diff --git a/config.scm b/config.scm index 6871371..bea7b60 100644 --- a/config.scm +++ b/config.scm @@ -71,106 +71,310 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK ;; Application de la configuration sudoer personnalisée (définie plus haut) (kernel-arguments - (list "modprobe.blacklist=usbmouse,usbkbd,i2c-hid" "psmouse.synaptics_intertouch=1")) + (list + "modprobe.blacklist=usbmouse,usbkbd,i2c-hid" + "psmouse.synaptics_intertouch=1")) (sudoers-file %sudoers-specification) ;; La liste des comptes utilisateurs (« root » est implicite). - (users (cons* (user-account - (name "neox") - (comment "neox") - (group "users") - (home-directory "/home/neox") - ;; ajout de groupes pour virt-manager - - (supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "lp"))) - %base-user-accounts)) + (users + (cons* + (user-account + (name "neox") + (comment "neox") + (password (crypt "password" "$6$abc")) + (group "users") + (home-directory "/home/neox") + (supplementary-groups + '("wheel" + "netdev" + "audio" + "video" + "libvirt" + "kvm" + "scanner" + "spice" + "lp"))) + %base-user-accounts)) ;; Quelques paquets installés au niveau du système. ;; On installe notamment network-manager et son extension pour openvpn, ;; ou encore libvirt/virt-manager pour la virtualisation - (packages (append (list - (specification->package "nss-certs") - (specification->package "qemu") - (specification->package "virt-manager") - (specification->package "libvirt") - (specification->package "lvm2") - (specification->package "mdadm") - (specification->package "network-manager") - (specification->package "network-manager-openvpn")) - %base-packages)) + (packages + (append + (specifications->packages + (list + "adb" + "alsa-plugins" + "alsa-utils" + "ardour" + "audacity" + "bind:utils" + "binutils" + "blueman" + "bmaptools" + "cabextract" + "claws-mail" + "cmatrix" + "cpupower" + "cryptsetup" + "curl" + "cvs" + "dconf-editor" + "dino" + "emacs" + "endeavour" + "evolution" + "exfatprogs" + "fastboot" + "ffmpeg" + "file" + "flashrom" + "flatpak" + "font-awesome" + "font-liberation" + "font-openmoji" + "gallery-dl" + "gdb" + "ghostscript" + "ghostwriter" + "gimp" + "git" + "git-lfs" + "git:send-email" + "glmark2" + "gnome-bluetooth" + "gnome-builder" + "gnome-font-viewer" + "gnome-maps" + "gnome-power-manager" + "gnome-shell-extension-appindicator" + "gnome-shell-extension-blur-my-shell" + "gnome-shell-extension-burn-my-windows" + "gnome-shell-extension-dash-to-dock" + "gnome-shell-extension-night-theme-switcher" + "gnome-shell-extension-noannoyance" + "gnome-shell-extension-vitals" + "gnome-tweaks" + "gnupg" + "gnuplot" + "gparted" + "gpgme" + "graphviz" + "grub" + "hexchat" + "hplip" + "htop" + "hwloc" + "icecat" + "inetutils" + "inkscape" + "jack" + "jp2a" + "kajongg" + "kcachegrind" + "kgraphviewer" + "ldns" + "libreoffice" + "libtree" + "libvirt" + "lm-sensors" + "lsof" + "lvm2" + "lynx" + "make" + "man-pages" + "mdadm" + "mediainfo" + "megatools" + "meld" + "microcom" + "minetest" + "minicom" + "minisat" + "mpv" + "mtr" + "mumble" + "nbd" + "ncftp" + "ndisc6" + "neofetch" + "network-manager" + "network-manager-openvpn" + "nextcloud-client" + "nitrocli" + "nmap" + "ntfs-3g" + "openssh" + "openssl" + "openvpn" + "pam-u2f" + "pandoc" + "parted" + "patchelf" + "pavucontrol" + "pkg-config" + "poppler" + "powertop" + "profanity" + "python" + "python2" + "python-logutils" + "python-markdown" + "python-paramiko" + "qbittorrent" + "qemu" + "qjackctl" + "qpdf" + "recutils" + "rsync" + "rubber" + "screen" + "seahorse" + "setxkbmap" + "simplescreenrecorder" + "sl" + "speedtest-cli" + "sqlitebrowser" + "sshpass" + "system-config-printer" + "testdisk" + "texlive" + "texlive-biber" + "texmaker" + "tig" + "tilix" + "transmission" + "tree" + "uefitool" + "ungoogled-chromium" + "virt-manager" + "vlc" + "wine64" + "xauth" + "xdg-desktop-portal" + "xdg-desktop-portal-gnome" + "xdg-desktop-portal-gtk" + "xdg-utils" + "xdot" + "xdotool" + "xeyes" + "xmlcopyeditor" + "xournalpp" + "xrdp" + "yt-dlp" + "zstd")) + %base-packages)) ;; Services du système. ;; On en profite pour modifier le comportement par défaut de quelques services. (services - (modify-services (append (list - (service gnome-desktop-service-type) - (service bluetooth-service-type) - - ;; Service de gestion des clés de chiffrement physique - (service pcscd-service-type) - - ;; Service d'impression - (service cups-service-type - (cups-configuration - (web-interface? #t) - (extensions - (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) - - ;; Service KVM/Libvirt pour virt-manager - (service libvirt-service-type) - (service virtlog-service-type) - - ;; Application de la configuration spice personnalisée (définie plus haut) - (udev-rules-service 'spice %spice-rules #:groups '("spice")) - - ;; Modification des limites mémoires pour les accès audio temps réel - ;; (utile notamment pour Ardour) - (pam-limits-service + (modify-services + (append (list - (pam-limits-entry "@audio" 'both 'rtprio 99) - (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + (service gnome-desktop-service-type) + (service bluetooth-service-type) - ;; Configuration de l'environnement graphique (notamment clavier) - (set-xorg-configuration - (xorg-configuration (keyboard-layout keyboard-layout)))) + ;; Service de gestion des clés de chiffrement physique + (service pcscd-service-type) + + ;; Service OpenSSH + (service openssh-service-type + (openssh-configuration + (x11-forwarding? #t) + (password-authentication? #f) + (permit-root-login 'prohibit-password))) + + ;; Service d'impression + (service cups-service-type + (cups-configuration + (web-interface? #t) + (extensions + (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) + + ;; Service KVM/Libvirt pour virt-manager + (service libvirt-service-type) + (service virtlog-service-type) + + ;; Application de la configuration spice personnalisée (définie plus haut) + (udev-rules-service 'spice %spice-rules #:groups '("spice")) + + ;; Modification des limites mémoires pour les accès audio temps réel + ;; (utile notamment pour Ardour) + (service pam-limits-service-type + (list + (pam-limits-entry "@audio" 'both 'rtprio 99) + (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) + + ;; Configuration de l'environnement graphique (notamment clavier) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + + ;; Services par défaut du système %desktop-services) + + ;; Modification de services par défaut + ;; Configuration du service upower pour éviter la mise en veille lors + ;; de la fermeture de capot + (upower-service-type config => (upower-configuration + (inherit config) + (ignore-lid? #t))) - ;; Configuration du service network-manager pour prendre en charge - ;; OpenVPN - (network-manager-service-type config => (network-manager-configuration - (inherit config) - (vpn-plugins - (list (specification->package "network-manager-openvpn"))))))) + ;; Configuration du service elogind pour éviter la mise en veille lors + ;; de la fermeture du capot + (elogind-service-type config => (elogind-configuration + (inherit config) + (handle-lid-switch 'ignore) + (handle-lid-switch-external-power 'ignore))) + + ;; Configuration du service network-manager pour prendre en charge + ;; OpenVPN + (network-manager-service-type config => (network-manager-configuration + (inherit config) + (vpn-plugins + (list (specification->package "network-manager-openvpn"))))))) ;; Chargeur de démarrage (GRUB) ;; On indique ici où il doit être installé et comment le configurer - (bootloader (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets (list "/boot/efi")) - (keyboard-layout keyboard-layout))) + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) ;; Périphériques mappés ;; On configure notamment ici les partitions chiffrées (LUKS) - (mapped-devices (list (mapped-device - (source (uuid - "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0")) - (target "crypthome") - (type luks-device-mapping)))) + (mapped-devices + (list + (mapped-device + (source + (uuid "3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0")) + (target "crypthome") + (type luks-device-mapping)))) + + ;; Specify a swap file for the system, which resides on the + ;; root file system. + (swap-devices + (list + (swap-space + (target "/swapfile")))) ;; La liste des systèmes de fichiers montés au démarrage ;; On configure ici le montage des partitions chiffrées et non chiffrées - (file-systems (cons* - (file-system - (mount-point "/home") - (device "/dev/mapper/crypthome") - (type "ext4") - (dependencies mapped-devices)) - (file-system - (mount-point "/boot/efi") - (device (uuid "A012-A17A" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device (uuid "dfaec018-b99b-4d34-a206-eec25b833c45" 'ext4)) - (type "ext4")) %base-file-systems))) + (file-systems + (cons* + (file-system + (mount-point "/home") + (device "/dev/mapper/crypthome") + (type "ext4") + (dependencies mapped-devices)) + (file-system + (mount-point "/boot/efi") + (device (uuid "A012-A17A" 'fat32)) + (type "vfat")) + (file-system + (mount-point "/") + (device + (uuid "dfaec018-b99b-4d34-a206-eec25b833c45" 'ext4)) + (type "ext4")) %base-file-systems)))