From a56bdba05f21d75dc4b0fad74d3912c384d5c6c5 Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Wed, 27 Mar 2024 17:03:29 -0500 Subject: Configure channels through guix-configuration In recent versions, it seems Guix silently overwrites any custom /etc/guix/channels.scm file, so configure channels though Guix' configuration. --- tw/channels.scm | 29 +++++++++++-------------- tw/system.scm | 6 ++++++ tw/system/btl.scm | 2 +- tw/system/cern.scm | 2 +- tw/system/frm.scm | 2 +- tw/system/installer/nonfree.scm | 48 +++++++++++++++++++---------------------- tw/system/lap.scm | 2 +- tw/system/vin.scm | 2 +- 8 files changed, 46 insertions(+), 47 deletions(-) (limited to 'tw') diff --git a/tw/channels.scm b/tw/channels.scm index 5687470e..c45ca603 100644 --- a/tw/channels.scm +++ b/tw/channels.scm @@ -1,22 +1,23 @@ (define-module (tw channels) #:use-module (gnu services) #:use-module (gnu services base) + #:use-module (guix channels) #:use-module (guix gexp) #:use-module (guix modules)) (define-public %system-channels - ;; Channel `tw' depends on `nonguix'. + ;; Channel `tw' depends on `nonguix' and others. ;; See also `.guix-channel' in this repo. - #~(cons* (channel - (name 'tw) - (url "https://git.twilken.net/dotfiles") - (branch "master") - (introduction - (make-channel-introduction - "f9036f78b4b4f4f35f52b3584dd5a3a747b498bf" - (openpgp-fingerprint - "53EC 3C06 8568 83DD 9235 5BC2 2FC7 8504 681F 69B0")))) - %default-channels)) + (cons* (channel + (name 'tw) + (url "https://git.twilken.net/dotfiles") + (branch "master") + (introduction + (make-channel-introduction + "f9036f78b4b4f4f35f52b3584dd5a3a747b498bf" + (openpgp-fingerprint + "53EC 3C06 8568 83DD 9235 5BC2 2FC7 8504 681F 69B0")))) + %default-channels)) ;; Nonguix substitute server's signing key. ;; From . @@ -37,7 +38,6 @@ "(public-key (ecc (curve Ed25519) (q #E0E0A927949FF46DD5B7A63334BC168DC63D6C90D4F9AD6C071A4520B8B659A7#)))"))) (define-public %system-channel-services - ;; The gaming channel (https://gitlab.com/guix-gaming-channels) is per-user only. (list (simple-service 'nonguix guix-service-type (guix-extension (authorized-keys (list %nonguix-signing-key)) @@ -45,7 +45,4 @@ (simple-service 'offloading guix-service-type (guix-extension - (authorized-keys %tw-signing-keys))) - - (extra-special-file "/etc/guix/channels.scm" - (scheme-file "channels.scm" %system-channels)))) + (authorized-keys %tw-signing-keys))))) diff --git a/tw/system.scm b/tw/system.scm index 4cbd6dda..45fe5745 100644 --- a/tw/system.scm +++ b/tw/system.scm @@ -364,6 +364,12 @@ ACTION!=\"remove\", SUBSYSTEM==\"leds\", GROUP=\"video\", MODE=\"0664\" " --fstab --verbose")))) (modify-services (append %system-channel-services %desktop-services) + (guix-service-type + config => + (guix-configuration + (inherit config) + (channels %system-channels))) + ;; Let sane find the airscan backend. ipp-usb needs to be running separately. (sane-service-type _ => sane-backends/airscan) diff --git a/tw/system/btl.scm b/tw/system/btl.scm index aa1de5a9..915c969a 100644 --- a/tw/system/btl.scm +++ b/tw/system/btl.scm @@ -140,7 +140,7 @@ (unattended-upgrade-configuration (schedule "0 21 * * *") ; every night at 21:00, when the PC is turned on (maximum-duration (* 40 60)) ; 40 minutes to allow for slow downloads - (channels %system-channels) + (channels #~(@ (tw channels) %system-channels)) (operating-system-expression #~(@ (tw system btl) %btl-system)) (services-to-restart diff --git a/tw/system/cern.scm b/tw/system/cern.scm index c7f01413..c46b2dc8 100644 --- a/tw/system/cern.scm +++ b/tw/system/cern.scm @@ -209,7 +209,7 @@ (unattended-upgrade-configuration (schedule "0 22 * * *") ; every night at 22:00 (maximum-duration (* 40 60)) ; 40 minutes - (channels %system-channels) + (channels #~(@ (tw channels) %system-channels)) (operating-system-expression #~(@ (tw system cern) %cern-system)) (services-to-restart diff --git a/tw/system/frm.scm b/tw/system/frm.scm index 3303f461..5e9e7d55 100644 --- a/tw/system/frm.scm +++ b/tw/system/frm.scm @@ -151,7 +151,7 @@ (unattended-upgrade-configuration (schedule "0 21 * * *") ; every night at 21:00, when the laptop is turned on (maximum-duration (* 40 60)) ; 40 minutes to allow for slow downloads - (channels %system-channels) + (channels #~(@ (tw channels) %system-channels)) (operating-system-expression #~(@ (tw system frm) %frm-system)) (services-to-restart diff --git a/tw/system/installer/nonfree.scm b/tw/system/installer/nonfree.scm index 14dffccb..97755076 100644 --- a/tw/system/installer/nonfree.scm +++ b/tw/system/installer/nonfree.scm @@ -7,6 +7,7 @@ #:use-module (gnu services base) #:use-module (gnu services ssh) #:use-module (gnu system) + #:use-module (guix channels) #:use-module (guix gexp) #:use-module ((nongnu packages linux) #:prefix nongnu:) ; don't interfere with (gnu packages linux) @@ -14,7 +15,6 @@ #:select (installation-os-nonfree)) #:use-module ((nongnu system linux-initrd) #:prefix nongnu:) - #:use-module ((srfi srfi-26) #:select (cut)) #:use-module (tw channels) #:use-module (tw packages firmware)) @@ -38,29 +38,25 @@ (operating-system-packages installation-os-nonfree))) (services - (cons* - ;; Add this channel, so we can install nonfree packages directly. - (extra-special-file "/etc/guix/channels.scm" - (scheme-file "channels.scm" %system-channels)) + (modify-services (append %system-channel-services ((@@ (gnu system install) %installation-services))) + ;; Set up an SSH server to facilitate remote installs. + (openssh-service-type + config => + (openssh-configuration + (inherit config) + (port-number 22) + (%auto-start? #t) + (permit-root-login #t) + ;; The root account is passwordless, so make sure + ;; a password is set before allowing logins. + (allow-empty-passwords? #f) + (password-authentication? #f) + (authorized-keys + `(("root" ,(local-file "../files/timo.pub")))))) - ;; Use nonguix' substitute server. - (simple-service 'nonguix guix-service-type - (guix-extension - (authorized-keys (list %nonguix-signing-key)) - (substitute-urls '("https://substitutes.nonguix.org")))) - - (modify-services ((@@ (gnu system install) %installation-services)) - ;; Set up an SSH server to facilitate remote installs. - (openssh-service-type - config => - (openssh-configuration - (inherit config) - (port-number 22) - (%auto-start? #t) - (permit-root-login #t) - ;; The root account is passwordless, so make sure - ;; a password is set before allowing logins. - (allow-empty-passwords? #f) - (password-authentication? #f) - (authorized-keys - `(("root" ,(local-file "../files/timo.pub")))))))))) + ;; Add this channel, so we can install nonfree packages directly. + (guix-service-type + config => + (guix-configuration + (inherit config) + (channels %system-channels)))))) diff --git a/tw/system/lap.scm b/tw/system/lap.scm index 89a0014c..a8f3fad9 100644 --- a/tw/system/lap.scm +++ b/tw/system/lap.scm @@ -207,7 +207,7 @@ (unattended-upgrade-configuration (schedule "0 21 * * *") ; every night at 21:00, when the laptop is turned on (maximum-duration (* 40 60)) ; 40 minutes to allow for slow downloads - (channels %system-channels) + (channels #~(@ (tw channels) %system-channels)) (operating-system-expression #~(@ (tw system lap) %lap-system)) (services-to-restart diff --git a/tw/system/vin.scm b/tw/system/vin.scm index 6a72026d..02a4bbcb 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -263,7 +263,7 @@ (services-to-restart '(mcron wireguard-wg0 syncthing-timo postgresql hledger-dashboard prometheus-node-exporter restic-server)) - (channels %system-channels) + (channels #~(@ (tw channels) %system-channels)) (operating-system-expression #~(@ (tw system vin) %vin-system)))) -- cgit v1.2.3