diff options
author | Timo Wilken | 2024-05-13 18:27:53 +0200 |
---|---|---|
committer | Timo Wilken | 2024-05-13 18:27:53 +0200 |
commit | 02807429549df9a134edf0a3b54ddd3a3c625631 (patch) | |
tree | c9a0e8e95f63d66e9aa7e8463aee388fa6ed8b15 /tw/system | |
parent | d502ca9ce0e16b538e08329c1876e80680ecd559 (diff) |
Integrate CERN laptop configuration into main system config
Diffstat (limited to 'tw/system')
-rw-r--r-- | tw/system/cern.scm | 152 |
1 files changed, 33 insertions, 119 deletions
diff --git a/tw/system/cern.scm b/tw/system/cern.scm index 0f706e21..c519bbe9 100644 --- a/tw/system/cern.scm +++ b/tw/system/cern.scm @@ -11,7 +11,10 @@ #:use-module (gnu system nss) #:use-module (guix gexp) #:use-module (guix packages) + #:use-module ((nongnu packages linux) #:prefix nongnu:) + #:use-module ((nongnu system linux-initrd) #:prefix nongnu:) #:use-module (tw channels) + #:use-module (tw services wireguard) #:use-module (tw system)) (use-package-modules certs cups disk docker file-systems gnome kerberos linux @@ -40,6 +43,16 @@ (locale-definition (name "en_US.utf8") (source "en_US")) (locale-definition (name "fr_FR.utf8") (source "fr_FR")))) + ;; Use non-free kernel to load non-free firmware (e.g. for wifi). + ;; Enable MT7921 module for Mediatek MT7922 (AMD RZ616) WiFi card. + ;; The MT7921E module is for the card connected via PCIe, which it is + ;; (it's in an M.2 slot). Alternatives are S (SDIO) and U (USB). + (kernel nongnu:linux) + ;; (kernel-loadable-modules (list ddcci-driver-linux)) ; TODO: disabled because the package fails to build + (initrd nongnu:microcode-initrd) + (firmware (cons* nongnu:i915-firmware nongnu:ibt-hw-firmware nongnu:sof-firmware + nongnu:iwlwifi-firmware %base-firmware)) + ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) @@ -98,96 +111,24 @@ "/run/current-system/profile/sbin/shutdown\n"))) ;; This is where we specify system-wide packages. - (packages - (cons* - ;; System stuff - cups docker mit-krb5 - ;; Desktop and drivers - ;; FIXME: lightdm depends on python-2, but the build throws an - ;; error that python2 is not supported. - ;; TODO: Does lightdm have a service I need to enable? - ;;lightdm lightdm-gtk-greeter - pulseaudio xf86-video-intel - i3-wm ; install i3 here so gdm can see its xsession file - i3lock ; we need a system service to make i3lock setuid root - ;; We need to install gnome-keyring here so its PAM module is - ;; enabled properly (by its service; see below). - ;; nheko needs gnome-keyring to store secrets (kwallet doesn't do dbus). - gnome-keyring - ;; It's probably easiest to install geoclue system-wide, so it - ;; gets added to `%desktop-services' and redshift can access the - ;; location. - geoclue - ;; Base packages - %base-system-packages)) + (packages %enduser-system-packages) ;; Use the "desktop" services, which include the X11 ;; log-in service, networking with NetworkManager, and more. ;; See info '(guix)Services' for useful services. (services (cons* - (service cups-service-type - (cups-configuration - (web-interface? #t) - (default-shared? #f) - ;; See info '(guix)Printing Services' for more extensions. - (extensions - (list cups-filters foomatic-filters)))) - - (service docker-service-type - (docker-configuration)) - - (service krb5-service-type - (krb5-configuration - (default-realm "CERN.CH") - (rdns? #f) - (realms (list (krb5-realm - (name "CERN.CH") - (default-domain "cern.ch") - (kdc "cerndc.cern.ch")))))) - - ;; At high CPU frequencies, the fan is very loud, starting around 3.5 GHz. - (simple-service 'cpufreq shepherd-root-service-type - (list (shepherd-service - (documentation "Limit CPU frequency") - (provision '(cpufreq)) - (one-shot? #t) - (start #~(make-forkexec-constructor - (list #$(file-append cpupower "/bin/cpupower") - "frequency-set" "--max" "3.6GHz"))) - (stop #~(make-forkexec-constructor - (list #$(file-append cpupower "/bin/cpupower") - "frequency-set" "--max" "4.8GHz"))) - (actions - (list (shepherd-action - (name 'current) - (documentation "Show the current CPU frequencies.") - (procedure - #~(lambda _ - (system* #$(file-append cpupower "/bin/cpupower") - "frequency-info"))))))))) - - (service thermald-service-type - (thermald-configuration - (adaptive? #t))) - - (service earlyoom-service-type - (earlyoom-configuration)) ; TODO: configure at least `avoid-regexp' - - ;; Install i3lock as a setuid binary, so it can talk to PAM. - (service screen-locker-service-type - (screen-locker-configuration - (name "i3lock") - (program (file-append i3lock "/bin/i3lock")))) - - ;; gnome-keyring is not in `%desktop-services' by default, - ;; but needs to be there to add itself to /etc/pam.d/. - ;; If using a DM other than GDM, add it to `pam-services' in - ;; `gnome-keyring-configuration' (see its docs). - (service gnome-keyring-service-type - (gnome-keyring-configuration)) - - (set-xorg-configuration custom-xorg-config) + (service bluetooth-service-type) + + (service tlp-service-type + (tlp-configuration ; see also: radeon-* properties + (cpu-scaling-governor-on-ac '("powersave")) + (cpu-scaling-governor-on-bat '("powersave")) + (energy-perf-policy-on-ac "powersave") + (energy-perf-policy-on-bat "powersave") + (sched-powersave-on-ac? #t) + (sched-powersave-on-bat? #t) + (cpu-boost-on-ac? #t))) (service unattended-upgrade-service-type (unattended-upgrade-configuration @@ -200,21 +141,6 @@ ;; Anything that won't cause disruption when restarting. '(mcron earlyoom thermald)))) - (simple-service 'disk-maintenance mcron-service-type - (list #~(job "45 22 * * *" "guix gc -d 2m -F 100G") ; after unattended-upgrade - #~(job "0 23 * * *" ; after guix gc - (string-append #$(file-append util-linux "/sbin/fstrim") - " --fstab --verbose")))) - - (service openssh-service-type - (openssh-configuration - (port-number 22022) - (x11-forwarding? #t) - (permit-root-login #f) - (password-authentication? #f) - (authorized-keys - `(("twilken" ,(local-file "files/timo-cern.pub")))))) - (service openntpd-service-type (openntpd-configuration ;; Use CERN time servers. @@ -222,26 +148,14 @@ "ip-time-1.cern.ch" "ip-time-2.cern.ch")))) - (modify-services (append %system-channel-services %desktop-services) - (gdm-service-type - config => - (gdm-configuration - (inherit config) - (auto-login? #f) - (default-user "twilken") - (xorg-configuration custom-xorg-config))) - - (geoclue-service-type - config => - (geoclue-configuration - (inherit config) - (applications - (cons* (geoclue-application "redshift" #:system? #f) - %standard-geoclue-applications)))) - - (login-service-type config => (tw-login-configuration config)) - + (modify-services (enduser-system-services + #:host-name host-name + #:cores 12 + #:work-system? #t + #:wireless-interface "wlp0s20f3" + #:backlight-device "intel_backlight") ;; openntpd works better. - (delete ntp-service-type)))))) + (delete ntp-service-type) + (delete tw-wireguard-service-type)))))) %cern-system |