From 62df9b17135d010314f900fef2fb5ae6db8b9c34 Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Fri, 12 Jan 2024 21:03:46 +0100 Subject: Configure new machine, `btl' --- tw/system/btl.scm | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 tw/system/btl.scm (limited to 'tw/system/btl.scm') diff --git a/tw/system/btl.scm b/tw/system/btl.scm new file mode 100644 index 00000000..5a4608a2 --- /dev/null +++ b/tw/system/btl.scm @@ -0,0 +1,153 @@ +;; This is an operating system configuration file for a fairly minimal +;; "desktop" setup with i3 where the /home partition partition is +;; encrypted with LUKS. +;; +;; https://guix.gnu.org/manual/en/html_node/operating_002dsystem-Reference.html + +(define-module (tw system btl) + #:use-module (gnu) + #:use-module (gnu bootloader grub) + #:use-module (gnu packages linux) + #:use-module (gnu packages shells) + #:use-module (gnu services admin) + #:use-module (gnu services desktop) + #:use-module (gnu services pm) + #:use-module (gnu services syncthing) + #:use-module (gnu system locale) + #:use-module (gnu system nss) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module ((nongnu packages linux) + #:prefix nongnu:) ; don't interfere with (gnu packages linux) + #:use-module ((nongnu system linux-initrd) + #:prefix nongnu:) + #:use-module ((nonguix licenses) + #:prefix nongnu:) + #:use-module (tw channels) + #:use-module (tw packages firmware) + #:use-module (tw services secrets) + #:use-module (tw system)) + +(define efi-system-partition ; /dev/nvme0n1p1 + (uuid "D8C7-2624" 'fat)) +(define root-partition ; /dev/nvme0n1p2 + (uuid "62fb4710-33d1-4eaf-aaaa-43d16ab26a58" 'btrfs)) + +(define-public %btl-system + (operating-system + (host-name "btl.twilken.net") + (timezone "Europe/Paris") + (locale "en_GB.utf8") + (locale-definitions + (list (locale-definition (name "en_GB.utf8") (source "en_GB")) + (locale-definition (name "en_US.utf8") (source "en_US")) + (locale-definition (name "fr_FR.utf8") (source "fr_FR")))) + + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss) + + ;; Choose UK English X11 keyboard layout. + (keyboard-layout %british-keyboard) + + ;; Use the UEFI variant of GRUB with the EFI System + ;; Partition mounted on /boot/efi. + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + ;; Note: keyboard-layout is ignored by non-grub bootloaders. + (keyboard-layout keyboard-layout))) + + ;; Use non-free kernel to load non-free firmware (e.g. for wifi). + ;; Enable MT7921 module for Mediatek MT7922 (AMD RZ616) WiFi card. + ;; The MT7921E module is for the card connected via PCIe, which it is + ;; (it's in an M.2 slot). Alternatives are S (SDIO) and U (USB). + (kernel (nongnu:corrupt-linux linux-libre #:configs '("CONFIG_MT7921E=m"))) + (kernel-loadable-modules (list ddcci-driver-linux)) + (initrd nongnu:microcode-initrd) + (firmware (cons* nongnu:amdgpu-firmware mt7922-firmware %base-firmware)) + + (file-systems + (cons* (file-system + (device root-partition) + (mount-point "/") + (flags '(no-atime)) + (options (alist->file-system-options + '("ssd" ("compress" . "zstd")))) + (type "btrfs")) + (file-system + (device efi-system-partition) + (mount-point "/boot/efi") + (flags '(no-atime)) + (type "vfat")) + ;; Put /home in a subvolume for better accounting/snapshotting potential. + (file-system + (device root-partition) + (mount-point "/home") + (flags '(no-atime)) + (options (alist->file-system-options + '("ssd" ("compress" . "zstd") + ("subvol" . "home")))) + (type "btrfs")) + %base-file-systems)) + + ;; Members of the wheel group are allowed to use sudo. + (users (cons* (user-account + (name "timo") + (comment "Timo Wilken") + (group "users") + (supplementary-groups + '("wheel" "audio" "video" "docker" "adbusers")) + (shell (file-append zsh "/bin/zsh"))) + %base-user-accounts)) + + (sudoers-file + (plain-file "sudoers" + (string-append + ;; We need to preserve $TERMINFO so that programs under sudo can + ;; find kitty's terminfo files. This is possibly unsafe; sudo + ;; explicitly deletes this variable by default. + "Defaults env_keep += \"TERMINFO\"\n" + (plain-file-content %sudoers-specification) + ;; In addition to the default rules, allow admins to power off + ;; the computer. They'll have to use the system binaries, not + ;; those from their user profile, as /etc/sudoers requires + ;; absolute paths to commands. + "%wheel ALL=(ALL) NOPASSWD: " + "/run/current-system/profile/sbin/halt, " + "/run/current-system/profile/sbin/reboot, " + "/run/current-system/profile/sbin/shutdown\n"))) + + ;; This is where we specify system-wide packages. + (packages %enduser-system-packages) + + ;; Use the "desktop" services, which include the X11 + ;; log-in service, networking with NetworkManager, and more. + ;; See info '(guix)Services' for useful services. + (services + (cons* + (service syncthing-service-type + (syncthing-configuration + (user "timo"))) + + (service bluetooth-service-type) + + (service unattended-upgrade-service-type + (unattended-upgrade-configuration + (schedule "0 21 * * *") ; every night at 21:00, when the PC is turned on + (maximum-duration (* 40 60)) ; 40 minutes to allow for slow downloads + (channels %system-channels) + (operating-system-expression + #~(@ (tw system btl) %btl-system)) + (services-to-restart + ;; Anything that won't cause disruption when restarting. + '(syncthing-timo earlyoom wireguard-wg0 mcron)))) + + (modify-services (enduser-system-services + #:host-name host-name + #:cores 24 + #:wireless-interface "wlp1s0" + #:backlight-device "amdgpu_bl0") + (delete thermald-service-type)))))) + +%btl-system -- cgit v1.2.3