tw/system/installer/nonfree.scm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

(define-module (tw system installer nonfree)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages version-control)
  #:use-module (gnu services)
  #:use-module (gnu services base)
  #:use-module (gnu services ssh)
  #:use-module (gnu system)
  #:use-module (guix gexp)
  #:use-module ((nongnu system install)
                #:select (installation-os-nonfree))
  #:use-module ((srfi srfi-26) #:select (cut))
  #:use-module (tw channels))

(operating-system
  (inherit installation-os-nonfree)
  (host-name "guixinstall")
  (timezone "Europe/Paris")
  (locale "en_GB.utf8")
  (packages
   (cons* efibootmgr htop git
          (operating-system-packages installation-os-nonfree)))

  (services
   (cons*
    ;; Add the nonguix channel, so we can install nonfree packages directly.
    (extra-special-file "/etc/guix/channels.scm"
      (scheme-file "channels.scm"
        #~(cons*
           (channel
            (name 'nonguix)
            (url "https://gitlab.com/nonguix/nonguix")
            (introduction
             (channel-introduction
              (version 0)
              (commit "897c1a470da759236cc11798f4e0a5f7d4d59fbc")
              (signer "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
           %system-channels)))

    ;; Use nonguix' substitute server.
    (simple-service 'nonguix guix-service-type
      (guix-extension
       (authorized-keys (list %nonguix-signing-key))
       (substitute-urls '("https://substitutes.nonguix.org"))))

    ;; Add an SSH server to facilitate remote installs.
    (service openssh-service-type
      (openssh-configuration
       (port-number 22)
       (%auto-start? #t)
       (permit-root-login #t)
       ;; The root account is passwordless, so make sure
       ;; a password is set before allowing logins.
       (allow-empty-passwords? #f)
       (password-authentication? #f)
       (authorized-keys
        `(("root" ,(local-file "../files/timo.pub"))))))

    ;; Make sure to remove the SSH service from the base services,
    ;; so we can override it fully.
    (filter
     (compose not (cut eq? openssh-service-type <>) service-kind)
     ((@@ (gnu system install) %installation-services))))))