337 lines
9.3 KiB
Scheme
337 lines
9.3 KiB
Scheme
;;;
|
|
;;; Configurations GNU Guix système
|
|
;;;
|
|
;;; Copyright (C) 2024 Adrien 'neox' Bourmault <neox@a-lec.org>
|
|
;;;
|
|
;;; This is free software; you can redistribute it and/or modify it
|
|
;;; under the terms of the GNU General Public License as published by
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
;;; your option) any later version.
|
|
;;;
|
|
;;; This is distributed in the hope that it will be useful, but
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
;;; GNU General Public License for more details.
|
|
;;;
|
|
;;; You should have received a copy of the GNU General Public License
|
|
;;; along with this. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
;;; Déclarations et importations
|
|
|
|
;; Indique quels modules importer pour accéder aux variables
|
|
;; utilisées dans cette configuration.
|
|
(use-modules (gnu))
|
|
(use-modules (gnu packages freedesktop))
|
|
(use-modules (gnu packages cups))
|
|
(use-modules (gnu packages scanner))
|
|
(use-modules (srfi srfi-1))
|
|
(use-service-modules cups desktop networking ssh xorg virtualization vpn)
|
|
|
|
;; Configuration sudoer personnalisée
|
|
(define %sudoers-specification
|
|
(plain-file "sudoers" "\
|
|
root ALL=(ALL) ALL
|
|
%wheel ALL=(ALL) NOPASSWD: ALL
|
|
"))
|
|
|
|
;; Configuration spice personnalisée
|
|
;; Permet le partage de périphériques USB via virt-manager
|
|
(define %spice-rules
|
|
(udev-rule
|
|
"50-spice.rules"
|
|
(string-append "\
|
|
SUBSYSTEM==\"usb\", GROUP=\"spice\", MODE=\"0660\"
|
|
SUBSYSTEM==\"usb_device\", GROUP=\"spice\", MODE=\"0660\"
|
|
")))
|
|
|
|
;;; Configuration du système
|
|
;; C'est le point d'entrée de la configuration
|
|
|
|
(operating-system
|
|
(locale "fr_FR.utf8")
|
|
(timezone "Europe/Paris")
|
|
(keyboard-layout (keyboard-layout "fr" "oss"))
|
|
(host-name "popol")
|
|
|
|
;; Application de la configuration sudoer personnalisée (définie plus haut)
|
|
(sudoers-file %sudoers-specification)
|
|
|
|
;;; La liste des comptes utilisateurs (« root » est implicite).
|
|
(users
|
|
(cons*
|
|
(user-account
|
|
(name "jerome")
|
|
(comment "Jérôme")
|
|
(password (crypt "password" "$6$abc"))
|
|
(group "users")
|
|
(home-directory "/home/jerome")
|
|
;; ajout de groupes pour virt-manager
|
|
(supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt" "kvm" "scanner" "spice")))
|
|
%base-user-accounts))
|
|
|
|
;;; Paquets installés au niveau du système.
|
|
;; On installe notamment network-manager et son extension pour openvpn,
|
|
;; ou encore libvirt/virt-manager pour la virtualisation, et plein de paquets
|
|
;; utiles.
|
|
(packages
|
|
(append
|
|
(specifications->packages
|
|
(list
|
|
"adb"
|
|
"alsa-plugins"
|
|
"alsa-utils"
|
|
"ardour"
|
|
"audacity"
|
|
"bind:utils"
|
|
"binutils"
|
|
"blueman"
|
|
"bmaptools"
|
|
"cabextract"
|
|
"claws-mail"
|
|
"cmatrix"
|
|
"cpupower"
|
|
"cryptsetup"
|
|
"curl"
|
|
"cvs"
|
|
"dconf-editor"
|
|
"dino"
|
|
"emacs"
|
|
"endeavour"
|
|
"evolution"
|
|
"exfatprogs"
|
|
"fastboot"
|
|
"ffmpeg"
|
|
"file"
|
|
"flashrom"
|
|
"flatpak"
|
|
"font-awesome"
|
|
"font-liberation"
|
|
"font-openmoji"
|
|
"gallery-dl"
|
|
"gdb"
|
|
"ghostscript"
|
|
"ghostwriter"
|
|
"gimp"
|
|
"git"
|
|
"git-lfs"
|
|
"git:send-email"
|
|
"glmark2"
|
|
"gnome-bluetooth"
|
|
"gnome-builder"
|
|
"gnome-font-viewer"
|
|
"gnome-maps"
|
|
"gnome-power-manager"
|
|
"gnome-shell-extension-appindicator"
|
|
"gnome-shell-extension-blur-my-shell"
|
|
"gnome-shell-extension-burn-my-windows"
|
|
"gnome-shell-extension-dash-to-dock"
|
|
"gnome-shell-extension-night-theme-switcher"
|
|
"gnome-shell-extension-noannoyance"
|
|
"gnome-shell-extension-vitals"
|
|
"gnome-tweaks"
|
|
"gnupg"
|
|
"gnuplot"
|
|
"gparted"
|
|
"gpgme"
|
|
"graphviz"
|
|
"grub"
|
|
"hexchat"
|
|
"hplip"
|
|
"htop"
|
|
"hwloc"
|
|
"icecat"
|
|
"inetutils"
|
|
"inkscape"
|
|
"jack"
|
|
"jp2a"
|
|
"kcachegrind"
|
|
"kgraphviewer"
|
|
"libreoffice"
|
|
"libtree"
|
|
"libvirt"
|
|
"lm-sensors"
|
|
"lsof"
|
|
"lvm2"
|
|
"lynx"
|
|
"make"
|
|
"man-pages"
|
|
"mdadm"
|
|
"mediainfo"
|
|
"megatools"
|
|
"meld"
|
|
"microcom"
|
|
"minetest"
|
|
"minicom"
|
|
"minisat"
|
|
"mpv"
|
|
"mtr"
|
|
"mumble"
|
|
"nbd"
|
|
"ncftp"
|
|
"ndisc6"
|
|
"neofetch"
|
|
"nextcloud-client"
|
|
"nitrocli"
|
|
"nmap"
|
|
"ntfs-3g"
|
|
"openssh"
|
|
"openssl"
|
|
"openvpn"
|
|
"openvpn"
|
|
"pandoc"
|
|
"parted"
|
|
"patchelf"
|
|
"pavucontrol"
|
|
"pkg-config"
|
|
"poppler"
|
|
"powertop"
|
|
"profanity"
|
|
"python"
|
|
"python2"
|
|
"python-logutils"
|
|
"python-markdown"
|
|
"python-paramiko"
|
|
"qbittorrent"
|
|
"qemu"
|
|
"qjackctl"
|
|
"qpdf"
|
|
"recutils"
|
|
"rsync"
|
|
"rubber"
|
|
"screen"
|
|
"seahorse"
|
|
"setxkbmap"
|
|
"simplescreenrecorder"
|
|
"sl"
|
|
"speedtest-cli"
|
|
"sqlitebrowser"
|
|
"sshpass"
|
|
"system-config-printer"
|
|
"testdisk"
|
|
"texlive"
|
|
"texlive-biber"
|
|
"texmaker"
|
|
"tig"
|
|
"tilix"
|
|
"transmission"
|
|
"tree"
|
|
"uefitool"
|
|
"ungoogled-chromium"
|
|
"virt-manager"
|
|
"vlc"
|
|
"wine64"
|
|
"xauth"
|
|
"xdg-desktop-portal"
|
|
"xdg-desktop-portal-gnome"
|
|
"xdg-desktop-portal-gtk"
|
|
"xdg-utils"
|
|
"xdot"
|
|
"xdotool"
|
|
"xeyes"
|
|
"xournalpp"
|
|
"xrdp"
|
|
"yt-dlp"
|
|
"zstd"))
|
|
%base-packages))
|
|
|
|
|
|
;;; Services du système.
|
|
;; On en profite pour modifier le comportement par défaut de quelques services.
|
|
(services
|
|
(modify-services
|
|
|
|
;; Ajouts de services
|
|
(append
|
|
(list
|
|
(service gnome-desktop-service-type)
|
|
|
|
;; Service d'impression
|
|
(service cups-service-type
|
|
(cups-configuration
|
|
(web-interface? #t)
|
|
(extensions
|
|
(list
|
|
cups-filters
|
|
epson-inkjet-printer-escpr
|
|
hplip-minimal))))
|
|
|
|
;; Service du scanner
|
|
(service sane-service-type)
|
|
|
|
;; Service KVM/Libvirt pour virt-manager
|
|
(service libvirt-service-type)
|
|
(service virtlog-service-type)
|
|
|
|
;; Application de la configuration spice personnalisée (définie plus haut)
|
|
(udev-rules-service 'spice %spice-rules #:groups '("spice"))
|
|
|
|
;; Modification des limites mémoires pour les accès audio temps réel
|
|
;; (utile notamment pour Ardour)
|
|
(service pam-limits-service-type
|
|
(list
|
|
(pam-limits-entry "@audio" 'both 'rtprio 99)
|
|
(pam-limits-entry "@audio" 'both 'memlock 'unlimited)))
|
|
|
|
;; Service du client OpenVPN (pré-configuré pour FDN)
|
|
(service openvpn-client-service-type
|
|
(openvpn-client-configuration
|
|
(remote
|
|
(list
|
|
(openvpn-remote-configuration
|
|
(name "vpn.fdn.fr")
|
|
(port 1194))
|
|
(openvpn-remote-configuration
|
|
(name "vpn-rw.fdn.fr")
|
|
(port 80))
|
|
(openvpn-remote-configuration
|
|
(name "vpn-rw.fdn.fr")
|
|
(port 53))))
|
|
(proto 'tcp)
|
|
(fast-io? #t)
|
|
(ca "/etc/openvpn/fdn.crt")
|
|
(auth-user-pass "/etc/openvpn/fdn.creds")))
|
|
|
|
;; Service Xorg
|
|
(set-xorg-configuration
|
|
(xorg-configuration (keyboard-layout keyboard-layout))))
|
|
|
|
;; Services par défaut du système
|
|
%desktop-services)
|
|
|
|
;; Modification de services par défaut
|
|
;; SANE (numérisation)
|
|
(sane-service-type _ => sane-backends)))
|
|
|
|
|
|
;;; Chargeur de démarrage (GRUB)
|
|
;; On indique ici où il doit être installé et comment le configurer
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-efi-bootloader)
|
|
(targets (list "/boot/efi"))
|
|
(keyboard-layout keyboard-layout)))
|
|
|
|
;;; Périphériques mappés
|
|
;; On configure notamment ici les partitions chiffrées (LUKS)
|
|
(mapped-devices (list (mapped-device
|
|
(source (uuid
|
|
"CHANGE_THIS_UUID"))
|
|
(target "ROOT")
|
|
(type luks-device-mapping))))
|
|
|
|
;;; Systèmes de fichiers qui seront « montés ».
|
|
;; Les identifiants de systèmes de fichiers uniques (« UUIDs »)
|
|
;; qui se trouvent ici s'obtiennent en exécutant « blkid » dans un terminal.
|
|
(file-systems
|
|
(cons*
|
|
(file-system
|
|
(mount-point "/boot/efi")
|
|
(device (uuid "CHANGE_THIS_DISK" 'fat32))
|
|
(type "vfat"))
|
|
(file-system
|
|
(mount-point "/")
|
|
(device "/dev/mapper/ROOT")
|
|
(type "ext4")
|
|
(dependencies mapped-devices))
|
|
%base-file-systems)))
|