diff options
39 files changed, 1436 insertions, 2990 deletions
diff --git a/.guix-channel b/.guix-channel index bae567a..4b90e54 100644 --- a/.guix-channel +++ b/.guix-channel @@ -1,19 +1,27 @@ (channel - (version 0) - (dependencies - (channel - (introduction - (channel-introduction - (version 0) - (commit "897c1a470da759236cc11798f4e0a5f7d4d59fbc") - (signer "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))) - (name nonguix) - (url "https://gitlab.com/nonguix/nonguix")) - (channel - (introduction - (channel-introduction - (version 0) - (commit "7d17bded11ef1239592e6e5abd40ceee1e99cbb8") - (signer "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F"))) - (name distribution) - (url "https://git.marekpasnikowski.pl/git/distribution.git")))) + (version 0) + (dependencies + (channel + (introduction + (channel-introduction + (version 0) + (commit "897c1a470da759236cc11798f4e0a5f7d4d59fbc") + (signer "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))) + (name nonguix) + (url "https://gitlab.com/nonguix/nonguix")) + (channel + (introduction + (channel-introduction + (version 0) + (commit "44a44b4c3c645a878ab8920bf0d250541bf59af0") + (signer "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F"))) + (name sovereign) + (url "https://git.marekpasnikowski.pl/git/sovereign.git")) + (channel + (introduction + (channel-introduction + (version 0) + (commit "257cebd587b66e4d865b3537a9a88cccd7107c95") + (signer "28419AC650387440C7E92FFA2208D20958C1DEB0"))) + (name rde) + (url "https://git.sr.ht/~abcdw/rde")))) diff --git a/deployment/keys.scm b/deployment/keys.scm new file mode 100644 index 0000000..fc7d426 --- /dev/null +++ b/deployment/keys.scm @@ -0,0 +1,33 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment keys) + #:use-module (guix gexp)) + +(define-public aisaka-guix + (mixed-text-file "aisaka-signing-key.pub" + "(public-key\n" + " (ecc\n" + " (curve Ed25519)\n" + " (q #983CD313090D2699AD26AE5CB589A29F24A32E247A41EB4F4A22D196DFCD9D3C#)))")) + +(define-public akashi-guix + (mixed-text-file "akashi-signing-key.pub" + "(public-key\n" + " (ecc\n" + " (curve Ed25519)\n" + " (q #A3E347D0D79D616C4379C844C1D67DFC9BFD4F2011D4070EB3DB7EFA66D6F3D2#)))")) + +(define-public mcdowell-guix + (mixed-text-file "mcdowell-signing-key.pub" + "(public-key\n" + " (ecc\n" + " (curve Ed25519)\n" + " (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))")) + +(define-public rakan-guix + (mixed-text-file "rakan-signing-key.pub" + "(public-key\n" + " (ecc\n" + " (curve Ed25519)\n" + " (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))")) diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm new file mode 100644 index 0000000..6aa4168 --- /dev/null +++ b/deployment/systems/aisaka.scm @@ -0,0 +1,468 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems aisaka) + #:use-module (guix gexp) + #:use-module ((deployment keys) #:prefix deployment:keys:) + #:use-module ((gnu bootloader) #:prefix gnu:bootloader:) + #:use-module ((gnu bootloader grub) #:prefix gnu:bootloader:grub:) + #:use-module ((gnu packages tls) #:prefix gnu:packages:tls:) + #:use-module ((gnu services) #:prefix gnu:services:) + #:use-module ((gnu services base) #:prefix gnu:services:base:) + #:use-module ((gnu services dns) #:prefix gnu:services:dns:) + #:use-module ((gnu services version-control) #:prefix gnu:services:version-control:) + #:use-module ((gnu services web) #:prefix gnu:services:web:) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((gnu system shadow) #:prefix gnu:system:shadow:) + #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:) + #:use-module ((sovereign devices) #:prefix sovereign:devices:) + #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) + #:use-module ((sovereign packages jekyll) #:prefix sovereign:packages:jekyll:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((users id1000) #:prefix users:id1000:) + #:use-module ((users vmail) #:prefix users:vmail:)) + +(gnu:services:dns:define-zone-entries marekpasnikowski.pl.zone + ("@" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "NS" "ns.marekpasnikowski.pl.") + ("ns" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "NS" "ns1.marekpasnikowski.pl.") + ("ns1" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "MX" "10 mx1.forwardemail.net.") + ("@" "3600" "IN" "MX" "10 mx2.forwardemail.net.") + ("@" "3600" "IN" "TXT" "\"forward-email-port=49152\"") + ("@" "3600" "IN" "TXT" "\"forward-email=marekpasnikowski.pl\"") + ("@" "3600" "IN" "TXT" "\"v=spf1 ip4:81.190.248.246 -all\"") + ("_caldavs._tcp" "3600" "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl") + ("_carddavs._tcp" "3600" "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl") + ("_dmarc" "3600" "IN" "TXT" "\"v=DMARC1; p=reject; sp=reject; pct=100; aspf=s; adkim=s; fo=1; rua=mailto:abuse@marekpasnikowski.pl; ruf=mailto:abuse@marekpasnikowski.pl\"") + ("dkim._domainkey" "3600" "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"") + ("git" "3600" "IN" "A" "81.190.248.246") + ("radicale" "3600" "IN" "A" "81.190.248.246") + ("schron" "3600" "IN" "A" "81.190.248.246") + ("sejf" "3600" "IN" "A" "81.190.248.246") + ("test" "3600" "IN" "A" "81.190.248.246") + ("www" "3600" "IN" "A" "81.190.248.246")) + +(define master-zone + (gnu:services:dns:knot-zone-configuration + (domain "marekpasnikowski.pl") + (zone + (gnu:services:dns:zone-file + (entries marekpasnikowski.pl.zone) + (origin "marekpasnikowski.pl") + (ns "ns.marekpasnikowski.pl.") + (mail "marek.marekpasnikowski.pl.") + (serial 2025072600))))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define radicale-keys "/secrets/radicale/keys") +(define dovecot-keys "/secrets/dovecot") + +(define (nginx-accounts) + (use-modules (gnu packages) + (guix gexp)) + (list ((@ (gnu system accounts) user-group) + (name "nginx") + (system? #t)) + ((@ (gnu system accounts) user-account) + (name "nginx") + (group "nginx") + (supplementary-groups '("git")) + (system? #t) + (comment "nginx server user") + (home-directory "/var/empty") + (shell (file-append (specification->package "shadow") + "/sbin/nologin"))))) + +(define (nginx-service-type*) + (use-modules (gnu services) + (gnu services web) + (gnu system shadow)) + ((@ (gnu services) service-type) + (inherit nginx-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + account-service-type) + ((@ (gnu services) service-extension) + account-service-type + (const (nginx-accounts))) + extension)) + ((@ (gnu services) service-type-extensions) + nginx-service-type))))) + +(define nginx-service-type* + (nginx-service-type*)) + +(define system-name + "aisaka") + +;;;??????????????????????????????????????????????????????????????????? + +(define (certbot) + (use-modules (gnu services certbot)) + ((@ (gnu services) service) + ((@ (gnu services) service-type) + (inherit certbot-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + nginx-service-type) + ((@ (gnu services) service-extension) + nginx-service-type* + (@@ (gnu services certbot) + certbot-nginx-server-configurations)) + extension)) + ((@ (gnu services) service-type-extensions) + certbot-service-type)))) + ((@ (gnu services certbot) certbot-configuration) + (certificates + (list + ((@ (gnu services certbot) certificate-configuration) + (deploy-hook + (program-file + "nginx-deploy-hook" + ((@ (guix gexp) gexp) + (let + ((pid (call-with-input-file "/var/run/nginx/pid" read))) + (kill pid SIGHUP))))) + (domains + (list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" + "schron.marekpasnikowski.pl" + "sejf.marekpasnikowski.pl" + "test.marekpasnikowski.pl" + "www.marekpasnikowski.pl"))))) + (email "marek@marekpasnikowski.pl") + (webroot "/srv/www/marek/marekpasnikowski.pl")))) + +(define (cgit-izumi) + (use-modules (gnu packages version-control) + (gnu services cgit) + (gnu services version-control)) + ((@ (gnu services) service) + ((@ (gnu services) service-type) + (inherit cgit-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + nginx-service-type) + ((@ (gnu services) service-extension) + nginx-service-type* + cgit-configuration-nginx-config) + extension)) + ((@ (gnu services) service-type-extensions) + cgit-service-type)))) + ((@ (gnu services cgit) cgit-configuration) + (nginx + (list + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + (git-http-nginx-location-configuration + ((@ (gnu services version-control) git-http-configuration) + (git-root "/var/lib/gitolite/repositories") + (uri-path "/git"))) + ((@ (gnu services web) nginx-location-configuration) + (body + (list + "fastcgi_param HTTP_HOST $server_name ;" + "fastcgi_param PATH_INFO $uri ;" + "fastcgi_param QUERY_STRING $args ;" + "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" + "fastcgi_pass 127.0.0.1:9000 ;")) + (uri "@cgit")) + ((@ (gnu services web) nginx-location-configuration) + (body (list "root /srv/www/marek/marekpasnikowski.pl/ ;")) + (uri "/.well-known")))) + (listen (list "192.168.10.2:443 ssl")) + (root cgit) + (server-name (list "git.marekpasnikowski.pl")) + (ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (try-files (list "$uri" "@cgit"))))) + (repositories + (list + ((@ (gnu services cgit) repository-cgit-configuration) + (hide? #t) + (path "/srv/git/marek/packages")))) + (project-list (list "deployment.git" + "nonguix.git" + "sovereign.git")) + (repository-directory "/var/lib/gitolite/repositories")))) + +(define (etc-mailname) + (gnu:services:simple-service 'etc-files + etc-service-type + (list `("mailname" ,(plain-file "mailname" + "marekpasnikowski.pl\n"))))) + +(define (fcgiwrap) + ((@ (gnu services) service) + fcgiwrap-service-type + ((@ (gnu services web) fcgiwrap-configuration) + (user "git") + (group "git")))) + +(define file-system-efi + (gnu:system:file-systems:file-system + (device (gnu:system:file-systems:file-system-label "AISAKA")) + (mount-point "/boot") + (type "vfat") + (flags (list)) + (options #f) + (mount? #t) + (mount-may-fail? #t) + (needed-for-boot? #f) + (check? #t) + (skip-check-if-clean? #f) + (repair 'preen) + (create-mount-point? #f) + (dependencies (list)) + (shepherd-requirements (list)) + (location (current-source-location)))) + +(define file-system-root + (gnu:system:file-systems:file-system + (device (gnu:system:file-systems:file-system-label "aisaka-root")) + (mount-point "/") + (type "ext4") + (flags (list)) + (options #f) + (mount? #t) + (mount-may-fail? #f) + (needed-for-boot? #t) + (check? #t) + (skip-check-if-clean? #f) + (repair 'preen) + (create-mount-point? #f) + (dependencies (list)) + (shepherd-requirements (list)) + (location (current-source-location)))) + +(define (gitolite) + ((@ (gnu services) service) + gnu:services:version-control:gitolite-service-type + ((@ (gnu services version-control) gitolite-configuration) + (rc-file ((@ (gnu services version-control) gitolite-rc-file) + (umask #o0027))) + (admin-pubkey #f)))) + +(define system-keyboard-layout + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define (nginx-izumi) + ((@ (gnu services) service) + nginx-service-type* + ((@ (gnu services web) nginx-configuration) + (shepherd-requirement (list 'networking)) + (server-blocks + (list + ;; Portal + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + ((@ (gnu services web) nginx-location-configuration) + (uri "/.well-known" ) + (body + (list "root /srv/www/marek/marekpasnikowski.pl ;"))))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/www") + (server-name (list "marekpasnikowski.pl")) + (ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")) + ;; WWW + (gnu:services:web:nginx-server-configuration + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/www") + (server-name (list "www.marekpasnikowski.pl"))) + ;; Test + (gnu:services:web:nginx-server-configuration + (locations (list (gnu:services:web:nginx-location-configuration + (body (list "proxy_set_header Host $host;" + "proxy_set_header X-Real-IP $remote_addr;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + "proxy_set_header X-Forwarded-Proto $scheme;" + "if ($ssl_client_verify != SUCCESS) {return 403;}")) + (uri "/")))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/schron") + (server-name (list "test.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;" + "ssl_verify_client on;"))) + ;; Schron + (gnu:services:web:nginx-server-configuration + (locations (list (gnu:services:web:nginx-location-configuration + (body (list "proxy_set_header Host $host;" + "proxy_set_header X-Real-IP $remote_addr;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + "proxy_set_header X-Forwarded-Proto $scheme;" + "if ($ssl_client_verify != SUCCESS) {return 403;}")) + (uri "/")))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/schron") + (server-name (list "schron.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;" + "ssl_verify_client on;"))) + ;; Sejf + (gnu:services:web:nginx-server-configuration + (locations (list (gnu:services:web:nginx-location-configuration + (body (list "proxy_set_header Host $host;" + "proxy_set_header X-Real-IP $remote_addr;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + "proxy_set_header X-Forwarded-Proto $scheme;" + "if ($ssl_client_verify != SUCCESS) {return 403;}")) + (uri "/")))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/sejf") + (server-name (list "sejf.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;" + "ssl_verify_client on;"))) + ;; Radicale + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + ((@ (gnu services web) nginx-location-configuration) + (body + (list + "proxy_pass http://localhost:5232/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;")) + (uri "/")) + ((@ (gnu services web) nginx-location-configuration) + (body + (list "root /srv/www/marek/marekpasnikowski.pl ;")) + (uri "/.well-known")))) + (listen (list "192.168.10.2:443 ssl")) + (server-name (list "radicale.marekpasnikowski.pl")))))))) + +(define rakan-machine + #~(build-machine + (name "rakan") + (systems (list "x86_64-linux" + "i686-linux")) + (user "marek") + (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@rakan") + (private-key "/home/marek/.ssh/id_ed25519"))) + +(define guix-offload-rakan + (gnu:services:base:guix-extension + (authorized-keys (list deployment:keys:akashi-guix + deployment:keys:rakan-guix)) + (build-machines (list rakan-machine)))) + +(define offload-rakan + (gnu:services:simple-service 'offload-rakan + gnu:services:base:guix-service-type + guix-offload-rakan)) + +(define (openssh) + (use-modules (gnu services ssh)) + ((@ (gnu services) service) + openssh-service-type)) + +(define (radicale) + (use-modules (gnu services mail)) + ((@ (gnu services) service) + radicale-service-type + ((@ (gnu services mail) radicale-configuration) + (auth ((@ (gnu services mail) radicale-auth-configuration) + (type 'htpasswd) + (htpasswd-filename radicale-keys) + (htpasswd-encryption 'plain))) + (storage ((@ (gnu services mail) radicale-storage-configuration) + (filesystem-folder "/data/radicale/collections")))))) + +(define swap-device-izumi-1-label + ((@ (gnu system file-systems) file-system-label) + "izumi-swap-f")) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define system-bootloader + (gnu:bootloader:bootloader-configuration + (bootloader gnu:bootloader:grub:grub-efi-bootloader) + (targets (list "/boot")) + (keyboard-layout sovereign:devices:pl-keyboard-layout))) + +(define system-file-systems + (list file-system-root + file-system-efi)) + +(define system-groups + (list ((@ (gnu system accounts) user-group) + (name "vmail") + (system? #t)))) + +(define system-services + (list users:id1000:dkim-service + users:id1000:dovecot-service + users:id1000:smtp-service + (gnu:services:service gnu:services:dns:knot-service-type + (gnu:services:dns:knot-configuration + (listen-v4 "192.168.10.2") + (zones (list master-zone)))) + (certbot) + (cgit-izumi) + (etc-mailname) + (fcgiwrap) + (gitolite) + (sovereign:systems:guix-home-service (list users:id1000:name/home-environment)) + (nginx-izumi) + offload-rakan + (openssh) + (radicale))) + +(define system-users + (list users:id1000:uid1000-account + users:vmail:vmail-account)) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public system + (gnu:system:operating-system + (bootloader system-bootloader) + (label (sovereign:systems:operating-system-label* system-name + gnu:system:this-operating-system)) + (kernel nongnu:packages:linux:linux) + (keyboard-layout system-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name system-name) + (file-systems (append system-file-systems + gnu:system:file-systems:%base-file-systems)) + (users (append system-users + gnu:system:shadow:%base-user-accounts)) + (groups (append system-groups + gnu:system:shadow:%base-groups)) + (packages (append gnu:system:%base-packages + (list sovereign:packages:jekyll:custom-jekyll + gnu:packages:tls:openssl))) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services (append system-services + sovereign:systems:%sovereign-services)) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) + +(define-public operating-system* + system) diff --git a/deployment/systems/akashi.scm b/deployment/systems/akashi.scm new file mode 100644 index 0000000..896f2f6 --- /dev/null +++ b/deployment/systems/akashi.scm @@ -0,0 +1,89 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems akashi) + #:use-module (guix gexp) + #:use-module ((deployment keys) #:prefix deployment:keys:) + #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) + #:use-module ((gnu services) #:prefix gnu:services:) + #:use-module ((gnu services base) #:prefix gnu:services:base:) + #:use-module ((gnu services guix) #:prefix gnu:services:guix:) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((machines thinkpad-x200) #:prefix machines:thinkpad-x200:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module (users id1000)) + +(define root-partition + ((@ (gnu system file-systems) file-system) + (mount-point "/") + (device ((@ (gnu system file-systems) file-system-label) "akashi-root")) + (type "ext4"))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define host-name* + "akashi") + +(define (file-systems) + (cons* root-partition + gnu:system:file-systems:%base-file-systems)) + +(define keyboard-layout* + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define offload-hub + #~(build-machine + (name "marekpasnikowski.pl") + (systems (list "x86_64-linux" + "i686-linux")) + (user "marek") + (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt root@aisaka") + (port 23) + (private-key "/home/marek/.ssh/id_ed25519"))) + +(define guix-offload-targets + (gnu:services:base:guix-extension + (authorized-keys (list deployment:keys:aisaka-guix)) + (build-machines (list offload-hub)))) + +(define offload-extension + (gnu:services:simple-service 'offload-extension + gnu:services:base:guix-service-type + guix-offload-targets)) + +(define (services) + (let* + ( (home-environments `((,uid1000-name ,uid1000-home-environment))) + (guix-home (gnu:services:service + gnu:services:guix:guix-home-service-type + home-environments))) + (append sovereign:systems:%sovereign-services + (list guix-home + offload-extension)))) + +(define users + (list uid1000-account)) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public operating-system* + (gnu:system:operating-system + (kernel gnu:packages:linux:linux-libre) + (kernel-arguments (cons* "thinkpad_acpi.fan_control=1" + "thinkpad_acpi.fan='level 7'" + gnu:system:%default-kernel-arguments)) + (bootloader (machines:thinkpad-x200:bootloader-configuration* keyboard-layout*)) + (label (sovereign:systems:operating-system-label* host-name* + gnu:system:this-operating-system)) + (keyboard-layout keyboard-layout*) + (host-name host-name*) + (file-systems (file-systems)) + (swap-devices (machines:thinkpad-x200:swap-devices* host-name*)) + (users users) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services (services)) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) diff --git a/deployment/systems/asakura.scm b/deployment/systems/asakura.scm new file mode 100644 index 0000000..4571f83 --- /dev/null +++ b/deployment/systems/asakura.scm @@ -0,0 +1,136 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems asakura) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((gnu system uuid) #:prefix gnu:system:uuid:) + #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:) + #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) + #:use-module ((sovereign packages protonmail) #:prefix sovereign:packages:protonmail:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((users id1000) #:prefix users:id1000:)) + +(define efi-filesystem-uuid + (gnu:system:uuid:uuid + "B4FB-CBD9" + 'fat32)) + +(define host-name + "asakura") + +(define (label number) + (gnu:system:file-systems:file-system-label + (string-append host-name + "-swap" + number))) + +(define root-filesystem-uuid + (gnu:system:uuid:uuid + "615a98cd-a632-4ee5-a6f4-e5ebcaa6fb8c")) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define efi-partition + (gnu:system:file-systems:file-system + (mount-point "/boot") + (device efi-filesystem-uuid) + (type "vfat"))) + +(define keyboard-layout + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define (libvirt-service) + (use-modules (gnu services virtualization)) + ((@ (gnu services) service) + libvirt-service-type)) + +(define (virtlog-service) + (use-modules (gnu services virtualization)) + ((@ (gnu services) service) + virtlog-service-type)) + +(define (openssh-service) + (use-modules (gnu services ssh)) + ((@ (gnu services) service) + openssh-service-type)) + +(define root-partition + (gnu:system:file-systems:file-system + (mount-point "/") + (device root-filesystem-uuid) + (type "ext4"))) + +(define (swap-label number) + (let ((target-label (label number))) + (gnu:system:file-systems:swap-space + (target target-label)))) + +(define (system-packages-service) + (use-modules (gnu packages gnupg) + (gnu packages kde-pim) + (gnu services)) + (simple-service 'system-packages + profile-service-type + (list kgpg + pinentry-qt + pinentry-tty))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define (bootloader) + (use-modules (gnu bootloader grub)) + ((@ (gnu bootloader) bootloader-configuration) + (bootloader grub-efi-bootloader) + (targets (list "/boot")) + (keyboard-layout keyboard-layout))) + +(define (file-systems) + (append gnu:system:file-systems:%base-file-systems + (list root-partition + efi-partition))) + +(define services + (let* + ( (l-guix-homes (list users:id1000:name/home-environment)) + (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes))) + (append sovereign:systems:%sovereign-services + (list sovereign:packages:protonmail:nogui-profile + l-guix-home-service + (openssh-service) + (system-packages-service))))) + +(define swap-device-1 + (swap-label "-1")) + +(define swap-device-2 + (swap-label "-2")) + +(define (users) + (use-modules (gnu system accounts)) + (append (@ (gnu system shadow) %base-user-accounts) + (list users:id1000:uid1000-account))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public operating-system* + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (bootloader (bootloader)) + (label (sovereign:systems:operating-system-label* host-name + gnu:system:this-operating-system)) + (keyboard-layout keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name host-name) + (file-systems (file-systems)) + (swap-devices (list swap-device-1 + swap-device-2)) + (users (users)) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services services) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) diff --git a/deployment/systems/cokolwiek.scm b/deployment/systems/cokolwiek.scm new file mode 100644 index 0000000..75358d5 --- /dev/null +++ b/deployment/systems/cokolwiek.scm @@ -0,0 +1,109 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems cokolwiek) + #:use-module ( (gnu packages package-management) + #:prefix gnu:packages:package-management:) + #:use-module ( (gnu services) + #:prefix gnu:services:) + #:use-module ( (gnu services base) + #:prefix gnu:services:base:) + #:use-module ( (gnu services guix) + #:prefix gnu:services:guix:) + #:use-module ( (gnu services ssh) + #:prefix gnu:services:ssh:) + #:use-module ( (gnu system) + #:prefix gnu:system:) + #:use-module ( (gnu system file-systems) + #:prefix gnu:system:file-systems:) + #:use-module ( (gnu system linux-initrd) + #:prefix gnu:system:linux-initrd:) + #:use-module ( (gnu system shadow) + #:prefix gnu:system:shadow:) + #:use-module ( (nongnu packages linux) + #:prefix nongnu:packages:linux:) + #:use-module ( (nongnu system linux-initrd) + #:prefix nongnu:system:linux-initrd:) + #:use-module ( (sovereign channels) + #:prefix sovereign:channels:) + #:use-module ( (sovereign devices) + #:prefix sovereign:devices:) + #:use-module ( (sovereign devices amd64) + #:prefix sovereign:devices:amd64:) + #:use-module ( (sovereign packages protonmail) + #:prefix sovereign:packages:protonmail:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:) + #:use-module ( (users id1000) + #:prefix users:id1000:) + #:use-module ( (users id1001) + #:prefix users:id1001:)) + +(define system-name + "cokolwiek") + +(define file-system-efi + (let* + ( (l-system-name (string-upcase system-name)) + (l-device (sovereign:devices:file-system-label l-system-name))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/efi) + (device l-device)))) + +(define file-system-root + (let + ( (l-device (sovereign:devices:file-system-label system-name + "root"))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/root) + (device l-device)))) + +(define swap + (let + ( (l-target (sovereign:devices:file-system-label system-name + "swap"))) + (gnu:system:file-systems:swap-space + (inherit sovereign:devices:swap/no-trim) + (target l-target)))) + +(define system + (let* + ( (l-guix-homes (list users:id1000:name/home-environment + users:id1001:name/home-environment)) + (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes)) + (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name)) + (l-file-systems (cons* file-system-root + file-system-efi + gnu:system:file-systems:%base-file-systems)) + (l-firmware (list nongnu:packages:linux:linux-firmware)) + (l-initrd-modules (cons* "mei_me" + gnu:system:linux-initrd:%base-initrd-modules)) + (l-services (cons* l-guix-home-service + (gnu:services:service gnu:services:ssh:openssh-service-type) + sovereign:packages:protonmail:nogui-profile + sovereign:systems:%sovereign-services)) + (l-swap-devices (list swap)) + (l-users (cons* users:id1000:uid1000-account + users:id1001:user-account + gnu:system:shadow:%base-user-accounts))) + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (bootloader l-bootloader) + (label (sovereign:systems:operating-system-label* system-name + gnu:system:this-operating-system)) + (keyboard-layout sovereign:devices:pl-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (initrd-modules l-initrd-modules) + (firmware l-firmware) + (host-name system-name) + (file-systems l-file-systems) + (swap-devices l-swap-devices) + (users l-users) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services l-services) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification)))) + +(define-public operating-system* + system) diff --git a/systems/izumi/home-files/git-ignore.conf b/deployment/systems/git-ignore.conf index 98e588f..98e588f 100644 --- a/systems/izumi/home-files/git-ignore.conf +++ b/deployment/systems/git-ignore.conf diff --git a/systems/izumi/home-files/gitconfig b/deployment/systems/gitconfig index 300f906..300f906 100644 --- a/systems/izumi/home-files/gitconfig +++ b/deployment/systems/gitconfig diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm new file mode 100644 index 0000000..06a7f45 --- /dev/null +++ b/deployment/systems/mcdowell.scm @@ -0,0 +1,125 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems mcdowell) + #:use-module ( (deployment keys) + #:prefix deployment:keys:) + #:use-module ( (gnu packages package-management) + #:prefix gnu:packages:package-management:) + #:use-module ( (gnu services) + #:prefix gnu:services:) + #:use-module ( (gnu services base) + #:prefix gnu:services:base:) + #:use-module ( (gnu services guix) + #:prefix gnu:services:guix:) + #:use-module ( (gnu services ssh) + #:prefix gnu:services:ssh:) + #:use-module ( (gnu system) + #:prefix gnu:system:) + #:use-module ( (gnu system file-systems) + #:prefix gnu:system:file-systems:) + #:use-module ( (gnu system linux-initrd) + #:prefix gnu:system:linux-initrd:) + #:use-module ( (gnu system shadow) + #:prefix gnu:system:shadow:) + #:use-module ( (nongnu packages linux) + #:prefix nongnu:packages:linux:) + #:use-module ( (nongnu system linux-initrd) + #:prefix nongnu:system:linux-initrd:) + #:use-module ( (sovereign channels) + #:prefix sovereign:channels:) + #:use-module ( (sovereign devices) + #:prefix sovereign:devices:) + #:use-module ( (sovereign devices amd64) + #:prefix sovereign:devices:amd64:) + #:use-module ( (sovereign packages protonmail) + #:prefix sovereign:packages:protonmail:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:) + #:use-module ( (users id1000) + #:prefix users:id1000:) + #:use-module (guix gexp)) + +(define system-name + "mcdowell") + +(define file-system-efi + (let* + ( (l-system-name (string-upcase system-name)) + (l-device (sovereign:devices:file-system-label l-system-name))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/efi) + (device l-device)))) + +(define file-system-root + (let + ( (l-device (sovereign:devices:file-system-label system-name + "root"))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/root) + (device l-device)))) + +(define swap + (let + ( (l-target (sovereign:devices:file-system-label system-name + "swap"))) + (gnu:system:file-systems:swap-space + (inherit sovereign:devices:swap/no-trim) + (target l-target)))) + +(define rakan-machine + #~(build-machine + (name "rakan") + (systems (list "x86_64-linux" + "i686-linux")) + (user "marek") + (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@mcdowell") + (private-key "/home/marek/.ssh/id_ed25519"))) + +(define guix-offload-rakan + (gnu:services:base:guix-extension + (authorized-keys (list deployment:keys:rakan-guix)) + (build-machines (list rakan-machine)))) + +(define system + (let* + ( (l-guix-homes (list users:id1000:name/home-environment)) + (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes)) + (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name)) + (l-file-systems (cons* file-system-root + file-system-efi + gnu:system:file-systems:%base-file-systems)) + (l-firmware (list nongnu:packages:linux:linux-firmware)) + (l-initrd-modules (cons* "mei_me" + gnu:system:linux-initrd:%base-initrd-modules)) + (l-services (cons* l-guix-home-service + (gnu:services:service gnu:services:ssh:openssh-service-type) + sovereign:packages:protonmail:nogui-profile + (gnu:services:simple-service 'offload-rakan + gnu:services:base:guix-service-type + guix-offload-rakan) + sovereign:systems:%sovereign-services)) + (l-swap-devices (list swap)) + (l-users (cons* users:id1000:uid1000-account + gnu:system:shadow:%base-user-accounts))) + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (bootloader l-bootloader) + (label (sovereign:systems:operating-system-label* system-name + gnu:system:this-operating-system)) + (keyboard-layout sovereign:devices:pl-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (initrd-modules l-initrd-modules) + (firmware l-firmware) + (host-name system-name) + (file-systems l-file-systems) + (swap-devices l-swap-devices) + (users l-users) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services l-services) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification)))) + +(define-public operating-system* + system) diff --git a/deployment/systems/rakan.scm b/deployment/systems/rakan.scm new file mode 100644 index 0000000..a442c22 --- /dev/null +++ b/deployment/systems/rakan.scm @@ -0,0 +1,148 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems rakan) + #:use-module (guix gexp) + #:use-module ( (deployment keys) + #:prefix deployment:keys:) + #:use-module ( (gnu services) + #:prefix gnu:services:) + #:use-module ( (gnu services base) + #:prefix gnu:services:base:) + #:use-module ( (gnu services guix) + #:prefix gnu:services:guix:) + #:use-module ( (gnu services samba) + #:prefix gnu:services:samba:) + #:use-module ( (gnu services ssh) + #:prefix gnu:services:ssh:) + #:use-module ( (gnu system) + #:prefix gnu:system:) + #:use-module ( (gnu system file-systems) + #:prefix gnu:system:file-systems:) + #:use-module ( (gnu system linux-initrd) + #:prefix gnu:system:linux-initrd:) + #:use-module ( (gnu system shadow) + #:prefix gnu:system:shadow:) + #:use-module ( (nongnu packages linux) + #:prefix nongnu:packages:linux:) + #:use-module ( (nongnu system linux-initrd) + #:prefix nongnu:system:linux-initrd:) + #:use-module ( (sovereign devices) + #:prefix sovereign:devices:) + #:use-module ( (sovereign devices amd64) + #:prefix sovereign:devices:amd64:) + #:use-module ( (sovereign packages protonmail) + #:prefix sovereign:packages:protonmail:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:) + #:use-module ( (users id1000) + #:prefix users:id1000:)) + +(define system-name + "rakan") + +(define file-system-efi + (let* + ( (l-system-name (string-upcase system-name)) + (l-device (sovereign:devices:file-system-label l-system-name))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/efi) + (device l-device)))) + +(define file-system-root + (let + ( (l-device (sovereign:devices:file-system-label system-name + "root"))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/root) + (device l-device)))) + +(define swap + (let + ( (l-target (sovereign:devices:file-system-label system-name + "swap"))) + (gnu:system:file-systems:swap-space + (inherit sovereign:devices:swap/no-trim) + (target l-target)))) + +(define guix-offload-authorizations + (gnu:services:base:guix-extension + (authorized-keys (list deployment:keys:aisaka-guix)))) + +(define guix-publish-configuration + (gnu:services:base:guix-publish-configuration + (host "0.0.0.0") + (port 8080) + (advertise? #t))) + +(define guix-publish-service + (gnu:services:service gnu:services:base:guix-publish-service-type + guix-publish-configuration)) + +(define samba-configuration + (gnu:services:samba:samba-configuration + (enable-smbd? #t) + (config-file (mixed-text-file "smb.conf" + "[global]\n" + "map to guest = Bad User\n" + "logging = syslog@1\n" + "\n" + "[public]\n" + "browsable = yes\n" + "path = /tmp/Brother\n" + "read only = no\n" + "guest ok = yes\n" + "guest only = yes\n")))) + +(define samba-service + (gnu:services:service + gnu:services:samba:samba-service-type + samba-configuration)) + +(define system + (let + ( (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name)) + (l-file-systems (cons* file-system-root + file-system-efi + gnu:system:file-systems:%base-file-systems)) + (l-firmware (list nongnu:packages:linux:linux-firmware)) + (l-guix-homes (list users:id1000:name/home-environment)) + (l-initrd-modules (cons* "mei_me" + gnu:system:linux-initrd:%base-initrd-modules)) + (l-offload-auth (gnu:services:simple-service 'offload-authorizations + gnu:services:base:guix-service-type + guix-offload-authorizations)) + (l-openssh (gnu:services:service gnu:services:ssh:openssh-service-type)) + (l-swap-devices (list swap)) + (l-users (cons* users:id1000:uid1000-account + gnu:system:shadow:%base-user-accounts))) + (let* + ( (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes)) + (l-services (cons* l-guix-home-service + guix-publish-service + l-offload-auth + l-openssh + sovereign:packages:protonmail:nogui-profile + samba-service + sovereign:systems:%sovereign-services))) + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (bootloader l-bootloader) + (label (sovereign:systems:operating-system-label* system-name + gnu:system:this-operating-system)) + (keyboard-layout sovereign:devices:pl-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (initrd-modules l-initrd-modules) + (firmware l-firmware) + (host-name system-name) + (file-systems l-file-systems) + (swap-devices l-swap-devices) + (users l-users) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services l-services) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification))))) + +(define-public operating-system* + system) diff --git a/deployment/users.scm b/deployment/users.scm new file mode 100644 index 0000000..d227201 --- /dev/null +++ b/deployment/users.scm @@ -0,0 +1,8 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment users)) + + +(define-public initial-password + (crypt "tymczasowehaslodonatychmiastowejzmiany" "dluganieskomplikowanasoldohasla")) diff --git a/machines/portable-bios.scm b/machines/amd64.scm index 5364300..4730607 100644 --- a/machines/portable-bios.scm +++ b/machines/amd64.scm @@ -1,10 +1,4 @@ -(define-module (machines portable-bios) - ;; bootloader-configuration - #:use-module (gnu bootloader) - - ;; grub-bootloader - #:use-module (gnu bootloader grub) - +(define-module (machines amd64) ;; file-system ;; swap-space #:use-module (gnu system file-systems) @@ -16,15 +10,6 @@ ;; microcode-initrd #:use-module (nongnu system linux-initrd)) -;; bootloader-configuration -(define-public (bootloader-configuration* keyboard-layout*) - (let ((bootloader* grub-bootloader) - (bootloader-targets (list "/dev/sdb")) ; TODO: generalize the target - ) - (bootloader-configuration (bootloader bootloader*) - (targets bootloader-targets) - (keyboard-layout keyboard-layout*)))) - ;; string -> ;; (list record* file-system) (define-public (file-systems* host-name*) @@ -35,7 +20,8 @@ (file-system-root (file-system (type "ext4") (mount-point "/") (device root-device)))) - (list file-system-root))) + (append %base-file-systems + (list file-system-root)))) ;; (list record* package) (define-public firmware* @@ -46,7 +32,7 @@ microcode-initrd) ;; record* package -(define-public kernel* +(define-public kernel-amd64 linux) ;; string -> @@ -58,3 +44,22 @@ (swap-space* (swap-space (target target*)))) (list swap-space*))) + +;;;??????????????????????????????????????????????????????????????????? + +(define-public (bootloader-device-path host-name) + (let* + ((close-pipe (@ (ice-9 popen) close-pipe)) + (open-input-pipe (@ (ice-9 popen) open-input-pipe)) + (read-line (@ (ice-9 rdelim) read-line)) + (command-chain (string-append "findmnt -o SOURCE,LABEL " + "| grep " + host-name + " " + "| head -n 1 " + "| awk '{print $1}' " + "| sed 's/[0-9]*$//' ")) + (port (open-input-pipe command-chain)) + (output (read-line port))) + (close-pipe port) + output)) diff --git a/machines/thinkpad-x200.scm b/machines/thinkpad-x200.scm index faca5b0..b9bcbc7 100644 --- a/machines/thinkpad-x200.scm +++ b/machines/thinkpad-x200.scm @@ -7,14 +7,7 @@ ;; file-system ;; swap-space - #:use-module (gnu system file-systems) - - ;; linux - ;; linux-firmware - #:use-module (nongnu packages linux) - - ;; microcode-initrd - #:use-module (nongnu system linux-initrd)) + #:use-module (gnu system file-systems)) ;; bootloader-configuration (define-public (bootloader-configuration* keyboard-layout*) @@ -26,30 +19,6 @@ (keyboard-layout keyboard-layout*)))) ;; string -> -;; (list record* file-system) -(define-public (file-systems* host-name*) - (let* ((root-device-string (string-append host-name* "-root")) - - (root-device (file-system-label root-device-string)) - - (file-system-root (file-system (type "ext4") - (mount-point "/") - (device root-device)))) - (list file-system-root))) - -;; (list record* package) -(define-public firmware* - (list linux-firmware)) - -;; record* package -(define-public initrd* - microcode-initrd) - -;; record* package -(define-public kernel* - linux) - -;; string -> ;; (list record* swap-space) (define-public (swap-devices* host-name*) (let* ((label* (string-append host-name* "-swap")) diff --git a/packages/ruby-nano-bots.scm b/packages/ruby-nano-bots.scm index d98f79e..bbc3407 100644 --- a/packages/ruby-nano-bots.scm +++ b/packages/ruby-nano-bots.scm @@ -1,7 +1,8 @@ (define-module (packages ruby-nano-bots) #:use-module (gnu packages) #:use-module (gnu packages curl) - #:use-module (gnu packages ruby) + #:use-module (gnu packages ruby-check) + #:use-module (gnu packages ruby-xyz) #:use-module (guix build-system ruby) #:use-module (guix download) #:use-module ((guix licenses) diff --git a/systems/aisaka.scm b/systems/aisaka.scm deleted file mode 100644 index b5db185..0000000 --- a/systems/aisaka.scm +++ /dev/null @@ -1,67 +0,0 @@ -(define-module (systems aisaka) - ;; service - #:use-module (gnu services) - - ;; guix-home-service-type - #:use-module (gnu services guix) - - ;; keyboard-layout - #:use-module (gnu system keyboard) - - ;; bootloader-configuration* - ;; file-systems* - ;; firmware* - ;; hardware-groups - ;; initrd* - ;; kernel* - ;; swap-devices* - #:use-module (machines inspiron) - - ;; %suweren-operating-system - #:use-module (suweren system) - - ;; uid1000-account - ;; uid1000-home-environment - ;; uid1000-name - #:use-module (users id1000) - - ;; uid1001-account - ;; uid1001-home-environment - ;; uid1001-name - #:use-module (users id1001)) - -;; string -(define host-name* - "aisaka") - -;; (record user-account) -(define users* - (list uid1000-account - uid1001-account)) - -;; record operating-system -(define-public operating-system* - (let* ((home-environments `((,uid1000-name ,(uid1000-home-environment host-name*)) - (,uid1001-name ,(uid1001-home-environment host-name*)))) - - (guix-home (service guix-home-service-type - home-environments)) - - (keyboard-layout* (keyboard-layout "pl")) - (services* (list guix-home)) - (timezone* "Europe/Warsaw") - (locale* "pl_PL.utf8")) - (%suweren-operating-system kernel* - (bootloader-configuration* keyboard-layout*) - keyboard-layout* - initrd* - firmware* - host-name* - (file-systems* host-name*) - (swap-devices* host-name*) - users* - timezone* - locale* - services*))) - -operating-system* diff --git a/systems/aisaka/.bash_profile b/systems/aisaka/.bash_profile deleted file mode 100644 index 37ea25c..0000000 --- a/systems/aisaka/.bash_profile +++ /dev/null @@ -1,2 +0,0 @@ -# Honor per-interactive-shell startup file -if [ -f ~/.bashrc ]; then . ~/.bashrc; fi diff --git a/systems/aisaka/.bashrc b/systems/aisaka/.bashrc deleted file mode 100644 index 78e9cea..0000000 --- a/systems/aisaka/.bashrc +++ /dev/null @@ -1,31 +0,0 @@ -# Bash initialization for interactive non-login shells and -# for remote shells (info "(bash) Bash Startup Files"). - -# Export 'SHELL' to child processes. Programs such as 'screen' -# honor it and otherwise use /bin/sh. -export SHELL - -if [[ $- != *i* ]] -then - # We are being invoked from a non-interactive shell. If this - # is an SSH session (as in "ssh host command"), source - # /etc/profile so we get PATH and other essential variables. - [[ -n "$SSH_CLIENT" ]] && source /etc/profile - - # Don't do anything else. - return -fi - -# Source the system-wide file. -source /etc/bashrc - -# Adjust the prompt depending on whether we're in 'guix environment'. -if [ -n "$GUIX_ENVIRONMENT" ] -then - PS1='\n\u@\h [env]\$ ' -else - PS1='\n\u@\h \$ ' -fi -alias ls='ls -p --color=auto' -alias ll='ls -l' -alias grep='grep --color=auto' diff --git a/systems/aisaka/aisaka.org b/systems/aisaka/aisaka.org deleted file mode 100644 index 8fc2986..0000000 --- a/systems/aisaka/aisaka.org +++ /dev/null @@ -1,657 +0,0 @@ -#+title: Configuration of the Aisaka computer -*- mode: org -*- -#+startup: overview -#+property: header-args:scheme :noweb yes -#+property: header-args:scheme+ :noweb-prefix yes -#+property: header-args:shell :noweb yes -#+property: Header-args:shell+ :noweb-prefix yes - -* TODO Guix - -https://guix.gnu.org/en/manual/en/html_node/ - -** TODO Installation - -https://guix.gnu.org/en/manual/en/html_node/Installation.html - -*** TODO Invoking guix-daemon - -https://guix.gnu.org/en/manual/en/html_node/Invoking-guix_002ddaemon.html - -#+begin_src scheme :noweb-ref guix-options - "--gc-keep-derivations=yes" - "--gc-keep-outputs=yes" -#+end_src - -** TODO System configuration - -https://guix.gnu.org/en/manual/en/html_node/System-Configuration.html - -#+begin_src scheme :noweb-ref system-dump :tangle system-configuration.scm - (define-module (systems aisaka system-configuration) - #:use-module (gnu) - #:use-module (gnu packages commencement) - #:use-module (gnu packages cups) - #:use-module (gnu packages finance) - #:use-module (gnu services cups) - #:use-module (gnu services configuration) - #:use-module (gnu services desktop) - #:use-module (gnu services networking) - #:use-module (gnu services nix) - #:use-module (gnu services ssh) - #:use-module (gnu services version-control) - #:use-module (gnu services xorg)) - - (define keyboard-layout - (keyboard-layout "pl")) - - (operating-system - (locale "pl_PL.utf8") - (timezone "Europe/Warsaw") - (keyboard-layout keyboard-layout) - (host-name "aisaka") - (users (cons* (user-account (name "marek") - (comment "Marek Paśnikowski") - (group "users") - (home-directory "/home/marek") - (supplementary-groups '("audio" - "netdev" - "tor" - "video" - "wheel"))) - %base-user-accounts)) - (packages - (append - (map - <<to-package+output>> - '(;; "netcat-openbsd" - "ntfs-3g")) - ( map - <<to-package+output>> - ( list ) ) - %base-packages)) - (services - <<system-services>>) - (bootloader (bootloader-configuration (bootloader grub-bootloader) - (targets '("/dev/sda")) - (keyboard-layout keyboard-layout))) - (swap-devices - (list - <<swap>>)) - (mapped-devices - (list - <<luks>>)) - (file-systems - (append %base-file-systems - (list - <<rootfs>> - <<bootfs>>)))) -#+end_src - -*** TODO Services - -https://guix.gnu.org/en/manual/en/html_node/Services.html - -#+begin_src scheme :noweb-ref system-services - (append - (list - (extra-special-file - "/lib64/ld-linux-x86-64.so.2" - (file-append (canonical-package glibc) "/lib/ld-linux-x86-64.so.2")) - (extra-special-file - "/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - (extra-special-file - "/usr/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - <<ssh-system-service>> - <<system-base-services>> - <<system-miscellaneous-services>> - <<trezor-system-packages>> - (service - cups-service-type - (cups-configuration - (extensions - (list - cups-filters - epson-inkjet-printer-escpr)) - (web-interface? #t))) - (service git-daemon-service-type - (git-daemon-configuration - (export-all? #t))) - (service gnome-desktop-service-type) - (service plasma-desktop-service-type) - (service - tor-service-type - (tor-configuration - (control-socket? #t)))) - (modify-services - %desktop-services - (elogind-service-type - configuration => - (elogind-configuration - (inherit configuration) - (handle-lid-switch 'ignore))) - (gdm-service-type - configuration => - (gdm-configuration - (inherit configuration) - (wayland? #t))) - (delete guix-service-type))) -#+end_src - -**** TODO Base Services - -https://guix.gnu.org/en/manual/en/html_node/Base-Services.html - -#+begin_src scheme :noweb-ref system-base-services - <<trezor-udev-rules>> - (service - guix-service-type - (guix-configuration - (extra-options - (list - <<guix-options>>)))) -#+end_src - -**** TODO Miscellaneous Services - -https://guix.gnu.org/en/manual/en/html_node/Miscellaneous-Services.html - -#+begin_src scheme :noweb-ref system-miscellaneous-services - (service nix-service-type) -#+end_src - -** TODO Home configuration - -https://guix.gnu.org/en/manual/devel/en/html_node/Home-Configuration.html - -#+begin_src scheme :noweb-ref home-dump :tangle home-configuration.scm - (define-module (systems aisaka home-configuration) - #:use-module (gnu home) - #:use-module (gnu home services) - #:use-module (gnu home services shells) - #:use-module (gnu packages) - #:use-module (gnu services) - #:use-module (guix gexp)) - - (define allow-downgrades - "--allow-downgrades ") - - (define config-prefix - "/home/marek/Publiczny/src/deployment/systems/aisaka/") - - (define pull-guix - "guix pull ") - - (define pull-guix- - (string-append pull-guix - allow-downgrades - "--disable-authentication ")) - - (define guix-home - "guix home reconfigure ") - - (define home-configuration - "home-configuration.scm ") - - (define reconfigure-home - (string-append guix-home - config-prefix - home-configuration)) - - (define reconfigure-home- - (string-append reconfigure-home - allow-downgrades)) - - (define guix-system - "sudo guix system reconfigure ") - - (define system-configuration - "system-configuration.scm ") - - (define reconfigure-system - (string-append guix-system - config-prefix - system-configuration)) - - (define reconfigure-system- - (string-append reconfigure-system - allow-downgrades)) - - (define and - "&& ") - - (define system-update - (string-append pull-guix - and - reconfigure-system - and - reconfigure-home - and - "sudo guix gc -d 7d")) - - (define system-update- - (string-append pull-guix- - and - reconfigure-system- - and - reconfigure-home- - and - "sudo guix gc -d 7d")) - - (home-environment - (packages - (map - <<to-package+output>> - '("adwaita-icon-theme" - "alacritty" - "clamav" - "dconf-editor" - "emacs-next" - "emacs-aggressive-indent" - "emacs-eldoc" - "emacs-geiser" - "emacs-geiser-guile" - "emacs-nix-mode" - "emacs-nov-el" - "emacs-org-contacts" - "emacs-org-contrib" - "emacs-paredit" - "font-google-noto" - "git" - "git-lfs" - "gnome-tweaks" - "gnupg" - "hicolor-icon-theme" - "icecat" - "jami" - "libadwaita" - "libreoffice" - "nm-tray" - "pwgen" - "seahorse" - "sicp" - "strace" - "unzip" - "zip"))) - (services - (list - <<flashrom-package>> - <<git-sendemail-packages>> - (service - (service-type - (name 'org-fc-tn-package) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map specification->package - (list - ;; "emacs-org-fc-tn" - )))))) - (description "Custom version of ORG-FC.") - (default-value #f))) - <<ssh-user-configuration>> - ;; <<trezor-user-packages>> - (service home-bash-service-type - (home-bash-configuration - (environment-variables '(("EDITOR" . "emacs -nw") - ("GUILE_AUTO_COMPILE" . "0") - ("PATH" . "$PATH:/home/marek/.nix-profile/bin"))) - (aliases `(("grep" . "grep --color=auto ") - ("ll" . "ls -l ") - ("ls" . "ls -p --color=auto ") - ("nix" . "nix --extra-experimental-features flakes --extra-experimental-features nix-command") - ("pull-guix" . ,pull-guix) - ("pull-guix-" . ,pull-guix-) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-home-" . ,reconfigure-home-) - ("reconfigure-system" . ,reconfigure-system) - ("reconfigure-system-" . ,reconfigure-system-) - ("system-update" . ,system-update) - ("system-update-" . ,system-update-))) - (bashrc (list - (local-file "data/bashrc"))))) - ;; (service - ;; home-channels-service-type - ;; (list - ;; (channel - ;; (name 'guix) - ;; (url "https://git.savannah.gnu.org/git/guix.git")) - ;; (channel - ;; (name 'jeko) - ;; (url "https://framagit.org/Jeko/guix-jeko-channel.git")) - ;; (channel - ;; (name 'nonguix) - ;; (url "https://gitlab.com/nonguix/nonguix") - ;; ;; Enable signature verification: - ;; (introduction - ;; (make-channel-introduction - ;; "897c1a470da759236cc11798f4e0a5f7d4d59fbc" - ;; (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) - ;; (channel (name 'org-fc-tn) - ;; (url "file:///home/marek/src/org-fc") - ;; (branch "repository")) - ;; (channel (name 'packages) - ;; (url "file:///home/marek/src/packages") - ;; (branch "master")) - ;; (channel (name 'channel) - ;; (url "https://git.marekpasnikowski.pl/git/channel.git") - ;; (branch "wip-channel") - ;; ( introduction - ;; ( make-channel-introduction - ;; "f8ccfe8f3e5c8bafe06665cbd4b0c9301e1a64b6" - ;; ( openpgp-fingerprint - ;; "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F" ) ) )))) - (simple-service 'configuration-files - home-files-service-type - `((".config/git/config" ,(local-file "data/git-config")) - (".emacs" ,(local-file "data/emacs-config"))))))) -#+end_src - -*** TODO bashrc - -#+begin_src shell :tangle data/bashrc - export LD_LIBRARY_PATH=$LIBRARY_PATH -#+end_src - -*** TODO emacs - -#+begin_src elisp :tangle data/emacs-config - ;;; Disable auto-backup - (setq-default make-backup-files nil) - - ;;; https://github.com/fimblo/dot.emacs - ;;; Theme Activation - (load-theme 'manoj-dark) - - ;;; Enable ParEdit - (add-hook 'prog-mode-hook 'enable-paredit-mode) - - ;;; https://elpa.gnu.org/packages/aggressive-indent.html - ;;; Automatic Activation of Aggressive Indent - (global-aggressive-indent-mode) - - ;; Highlight the pair of delimiters under the cursor - (setq-default show-paren-mode 1 - show-paren-delay 0) - - ;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html - ;;; Copyright Information - (setq-default user-full-name "Marek Paśnikowski" - user-mail-address "marekpasnikowski@protonmail.com") - - ;;; Startup Screen Inhibition - (setq-default inhibit-startup-screen t) - - ;; Enable the column-80 line - (setq-default display-fill-column-indicator 1 - display-fill-column-indicator-column 80) - (global-display-fill-column-indicator-mode) - - ;; Prepare Literate Programming - (setq-default - org-startup-indented t - org-confirm-babel-evaluate nil - org-src-fontify-natively t - org-src-tab-acts-natively t) - (org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) - (scheme . t ) - (shell . t ))) - - (add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) - - ;; Monospace Font in Ebook Reader - (setq-default nov-variable-pitch nil) - - ;; Disable Toolbar - (tool-bar-mode -1) - - ;; GNUS Configuration - (setq-default gnus-auto-select-first nil - gnus-select-method '(nnnil "") - gnus-secondary-select-methods '((nnimap "outlook" - (nnimap-address "outlook.office365.com") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo")) - (nnimap "home" - (nnimap-address "serwer1930490.home.pl") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo"))) - nnmail-split-method 'nnmail-split-fancy - nnmail-split-fancy '(| "normal")) - (add-hook 'gnus-group-mode-hook 'gnus-topic-mode) - - ;; Org Configuration - (setq-default org-contacts-files '("~/Dokumenty/UWM/filia w Ełku/Samorząd 2022/starostowie.org")) - - ;; ORG-FC Configuration - (require 'org-fc-hydra) - (setq-default - org-fc-algorithm 'tn - org-fc-directories '("~/Dokumenty/fiszki")) - - ;; Nix Mode - (require 'nix-mode) - (add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) -#+end_src - -*** TODO git-config - -#+begin_src shell :tangle data/git-config - <<git-sendemail-config>> - <<git-user-config>> -#+end_src - -**** TODO User Configuration - -#+begin_src shell :noweb-ref git-user-config - [user] - name = "Marek Paśnikowski" - email = "marekpasnikowski@protonmail.com" -#+end_src - -* TODO Git Send Email - -https://git-send-email.io/ - -** TODO Installation - -https://git-send-email.io/#step-1 - -#+begin_src scheme :noweb-ref git-sendemail-packages - (service - (service-type - (name 'git-sendemail-packages) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map - <<to-package+output>> - (list - "git" - "git:send-email")))))) - (description "Git Send Email") - (default-value #f))) -#+end_src - -** TODO Configuration - -https://git-send-email.io/#step-2 - -#+begin_src shell :noweb-ref git-sendemail-config - [sendemail] - smtpencryption = tls - smtpserver = localhost - smtpserverport = 1025 - smtpsslcertpath = "" - smtpuser = marekpasnikowski@protonmail.com -#+end_src - -* TODO LIBREBOOT - -The first layer of computing is the firmware. The Lenovo Thinkpad X200 has -a free Libreboot firmware installed. It is a good idea to keep it up to date. - -** TODO Flashrom - -Flashrom program is needed to write the computer firmware. The -program needs a relaxed kernel security feature. - -#+begin_src scheme :noweb-ref flashrom-package - (service - (service-type - (name 'flashrom-package) - (extensions - `(,(service-extension home-profile-service-type - (lambda (_) - (map specification->package - '("flashrom")))))) - (description "Flashrom installation.") - (default-value #f))) -#+end_src - -* TODO File Systems - -This system has a very simple file system - a boot partition, main partition -for everything else and swap. The main partition is encrypted. - -** Mapped Devices - -Data encryption layer, password protected. The LUKS encryption type is -used. - -#+begin_src scheme :noweb-ref luks - (mapped-device - (source (uuid "887ac37f-2919-41a0-a62a-e1ff5ea2d6cc")) - (target "aisaka-root") - (type luks-device-mapping)) -#+end_src - -** File Systems - -The data is split into an unencrypted boot partition and encrypted root -filesystem. - -*** Root File System - -The root filesystem is mounted on the encryption layer. Its type is -BTRFS. - -#+begin_src scheme :noweb-ref rootfs - (file-system - (mount-point "/") - (device "/dev/mapper/aisaka-root") - (type "btrfs") - (dependencies mapped-devices)) -#+end_src - -*** Boot File System - -The boot partition is on EXT4 filesystem. - -#+begin_src scheme :noweb-ref bootfs - (file-system - (mount-point "/boot") - (device (uuid "4f77b5fc-56ad-43ae-b6ec-e5adc8c48587")) - (type "ext4")) -#+end_src - -** Swap Devices - -Swap takes half the storage space in order to facilitate edge cases of -memory without overprovisioning, as well as to prolog the lifetime of SSD. - -#+begin_src scheme :noweb-ref swap - (swap-space (target (uuid "73bed3f9-be07-40ad-a228-577cd24f2e1d"))) -#+end_src - -* TODO System Servers - -** TODO Secure Shell - -*** TODO SSH Installation - -#+begin_src scheme :noweb-ref ssh-system-service - (service openssh-service-type) -#+end_src - -*** TODO SSH Configuration - -#+begin_src scheme :noweb-ref ssh-user-configuration - (simple-service 'ssh-configuration* home-files-service-type - `((".ssh/config" ,(plain-file "ssh-config" "\ - <<ssh-config>>\n")))) -#+end_src - -**** TODO SSH Configuration File - -#+begin_src shell :noweb-ref ssh-config - Host *.onion - ProxyCommand nc -x localhost:9050 -X5 %h %p - - Host kynio.onion - User kynio - Hostname prnpi5oblk35gzcihbgu3227xvanisouxgbejri57bnzjawcksq4l7yd.onion - Port 22 -#+end_src - -* TODO Device Management - -https://www.linuxfromscratch.org/lfs/view/11.1/chapter09/symlinks.html - -** TODO Trezor - -https://trezor.io/trezor-model-t - -*** TODO Trezor System Packages - -#+begin_src scheme :noweb-ref trezor-system-packages - (service - (service-type - (name 'trezor-system-packages) - (extensions - (list - (service-extension profile-service-type - (lambda (_) - (map specification->package - (list - "trezord" - "trezord-udev-rules")))))) - (description "TrezorD packages needed by the system.") - (default-value #f))) -#+end_src - -*** TODO Trezor User Packages - -#+begin_src scheme :noweb-ref trezor-user-packages - (service - (service-type - (name 'trezor-user-packages) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map specification->package - (list - "trezor-agent")))))) - (description "Trezor packages for the user.") - (default-value #f))) -#+end_src - -*** TODO Trezor Udev Services - -#+begin_src scheme :noweb-ref trezor-udev-rules - (udev-rules-service 'trezord trezord-udev-rules) -#+end_src - -* TODO Helpers -** TODO String to Package - -#+begin_src scheme :noweb-ref to-package+output - (compose list - specification->package+output) -#+end_src diff --git a/systems/aisaka/data/bashrc b/systems/aisaka/data/bashrc deleted file mode 100644 index 6486547..0000000 --- a/systems/aisaka/data/bashrc +++ /dev/null @@ -1 +0,0 @@ -export LD_LIBRARY_PATH=$LIBRARY_PATH diff --git a/systems/aisaka/data/emacs-config b/systems/aisaka/data/emacs-config deleted file mode 100644 index 272c20b..0000000 --- a/systems/aisaka/data/emacs-config +++ /dev/null @@ -1,78 +0,0 @@ -;;; Disable auto-backup -(setq-default make-backup-files nil) - -;;; https://github.com/fimblo/dot.emacs -;;; Theme Activation -(load-theme 'manoj-dark) - -;;; Enable ParEdit -(add-hook 'prog-mode-hook 'enable-paredit-mode) - -;;; https://elpa.gnu.org/packages/aggressive-indent.html -;;; Automatic Activation of Aggressive Indent -(global-aggressive-indent-mode) - -;; Highlight the pair of delimiters under the cursor -(setq-default show-paren-mode 1 - show-paren-delay 0) - -;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html -;;; Copyright Information -(setq-default user-full-name "Marek Paśnikowski" - user-mail-address "marekpasnikowski@protonmail.com") - -;;; Startup Screen Inhibition -(setq-default inhibit-startup-screen t) - -;; Enable the column-80 line -(setq-default display-fill-column-indicator 1 - display-fill-column-indicator-column 80) -(global-display-fill-column-indicator-mode) - -;; Prepare Literate Programming -(setq-default - org-startup-indented t - org-confirm-babel-evaluate nil - org-src-fontify-natively t - org-src-tab-acts-natively t) -(org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) - (scheme . t ) - (shell . t ))) - -(add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) - -;; Monospace Font in Ebook Reader -(setq-default nov-variable-pitch nil) - -;; Disable Toolbar -(tool-bar-mode -1) - -;; GNUS Configuration -(setq-default gnus-auto-select-first nil - gnus-select-method '(nnnil "") - gnus-secondary-select-methods '((nnimap "outlook" - (nnimap-address "outlook.office365.com") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo")) - (nnimap "home" - (nnimap-address "serwer1930490.home.pl") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo"))) - nnmail-split-method 'nnmail-split-fancy - nnmail-split-fancy '(| "normal")) -(add-hook 'gnus-group-mode-hook 'gnus-topic-mode) - -;; Org Configuration -(setq-default org-contacts-files '("~/Dokumenty/UWM/filia w Ełku/Samorząd 2022/starostowie.org")) - -;; ORG-FC Configuration -(require 'org-fc-hydra) -(setq-default - org-fc-algorithm 'tn - org-fc-directories '("~/Dokumenty/fiszki")) - -;; Nix Mode -(require 'nix-mode) -(add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) diff --git a/systems/aisaka/data/git-config b/systems/aisaka/data/git-config deleted file mode 100644 index e2d58a5..0000000 --- a/systems/aisaka/data/git-config +++ /dev/null @@ -1,9 +0,0 @@ -[sendemail] -smtpencryption = tls -smtpserver = localhost -smtpserverport = 1025 -smtpsslcertpath = "" -smtpuser = marekpasnikowski@protonmail.com -[user] -name = "Marek Paśnikowski" -email = "marekpasnikowski@protonmail.com" diff --git a/systems/aisaka/home-configuration.scm b/systems/aisaka/home-configuration.scm deleted file mode 100644 index 5485103..0000000 --- a/systems/aisaka/home-configuration.scm +++ /dev/null @@ -1,224 +0,0 @@ -(define-module (systems aisaka home-configuration) - #:use-module (gnu home) - #:use-module (gnu home services) - #:use-module (gnu home services shells) - #:use-module (gnu packages) - #:use-module (gnu services) - #:use-module (guix gexp)) - -(define allow-downgrades - "--allow-downgrades ") - -(define config-prefix - "/home/marek/Publiczny/src/deployment/systems/aisaka/") - -(define pull-guix - "guix pull ") - -(define pull-guix- - (string-append pull-guix - allow-downgrades - "--disable-authentication ")) - -(define guix-home - "guix home reconfigure ") - -(define home-configuration - "home-configuration.scm ") - -(define reconfigure-home - (string-append guix-home - config-prefix - home-configuration)) - -(define reconfigure-home- - (string-append reconfigure-home - allow-downgrades)) - -(define guix-system - "sudo guix system reconfigure ") - -(define system-configuration - "system-configuration.scm ") - -(define reconfigure-system - (string-append guix-system - config-prefix - system-configuration)) - -(define reconfigure-system- - (string-append reconfigure-system - allow-downgrades)) - -(define and - "&& ") - -(define system-update - (string-append pull-guix - and - reconfigure-system - and - reconfigure-home - and - "sudo guix gc -d 7d")) - -(define system-update- - (string-append pull-guix- - and - reconfigure-system- - and - reconfigure-home- - and - "sudo guix gc -d 7d")) - -(home-environment - (packages - (map - (compose list - specification->package+output) - '("adwaita-icon-theme" - "alacritty" - "clamav" - "dconf-editor" - "emacs-next" - "emacs-aggressive-indent" - "emacs-eldoc" - "emacs-geiser" - "emacs-geiser-guile" - "emacs-nix-mode" - "emacs-nov-el" - "emacs-org-contacts" - "emacs-org-contrib" - "emacs-paredit" - "font-google-noto" - "git" - "git-lfs" - "gnome-tweaks" - "gnupg" - "hicolor-icon-theme" - "icecat" - "jami" - "libadwaita" - "libreoffice" - "nm-tray" - "pwgen" - "seahorse" - "sicp" - "strace" - "unzip" - "zip"))) - (services - (list - (service - (service-type - (name 'flashrom-package) - (extensions - `(,(service-extension home-profile-service-type - (lambda (_) - (map specification->package - '("flashrom")))))) - (description "Flashrom installation.") - (default-value #f))) - (service - (service-type - (name 'git-sendemail-packages) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map - (compose list - specification->package+output) - (list - "git" - "git:send-email")))))) - (description "Git Send Email") - (default-value #f))) - (service - (service-type - (name 'org-fc-tn-package) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map specification->package - (list - ;; "emacs-org-fc-tn" - )))))) - (description "Custom version of ORG-FC.") - (default-value #f))) - (simple-service 'ssh-configuration* home-files-service-type - `((".ssh/config" ,(plain-file "ssh-config" "\ - Host *.onion - ProxyCommand nc -x localhost:9050 -X5 %h %p - - Host kynio.onion - User kynio - Hostname prnpi5oblk35gzcihbgu3227xvanisouxgbejri57bnzjawcksq4l7yd.onion - Port 22\n")))) - ;; (service - ;; (service-type - ;; (name 'trezor-user-packages) - ;; (extensions - ;; (list - ;; (service-extension home-profile-service-type - ;; (lambda (_) - ;; (map specification->package - ;; (list - ;; "trezor-agent")))))) - ;; (description "Trezor packages for the user.") - ;; (default-value #f))) - (service home-bash-service-type - (home-bash-configuration - (environment-variables '(("EDITOR" . "emacs -nw") - ("GUILE_AUTO_COMPILE" . "0") - ("PATH" . "$PATH:/home/marek/.nix-profile/bin"))) - (aliases `(("grep" . "grep --color=auto ") - ("ll" . "ls -l ") - ("ls" . "ls -p --color=auto ") - ("nix" . "nix --extra-experimental-features flakes --extra-experimental-features nix-command") - ("pull-guix" . ,pull-guix) - ("pull-guix-" . ,pull-guix-) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-home-" . ,reconfigure-home-) - ("reconfigure-system" . ,reconfigure-system) - ("reconfigure-system-" . ,reconfigure-system-) - ("system-update" . ,system-update) - ("system-update-" . ,system-update-))) - (bashrc (list - (local-file "data/bashrc"))))) - ;; (service - ;; home-channels-service-type - ;; (list - ;; (channel - ;; (name 'guix) - ;; (url "https://git.savannah.gnu.org/git/guix.git")) - ;; (channel - ;; (name 'jeko) - ;; (url "https://framagit.org/Jeko/guix-jeko-channel.git")) - ;; (channel - ;; (name 'nonguix) - ;; (url "https://gitlab.com/nonguix/nonguix") - ;; ;; Enable signature verification: - ;; (introduction - ;; (make-channel-introduction - ;; "897c1a470da759236cc11798f4e0a5f7d4d59fbc" - ;; (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) - ;; (channel (name 'org-fc-tn) - ;; (url "file:///home/marek/src/org-fc") - ;; (branch "repository")) - ;; (channel (name 'packages) - ;; (url "file:///home/marek/src/packages") - ;; (branch "master")) - ;; (channel (name 'channel) - ;; (url "https://git.marekpasnikowski.pl/git/channel.git") - ;; (branch "wip-channel") - ;; ( introduction - ;; ( make-channel-introduction - ;; "f8ccfe8f3e5c8bafe06665cbd4b0c9301e1a64b6" - ;; ( openpgp-fingerprint - ;; "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F" ) ) )))) - (simple-service 'configuration-files - home-files-service-type - `((".config/git/config" ,(local-file "data/git-config")) - (".emacs" ,(local-file "data/emacs-config"))))))) diff --git a/systems/aisaka/system-configuration.scm b/systems/aisaka/system-configuration.scm deleted file mode 100644 index 46778ad..0000000 --- a/systems/aisaka/system-configuration.scm +++ /dev/null @@ -1,133 +0,0 @@ -(define-module (systems aisaka system-configuration) - #:use-module (gnu) - #:use-module (gnu packages commencement) - #:use-module (gnu packages cups) - #:use-module (gnu packages finance) - #:use-module (gnu services cups) - #:use-module (gnu services configuration) - #:use-module (gnu services desktop) - #:use-module (gnu services networking) - #:use-module (gnu services nix) - #:use-module (gnu services ssh) - #:use-module (gnu services version-control) - #:use-module (gnu services xorg)) - -(define keyboard-layout - (keyboard-layout "pl")) - -(operating-system - (locale "pl_PL.utf8") - (timezone "Europe/Warsaw") - (keyboard-layout keyboard-layout) - (host-name "aisaka") - (users (cons* (user-account (name "marek") - (comment "Marek Paśnikowski") - (group "users") - (home-directory "/home/marek") - (supplementary-groups '("audio" - "netdev" - "tor" - "video" - "wheel"))) - %base-user-accounts)) - (packages - (append - (map - (compose list - specification->package+output) - '(;; "netcat-openbsd" - "ntfs-3g")) - ( map - (compose list - specification->package+output) - ( list ) ) - %base-packages)) - (services - (append - (list - (extra-special-file - "/lib64/ld-linux-x86-64.so.2" - (file-append (canonical-package glibc) "/lib/ld-linux-x86-64.so.2")) - (extra-special-file - "/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - (extra-special-file - "/usr/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - (service openssh-service-type) - (udev-rules-service 'trezord trezord-udev-rules) - (service - guix-service-type - (guix-configuration - (extra-options - (list - "--gc-keep-derivations=yes" - "--gc-keep-outputs=yes")))) - (service nix-service-type) - (service - (service-type - (name 'trezor-system-packages) - (extensions - (list - (service-extension profile-service-type - (lambda (_) - (map specification->package - (list - "trezord" - "trezord-udev-rules")))))) - (description "TrezorD packages needed by the system.") - (default-value #f))) - (service - cups-service-type - (cups-configuration - (extensions - (list - cups-filters - epson-inkjet-printer-escpr)) - (web-interface? #t))) - (service git-daemon-service-type - (git-daemon-configuration - (export-all? #t))) - (service gnome-desktop-service-type) - (service plasma-desktop-service-type) - (service - tor-service-type - (tor-configuration - (control-socket? #t)))) - (modify-services - %desktop-services - (elogind-service-type - configuration => - (elogind-configuration - (inherit configuration) - (handle-lid-switch 'ignore))) - (gdm-service-type - configuration => - (gdm-configuration - (inherit configuration) - (wayland? #t))) - (delete guix-service-type)))) - (bootloader (bootloader-configuration (bootloader grub-bootloader) - (targets '("/dev/sda")) - (keyboard-layout keyboard-layout))) - (swap-devices - (list - (swap-space (target (uuid "73bed3f9-be07-40ad-a228-577cd24f2e1d"))))) - (mapped-devices - (list - (mapped-device - (source (uuid "887ac37f-2919-41a0-a62a-e1ff5ea2d6cc")) - (target "aisaka-root") - (type luks-device-mapping)))) - (file-systems - (append %base-file-systems - (list - (file-system - (mount-point "/") - (device "/dev/mapper/aisaka-root") - (type "btrfs") - (dependencies mapped-devices)) - (file-system - (mount-point "/boot") - (device (uuid "4f77b5fc-56ad-43ae-b6ec-e5adc8c48587")) - (type "ext4")))))) diff --git a/systems/akashi.scm b/systems/akashi.scm deleted file mode 100644 index 57debb5..0000000 --- a/systems/akashi.scm +++ /dev/null @@ -1,59 +0,0 @@ -(define-module (systems akashi) - ;; service - #:use-module (gnu services) - - ;; guix-home-service-type - #:use-module (gnu services guix) - - ;; keyboard-layout - #:use-module (gnu system keyboard) - - ;; bootloader-configuration* - ;; file-systems* - ;; firmware* - ;; initrd* - ;; kernel* - ;; swap-devices* - #:use-module (machines thinkpad-x200) - - ;; %suweren-operating-system - #:use-module (suweren system) - - ;; uid1000-account - ;; uid1000-home-environment - ;; uid1000-name - #:use-module (users id1000)) - -;; string -(define host-name* - "akashi") - -;; (record* user-account) -(define users* - (list uid1000-account)) - -;; record* operating-system -(define-public operating-system* - (let* ((home-environments `((,uid1000-name ,(uid1000-home-environment host-name*)))) - - (guix-home (service guix-home-service-type - home-environments)) - - (keyboard-layout* (keyboard-layout "pl")) - (services* (list guix-home)) - (timezone* "Europe/Warsaw") - (locale* "pl_PL.utf8")) - (%suweren-operating-system kernel* - (bootloader-configuration* keyboard-layout*) - keyboard-layout* - initrd* - firmware* - host-name* - (file-systems* host-name*) - (swap-devices* host-name*) - users* - timezone* - locale* - services*))) - -operating-system* diff --git a/systems/ayase.scm b/systems/ayase.scm deleted file mode 100644 index aef4771..0000000 --- a/systems/ayase.scm +++ /dev/null @@ -1,168 +0,0 @@ -(define-module (systems ayase) - ;; uuid - #:use-module (gnu) - - ;; grub - #:use-module (gnu packages bootloaders) - - ;; gnome-boxes - #:use-module (gnu packages gnome) - - ;; pinentry-qt - ;; pinentry-tty - #:use-module (gnu packages gnupg) - - ;; kgpg - #:use-module (gnu packages kde-pim) - - ;; python-pip - #:use-module (gnu packages python-build) - - ;; ruby - #:use-module (gnu packages ruby) - - ;; profile-service-type - ;; service - ;; simple-service - #:use-module (gnu services) - - ;; guix-home-service-type - #:use-module (gnu services guix) - - ;; tor-service-type - #:use-module (gnu services networking) - - ;; openssh-service-type - #:use-module (gnu services ssh) - - ;; libvirt-service-type - #:use-module (gnu services virtualization) - - ;; uid1000-account - ;; uid1000-home-environment - ;; uid1000-name - #:use-module (users id1000) - - ;; linux - ;; linux-firmware - #:use-module (nongnu packages linux) - - ;; microcode-initrd - #:use-module (nongnu system linux-initrd) - - ;; %sudoers-specification* - #:use-module (suweren commons sudoers) - - ;; %distribution-services - #:use-module (suweren services)) - -;; string -(define host-name - "ayase") - -;;; - -;; (alist string #<home-environment>) -(define home-environments - `((,uid1000-name ,(uid1000-home-environment host-name)))) - -;; #<file-system-label> -(define (swap-label number) - (file-system-label (string-append host-name - "-swap" - number))) - -;; #<service> -(define home-services - (service guix-home-service-type - home-environments)) - -;; #<swap-space> -(define swap-1 - (swap-space (target (swap-label "-1")))) - -;; #<swap-space> -(define swap-2 - (swap-space (target (swap-label "-2")))) - -;; (list #<service>) -(define system-services - (list (service libvirt-service-type) - (service openssh-service-type) - (service tor-service-type) - (simple-service 'gc-workaround - profile-service-type - (list grub - python-pip - ruby)) - (simple-service 'system-packages - profile-service-type - (list gnome-boxes - kgpg - pinentry-qt - pinentry-tty)))) - -;;; - -;; (list #<service>) -(define services - (append %distribution-services - (list ;; (@ (users id1000) - ;; dovecot) - home-services) - system-services)) - -;; (list #<swap-space>) -(define swap-devices - (list swap-1 - swap-2)) - -;; (list #<user-account>) -(define users - (append %base-user-accounts - (list uid1000-account))) - -;;; - -;; #<operating-system> -(define-public operating-system* - (let* ((bootloader-targets (list "/boot/efi")) - (efi-filesystem-id (uuid "B4FB-CBD9" 'fat32)) - (root-filesystem-id (uuid "615a98cd-a632-4ee5-a6f4-e5ebcaa6fb8c")) - - (efi-partition (file-system (mount-point "/boot/efi") - (device efi-filesystem-id) - (type "vfat"))) - (root-partition (file-system (mount-point "/") - (device root-filesystem-id) - (type "ext4"))) - - (ayase-file-systems (list root-partition - efi-partition)) - (keyboard-layout (keyboard-layout "pl")) - (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) - (targets bootloader-targets) - (keyboard-layout keyboard-layout))) - (file-systems (append %base-file-systems - ;; %distribution-file-systems - ayase-file-systems)) - (firmware (list linux-firmware)) - (packages (append %base-packages - ;; %distribution-packages - ;; system-packages - ))) - (operating-system (kernel linux) - (bootloader bootloader) - (keyboard-layout keyboard-layout) - (initrd microcode-initrd) - (firmware firmware) - (host-name host-name) - (file-systems file-systems) - (swap-devices swap-devices) - (users users) - (timezone "Europe/Warsaw") - (locale "pl_PL.utf8") - (services services) - (sudoers-file %sudoers-specification*)))) - -operating-system* diff --git a/systems/izumi/home-configuration.scm b/systems/izumi/home-configuration.scm deleted file mode 100644 index dcb6ace..0000000 --- a/systems/izumi/home-configuration.scm +++ /dev/null @@ -1,189 +0,0 @@ -(define-module (systems izumi home-configuration)) - -(use-modules - ( channels ) - (gnu home) - (gnu home services shells)) - -(use-modules - (gnu) - (gnu home services)) - -(use-package-modules emacs-xyz) - -(use-service-modules) -(use-modules - (gnu) - (gnu home services) - (guix build-system emacs) - (guix git-download) - ((guix licenses) - #:prefix license:) - (guix packages)) - -(use-package-modules base emacs-xyz gawk) -(use-modules - (gnu services) - (gnu home services) - (gnu packages password-utils) - (guix gexp)) -(use-modules - (gnu home services shells) - (gnu services)) - -(home-environment (packages (map specification->package+output - (list "dconf-editor" - "emacs" - "emacs-org-modern" - "emacs-paredit" - "font-google-noto" - "font-google-noto-emoji" - "font-google-noto-sans-cjk" - "font-google-noto-serif-cjk" - "git" - "gnupg" - "gnome-tweaks" - "noweb" - "pinentry" - "pwgen" - "unzip" - "zip"))) - (services (append (list izumi-channels-service-type) - (list - (simple-service - 'emacs-home-profile - home-profile-service-type - (append - (list emacs-guix emacs-nix-mode) - (list - (let - ((commit* "wip-algo-tn")) - (package - (name "emacs-org-fc") - (version (git-version "0.1.2" "0" commit*)) - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://git.marekpasnikowski.pl/org-fc.git") - (commit commit*))) - (file-name (git-file-name name version)) - (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) - (build-system emacs-build-system) - (arguments - (list - #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) - #:exclude #~ (cons "^test/" %default-exclude) - #:tests? #t - #:test-command - #~ - (list - "emacs" - "--batch" - "-L" "." - "-L" "tests/" - "-l" "tests/org-fc-filter-test.el" - "-l" "tests/org-fc-indexer-test.el" - "-l" "tests/org-fc-review-data-test.el" - "-f" "ert-run-tests-batch-and-exit") - #:phases - #~ - (modify-phases - %standard-phases - (add-after - 'unpack - 'qualify-paths - (lambda* - (#:key inputs - #:allow-other-keys) - (substitute* - "org-fc-awk.el" - (("\"find ") - (string-append - "\"" - (search-input-file inputs "/bin/find") - " ")) - (("\"gawk ") - (string-append - "\"" - (search-input-file inputs "/bin/gawk") - " ")) - (("\"xargs ") - (string-append - "\"" - (search-input-file inputs "/bin/xargs") - " ")))))))) - (inputs (list findutils gawk)) - (propagated-inputs (list emacs-hydra)) - (home-page "https://www.leonrische.me/fc/index.html") - (synopsis "Spaced repetition system for Emacs Org mode") - (description - (string-append - "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" - "It allows you to mark headlines in a file as flashcards, turning pieces of\n" - "knowledge you want to learn into a question-answer test. These cards are\n" - "reviewed at regular interval. After each review, the next review interval is\n" - "calculated based on how well you remembered the contents of the card.\n")) - (license license:gpl3+)))))) - (simple-service 'home-files - home-files-service-type - (list (list ".config/emacs/init.el" - (local-file "home-files/emacs-configuration.el" )) - (list ".gnus" - (local-file "home-files/gnus-configuration.el")) - (list ".gitconfig" - (local-file "home-files/gitconfig")) - (list ".config/git/ignore" - ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - (local-file "home-files/git-ignore.conf")))) - (simple-service - 'environment-variables - home-environment-variables-service-type - `(("EDITOR" . "emacsclient -nw")))) - (list - (let* - ((and "&& ") - (collect-garbage "sudo guix gc -d 7d ") - (configuration-prefix - "/home/marek/Publiczny/src/deployment/systems/izumi/") - (pull-guix "guix pull ") - (reconfigure-home - (string-append - "guix home delete-generations 7d ; " - "guix home reconfigure " - configuration-prefix - "home-configuration.scm ")) - (reconfigure-system - (string-append - "sudo guix system delete-generations 7d ; " - "sudo guix system reconfigure " - configuration-prefix - "system-configuration.scm ")) - (update-system - (string-append - pull-guix - and - reconfigure-system - and - reconfigure-home - and - collect-garbage))) - (simple-service - 'bash-extension - home-bash-service-type - (home-bash-extension - (aliases - `(("collect-garbage" . ,collect-garbage) - ("edit" . "$EDITOR") - ("pull-guix" . ,pull-guix) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-system" . ,reconfigure-system) - ("update-system" . ,update-system))) - (bash-profile - (list - (mixed-text-file - "newline-prompt" - "PS1=${PS1%?}\n" - "PS1=${PS1%?}\\n'$ '\n" - "PS1=\"\\n$PS1\"")))))))))) diff --git a/systems/izumi/home-files/emacs-configuration.el b/systems/izumi/home-files/emacs-configuration.el deleted file mode 100644 index e4a1d70..0000000 --- a/systems/izumi/home-files/emacs-configuration.el +++ /dev/null @@ -1,111 +0,0 @@ -;; Disable Backup Files -(setq make-backup-files nil) - -;;; https://github.com/fimblo/dot.emacs -;;; Theme Activation -(load-theme 'modus-vivendi) - -;;; Disable Org Indent Mode -(add-hook 'org-mode-hook (lambda () (org-indent-mode -1))) - -;;; Enable ParEdit -(add-hook 'prog-mode-hook 'enable-paredit-mode) - -;;; https://elpa.gnu.org/packages/aggressive-indent.html -;;; Automatic Activation of Aggressive Indent -;; (global-aggressive-indent-mode) - -;; Highlight the pair of delimiters under the cursor -(setq-default show-paren-mode 1 - show-paren-delay 0) - -;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html -;;; Copyright Information -(setq-default user-full-name "Marek Paśnikowski" - user-mail-address "marek@marekpasnikowski.pl") - -(setq-default epg-gpg-program "gpg2") - -;;;https://github.com/redguardtoo/mastering-emacs-in-one-year-guide/blob/master/gnus-guide-en.org#my-gnusel -(setq-default send-mail-function 'smtpmail-send-it - smtpmail-stream-type 'ssl - smtpmail-smtp-server "marekpasnikowski.pl" - smtpmail-smtp-service 465 - ;; smtpmail-local-domain "izumi.lan" - smtpmail-debug-info t) - -(require 'smtpmail) - -;;; https://github.com/redguardtoo/mastering-emacs-in-one-year-guide/blob/master/gnus-guide-en.org#my-gnusel -(add-hook 'message-mode-hook - (lambda () - (flyspell-mode t) - (local-set-key (kbd "TAB") - 'bbdb-complete-name))) - -;;; Startup Screen Inhibition -(setq-default inhibit-startup-screen t) - -;; Enable the column-100 line -(setq-default display-fill-column-indicator-column 100 - fill-column 100 - org-startup-truncated nil) -(set-face-attribute 'fill-column-indicator nil :foreground "green") -(global-display-fill-column-indicator-mode) - -;;; Enable Org Modern Style - ;(with-eval-after-load 'org (global-org-modern-mode)) - -;; Prepare Literate Programming -(setq-default - org-startup-indented t - org-confirm-babel-evaluate nil - org-src-fontify-natively t - org-src-tab-acts-natively t) -(org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) - (scheme . t ) - (shell . t ))) - -(add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) - -;; Monospace Font in Ebook Reader -(setq-default nov-variable-pitch nil) - -;; Disable Toolbar -(tool-bar-mode -1) - -;; GNUS Configuration -;; (setq-default gnus-auto-select-first nil -;; gnus-select-method '(nnnil "") -;; gnus-secondary-select-methods '((nnimap "outlook" -;; (nnimap-address "outlook.office365.com") -;; (nnimap-server-port 993) -;; (nnimap-stream ssl) -;; (nnimap-authinfo-file "~/.authinfo")) -;; (nnimap "home" -;; (nnimap-address "serwer1930490.home.pl") -;; (nnimap-server-port 993) -;; (nnimap-stream ssl) -;; (nnimap-authinfo-file "~/.authinfo"))) -;; nnmail-split-method 'nnmail-split-fancy -;; nnmail-split-fancy '(| "normal")) -;; (add-hook 'gnus-group-mode-hook 'gnus-topic-mode) - -;; ORG-FC Configuration -(require 'org-fc-hydra) -(setq-default - org-fc-algorithm 'tn - org-fc-shuffle-positions t - org-fc-directories '("~/Dokumenty/fiszki")) - -;; Nix Mode -;; (require 'nix-mode) -;; (add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) - -;; (setq tramp-remote-path -;; (append tramp-remote-path -;; '(tramp-own-remote-path -;; "~/.guix-profile/bin" -;; "~/.guix-profile/sbin" -;; "/run/current-system/profile/bin" -;; "/run/current-system/profile/sbin"))) diff --git a/systems/izumi/home-files/gnus-configuration.el b/systems/izumi/home-files/gnus-configuration.el deleted file mode 100644 index 570b8fd..0000000 --- a/systems/izumi/home-files/gnus-configuration.el +++ /dev/null @@ -1,85 +0,0 @@ -;;; https://github.com/redguardtoo/mastering-emacs-in-one-year-guide/blob/master/gnus-guide-en.org#my-gnusel -;; (require 'nnir) - -;; (setq-default gnus-select-method '(nntp "news.gwene.org")) - -(setq-default epa-file-cache-passphrase-for-symmetric-encryption t) - -(setq-default gnus-select-method - '(nnimap "marekpasnikowski.pl" - (nnimap-address "marekpasnikowski.pl") - (nnimap-server-port 993) - (nnimap-stream ssl) - ;; (nnir-search-engine imap) - (nnmail-expiry-wait 90))) - -(setq-default gnus-thread-sort-functions - '(gnus-thread-sort-by-most-recent-date - (not gnus-thread-sort-by-number))) - -(setq-default gnus-use-cache t) - -(defun my-gnus-group-list-subscribed-groups () - "List all subscribed groups with or without un-read messages" - () - (interactive) - (gnus-group-list-all-groups 5)) - -(define-key gnus-group-mode-map - (kbd "o") 'my-gnus-group-list-subscribed-groups) - -;; (add-to-list 'load-path "~/Dokumenty/bbdb") -;; (require 'bbdb) -;; (bbdb-initialize 'message 'gnus 'sendmail) -;; (add-hook 'gnus-startup-hook 'bbdb-insinuate-gnus) -;; (setq-default bbdb/mail-auto-create-p t -;; bbdb/news-auto-create-p t) - -(setq-default gnus-read-active-file 'some) - -(eval-after-load 'mailcap - '(progn (cond ((eq system-type 'darwin)) - ((eq system-type 'windows-nt)) - (t (mailcap-parse-mailcaps))))) - -(add-hook 'gnus-group-mode-hook - 'gnus-topic-mode) - -(setq-default gnus-summary-thread-gathering-function - 'gnus-gather-threads-by-subject) - -(setq-default gnus-thread-hide-subtree t) -(setq-default gnus-thread-ignore-subject t) - -(setq-default gnus-use-correct-string-widths nil) - - -(eval-after-load 'gnus-topic - '(progn (setq-default gnus-message-archive-group - '((format-time-string "sent.%Y"))) - (setq-default gnus-server-alist - '(("archive" - nnfolder - "archive" - (nnfolder-directory "~/Mail/archive") - (nnfolder-active-file "~/Mail/archive/active") - (nnfolder-get-new-mail nil) - (nnfolder-inhibit-expiry t)))) - (setq-default gnus-topic-topology - '(("Gnus" visible) - (("marekpasnikowski.pl" visible nil nil)) - (("misc" visible)))) - (setq-default gnus-topic-alist - '(("marekpasnikowski.pl" - "nnimap+marekpasnikowski.pl:Inbox" - "nnimap+marekpasnikowski.pl:Drafts" - "nnimap+marekpasnikowski.pl:Sent" - "nnimap+marekpasnikowski.pl:Archive" - "nnimap+marekpasnikowski.pl:Junk" - "nnimap+marekpasnikowski.pl:Trash") - ("misc" - "nnfolder+archive:sent.2024" - "nndraft:drafts") - ("Gnus"))) - (gnus-topic-set-parameters "marekpasnikowski.pl" - '((display . 200))))) diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org deleted file mode 100644 index afe2fe1..0000000 --- a/systems/izumi/izumi.org +++ /dev/null @@ -1,592 +0,0 @@ -#+TITLE: Configuration of the Izumi computer -#+AUTHOR: Marek Paśnikowski -#+STARTUP: showall -#+PROPERTY: header-args:scheme :noweb yes -#+PROPERTY: header-args:scheme+ :noweb-prefix yes - -* DONE The Monolith - -#+NAME: OPERATING-SYSTEM -#+BEGIN_SRC scheme :tangle system-configuration.scm - (define-module (systems izumi system-configuration) - #:use-module (suweren commons sudoers)) - - (define radicale-keys "/secrets/radicale/keys") - (define dovecot-keys "/secrets/dovecot") - - ( use-modules - ( gnu ) - ( gnu services syncthing ) - ( guix records ) - ( ice-9 match ) - ( nongnu packages linux ) - ( nongnu system linux-initrd ) ) - - ( use-package-modules - admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail - version-control ) - - ( use-service-modules - base certbot cgit desktop mail shepherd ssh version-control web xorg ) - - (define nginx-accounts - (list (user-group (name "nginx") - (system? #t)) - (user-account (name "nginx") - (group "nginx") - (supplementary-groups '("git")) - (system? #t) - (comment "nginx server user") - (home-directory "/var/empty") - (shell (file-append (specification->package "shadow") - "/sbin/nologin"))))) - - (define nginx-service-type* - (service-type (inherit nginx-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - account-service-type) - (service-extension account-service-type - (const nginx-accounts)) - extension)) - (service-type-extensions nginx-service-type))))) - - (define hosts-izumi - (local-file "system-files/hosts")) - - ( operating-system - ( bootloader - ( bootloader-configuration - ( bootloader grub-efi-bootloader ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - ( targets ( list "/boot/efi" ) ) ) ) - ( mapped-devices - ( list - ( mapped-device - ( source "/dev/sda2" ) - ( target "izumi" ) - ( type luks-device-mapping ) ) ) ) - ( file-systems - ( append - %base-file-systems - ( list - ( file-system - ( device "/dev/sda1" ) - ( mount-point "/boot/efi" ) - ( type "vfat" ) ) - ( file-system - ( dependencies mapped-devices ) - ( device "/dev/mapper/izumi" ) - ( mount-point "/" ) - ( type "xfs" ) ) ) ) ) - ( firmware ( list linux-firmware ) ) - ( groups - ( append - %base-groups - ( list - ( user-group - ( name "vmail" ) - ( system? #t ) )) ) ) - ( host-name "izumi" ) - (hosts-file hosts-izumi) - ( initrd microcode-initrd ) - ( kernel linux ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - ( locale "pl_PL.utf8" ) - ( services - ( append - ( modify-services - %desktop-services - ( elogind-service-type - configuration => - ( elogind-configuration - ( inherit configuration ) - ( handle-lid-switch 'ignore ) - ( handle-lid-switch-docked 'ignore ) - ( handle-lid-switch-external-power 'ignore ) ) ) - ( gdm-service-type - configuration => - ( gdm-configuration - ( inherit configuration ) - ( auto-suspend? #f ) - ( wayland? #t ) ) ) - ( guix-service-type - configuration => - ( let* - ( ( non-guix.pub - ( string-append - "( public-key ( ecc ( curve Ed25519 )" - "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) - ( authorized-keys - ( append - %default-authorized-guix-keys - ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) - ( extra-options - ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) - ( substitute-urls - ( append - %default-substitute-urls - ( list "https://substitutes.nonguix.org" ) ) ) ) - ( guix-configuration - ( inherit configuration ) - ( authorized-keys authorized-keys ) - ( extra-options extra-options ) - ( substitute-urls substitute-urls ) ) ) ) ) - ( list - (@ (users id1000) dkim-service) - (@ (users id1000) dovecot-service) - (@ (users id1000) smtp-service) - (service (service-type (inherit certbot-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - (@@ (gnu services certbot) - certbot-nginx-server-configurations)) - extension)) - (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) - (service (service-type (inherit cgit-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - cgit-configuration-nginx-config) - extension)) - (service-type-extensions cgit-service-type)))) - ( cgit-configuration - ( nginx - ( list - ( nginx-server-configuration - ( locations - ( list - ( git-http-nginx-location-configuration - ( git-http-configuration - ( git-root "/var/lib/gitolite/repositories" ) - ( uri-path "/git" ) ) ) - ( nginx-location-configuration - ( body - ( list - "fastcgi_param HTTP_HOST $server_name ;" - "fastcgi_param PATH_INFO $uri ;" - "fastcgi_param QUERY_STRING $args ;" - "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" - "fastcgi_pass 127.0.0.1:9000 ;" ) ) - ( uri "@cgit" ) ) - ( nginx-location-configuration - ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root cgit ) - ( server-name ( list "git.marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) - ( try-files ( list "$uri" "@cgit" ) ) ) ) ) - ( repositories - ( list - ( repository-cgit-configuration - ( hide? #t ) - ( path "/srv/git/marek/packages" ) ) ) ) - ( repository-directory "/var/lib/gitolite/repositories" ) ) ) - (service fcgiwrap-service-type - (fcgiwrap-configuration (user "git") - (group "git"))) - ( service gitolite-service-type - ( gitolite-configuration - ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) - ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) - ( service plasma-desktop-service-type ) - ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) - (service nginx-service-type* - ( nginx-configuration - ( server-blocks - ( list - ;; Top-Level - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( uri "/.well-known" ) - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root "/srv/www/marek/marekpasnikowski.pl" ) - ( server-name ( list "marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) - ;; Radicale - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( body - ( list - "proxy_pass http://localhost:5232/ ;" - "proxy_set_header X-Script-Name \"\" ;" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" - "proxy_set_header Host $http_host ;" - "proxy_pass_header Authorization ;" ) ) - ( uri "/" ) ) - ( nginx-location-configuration - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) - ( service openssh-service-type ) - ( service radicale-service-type - ( radicale-configuration - ( auth - ( radicale-auth-configuration - ( type 'htpasswd ) - ( htpasswd-filename radicale-keys ) - ( htpasswd-encryption 'plain ) ) ) ) ) - ( simple-service 'base-profile profile-service-type - ( append %base-packages - ( list ) ) ) - ( simple-service - 'nss-profile - profile-service-type - ( list nss-certs ) ) - ( simple-service - 'etc-files - etc-service-type - ( list - `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) ) ) ) - ( sudoers-file %sudoers-specification* ) - ( swap-devices - ( list - ( swap-space - ( target "/dev/sda3" ) ) ) ) - ( timezone "Europe/Warsaw" ) - ( users - ( append - %base-user-accounts - ( list - ( user-account - ( comment "vmail" ) - ( group "vmail" ) - ( home-directory "/home/vmail" ) - ( name "vmail" ) - ( system? #t ) ) - ( user-account - ( comment "Marek Paśnikowski" ) - ( group "users" ) - ( home-directory "/home/marek" ) - ( name "marek" ) - ( supplementary-groups - ( list "audio" "netdev" "video" "wheel" ) ) ) ) ) ) ) -#+END_SRC - -#+NAME: OPENSMTPD-CONFIGURATION-FILE -#+BEGIN_SRC conf :tangle system-files/smtpd.conf - # The prefix on GUIX is not the default one — it is /etc . - table aliases file:/etc/aliases - - # The mail certificates are issued by Let‘s Encrypt and served by NGINX - pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" - pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" - - # Listen for local messages. - listen on lo - - # Listen for messages from the internet. - listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" - listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" - - # There is no filtering in the design, so the two actions are enough. - action receive maildir alias <aliases> - action send relay - - # Match incoming messages. - match from local for local action receive - match from any for domain "marekpasnikowski.pl" action receive - - # Match outgoing messages. - match for any action send -#+END_SRC - -* [[https://guix.gnu.org/manual/en/html_node/Home-Configuration.html][13 Home Configuration]] - -#+BEGIN_SRC scheme :tangle home-configuration.scm - (define-module (systems izumi home-configuration)) - - (use-modules - ( channels ) - (gnu home) - (gnu home services shells)) - - <<EMACS-GUIX-MODULES>> - <<EMACS-ORG-FC-TN-MODULES>> - <<ESSENTIAL-HOME-MODULES>> - <<SHELLS-MODULES>> - - (home-environment (packages (map specification->package+output - (list "dconf-editor" - "emacs" - "emacs-org-modern" - "emacs-paredit" - "font-google-noto" - "font-google-noto-emoji" - "font-google-noto-sans-cjk" - "font-google-noto-serif-cjk" - "git" - "gnupg" - "gnome-tweaks" - "noweb" - "pinentry" - "pwgen" - "unzip" - "zip"))) - (services (append (list izumi-channels-service-type) - <<ESSENTIAL-HOME-SERVICES>> - <<SHELLS>>))) -#+END_SRC - -** [[https://guix.gnu.org/manual/en/html_node/Home-Services.html][13.3 Home Services]] - -#+NAME: ESSENTIAL-HOME-SERVICES -#+BEGIN_SRC scheme - (list - <<EMACS-HOME-PROFILE>> - <<HOME-FILES-SERVICE-TYPE>> - (simple-service - 'environment-variables - home-environment-variables-service-type - `(("EDITOR" . "emacsclient -nw")))) -#+END_SRC - -#+NAME: SHELLS -#+BEGIN_SRC scheme - (list - <<HOME-BASH-SERVICE-TYPE>>) -#+END_SRC - -*** [[https://guix.gnu.org/manual/en/html_node/Essential-Home-Services.html][13.3.1 Essential Home Services]] - -#+NAME: ESSENTIAL-HOME-MODULES -#+BEGIN_SRC scheme - (use-modules - (gnu services) - (gnu home services) - (gnu packages password-utils) - (guix gexp)) -#+END_SRC - -#+NAME: EMACS-HOME-PROFILE -#+BEGIN_SRC scheme - (simple-service - 'emacs-home-profile - home-profile-service-type - (append - <<EMACS-GUIX-PACKAGES>> - <<EMACS-ORG-FC-TN-PACKAGES>>)) -#+END_SRC - -#+NAME: HOME-FILES-SERVICE-TYPE -#+BEGIN_SRC scheme - (simple-service 'home-files - home-files-service-type - (list (list ".config/emacs/init.el" - (local-file "home-files/emacs-configuration.el" )) - (list ".gnus" - (local-file "home-files/gnus-configuration.el")) - (list ".gitconfig" - (local-file "home-files/gitconfig")) - (list ".config/git/ignore" - ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - (local-file "home-files/git-ignore.conf")))) -#+END_SRC - -*** [[https://guix.gnu.org/manual/en/html_node/Shells-Home-Services.html][13.3.2 Shells]] - -#+NAME: SHELLS-MODULES -#+BEGIN_SRC scheme - (use-modules - (gnu home services shells) - (gnu services)) -#+END_SRC - -#+NAME: HOME-BASH-SERVICE-TYPE -#+BEGIN_SRC scheme - (let* - ((and "&& ") - (collect-garbage "sudo guix gc -d 7d ") - (configuration-prefix - "/home/marek/Publiczny/src/deployment/systems/izumi/") - (pull-guix "guix pull ") - (reconfigure-home - (string-append - "guix home delete-generations 7d ; " - "guix home reconfigure " - configuration-prefix - "home-configuration.scm ")) - (reconfigure-system - (string-append - "sudo guix system delete-generations 7d ; " - "sudo guix system reconfigure " - configuration-prefix - "system-configuration.scm ")) - (update-system - (string-append - pull-guix - and - reconfigure-system - and - reconfigure-home - and - collect-garbage))) - (simple-service - 'bash-extension - home-bash-service-type - (home-bash-extension - (aliases - `(("collect-garbage" . ,collect-garbage) - ("edit" . "$EDITOR") - ("pull-guix" . ,pull-guix) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-system" . ,reconfigure-system) - ("update-system" . ,update-system))) - (bash-profile - (list - (mixed-text-file - "newline-prompt" - "PS1=${PS1%?}\n" - "PS1=${PS1%?}\\n'$ '\n" - "PS1=\"\\n$PS1\"")))))) -#+END_SRC - -* [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] - -#+NAME: EMACS-ORG-FC-TN-MODULES -#+BEGIN_SRC scheme - (use-modules - (gnu) - (gnu home services) - (guix build-system emacs) - (guix git-download) - ((guix licenses) - #:prefix license:) - (guix packages)) - - (use-package-modules base emacs-xyz gawk) -#+END_SRC - -#+NAME: EMACS-ORG-FC-TN-PACKAGES -#+BEGIN_SRC scheme - (list - (let - ((commit* "wip-algo-tn")) - (package - (name "emacs-org-fc") - (version (git-version "0.1.2" "0" commit*)) - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://git.marekpasnikowski.pl/org-fc.git") - (commit commit*))) - (file-name (git-file-name name version)) - (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) - (build-system emacs-build-system) - (arguments - (list - #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) - #:exclude #~ (cons "^test/" %default-exclude) - #:tests? #t - #:test-command - #~ - (list - "emacs" - "--batch" - "-L" "." - "-L" "tests/" - "-l" "tests/org-fc-filter-test.el" - "-l" "tests/org-fc-indexer-test.el" - "-l" "tests/org-fc-review-data-test.el" - "-f" "ert-run-tests-batch-and-exit") - #:phases - #~ - (modify-phases - %standard-phases - (add-after - 'unpack - 'qualify-paths - (lambda* - (#:key inputs - #:allow-other-keys) - (substitute* - "org-fc-awk.el" - (("\"find ") - (string-append - "\"" - (search-input-file inputs "/bin/find") - " ")) - (("\"gawk ") - (string-append - "\"" - (search-input-file inputs "/bin/gawk") - " ")) - (("\"xargs ") - (string-append - "\"" - (search-input-file inputs "/bin/xargs") - " ")))))))) - (inputs (list findutils gawk)) - (propagated-inputs (list emacs-hydra)) - (home-page "https://www.leonrische.me/fc/index.html") - (synopsis "Spaced repetition system for Emacs Org mode") - (description - (string-append - "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" - "It allows you to mark headlines in a file as flashcards, turning pieces of\n" - "knowledge you want to learn into a question-answer test. These cards are\n" - "reviewed at regular interval. After each review, the next review interval is\n" - "calculated based on how well you remembered the contents of the card.\n")) - (license license:gpl3+)))) -#+END_SRC - -* [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/index.html][Emacs-Guix]] - -** [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/Installation.html][2. Installation]] - -#+NAME: EMACS-GUIX-MODULES -#+BEGIN_SRC scheme - (use-modules - (gnu) - (gnu home services)) - - (use-package-modules emacs-xyz) - - (use-service-modules) -#+END_SRC - -#+NAME: EMACS-GUIX-PACKAGES -#+BEGIN_SRC scheme - (list emacs-guix emacs-nix-mode) -#+END_SRC - -* EOF diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm deleted file mode 100644 index d8f6997..0000000 --- a/systems/izumi/system-configuration.scm +++ /dev/null @@ -1,290 +0,0 @@ -(define-module (systems izumi system-configuration) - #:use-module (suweren commons sudoers)) - -(define radicale-keys "/secrets/radicale/keys") -(define dovecot-keys "/secrets/dovecot") - -( use-modules - ( gnu ) - ( gnu services syncthing ) - ( guix records ) - ( ice-9 match ) - ( nongnu packages linux ) - ( nongnu system linux-initrd ) ) - -( use-package-modules - admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail - version-control ) - -( use-service-modules - base certbot cgit desktop mail shepherd ssh version-control web xorg ) - -(define nginx-accounts - (list (user-group (name "nginx") - (system? #t)) - (user-account (name "nginx") - (group "nginx") - (supplementary-groups '("git")) - (system? #t) - (comment "nginx server user") - (home-directory "/var/empty") - (shell (file-append (specification->package "shadow") - "/sbin/nologin"))))) - -(define nginx-service-type* - (service-type (inherit nginx-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - account-service-type) - (service-extension account-service-type - (const nginx-accounts)) - extension)) - (service-type-extensions nginx-service-type))))) - -(define hosts-izumi - (local-file "system-files/hosts")) - -( operating-system - ( bootloader - ( bootloader-configuration - ( bootloader grub-efi-bootloader ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - ( targets ( list "/boot/efi" ) ) ) ) - ( mapped-devices - ( list - ( mapped-device - ( source "/dev/sda2" ) - ( target "izumi" ) - ( type luks-device-mapping ) ) ) ) - ( file-systems - ( append - %base-file-systems - ( list - ( file-system - ( device "/dev/sda1" ) - ( mount-point "/boot/efi" ) - ( type "vfat" ) ) - ( file-system - ( dependencies mapped-devices ) - ( device "/dev/mapper/izumi" ) - ( mount-point "/" ) - ( type "xfs" ) ) ) ) ) - ( firmware ( list linux-firmware ) ) - ( groups - ( append - %base-groups - ( list - ( user-group - ( name "vmail" ) - ( system? #t ) )) ) ) - ( host-name "izumi" ) - (hosts-file hosts-izumi) - ( initrd microcode-initrd ) - ( kernel linux ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - ( locale "pl_PL.utf8" ) - ( services - ( append - ( modify-services - %desktop-services - ( elogind-service-type - configuration => - ( elogind-configuration - ( inherit configuration ) - ( handle-lid-switch 'ignore ) - ( handle-lid-switch-docked 'ignore ) - ( handle-lid-switch-external-power 'ignore ) ) ) - ( gdm-service-type - configuration => - ( gdm-configuration - ( inherit configuration ) - ( auto-suspend? #f ) - ( wayland? #t ) ) ) - ( guix-service-type - configuration => - ( let* - ( ( non-guix.pub - ( string-append - "( public-key ( ecc ( curve Ed25519 )" - "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) - ( authorized-keys - ( append - %default-authorized-guix-keys - ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) - ( extra-options - ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) - ( substitute-urls - ( append - %default-substitute-urls - ( list "https://substitutes.nonguix.org" ) ) ) ) - ( guix-configuration - ( inherit configuration ) - ( authorized-keys authorized-keys ) - ( extra-options extra-options ) - ( substitute-urls substitute-urls ) ) ) ) ) - ( list - (@ (users id1000) dkim-service) - (@ (users id1000) dovecot-service) - (@ (users id1000) smtp-service) - (service (service-type (inherit certbot-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - (@@ (gnu services certbot) - certbot-nginx-server-configurations)) - extension)) - (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) - (service (service-type (inherit cgit-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - cgit-configuration-nginx-config) - extension)) - (service-type-extensions cgit-service-type)))) - ( cgit-configuration - ( nginx - ( list - ( nginx-server-configuration - ( locations - ( list - ( git-http-nginx-location-configuration - ( git-http-configuration - ( git-root "/var/lib/gitolite/repositories" ) - ( uri-path "/git" ) ) ) - ( nginx-location-configuration - ( body - ( list - "fastcgi_param HTTP_HOST $server_name ;" - "fastcgi_param PATH_INFO $uri ;" - "fastcgi_param QUERY_STRING $args ;" - "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" - "fastcgi_pass 127.0.0.1:9000 ;" ) ) - ( uri "@cgit" ) ) - ( nginx-location-configuration - ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root cgit ) - ( server-name ( list "git.marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) - ( try-files ( list "$uri" "@cgit" ) ) ) ) ) - ( repositories - ( list - ( repository-cgit-configuration - ( hide? #t ) - ( path "/srv/git/marek/packages" ) ) ) ) - ( repository-directory "/var/lib/gitolite/repositories" ) ) ) - (service fcgiwrap-service-type - (fcgiwrap-configuration (user "git") - (group "git"))) - ( service gitolite-service-type - ( gitolite-configuration - ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) - ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) - ( service plasma-desktop-service-type ) - ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) - (service nginx-service-type* - ( nginx-configuration - ( server-blocks - ( list - ;; Top-Level - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( uri "/.well-known" ) - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root "/srv/www/marek/marekpasnikowski.pl" ) - ( server-name ( list "marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) - ;; Radicale - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( body - ( list - "proxy_pass http://localhost:5232/ ;" - "proxy_set_header X-Script-Name \"\" ;" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" - "proxy_set_header Host $http_host ;" - "proxy_pass_header Authorization ;" ) ) - ( uri "/" ) ) - ( nginx-location-configuration - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) - ( service openssh-service-type ) - ( service radicale-service-type - ( radicale-configuration - ( auth - ( radicale-auth-configuration - ( type 'htpasswd ) - ( htpasswd-filename radicale-keys ) - ( htpasswd-encryption 'plain ) ) ) ) ) - ( simple-service 'base-profile profile-service-type - ( append %base-packages - ( list ) ) ) - ( simple-service - 'nss-profile - profile-service-type - ( list nss-certs ) ) - ( simple-service - 'etc-files - etc-service-type - ( list - `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) ) ) ) - ( sudoers-file %sudoers-specification* ) - ( swap-devices - ( list - ( swap-space - ( target "/dev/sda3" ) ) ) ) - ( timezone "Europe/Warsaw" ) - ( users - ( append - %base-user-accounts - ( list - ( user-account - ( comment "vmail" ) - ( group "vmail" ) - ( home-directory "/home/vmail" ) - ( name "vmail" ) - ( system? #t ) ) - ( user-account - ( comment "Marek Paśnikowski" ) - ( group "users" ) - ( home-directory "/home/marek" ) - ( name "marek" ) - ( supplementary-groups - ( list "audio" "netdev" "video" "wheel" ) ) ) ) ) ) ) diff --git a/systems/izumi/system-files/hosts b/systems/izumi/system-files/hosts deleted file mode 100644 index bc92c36..0000000 --- a/systems/izumi/system-files/hosts +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost izumi -::1 localhost izumi - -81.190.248.246 marekpasnikowski git.marekpasnikowski.pl
\ No newline at end of file diff --git a/systems/izumi/system-files/smtpd.conf b/systems/izumi/system-files/smtpd.conf deleted file mode 100644 index 9fe7503..0000000 --- a/systems/izumi/system-files/smtpd.conf +++ /dev/null @@ -1,24 +0,0 @@ -# The prefix on GUIX is not the default one — it is /etc . -table aliases file:/etc/aliases - -# The mail certificates are issued by Let‘s Encrypt and served by NGINX -pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" -pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" - -# Listen for local messages. -listen on lo - -# Listen for messages from the internet. -listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" -listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" - -# There is no filtering in the design, so the two actions are enough. -action receive maildir alias <aliases> -action send relay - -# Match incoming messages. -match from local for local action receive -match from any for domain "marekpasnikowski.pl" action receive - -# Match outgoing messages. -match for any action send diff --git a/systems/izumi/system-files/sudoers b/systems/izumi/system-files/sudoers deleted file mode 100644 index 6af6e3b..0000000 --- a/systems/izumi/system-files/sudoers +++ /dev/null @@ -1,3 +0,0 @@ -root ALL=(ALL) ALL -%wheel ALL=(ALL) ALL -Defaults passwd_timeout=0 diff --git a/systems/mcdowell.scm b/systems/mcdowell.scm deleted file mode 100644 index ecf4407..0000000 --- a/systems/mcdowell.scm +++ /dev/null @@ -1,50 +0,0 @@ -(define-module (systems mcdowell) - #:use-module (gnu services) ; service - #:use-module (gnu services guix) ; guix-home-service-type - #:use-module (gnu system keyboard) ; keyboard-layout - #:use-module (machines portable-bios) ; bootloader-configuration* - ; file-systems* - ; firmware* - ; hardware-groups - ; initrd* - ; kernel* - ; swap-devices* - #:use-module (suweren system) ; %suweren-operating-system - #:use-module (users id1000) ; uid1000-account - ; uid1000-home-environment - ; uid1000-name - ) - -;; string -(define host-name* - "mcdowell") - -;; (record user-account) -(define users* - (list uid1000-account)) - -;; record operating-system -(define-public operating-system* - (let* ((home-environments `((,uid1000-name ,(uid1000-home-environment host-name*)))) - - (guix-home (service guix-home-service-type - home-environments)) - - (keyboard-layout* (keyboard-layout "pl")) - (services* (list guix-home)) - (timezone* "Europe/Warsaw") - (locale* "pl_PL.utf8")) - (%suweren-operating-system kernel* - (bootloader-configuration* keyboard-layout*) - keyboard-layout* - initrd* - firmware* - host-name* - (file-systems* host-name*) - (swap-devices* host-name*) - users* - timezone* - locale* - services*))) - -operating-system* diff --git a/users/id1000.scm b/users/id1000.scm index cfc4827..fa12195 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -1,40 +1,42 @@ (define-module (users id1000) - ;; home-environment - #:use-module (gnu home) - - ;; home-profile-service-type - ;; home-xdg-configuration-files-service-type - #:use-module (gnu home services) - - ;; gparted - #:use-module (gnu packages disk) - - ;; emacs - #:use-module (gnu packages emacs) - - ;; emacs-org-roam - ;; emacs-paredit - #:use-module (gnu packages emacs-xyz) - - ;; git - #:use-module (gnu packages version-control) - - ;; simple-service - #:use-module (gnu services) - - ;; user-account - #:use-module (gnu system shadow) - - ;; local-file #:use-module (guix gexp) + #:use-module (ice-9 match) + #:use-module ( (deployment users) + #:prefix deployment:users:) + #:use-module ( (gnu home) + #:prefix gnu:home:) + #:use-module ( (gnu home services) + #:prefix gnu:home:services:) + #:use-module ( (gnu home services desktop) + #:prefix gnu:home:services:desktop:) + #:use-module ( (gnu home services shepherd) + #:prefix gnu:home:services:shepherd:) + #:use-module ( (gnu home services sound) + #:prefix gnu:home:services:sound:) + #:use-module ( (gnu home services ssh) + #:prefix gnu:home:services:ssh:) + #:use-module ( (gnu packages audio) + #:prefix gnu:packages:audio:) + #:use-module ( (gnu packages disk) + #:prefix gnu:packages:disk:) + #:use-module ( (gnu packages librewolf) + #:prefix gnu:packages:librewolf:) + #:use-module ( (gnu packages version-control) + #:prefix gnu:packages:version-control:) + #:use-module ( (gnu services) + #:prefix gnu:services:) + #:use-module ( (gnu system accounts) + #:prefix gnu:system:accounts:) + #:use-module ( (guix records) + #:prefix guix:records:) + #:use-module ( (sovereign services admin) + #:prefix sovereign:services:admin:) + #:use-module ( (sovereign services fontutils) + #:prefix sovereign:services:fontutils:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:)) - ;; %suweren-home-services - #:use-module (suweren home) - - #:use-module (guix records) - #:use-module (ice-9 match)) - -(define-record-type* <dkimproxy-out-signature-configuration> +(guix:records:define-record-type* <dkimproxy-out-signature-configuration> dkimproxy-out-signature-configuration make-dkimproxy-out-signature-configuration dkimproxy-out-signature-configuration? @@ -94,7 +96,7 @@ ")") ""))))) -(define-record-type* <dkimproxy-out-configuration> +(guix:records:define-record-type* <dkimproxy-out-configuration> dkimproxy-out-configuration make-dkimproxy-out-configuration dkimproxy-out-configuration? @@ -225,27 +227,29 @@ (stop #~ (make-kill-destructor))))))) (define %dkimproxy-accounts - (list (user-group (name "dkimproxy") - (system? #t)) - (user-account (name "dkimproxy") - (group "dkimproxy") - (system? #t) - (comment "Dkimproxy user") - (home-directory "/var/empty") - (shell (file-append (@ (gnu packages admin) - shadow) - "/sbin/nologin"))))) + (list (gnu:system:accounts:user-group + (name "dkimproxy") + (system? #t)) + (gnu:system:accounts:user-account + (name "dkimproxy") + (group "dkimproxy") + (system? #t) + (comment "Dkimproxy user") + (home-directory "/var/empty") + (shell (file-append (@ (gnu packages admin) + shadow) + "/sbin/nologin"))))) (define dkimproxy-out-service-type - (service-type + (gnu:services:service-type (name 'dkimproxy-out) (description "stub") (extensions (list - (service-extension - account-service-type + (gnu:services:service-extension + (@ (gnu system shadow) account-service-type) (const %dkimproxy-accounts)) - (service-extension + (gnu:services:service-extension (@ (gnu services shepherd) shepherd-root-service-type) dkimproxy-out-shepherd-service))))) @@ -440,8 +444,8 @@ "\n" "# We define some actions\n" "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual <aliases>\n" + "action godkim relay host smtp://localhost:10027\n" "action outbound relay helo \"" domain "\"\n" - "action godkim relay host smtp://127.0.0.1:10027\n" "\n" "# We accept to relay any mail from authenticated users\n" "match for any from any auth action godkim\n" @@ -474,7 +478,7 @@ (define dkimproxy-out-configuration* (dkimproxy-out-configuration (listen "127.0.0.1:10027") - (relay "172.0.0.1:10028") + (relay "127.0.0.1:10028") (sender-map `(,dkimproxy-sender-marekpasnikowski)))) (define dovecot-configuration* @@ -494,76 +498,134 @@ (userdbs (list dovecot-userdb-static-configuration)))) (define groups - (list "kvm" + (list "audio" + ;; "libvirt" + "netdev" + "video" "wheel")) (define opensmtpd-configuration* ((@ (gnu services mail) opensmtpd-configuration) + (shepherd-requirement (list 'dkimproxy-out + 'networking)) (config-file (opensmtpd-config "enp1s0" "marekpasnikowski.pl")))) ;;; +(define environment-variables + (let + ( (l-variables (list '("EDITOR" . "kate -s sesja -b")))) + (gnu:services:simple-service 'id1000-environment-variables + gnu:home:services:home-environment-variables-service-type + l-variables))) + (define-public dkim-service - (service dkimproxy-out-service-type + (gnu:services:service dkimproxy-out-service-type dkimproxy-out-configuration*)) (define-public dovecot-service - (service (@ (gnu services mail) dovecot-service-type) + (gnu:services:service (@ (gnu services mail) dovecot-service-type) dovecot-configuration*)) +(define openssh-host/* + (gnu:home:services:ssh:openssh-host + (name "top-level") + (host-name "*") + (extra-content (string-append "ServerAliveInterval 60\n" + "ServerAliveCountMax 2\n")))) + +(define openssh-configuration + (let + ( (l-aisaka (mixed-text-file "aisaka-openssh-keys" + "aisaka ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n" + "[marekpasnikowski.pl]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n" + "[git.marekpasnikowski.pl]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n")) + (l-akashi (mixed-text-file "akashi-openssh-keys" + "\n")) + (l-marek (mixed-text-file "marek-openssh-keys" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@aisaka\n" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzC1VvW6TB4pMuGyfTM36T7Ar7FZqSXc7kCoVDNwtUX marek@akashi\n" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOI2JPx6s3okqMcrOX62pioWZwp8ybSICSKzILHRuxHV marek@asuna\n" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJew7ti1qr545Z6OUZ/xcNUg7ib6P0pTbSZqFpSvNhKU marek@mcdowell\n" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBo2coChmWHQn9BEbp0dA7DQG7CPEweVcsmnaIVmXyR marek@rakan\n")) + (l-mcdowell (mixed-text-file "mcdowell-openssh-keys" + "mcdowell ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/EueZjfqWhdML17z+Da7+KWHofXBpP020ff1vKedOr\n")) + (l-rakan (mixed-text-file "rakan-openssh-keys" + "rakan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n" + "[marekpasnikowski.pl]:24 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n"))) + (gnu:home:services:ssh:home-openssh-configuration + (hosts (list openssh-host/*)) + (known-hosts (list l-aisaka + l-akashi + l-mcdowell + l-rakan)) + (authorized-keys (list l-marek))))) + +(define openssh + (gnu:services:service + gnu:home:services:ssh:home-openssh-service-type + openssh-configuration)) + (define-public smtp-service - (service (@ (gnu services mail) opensmtpd-service-type) + (gnu:services:service (@ (gnu services mail) opensmtpd-service-type) opensmtpd-configuration*)) (define-public uid1000-name "marek") (define-public uid1000-account - (user-account (name uid1000-name) - (group "users") - (supplementary-groups groups) - (uid 1000) - (comment "Marek Paśnikowski") - (home-directory "/home/marek"))) + (gnu:system:accounts:user-account + (name uid1000-name) + (password deployment:users:initial-password) + (uid 1000) + (group "users") + (supplementary-groups groups) + (comment "Marek Paśnikowski") + (home-directory "/home/marek"))) (define-public uid1000-home-environment - (lambda (host-name*) - (let* ((gitconfig-file (local-file "uid1000-gitconfig")) ; TODO modularize - (gitignore-file (local-file "uid1000-gitignore")) ; TODO review the contents - - (gitconfig (list "git/config" - gitconfig-file)) - (gitignore (list "git/ignore" - gitignore-file)) - - (emacs-packages (list emacs - emacs-org-roam - emacs-paredit)) - (git-configuration-files (list gitconfig - gitignore)) - (git-packages (list git)) - (packages (list gparted)) - - (emacs-software (simple-service 'emacs-packages - home-profile-service-type - emacs-packages)) - (git-configuration (simple-service 'git-configuration - home-xdg-configuration-files-service-type - git-configuration-files)) - (git-software (simple-service 'git-packages - home-profile-service-type - git-packages)) - (profile (simple-service 'user-packages - home-profile-service-type - packages)) - - (%suweren-home-services* (%suweren-home-services host-name*)) - (user-services (list emacs-software - git-configuration - git-software - profile)) + (let + ( (l-gitconfig-file (local-file "uid1000-gitconfig")) ; TODO modularize + (l-gitignore-file (local-file "uid1000-gitignore")) ; TODO review the contents + (l-home-dbus-service (gnu:services:service gnu:home:services:desktop:home-dbus-service-type)) + (l-home-files `( (".test-channels.scm" ,(local-file "./uid1000-test-channels.scm")))) + (l-home-pipewire-service (gnu:services:service gnu:home:services:sound:home-pipewire-service-type)) + (l-home-shepherd-service (gnu:services:service gnu:home:services:shepherd:home-shepherd-service-type))) + (let + ( (l-gitconfig (list "git/config" + l-gitconfig-file)) + (l-gitignore (list "git/ignore" + l-gitignore-file)) + (l-fontconfig (sovereign:services:fontutils:home-fontconfig-service-type #f + #f + "Noto")) + (l-home-files-service (gnu:services:simple-service 'home-files + gnu:home:services:home-files-service-type + l-home-files))) + (let* + ( (l-git-configuration-files (list l-gitconfig + l-gitignore)) + (l-git-configuration (gnu:services:simple-service 'git-configuration + gnu:home:services:home-xdg-configuration-files-service-type + l-git-configuration-files)) + (l-user-services (list sovereign:systems:bash-configuration + environment-variables + l-git-configuration + l-home-files-service + l-fontconfig))) + (gnu:home:home-environment + (packages (cons* gnu:packages:version-control:git + gnu:packages:disk:gparted + gnu:packages:librewolf:librewolf + sovereign:systems:common-home-environment-packages)) + (services (cons* sovereign:services:admin:update-commands + l-home-dbus-service + l-home-pipewire-service + l-home-shepherd-service + openssh + l-user-services))))))) - (services* (append %suweren-home-services* - user-services))) - (home-environment (services services*))))) +(define-public name/home-environment + (list uid1000-name + uid1000-home-environment)) diff --git a/users/id1001.scm b/users/id1001.scm index 26a76f6..2e53210 100644 --- a/users/id1001.scm +++ b/users/id1001.scm @@ -1,45 +1,46 @@ -(define-module (users id1001) - ;; home-environment - #:use-module (gnu home) - - ;; home-profile-service-type - ;; home-xdg-configuration-files-service-type - #:use-module (gnu home services) - - ;; simple-service - #:use-module (gnu services) - - ;; user-account - #:use-module (gnu system shadow) +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2025 Marek Paśnikowski <marek@marekpasnikowski.pl> - ;; %suweren-home-services - #:use-module (suweren home)) - -;; string -(define-public uid1001-name - "lilia") - -;; (string) -> -;; record user-account -(define-public uid1001-account - (user-account (name uid1001-name) - (group "users") - (uid 1001) - (comment "Liliana Ruszuk") - (home-directory "/home/lilia"))) +(define-module (users id1001) + #:use-module ( (deployment users) + #:prefix deployment:users:) + #:use-module ( (gnu home) + #:prefix gnu:home:) + #:use-module ( (gnu system accounts) + #:prefix gnu:system:accounts:) + #:use-module ( (nongnu packages mozilla) + #:prefix nongnu:packages:mozilla:) + #:use-module ( (sovereign services admin) + #:prefix sovereign:services:admin:) + #:use-module ( (sovereign services fontutils) + #:prefix sovereign:services:fontutils:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:)) -;; record home-environment -(define-public uid1001-home-environment - (lambda (host-name*) - (let* ((packages (list )) +(define name + "janusz") - (profile (simple-service 'user-packages - home-profile-service-type - packages)) +(define home-environment + (let + ( (l-fontconfig (sovereign:services:fontutils:home-fontconfig-service-type #t + #t + "Noto"))) + (let + ( (l-services (list sovereign:systems:bash-configuration + sovereign:services:admin:update-commands + l-fontconfig))) + (gnu:home:home-environment + (packages (cons* nongnu:packages:mozilla:firefox + sovereign:systems:common-home-environment-packages)) + (services l-services))))) - (%suweren-home-services* (%suweren-home-services host-name*)) - (user-services (list profile)) +(define-public name/home-environment + (list name + home-environment)) - (services* (append %suweren-home-services* - user-services))) - (home-environment (services services*))))) +(define-public user-account + (gnu:system:accounts:user-account + (name name) + (password deployment:users:initial-password) + (group "users") + (supplementary-groups (list "wheel")))) diff --git a/users/uid1000-gitconfig b/users/uid1000-gitconfig index 300f906..f5a10e7 100644 --- a/users/uid1000-gitconfig +++ b/users/uid1000-gitconfig @@ -1,10 +1,16 @@ +[core] +quotePath = false + [commit] - gpgsign = true +gpgsign = true [user] - email = marek@marekpasnikowski.pl - name = Marek Paśnikowski - signingkey = 6D81B1207711899F +email = marek@marekpasnikowski.pl +name = Marek Paśnikowski +signingkey = 6D81B1207711899F [push] - autoSetupRemote = true +autoSetupRemote = true + +[safe] +directory = * diff --git a/users/uid1000-test-channels.scm b/users/uid1000-test-channels.scm new file mode 100644 index 0000000..b59a5ec --- /dev/null +++ b/users/uid1000-test-channels.scm @@ -0,0 +1,41 @@ +(define-module (users uid1000-test-channels) + #:use-module ( (guix channels) + #:prefix guix:channels:) + #:use-module ( (sovereign channels) + #:prefix sovereign:channels:)) + +(define test-deployment-channel + (guix:channels:channel + (inherit sovereign:channels:deployment-channel) + (branch "test"))) + +(define test-guix-channel + (guix:channels:channel + (inherit sovereign:channels:default-guix-channel) + (branch "test"))) + +(define test-guix-rust-past-crates-channel + (guix:channels:channel + (inherit sovereign:channels:guix-rust-past-crates-channel) + (branch "test"))) + +(define test-nonguix-channel + (guix:channels:channel + (inherit sovereign:channels:nonguix-channel) + (branch "test"))) + +(define test-rde-channel + (guix:channels:channel + (inherit sovereign:channels:rde-channel))) + +(define test-sovereign-channel + (guix:channels:channel + (inherit sovereign:channels:sovereign-channel) + (branch "test"))) + +(list test-deployment-channel + test-guix-channel + test-guix-rust-past-crates-channel + test-nonguix-channel + test-rde-channel + test-sovereign-channel) diff --git a/users/vmail.scm b/users/vmail.scm new file mode 100644 index 0000000..95ba916 --- /dev/null +++ b/users/vmail.scm @@ -0,0 +1,14 @@ +(define-module (users vmail) + #:use-module ((gnu system accounts) + #:prefix gnu:system:accounts:)) + +(define vmail-name + "vmail") + +(define-public vmail-account + (gnu:system:accounts:user-account + (name vmail-name) + (group vmail-name) + (comment "used to own and manage mailboxes") + (home-directory "/home/vmail") + (system? #t))) |