Integrate CERN laptop configuration into main system config

1 files changed, 33 insertions, 119 deletions

diff --git a/tw/system/cern.scm b/tw/system/cern.scm
index 0f706e21..c519bbe9 100644
--- a/tw/system/cern.scm
+++ b/tw/system/cern.scm
@@ -11,7 +11,10 @@
   #:use-module (gnu system nss)
   #:use-module (guix gexp)
   #:use-module (guix packages)
+  #:use-module ((nongnu packages linux) #:prefix nongnu:)
+  #:use-module ((nongnu system linux-initrd) #:prefix nongnu:)
   #:use-module (tw channels)
+  #:use-module (tw services wireguard)
   #:use-module (tw system))
 
 (use-package-modules certs cups disk docker file-systems gnome kerberos linux
@@ -40,6 +43,16 @@
            (locale-definition (name "en_US.utf8") (source "en_US"))
            (locale-definition (name "fr_FR.utf8") (source "fr_FR"))))
 
+    ;; Use non-free kernel to load non-free firmware (e.g. for wifi).
+    ;; Enable MT7921 module for Mediatek MT7922 (AMD RZ616) WiFi card.
+    ;; The MT7921E module is for the card connected via PCIe, which it is
+    ;; (it's in an M.2 slot).  Alternatives are S (SDIO) and U (USB).
+    (kernel nongnu:linux)
+    ;; (kernel-loadable-modules (list ddcci-driver-linux))   ; TODO: disabled because the package fails to build
+    (initrd nongnu:microcode-initrd)
+    (firmware (cons* nongnu:i915-firmware nongnu:ibt-hw-firmware nongnu:sof-firmware
+                     nongnu:iwlwifi-firmware %base-firmware))
+
     ;; Allow resolution of '.local' host names with mDNS.
     (name-service-switch %mdns-host-lookup-nss)
 
@@ -98,96 +111,24 @@
         "/run/current-system/profile/sbin/shutdown\n")))
 
     ;; This is where we specify system-wide packages.
-    (packages
-     (cons*
-      ;; System stuff
-      cups docker mit-krb5
-      ;; Desktop and drivers
-      ;; FIXME: lightdm depends on python-2, but the build throws an
-      ;; error that python2 is not supported.
-      ;; TODO: Does lightdm have a service I need to enable?
-      ;;lightdm lightdm-gtk-greeter
-      pulseaudio xf86-video-intel
-      i3-wm  ; install i3 here so gdm can see its xsession file
-      i3lock   ; we need a system service to make i3lock setuid root
-      ;; We need to install gnome-keyring here so its PAM module is
-      ;; enabled properly (by its service; see below).
-      ;; nheko needs gnome-keyring to store secrets (kwallet doesn't do dbus).
-      gnome-keyring
-      ;; It's probably easiest to install geoclue system-wide, so it
-      ;; gets added to `%desktop-services' and redshift can access the
-      ;; location.
-      geoclue
-      ;; Base packages
-      %base-system-packages))
+    (packages %enduser-system-packages)
 
     ;; Use the "desktop" services, which include the X11
     ;; log-in service, networking with NetworkManager, and more.
     ;; See info '(guix)Services' for useful services.
     (services
      (cons*
-      (service cups-service-type
-        (cups-configuration
-         (web-interface? #t)
-         (default-shared? #f)
-         ;; See info '(guix)Printing Services' for more extensions.
-         (extensions
-          (list cups-filters foomatic-filters))))
-
-      (service docker-service-type
-        (docker-configuration))
-
-      (service krb5-service-type
-        (krb5-configuration
-         (default-realm "CERN.CH")
-         (rdns? #f)
-         (realms (list (krb5-realm
-                        (name "CERN.CH")
-                        (default-domain "cern.ch")
-                        (kdc "cerndc.cern.ch"))))))
-
-      ;; At high CPU frequencies, the fan is very loud, starting around 3.5 GHz.
-      (simple-service 'cpufreq shepherd-root-service-type
-        (list (shepherd-service
-               (documentation "Limit CPU frequency")
-               (provision '(cpufreq))
-               (one-shot? #t)
-               (start #~(make-forkexec-constructor
-                         (list #$(file-append cpupower "/bin/cpupower")
-                               "frequency-set" "--max" "3.6GHz")))
-               (stop #~(make-forkexec-constructor
-                        (list #$(file-append cpupower "/bin/cpupower")
-                              "frequency-set" "--max" "4.8GHz")))
-               (actions
-                (list (shepherd-action
-                       (name 'current)
-                       (documentation "Show the current CPU frequencies.")
-                       (procedure
-                        #~(lambda _
-                            (system* #$(file-append cpupower "/bin/cpupower")
-                                     "frequency-info")))))))))
-
-      (service thermald-service-type
-        (thermald-configuration
-         (adaptive? #t)))
-
-      (service earlyoom-service-type
-        (earlyoom-configuration))  ; TODO: configure at least `avoid-regexp'
-
-      ;; Install i3lock as a setuid binary, so it can talk to PAM.
-      (service screen-locker-service-type
-        (screen-locker-configuration
-         (name "i3lock")
-         (program (file-append i3lock "/bin/i3lock"))))
-
-      ;; gnome-keyring is not in `%desktop-services' by default,
-      ;; but needs to be there to add itself to /etc/pam.d/.
-      ;; If using a DM other than GDM, add it to `pam-services' in
-      ;; `gnome-keyring-configuration' (see its docs).
-      (service gnome-keyring-service-type
-        (gnome-keyring-configuration))
-
-      (set-xorg-configuration custom-xorg-config)
+      (service bluetooth-service-type)
+
+      (service tlp-service-type
+        (tlp-configuration   ; see also: radeon-* properties
+         (cpu-scaling-governor-on-ac '("powersave"))
+         (cpu-scaling-governor-on-bat '("powersave"))
+         (energy-perf-policy-on-ac "powersave")
+         (energy-perf-policy-on-bat "powersave")
+         (sched-powersave-on-ac? #t)
+         (sched-powersave-on-bat? #t)
+         (cpu-boost-on-ac? #t)))
 
       (service unattended-upgrade-service-type
         (unattended-upgrade-configuration
@@ -200,21 +141,6 @@
           ;; Anything that won't cause disruption when restarting.
           '(mcron earlyoom thermald))))
 
-      (simple-service 'disk-maintenance mcron-service-type
-        (list #~(job "45 22 * * *" "guix gc -d 2m -F 100G")  ; after unattended-upgrade
-              #~(job "0 23 * * *"  ; after guix gc
-                     (string-append #$(file-append util-linux "/sbin/fstrim")
-                                    " --fstab --verbose"))))
-
-      (service openssh-service-type
-        (openssh-configuration
-         (port-number 22022)
-         (x11-forwarding? #t)
-         (permit-root-login #f)
-         (password-authentication? #f)
-         (authorized-keys
-          `(("twilken" ,(local-file "files/timo-cern.pub"))))))
-
       (service openntpd-service-type
         (openntpd-configuration
          ;; Use CERN time servers.
@@ -222,26 +148,14 @@
                     "ip-time-1.cern.ch"
                     "ip-time-2.cern.ch"))))
 
-      (modify-services (append %system-channel-services %desktop-services)
-        (gdm-service-type
-         config =>
-         (gdm-configuration
-          (inherit config)
-          (auto-login? #f)
-          (default-user "twilken")
-          (xorg-configuration custom-xorg-config)))
-
-        (geoclue-service-type
-         config =>
-         (geoclue-configuration
-          (inherit config)
-          (applications
-           (cons* (geoclue-application "redshift" #:system? #f)
-                  %standard-geoclue-applications))))
-
-        (login-service-type config => (tw-login-configuration config))
-
+      (modify-services (enduser-system-services
+                        #:host-name host-name
+                        #:cores 12
+                        #:work-system? #t
+                        #:wireless-interface "wlp0s20f3"
+                        #:backlight-device "intel_backlight")
         ;; openntpd works better.
-        (delete ntp-service-type))))))
+        (delete ntp-service-type)
+        (delete tw-wireguard-service-type))))))
 
 %cern-system