Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Adrien Bourmault | a6f23a39e2 | |
Adrien Bourmault | 6d4a283d53 | |
Adrien Bourmault | 71174014e1 | |
Adrien Bourmault | 2f72504659 | |
Adrien Bourmault | ccfffc1547 | |
Adrien Bourmault | ddc970a18d | |
Adrien Bourmault | 4fcb14c43b |
|
@ -0,0 +1,176 @@
|
|||
;;;
|
||||
;;; Configurations GNU Guix des ordinateurs de neox
|
||||
;;;
|
||||
;;; Copyright (C) 2023 Adrien 'neox' Bourmault <neox@a-lec.org>
|
||||
;;;
|
||||
;;; This is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; This is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
;; Indique quels modules importer pour accéder aux variables
|
||||
;; utilisées dans cette configuration.
|
||||
(use-modules (gnu))
|
||||
(use-modules (gnu packages freedesktop) (gnu packages cups))
|
||||
(use-modules (srfi srfi-1))
|
||||
(use-service-modules cups desktop networking ssh xorg virtualization vpn security-token)
|
||||
|
||||
;; Configuration sudoer personnalisée
|
||||
(define %sudoers-specification
|
||||
(plain-file "sudoers" "\
|
||||
root ALL=(ALL) ALL
|
||||
%wheel ALL=(ALL) NOPASSWD: ALL
|
||||
"))
|
||||
|
||||
;; Configuration spice personnalisée
|
||||
;; Permet le partage de périphériques USB via virt-manager
|
||||
(define %spice-rules
|
||||
(udev-rule
|
||||
"41-spice-and-nitrokey.rules"
|
||||
(string-append "\
|
||||
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
|
||||
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
|
||||
ACTION!=\"add|change\", GOTO=\"u2f_end\"
|
||||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"
|
||||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4287\", TAG+=\"uaccess\"
|
||||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b1\", TAG+=\"uaccess\"
|
||||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
|
||||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42dd\", TAG+=\"uaccess\"
|
||||
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42e8\", TAG+=\"uaccess\"
|
||||
LABEL=\"u2f_end\"
|
||||
SUBSYSTEM!=\"usb\", GOTO=\"gnupg_rules_end\"
|
||||
ACTION!=\"add\", GOTO=\"gnupg_rules_end\"
|
||||
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4107\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
|
||||
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4108\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
|
||||
ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b4\", TAG+=\"uaccess\"
|
||||
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4109\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
|
||||
ATTR{idVendor}==\"03eb\", ATTR{idProduct}==\"2ff1\", TAG+=\"uaccess\"
|
||||
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
|
||||
ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4230\", ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", TAG+=\"uaccess\"
|
||||
LABEL=\"gnupg_rules_end\"
|
||||
KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK+=\"nitrospace\"
|
||||
")))
|
||||
|
||||
;; Configuration du système
|
||||
;; C'est le point d'entrée de la configuration
|
||||
(operating-system
|
||||
(locale "fr_FR.utf8")
|
||||
(timezone "Europe/Paris")
|
||||
(keyboard-layout (keyboard-layout "fr" "oss"))
|
||||
(host-name "n-guix-port")
|
||||
|
||||
|
||||
;; Application de la configuration sudoer personnalisée (définie plus haut)
|
||||
(kernel-arguments
|
||||
(list "modprobe.blacklist=usbmouse,usbkbd,i2c-hid" "psmouse.synaptics_intertouch=1"))
|
||||
|
||||
(sudoers-file %sudoers-specification)
|
||||
|
||||
;; La liste des comptes utilisateurs (« root » est implicite).
|
||||
(users (cons* (user-account
|
||||
(name "neox")
|
||||
(comment "neox")
|
||||
(group "users")
|
||||
(home-directory "/home/neox")
|
||||
;; ajout de groupes pour virt-manager
|
||||
|
||||
(supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice" "lp")))
|
||||
%base-user-accounts))
|
||||
|
||||
;; Quelques paquets installés au niveau du système.
|
||||
;; On installe notamment network-manager et son extension pour openvpn,
|
||||
;; ou encore libvirt/virt-manager pour la virtualisation
|
||||
(packages (append (list
|
||||
(specification->package "nss-certs")
|
||||
(specification->package "qemu")
|
||||
(specification->package "virt-manager")
|
||||
(specification->package "libvirt")
|
||||
(specification->package "lvm2")
|
||||
(specification->package "mdadm")
|
||||
(specification->package "network-manager")
|
||||
(specification->package "network-manager-openvpn"))
|
||||
%base-packages))
|
||||
|
||||
;; Services du système.
|
||||
;; On en profite pour modifier le comportement par défaut de quelques services.
|
||||
(services
|
||||
(modify-services (append (list
|
||||
(service gnome-desktop-service-type)
|
||||
(service bluetooth-service-type)
|
||||
|
||||
;; Service de gestion des clés de chiffrement physique
|
||||
(service pcscd-service-type)
|
||||
|
||||
;; Service d'impression
|
||||
(service cups-service-type
|
||||
(cups-configuration
|
||||
(web-interface? #t)
|
||||
(extensions
|
||||
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
|
||||
|
||||
;; Service KVM/Libvirt pour virt-manager
|
||||
(service libvirt-service-type)
|
||||
(service virtlog-service-type)
|
||||
|
||||
;; Application de la configuration spice personnalisée (définie plus haut)
|
||||
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
|
||||
|
||||
;; Modification des limites mémoires pour les accès audio temps réel
|
||||
;; (utile notamment pour Ardour)
|
||||
(pam-limits-service
|
||||
(list
|
||||
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
||||
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
||||
|
||||
;; Configuration de l'environnement graphique (notamment clavier)
|
||||
(set-xorg-configuration
|
||||
(xorg-configuration (keyboard-layout keyboard-layout))))
|
||||
%desktop-services)
|
||||
|
||||
;; Configuration du service network-manager pour prendre en charge
|
||||
;; OpenVPN
|
||||
(network-manager-service-type config => (network-manager-configuration
|
||||
(inherit config)
|
||||
(vpn-plugins
|
||||
(list (specification->package "network-manager-openvpn")))))))
|
||||
|
||||
;; Chargeur de démarrage (GRUB)
|
||||
;; On indique ici où il doit être installé et comment le configurer
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-efi-bootloader)
|
||||
(targets (list "/boot/efi"))
|
||||
(keyboard-layout keyboard-layout)))
|
||||
|
||||
;; Périphériques mappés
|
||||
;; On configure notamment ici les partitions chiffrées (LUKS)
|
||||
(mapped-devices (list (mapped-device
|
||||
(source (uuid
|
||||
"3ea148ff-1d1c-4f8c-a82c-5806b32dd6a0"))
|
||||
(target "crypthome")
|
||||
(type luks-device-mapping))))
|
||||
|
||||
;; La liste des systèmes de fichiers montés au démarrage
|
||||
;; On configure ici le montage des partitions chiffrées et non chiffrées
|
||||
(file-systems (cons*
|
||||
(file-system
|
||||
(mount-point "/home")
|
||||
(device "/dev/mapper/crypthome")
|
||||
(type "ext4")
|
||||
(dependencies mapped-devices))
|
||||
(file-system
|
||||
(mount-point "/boot/efi")
|
||||
(device (uuid "A012-A17A" 'fat32))
|
||||
(type "vfat"))
|
||||
(file-system
|
||||
(mount-point "/")
|
||||
(device (uuid "dfaec018-b99b-4d34-a206-eec25b833c45" 'ext4))
|
||||
(type "ext4")) %base-file-systems)))
|
Loading…
Reference in New Issue