diff --git a/config.scm b/config.scm index c4f287f..6a4f89e 100644 --- a/config.scm +++ b/config.scm @@ -1,29 +1,72 @@ -;; Ceci est une configuration de système d'exploitation générée par -;; l'installateur graphique. -;; -;; Une fois l'installation terminée, vous pouvez apprendre à modifier -;; ce fichier pour ajuster la configuration du système et le passer à -;; la commande « guix system reconfigure » pour rendre vos changements -;; effectifs. +;;; +;;; Configurations GNU Guix des ordinateurs de neox +;;; +;;; Copyright (C) 2023-2024 Adrien 'neox' Bourmault +;;; +;;; This is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; This is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this. If not, see . ;; Indique quels modules importer pour accéder aux variables ;; utilisées dans cette configuration. -(use-modules (gnu)) -(use-modules (srfi srfi-1)) -(use-modules (gnu system setuid) - (gnu packages cups) - (gnu packages admin) - (gnu services shepherd)) +(use-modules + (gnu) + (gnu home) + (gnu home services shells) + (gnu home services gnupg) + (gnu packages) + (gnu packages gnupg) + (gnu packages freedesktop) + (gnu packages cups) + (gnu services) + (gnu services shepherd) + (gnu system setuid) + (srfi srfi-1) + (guix gexp)) -(use-service-modules cups - desktop - networking - ssh - xorg - virtualization - vpn - security-token) +(use-service-modules + cups + desktop + guix + networking + ssh + xorg + virtualization + vpn + pm + security-token) + +;; Service custom fancontrol +(define (fancontrol-shepherd-service config) + (shepherd-service + (documentation "Run the fancontrol daemon (fancontrol-daemon)." ) + (provision '(fancontrol)) + (requirement '(udev user-processes)) + (start #~(make-forkexec-constructor + (list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol") + #$config) + #:user "root" #:group "root" + #:log-file "/var/log/fancontrol.log")) + (stop #~(make-kill-destructor)))) + +(define fancontrol-service-type + (service-type + (name 'fancontrol) + (description + "Run fancontrol as a daemon.") + (extensions + (list (service-extension shepherd-root-service-type + (compose list fancontrol-shepherd-service)))))) ;; Configuration sudoer personnalisée (define %sudoers-specification @@ -34,7 +77,6 @@ root ALL=(ALL) ALL ;; Configuration spice personnalisée ;; Permet le partage de périphériques USB via virt-manager -;; Permet l'utilisation d'une nitrokey (define %spice-rules (udev-rule "41-spice-and-nitrokey.rules" @@ -62,26 +104,74 @@ LABEL=\"gnupg_rules_end\" KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\" "))) -;; Définition du service de contrôle des ventilateurs -(define (fancontrol-shepherd-service cfg-path) - (shepherd-service - (documentation "Run the fancontrol daemon (fancontrol-daemon)." ) - (provision '(fancontrol)) - (requirement '(udev user-processes)) - (start #~(make-forkexec-constructor - (list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol") - #$cfg-path) - #:user "root" #:group "root" - #:log-file "/var/log/fancontrol.log")) - (stop #~(make-kill-destructor)))) -(define fancontrol-service-type - (service-type - (name 'fancontrol) - (description - "Run fancontrol as a daemon.") - (extensions - (list (service-extension shepherd-root-service-type - (compose list fancontrol-shepherd-service)))))) +(define %bashrc_content + (plain-file "bashrc" "\ +if [ -n \"$GUIX_ENVIRONMENT\" ] +then + PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ ' +else + PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ ' +fi + +guix() { + if [[ \"$1\" == \"install\" ]]; then + echo \"Tu es débile, ou bien ?\" + elif [[ \"$1\" == \"remove\" ]]; then + echo \"Tu es débile, ou bien ?\" + else + command guix \"$@\" + fi +} + +if [[ ! -n \"$SSH_CLIENT\" ]]; then + unset SSH_AGENT_PID + if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then + export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\" + fi +fi")) + +(define %profile_content + (plain-file "profile" "\ +if [[ ! -n \"$SSH_CLIENT\" ]]; then + unset SSH_AGENT_PID + if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then + export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\" + fi +fi")) + +(define %home_configuration + (home-environment + (services + (list + (service home-bash-service-type + (home-bash-configuration + (environment-variables + '( + ("BSD_GAMES_DIR" . "~/.local/share/bsd-games") + ("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'") + ("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs") + ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share") + ("LV2_PATH" . "$HOME/.guix-profile/lib/lv2"))) + (aliases + '( + ("clear" . "printf '\\033c'") + ("dir" . "dir --color=auto") + ("egrep" . "grep -E --color=auto") + ("fgrep" . "grep -F --color=auto") + ("grep" . "grep --color=auto") + ("la" . "ls -lthA -p --color=auto") + ("ll" . "ls -lth -p --color=auto") + ("ls" . "ls -p --color=auto") + ("vdir" . "vdir --color=auto"))) + (bashrc + (list + %bashrc_content)))) + + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry-gnome3 "/bin/pinentry-gnome3")) + (ssh-support? #t))))))) ;; Configuration du système ;; C'est le point d'entrée de la configuration @@ -93,23 +183,242 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK ;; Application de la configuration sudoer personnalisée (définie plus haut) (kernel-arguments - (list "nohz=on" "libata.force=noncq" "modprobe.blacklist=pcspkr,usbmouse,usbkbd" "iommu=pt" "nouveau.config=NvClkMode=15")) + (list + "nohz=on" + "modprobe.blacklist=pcspkr,usbmouse,usbkbd" + "iommu=pt" + "nouveau.config=NvClkMode=15")) + + (initrd-modules + (append + (list + "w83795" + "vfio-pci" + "vfio_iommu_type1" + "mpt3sas" + "dm-raid" + "dm-cache" + "dm-crypt") + %base-initrd-modules)) - (initrd-modules (append (list "w83795" "vfio-pci" "vfio_iommu_type1" "dm-raid" "dm-cache" "dm-crypt") %base-initrd-modules)) - (sudoers-file %sudoers-specification) ;; La liste des comptes utilisateurs (« root » est implicite). - (users (cons* (user-account - (name "neox") - (comment "neox") - (group "users") - (home-directory "/home/neox") - (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin"))) - %base-user-accounts)) + (users + (cons* + (user-account + (name "neox") + (comment "neox") + (password (crypt "password" "$6$abc")) + (group "users") + (home-directory "/home/neox") + (supplementary-groups + '("wheel" + "netdev" + "audio" + "video" + "libvirt" + "kvm" + "scanner" + "spice" + "cdrom" + "lpadmin" + "lp"))) + %base-user-accounts)) + ;; Quelques paquets installés au niveau du système. + ;; On installe notamment network-manager et son extension pour openvpn, + ;; ou encore libvirt/virt-manager pour la virtualisation + (packages + (append + (specifications->packages + (list + "adb" + "alsa-plugins" + "alsa-utils" + "ardour" + "audacity" + "bind:utils" + "binutils" + "blueman" + "cabextract" + "cdrdao" + "claws-mail" + "cmatrix" + "cpupower" + "cdrtools" + "cryptsetup" + "curl" + "cvs" + "dconf-editor" + "dino" + "emacs" + "endeavour" + "evolution" + "exfatprogs" + "fastboot" + ;"ffmpeg" + "file" + "flashrom" + "flatpak" + "font-awesome" + "font-liberation" + "font-openmoji" + "gallery-dl" + "gdb" + "freehdl" + "ghostscript" + "ghostwriter" + "gimp" + "git" + "git-lfs" + "git:send-email" + "glmark2" + "gnome-bluetooth" + "gnome-builder" + "gnome-font-viewer" + "gnome-maps" + "gnome-power-manager" + "gnome-shell-extension-appindicator" + "gnome-shell-extension-blur-my-shell" + "gnome-shell-extension-burn-my-windows" + "gnome-shell-extension-dash-to-dock" + "gnome-shell-extension-night-theme-switcher" + "gnome-shell-extension-noannoyance" + "gnome-shell-extension-vitals" + "gnome-tweaks" + "gnupg" + "gnuplot" + "gparted" + "gpgme" + "graphviz" + "grub" + "hexchat" + "hplip" + "htop" + "hwloc" + "icecat" + "inetutils" + "inkscape" + "iptables" + "jack" + "jp2a" + "kajongg" + "kcachegrind" + "kgraphviewer" + "kicad" + "kicad-templates" + "kicad-symbols" + "kicad-packages3d" + "kicad-footprints" + "kicad-doc" + "translate2geda" + "ldns" + "libreoffice" + "libtree" + "libvirt" + "licensecheck" + "lm-sensors" + "lsof" + "lvm2" + "lynx" + "make" + "man-pages" + "mdadm" + "mediainfo" + "megatools" + "meld" + "microcom" + "minetest" + "minicom" + "minisat" + "mpv" + "mtr" + "mumble" + "nbd" + "ncftp" + "ndisc6" + "neofetch" + "network-manager" + "network-manager-openvpn" + "nextcloud-client" + "nitrocli" + "nmap" + "ntfs-3g" + "openssh" + "openssl" + "openvpn" + "pam-u2f" + "pandoc" + "parallel" + "parted" + "patchelf" + "pavucontrol" + "perl6-mime-base64" + "perl-mime-base64" + "perl-email-mime-encodings" + "pkg-config" + "poppler" + "powertop" + "profanity" + "progress" + "pv" + "python" + "python-wrapper" + "python-logutils" + "python-markdown" + "python-paramiko" + "qbittorrent" + "qemu" + "qjackctl" + "qpdf" + "recutils" + "rsync" + "rubber" + "ruby-pygmentize" + "screen" + "seahorse" + "setxkbmap" + "simplescreenrecorder" + "sl" + "speedtest-cli" + "sqlitebrowser" + "sshpass" + "system-config-printer" + "testdisk" + "texlive" + "texlive-biber" + "texmaker" + "thin-provisioning-tools" + "tig" + "tilix" + "transmission" + "tree" + "eudev" + "uefitool" + "ungoogled-chromium" + "virt-manager" + "vlc" + "wine64" + "python-woob" + "xauth" + ;"xdg-desktop-portal" + "xdg-desktop-portal-gnome" + "xdg-desktop-portal-gtk" + "xdg-utils" + "xdot" + "xdotool" + "xeyes" + "xournalpp" + "xrdp" + "yt-dlp" + "zstd")) + %base-packages)) + + ;; Quelques programmes auquels donner des accès spéciaux (setuid) + ;; (en particulier, logiciels de gravure) (setuid-programs - (append (list + (append (list (setuid-program (program (file-append (specification->package "cdrtools") "/bin/cdrecord"))) (setuid-program @@ -117,113 +426,138 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK (setuid-program (program (file-append (specification->package "cdrtools") "/bin/mkisofs"))) (setuid-program - (program (file-append (specification->package "cdrdao") "/bin/cdrdao")))) + (program (file-append (specification->package "cdrdao") "/bin/cdrdao")))) %setuid-programs)) - ;; Quelques paquets installés au niveau du système. - ;; On installe notamment network-manager et son extension pour openvpn, - ;; ou encore libvirt/virt-manager pour la virtualisation - (packages (append (list (specification->package "qemu") - (specification->package "virt-manager") - (specification->package "libvirt") - (specification->package "lm-sensors") - (specification->package "lvm2") - (specification->package "mdadm") - (specification->package "network-manager") - (specification->package "network-manager-openvpn") - (specification->package "xf86-video-ati") - (specification->package "thin-provisioning-tools")) - %base-packages)) - ;; Services du système. ;; On en profite pour modifier le comportement par défaut de quelques services. (services - (modify-services (append (list - (service gnome-desktop-service-type) - - ;; Service de contrôle des ventilateurs - (service fancontrol-service-type "/etc/fancontrol") - - ;; Service de gestion des clés de chiffrement physique - (service pcscd-service-type) - - (service openssh-service-type - (openssh-configuration - (x11-forwarding? #t) - (permit-root-login 'prohibit-password))) - - ;; Service impression et scanner - (service cups-service-type - (cups-configuration - (web-interface? #t) - (extensions - (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) - - (service sane-service-type) - - ;; Service KVM/Libvirt pour virt-manager - (service libvirt-service-type) - (service virtlog-service-type) - - ;; Application de la configuration spice personnalisée (définie plus haut) - (udev-rules-service 'spice %spice-rules #:groups '("spice")) - - ;; Modification des limites mémoires pour les accès audio temps réel - ;; (utile notamment pour Ardour) - (service pam-limits-service-type + (modify-services + (append (list - (pam-limits-entry "@audio" 'both 'rtprio 99) - (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + ;; Service guix home (reconfiguration auto des profils) + (service guix-home-service-type + `(("neox" ,%home_configuration))) - ;; Configuration de l'environnement graphique (notamment clavier) - (set-xorg-configuration - (xorg-configuration (keyboard-layout keyboard-layout)))) + ;; Service bluetooth + (service bluetooth-service-type) + + ;; Service de contrôle des ventilateurs + (service fancontrol-service-type "/etc/fancontrol") + + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + + ;; Service OpenSSH + (service openssh-service-type + (openssh-configuration + (x11-forwarding? #t) + (password-authentication? #f) + (permit-root-login 'prohibit-password))) + + ;; Service d'impression + (service cups-service-type + (cups-configuration + (web-interface? #f) + (extensions + (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) + + ;; Service KVM/Libvirt pour virt-manager + (service libvirt-service-type) + (service virtlog-service-type) + + ;; Application de la configuration spice personnalisée (définie plus haut) + (udev-rules-service 'spice %spice-rules #:groups '("spice")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (service pam-limits-service-type + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + ;; Service Gnome/GDM + (service gnome-desktop-service-type) + + ;; Configuration de l'environnement graphique (notamment clavier) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + + ;; Services par défaut du système %desktop-services) + + ;; Modification de services par défaut + ;; Configuration du service upower pour éviter la mise en veille lors + ;; de la fermeture de capot + (upower-service-type config => (upower-configuration + (inherit config) + (ignore-lid? #t))) - ;; Configuration du service network-manager pour prendre en charge - ;; OpenVPN - (network-manager-service-type config => (network-manager-configuration - (inherit config) - (vpn-plugins - (list (specification->package "network-manager-openvpn"))))) + ;; Configuration du service elogind pour éviter la mise en veille lors + ;; de la fermeture du capot + (elogind-service-type config => (elogind-configuration + (inherit config) + (handle-lid-switch 'ignore) + (handle-lid-switch-external-power 'ignore))) - (guix-service-type config => (guix-configuration - (inherit config) - (extra-options '("--cores=10")))))) + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN + (network-manager-service-type config => (network-manager-configuration + (inherit config) + (vpn-plugins + (list (specification->package "network-manager-openvpn"))))))) ;; Chargeur de démarrage (GRUB) ;; On indique ici où il doit être installé et comment le configurer - (bootloader + (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list "/dev/nvme0n1")) (terminal-outputs '(console)) (keyboard-layout keyboard-layout) - (theme + (theme (grub-theme (inherit (grub-theme)) (gfxmode '("640x480-24")))))) - + ;; Périphériques mappés ;; On configure notamment ici les partitions chiffrées (LUKS) (mapped-devices (list (mapped-device - (source "/dev/nvme0n1p3") - (target "luks-d1673001-bea6-4d19-8ed7-88e3643aac3e") + (source (uuid "ecac05ea-298a-4565-a054-dc8e5bf4a2f8")) + (target "luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8") (type luks-device-mapping)))) + ;; Specify a swap file for the system, which resides on the + ;; root file system. + ;(swap-devices + ; (list + ; (swap-space + ; (target "/swapfile")))) + ;; La liste des systèmes de fichiers montés au démarrage - ;; On configure ici le montage des partitions chiffrées et non chiffrées - (file-systems - (cons* + ;; On configure ici le montage des partitions chiffrées et non chiffrées + (file-systems + (cons* (file-system (mount-point "/") (device (uuid "2e44f3f7-bb6b-43ac-933a-e8992bf10d29" 'ext4)) (type "ext4")) (file-system (mount-point "/home") - (device "/dev/mapper/luks-d1673001-bea6-4d19-8ed7-88e3643aac3e") + (device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8") (type "ext4") (dependencies mapped-devices)) + (file-system + (mount-point "/home/neox/.local/share/flatpak") + (device (uuid "6e27560f-62c7-434f-a278-45fd3aaf27ba" 'ext4)) + (type "ext4") + (dependencies + (list + (file-system + (mount-point "/home") + (device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8") + (type "ext4") + (dependencies mapped-devices))))) %base-file-systems))) diff --git a/fancontrol b/fancontrol index f60702d..fbbc1f6 100644 --- a/fancontrol +++ b/fancontrol @@ -1,11 +1,11 @@ # Configuration file generated by pwmconfig, changes will be lost INTERVAL=10 -DEVPATH=hwmon7=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f -DEVNAME=hwmon7=w83795g -FCTEMPS= hwmon7/device/pwm1=hwmon7/device/temp7_input -FCFANS= hwmon7/device/pwm1=hwmon7/device/fan2_input+hwmon7/device/fan1_input -MINTEMP= hwmon7/device/pwm1=20 -MAXTEMP= hwmon7/device/pwm1=60 -MINSTART= hwmon7/device/pwm1=150 -MINSTOP= hwmon7/device/pwm1=0 +DEVPATH=hwmon11=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f +DEVNAME=hwmon11=w83795g +FCTEMPS= hwmon11/device/pwm1=hwmon11/device/temp7_input +FCFANS= hwmon11/device/pwm1=hwmon11/device/fan2_input+hwmon11/device/fan1_input +MINTEMP= hwmon11/device/pwm1=20 +MAXTEMP= hwmon11/device/pwm1=60 +MINSTART= hwmon11/device/pwm1=150 +MINSTOP= hwmon11/device/pwm1=0 AVERAGE=4