Remise en forme
This commit is contained in:
parent
2f72504659
commit
71174014e1
175
config.scm
175
config.scm
|
|
@ -1,10 +1,20 @@
|
||||||
;; Ceci est une configuration de système d'exploitation générée par
|
;;;
|
||||||
;; l'installateur graphique.
|
;;; Configurations GNU Guix des ordinateurs de neox
|
||||||
;;
|
;;;
|
||||||
;; Une fois l'installation terminée, vous pouvez apprendre à modifier
|
;;; Copyright (C) 2023 Adrien 'neox' Bourmault <neox@a-lec.org>
|
||||||
;; ce fichier pour ajuster la configuration du système et le passer à
|
;;;
|
||||||
;; la commande « guix system reconfigure » pour rendre vos changements
|
;;; This is free software; you can redistribute it and/or modify it
|
||||||
;; effectifs.
|
;;; under the terms of the GNU General Public License as published by
|
||||||
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
;;; your option) any later version.
|
||||||
|
;;;
|
||||||
|
;;; This is distributed in the hope that it will be useful, but
|
||||||
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
;;; GNU General Public License for more details.
|
||||||
|
;;;
|
||||||
|
;;; You should have received a copy of the GNU General Public License
|
||||||
|
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
|
||||||
;; Indique quels modules importer pour accéder aux variables
|
;; Indique quels modules importer pour accéder aux variables
|
||||||
|
|
@ -14,14 +24,15 @@
|
||||||
(use-modules (srfi srfi-1))
|
(use-modules (srfi srfi-1))
|
||||||
(use-service-modules cups desktop networking ssh xorg virtualization vpn)
|
(use-service-modules cups desktop networking ssh xorg virtualization vpn)
|
||||||
|
|
||||||
;; Définitions
|
;; Configuration sudoer personnalisée
|
||||||
|
|
||||||
(define %sudoers-specification
|
(define %sudoers-specification
|
||||||
(plain-file "sudoers" "\
|
(plain-file "sudoers" "\
|
||||||
root ALL=(ALL) ALL
|
root ALL=(ALL) ALL
|
||||||
%wheel ALL=(ALL) NOPASSWD: ALL
|
%wheel ALL=(ALL) NOPASSWD: ALL
|
||||||
"))
|
"))
|
||||||
|
|
||||||
|
;; Configuration spice personnalisée
|
||||||
|
;; Permet le partage de périphériques USB via virt-manager
|
||||||
(define %spice-rules
|
(define %spice-rules
|
||||||
(udev-rule
|
(udev-rule
|
||||||
"50-spice.rules"
|
"50-spice.rules"
|
||||||
|
|
@ -30,88 +41,104 @@ SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
|
||||||
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
|
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
|
||||||
")))
|
")))
|
||||||
|
|
||||||
;; CONF
|
;; Configuration du système
|
||||||
|
;; C'est le point d'entrée de la configuration
|
||||||
(operating-system
|
(operating-system
|
||||||
(locale "fr_FR.utf8")
|
(locale "fr_FR.utf8")
|
||||||
(timezone "Europe/Paris")
|
(timezone "Europe/Paris")
|
||||||
(keyboard-layout (keyboard-layout "fr" "oss"))
|
(keyboard-layout (keyboard-layout "fr" "oss"))
|
||||||
(host-name "n-guix-port")
|
(host-name "n-guix-port")
|
||||||
|
|
||||||
|
;; Application de la configuration sudoer personnalisée (définie plus haut)
|
||||||
(sudoers-file %sudoers-specification)
|
(sudoers-file %sudoers-specification)
|
||||||
|
|
||||||
;; La liste des comptes utilisateurs (« root » est implicite).
|
;; La liste des comptes utilisateurs (« root » est implicite).
|
||||||
(users (cons* (user-account
|
(users (cons* (user-account
|
||||||
(name "neox")
|
(name "neox")
|
||||||
(comment "neox")
|
(comment "neox")
|
||||||
(group "users")
|
(group "users")
|
||||||
(home-directory "/home/neox")
|
(home-directory "/home/neox")
|
||||||
(supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice")))
|
;; ajout de groupes pour virt-manager
|
||||||
%base-user-accounts))
|
(supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice")))
|
||||||
|
%base-user-accounts))
|
||||||
|
|
||||||
;; Packages installed system-wide. Users can also install packages
|
;; Quelques paquets installés au niveau du système.
|
||||||
;; under their own account: use 'guix search KEYWORD' to search
|
;; On installe notamment network-manager et son extension pour openvpn,
|
||||||
;; for packages and 'guix install PACKAGE' to install a package.
|
;; ou encore libvirt/virt-manager pour la virtualisation
|
||||||
(packages (append (list (specification->package "nss-certs")
|
(packages (append (list
|
||||||
(specification->package "qemu")
|
(specification->package "nss-certs")
|
||||||
(specification->package "virt-manager")
|
(specification->package "qemu")
|
||||||
(specification->package "libvirt")
|
(specification->package "virt-manager")
|
||||||
(specification->package "lvm2")
|
(specification->package "libvirt")
|
||||||
(specification->package "mdadm")
|
(specification->package "lvm2")
|
||||||
(specification->package "network-manager")
|
(specification->package "mdadm")
|
||||||
(specification->package "network-manager-openvpn"))
|
(specification->package "network-manager")
|
||||||
%base-packages))
|
(specification->package "network-manager-openvpn"))
|
||||||
|
%base-packages))
|
||||||
|
|
||||||
;; Voici la liste des services du système. Pour trouver les services disponibles,
|
;; Services du système.
|
||||||
;; lancez « guix system search MOT-CLÉ » dans un terminal.
|
;; On en profite pour modifier le comportement par défaut de quelques services.
|
||||||
(services
|
(services
|
||||||
(modify-services
|
(modify-services (append (list
|
||||||
(append
|
(service gnome-desktop-service-type)
|
||||||
(list
|
|
||||||
(service gnome-desktop-service-type)
|
|
||||||
(service cups-service-type)
|
|
||||||
(service libvirt-service-type)
|
|
||||||
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
|
|
||||||
(service virtlog-service-type)
|
|
||||||
(pam-limits-service
|
|
||||||
(list
|
|
||||||
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
|
||||||
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
|
||||||
(set-xorg-configuration
|
|
||||||
(xorg-configuration (keyboard-layout keyboard-layout))))
|
|
||||||
%desktop-services)
|
|
||||||
|
|
||||||
|
;; Service d'impression
|
||||||
|
(service cups-service-type)
|
||||||
|
|
||||||
|
;; Service KVM/Libvirt pour virt-manager
|
||||||
|
(service libvirt-service-type)
|
||||||
|
(service virtlog-service-type)
|
||||||
|
|
||||||
|
;; Application de la configuration spice personnalisée (définie plus haut)
|
||||||
|
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
|
||||||
|
|
||||||
|
;; Modification des limites mémoires pour les accès audio temps réel
|
||||||
|
;; (utile notamment pour Ardour)
|
||||||
|
(pam-limits-service
|
||||||
|
(list
|
||||||
|
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
||||||
|
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
||||||
|
|
||||||
|
|
||||||
|
(set-xorg-configuration
|
||||||
|
(xorg-configuration (keyboard-layout keyboard-layout))))
|
||||||
|
%desktop-services)
|
||||||
|
|
||||||
|
;; Configuration du service network-manager pour prendre en charge
|
||||||
|
;; OpenVPN
|
||||||
(network-manager-service-type config => (network-manager-configuration
|
(network-manager-service-type config => (network-manager-configuration
|
||||||
(inherit config)
|
(inherit config)
|
||||||
(vpn-plugins
|
(vpn-plugins
|
||||||
(list (specification->package "network-manager-openvpn")))))))
|
(list (specification->package "network-manager-openvpn")))))))
|
||||||
|
|
||||||
|
|
||||||
|
;; Chargeur de démarrage (GRUB)
|
||||||
|
;; On indique ici où il doit être installé et comment le configurer
|
||||||
(bootloader (bootloader-configuration
|
(bootloader (bootloader-configuration
|
||||||
(bootloader grub-efi-bootloader)
|
(bootloader grub-efi-bootloader)
|
||||||
(targets (list "/boot/efi"))
|
(targets (list "/boot/efi"))
|
||||||
(keyboard-layout keyboard-layout)))
|
(keyboard-layout keyboard-layout)))
|
||||||
(mapped-devices (list (mapped-device
|
|
||||||
(source (uuid
|
|
||||||
"3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0"))
|
|
||||||
(target "crypthome")
|
|
||||||
(type luks-device-mapping))))
|
|
||||||
|
|
||||||
;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants
|
;; Périphériques mappés
|
||||||
;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent
|
;; On configure notamment ici les partitions chiffrées (LUKS)
|
||||||
;; en exécutant « blkid » dans un terminal.
|
(mapped-devices (list (mapped-device
|
||||||
(file-systems (cons* (file-system
|
(source (uuid
|
||||||
(mount-point "/home")
|
"3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0"))
|
||||||
(device "/dev/mapper/crypthome")
|
(target "crypthome")
|
||||||
(type "ext4")
|
(type luks-device-mapping))))
|
||||||
(dependencies mapped-devices))
|
|
||||||
(file-system
|
;; La liste des systèmes de fichiers montés au démarrage
|
||||||
(mount-point "/boot/efi")
|
;; On configure ici le montage des partitions chiffrées et non chiffrées
|
||||||
(device (uuid "A012-A17A"
|
(file-systems (cons*
|
||||||
'fat32))
|
(file-system
|
||||||
(type "vfat"))
|
(mount-point "/home")
|
||||||
(file-system
|
(device "/dev/mapper/crypthome")
|
||||||
(mount-point "/")
|
(type "ext4")
|
||||||
(device (uuid
|
(dependencies mapped-devices))
|
||||||
"dfaec018-b99b-4d34-a206-eec25b833c45"
|
(file-system
|
||||||
'ext4))
|
(mount-point "/boot/efi")
|
||||||
(type "ext4")) %base-file-systems)))
|
(device (uuid "A012-A17A" 'fat32))
|
||||||
|
(type "vfat"))
|
||||||
|
(file-system
|
||||||
|
(mount-point "/")
|
||||||
|
(device (uuid "dfaec018-b99b-4d34-a206-eec25b833c45" 'ext4))
|
||||||
|
(type "ext4")) %base-file-systems)))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue