diff options
Diffstat (limited to 'systems/aisaka/aisaka.org')
| -rw-r--r-- | systems/aisaka/aisaka.org | 658 |
1 files changed, 658 insertions, 0 deletions
diff --git a/systems/aisaka/aisaka.org b/systems/aisaka/aisaka.org new file mode 100644 index 0000000..6759d2e --- /dev/null +++ b/systems/aisaka/aisaka.org @@ -0,0 +1,658 @@ +#+title: Configuration of the Aisaka computer -*- mode: org -*- +#+startup: overview +#+property: header-args:scheme :noweb yes +#+property: header-args:scheme+ :noweb-prefix yes +#+property: header-args:shell :noweb yes +#+property: Header-args:shell+ :noweb-prefix yes + +* TODO Guix + +https://guix.gnu.org/en/manual/en/html_node/ + +** TODO Installation + +https://guix.gnu.org/en/manual/en/html_node/Installation.html + +*** TODO Invoking guix-daemon + +https://guix.gnu.org/en/manual/en/html_node/Invoking-guix_002ddaemon.html + +#+begin_src scheme :noweb-ref guix-options + "--gc-keep-derivations=yes" + "--gc-keep-outputs=yes" +#+end_src + +** TODO System configuration + +https://guix.gnu.org/en/manual/en/html_node/System-Configuration.html + +#+begin_src scheme :noweb-ref system-dump :tangle system-configuration.scm + (define-module (aisaka-system-configuration) + #:use-module (gnu) + #:use-module (gnu packages commencement) + #:use-module (gnu packages cups) + #:use-module (gnu packages finance) + #:use-module (gnu services cups) + #:use-module (gnu services configuration) + #:use-module (gnu services desktop) + #:use-module (gnu services networking) + #:use-module (gnu services nix) + #:use-module (gnu services ssh) + #:use-module (gnu services version-control) + #:use-module (gnu services xorg)) + + (define keyboard-layout + (keyboard-layout "pl")) + + (operating-system + (locale "pl_PL.utf8") + (timezone "Europe/Warsaw") + (keyboard-layout keyboard-layout) + (host-name "aisaka") + (users (cons* (user-account (name "marek") + (comment "Marek Paśnikowski") + (group "users") + (home-directory "/home/marek") + (supplementary-groups '("audio" + "netdev" + "tor" + "video" + "wheel"))) + %base-user-accounts)) + (packages + (append + (map + <<to-package+output>> + '(;; "netcat-openbsd" + "nss-certs" + "ntfs-3g")) + ( map + <<to-package+output>> + ( list ) ) + %base-packages)) + (services + <<system-services>>) + (bootloader (bootloader-configuration (bootloader grub-bootloader) + (targets '("/dev/sda")) + (keyboard-layout keyboard-layout))) + (swap-devices + (list + <<swap>>)) + (mapped-devices + (list + <<luks>>)) + (file-systems + (append %base-file-systems + (list + <<rootfs>> + <<bootfs>>)))) +#+end_src + +*** TODO Services + +https://guix.gnu.org/en/manual/en/html_node/Services.html + +#+begin_src scheme :noweb-ref system-services + (append + (list + (extra-special-file + "/lib64/ld-linux-x86-64.so.2" + (file-append (canonical-package glibc) "/lib/ld-linux-x86-64.so.2")) + (extra-special-file + "/lib64/libstdc++.so.6" + (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) + (extra-special-file + "/usr/lib64/libstdc++.so.6" + (file-append (canonical-package gcc-toolchain) "/lib/libstdc++.so.6")) + <<ssh-system-service>> + <<system-base-services>> + <<system-miscellaneous-services>> + <<trezor-system-packages>> + (service + cups-service-type + (cups-configuration + (extensions + (list + cups-filters + epson-inkjet-printer-escpr)) + (web-interface? #t))) + (service git-daemon-service-type + (git-daemon-configuration + (export-all? #t))) + (service gnome-desktop-service-type) + (service plasma-desktop-service-type) + (service + tor-service-type + (tor-configuration + (control-socket? #t)))) + (modify-services + %desktop-services + (elogind-service-type + configuration => + (elogind-configuration + (inherit configuration) + (handle-lid-switch 'ignore))) + (gdm-service-type + configuration => + (gdm-configuration + (inherit configuration) + (wayland? #t))) + (delete guix-service-type))) +#+end_src + +**** TODO Base Services + +https://guix.gnu.org/en/manual/en/html_node/Base-Services.html + +#+begin_src scheme :noweb-ref system-base-services + <<trezor-udev-rules>> + (service + guix-service-type + (guix-configuration + (extra-options + (list + <<guix-options>>)))) +#+end_src + +**** TODO Miscellaneous Services + +https://guix.gnu.org/en/manual/en/html_node/Miscellaneous-Services.html + +#+begin_src scheme :noweb-ref system-miscellaneous-services + (service nix-service-type) +#+end_src + +** TODO Home configuration + +https://guix.gnu.org/en/manual/devel/en/html_node/Home-Configuration.html + +#+begin_src scheme :noweb-ref home-dump :tangle home-configuration.scm + (define-module (aisaka-home-configuration) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services shells) + #:use-module (gnu packages) + #:use-module (gnu services) + #:use-module (guix gexp)) + + (define allow-downgrades + "--allow-downgrades ") + + (define config-prefix + "/home/marek/Publiczny/src/guix-config/") + + (define pull-guix + "guix pull ") + + (define pull-guix- + (string-append pull-guix + allow-downgrades + "--disable-authentication ")) + + (define guix-home + "guix home reconfigure ") + + (define home-configuration + "home-configuration.scm ") + + (define reconfigure-home + (string-append guix-home + config-prefix + home-configuration)) + + (define reconfigure-home- + (string-append reconfigure-home + allow-downgrades)) + + (define guix-system + "sudo guix system reconfigure ") + + (define system-configuration + "system-configuration.scm ") + + (define reconfigure-system + (string-append guix-system + config-prefix + system-configuration)) + + (define reconfigure-system- + (string-append reconfigure-system + allow-downgrades)) + + (define and + "&& ") + + (define system-update + (string-append pull-guix + and + reconfigure-system + and + reconfigure-home + and + "sudo guix gc -d 7d")) + + (define system-update- + (string-append pull-guix- + and + reconfigure-system- + and + reconfigure-home- + and + "sudo guix gc -d 7d")) + + (home-environment + (packages + (map + <<to-package+output>> + '("adwaita-icon-theme" + "alacritty" + "clamav" + "cpupower" + "dconf-editor" + "emacs-next" + "emacs-aggressive-indent" + "emacs-eldoc" + "emacs-geiser" + "emacs-geiser-guile" + "emacs-nix-mode" + "emacs-nov-el" + "emacs-org-contacts" + "emacs-org-contrib" + "emacs-paredit" + "font-google-noto" + "git" + "git-lfs" + "gnome-tweaks" + "gnupg" + "hicolor-icon-theme" + "icecat" + "jami" + "libadwaita" + "libreoffice" + "nm-tray" + "pwgen" + "seahorse" + "sicp" + "strace" + "unzip" + "zip"))) + (services + (list + <<flashrom-package>> + <<git-sendemail-packages>> + (service + (service-type + (name 'org-fc-tn-package) + (extensions + (list + (service-extension home-profile-service-type + (lambda (_) + (map specification->package + (list + "emacs-org-fc-tn")))))) + (description "Custom version of ORG-FC.") + (default-value #f))) + <<ssh-user-configuration>> + ;; <<trezor-user-packages>> + (service home-bash-service-type + (home-bash-configuration + (environment-variables '(("EDITOR" . "emacs -nw") + ("GUILE_AUTO_COMPILE" . "0") + ("PATH" . "$PATH:/home/marek/.nix-profile/bin"))) + (aliases `(("grep" . "grep --color=auto ") + ("ll" . "ls -l ") + ("ls" . "ls -p --color=auto ") + ("nix" . "nix --extra-experimental-features flakes --extra-experimental-features nix-command") + ("pull-guix" . ,pull-guix) + ("pull-guix-" . ,pull-guix-) + ("reconfigure-home" . ,reconfigure-home) + ("reconfigure-home-" . ,reconfigure-home-) + ("reconfigure-system" . ,reconfigure-system) + ("reconfigure-system-" . ,reconfigure-system-) + ("system-update" . ,system-update) + ("system-update-" . ,system-update-))) + (bashrc (list + (local-file "data/bashrc"))))) + ;; (service + ;; home-channels-service-type + ;; (list + ;; (channel + ;; (name 'guix) + ;; (url "https://git.savannah.gnu.org/git/guix.git")) + ;; (channel + ;; (name 'jeko) + ;; (url "https://framagit.org/Jeko/guix-jeko-channel.git")) + ;; (channel + ;; (name 'nonguix) + ;; (url "https://gitlab.com/nonguix/nonguix") + ;; ;; Enable signature verification: + ;; (introduction + ;; (make-channel-introduction + ;; "897c1a470da759236cc11798f4e0a5f7d4d59fbc" + ;; (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) + ;; (channel (name 'org-fc-tn) + ;; (url "file:///home/marek/src/org-fc") + ;; (branch "repository")) + ;; (channel (name 'packages) + ;; (url "file:///home/marek/src/packages") + ;; (branch "master")) + ;; (channel (name 'channel) + ;; (url "https://git.marekpasnikowski.pl/git/channel.git") + ;; (branch "wip-channel") + ;; ( introduction + ;; ( make-channel-introduction + ;; "f8ccfe8f3e5c8bafe06665cbd4b0c9301e1a64b6" + ;; ( openpgp-fingerprint + ;; "590E 500F E39D 26B3 E60B 743B 6D81 B120 7711 899F" ) ) )))) + (simple-service 'configuration-files + home-files-service-type + `((".config/git/config" ,(local-file "data/git-config")) + (".emacs" ,(local-file "data/emacs-config"))))))) +#+end_src + +*** TODO bashrc + +#+begin_src shell :tangle data/bashrc + export LD_LIBRARY_PATH=$LIBRARY_PATH +#+end_src + +*** TODO emacs + +#+begin_src elisp :tangle data/emacs-config + ;;; Disable auto-backup + (setq-default make-backup-files nil) + + ;;; https://github.com/fimblo/dot.emacs + ;;; Theme Activation + (load-theme 'manoj-dark) + + ;;; Enable ParEdit + (add-hook 'prog-mode-hook 'enable-paredit-mode) + + ;;; https://elpa.gnu.org/packages/aggressive-indent.html + ;;; Automatic Activation of Aggressive Indent + (global-aggressive-indent-mode) + + ;; Highlight the pair of delimiters under the cursor + (setq-default show-paren-mode 1 + show-paren-delay 0) + + ;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html + ;;; Copyright Information + (setq-default user-full-name "Marek Paśnikowski" + user-mail-address "marekpasnikowski@protonmail.com") + + ;;; Startup Screen Inhibition + (setq-default inhibit-startup-screen t) + + ;; Enable the column-80 line + (setq-default display-fill-column-indicator 1 + display-fill-column-indicator-column 80) + (global-display-fill-column-indicator-mode) + + ;; Prepare Literate Programming + (setq-default + org-startup-indented t + org-confirm-babel-evaluate nil + org-src-fontify-natively t + org-src-tab-acts-natively t) + (org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) + (scheme . t ) + (shell . t ))) + + (add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) + + ;; Monospace Font in Ebook Reader + (setq-default nov-variable-pitch nil) + + ;; Disable Toolbar + (tool-bar-mode -1) + + ;; GNUS Configuration + (setq-default gnus-auto-select-first nil + gnus-select-method '(nnnil "") + gnus-secondary-select-methods '((nnimap "outlook" + (nnimap-address "outlook.office365.com") + (nnimap-server-port 993) + (nnimap-stream ssl) + (nnimap-authinfo-file "~/.authinfo")) + (nnimap "home" + (nnimap-address "serwer1930490.home.pl") + (nnimap-server-port 993) + (nnimap-stream ssl) + (nnimap-authinfo-file "~/.authinfo"))) + nnmail-split-method 'nnmail-split-fancy + nnmail-split-fancy '(| "normal")) + (add-hook 'gnus-group-mode-hook 'gnus-topic-mode) + + ;; Org Configuration + (setq-default org-contacts-files '("~/Dokumenty/UWM/filia w Ełku/Samorząd 2022/starostowie.org")) + + ;; ORG-FC Configuration + (require 'org-fc-hydra) + (setq-default + org-fc-algorithm 'tn + org-fc-directories '("~/Dokumenty/fiszki")) + + ;; Nix Mode + (require 'nix-mode) + (add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) +#+end_src + +*** TODO git-config + +#+begin_src shell :tangle data/git-config + <<git-sendemail-config>> + <<git-user-config>> +#+end_src + +**** TODO User Configuration + +#+begin_src shell :noweb-ref git-user-config + [user] + name = "Marek Paśnikowski" + email = "marekpasnikowski@protonmail.com" +#+end_src + +* TODO Git Send Email + +https://git-send-email.io/ + +** TODO Installation + +https://git-send-email.io/#step-1 + +#+begin_src scheme :noweb-ref git-sendemail-packages + (service + (service-type + (name 'git-sendemail-packages) + (extensions + (list + (service-extension home-profile-service-type + (lambda (_) + (map + <<to-package+output>> + (list + "git" + "git:send-email")))))) + (description "Git Send Email") + (default-value #f))) +#+end_src + +** TODO Configuration + +https://git-send-email.io/#step-2 + +#+begin_src shell :noweb-ref git-sendemail-config + [sendemail] + smtpencryption = tls + smtpserver = localhost + smtpserverport = 1025 + smtpsslcertpath = "" + smtpuser = marekpasnikowski@protonmail.com +#+end_src + +* TODO LIBREBOOT + +The first layer of computing is the firmware. The Lenovo Thinkpad X200 has +a free Libreboot firmware installed. It is a good idea to keep it up to date. + +** TODO Flashrom + +Flashrom program is needed to write the computer firmware. The +program needs a relaxed kernel security feature. + +#+begin_src scheme :noweb-ref flashrom-package + (service + (service-type + (name 'flashrom-package) + (extensions + `(,(service-extension home-profile-service-type + (lambda (_) + (map specification->package + '("flashrom")))))) + (description "Flashrom installation.") + (default-value #f))) +#+end_src + +* TODO File Systems + +This system has a very simple file system - a boot partition, main partition +for everything else and swap. The main partition is encrypted. + +** Mapped Devices + +Data encryption layer, password protected. The LUKS encryption type is +used. + +#+begin_src scheme :noweb-ref luks + (mapped-device + (source (uuid "887ac37f-2919-41a0-a62a-e1ff5ea2d6cc")) + (target "aisaka-root") + (type luks-device-mapping)) +#+end_src + +** File Systems + +The data is split into an unencrypted boot partition and encrypted root +filesystem. + +*** Root File System + +The root filesystem is mounted on the encryption layer. Its type is +BTRFS. + +#+begin_src scheme :noweb-ref rootfs + (file-system + (mount-point "/") + (device "/dev/mapper/aisaka-root") + (type "btrfs") + (dependencies mapped-devices)) +#+end_src + +*** Boot File System + +The boot partition is on EXT4 filesystem. + +#+begin_src scheme :noweb-ref bootfs + (file-system + (mount-point "/boot") + (device (uuid "4f77b5fc-56ad-43ae-b6ec-e5adc8c48587")) + (type "ext4")) +#+end_src + +** Swap Devices + +Swap takes half the storage space in order to facilitate edge cases of +memory without overprovisioning, as well as to prolog the lifetime of SSD. + +#+begin_src scheme :noweb-ref swap + (swap-space (target (uuid "73bed3f9-be07-40ad-a228-577cd24f2e1d"))) +#+end_src + +* TODO System Servers + +** TODO Secure Shell + +*** TODO SSH Installation + +#+begin_src scheme :noweb-ref ssh-system-service + (service openssh-service-type) +#+end_src + +*** TODO SSH Configuration + +#+begin_src scheme :noweb-ref ssh-user-configuration + (simple-service 'ssh-configuration* home-files-service-type + `((".ssh/config" ,(plain-file "ssh-config" "\ + <<ssh-config>>\n")))) +#+end_src + +**** TODO SSH Configuration File + +#+begin_src shell :noweb-ref ssh-config + Host *.onion + ProxyCommand nc -x localhost:9050 -X5 %h %p + + Host kynio.onion + User kynio + Hostname prnpi5oblk35gzcihbgu3227xvanisouxgbejri57bnzjawcksq4l7yd.onion + Port 22 +#+end_src + +* TODO Device Management + +https://www.linuxfromscratch.org/lfs/view/11.1/chapter09/symlinks.html + +** TODO Trezor + +https://trezor.io/trezor-model-t + +*** TODO Trezor System Packages + +#+begin_src scheme :noweb-ref trezor-system-packages + (service + (service-type + (name 'trezor-system-packages) + (extensions + (list + (service-extension profile-service-type + (lambda (_) + (map specification->package + (list + "trezord" + "trezord-udev-rules")))))) + (description "TrezorD packages needed by the system.") + (default-value #f))) +#+end_src + +*** TODO Trezor User Packages + +#+begin_src scheme :noweb-ref trezor-user-packages + (service + (service-type + (name 'trezor-user-packages) + (extensions + (list + (service-extension home-profile-service-type + (lambda (_) + (map specification->package + (list + "trezor-agent")))))) + (description "Trezor packages for the user.") + (default-value #f))) +#+end_src + +*** TODO Trezor Udev Services + +#+begin_src scheme :noweb-ref trezor-udev-rules + (udev-rules-service 'trezord trezord-udev-rules) +#+end_src + +* TODO Helpers +** TODO String to Package + +#+begin_src scheme :noweb-ref to-package+output + (compose list + specification->package+output) +#+end_src |