diff options
Diffstat (limited to 'dom0/system.scm')
| -rw-r--r-- | dom0/system.scm | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/dom0/system.scm b/dom0/system.scm index 3757c0a..dbb27dc 100644 --- a/dom0/system.scm +++ b/dom0/system.scm @@ -2,6 +2,7 @@ (define-module (dom0 system) #:use-module (gnu) #:use-module (gnu services guix) + #:use-module (gnu system privilege) #:use-module (guix transformations) #:use-module (nongnu packages linux) #:use-module (nongnu system linux-initrd) @@ -9,9 +10,11 @@ #:use-module (nongnu services nvidia)) (use-service-modules linux guix desktop pm audio virtualization - networking dbus xorg avahi spice) + networking dbus xorg avahi spice + security-token) (use-package-modules linux audio libusb wm fonts virtualization - freedesktop vim cryptsetup version-control) + freedesktop vim cryptsetup version-control + security-token spice) (define patch-libvirt (options->transformation @@ -88,7 +91,7 @@ (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys - (append (list (local-file "..files/nonguix-signing-key.pub")) + (append (list (local-file "../files/nonguix-signing-key.pub")) %default-authorized-guix-keys))))) (list ;; NVIDIA @@ -158,11 +161,24 @@ (libvirt (patch-libvirt libvirt)) (qemu (replace-mesa qemu)))) (service virtlog-service-type) + + ;polkit rules for spice usb passthru + (simple-service 'spice-polkit polkit-service-type (list spice-gtk)) + ;; yubikey + (service pcscd-service-type) ;; udev - (udev-rules-service 'pipewire-add-udev-rules pipewire)))) - - ;; Packages (system-wide) + (udev-rules-service 'pipewire-add-udev-rules pipewire) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))))) + + ;; required for spice usb passthru + (privileged-programs + (cons (privileged-program + (program (file-append spice-gtk "/libexec/spice-client-glib-usb-acl-helper")) + (setuid? #t)) + %default-privileged-programs)) + +;; Packages (system-wide) (packages (cons* vim git cryptsetup |