diff options
Diffstat (limited to 'aisaka.org')
| -rw-r--r-- | aisaka.org | 658 |
1 files changed, 0 insertions, 658 deletions
diff --git a/aisaka.org b/aisaka.org deleted file mode 100644 index 6759d2e..0000000 --- a/aisaka.org +++ /dev/null @@ -1,658 +0,0 @@ -#+title: Configuration of the Aisaka computer -*- mode: org -*- -#+startup: overview -#+property: header-args:scheme :noweb yes -#+property: header-args:scheme+ :noweb-prefix yes -#+property: header-args:shell :noweb yes -#+property: Header-args:shell+ :noweb-prefix yes - -* TODO Guix - -https://guix.gnu.org/en/manual/en/html_node/ - -** TODO Installation - -https://guix.gnu.org/en/manual/en/html_node/Installation.html - -*** TODO Invoking guix-daemon - -https://guix.gnu.org/en/manual/en/html_node/Invoking-guix_002ddaemon.html - -#+begin_src scheme :noweb-ref guix-options - "--gc-keep-derivations=yes" - "--gc-keep-outputs=yes" -#+end_src - -** TODO System configuration - -https://guix.gnu.org/en/manual/en/html_node/System-Configuration.html - -#+begin_src scheme :noweb-ref system-dump :tangle system-configuration.scm - (define-module (aisaka-system-configuration) - #:use-module (gnu) - #:use-module (gnu packages commencement) - #:use-module (gnu packages cups) - #:use-module (gnu packages finance) - #:use-module (gnu services cups) - #:use-module (gnu services configuration) - #:use-module (gnu services desktop) - #:use-module (gnu services networking) - #:use-module (gnu services nix) - #:use-module (gnu services ssh) - #:use-module (gnu services version-control) - #:use-module (gnu services xorg)) - - (define keyboard-layout - (keyboard-layout "pl")) - - (operating-system - (locale "pl_PL.utf8") - (timezone "Europe/Warsaw") - (keyboard-layout keyboard-layout) - (host-name "aisaka") - (users (cons* (user-account (name "marek") - (comment "Marek Paśnikowski") - (group "users") - (home-directory "/home/marek") - (supplementary-groups '("audio" - "netdev" - "tor" - "video" - "wheel"))) - %base-user-accounts)) - (packages - (append - (map - <<to-package+output>> - '(;; "netcat-openbsd" - "nss-certs" - "ntfs-3g")) - ( map - <<to-package+output>> - ( list ) ) - %base-packages)) - (services - <<system-services>>) - (bootloader (bootloader-configuration (bootloader grub-bootloader) - (targets '("/dev/sda")) - (keyboard-layout keyboard-layout))) - (swap-devices - (list - <<swap>>)) - (mapped-devices - (list - <<luks>>)) - (file-systems - (append %base-file-systems - (list - <<rootfs>> - <<bootfs>>)))) -#+end_src - -*** TODO Services - -https://guix.gnu.org/en/manual/en/html_node/Services.html - -#+begin_src scheme :noweb-ref system-services - (append - (list - (extra-special-file - "/lib64/ld-linux-x86-64.so.2" - (file-append (canonical-package glibc) "/lib/ld-linux-x86-64.so.2")) - (extra-special-file - "/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - (extra-special-file - "/usr/lib64/libstdc++.so.6" - (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) - <<ssh-system-service>> - <<system-base-services>> - <<system-miscellaneous-services>> - <<trezor-system-packages>> - (service - cups-service-type - (cups-configuration - (extensions - (list - cups-filters - epson-inkjet-printer-escpr)) - (web-interface? #t))) - (service git-daemon-service-type - (git-daemon-configuration - (export-all? #t))) - (service gnome-desktop-service-type) - (service plasma-desktop-service-type) - (service - tor-service-type - (tor-configuration - (control-socket? #t)))) - (modify-services - %desktop-services - (elogind-service-type - configuration => - (elogind-configuration - (inherit configuration) - (handle-lid-switch 'ignore))) - (gdm-service-type - configuration => - (gdm-configuration - (inherit configuration) - (wayland? #t))) - (delete guix-service-type))) -#+end_src - -**** TODO Base Services - -https://guix.gnu.org/en/manual/en/html_node/Base-Services.html - -#+begin_src scheme :noweb-ref system-base-services - <<trezor-udev-rules>> - (service - guix-service-type - (guix-configuration - (extra-options - (list - <<guix-options>>)))) -#+end_src - -**** TODO Miscellaneous Services - -https://guix.gnu.org/en/manual/en/html_node/Miscellaneous-Services.html - -#+begin_src scheme :noweb-ref system-miscellaneous-services - (service nix-service-type) -#+end_src - -** TODO Home configuration - -https://guix.gnu.org/en/manual/devel/en/html_node/Home-Configuration.html - -#+begin_src scheme :noweb-ref home-dump :tangle home-configuration.scm - (define-module (aisaka-home-configuration) - #:use-module (gnu home) - #:use-module (gnu home services) - #:use-module (gnu home services shells) - #:use-module (gnu packages) - #:use-module (gnu services) - #:use-module (guix gexp)) - - (define allow-downgrades - "--allow-downgrades ") - - (define config-prefix - "/home/marek/Publiczny/src/guix-config/") - - (define pull-guix - "guix pull ") - - (define pull-guix- - (string-append pull-guix - allow-downgrades - "--disable-authentication ")) - - (define guix-home - "guix home reconfigure ") - - (define home-configuration - "home-configuration.scm ") - - (define reconfigure-home - (string-append guix-home - config-prefix - home-configuration)) - - (define reconfigure-home- - (string-append reconfigure-home - allow-downgrades)) - - (define guix-system - "sudo guix system reconfigure ") - - (define system-configuration - "system-configuration.scm ") - - (define reconfigure-system - (string-append guix-system - config-prefix - system-configuration)) - - (define reconfigure-system- - (string-append reconfigure-system - allow-downgrades)) - - (define and - "&& ") - - (define system-update - (string-append pull-guix - and - reconfigure-system - and - reconfigure-home - and - "sudo guix gc -d 7d")) - - (define system-update- - (string-append pull-guix- - and - reconfigure-system- - and - reconfigure-home- - and - "sudo guix gc -d 7d")) - - (home-environment - (packages - (map - <<to-package+output>> - '("adwaita-icon-theme" - "alacritty" - "clamav" - "cpupower" - "dconf-editor" - "emacs-next" - "emacs-aggressive-indent" - "emacs-eldoc" - "emacs-geiser" - "emacs-geiser-guile" - "emacs-nix-mode" - "emacs-nov-el" - "emacs-org-contacts" - "emacs-org-contrib" - "emacs-paredit" - "font-google-noto" - "git" - "git-lfs" - "gnome-tweaks" - "gnupg" - "hicolor-icon-theme" - "icecat" - "jami" - "libadwaita" - "libreoffice" - "nm-tray" - "pwgen" - "seahorse" - "sicp" - "strace" - "unzip" - "zip"))) - (services - (list - <<flashrom-package>> - <<git-sendemail-packages>> - (service - (service-type - (name 'org-fc-tn-package) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map specification->package - (list - "emacs-org-fc-tn")))))) - (description "Custom version of ORG-FC.") - (default-value #f))) - <<ssh-user-configuration>> - ;; <<trezor-user-packages>> - (service home-bash-service-type - (home-bash-configuration - (environment-variables '(("EDITOR" . "emacs -nw") - ("GUILE_AUTO_COMPILE" . "0") - ("PATH" . "$PATH:/home/marek/.nix-profile/bin"))) - (aliases `(("grep" . "grep --color=auto ") - ("ll" . "ls -l ") - ("ls" . "ls -p --color=auto ") - ("nix" . "nix --extra-experimental-features flakes --extra-experimental-features nix-command") - ("pull-guix" . ,pull-guix) - ("pull-guix-" . ,pull-guix-) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-home-" . ,reconfigure-home-) - ("reconfigure-system" . ,reconfigure-system) - ("reconfigure-system-" . ,reconfigure-system-) - ("system-update" . ,system-update) - ("system-update-" . ,system-update-))) - (bashrc (list - (local-file "data/bashrc"))))) - ;; (service - ;; home-channels-service-type - ;; (list - ;; (channel - ;; (name 'guix) - ;; (url "https://git.savannah.gnu.org/git/guix.git")) - ;; (channel - ;; (name 'jeko) - ;; (url "https://framagit.org/Jeko/guix-jeko-channel.git")) - ;; (channel - ;; (name 'nonguix) - ;; (url "https://gitlab.com/nonguix/nonguix") - ;; ;; Enable signature verification: - ;; (introduction - ;; (make-channel-introduction - ;; "897c1a470da759236cc11798f4e0a5f7d4d59fbc" - ;; (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) - ;; (channel (name 'org-fc-tn) - ;; (url "file:///home/marek/src/org-fc") - ;; (branch "repository")) - ;; (channel (name 'packages) - ;; (url "file:///home/marek/src/packages") - ;; (branch "master")) - ;; (channel (name 'channel) - ;; (url "https://git.marekpasnikowski.pl/git/channel.git") - ;; (branch "wip-channel") - ;; ( introduction - ;; ( make-channel-introduction - ;; "f8ccfe8f3e5c8bafe06665cbd4b0c9301e1a64b6" - ;; ( openpgp-fingerprint - ;; "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F" ) ) )))) - (simple-service 'configuration-files - home-files-service-type - `((".config/git/config" ,(local-file "data/git-config")) - (".emacs" ,(local-file "data/emacs-config"))))))) -#+end_src - -*** TODO bashrc - -#+begin_src shell :tangle data/bashrc - export LD_LIBRARY_PATH=$LIBRARY_PATH -#+end_src - -*** TODO emacs - -#+begin_src elisp :tangle data/emacs-config - ;;; Disable auto-backup - (setq-default make-backup-files nil) - - ;;; https://github.com/fimblo/dot.emacs - ;;; Theme Activation - (load-theme 'manoj-dark) - - ;;; Enable ParEdit - (add-hook 'prog-mode-hook 'enable-paredit-mode) - - ;;; https://elpa.gnu.org/packages/aggressive-indent.html - ;;; Automatic Activation of Aggressive Indent - (global-aggressive-indent-mode) - - ;; Highlight the pair of delimiters under the cursor - (setq-default show-paren-mode 1 - show-paren-delay 0) - - ;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html - ;;; Copyright Information - (setq-default user-full-name "Marek Paśnikowski" - user-mail-address "marekpasnikowski@protonmail.com") - - ;;; Startup Screen Inhibition - (setq-default inhibit-startup-screen t) - - ;; Enable the column-80 line - (setq-default display-fill-column-indicator 1 - display-fill-column-indicator-column 80) - (global-display-fill-column-indicator-mode) - - ;; Prepare Literate Programming - (setq-default - org-startup-indented t - org-confirm-babel-evaluate nil - org-src-fontify-natively t - org-src-tab-acts-natively t) - (org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) - (scheme . t ) - (shell . t ))) - - (add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) - - ;; Monospace Font in Ebook Reader - (setq-default nov-variable-pitch nil) - - ;; Disable Toolbar - (tool-bar-mode -1) - - ;; GNUS Configuration - (setq-default gnus-auto-select-first nil - gnus-select-method '(nnnil "") - gnus-secondary-select-methods '((nnimap "outlook" - (nnimap-address "outlook.office365.com") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo")) - (nnimap "home" - (nnimap-address "serwer1930490.home.pl") - (nnimap-server-port 993) - (nnimap-stream ssl) - (nnimap-authinfo-file "~/.authinfo"))) - nnmail-split-method 'nnmail-split-fancy - nnmail-split-fancy '(| "normal")) - (add-hook 'gnus-group-mode-hook 'gnus-topic-mode) - - ;; Org Configuration - (setq-default org-contacts-files '("~/Dokumenty/UWM/filia w Ełku/Samorząd 2022/starostowie.org")) - - ;; ORG-FC Configuration - (require 'org-fc-hydra) - (setq-default - org-fc-algorithm 'tn - org-fc-directories '("~/Dokumenty/fiszki")) - - ;; Nix Mode - (require 'nix-mode) - (add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) -#+end_src - -*** TODO git-config - -#+begin_src shell :tangle data/git-config - <<git-sendemail-config>> - <<git-user-config>> -#+end_src - -**** TODO User Configuration - -#+begin_src shell :noweb-ref git-user-config - [user] - name = "Marek Paśnikowski" - email = "marekpasnikowski@protonmail.com" -#+end_src - -* TODO Git Send Email - -https://git-send-email.io/ - -** TODO Installation - -https://git-send-email.io/#step-1 - -#+begin_src scheme :noweb-ref git-sendemail-packages - (service - (service-type - (name 'git-sendemail-packages) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map - <<to-package+output>> - (list - "git" - "git:send-email")))))) - (description "Git Send Email") - (default-value #f))) -#+end_src - -** TODO Configuration - -https://git-send-email.io/#step-2 - -#+begin_src shell :noweb-ref git-sendemail-config - [sendemail] - smtpencryption = tls - smtpserver = localhost - smtpserverport = 1025 - smtpsslcertpath = "" - smtpuser = marekpasnikowski@protonmail.com -#+end_src - -* TODO LIBREBOOT - -The first layer of computing is the firmware. The Lenovo Thinkpad X200 has -a free Libreboot firmware installed. It is a good idea to keep it up to date. - -** TODO Flashrom - -Flashrom program is needed to write the computer firmware. The -program needs a relaxed kernel security feature. - -#+begin_src scheme :noweb-ref flashrom-package - (service - (service-type - (name 'flashrom-package) - (extensions - `(,(service-extension home-profile-service-type - (lambda (_) - (map specification->package - '("flashrom")))))) - (description "Flashrom installation.") - (default-value #f))) -#+end_src - -* TODO File Systems - -This system has a very simple file system - a boot partition, main partition -for everything else and swap. The main partition is encrypted. - -** Mapped Devices - -Data encryption layer, password protected. The LUKS encryption type is -used. - -#+begin_src scheme :noweb-ref luks - (mapped-device - (source (uuid "887ac37f-2919-41a0-a62a-e1ff5ea2d6cc")) - (target "aisaka-root") - (type luks-device-mapping)) -#+end_src - -** File Systems - -The data is split into an unencrypted boot partition and encrypted root -filesystem. - -*** Root File System - -The root filesystem is mounted on the encryption layer. Its type is -BTRFS. - -#+begin_src scheme :noweb-ref rootfs - (file-system - (mount-point "/") - (device "/dev/mapper/aisaka-root") - (type "btrfs") - (dependencies mapped-devices)) -#+end_src - -*** Boot File System - -The boot partition is on EXT4 filesystem. - -#+begin_src scheme :noweb-ref bootfs - (file-system - (mount-point "/boot") - (device (uuid "4f77b5fc-56ad-43ae-b6ec-e5adc8c48587")) - (type "ext4")) -#+end_src - -** Swap Devices - -Swap takes half the storage space in order to facilitate edge cases of -memory without overprovisioning, as well as to prolog the lifetime of SSD. - -#+begin_src scheme :noweb-ref swap - (swap-space (target (uuid "73bed3f9-be07-40ad-a228-577cd24f2e1d"))) -#+end_src - -* TODO System Servers - -** TODO Secure Shell - -*** TODO SSH Installation - -#+begin_src scheme :noweb-ref ssh-system-service - (service openssh-service-type) -#+end_src - -*** TODO SSH Configuration - -#+begin_src scheme :noweb-ref ssh-user-configuration - (simple-service 'ssh-configuration* home-files-service-type - `((".ssh/config" ,(plain-file "ssh-config" "\ - <<ssh-config>>\n")))) -#+end_src - -**** TODO SSH Configuration File - -#+begin_src shell :noweb-ref ssh-config - Host *.onion - ProxyCommand nc -x localhost:9050 -X5 %h %p - - Host kynio.onion - User kynio - Hostname prnpi5oblk35gzcihbgu3227xvanisouxgbejri57bnzjawcksq4l7yd.onion - Port 22 -#+end_src - -* TODO Device Management - -https://www.linuxfromscratch.org/lfs/view/11.1/chapter09/symlinks.html - -** TODO Trezor - -https://trezor.io/trezor-model-t - -*** TODO Trezor System Packages - -#+begin_src scheme :noweb-ref trezor-system-packages - (service - (service-type - (name 'trezor-system-packages) - (extensions - (list - (service-extension profile-service-type - (lambda (_) - (map specification->package - (list - "trezord" - "trezord-udev-rules")))))) - (description "TrezorD packages needed by the system.") - (default-value #f))) -#+end_src - -*** TODO Trezor User Packages - -#+begin_src scheme :noweb-ref trezor-user-packages - (service - (service-type - (name 'trezor-user-packages) - (extensions - (list - (service-extension home-profile-service-type - (lambda (_) - (map specification->package - (list - "trezor-agent")))))) - (description "Trezor packages for the user.") - (default-value #f))) -#+end_src - -*** TODO Trezor Udev Services - -#+begin_src scheme :noweb-ref trezor-udev-rules - (udev-rules-service 'trezord trezord-udev-rules) -#+end_src - -* TODO Helpers -** TODO String to Package - -#+begin_src scheme :noweb-ref to-package+output - (compose list - specification->package+output) -#+end_src |