diff --git a/CACerts/ryanca_intermediate.crt b/CACerts/ryancaintermediate.crt similarity index 100% rename from CACerts/ryanca_intermediate.crt rename to CACerts/ryancaintermediate.crt diff --git a/channels.scm b/channels.scm index 5c5027b..4321cc3 100644 --- a/channels.scm +++ b/channels.scm @@ -19,4 +19,9 @@ (make-channel-introduction "897c1a470da759236cc11798f4e0a5f7d4d59fbc" (openpgp-fingerprint - "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))) + "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) + ;(channel + ; (name 'ryan-home-services) + ; (url "https://git.ryanserver.home.arpa") + ; (branch "main")) + ) diff --git a/home-config/bashrc b/home-config/bashrc index c8e6503..6d22d87 100644 --- a/home-config/bashrc +++ b/home-config/bashrc @@ -38,6 +38,7 @@ alias grep='grep --color=auto' alias quit='exit' export EDITOR=nvim alias cat='bat --paging=never' +export XDG_DATA_DIRS=$XDG_DATA_DIRS:/var/lib/flatpak/exports/share:/home/ryan/.local/share/flatpak/exports/share # GPG SETUP FOR SSH export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) diff --git a/home-config/home-configuration.scm b/home-config/home-configuration.scm index 746b043..9a5953d 100644 --- a/home-config/home-configuration.scm +++ b/home-config/home-configuration.scm @@ -68,8 +68,7 @@ "gimp" "python" "python:tk" - ;"tk" - ;"tcl" + "file" "python-lsp-server" "sqlite" "git")) diff --git a/home-config/nvim/config/init.vim b/home-config/nvim/config/init.vim index 0934e02..447da4a 100644 --- a/home-config/nvim/config/init.vim +++ b/home-config/nvim/config/init.vim @@ -53,7 +53,7 @@ require('orgmode').setup({ vim.opt.conceallevel = 2 vim.opt.concealcursor = nc -local lspconfig = require('lspconfig') +--local lspconfig = require('lspconfig') END "asynccomplete Auto Complete Config diff --git a/sys b/sys new file mode 100644 index 0000000..c9747b0 --- /dev/null +++ b/sys @@ -0,0 +1,212 @@ +;; This is an operating system configuration generated +;; by the graphical installer. +;; +;; Once installation is complete, you can learn and modify +;; this file to tweak the system configuration, and pass it +;; to the 'guix system reconfigure' command to effect your +;; changes. + + +;; Indicate which modules to import to access the variables +;; used in this configuration. +(use-modules (gnu) (nongnu packages linux)) +(use-modules (gnu system setuid)) +(use-modules (gnu packages admin)) +(use-modules (guix packages)) +(use-modules (gnu services authentication)) +(use-modules (gnu packages shells)) +(use-modules (guix build-system trivial)) +(use-modules (guix licenses)) +(use-modules (srfi srfi-1)) +(use-package-modules security-token) +(use-service-modules cups desktop networking ssh xorg sound security-token docker) + +; Define package that installs my root ca public keys +(define my-ca-certs + (package + (name "my-ca-certs") + (version "1") + (source (local-file "./CACerts" + #:recursive? #t)) + (build-system trivial-build-system) + (license mpl2.0) + (home-page "https://rschanz.org") + (arguments + `(#:modules + ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (srfi srfi-1) + (srfi srfi-26) + (ice-9 ftw)) + (let* ((ca-certificates (assoc-ref %build-inputs "source")) + (crt-suffix ".crt") + (is-certificate? (cut string-suffix? crt-suffix <>)) + (certificates (filter is-certificate? + (scandir ca-certificates))) + (out (assoc-ref %outputs "out" + "/etc/ssl/certs")) + (openssl (assoc-ref %build-inputs + "openssl"))) + (mkdir-p certificate-directory) + (for-each + (lambda (certificate) + (invoke + openssl "x509" + "-in" (string-append ca-certificates "/" certificate) + "-outform" "PEM" + "-out" (string-append + certificate-directory "/" + (basename certificate crt-suffix) ".pem"))) + certificates) + #t)))) + (native-inputs + (list openssl)) + (synopsis "My CA Certs") + (description synopsis))) + +; Re-define the base packages to remove sudo +(define %my-base-packages + (remove (lambda (package) + (member (package-name package) + (list "sudo" "nano"))) + %base-packages )) + +(define %backlight-udev-rule + (udev-rule + "90-backlight.rules" + (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", " + "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\"" + "\n" + "ACTION==\"add\", SUBSYSTEM==\"backlight\", " + "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\""))) + +(operating-system + (kernel linux) + (firmware (list linux-firmware)) + (locale "en_US.utf8") + (timezone "America/New_York") + (keyboard-layout (keyboard-layout "us")) + (host-name "RyanThinkpad") + + ;; The list of user accounts ('root' is implicit). + (users (cons* (user-account + (name "ryan") + (comment "Ryan") + (group "users") + ;(shell (file-append zsh "/bin/zsh")) + (home-directory "/home/ryan") + (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker"))) + %base-user-accounts)) + + ;; Packages installed system-wide. Users can also install packages + ;; under their own account: use 'guix search KEYWORD' to search + ;; for packages and 'guix install PACKAGE' to install a package. + (packages (append (map specification->package (list "sway" + "swaybg" + "swayidle" + "swaylock-effects" + "fuzzel" + "alacritty" + "pinentry-qt" + "adwaita-icon-theme" + "hicolor-icon-theme" + "git" + "nss-certs" + "waybar" + "gnupg" + "light" + "mako" + "grim" + "slurp" + "wl-clipboard" + "bluez" + "blueman" + "opendoas" + "xdg-desktop-portal-wlr" + "xdg-desktop-portal" + "pipewire" + "fprintd" + "docker" + "wireplumber" + "zsh")) + (list my-ca-certs) + %my-base-packages )) + + ;; Below is the list of system services. To search for available + ;; services, run 'guix system search KEYWORD' in a terminal. + (services + (append (list + + ;; To configure OpenSSH, pass an 'openssh-configuration' + ;; record as a second argument to 'service' below. + (service openssh-service-type) + (service pcscd-service-type) + (service fprintd-service-type) + (service docker-service-type) + (service bluetooth-service-type) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) + (set-xorg-configuration + (xorg-configuration (keyboard-layout keyboard-layout)))) + + ;; This is the default list of services we + ;; are appending to. + (modify-services %desktop-services + (guix-service-type config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (cons* (plain-file "non-guix.pub" + "(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) + ) + )" ) %default-authorized-guix-keys)))) + (udev-service-type config => + (udev-configuration + (inherit config) + (rules (cons %backlight-udev-rule + (udev-configuration-rules config))))) + (delete pulseaudio-service-type) + (delete gdm-service-type) ))) + (setuid-programs + (append (list (file-like->setuid-program + (file-append + (specification->package "swaylock-effects") + "/bin/swaylock")) + (file-like->setuid-program + (file-append + (specification->package "opendoas") + "/bin/doas"))) + (delete sudo %setuid-programs))) + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + (mapped-devices (list (mapped-device + (source (uuid + "adcaf322-7ee5-48ec-abf6-4a9b10643878")) + (target "sysroot") + (type luks-device-mapping)))) + + ;; The list of file systems that get "mounted". The unique + ;; file system identifiers there ("UUIDs") can be obtained + ;; by running 'blkid' in a terminal. + (file-systems (cons* (file-system + (mount-point "/") + (device "/dev/mapper/sysroot") + (type "ext4") + (dependencies mapped-devices)) + (file-system + (mount-point "/boot/efi") + (device (uuid "DFE8-32EF" + 'fat32)) + (type "vfat")) %base-file-systems)) + (swap-devices + (list + (swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) ))) diff --git a/system.scm b/system.scm index 649146b..7a9cfb4 100644 --- a/system.scm +++ b/system.scm @@ -15,10 +15,68 @@ (use-modules (guix packages)) (use-modules (gnu services authentication)) (use-modules (gnu packages shells)) +(use-modules (gnu packages perl)) +(use-modules (guix build-system trivial)) +(use-modules (guix licenses)) (use-modules (srfi srfi-1)) (use-package-modules security-token) (use-service-modules cups desktop networking ssh xorg sound security-token docker) +; Define package that installs my root ca public keys +(define my-ca-certs + (package + (name "my-ca-certs") + (version "1") + (source (local-file "./CACerts/" + #:recursive? #t)) + (home-page "https://rschanz.org") + (license agpl3+) + (build-system trivial-build-system) + (arguments + `(#:modules + ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (srfi srfi-1) + (srfi srfi-26) + (ice-9 ftw)) + (let* ((ca-certificates (assoc-ref %build-inputs "source")) + (crt-suffix ".crt") + (is-certificate? (cut string-suffix? crt-suffix <>)) + (certificates (filter is-certificate? + (scandir ca-certificates))) + (out (assoc-ref %outputs "out")) + (certificate-directory (string-append out + "/etc/ssl/certs")) + (openssl (string-append (assoc-ref %build-inputs + "openssl") + "/bin/openssl"))) + (mkdir-p certificate-directory) + ;; When this package is installed into a profile, any files in the + ;; package output's etc/ssl/certs directory ending in ".pem" will + ;; also be put into a ca-certificates.crt bundle. In the case of a + ;; system profile, this bundle will be made available to the system + ;; at activation time. See the profile hooks defined in (guix + ;; profiles) and the etc-service-type define in (gnu services) for + ;; details. + (for-each + ;; Ensure the certificate is in an appropriate format. + (lambda (certificate) + (invoke + openssl "x509" + "-in" (string-append ca-certificates "/" certificate) + "-outform" "PEM" + "-out" (string-append + certificate-directory "/" + (basename certificate crt-suffix) ".pem"))) + certificates) + #t)))) + (inputs + (list openssl)) + (synopsis "My certificate authority certificates") + (description synopsis))) + ; Re-define the base packages to remove sudo (define %my-base-packages (remove (lambda (package) @@ -84,6 +142,7 @@ "docker" "wireplumber" "zsh")) + (list my-ca-certs) %my-base-packages )) ;; Below is the list of system services. To search for available