``` ;;; ;;; Configurations GNU Guix des ordinateurs de neox ;;; ;;; Copyright (C) 2023 Adrien 'neox' Bourmault ;;; ;;; This is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; This is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with this. If not, see . ;; Indique quels modules importer pour accéder aux variables ;; utilisées dans cette configuration. (use-modules (gnu)) (use-modules (gnu packages freedesktop)) (use-modules (gnu packages cups)) (use-modules (gnu packages scanner)) (use-modules (srfi srfi-1)) (use-service-modules cups desktop networking ssh xorg virtualization vpn) ;; Configuration sudoer personnalisée (define %sudoers-specification (plain-file "sudoers" "\ root ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL ")) ;; Configuration spice personnalisée ;; Permet le partage de périphériques USB via virt-manager (define %spice-rules (udev-rule "50-spice.rules" (string-append "\ SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\" SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\" "))) ;; Contenu du certificat CA (define %openvpn-ca-cert "-----BEGIN CERTIFICATE----- MIIFGTCCAwGgAwIBAgIEWgh7mjANBgkqhkiG9w0BAQsFADAsMQswCQYDVQQGEwJG UjEMMAoGA1UEChMDRkROMQ8wDQYDVQQDEwZDQSBGRE4wHhcNMTcxMTEyMTY0OTMx WhcNMzcwMTExMTY0OTQzWjAsMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDRkROMQ8w DQYDVQQDEwZDQSBGRE4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/ kZzJVsN4vpK7phHW7sX4UpJ1bEd1BveKBATiMTDIOY8ioVv7tAmNOSTABBi8KYzS LmflAVgsMGh1JI4+b5O4ZN1DKjKp9WAkJZvotsmHnCYsKBhoYc4JqkZQgG2s7zOm b7eigEWZQf0F5PIaNUzT2nZZlIjxnv7DiAI+lu46qWQfu09IAca4DyN3ViFmlv03 PD4QpTqdungSWCr2gv3VOVF3yX1+b/P4kX7oWae+U2XFL9hYDUuWaFFdWCTzSRvv JV7QMSflicb7fCRKC6E2r8x7igxyzr5NT6NAkYWvazgyNc7NOsy2hJ9EkN4IWs/0 GORkzYKBcA0MMFdt5CgbAPBFXleLwoaFpZ4BVkFIhREJHNgK6ZFfK60U4O+F552R QZPbgD+5geJOi6XbrBD3lQ/yb3qaNoejo1g39D7h571rPRYorDlTj6BZ925D+A+7 Mb6DOZMxYUfQ6SYqZSnWf7aivdLpNNsN8K0un8Z2BB98eK6cIhUv298FxF0+tSZI ok9T5SxF8URU2VfI6wVcSVRh8Q5aeKf2NINIxN6wrBYSwAls3gkwDEsAny+tCwwL 3hy3Y7SEvg+ItFS+d2RYdqav72Av5H2o6Uxr9025ZPKo89/Czd6XPID96znK2x/N l851UCjHfvNG2xzRqJa0HhUl2pLyEMpC62g31wKv+wIDAQABo0MwQTAPBgNVHRMB Af8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFCtQ0M1liMFOkprT 3G5JCpfc/pNAMA0GCSqGSIb3DQEBCwUAA4ICAQAscgi/f2oJIRwHHR+Yt/nW2Z43 hBVLTf0/u/Doa2m7Ae7Bv138ofaFwwF2q7iwnrb2F6L5deD0ZZoLtL0cNtNz7ajw 46SurhoftZh98ZaEmga6UtdNBDz8EO6aJtcwH4nXmzsfQFJ6WHdoKsWTC2L8u3Q8 nbxVF8x/J5QZKOiNp7hlxGEaFABmfaPvRXa4Fm/KLuITL74pEZ3K0+ufnrsT2S4+ 8RcgFYkRsKBkXPbhaGp10XDKHC4PPq26fZYVKMb4WzoeDMVMcfotGmdOrehah0mu 0fC9qElVoKtuEEvKtzAsnAX/jRPRMYqqtD90fqL6txoVKzVQcP8cyY0L6eZhIdYe nt0NfGhmxo6sRAnVmjA5yIriHOE70Zcd2ebeBcUITe7MReIynuygd85BhYyIegBB WGsj3iSp2Gg5CBNOe8JBLV6UU7iexThlEfWwbSpgigpdICaAaqjTATsO9PWeIM+v TsH51AC2wh63U5o6OCp3H18/bVJ3oX2F9fba8pPY5r7T7ou0Sq5Jy6i2US03vtDA NT2/q5MXAHy7kdMCHzT4KQp81pUTY3bNtujUyGC9Nhgf0CMQMLOmwL7lF9aKWk8J tG1ixRwplTEHEuJARpKp+MebiyfI87OoCSRJP+LygnkKeYNGxV0fhQnIW3+44bnw NH0QlNNxLH0iV4UJQA== -----END CERTIFICATE-----") ;; Fonction pour créer le fichier ca.crt (define (create-ca-cert) (let ((file "/etc/openvpn/ca.crt")) (mkdir-p (dirname file)) (call-with-output-file file (lambda (port) (display %openvpn-ca-cert port))) file)) ;; Configuration du système ;; C'est le point d'entrée de la configuration (operating-system (locale "fr_FR.utf8") (timezone "Europe/Paris") (keyboard-layout (keyboard-layout "fr" "oss")) (host-name "popol") ;; Application de la configuration sudoer personnalisée (définie plus haut) (sudoers-file %sudoers-specification) ;; La liste des comptes utilisateurs (« root » est implicite). (users (cons* (user-account (name "jerome") (comment "Jerome") (group "users") (home-directory "/home/jerome") ;; ajout de groupes pour virt-manager (supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice"))) %base-user-accounts)) ;; Quelques paquets installés au niveau du système. ;; On installe notamment network-manager et son extension pour openvpn, ;; ou encore libvirt/virt-manager pour la virtualisation (packages (append (list (specification->package "nss-certs") (specification->package "qemu") (specification->package "virt-manager") (specification->package "libvirt") (specification->package "lvm2") (specification->package "mdadm") (specification->package "openvpn")) %base-packages)) ;; Services du système. ;; On en profite pour modifier le comportement par défaut de quelques services. (services (modify-services (append (list (service gnome-desktop-service-type) ;; Service d'impression (service cups-service-type (cups-configuration (web-interface? #t) (extensions (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) (service sane-service-type) ;; Service KVM/Libvirt pour virt-manager (service libvirt-service-type) (service virtlog-service-type) ;; Application de la configuration spice personnalisée (définie plus haut) (udev-rules-service 'spice %spice-rules #:groups '("spice")) ;; Modification des limites mémoires pour les accès audio temps réel ;; (utile notamment pour Ardour) (service pam-limits-service-type (list (pam-limits-entry "@audio" 'both 'rtprio 99) (pam-limits-entry "@audio" 'both 'memlock 'unlimited))) (service openvpn-client-service-type (openvpn-client-configuration (proto tcp) ;(fast-io? #t) (ca %openvpn-ca-cert) (remote (list (openvpn-remote-configuration (name "vpn.fdn.fr") (port 1194)) (openvpn-remote-configuration) (name "vpn-rw.fdn.fr") (port 80)) (openvpn-remote-configuration) (name "vpn-rw.fdn.fr") (port 53)))) (set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout)))) %desktop-services) ;; SANE (numérisation) (sane-service-type _ => sane-backends)))) ;; Chargeur de démarrage (GRUB) ;; On indique ici où il doit être installé et comment le configurer (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets (list "/boot/efi")) (keyboard-layout keyboard-layout))) ;; Périphériques mappés ;; On configure notamment ici les partitions chiffrées (LUKS) (mapped-devices (list (mapped-device (source (uuid "9d09b4c8-d8c8-4116-868b-e00e625d2585")) (target "HOME") (type luks-device-mapping)))) ;; La liste des systèmes de fichiers qui seront « montés ». Les identifiants ;; de systèmes de fichiers uniques (« UUIDs ») qui se trouvent ici s'obtiennent ;; en exécutant « blkid » dans un terminal. (file-systems (cons* (file-system (mount-point "/boot/efi") (device (uuid "4FA8-3AF5" 'fat32)) (type "vfat")) (file-system (mount-point "/home") (device "/dev/mapper/HOME") (type "ext4") (dependencies mapped-devices)) (file-system (mount-point "/") (device (uuid "0c4322bb-3290-4d16-ae34-7c7fc01da648" 'ext4)) (type "ext4")) %base-file-systems))) ```