diff --git a/config.scm b/config.scm index 3486766..96cb8de 100644 --- a/config.scm +++ b/config.scm @@ -22,7 +22,7 @@ (use-modules (gnu)) (use-modules (gnu packages freedesktop)) (use-modules (srfi srfi-1)) -(use-service-modules cups desktop networking ssh xorg virtualization vpn) +(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token) ;; Configuration sudoer personnalisée (define %sudoers-specification @@ -35,10 +35,29 @@ root ALL=(ALL) ALL ;; Permet le partage de périphériques USB via virt-manager (define %spice-rules (udev-rule - "50-spice.rules" + "41-spice-and-nitrokey.rules" (string-append "\ SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\" SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" +ACTION!=\"add|change\", GOTO=\"u2f_end\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\" +KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\" +LABEL=\"u2f_end\" +SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\" +ACTION!=\"add\", GOTO=\"gnupg_rules_end\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\" +LABEL=\"gnupg_rules_end\" +KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\" "))) ;; Configuration du système @@ -49,7 +68,11 @@ SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" (keyboard-layout (keyboard-layout "fr" "oss")) (host-name "n-guix-port") + ;; Application de la configuration sudoer personnalisée (définie plus haut) + (kernel-arguments + (list "modprobe.blacklist=usbmouse,usbkbd")) + (sudoers-file %sudoers-specification) ;; La liste des comptes utilisateurs (« root » est implicite). @@ -81,7 +104,10 @@ SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" (services (modify-services (append (list (service gnome-desktop-service-type) - + + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + ;; Service d'impression (service cups-service-type) @@ -99,7 +125,7 @@ SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" (pam-limits-entry "@audio" 'both 'rtprio 99) (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) - + ;; Configuration de l'environnement graphique (notamment clavier) (set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout)))) %desktop-services)