diff --git a/sys b/sys deleted file mode 100644 index c9747b0..0000000 --- a/sys +++ /dev/null @@ -1,212 +0,0 @@ -;; This is an operating system configuration generated -;; by the graphical installer. -;; -;; Once installation is complete, you can learn and modify -;; this file to tweak the system configuration, and pass it -;; to the 'guix system reconfigure' command to effect your -;; changes. - - -;; Indicate which modules to import to access the variables -;; used in this configuration. -(use-modules (gnu) (nongnu packages linux)) -(use-modules (gnu system setuid)) -(use-modules (gnu packages admin)) -(use-modules (guix packages)) -(use-modules (gnu services authentication)) -(use-modules (gnu packages shells)) -(use-modules (guix build-system trivial)) -(use-modules (guix licenses)) -(use-modules (srfi srfi-1)) -(use-package-modules security-token) -(use-service-modules cups desktop networking ssh xorg sound security-token docker) - -; Define package that installs my root ca public keys -(define my-ca-certs - (package - (name "my-ca-certs") - (version "1") - (source (local-file "./CACerts" - #:recursive? #t)) - (build-system trivial-build-system) - (license mpl2.0) - (home-page "https://rschanz.org") - (arguments - `(#:modules - ((guix build utils)) - #:builder - (begin - (use-modules (guix build utils) - (srfi srfi-1) - (srfi srfi-26) - (ice-9 ftw)) - (let* ((ca-certificates (assoc-ref %build-inputs "source")) - (crt-suffix ".crt") - (is-certificate? (cut string-suffix? crt-suffix <>)) - (certificates (filter is-certificate? - (scandir ca-certificates))) - (out (assoc-ref %outputs "out" - "/etc/ssl/certs")) - (openssl (assoc-ref %build-inputs - "openssl"))) - (mkdir-p certificate-directory) - (for-each - (lambda (certificate) - (invoke - openssl "x509" - "-in" (string-append ca-certificates "/" certificate) - "-outform" "PEM" - "-out" (string-append - certificate-directory "/" - (basename certificate crt-suffix) ".pem"))) - certificates) - #t)))) - (native-inputs - (list openssl)) - (synopsis "My CA Certs") - (description synopsis))) - -; Re-define the base packages to remove sudo -(define %my-base-packages - (remove (lambda (package) - (member (package-name package) - (list "sudo" "nano"))) - %base-packages )) - -(define %backlight-udev-rule - (udev-rule - "90-backlight.rules" - (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", " - "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\"" - "\n" - "ACTION==\"add\", SUBSYSTEM==\"backlight\", " - "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\""))) - -(operating-system - (kernel linux) - (firmware (list linux-firmware)) - (locale "en_US.utf8") - (timezone "America/New_York") - (keyboard-layout (keyboard-layout "us")) - (host-name "RyanThinkpad") - - ;; The list of user accounts ('root' is implicit). - (users (cons* (user-account - (name "ryan") - (comment "Ryan") - (group "users") - ;(shell (file-append zsh "/bin/zsh")) - (home-directory "/home/ryan") - (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker"))) - %base-user-accounts)) - - ;; Packages installed system-wide. Users can also install packages - ;; under their own account: use 'guix search KEYWORD' to search - ;; for packages and 'guix install PACKAGE' to install a package. - (packages (append (map specification->package (list "sway" - "swaybg" - "swayidle" - "swaylock-effects" - "fuzzel" - "alacritty" - "pinentry-qt" - "adwaita-icon-theme" - "hicolor-icon-theme" - "git" - "nss-certs" - "waybar" - "gnupg" - "light" - "mako" - "grim" - "slurp" - "wl-clipboard" - "bluez" - "blueman" - "opendoas" - "xdg-desktop-portal-wlr" - "xdg-desktop-portal" - "pipewire" - "fprintd" - "docker" - "wireplumber" - "zsh")) - (list my-ca-certs) - %my-base-packages )) - - ;; Below is the list of system services. To search for available - ;; services, run 'guix system search KEYWORD' in a terminal. - (services - (append (list - - ;; To configure OpenSSH, pass an 'openssh-configuration' - ;; record as a second argument to 'service' below. - (service openssh-service-type) - (service pcscd-service-type) - (service fprintd-service-type) - (service docker-service-type) - (service bluetooth-service-type) - (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) - (set-xorg-configuration - (xorg-configuration (keyboard-layout keyboard-layout)))) - - ;; This is the default list of services we - ;; are appending to. - (modify-services %desktop-services - (guix-service-type config => - (guix-configuration - (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org") - %default-substitute-urls)) - (authorized-keys - (cons* (plain-file "non-guix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) - ) - )" ) %default-authorized-guix-keys)))) - (udev-service-type config => - (udev-configuration - (inherit config) - (rules (cons %backlight-udev-rule - (udev-configuration-rules config))))) - (delete pulseaudio-service-type) - (delete gdm-service-type) ))) - (setuid-programs - (append (list (file-like->setuid-program - (file-append - (specification->package "swaylock-effects") - "/bin/swaylock")) - (file-like->setuid-program - (file-append - (specification->package "opendoas") - "/bin/doas"))) - (delete sudo %setuid-programs))) - (bootloader (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets (list "/boot/efi")) - (keyboard-layout keyboard-layout))) - (mapped-devices (list (mapped-device - (source (uuid - "adcaf322-7ee5-48ec-abf6-4a9b10643878")) - (target "sysroot") - (type luks-device-mapping)))) - - ;; The list of file systems that get "mounted". The unique - ;; file system identifiers there ("UUIDs") can be obtained - ;; by running 'blkid' in a terminal. - (file-systems (cons* (file-system - (mount-point "/") - (device "/dev/mapper/sysroot") - (type "ext4") - (dependencies mapped-devices)) - (file-system - (mount-point "/boot/efi") - (device (uuid "DFE8-32EF" - 'fat32)) - (type "vfat")) %base-file-systems)) - (swap-devices - (list - (swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) ))) diff --git a/system.scm b/system.scm index 7a9cfb4..c4114be 100644 --- a/system.scm +++ b/system.scm @@ -15,9 +15,9 @@ (use-modules (guix packages)) (use-modules (gnu services authentication)) (use-modules (gnu packages shells)) -(use-modules (gnu packages perl)) (use-modules (guix build-system trivial)) (use-modules (guix licenses)) +(use-modules (gnu packages tls)) (use-modules (srfi srfi-1)) (use-package-modules security-token) (use-service-modules cups desktop networking ssh xorg sound security-token docker) @@ -25,57 +25,44 @@ ; Define package that installs my root ca public keys (define my-ca-certs (package - (name "my-ca-certs") - (version "1") - (source (local-file "./CACerts/" - #:recursive? #t)) - (home-page "https://rschanz.org") - (license agpl3+) - (build-system trivial-build-system) - (arguments - `(#:modules - ((guix build utils)) - #:builder - (begin - (use-modules (guix build utils) - (srfi srfi-1) - (srfi srfi-26) - (ice-9 ftw)) - (let* ((ca-certificates (assoc-ref %build-inputs "source")) - (crt-suffix ".crt") - (is-certificate? (cut string-suffix? crt-suffix <>)) - (certificates (filter is-certificate? - (scandir ca-certificates))) - (out (assoc-ref %outputs "out")) - (certificate-directory (string-append out - "/etc/ssl/certs")) - (openssl (string-append (assoc-ref %build-inputs - "openssl") - "/bin/openssl"))) - (mkdir-p certificate-directory) - ;; When this package is installed into a profile, any files in the - ;; package output's etc/ssl/certs directory ending in ".pem" will - ;; also be put into a ca-certificates.crt bundle. In the case of a - ;; system profile, this bundle will be made available to the system - ;; at activation time. See the profile hooks defined in (guix - ;; profiles) and the etc-service-type define in (gnu services) for - ;; details. - (for-each - ;; Ensure the certificate is in an appropriate format. - (lambda (certificate) - (invoke - openssl "x509" - "-in" (string-append ca-certificates "/" certificate) - "-outform" "PEM" - "-out" (string-append - certificate-directory "/" - (basename certificate crt-suffix) ".pem"))) - certificates) - #t)))) - (inputs - (list openssl)) - (synopsis "My certificate authority certificates") - (description synopsis))) + (name "my-ca-certs") + (version "1") + (source (local-file "./CACerts" + #:recursive? #t)) + (build-system trivial-build-system) + (license mpl2.0) + (home-page "https://rschanz.org") + (arguments + `(#:modules + ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (srfi srfi-1) + (srfi srfi-26) + (ice-9 ftw)) + (let* ((ca-certificates (assoc-ref %build-inputs "source")) + (crt-suffix ".crt") + (is-certificate? (cut string-suffix? crt-suffix <>)) + (certificates (filter is-certificate? + (scandir ca-certificates))) + (out (assoc-ref %outputs "out")) + (certificate-directory (string-append out "/etc/ssl/certs")) + (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl"))) + (mkdir-p certificate-directory) + (for-each + (lambda (cert) + (invoke + openssl "x509" + "-in" (string-append ca-certificates "/" cert) + "-outform" "PEM" + "-out" (string-append certificate-directory "/" cert ".pem"))) + certificates) + #t)))) + (native-inputs + (list openssl)) + (synopsis "My CA Certs") + (description synopsis))) ; Re-define the base packages to remove sudo (define %my-base-packages