diff options
| author | c0co.channel <c0co.channel@braincrime.com> | 2025-10-23 23:29:42 +0100 |
|---|---|---|
| committer | c0co.channel <c0co.channel@braincrime.com> | 2025-10-23 23:29:42 +0100 |
| commit | 22e51f645f9725cf3786aef807bdd9182afffc66 (patch) | |
| tree | 067353382f2eef2fe441a37750ed6cbea6fb83d7 /dom0/system.scm | |
| parent | ae78645ec48c9e6b522bc54eb15fc5ca849c36cd (diff) | |
Amend sway config, disposable vms and add .desktop
Diffstat (limited to 'dom0/system.scm')
| -rw-r--r-- | dom0/system.scm | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/dom0/system.scm b/dom0/system.scm index 3757c0a..dbb27dc 100644 --- a/dom0/system.scm +++ b/dom0/system.scm @@ -2,6 +2,7 @@ (define-module (dom0 system) #:use-module (gnu) #:use-module (gnu services guix) + #:use-module (gnu system privilege) #:use-module (guix transformations) #:use-module (nongnu packages linux) #:use-module (nongnu system linux-initrd) @@ -9,9 +10,11 @@ #:use-module (nongnu services nvidia)) (use-service-modules linux guix desktop pm audio virtualization - networking dbus xorg avahi spice) + networking dbus xorg avahi spice + security-token) (use-package-modules linux audio libusb wm fonts virtualization - freedesktop vim cryptsetup version-control) + freedesktop vim cryptsetup version-control + security-token spice) (define patch-libvirt (options->transformation @@ -88,7 +91,7 @@ (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys - (append (list (local-file "..files/nonguix-signing-key.pub")) + (append (list (local-file "../files/nonguix-signing-key.pub")) %default-authorized-guix-keys))))) (list ;; NVIDIA @@ -158,11 +161,24 @@ (libvirt (patch-libvirt libvirt)) (qemu (replace-mesa qemu)))) (service virtlog-service-type) + + ;polkit rules for spice usb passthru + (simple-service 'spice-polkit polkit-service-type (list spice-gtk)) + ;; yubikey + (service pcscd-service-type) ;; udev - (udev-rules-service 'pipewire-add-udev-rules pipewire)))) - - ;; Packages (system-wide) + (udev-rules-service 'pipewire-add-udev-rules pipewire) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))))) + + ;; required for spice usb passthru + (privileged-programs + (cons (privileged-program + (program (file-append spice-gtk "/libexec/spice-client-glib-usb-acl-helper")) + (setuid? #t)) + %default-privileged-programs)) + +;; Packages (system-wide) (packages (cons* vim git cryptsetup |