883 lines
27 KiB
Scheme
883 lines
27 KiB
Scheme
;;;
|
||
;;; Configurations GNU Guix des ordinateurs de neox
|
||
;;;
|
||
;;; Copyright (C) 2024 Adrien 'neox' Bourmault <neox@gnu.org>
|
||
;;;
|
||
;;; This is free software; you can redistribute it and/or modify it
|
||
;;; under the terms of the GNU General Public License as published by
|
||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||
;;; your option) any later version.
|
||
;;;
|
||
;;; This is distributed in the hope that it will be useful, but
|
||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
;;; GNU General Public License for more details.
|
||
;;;
|
||
;;; You should have received a copy of the GNU General Public License
|
||
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
|
||
|
||
|
||
;; Indique quels modules importer pour accéder aux variables
|
||
;; utilisées dans cette configuration.
|
||
(use-modules
|
||
(gnu)
|
||
(gnu home)
|
||
(gnu home services gnupg)
|
||
(gnu home services shells)
|
||
(gnu packages)
|
||
(gnu packages autotools)
|
||
(gnu packages avahi)
|
||
(gnu packages base)
|
||
(gnu packages bash)
|
||
(gnu packages boost)
|
||
(gnu packages build-tools)
|
||
(gnu packages compression)
|
||
(gnu packages cups)
|
||
(gnu packages freedesktop)
|
||
(gnu packages freedesktop)
|
||
(gnu packages ftp)
|
||
(gnu packages gettext)
|
||
(gnu packages ghostscript)
|
||
(gnu packages glib)
|
||
(gnu packages gnome)
|
||
(gnu packages gnupg)
|
||
(gnu packages gtk)
|
||
(gnu packages image)
|
||
(gnu packages imagemagick)
|
||
(gnu packages libusb)
|
||
(gnu packages linux)
|
||
(gnu packages messaging)
|
||
(gnu packages pkg-config)
|
||
(gnu packages python)
|
||
(gnu packages scanner)
|
||
(gnu packages textutils)
|
||
(gnu packages tls)
|
||
(gnu packages xml)
|
||
(gnu services)
|
||
(guix build-system gnu)
|
||
(guix gexp)
|
||
(guix git-download)
|
||
(guix download)
|
||
((guix licenses) #:prefix license:)
|
||
(guix packages)
|
||
(guix utils)
|
||
(srfi srfi-1))
|
||
|
||
(use-service-modules
|
||
authentication
|
||
cups
|
||
desktop
|
||
guix
|
||
networking
|
||
ssh
|
||
xorg
|
||
virtualization
|
||
vpn
|
||
security-token
|
||
web)
|
||
|
||
;; Paquets personnalisés
|
||
|
||
;; Outils GNU Boot
|
||
(define gnuboot-version "0.1-rc4")
|
||
(define gnuboot-source
|
||
(origin
|
||
(method url-fetch)
|
||
(uri (string-append "mirror://gnu/gnuboot/gnuboot-" gnuboot-version
|
||
"/gnuboot-" gnuboot-version "_src.tar.xz"))
|
||
(sha256
|
||
(base32
|
||
"0nc0qjbrnxvs20g36irj11prmrmyk8d8f256xiyxcarnxc0sigfw"))))
|
||
|
||
(define
|
||
(make-gnuboot-utils-package
|
||
name
|
||
source
|
||
version
|
||
synopsis
|
||
description)
|
||
(package
|
||
(name name)
|
||
(version version)
|
||
(source source)
|
||
(build-system gnu-build-system)
|
||
(arguments
|
||
(list
|
||
#:tests? #f
|
||
#:make-flags
|
||
#~(list
|
||
(string-append "CC=" #$(cc-for-target))
|
||
(string-append "DESTDIR=" #$output)
|
||
"INSTALL=install"
|
||
"PREFIX=/")
|
||
#:phases
|
||
#~(modify-phases
|
||
%standard-phases
|
||
(delete 'configure)
|
||
(add-after
|
||
'unpack 'enter-source
|
||
(lambda _
|
||
(chdir (string-append "coreboot/default/util/" #$name)))))))
|
||
(synopsis synopsis)
|
||
(description description)
|
||
(home-page "https://www.gnu.org/software/gnuboot")
|
||
(license license:gpl2)))
|
||
|
||
(define cbfstool
|
||
(make-gnuboot-utils-package
|
||
"cbfstool"
|
||
gnuboot-source
|
||
gnuboot-version
|
||
"Tool to manipulate Coreboot image files"
|
||
"This package provides @command{cbfstool}, a program that can
|
||
add a wide variety of files (bootblock, stage, payload, configuration
|
||
files, etc) to Coreboot File System (CBFS) images. It supports
|
||
original CBFS images as well as images in the newer FMAP format. It
|
||
also supports compressing files when requested."))
|
||
|
||
(define ifdtool
|
||
(make-gnuboot-utils-package
|
||
"ifdtool"
|
||
gnuboot-source
|
||
gnuboot-version
|
||
""
|
||
""))
|
||
|
||
(define nvramtool
|
||
(make-gnuboot-utils-package
|
||
"nvramtool"
|
||
gnuboot-source
|
||
gnuboot-version
|
||
""
|
||
""))
|
||
|
||
(define gnupload
|
||
(package
|
||
(name "gnupload")
|
||
(version (package-version gnulib))
|
||
(source (package-source gnulib))
|
||
(arguments
|
||
(list #:tests? #f
|
||
#:phases
|
||
#~(modify-phases
|
||
%standard-phases
|
||
(add-after 'unpack 'chdir
|
||
(lambda _ (chdir "build-aux")))
|
||
(delete 'bootstrap)
|
||
(delete 'configure)
|
||
(delete 'build)
|
||
(replace
|
||
'install
|
||
(lambda _
|
||
(install-file
|
||
"gnupload"
|
||
(string-append #$output "/bin/")))))))
|
||
(build-system gnu-build-system)
|
||
(inputs (list
|
||
bash ;; case esac break read eval shift exit
|
||
coreutils ;; echo test shift rm cat
|
||
gnupg ;; gpg gpg-agent
|
||
grep ;; grep
|
||
ncftp ;; ncftpput
|
||
sed)) ;; sed
|
||
(synopsis "")
|
||
(description "")
|
||
(home-page "")
|
||
(license license:gpl2+)))
|
||
|
||
(define sane-custom-minimal
|
||
(package
|
||
(name "sane-custom-minimal")
|
||
(version "1.3.1")
|
||
(source (origin
|
||
(method git-fetch)
|
||
(uri (git-reference
|
||
(url "https://gitlab.com/sane-project/backends")
|
||
(commit version)))
|
||
(file-name (git-file-name name version))
|
||
(sha256
|
||
(base32 "1fb6shx9bz0svcyasmyqs93rbbwq7kzg6l0h1zh3kjvcwhchyv72"))
|
||
(modules '((guix build utils)))
|
||
(snippet
|
||
;; Generated HTML files and udev rules normally embed a
|
||
;; timestamp. Work around that to build things reproducibly.
|
||
'(begin
|
||
(substitute* "tools/sane-desc.c"
|
||
(("asctime \\(localtime \\(¤t_time\\)\\)")
|
||
"\"1970-01-01\""))))))
|
||
(build-system gnu-build-system)
|
||
(native-inputs
|
||
`(("autoconf" ,autoconf)
|
||
("autoconf-archive" ,autoconf-archive)
|
||
("automake" ,automake)
|
||
("gettext" ,gettext-minimal)
|
||
("libtool" ,libtool)
|
||
("pkg-config" ,pkg-config)
|
||
;; For scripts/pixma_gen_options.py.
|
||
("python" ,python-wrapper)))
|
||
(inputs
|
||
(list libusb))
|
||
(arguments
|
||
`(#:configure-flags '("--with-lockdir=/var/lock/sane") ;; Avoid errors with plustek
|
||
#:phases
|
||
(modify-phases %standard-phases
|
||
(add-before 'bootstrap 'zap-unnecessary-git-dependency
|
||
(lambda _
|
||
;; This runs before default patch-shebangs phase.
|
||
(substitute* "tools/git-version-gen"
|
||
(("/bin/sh") (which "sh")))
|
||
(with-output-to-file ".tarball-version"
|
||
(lambda _ (format #t ,version)))))
|
||
(add-before 'configure 'disable-lockdir-creation
|
||
(lambda _
|
||
;; Modify the Makefile.am to prevent the creation of the lock dir
|
||
(substitute* "backend/Makefile.am"
|
||
(("^install-lockpath:.*$")
|
||
"install-lockpath: # pass"))))
|
||
(add-before 'configure 'disable-backends
|
||
(lambda _
|
||
(setenv "BACKENDS" " ")
|
||
|
||
;; Disable tests that may require back ends to be built.
|
||
(substitute* "testsuite/Makefile.in"
|
||
((" backend ") " "))))
|
||
(add-before 'configure 'disable-failing-tests
|
||
(lambda _
|
||
;; Disable unmaintained tests that that fail with errors resembling:
|
||
;;
|
||
;; < # by sane-desc 3.5 from sane-backends 1.0.24git on Jul 31 2013
|
||
;; ---
|
||
;; > # by sane-desc 3.5 from sane-backends 1.0.27 on 1970-01-01#
|
||
;; FAIL: sane-desc -m usermap -s ./data
|
||
(for-each
|
||
(lambda (pattern)
|
||
(substitute* "testsuite/tools/Makefile.in"
|
||
(((string-append " " pattern " ")) " ")))
|
||
(list "usermap" "db" "udev" "udev\\+acl" "udev\\+hwdb" "hwdb"))
|
||
|
||
;; Disable tests that try to connect to actual USB hardware & fail
|
||
;; with the following error when no USB access is allowed at all:
|
||
;;
|
||
;; sanei_usb_test: sanei_usb_test.c:849: main: Assertion
|
||
;; `test_init (1)' failed.
|
||
(substitute* "testsuite/sanei/Makefile.in"
|
||
(("sanei_usb_test\\$\\(EXEEXT\\) ") ""))))
|
||
(add-before 'build 'build-pixma_sane_options.c
|
||
;; "No rule to make target '../backend/pixma/pixma_sane_options.c',
|
||
;; needed by 'sane-backends.pot-update'."
|
||
(lambda _
|
||
(invoke "make" "-C" "backend" "pixma/pixma_sane_options.c")))
|
||
(add-after 'install 'install-udev-rules
|
||
(lambda* (#:key outputs #:allow-other-keys)
|
||
(let ((out (assoc-ref outputs "out")))
|
||
(mkdir-p (string-append out "/lib/udev/rules.d"))
|
||
(copy-file "tools/udev/libsane.rules"
|
||
(string-append out
|
||
"/lib/udev/rules.d/"
|
||
"60-libsane.rules")))))
|
||
(add-after 'install 'make-reproducible
|
||
;; XXX Work around an old bug <https://issues.guix.gnu.org/26247>.
|
||
;; Then work around "Throw to key `decoding-error' ..." by using sed.
|
||
(lambda* (#:key outputs #:allow-other-keys)
|
||
(let* ((out (assoc-ref outputs "out"))
|
||
(locale (string-append out "/share/locale")))
|
||
(with-directory-excursion locale
|
||
(for-each (lambda (file)
|
||
(invoke "sed" "-i" "/^PO-Revision-Date:/d" file))
|
||
(list "en@boldquot/LC_MESSAGES/sane-backends.mo"
|
||
"en@quot/LC_MESSAGES/sane-backends.mo")))))))))
|
||
(home-page "http://www.sane-project.org")
|
||
(synopsis
|
||
"Raster image scanner library and drivers, without scanner support")
|
||
(description "SANE stands for \"Scanner Access Now Easy\" and is an API
|
||
proving access to any raster image scanner hardware (flatbed scanner,
|
||
hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The
|
||
package contains the library, but no drivers.")
|
||
(license license:gpl2+))) ; plus linking exception
|
||
|
||
(define sane-custom-backends
|
||
(package/inherit sane-custom-minimal
|
||
(name "sane-custom-backends")
|
||
(inputs
|
||
`(("hplip" ,(@ (gnu packages cups) hplip-minimal))
|
||
("libjpeg" ,libjpeg-turbo) ; for pixma/epsonds/other back ends
|
||
("libpng" ,libpng) ; support ‘scanimage --format=png’
|
||
("libxml2" ,libxml2) ; for pixma back end
|
||
,@(package-inputs sane-backends-minimal)))
|
||
(arguments
|
||
(substitute-keyword-arguments (package-arguments sane-custom-minimal)
|
||
((#:phases phases)
|
||
`(modify-phases ,phases
|
||
(delete 'disable-backends)
|
||
(add-after 'disable-failing-tests 'disable-failing-backend-tests
|
||
(lambda _
|
||
;; Disable test that fails on i686:
|
||
;; <https://bugs.gnu.org/39449>
|
||
(substitute* "testsuite/backend/genesys/Makefile.in"
|
||
((" genesys_unit_tests\\$\\(EXEEXT\\)") ""))
|
||
#t))
|
||
(add-after 'unpack 'add-backends
|
||
(lambda _
|
||
(substitute* "backend/dll.conf.in"
|
||
(("hp5590" all) (format #f "~a~%~a" all "hpaio")))
|
||
#t))
|
||
(add-after 'install 'install-hpaio
|
||
(lambda* (#:key inputs outputs #:allow-other-keys)
|
||
(define hplip (string-append (assoc-ref inputs "hplip")
|
||
"/lib/sane"))
|
||
(define out (string-append (assoc-ref outputs "out")
|
||
"/lib/sane"))
|
||
(for-each
|
||
(lambda (file)
|
||
(symlink file (string-append out "/" (basename file))))
|
||
(find-files hplip))
|
||
#t))))))
|
||
(synopsis
|
||
"Raster image scanner library and drivers, with scanner support")
|
||
(description "SANE stands for \"Scanner Access Now Easy\" and is an API
|
||
proving access to any raster image scanner hardware (flatbed scanner,
|
||
hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The
|
||
package contains the library and drivers.")))
|
||
|
||
(define simple-scan-custom
|
||
(package
|
||
(inherit simple-scan) ; Inherit from the original 'simple-scan'
|
||
(name "simple-scan-custom") ; Override the package name
|
||
(inputs
|
||
(modify-inputs (package-inputs simple-scan)
|
||
(replace "sane-backends" sane-custom-backends))))) ; Replace the input
|
||
|
||
;; Service personnalisé
|
||
|
||
(define %sane-custom-accounts
|
||
;; The '60-libsane.rules' udev rules refers to the "scanner" group.
|
||
(list (user-group (name "scanner") (system? #t))))
|
||
|
||
(define %sane-custom-activation
|
||
#~(begin
|
||
(use-modules (guix build utils))
|
||
(let ((lockpath "/var/lock/sane")
|
||
(gid (vector-ref (getgrnam "scanner") 2)))
|
||
;; Create the lock directory at runtime and give right perms
|
||
(mkdir-p lockpath)
|
||
(chown lockpath -1 gid)
|
||
(chmod lockpath #o770))
|
||
#t))
|
||
|
||
(define sane-custom-service-type
|
||
(service-type
|
||
(name 'sane)
|
||
(description
|
||
"Custom SANE service")
|
||
(default-value sane-custom-minimal)
|
||
(extensions
|
||
(list (service-extension udev-service-type list)
|
||
(service-extension activation-service-type
|
||
(const %sane-custom-activation))
|
||
(service-extension account-service-type
|
||
(const %sane-custom-accounts))))))
|
||
|
||
;; Configuration sudoer personnalisée
|
||
|
||
(define %sudoers-specification
|
||
(plain-file "sudoers" "\
|
||
root ALL=(ALL) ALL
|
||
%wheel ALL=(ALL) NOPASSWD: ALL
|
||
"))
|
||
|
||
;; Configuration spice personnalisée
|
||
(define %nk3-rules
|
||
(udev-rule
|
||
"42-nk3.rules"
|
||
(string-append "\
|
||
ACTION!=\"add|change\", GOTO=\"u2f_end\"
|
||
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"42b2\", TAG+=\"uaccess\"
|
||
LABEL=\"u2f_end\"
|
||
")))
|
||
|
||
|
||
;; Fichiers de configuration du home
|
||
|
||
(define %bashrc_content
|
||
(plain-file "bashrc" "\
|
||
if [ -n \"$GUIX_ENVIRONMENT\" ]
|
||
then
|
||
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\] [env] \\$ '
|
||
else
|
||
PS1='\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '
|
||
fi
|
||
|
||
PATH=\"$PATH:~/.local/bin\"
|
||
|
||
guix() {
|
||
if [[ \"$1\" == \"install\" ]]; then
|
||
echo \"Tu es débile, ou bien ?\"
|
||
elif [[ \"$1\" == \"remove\" ]]; then
|
||
echo \"Tu es débile, ou bien ?\"
|
||
else
|
||
command guix \"$@\"
|
||
fi
|
||
}
|
||
|
||
if [[ ! -n \"$SSH_CLIENT\" ]]; then
|
||
unset SSH_AGENT_PID
|
||
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
|
||
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
|
||
fi
|
||
fi"))
|
||
|
||
(define %profile_content
|
||
(plain-file "profile" "\
|
||
if [[ ! -n \"$SSH_CLIENT\" ]]; then
|
||
unset SSH_AGENT_PID
|
||
if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then
|
||
export SSH_AUTH_SOCK=\"$(gpgconf --list-dirs agent-ssh-socket)\"
|
||
fi
|
||
fi"))
|
||
|
||
(define %home_configuration
|
||
(home-environment
|
||
(services
|
||
(list
|
||
(service home-bash-service-type
|
||
(home-bash-configuration
|
||
(environment-variables
|
||
'(
|
||
("BSD_GAMES_DIR" . "~/.local/share/bsd-games")
|
||
("GCC_COLORS" . "'error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'")
|
||
("GUIX_PACKAGE_PATH" . "$HOME/.config/guix/packages/defs")
|
||
("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share")
|
||
("LV2_PATH" . "/run/current-system/profile/lib/lv2")))
|
||
(aliases
|
||
'(
|
||
("clear" . "printf '\\033c'")
|
||
("dir" . "dir --color=auto")
|
||
("egrep" . "grep -E --color=auto")
|
||
("fgrep" . "grep -F --color=auto")
|
||
("grep" . "grep --color=auto")
|
||
("la" . "ls -lthA -p --color=auto")
|
||
("ll" . "ls -lth -p --color=auto")
|
||
("ls" . "ls -p --color=auto")
|
||
("vdir" . "vdir --color=auto")))
|
||
(bashrc
|
||
(list
|
||
%bashrc_content))))
|
||
|
||
(service home-gpg-agent-service-type
|
||
(home-gpg-agent-configuration
|
||
(pinentry-program
|
||
(file-append pinentry-gnome3 "/bin/pinentry-gnome3"))
|
||
(ssh-support? #t)))))))
|
||
|
||
;; Configuration du système
|
||
;; C'est le point d'entrée de la configuration
|
||
(operating-system
|
||
(locale "fr_FR.utf8")
|
||
(timezone "Europe/Paris")
|
||
(keyboard-layout (keyboard-layout "fr" "oss"))
|
||
(host-name "n-t400s")
|
||
|
||
|
||
;; Application de la configuration sudoer personnalisée (définie plus haut)
|
||
(kernel-arguments
|
||
(list
|
||
"tsc=unstable"
|
||
"clocksource=hpet"
|
||
"trace_clock=local"
|
||
;"lsm=landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
|
||
"rd.udev.event-timeout=5"))
|
||
|
||
(sudoers-file %sudoers-specification)
|
||
|
||
;; La liste des comptes utilisateurs (« root » est implicite).
|
||
(users
|
||
(cons*
|
||
(user-account
|
||
(name "neox")
|
||
(comment "neox")
|
||
(password (crypt "password" "$6$abc"))
|
||
(group "users")
|
||
(home-directory "/home/neox")
|
||
(supplementary-groups
|
||
'("wheel"
|
||
"dialout"
|
||
"netdev"
|
||
"audio"
|
||
"video"
|
||
"plugdev"
|
||
"kvm"
|
||
"scanner"
|
||
"lp")))
|
||
%base-user-accounts))
|
||
|
||
;; Quelques paquets installés au niveau du système.
|
||
;; On installe notamment network-manager et son extension pour openvpn
|
||
(packages
|
||
(append
|
||
(specifications->packages
|
||
(list
|
||
"adb"
|
||
"alsa-plugins"
|
||
"alsa-utils"
|
||
;"ardour"
|
||
"audacity"
|
||
"beep"
|
||
"bind:utils"
|
||
"binutils"
|
||
;"bmaptools"
|
||
"cabextract"
|
||
"calf"
|
||
"cmatrix"
|
||
"cpupower"
|
||
"cryptsetup"
|
||
"curl"
|
||
"cvs"
|
||
"dconf-editor"
|
||
"dino"
|
||
"dosbox"
|
||
"gocryptfs"
|
||
"emacs"
|
||
"endeavour"
|
||
"python-esptool"
|
||
"evolution"
|
||
"exfatprogs"
|
||
"fastboot"
|
||
"file"
|
||
"flashrom"
|
||
"flatpak"
|
||
"font-awesome"
|
||
"font-ipa-ex"
|
||
"font-ipa"
|
||
"font-ipa-mj-mincho"
|
||
"font-liberation"
|
||
"font-mplus-testflight"
|
||
"font-openmoji"
|
||
"font-wqy-zenhei"
|
||
"gallery-dl"
|
||
"gdb"
|
||
"ghostscript"
|
||
"ghostwriter"
|
||
"gimp"
|
||
"git"
|
||
"git-lfs"
|
||
"git:send-email"
|
||
"glmark2"
|
||
"gnome-builder"
|
||
"gnome-font-viewer"
|
||
"gnome-maps"
|
||
"gnome-power-manager"
|
||
"gnome-shell-extension-appindicator"
|
||
"gnome-shell-extension-blur-my-shell"
|
||
"gnome-shell-extension-burn-my-windows"
|
||
"gnome-shell-extension-dash-to-dock"
|
||
"gnome-shell-extension-night-theme-switcher"
|
||
"gnome-shell-extension-noannoyance"
|
||
"gnome-shell-extension-vitals"
|
||
"gnome-tweaks"
|
||
"gnupg"
|
||
"gnuplot"
|
||
"gparted"
|
||
"gpgme"
|
||
"graphviz"
|
||
"grub"
|
||
"hexchat"
|
||
"htop"
|
||
"hwloc"
|
||
"icecat"
|
||
"inetutils"
|
||
"inkscape"
|
||
"ipp-usb"
|
||
"iptables"
|
||
"jack"
|
||
"jp2a"
|
||
"jq"
|
||
"kcachegrind"
|
||
"kgraphviewer"
|
||
"librecad"
|
||
"ldns"
|
||
"libreoffice"
|
||
"libtree"
|
||
"lm-sensors"
|
||
"lsof"
|
||
"lvm2"
|
||
"lynx"
|
||
"make"
|
||
"man-pages"
|
||
"mdadm"
|
||
"mediainfo"
|
||
"megatools"
|
||
"meld"
|
||
"microcom"
|
||
"minetest"
|
||
"minicom"
|
||
"minisat"
|
||
"mpv"
|
||
"mtr"
|
||
"mumble"
|
||
"nbd"
|
||
"ncftp"
|
||
"ndisc6"
|
||
"neofetch"
|
||
"netcat"
|
||
"network-manager"
|
||
"network-manager-openvpn"
|
||
"nextcloud-client"
|
||
"ngspice"
|
||
"nitrocli"
|
||
"nmap"
|
||
"ntfs-3g"
|
||
"openssh"
|
||
"openssl"
|
||
"openvpn"
|
||
"pam-u2f"
|
||
"pandoc"
|
||
"paprefs"
|
||
"parted"
|
||
"patchelf"
|
||
"pavucontrol"
|
||
"pipe-viewer"
|
||
"pkg-config"
|
||
"poppler"
|
||
"powertop"
|
||
"profanity"
|
||
"python"
|
||
"python2"
|
||
"python-logutils"
|
||
"python-markdown"
|
||
"python-paramiko"
|
||
"python-prettytable"
|
||
"python-virtualenv"
|
||
"qbittorrent"
|
||
"qemu"
|
||
"qjackctl"
|
||
"qpdf"
|
||
"recutils"
|
||
"rsync"
|
||
"rubber"
|
||
"ruby-pygmentize"
|
||
"screen"
|
||
"perl-digest-sha"
|
||
"php"
|
||
"strace"
|
||
"seahorse"
|
||
"setxkbmap"
|
||
"simplescreenrecorder"
|
||
"sl"
|
||
"speedtest-cli"
|
||
;"sqlite"
|
||
"sqlitebrowser"
|
||
"sshpass"
|
||
"system-config-printer"
|
||
"testdisk"
|
||
"texlive"
|
||
"texlive-biber"
|
||
"texmaker"
|
||
"tig"
|
||
"tilix"
|
||
"tree"
|
||
"tor"
|
||
"torbrowser"
|
||
"tuba"
|
||
"uefitool"
|
||
"ungoogled-chromium"
|
||
"unzip"
|
||
"vlc"
|
||
"wine64"
|
||
"xauth"
|
||
"xdg-desktop-portal-gnome"
|
||
"xdg-utils"
|
||
"xdot"
|
||
"xdotool"
|
||
"xeyes"
|
||
"xournalpp"
|
||
"xrdp"
|
||
"yt-dlp"
|
||
"zip"
|
||
"zstd"))
|
||
|
||
(list
|
||
cbfstool
|
||
gnupload
|
||
nvramtool
|
||
sane-custom-backends
|
||
simple-scan-custom)
|
||
|
||
(remove
|
||
(lambda (pkg)
|
||
(string=? (package-name pkg) "simple-scan"))
|
||
%base-packages)))
|
||
|
||
;; Services du système.
|
||
;; On en profite pour modifier le comportement par défaut de quelques services.
|
||
(services
|
||
(modify-services
|
||
(append
|
||
(list
|
||
;; Service guix home (reconfiguration auto des profils)
|
||
(service guix-home-service-type
|
||
`(("neox" ,%home_configuration)))
|
||
|
||
;; Service bluetooth
|
||
(service bluetooth-service-type)
|
||
|
||
;; Service de gestion des clés de chiffrement physique
|
||
(service pcscd-service-type)
|
||
|
||
;; Service lecteur d'empreinte
|
||
;(service fprintd-service-type)
|
||
|
||
;; Service OpenSSH
|
||
(service openssh-service-type
|
||
(openssh-configuration
|
||
(authorized-keys
|
||
`(("neox" ,(local-file "/etc/ssh/ssh_neox_ed25519_key.pub"))))
|
||
(x11-forwarding? #t)
|
||
(password-authentication? #f)
|
||
(permit-root-login 'prohibit-password)))
|
||
|
||
;; Service d'impression
|
||
(service cups-service-type
|
||
(cups-configuration
|
||
(web-interface? #t)
|
||
(extensions
|
||
(list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
|
||
|
||
;; Service FastCGI/PHP
|
||
(service php-fpm-service-type)
|
||
|
||
;; Service de serveur HTTP
|
||
(service nginx-service-type
|
||
(nginx-configuration
|
||
(server-blocks
|
||
(list
|
||
(nginx-server-configuration
|
||
(listen '("127.0.0.1:81"))
|
||
(root "/srv/paheko-1.3.12/www")
|
||
(locations
|
||
(list
|
||
(nginx-location-configuration
|
||
(uri "/")
|
||
(body
|
||
'("try_files $uri $uri/ /_route.php?$query_string;"
|
||
"index index.php /_route.php;")))
|
||
(nginx-php-location))))))))
|
||
|
||
;; Application de la configuration udev personnalisée
|
||
(udev-rules-service 'plugdev %nk3-rules #:groups '("plugdev"))
|
||
|
||
;; Modification des limites mémoires pour les accès audio temps réel
|
||
;; (utile notamment pour Ardour)
|
||
(service pam-limits-service-type
|
||
(list
|
||
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
||
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
||
|
||
;; Service Gnome/GDM
|
||
(service gnome-desktop-service-type)
|
||
|
||
;; Service Tor
|
||
(service tor-service-type)
|
||
|
||
;; Service de scanners
|
||
(service sane-custom-service-type)
|
||
|
||
;; Configuration de l'environnement graphique (notamment clavier)
|
||
(set-xorg-configuration
|
||
(xorg-configuration (keyboard-layout keyboard-layout))))
|
||
|
||
;; Services par défaut du système
|
||
%desktop-services)
|
||
|
||
;; Modification de services par défaut
|
||
;; Configuration du service upower pour éviter la mise en veille lors
|
||
;; de la fermeture de capot
|
||
(upower-service-type config => (upower-configuration
|
||
(inherit config)
|
||
(ignore-lid? #t)))
|
||
|
||
;; Configuration du service elogind pour éviter la mise en veille lors
|
||
;; de la fermeture du capot
|
||
(elogind-service-type config => (elogind-configuration
|
||
(inherit config)
|
||
(handle-lid-switch 'ignore)
|
||
(handle-lid-switch-external-power 'ignore)))
|
||
|
||
;; Configuration des scanners
|
||
;(sane-service-type _ => sane-backends)
|
||
(delete sane-service-type)
|
||
(sane-custom-service-type _ => sane-custom-backends)
|
||
|
||
;; Configuration du garbage collector
|
||
(guix-service-type config => (guix-configuration
|
||
(inherit config)
|
||
(build-machines
|
||
(list
|
||
#~(build-machine
|
||
(name "10.42.0.1")
|
||
(system "x86_64-linux")
|
||
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyGPO723z8cE1PHKTbxqQUMalvmYrXeF88hwoS/SuRI root@n-guix-fix")
|
||
(user "offload")
|
||
(private-key "/etc/ssh/ssh_host_ed25519_key")
|
||
(parallel-builds 8)
|
||
(speed 16.0))))
|
||
(authorize-key? #t)
|
||
(authorized-keys
|
||
(append
|
||
(list
|
||
(local-file "/etc/guix/n-guix-fix.pub"))
|
||
%default-authorized-guix-keys))
|
||
(extra-options '("--gc-keep-derivations=yes" "--gc-keep-output=yes"))))
|
||
|
||
|
||
;; Configuration du service network-manager pour prendre en charge
|
||
;; OpenVPN
|
||
(network-manager-service-type config => (network-manager-configuration
|
||
(inherit config)
|
||
(vpn-plugins
|
||
(list (specification->package "network-manager-openvpn")))))))
|
||
|
||
;; Chargeur de démarrage (GRUB)
|
||
;; On indique ici où il doit être installé et comment le configurer
|
||
(bootloader
|
||
(bootloader-configuration
|
||
(bootloader
|
||
(bootloader
|
||
(inherit grub-bootloader)
|
||
(installer #~(const #t))))
|
||
(keyboard-layout keyboard-layout)))
|
||
|
||
;; Périphériques mappés
|
||
;; On configure notamment ici les partitions chiffrées (LUKS)
|
||
(mapped-devices
|
||
(list
|
||
(mapped-device
|
||
(source
|
||
(uuid "e200ab4d-6e65-4e4f-afc8-9230011141cf"))
|
||
(target "fde")
|
||
(type luks-device-mapping))
|
||
(mapped-device
|
||
(source "matrix")
|
||
(targets
|
||
(list
|
||
"matrix-root"))
|
||
(type lvm-device-mapping))))
|
||
|
||
;; Specify a swap file for the system, which resides on the
|
||
;; root file system.
|
||
(swap-devices
|
||
(list
|
||
(swap-space
|
||
(target "/swapfile"))))
|
||
|
||
;; La liste des systèmes de fichiers montés au démarrage
|
||
;; On configure ici le montage des partitions chiffrées et non chiffrées
|
||
(file-systems
|
||
(cons*
|
||
(file-system
|
||
(mount-point "/")
|
||
(device (file-system-label "root"))
|
||
(needed-for-boot? #t)
|
||
(dependencies mapped-devices)
|
||
(type "ext4"))
|
||
%base-file-systems)))
|