config.scm: full declarative config with fancontrol and software list

2024-10-08 18:34:28 +02:00 · 2024-10-08 18:34:28 +02:00 · ba7d07d9d7
parent 5088950feb
commit ba7d07d9d7
2 changed files with 467 additions and 133 deletions
--- a/config.scm
+++ b/config.scm
@ -1,29 +1,72 @@
-;; Ceci est une configuration de système d'exploitation générée par
+;;;
-;; l'installateur graphique.
+;;; Configurations GNU Guix des ordinateurs de neox
-;;
+;;;
-;; Une fois l'installation terminée, vous pouvez apprendre à modifier
+;;; Copyright (C) 2023-2024 Adrien 'neox' Bourmault <neox@a-lec.org>
-;; ce fichier pour ajuster la configuration du système et le passer à
+;;;
-;; la commande « guix system reconfigure » pour rendre vos changements
+;;; This is free software; you can redistribute it and/or modify it
-;; effectifs.
+;;; under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation; either version 3 of the License, or (at
 ;;; your option) any later version.
 ;;;
 ;;; This is distributed in the hope that it will be useful, but
 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ;;; GNU General Public License for more details.
 ;;;
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with this.  If not, see <http://www.gnu.org/licenses/>.
 ;; Indique quels modules importer pour accéder aux variables
 ;; utilisées dans cette configuration.
-(use-modules (gnu))
+(use-modules
-(use-modules (srfi srfi-1))
+  (gnu)
-(use-modules (gnu system setuid) 
+  (gnu home)
-             (gnu packages cups) 
+  (gnu home services shells)
-             (gnu packages admin) 
+  (gnu home services gnupg)
-             (gnu services shepherd))
+  (gnu packages)
  (gnu packages gnupg)
  (gnu packages freedesktop)
  (gnu packages cups)
  (gnu services)
  (gnu services shepherd)
  (gnu system setuid)
  (srfi srfi-1)
  (guix gexp))
-(use-service-modules cups 
+(use-service-modules
-                     desktop 
+  cups
-                     networking 
+  desktop
-                     ssh 
+  guix
-                     xorg 
+  networking
-                     virtualization 
+  ssh
-                     vpn 
+  xorg
-                     security-token)
+  virtualization
  vpn
  pm
  security-token)
 ;; Service custom fancontrol
 (define (fancontrol-shepherd-service config)
  (shepherd-service
   (documentation "Run the fancontrol daemon (fancontrol-daemon)." )
   (provision '(fancontrol))
   (requirement '(udev user-processes))
   (start #~(make-forkexec-constructor
             (list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol")
                   #$config)
             #:user "root" #:group "root"
             #:log-file "/var/log/fancontrol.log"))
   (stop #~(make-kill-destructor))))
 (define fancontrol-service-type
  (service-type
   (name 'fancontrol)
   (description
    "Run fancontrol as a daemon.")
   (extensions
    (list (service-extension shepherd-root-service-type
            (compose list fancontrol-shepherd-service))))))
 ;; Configuration sudoer personnalisée
 (define %sudoers-specification
@ -34,7 +77,6 @@ root ALL=(ALL) ALL
 ;; Configuration spice personnalisée
 ;; Permet le partage de périphériques USB via virt-manager
 ;; Permet l'utilisation d'une nitrokey
 (define %spice-rules
  (udev-rule
    "41-spice-and-nitrokey.rules"
@ -62,26 +104,74 @@ LABEL=\"gnupg_rules_end\"
 KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
 ")))
-;; Définition du service de contrôle des ventilateurs
+(define %bashrc_content
-(define (fancontrol-shepherd-service cfg-path)
+  (plain-file "bashrc" "\
-  (shepherd-service
+if [ -n \"$GUIX_ENVIRONMENT\" ]
-   (documentation "Run the fancontrol daemon (fancontrol-daemon)." )
+then
-   (provision '(fancontrol))
+    PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
-   (requirement '(udev user-processes))
+else
-   (start #~(make-forkexec-constructor
+    PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
-             (list #$(file-append (specification->package "lm-sensors") "/sbin/fancontrol")
+fi
-                   #$cfg-path)
+
-             #:user "root" #:group "root"
+guix() {
-             #:log-file "/var/log/fancontrol.log"))
+  if [[ \"$1\" == \"install\" ]]; then
-   (stop #~(make-kill-destructor))))
+    echo \"Tu es débile, ou bien ?\"
-(define fancontrol-service-type
+  elif [[ \"$1\" == \"remove\" ]]; then
-  (service-type
+    echo \"Tu es débile, ou bien ?\"
-   (name 'fancontrol)
+  else
-   (description
+    command guix \"$@\"
-    "Run fancontrol as a daemon.")
+  fi
-   (extensions
+}
-    (list (service-extension shepherd-root-service-type
+
-            (compose list fancontrol-shepherd-service))))))
+if [[ ! -n \"$SSH_CLIENT\" ]]; then
 	unset SSH_AGENT_PID
 	if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
 		export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
 	fi
 fi"))
 (define %profile_content
  (plain-file "profile" "\
 if [[ ! -n \"$SSH_CLIENT\" ]]; then
        unset SSH_AGENT_PID
        if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
                export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
        fi
 fi"))
 (define %home_configuration
  (home-environment
    (services
      (list
        (service home-bash-service-type
          (home-bash-configuration
            (environment-variables
              '(
                ("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
                ("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
                ("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
                ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
                ("LV2_PATH" . "$HOME/.guix-profile/lib/lv2")))
            (aliases 
              '(
                ("clear" . "printf '\\033c'")
                ("dir" . "dir --color=auto")
                ("egrep" . "grep -E --color=auto")  
                ("fgrep" . "grep -F --color=auto")
                ("grep" . "grep --color=auto")
                ("la" . "ls -lthA -p --color=auto")
                ("ll" . "ls -lth -p --color=auto")
                ("ls" . "ls -p --color=auto")
                ("vdir" . "vdir --color=auto")))
            (bashrc
              (list
                %bashrc_content))))
        (service home-gpg-agent-service-type
          (home-gpg-agent-configuration
            (pinentry-program
              (file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
            (ssh-support? #t)))))))
 ;; Configuration du système
 ;; C'est le point d'entrée de la configuration
@ -93,23 +183,242 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
  ;; Application de la configuration sudoer personnalisée (définie plus haut)
  (kernel-arguments
-    (list "nohz=on" "libata.force=noncq" "modprobe.blacklist=pcspkr,usbmouse,usbkbd" "iommu=pt" "nouveau.config=NvClkMode=15"))
+    (list
      "nohz=on"
      "modprobe.blacklist=pcspkr,usbmouse,usbkbd"
      "iommu=pt" 
      "nouveau.config=NvClkMode=15"))
  (initrd-modules
    (append
      (list 
        "w83795"
        "vfio-pci"
        "vfio_iommu_type1"
        "mpt3sas"
        "dm-raid"
        "dm-cache"
        "dm-crypt")
      %base-initrd-modules))
  (initrd-modules (append (list "w83795" "vfio-pci" "vfio_iommu_type1" "dm-raid" "dm-cache" "dm-crypt") %base-initrd-modules))
  (sudoers-file %sudoers-specification)
  ;; La liste des comptes utilisateurs (« root » est implicite).
-  (users (cons* (user-account
+  (users
-                  (name "neox")
+    (cons*
-                  (comment "neox")
+      (user-account
-                  (group "users")
+        (name "neox")
-                  (home-directory "/home/neox")
+        (comment "neox")
-                  (supplementary-groups '("users" "wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "cdrom" "lpadmin")))
+        (password (crypt "password" "$6$abc"))
-                %base-user-accounts))
+        (group "users")
        (home-directory "/home/neox")
        (supplementary-groups
          '("wheel"
            "netdev"
            "audio"
            "video"
            "libvirt"
            "kvm"
            "scanner"
            "spice"
            "cdrom"
            "lpadmin"
            "lp")))
      %base-user-accounts))
  ;; Quelques paquets installés au niveau du système.
  ;; On installe notamment network-manager et son extension pour openvpn, 
  ;; ou encore libvirt/virt-manager pour la virtualisation
  (packages
    (append
      (specifications->packages
        (list
          "adb"
          "alsa-plugins"
          "alsa-utils"
          "ardour"
          "audacity"
          "bind:utils"
          "binutils"
          "blueman"
          "cabextract"
          "cdrdao"
          "claws-mail"
          "cmatrix"
          "cpupower"
          "cdrtools"
          "cryptsetup"
          "curl"
          "cvs"
          "dconf-editor"
          "dino"
          "emacs"
          "endeavour"
          "evolution"
          "exfatprogs"
          "fastboot"
          ;"ffmpeg"
          "file"
          "flashrom"
          "flatpak"
          "font-awesome"
          "font-liberation"
          "font-openmoji"
          "gallery-dl"
          "gdb"
          "freehdl"
          "ghostscript"
          "ghostwriter"
          "gimp"
          "git"
          "git-lfs"
          "git:send-email"
          "glmark2"
          "gnome-bluetooth"
          "gnome-builder"
          "gnome-font-viewer"
          "gnome-maps"
          "gnome-power-manager"
          "gnome-shell-extension-appindicator"
          "gnome-shell-extension-blur-my-shell"
          "gnome-shell-extension-burn-my-windows"
          "gnome-shell-extension-dash-to-dock"
          "gnome-shell-extension-night-theme-switcher"
          "gnome-shell-extension-noannoyance"
          "gnome-shell-extension-vitals"
          "gnome-tweaks"
          "gnupg"
          "gnuplot"
          "gparted"
          "gpgme"
          "graphviz"
          "grub"
          "hexchat"
          "hplip"
          "htop"
          "hwloc"
          "icecat"
          "inetutils"
          "inkscape"
          "iptables"
          "jack"
          "jp2a"
          "kajongg"
          "kcachegrind"
          "kgraphviewer"
          "kicad"
          "kicad-templates"
          "kicad-symbols"
          "kicad-packages3d"
          "kicad-footprints"
          "kicad-doc"
          "translate2geda"
          "ldns"
          "libreoffice"
          "libtree"
          "libvirt"
          "licensecheck"
          "lm-sensors"
          "lsof"
          "lvm2"
          "lynx"
          "make"
          "man-pages"
          "mdadm"
          "mediainfo"
          "megatools"
          "meld"
          "microcom"
          "minetest"
          "minicom"
          "minisat"
          "mpv"
          "mtr"
          "mumble"
          "nbd"
          "ncftp"
          "ndisc6"
          "neofetch"
          "network-manager"
          "network-manager-openvpn"
          "nextcloud-client"
          "nitrocli"
          "nmap"
          "ntfs-3g"
          "openssh"
          "openssl"
          "openvpn"
          "pam-u2f"
          "pandoc"
          "parallel"
          "parted"
          "patchelf"
          "pavucontrol"
          "perl6-mime-base64"
          "perl-mime-base64"
          "perl-email-mime-encodings"
          "pkg-config"
          "poppler"
          "powertop"
          "profanity"
          "progress"
          "pv"
          "python"
          "python-wrapper"
          "python-logutils"
          "python-markdown"
          "python-paramiko"
          "qbittorrent"
          "qemu"
          "qjackctl"
          "qpdf"
          "recutils"
          "rsync"
          "rubber"
          "ruby-pygmentize"
          "screen"
          "seahorse"
          "setxkbmap"
          "simplescreenrecorder"
          "sl"
          "speedtest-cli"
          "sqlitebrowser"
          "sshpass"
          "system-config-printer"
          "testdisk"
          "texlive"
          "texlive-biber"
          "texmaker"
          "thin-provisioning-tools"
          "tig"
          "tilix"
          "transmission"
          "tree"
          "eudev"
          "uefitool"
          "ungoogled-chromium"
          "virt-manager"
          "vlc"
          "wine64"
          "python-woob"
          "xauth"
          ;"xdg-desktop-portal"
          "xdg-desktop-portal-gnome"
          "xdg-desktop-portal-gtk"
          "xdg-utils"
          "xdot"
          "xdotool"
          "xeyes"
          "xournalpp"
          "xrdp"
          "yt-dlp"
          "zstd"))
      %base-packages))
  ;; Quelques programmes auquels donner des accès spéciaux (setuid)
  ;; (en particulier, logiciels de gravure)
  (setuid-programs
-    (append (list 
+    (append (list
              (setuid-program
                (program (file-append (specification->package "cdrtools") "/bin/cdrecord")))
              (setuid-program
@ -117,113 +426,138 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
              (setuid-program
                (program (file-append (specification->package "cdrtools") "/bin/mkisofs")))
              (setuid-program
-                (program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))	
+                (program (file-append (specification->package "cdrdao") "/bin/cdrdao"))))       
            %setuid-programs))
  ;; Quelques paquets installés au niveau du système.
  ;; On installe notamment network-manager et son extension pour openvpn, 
  ;; ou encore libvirt/virt-manager pour la virtualisation
  (packages (append (list (specification->package "qemu")
                          (specification->package "virt-manager")
                          (specification->package "libvirt")
                          (specification->package "lm-sensors") 
                          (specification->package "lvm2") 
                          (specification->package "mdadm") 
                          (specification->package "network-manager")
                          (specification->package "network-manager-openvpn")
                          (specification->package "xf86-video-ati")
                          (specification->package "thin-provisioning-tools"))
                    %base-packages))
  ;; Services du système.
  ;; On en profite pour modifier le comportement par défaut de quelques services.
  (services
-    (modify-services (append (list
+    (modify-services 
-      (service gnome-desktop-service-type)
+      (append 
      ;; Service de contrôle des ventilateurs
      (service fancontrol-service-type "/etc/fancontrol")
      ;; Service de gestion des clés de chiffrement physique
      (service pcscd-service-type)
      (service openssh-service-type
        (openssh-configuration
          (x11-forwarding? #t)
          (permit-root-login 'prohibit-password)))
      ;; Service impression et scanner
      (service cups-service-type
          (cups-configuration
            (web-interface? #t)
            (extensions
              (list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
      (service sane-service-type)
      ;; Service KVM/Libvirt pour virt-manager
      (service libvirt-service-type)
      (service virtlog-service-type)
      ;; Application de la configuration spice personnalisée (définie plus haut)
      (udev-rules-service 'spice %spice-rules #:groups '("spice"))
      ;; Modification des limites mémoires pour les accès audio temps réel
      ;; (utile notamment pour Ardour)
      (service pam-limits-service-type
        (list
-          (pam-limits-entry "@audio" 'both 'rtprio 99)
+          ;; Service guix home (reconfiguration auto des profils)
-          (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
+          (service guix-home-service-type
            `(("neox" ,%home_configuration)))
-      ;; Configuration de l'environnement graphique (notamment clavier)
+          ;; Service bluetooth
-      (set-xorg-configuration
+          (service bluetooth-service-type)
-        (xorg-configuration (keyboard-layout keyboard-layout))))
+
          ;; Service de contrôle des ventilateurs
          (service fancontrol-service-type "/etc/fancontrol")
          ;; Service de gestion des clés de chiffrement physique
          (service pcscd-service-type)
          ;; Service OpenSSH
          (service openssh-service-type
            (openssh-configuration
               (x11-forwarding? #t)
               (password-authentication? #f)
               (permit-root-login 'prohibit-password)))
          ;; Service d'impression
          (service cups-service-type
            (cups-configuration
              (web-interface? #f)
              (extensions
                (list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
          ;; Service KVM/Libvirt pour virt-manager
          (service libvirt-service-type)
          (service virtlog-service-type)
          ;; Application de la configuration spice personnalisée (définie plus haut)
          (udev-rules-service 'spice %spice-rules #:groups '("spice"))
          ;; Modification des limites mémoires pour les accès audio temps réel
          ;; (utile notamment pour Ardour)
          (service pam-limits-service-type
            (list
              (pam-limits-entry "@audio" 'both 'rtprio 99)
              (pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
          ;; Service Gnome/GDM
          (service gnome-desktop-service-type)
          ;; Configuration de l'environnement graphique (notamment clavier)
          (set-xorg-configuration
            (xorg-configuration (keyboard-layout keyboard-layout))))
        ;; Services par défaut du système
        %desktop-services)
      ;; Modification de services par défaut
        ;; Configuration du service upower pour éviter la mise en veille lors
        ;; de la fermeture de capot
        (upower-service-type config => (upower-configuration
          (inherit config)
          (ignore-lid? #t)))
-    ;; Configuration du service network-manager pour prendre en charge
+        ;; Configuration du service elogind pour éviter la mise en veille lors
-    ;; OpenVPN
+        ;; de la fermeture du capot
-    (network-manager-service-type config => (network-manager-configuration 
+        (elogind-service-type config => (elogind-configuration
-      (inherit config)
+          (inherit config)
-      (vpn-plugins
+          (handle-lid-switch 'ignore)
-        (list (specification->package "network-manager-openvpn")))))
+          (handle-lid-switch-external-power 'ignore)))
-    (guix-service-type config => (guix-configuration
+        ;; Configuration du service network-manager pour prendre en charge
-      (inherit config)
+        ;; OpenVPN
-      (extra-options '("--cores=10"))))))
+        (network-manager-service-type config => (network-manager-configuration 
          (inherit config)
          (vpn-plugins
            (list (specification->package "network-manager-openvpn")))))))
  ;; Chargeur de démarrage (GRUB)
  ;; On indique ici où il doit être installé et comment le configurer
-  (bootloader 
+  (bootloader
    (bootloader-configuration
      (bootloader grub-bootloader)
      (targets (list "/dev/nvme0n1"))
      (terminal-outputs '(console))
      (keyboard-layout keyboard-layout)
-      (theme 
+      (theme
        (grub-theme
          (inherit (grub-theme))
          (gfxmode '("640x480-24"))))))
-
+  
  ;; Périphériques mappés
  ;; On configure notamment ici les partitions chiffrées (LUKS)
  (mapped-devices
   (list
    (mapped-device
-      (source "/dev/nvme0n1p3")
+      (source (uuid "ecac05ea-298a-4565-a054-dc8e5bf4a2f8"))
-      (target "luks-d1673001-bea6-4d19-8ed7-88e3643aac3e")
+      (target "luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
      (type luks-device-mapping))))
  ;; Specify a swap file for the system, which resides on the
  ;; root file system.
  ;(swap-devices 
  ;  (list
  ;    (swap-space
  ;      (target "/swapfile"))))
  ;; La liste des systèmes de fichiers montés au démarrage
-  ;; On configure ici le montage des partitions chiffrées et non chiffrées  
+  ;; On configure ici le montage des partitions chiffrées et non chiffrées
-  (file-systems 
+  (file-systems
-    (cons* 
+    (cons*
      (file-system
        (mount-point "/")
        (device (uuid "2e44f3f7-bb6b-43ac-933a-e8992bf10d29" 'ext4))
        (type "ext4"))
      (file-system
        (mount-point "/home")
-        (device "/dev/mapper/luks-d1673001-bea6-4d19-8ed7-88e3643aac3e")
+        (device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
        (type "ext4")
        (dependencies mapped-devices))
      (file-system
        (mount-point "/home/neox/.local/share/flatpak")
        (device (uuid "6e27560f-62c7-434f-a278-45fd3aaf27ba" 'ext4))
        (type "ext4")
        (dependencies
          (list
            (file-system
              (mount-point "/home")
              (device "/dev/mapper/luks-ecac05ea-298a-4565-a054-dc8e5bf4a2f8")
              (type "ext4")
              (dependencies mapped-devices)))))
     %base-file-systems)))
--- a/16
+++ b/16
@ -1,11 +1,11 @@
 # Configuration file generated by pwmconfig, changes will be lost
 INTERVAL=10
-DEVPATH=hwmon7=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f
+DEVPATH=hwmon11=devices/pci0000:00/0000:00:14.0/i2c-1/1-002f
-DEVNAME=hwmon7=w83795g
+DEVNAME=hwmon11=w83795g
-FCTEMPS= hwmon7/device/pwm1=hwmon7/device/temp7_input
+FCTEMPS= hwmon11/device/pwm1=hwmon11/device/temp7_input
-FCFANS= hwmon7/device/pwm1=hwmon7/device/fan2_input+hwmon7/device/fan1_input
+FCFANS= hwmon11/device/pwm1=hwmon11/device/fan2_input+hwmon11/device/fan1_input
-MINTEMP= hwmon7/device/pwm1=20
+MINTEMP= hwmon11/device/pwm1=20
-MAXTEMP= hwmon7/device/pwm1=60
+MAXTEMP= hwmon11/device/pwm1=60
-MINSTART= hwmon7/device/pwm1=150
+MINSTART= hwmon11/device/pwm1=150
-MINSTOP= hwmon7/device/pwm1=0
+MINSTOP= hwmon11/device/pwm1=0
 AVERAGE=4