diff options
| author | Timo Wilken | 2024-01-12 21:03:46 +0100 |
|---|---|---|
| committer | Timo Wilken | 2024-01-12 21:03:46 +0100 |
| commit | 62df9b17135d010314f900fef2fb5ae6db8b9c34 (patch) | |
| tree | f9a4b4f39ebe1383df9ce6d6ff83ec17e09defad /tw | |
| parent | da53c5172df28f3f2203f84ee1009b464f3542ef (diff) | |
Configure new machine, `btl'
Diffstat (limited to 'tw')
| -rw-r--r-- | tw/home/btl.scm | 112 | ||||
| -rw-r--r-- | tw/system/btl.scm | 153 |
2 files changed, 265 insertions, 0 deletions
diff --git a/tw/home/btl.scm b/tw/home/btl.scm new file mode 100644 index 00000000..ba411b1b --- /dev/null +++ b/tw/home/btl.scm @@ -0,0 +1,112 @@ +;; This "home-environment" file can be passed to 'guix home reconfigure' +;; to reproduce the content of your profile. This is "symbolic": it only +;; specifies package names. To reproduce the exact same profile, you also +;; need to capture the channels being used, as returned by "guix describe". +;; See the "Replicating Guix" section in the manual. + +(define-module (tw home btl) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services desktop) + #:use-module (gnu home services guix) + #:use-module (gnu home services mail) + #:use-module (gnu home services mcron) + #:use-module (gnu home services pm) + #:use-module (gnu packages android) + #:use-module (gnu packages bittorrent) + #:use-module (gnu packages calendar) + #:use-module (gnu packages dav) + #:use-module (gnu packages finance) + #:use-module (gnu packages gnome) + #:use-module (gnu packages mail) + #:use-module (gnu packages messaging) + #:use-module (gnu packages music) + #:use-module (gnu packages networking) + #:use-module (gnu packages syndication) + #:use-module (gnu packages web-browsers) + #:use-module (gnu packages xorg) + #:use-module (gnu packages xdisorg) + #:use-module (gnu services) + #:use-module (guix gexp) + #:use-module ((nongnu packages messaging) + #:select (signal-desktop)) + #:use-module ((nongnu packages game-client) + #:select (steam)) + #:use-module (tw home) + #:use-module (tw packages scanner) + #:use-module (tw services desktop) + #:use-module (tw services git) + #:use-module (tw services gnupg) + #:use-module (tw services restic) + #:use-module (tw theme)) + +(define-public %btl-home + (home-environment + (packages + ;; These packages will show up in the home profile, under ~/.guix-home/profile. + (cons* + ;; CLI tools + adb fastboot beets cmus + + ;; Graphical applications + blueman electrum nheko signal-desktop simple-scan/airscan transmission-remote-gtk + + ;; Games + steam + ;; Games are installed in ~/.guix-profile instead, to make updates of the + ;; home environment faster. + ;; 0ad flightgear freeciv simutrans/pak128 warzone2100 widelands pioneer + + (append %interactive-packages %common-packages))) + + ;; To search for available home services, run 'guix home search KEYWORD'. + (services + (cons* + ;; Redshift: make the screen turn redder at night. + (service home-redshift-service-type + (home-redshift-configuration + ;; See info '(guix)Desktop Home Services'. + (location-provider 'manual) + ;; Approximate location + (latitude 46.0) + (longitude 6.0) + ;; (location-provider 'geoclue2) ; TODO: currently waits forever for a location -- not sure why geoclue doesn't work + ;; (daytime-temperature 6500) ; default 6500 + ;; (nighttime-temperature 4500) ; default 4500 + (daytime-brightness 1.0) + (nighttime-brightness 0.7) + (extra-content "fade=0"))) ; with fade=1, restarting redshift causes flickering for a few secs + + (service home-blueman-service-type) + + (service home-desktop-layout-service-type + (home-desktop-layout-configuration + (desktop-background "~/blobs-d.png") + (monitors + (list (home-monitor-configuration + (name "DP-1") + (xrandr-options '("--auto"))))))) + + ;; On my private machine, I want to use my private PGP key normally, and + ;; my work key only for work repositories. + (service home-git-service-type + (home-git-configuration + (default-email "git@twilken.net") + (default-signing-key "53EC3C06856883DD92355BC22FC78504681F69B0") + (identities + (list (home-git-identity + (name "cern") + (root-directory "~/src/alice") + (email "timo.wilken@cern.ch") + (signing-key "C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C")))))) + + (openssh-service #t) + + (service home-gnupg-service-type + (home-gnupg-configuration + (default-key "53EC3C06856883DD92355BC22FC78504681F69B0") + (gui-pinentry? #t))) + + (append (interactive-services) %common-services))))) + +%btl-home diff --git a/tw/system/btl.scm b/tw/system/btl.scm new file mode 100644 index 00000000..5a4608a2 --- /dev/null +++ b/tw/system/btl.scm @@ -0,0 +1,153 @@ +;; This is an operating system configuration file for a fairly minimal +;; "desktop" setup with i3 where the /home partition partition is +;; encrypted with LUKS. +;; +;; https://guix.gnu.org/manual/en/html_node/operating_002dsystem-Reference.html + +(define-module (tw system btl) + #:use-module (gnu) + #:use-module (gnu bootloader grub) + #:use-module (gnu packages linux) + #:use-module (gnu packages shells) + #:use-module (gnu services admin) + #:use-module (gnu services desktop) + #:use-module (gnu services pm) + #:use-module (gnu services syncthing) + #:use-module (gnu system locale) + #:use-module (gnu system nss) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module ((nongnu packages linux) + #:prefix nongnu:) ; don't interfere with (gnu packages linux) + #:use-module ((nongnu system linux-initrd) + #:prefix nongnu:) + #:use-module ((nonguix licenses) + #:prefix nongnu:) + #:use-module (tw channels) + #:use-module (tw packages firmware) + #:use-module (tw services secrets) + #:use-module (tw system)) + +(define efi-system-partition ; /dev/nvme0n1p1 + (uuid "D8C7-2624" 'fat)) +(define root-partition ; /dev/nvme0n1p2 + (uuid "62fb4710-33d1-4eaf-aaaa-43d16ab26a58" 'btrfs)) + +(define-public %btl-system + (operating-system + (host-name "btl.twilken.net") + (timezone "Europe/Paris") + (locale "en_GB.utf8") + (locale-definitions + (list (locale-definition (name "en_GB.utf8") (source "en_GB")) + (locale-definition (name "en_US.utf8") (source "en_US")) + (locale-definition (name "fr_FR.utf8") (source "fr_FR")))) + + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss) + + ;; Choose UK English X11 keyboard layout. + (keyboard-layout %british-keyboard) + + ;; Use the UEFI variant of GRUB with the EFI System + ;; Partition mounted on /boot/efi. + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + ;; Note: keyboard-layout is ignored by non-grub bootloaders. + (keyboard-layout keyboard-layout))) + + ;; Use non-free kernel to load non-free firmware (e.g. for wifi). + ;; Enable MT7921 module for Mediatek MT7922 (AMD RZ616) WiFi card. + ;; The MT7921E module is for the card connected via PCIe, which it is + ;; (it's in an M.2 slot). Alternatives are S (SDIO) and U (USB). + (kernel (nongnu:corrupt-linux linux-libre #:configs '("CONFIG_MT7921E=m"))) + (kernel-loadable-modules (list ddcci-driver-linux)) + (initrd nongnu:microcode-initrd) + (firmware (cons* nongnu:amdgpu-firmware mt7922-firmware %base-firmware)) + + (file-systems + (cons* (file-system + (device root-partition) + (mount-point "/") + (flags '(no-atime)) + (options (alist->file-system-options + '("ssd" ("compress" . "zstd")))) + (type "btrfs")) + (file-system + (device efi-system-partition) + (mount-point "/boot/efi") + (flags '(no-atime)) + (type "vfat")) + ;; Put /home in a subvolume for better accounting/snapshotting potential. + (file-system + (device root-partition) + (mount-point "/home") + (flags '(no-atime)) + (options (alist->file-system-options + '("ssd" ("compress" . "zstd") + ("subvol" . "home")))) + (type "btrfs")) + %base-file-systems)) + + ;; Members of the wheel group are allowed to use sudo. + (users (cons* (user-account + (name "timo") + (comment "Timo Wilken") + (group "users") + (supplementary-groups + '("wheel" "audio" "video" "docker" "adbusers")) + (shell (file-append zsh "/bin/zsh"))) + %base-user-accounts)) + + (sudoers-file + (plain-file "sudoers" + (string-append + ;; We need to preserve $TERMINFO so that programs under sudo can + ;; find kitty's terminfo files. This is possibly unsafe; sudo + ;; explicitly deletes this variable by default. + "Defaults env_keep += \"TERMINFO\"\n" + (plain-file-content %sudoers-specification) + ;; In addition to the default rules, allow admins to power off + ;; the computer. They'll have to use the system binaries, not + ;; those from their user profile, as /etc/sudoers requires + ;; absolute paths to commands. + "%wheel ALL=(ALL) NOPASSWD: " + "/run/current-system/profile/sbin/halt, " + "/run/current-system/profile/sbin/reboot, " + "/run/current-system/profile/sbin/shutdown\n"))) + + ;; This is where we specify system-wide packages. + (packages %enduser-system-packages) + + ;; Use the "desktop" services, which include the X11 + ;; log-in service, networking with NetworkManager, and more. + ;; See info '(guix)Services' for useful services. + (services + (cons* + (service syncthing-service-type + (syncthing-configuration + (user "timo"))) + + (service bluetooth-service-type) + + (service unattended-upgrade-service-type + (unattended-upgrade-configuration + (schedule "0 21 * * *") ; every night at 21:00, when the PC is turned on + (maximum-duration (* 40 60)) ; 40 minutes to allow for slow downloads + (channels %system-channels) + (operating-system-expression + #~(@ (tw system btl) %btl-system)) + (services-to-restart + ;; Anything that won't cause disruption when restarting. + '(syncthing-timo earlyoom wireguard-wg0 mcron)))) + + (modify-services (enduser-system-services + #:host-name host-name + #:cores 24 + #:wireless-interface "wlp1s0" + #:backlight-device "amdgpu_bl0") + (delete thermald-service-type)))))) + +%btl-system |