;; Modules to import to access variables used. (define-module (pwn system) #:use-module (gnu) #:use-module (gnu services guix) #:use-module (guix transformations) #:use-module (nongnu packages linux) #:use-module (nongnu system linux-initrd) #:use-module (pwn home)) (use-service-modules linux guix desktop pm audio virtualization networking dbus xorg avahi spice nix) (use-package-modules linux audio libusb wm fonts virtualization freedesktop vim security-token cryptsetup version-control package-management) (define patch-libvirt (options->transformation '((with-patch . "libvirt=patches/libvirt-qemu-caps.patch")))) (operating-system (locale "en_GB.utf8") (timezone "Europe/London") (keyboard-layout (keyboard-layout "gb")) (host-name "pwn") ;; Users ('root' is implicit). (users (cons* (user-account (name "ET") (comment "disposable machine") (password (crypt "ET" "$6$abc")) (group "users") (home-directory "/home/home") (supplementary-groups '("wheel" "plugdev" "netdev" "audio" "video"))) %base-user-accounts)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/vda")) (terminal-outputs '(console)))) (file-systems (cons (file-system (mount-point "/") (device "/dev/vda1") (type "ext4")) %base-file-systems)) ;; Non-free (kernel linux) (firmware (list linux-firmware)) (initrd microcode-initrd) ;; Services (system-wide) (services (append (modify-services %base-services (delete login-service-type) (delete mingetty-service-type) (delete console-font-service-type) ;; Add non-free substitutes (guix-service-type config => (guix-configuration (inherit config) (substitute-urls (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys (append (list (local-file "../files/nonguix-signing-key.pub")) %default-authorized-guix-keys))))) (list ;; systemd dependencies (service elogind-service-type) ;; Spice and Qemu for VMs (service spice-vdagent-service-type) (service qemu-guest-agent-service-type) ;; PAM and login (service greetd-service-type (greetd-configuration (greeter-supplementary-groups (list "video" "input")) (terminals (list (greetd-terminal-configuration (terminal-vt "1") (terminal-switch #t)) (greetd-terminal-configuration (terminal-vt "2")) (greetd-terminal-configuration (terminal-vt "3")))))) (service console-font-service-type (map (lambda (tty) (cons tty (file-append font-terminus "/share/consolefonts/ter-132n"))) '("tty1" "tty2" "tty3"))) (service screen-locker-service-type (screen-locker-configuration (name "swaylock") (program (file-append swaylock "/bin/swaylock")) (using-pam? #t) (using-setuid? #t))) ;; Networking (service network-manager-service-type) (service wpa-supplicant-service-type) ;; dbus (service avahi-service-type) (service udisks-service-type) (service accountsservice-service-type) (service colord-service-type) (service polkit-service-type) (service dbus-root-service-type) ;; Cleanup stale font cache fontconfig-file-system-service ;; Xwayland (service x11-socket-directory-service-type) ;; Time (service ntp-service-type) ;; Virtualization (service libvirt-service-type (libvirt-configuration (libvirt (patch-libvirt libvirt)))) (service virtlog-service-type) ;; udev including yubikey (udev-rules-service 'pipewire-add-udev-rules pipewire) (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) ;; pwn home (service guix-home-service-type `(("ET", pwn-home-environment))) (service nix-service-type)))) ;; Packages (system-wide) (packages (cons* vim git cryptsetup strace nix %base-packages)))