diff --git a/config.scm b/config.scm index f43e2f4..3486766 100644 --- a/config.scm +++ b/config.scm @@ -1,10 +1,20 @@ -;; Ceci est une configuration de système d'exploitation générée par -;; l'installateur graphique. -;; -;; Une fois l'installation terminée, vous pouvez apprendre à modifier -;; ce fichier pour ajuster la configuration du système et le passer à -;; la commande « guix system reconfigure » pour rendre vos changements -;; effectifs. +;;; +;;; Configurations GNU Guix des ordinateurs de neox +;;; +;;; Copyright (C) 2023 Adrien 'neox' Bourmault +;;; +;;; This is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; This is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this. If not, see . ;; Indique quels modules importer pour accéder aux variables @@ -14,14 +24,15 @@ (use-modules (srfi srfi-1)) (use-service-modules cups desktop networking ssh xorg virtualization vpn) -;; Définitions - +;; Configuration sudoer personnalisée (define %sudoers-specification (plain-file "sudoers" "\ root ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL ")) +;; Configuration spice personnalisée +;; Permet le partage de périphériques USB via virt-manager (define %spice-rules (udev-rule "50-spice.rules" @@ -30,88 +41,104 @@ SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\" SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" "))) -;; CONF +;; Configuration du système +;; C'est le point d'entrée de la configuration (operating-system (locale "fr_FR.utf8") (timezone "Europe/Paris") (keyboard-layout (keyboard-layout "fr" "oss")) (host-name "n-guix-port") + ;; Application de la configuration sudoer personnalisée (définie plus haut) (sudoers-file %sudoers-specification) ;; La liste des comptes utilisateurs (« root » est implicite). (users (cons* (user-account - (name "neox") - (comment "neox") - (group "users") - (home-directory "/home/neox") - (supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice"))) - %base-user-accounts)) + (name "neox") + (comment "neox") + (group "users") + (home-directory "/home/neox") + ;; ajout de groupes pour virt-manager + (supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice"))) + %base-user-accounts)) - ;; Packages installed system-wide. Users can also install packages - ;; under their own account: use 'guix search KEYWORD' to search - ;; for packages and 'guix install PACKAGE' to install a package. - (packages (append (list (specification->package "nss-certs") - (specification->package "qemu") - (specification->package "virt-manager") - (specification->package "libvirt") - (specification->package "lvm2") - (specification->package "mdadm") - (specification->package "network-manager") - (specification->package "network-manager-openvpn")) - %base-packages)) + ;; Quelques paquets installés au niveau du système. + ;; On installe notamment network-manager et son extension pour openvpn, + ;; ou encore libvirt/virt-manager pour la virtualisation + (packages (append (list + (specification->package "nss-certs") + (specification->package "qemu") + (specification->package "virt-manager") + (specification->package "libvirt") + (specification->package "lvm2") + (specification->package "mdadm") + (specification->package "network-manager") + (specification->package "network-manager-openvpn")) + %base-packages)) - ;; Voici la liste des services du système. Pour trouver les services disponibles, - ;; lancez « guix system search MOT-CLÉ » dans un terminal. + ;; Services du système. + ;; On en profite pour modifier le comportement par défaut de quelques services. (services - (modify-services - (append - (list - (service gnome-desktop-service-type) - (service cups-service-type) - (service libvirt-service-type) - (udev-rules-service 'spice %spice-rules #:groups '("spice")) - (service virtlog-service-type) - (pam-limits-service - (list - (pam-limits-entry "@audio" 'both 'rtprio 99) - (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) - (set-xorg-configuration - (xorg-configuration (keyboard-layout keyboard-layout)))) - %desktop-services) + (modify-services (append (list + (service gnome-desktop-service-type) + ;; Service d'impression + (service cups-service-type) + + ;; Service KVM/Libvirt pour virt-manager + (service libvirt-service-type) + (service virtlog-service-type) + + ;; Application de la configuration spice personnalisée (définie plus haut) + (udev-rules-service 'spice %spice-rules #:groups '("spice")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (pam-limits-service + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + %desktop-services) + + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN (network-manager-service-type config => (network-manager-configuration (inherit config) (vpn-plugins - (list (specification->package "network-manager-openvpn"))))))) - + (list (specification->package "network-manager-openvpn"))))))) + ;; Chargeur de démarrage (GRUB) + ;; On indique ici où il doit être installé et comment le configurer (bootloader (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets (list "/boot/efi")) - (keyboard-layout keyboard-layout))) + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + + ;; Périphériques mappés + ;; On configure notamment ici les partitions chiffrées (LUKS) (mapped-devices (list (mapped-device - (source (uuid - "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0")) - (target "crypthome") - (type luks-device-mapping)))) + (source (uuid + "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0")) + (target "crypthome") + (type luks-device-mapping)))) - ;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants - ;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent - ;; en exécutant « blkid » dans un terminal. - (file-systems (cons* (file-system - (mount-point "/home") - (device "/dev/mapper/crypthome") - (type "ext4") - (dependencies mapped-devices)) - (file-system - (mount-point "/boot/efi") - (device (uuid "A012-A17A" - 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device (uuid - "dfaec018-b99b-4d34-a206-eec25b833c45" - 'ext4)) - (type "ext4")) %base-file-systems))) + ;; La liste des systèmes de fichiers montés au démarrage + ;; On configure ici le montage des partitions chiffrées et non chiffrées + (file-systems (cons* + (file-system + (mount-point "/home") + (device "/dev/mapper/crypthome") + (type "ext4") + (dependencies mapped-devices)) + (file-system + (mount-point "/boot/efi") + (device (uuid "A012-A17A" 'fat32)) + (type "vfat")) + (file-system + (mount-point "/") + (device (uuid "dfaec018-b99b-4d34-a206-eec25b833c45" 'ext4)) + (type "ext4")) %base-file-systems)))