;; This is an operating system configuration template ;; for a "desktop" setup with GNOME and Xfce where the ;; root partition is encrypted with LUKS. (use-modules (gnu) (gnu system nss) (srfi srfi-1) (guix packages)) (use-service-modules base desktop networking xorg dbus) (use-package-modules certs gnome cryptsetup linux admin guile firmware xdisorg libusb suckless) (define keymap (plain-file "keymap" "keymaps 0-255 keycode 42 = Shift keycode 54 = Shift keycode 29 = Control keycode 58 = Control keycode 56 = Alt keycode 100 = Alt alt shift keycode 1 = Meta_Escape alt shift keycode 2 = Meta_exclam alt shift keycode 3 = Meta_at alt shift keycode 4 = Meta_numbersign alt shift keycode 5 = Meta_dollar alt shift keycode 6 = Meta_percent alt shift keycode 7 = Meta_asciicircum shift control keycode 7 = Control_asciicircum control alt keycode 7 = Meta_Control_asciicircum shift control alt keycode 7 = Meta_Control_asciicircum alt shift keycode 8 = Meta_ampersand alt shift keycode 9 = Meta_asterisk alt shift keycode 10 = Meta_parenleft alt shift keycode 11 = Meta_parenright alt shift keycode 12 = Meta_underscore shift control keycode 12 = Control_underscore control alt keycode 12 = Meta_Control_underscore shift control alt keycode 12 = Meta_Control_underscore alt shift keycode 13 = Meta_plus alt shift keycode 14 = Meta_Delete alt shift keycode 15 = Meta_Tab alt shift keycode 16 = Meta_Q alt shift keycode 17 = Meta_W alt shift keycode 18 = Meta_E alt shift keycode 19 = Meta_R alt shift keycode 20 = Meta_T alt shift keycode 21 = Meta_Y alt shift keycode 22 = Meta_U alt shift keycode 23 = Meta_I alt shift keycode 24 = Meta_O alt shift keycode 25 = Meta_P alt shift keycode 26 = Meta_braceleft control alt keycode 26 = Meta_Escape alt shift keycode 27 = Meta_braceright control alt keycode 27 = Meta_Control_bracketright alt shift keycode 28 = Meta_Control_m alt shift keycode 29 = Meta_Control alt shift keycode 30 = Meta_A alt shift keycode 31 = Meta_S alt shift keycode 32 = Meta_D alt shift keycode 33 = Meta_F alt shift keycode 34 = Meta_G alt shift keycode 35 = Meta_H alt shift keycode 36 = Meta_J alt shift keycode 37 = Meta_K alt shift keycode 38 = Meta_L alt shift keycode 39 = Meta_colon alt shift keycode 40 = Meta_quotedbl alt shift keycode 41 = Meta_asciitilde alt shift keycode 43 = Meta_bar control alt keycode 43 = Meta_Control_backslash alt shift keycode 44 = Meta_Z alt shift keycode 45 = Meta_X alt shift keycode 46 = Meta_C alt shift keycode 47 = Meta_V alt shift keycode 48 = Meta_B alt shift keycode 49 = Meta_N alt shift keycode 50 = Meta_M alt shift keycode 51 = Meta_less alt shift keycode 52 = Meta_greater alt shift keycode 53 = Meta_question alt shift keycode 57 = Meta_space ")) (operating-system (host-name "jojen") (timezone "right/US/Eastern") (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda"))) (kernel linux-libre) ;;(firmware (list ath9k-htc-firmware)) (firmware '()) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. (mapped-devices (list (mapped-device (source (uuid "a56c53e7-b345-4e24-a17b-6cf158dbc7d3")) (target "jojen-root") (type luks-device-mapping)))) (file-systems (cons* (file-system ;; FIXME: reference by the file system label? (device "/dev/mapper/jojen-root") (mount-point "/") (type "btrfs") (dependencies mapped-devices)) %base-file-systems)) (users (cons* (user-account (name "mhw") (uid 1000) (group "mhw") (supplementary-groups '("wheel" "users" "netdev" "audio" "video" "dialout")) (home-directory "/home/mhw")) %base-user-accounts)) (groups (cons* (user-group (name "mhw") (id 1000)) %base-groups)) (setuid-programs (list (file-append shadow "/bin/passwd") (file-append inetutils "/bin/ping"))) ;; This is where we specify system-wide packages. (packages (cons* nss-certs ;for HTTPS access gvfs ;for user mounts cryptsetup btrfs-progs wpa-supplicant network-manager network-manager-applet (delete sudo %base-packages))) (services (cons* (console-keymap-service keymap) ;;(xfce-desktop-service) (gnome-desktop-service) (service network-manager-service-type (network-manager-configuration)) (service wpa-supplicant-service-type) ;; Desktop services follow (slim-service) (screen-locker-service slock) ;;(screen-locker-service xlockmore "xlock") (simple-service 'mtp udev-service-type (list libmtp)) ;;(avahi-service) ; I don't trust this ;;(wicd-service) ; using NetworkManager instead (udisks-service) (upower-service) (colord-service) ;;(geoclue-service) ; I don't want this (polkit-service) (elogind-service) (dbus-service) ;;(ntp-service) ; I don't trust this ;; Optional OpenNTPd, below #; (service openntpd-service-type (openntpd-configuration (listen-on '("127.0.0.1" "::1")) ;;(constraint-from '("www.gnu.org")) (allow-large-adjustment? #t))) (modify-services (remove (lambda (svc) (eq? (service-kind svc) wicd-service-type)) %base-services) ;; This is for debugging #; (nscd-service-type config => (nscd-configuration (inherit config) (debug-level 3) (log-file "/var/log/nscd.log"))) ;; I don't trust the build farm (guix-service-type config => (guix-configuration (inherit config) (use-substitutes? #f) (authorized-keys '()) (substitute-urls '()) (extra-options '("--gc-keep-derivations=yes" "--gc-keep-outputs=yes"))))))) ;; Allow resolution of '.local' host names with mDNS. ;;(name-service-switch %mdns-host-lookup-nss) ; disabled for now )