services par défaut + ;; Configuration du service upower pour éviter la mise en veille lors + ;; de la fermeture de capot + (upower-service-type config => (upower-configuration + (inherit config) + (ignore-lid? #t))) + + ;; Configuration du service elogind pour éviter la mise en veille lors + ;; de la fermeture du capot + (elogind-service-type config => (elogind-configuration + (inherit config) + (handle-lid-switch 'ignore) + (handle-lid-switch-external-power 'ignore))) + + ;; Configuration des scanners + ;(sane-service-type _ => sane-backends) + (delete sane-service-type) + (sane-custom-service-type _ => sane-custom-backends) + + ;; Configuration du garbage collector + (guix-service-type config => (guix-configuration + (inherit config) + (extra-options '("--gc-keep-derivations=yes" "--gc-keep-output=yes")))) + + + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN + (network-manager-service-type config => (network-manager-configuration + (inherit config) + (vpn-plugins + (list (specification->package "network-manager-openvpn"))))))) + + ;; Chargeur de démarrage (GRUB) + ;; On indique ici où il doit être installé et comment le configurer + (bootloader + (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))) + (keyboard-layout keyboard-layout))) + + ;; Périphériques mappés + ;; On configure notamment ici les partitions chiffrées (LUKS) + (mapped-devices + (list + (mapped-device + (source + (uuid "e200ab4d-6e65-4e4f-afc8-9230011141cf")) + (target "fde") + (type luks-device-mapping)) + (mapped-device + (source "matrix") + (targets + (list + "matrix-root")) + (type lvm-device-mapping)))) + + ;; Specify a swap file for the system, which resides on the + ;; root file system. + (swap-devices + (list + (swap-space + (target "/swapfile")))) + + ;; La liste des systèmes de fichiers montés au démarrage + ;; On configure ici le montage des partitions chiffrées et non chiffrées + (file-systems + (cons* + (file-system + (mount-point "/") + (device (file-system-label "root")) + (needed-for-boot? #t) + (dependencies mapped-devices) + (type "ext4")) + %base-file-systems))) diff --git a/ssh/ssh_host_ecdsa_key.pub b/ssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..018bc52 --- /dev/null +++ b/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIn9XX72XE7tegqcHf/CFPhkkg771ZUw8Rds1AJwdKYvYv/u0aIFjqoEJm9EywLHhAkxCrIuL7R45GEwnE49D40= root@(none) diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..f701b53 --- /dev/null +++ b/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhNNT9tFGTTGQ9e+L5u1gJiPpiivE04r8iQ4zapXpSU root@(none) diff --git a/ssh/ssh_host_rsa_key.pub b/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..56e1205 --- /dev/null +++ b/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDrDTvHReirXXSO3CsRNl1uR0tsk5ebyR6E5tFixOmAGFoch60xqPFDWoR3GLsgcYK2Hl6wTBLv7CYjZyxCRTyuVTjfidiTLHaI/Pw/Pz+lEqiWPiMtHAKyhrJoGsrwZvxUN3opa7YCXO3UgcWbsKQQtUUp+E0qPh157ym2rKdIUYsbjHdeNRQZ2527nqgUD4KIYwXW7wKNjEAyoVu26FJbJVRx6kzTSvPc0G9IuxR+vfFAziRUdZBPT6yVAwNUv9tsg8w6rp3xCtEQFUHavRHX1MwoCJxZ57ns4EkkeSydSm7Jhnz8VLHFoMkxPBQvq0dyxyINhyaHwHFsiIBhZqE/0BSDEisvHp/mHKeU6lXHO/u8fbG8VMApXGMH8S9dg7tDEOvQfygEf1fXylsKkRu1j9NXPg7ifmaOzjAGVKPKJJmgHkDQPGKyLfIMsmOkY4Uta4GjurgoXMJsj5Dx9bMlX5Q3hBQIviMDX40qnUwa0Zvgl+wyFWyHYp+2y49YXqc= root@(none)