config.scm: full declarative config with fancontrol and software list

This commit is contained in:
Adrien Bourmault 2024-10-08 18:34:28 +02:00
parent 5088950feb
commit ba7d07d9d7
No known key found for this signature in database
GPG Key ID: 57BC26A3687116F6
2 changed files with 467 additions and 133 deletions

View File

@ -1,29 +1,72 @@
;; Ceci est une configuration de système d'exploitation générée par ;;;
;; l'installateur graphique. ;;; Configurations GNU Guix des ordinateurs de neox
;; ;;;
;; Une fois l'installation terminée, vous pouvez apprendre à modifier ;;; Copyright (C) 2023-2024 Adrien 'neox' Bourmault <neox@a-lec.org>
;; ce fichier pour ajuster la configuration du système et le passer à ;;;
;; la commande « guix system reconfigure » pour rendre vos changements ;;; This is free software; you can redistribute it and/or modify it
;; effectifs. ;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; This is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
;; Indique quels modules importer pour accéder aux variables ;; Indique quels modules importer pour accéder aux variables
;; utilisées dans cette configuration. ;; utilisées dans cette configuration.
(use-modules (gnu)) (use-modules
(use-modules (srfi srfi-1)) (gnu)
(use-modules (gnu system setuid) (gnu home)
(gnu packages cups) (gnu home services shells)
(gnu packages admin) (gnu home services gnupg)
(gnu services shepherd)) (gnu packages)
(gnu packages gnupg)
(gnu packages freedesktop)
(gnu packages cups)
(gnu services)
(gnu services shepherd)
(gnu system setuid)
(srfi srfi-1)
(guix gexp))
(use-service-modules cups (use-service-modules
desktop cups
networking desktop
ssh guix
xorg networking
virtualization ssh
vpn xorg
security-token) virtualization
vpn
pm
security-token)
;; Service custom fancontrol
(define (fancontrol-shepherd-service config)
(shepherd-service
(documentation "Run the fancontrol daemon (fancontrol-daemon)." )
(provision '(fancontrol))
(requirement '(udev user-processes))
(start #~(make-forkexec-constructor
(list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol")
#$config)
#:user "root" #:group "root"
#:log-file "/var/log/fancontrol.log"))
(stop #~(make-kill-destructor))))
(define fancontrol-service-type
(service-type
(name 'fancontrol)
(description
"Run fancontrol as a daemon.")
(extensions
(list (service-extension shepherd-root-service-type
(compose list fancontrol-shepherd-service))))))
;; Configuration sudoer personnalisée ;; Configuration sudoer personnalisée
(define %sudoers-specification (define %sudoers-specification
@ -34,7 +77,6 @@ root ALL=(ALL) ALL
;; Configuration spice personnalisée ;; Configuration spice personnalisée
;; Permet le partage de périphériques USB via virt-manager ;; Permet le partage de périphériques USB via virt-manager
;; Permet l'utilisation d'une nitrokey
(define %spice-rules (define %spice-rules
(udev-rule (udev-rule
"41-spice-and-nitrokey.rules" "41-spice-and-nitrokey.rules"
@ -62,26 +104,74 @@ LABEL=\"gnupg_rules_end\"
KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\" KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
"))) ")))
;; Définition du service de contrôle des ventilateurs (define %bashrc_content
(define (fancontrol-shepherd-service cfg-path) (plain-file "bashrc" "\
(shepherd-service if [ -n \"$GUIX_ENVIRONMENT\" ]
(documentation "Run the fancontrol daemon (fancontrol-daemon)." ) then
(provision '(fancontrol)) PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
(requirement '(udev user-processes)) else
(start #~(make-forkexec-constructor PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
(list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol") fi
#$cfg-path)
#:user "root" #:group "root" guix() {
#:log-file "/var/log/fancontrol.log")) if [[ \"$1\" == \"install\" ]]; then
(stop #~(make-kill-destructor)))) echo \"Tu es débile, ou bien ?\"
(define fancontrol-service-type elif [[ \"$1\" == \"remove\" ]]; then
(service-type echo \"Tu es débile, ou bien ?\"
(name 'fancontrol) else
(description command guix \"$@\"
"Run fancontrol as a daemon.") fi
(extensions }
(list (service-extension shepherd-root-service-type
(compose list fancontrol-shepherd-service)))))) if [[ ! -n \"$SSH_CLIENT\" ]]; then
unset SSH_AGENT_PID
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
fi
fi"))
(define %profile_content
(plain-file "profile" "\
if [[ ! -n \"$SSH_CLIENT\" ]]; then
unset SSH_AGENT_PID
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
fi
fi"))
(define %home_configuration
(home-environment
(services
(list
(service home-bash-service-type
(home-bash-configuration
(environment-variables
'(
("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
("LV2_PATH" . "$HOME/.guix-profile/lib/lv2")))
(aliases
'(
("clear" . "printf '\\033c'")
("dir" . "dir --color=auto")
("egrep" . "grep -E --color=auto")
("fgrep" . "grep -F --color=auto")
("grep" . "grep --color=auto")
("la" . "ls -lthA -p --color=auto")
("ll" . "ls -lth -p --color=auto")
("ls" . "ls -p --color=auto")
("vdir" . "vdir --color=auto")))
(bashrc
(list
%bashrc_content))))
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program
(file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
(ssh-support? #t)))))))
;; Configuration du système ;; Configuration du système
;; C'est le point d'entrée de la configuration ;; C'est le point d'entrée de la configuration
@ -93,21 +183,240 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
;; Application de la configuration sudoer personnalisée (définie plus haut) ;; Application de la configuration sudoer personnalisée (définie plus haut)
(kernel-arguments (kernel-arguments
(list "nohz=on" "libata.force=noncq" "modprobe.blacklist=pcspkr,usbmouse,usbkbd" "iommu=pt" "nouveau.config=NvClkMode=15")) (list
"nohz=on"
"modprobe.blacklist=pcspkr,usbmouse,usbkbd"
"iommu=pt"
"nouveau.config=NvClkMode=15"))
(initrd-modules (append (list "w83795" "vfio-pci" "vfio_iommu_type1" "dm-raid" "dm-cache" "dm-crypt") %base-initrd-modules)) (initrd-modules
(append
(list
"w83795"
"vfio-pci"
"vfio_iommu_type1"
"mpt3sas"
"dm-raid"
"dm-cache"
"dm-crypt")
%base-initrd-modules))
(sudoers-file %sudoers-specification) (sudoers-file %sudoers-specification)
;; La liste des comptes utilisateurs (« root » est implicite). ;; La liste des comptes utilisateurs (« root » est implicite).
(users (cons* (user-account (users
(name "neox") (cons*
(comment "neox") (user-account
(group "users") (name "neox")
(home-directory "/home/neox") (comment "neox")
(supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin"))) (password (crypt "password" "$6$abc"))
%base-user-accounts)) (group "users")
(home-directory "/home/neox")
(supplementary-groups
'("wheel"
"netdev"
"audio"
"video"
"libvirt"
"kvm"
"scanner"
"spice"
"cdrom"
"lpadmin"
"lp")))
%base-user-accounts))
;; Quelques paquets installés au niveau du système.
;; On installe notamment network-manager et son extension pour openvpn,
;; ou encore libvirt/virt-manager pour la virtualisation
(packages
(append
(specifications->packages
(list
"adb"
"alsa-plugins"
"alsa-utils"
"ardour"
"audacity"
"bind:utils"
"binutils"
"blueman"
"cabextract"
"cdrdao"
"claws-mail"
"cmatrix"
"cpupower"
"cdrtools"
"cryptsetup"
"curl"
"cvs"
"dconf-editor"
"dino"
"emacs"
"endeavour"
"evolution"
"exfatprogs"
"fastboot"
;"ffmpeg"
"file"
"flashrom"
"flatpak"
"font-awesome"
"font-liberation"
"font-openmoji"
"gallery-dl"
"gdb"
"freehdl"
"ghostscript"
"ghostwriter"
"gimp"
"git"
"git-lfs"
"git:send-email"
"glmark2"
"gnome-bluetooth"
"gnome-builder"
"gnome-font-viewer"
"gnome-maps"
"gnome-power-manager"
"gnome-shell-extension-appindicator"
"gnome-shell-extension-blur-my-shell"
"gnome-shell-extension-burn-my-windows"
"gnome-shell-extension-dash-to-dock"
"gnome-shell-extension-night-theme-switcher"
"gnome-shell-extension-noannoyance"
"gnome-shell-extension-vitals"
"gnome-tweaks"
"gnupg"
"gnuplot"
"gparted"
"gpgme"
"graphviz"
"grub"
"hexchat"
"hplip"
"htop"
"hwloc"
"icecat"
"inetutils"
"inkscape"
"iptables"
"jack"
"jp2a"
"kajongg"
"kcachegrind"
"kgraphviewer"
"kicad"
"kicad-templates"
"kicad-symbols"
"kicad-packages3d"
"kicad-footprints"
"kicad-doc"
"translate2geda"
"ldns"
"libreoffice"
"libtree"
"libvirt"
"licensecheck"
"lm-sensors"
"lsof"
"lvm2"
"lynx"
"make"
"man-pages"
"mdadm"
"mediainfo"
"megatools"
"meld"
"microcom"
"minetest"
"minicom"
"minisat"
"mpv"
"mtr"
"mumble"
"nbd"
"ncftp"
"ndisc6"
"neofetch"
"network-manager"
"network-manager-openvpn"
"nextcloud-client"
"nitrocli"
"nmap"
"ntfs-3g"
"openssh"
"openssl"
"openvpn"
"pam-u2f"
"pandoc"
"parallel"
"parted"
"patchelf"
"pavucontrol"
"perl6-mime-base64"
"perl-mime-base64"
"perl-email-mime-encodings"
"pkg-config"
"poppler"
"powertop"
"profanity"
"progress"
"pv"
"python"
"python-wrapper"
"python-logutils"
"python-markdown"
"python-paramiko"
"qbittorrent"
"qemu"
"qjackctl"
"qpdf"
"recutils"
"rsync"
"rubber"
"ruby-pygmentize"
"screen"
"seahorse"
"setxkbmap"
"simplescreenrecorder"
"sl"
"speedtest-cli"
"sqlitebrowser"
"sshpass"
"system-config-printer"
"testdisk"
"texlive"
"texlive-biber"
"texmaker"
"thin-provisioning-tools"
"tig"
"tilix"
"transmission"
"tree"
"eudev"
"uefitool"
"ungoogled-chromium"
"virt-manager"
"vlc"
"wine64"
"python-woob"
"xauth"
;"xdg-desktop-portal"
"xdg-desktop-portal-gnome"
"xdg-desktop-portal-gtk"
"xdg-utils"
"xdot"
"xdotool"
"xeyes"
"xournalpp"
"xrdp"
"yt-dlp"
"zstd"))
%base-packages))
;; Quelques programmes auquels donner des accès spéciaux (setuid)
;; (en particulier, logiciels de gravure)
(setuid-programs (setuid-programs
(append (list (append (list
(setuid-program (setuid-program
@ -120,76 +429,83 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
(program (file-append (specification->package "cdrdao") "/bin/cdrdao")))) (program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))
%setuid-programs)) %setuid-programs))
;; Quelques paquets installés au niveau du système.
;; On installe notamment network-manager et son extension pour openvpn,
;; ou encore libvirt/virt-manager pour la virtualisation
(packages (append (list (specification->package "qemu")
(specification->package "virt-manager")
(specification->package "libvirt")
(specification->package "lm-sensors")
(specification->package "lvm2")
(specification->package "mdadm")
(specification->package "network-manager")
(specification->package "network-manager-openvpn")
(specification->package "xf86-video-ati")
(specification->package "thin-provisioning-tools"))
%base-packages))
;; Services du système. ;; Services du système.
;; On en profite pour modifier le comportement par défaut de quelques services. ;; On en profite pour modifier le comportement par défaut de quelques services.
(services (services
(modify-services (append (list (modify-services
(service gnome-desktop-service-type) (append
;; Service de contrôle des ventilateurs
(service fancontrol-service-type "/etc/fancontrol")
;; Service de gestion des clés de chiffrement physique
(service pcscd-service-type)
(service openssh-service-type
(openssh-configuration
(x11-forwarding? #t)
(permit-root-login 'prohibit-password)))
;; Service impression et scanner
(service cups-service-type
(cups-configuration
(web-interface? #t)
(extensions
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
(service sane-service-type)
;; Service KVM/Libvirt pour virt-manager
(service libvirt-service-type)
(service virtlog-service-type)
;; Application de la configuration spice personnalisée (définie plus haut)
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
;; Modification des limites mémoires pour les accès audio temps réel
;; (utile notamment pour Ardour)
(service pam-limits-service-type
(list (list
(pam-limits-entry "@audio" 'both 'rtprio 99) ;; Service guix home (reconfiguration auto des profils)
(pam-limits-entry "@audio" 'both 'memlock 'unlimited))) (service guix-home-service-type
`(("neox" ,%home_configuration)))
;; Configuration de l'environnement graphique (notamment clavier) ;; Service bluetooth
(set-xorg-configuration (service bluetooth-service-type)
(xorg-configuration (keyboard-layout keyboard-layout))))
;; Service de contrôle des ventilateurs
(service fancontrol-service-type "/etc/fancontrol")
;; Service de gestion des clés de chiffrement physique
(service pcscd-service-type)
;; Service OpenSSH
(service openssh-service-type
(openssh-configuration
(x11-forwarding? #t)
(password-authentication? #f)
(permit-root-login 'prohibit-password)))
;; Service d'impression
(service cups-service-type
(cups-configuration
(web-interface? #f)
(extensions
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
;; Service KVM/Libvirt pour virt-manager
(service libvirt-service-type)
(service virtlog-service-type)
;; Application de la configuration spice personnalisée (définie plus haut)
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
;; Modification des limites mémoires pour les accès audio temps réel
;; (utile notamment pour Ardour)
(service pam-limits-service-type
(list
(pam-limits-entry "@audio" 'both 'rtprio 99)
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
;; Service Gnome/GDM
(service gnome-desktop-service-type)
;; Configuration de l'environnement graphique (notamment clavier)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))))
;; Services par défaut du système
%desktop-services) %desktop-services)
;; Configuration du service network-manager pour prendre en charge ;; Modification de services par défaut
;; OpenVPN ;; Configuration du service upower pour éviter la mise en veille lors
(network-manager-service-type config => (network-manager-configuration ;; de la fermeture de capot
(inherit config) (upower-service-type config => (upower-configuration
(vpn-plugins (inherit config)
(list (specification->package "network-manager-openvpn"))))) (ignore-lid? #t)))
(guix-service-type config => (guix-configuration ;; Configuration du service elogind pour éviter la mise en veille lors
(inherit config) ;; de la fermeture du capot
(extra-options '("--cores=10")))))) (elogind-service-type config => (elogind-configuration
(inherit config)
(handle-lid-switch 'ignore)
(handle-lid-switch-external-power 'ignore)))
;; Configuration du service network-manager pour prendre en charge
;; OpenVPN
(network-manager-service-type config => (network-manager-configuration
(inherit config)
(vpn-plugins
(list (specification->package "network-manager-openvpn")))))))
;; Chargeur de démarrage (GRUB) ;; Chargeur de démarrage (GRUB)
;; On indique ici où il doit être installé et comment le configurer ;; On indique ici où il doit être installé et comment le configurer
@ -209,10 +525,17 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
(mapped-devices (mapped-devices
(list (list
(mapped-device (mapped-device
(source "/dev/nvme0n1p3") (source (uuid "ecac05ea-298a-4565-a054-dc8e5bf4a2f8"))
(target "luks-d1673001-bea6-4d19-8ed7-88e3643aac3e") (target "luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
(type luks-device-mapping)))) (type luks-device-mapping))))
;; Specify a swap file for the system, which resides on the
;; root file system.
;(swap-devices
; (list
; (swap-space
; (target "/swapfile"))))
;; La liste des systèmes de fichiers montés au démarrage ;; La liste des systèmes de fichiers montés au démarrage
;; On configure ici le montage des partitions chiffrées et non chiffrées ;; On configure ici le montage des partitions chiffrées et non chiffrées
(file-systems (file-systems
@ -223,7 +546,18 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
(type "ext4")) (type "ext4"))
(file-system (file-system
(mount-point "/home") (mount-point "/home")
(device "/dev/mapper/luks-d1673001-bea6-4d19-8ed7-88e3643aac3e") (device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
(type "ext4") (type "ext4")
(dependencies mapped-devices)) (dependencies mapped-devices))
(file-system
(mount-point "/home/neox/.local/share/flatpak")
(device (uuid "6e27560f-62c7-434f-a278-45fd3aaf27ba" 'ext4))
(type "ext4")
(dependencies
(list
(file-system
(mount-point "/home")
(device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
(type "ext4")
(dependencies mapped-devices)))))
%base-file-systems))) %base-file-systems)))

View File

@ -1,11 +1,11 @@
# Configuration file generated by pwmconfig, changes will be lost # Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10 INTERVAL=10
DEVPATH=hwmon7=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f DEVPATH=hwmon11=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f
DEVNAME=hwmon7=w83795g DEVNAME=hwmon11=w83795g
FCTEMPS= hwmon7/device/pwm1=hwmon7/device/temp7_input FCTEMPS= hwmon11/device/pwm1=hwmon11/device/temp7_input
FCFANS= hwmon7/device/pwm1=hwmon7/device/fan2_input+hwmon7/device/fan1_input FCFANS= hwmon11/device/pwm1=hwmon11/device/fan2_input+hwmon11/device/fan1_input
MINTEMP= hwmon7/device/pwm1=20 MINTEMP= hwmon11/device/pwm1=20
MAXTEMP= hwmon7/device/pwm1=60 MAXTEMP= hwmon11/device/pwm1=60
MINSTART= hwmon7/device/pwm1=150 MINSTART= hwmon11/device/pwm1=150
MINSTOP= hwmon7/device/pwm1=0 MINSTOP= hwmon11/device/pwm1=0
AVERAGE=4 AVERAGE=4