guixconfig/config.org

#+TITLE: GUIX System Configuration
#+AUTHOR: Daniel Ziltener
#+PROPERTY: scheme-implementation guile
#+PROPERTY: header-args:scheme :comments both :session *guile*

#+begin_src emacs-lisp :results none
  (org-babel-lob-ingest "./library.org")
#+end_src

* Makefile

#+begin_src makefile :tangle Makefile
  ~/.config/guix/channels.scm:
          mkdir -p ~/.config/guix
          cp channels.scm ~/.config/guix/channels.scm

  install:
          guix archive --authorize < signing-key.pub
          guix system reconfigure ./config.scm --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org'
#+end_src

* System Installation Script

This is to be run after setting up the partitions.

#+begin_src sh :tangle sysinst.sh
  #!/bin/sh
  herd start cow-store /mnt
  mkdir -p /mnt/etc/guix/
  cp channels.scm /mnt/etc/guix/
  mkdir -p /etc/guix
  cp channels.scm /etc/guix
  guix pull
  sed -i 's|/etc/config.scm|/mnt/etc/config.scm|g' ./config.scm
  guix system init ./config.scm /mnt --substitute-urls="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org"
#+end_src

* Modules

#+NAME: module-list
- gnu
- gnu image
- gnu services authentication
- gnu services base
- gnu services dbus
- gnu services desktop
- gnu services linux
- gnu services networking
- gnu services pm
- gnu services virtualization
- gnu services xorg
- gnu system nss
- nongnu packages linux
- nongnu system linux-initrd

#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm
  <<list-to-use(use-call="use-modules",entries=module-list,all-parens=1)>>
#+end_src

** Service Modules

#+NAME: service-module-list
- desktop
- xorg

#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm
  <<list-to-use(use-call="use-service-modules",entries=service-module-list)>>
#+end_src

#+RESULTS:

**  Package Modules

#+NAME: package-module-list
- bootloaders
- certs
- emacs
- emacs-xyz
- fonts
- pciutils
- readline
- terminals
- version-control
- wm
- xorg

#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm
  <<list-to-use(use-call="use-package-modules",entries=package-module-list)>>
#+end_src

* Configuration Definitions

** File System

The variable ~%local-filesystem~ extracts the file system definitions from the installer-provided
=config.scm= file.

#+begin_src scheme :tangle config.scm
  (define %local-filesystem
    (call-with-input-file "/etc/config.scm"
      (lambda (port)
        (read port)
        (read port)
        (eval (cadar (last-pair (read port)))
              (interaction-environment)))))
#+end_src

#+RESULTS:

As a sibling to the former, the variable ~%local-swap~ does the same with the swap partition.

#+begin_src scheme :tangle config.scm
  (define %local-swap
    (call-with-input-file "/etc/config.scm"
      (lambda (port)
        (read port)
        (read port)
        (let* ((os-list (read port))
               (os-list-length (length os-list)))
          (eval
           (cadr
            (list-ref os-list
                      (- os-list-length 2)))
           (interaction-environment))))))
#+end_src

** Channels

This adds the Nonguix channel.

#+begin_src scheme :tangle channels.scm
  ;; Copy this to ~/.config/guix/channels.scm.
  (cons* (channel
        (name 'nonguix)
        (url "https://gitlab.com/nonguix/nonguix")
        ;; Enable signature verification:
        (introduction
         (make-channel-introduction
          "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
          (openpgp-fingerprint
           "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
       %default-channels)
#+end_src

** Packages

#+NAME: root-packages
- emacs
- emacs-desktop-environment
- font-terminus
- git
- hwdata
- nss-certs
- readline

#+NAME: root-package-block
#+begin_src scheme :noweb no-export
  (packages
   (append
    <<org-to-scheme-sym-list(input=root-packages)>>
    %base-packages))
#+end_src

#+RESULTS: root-package-block

** Services

#+NAME: root-services-block
#+begin_src scheme :noweb yes :exports none :results code
  (services
   (append
    <<root-modified-desktop-services>>
    <<root-simple-service-block>>
    (list
     <<greeter-service>>)
    (list
     <<screen-lock-service>>)
    ))
#+end_src

*** Simple Services

These services are unmodified, or have just few settings.

#+NAME: root-simple-services
| Service     | Options                                              |
|-------------+------------------------------------------------------|
| tlp         | ()                                                   |
| thermald    | ((adaptive? #t))                                     |
| bluetooth   | ()                                                   |
| earlyoom    | ((minimum-available-memory 5) (minimum-free-swap 5)) |
| inputattach | ()                                                   |
| libvirt     | ((unix-sock-group "libvirt"))                        |
| fstrim      | ()                                                   |
| fprintd     | ()                                                   |

#+NAME: root-simple-service-block
#+begin_src scheme :noweb yes :exports none :results output
  <<service-converter(input=root-simple-services)>>
#+end_src

*** Modified Desktop Services

#+NAME: nonguix-pubkey
#+begin_src scheme :tangle keys/non-guix.pub :mkdirp yes
  (public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))
#+end_src

#+NAME: root-modified-desktop-services
#+begin_src scheme :exports none :results code
    (modify-services
     %desktop-services
     (delete login-service-type)
     (delete mingetty-service-type)
     (delete console-font-service-type)
     (guix-service-type config => (guix-configuration
                                   (inherit config)
                                   (substitute-urls
                                    (append (list "https://substitutes.nonguix.org")
                                            %default-substitute-urls))
                                   (authorized-keys
                                    (append (list (plain-file "non-guix.pub"
                                                              "<<nonguix-pubkey>>")))))))
#+end_src

*** Greeter Service

=greetd= is a broken mess, yet here we are.

#+NAME: greeter-service
#+begin_src scheme
  (service greetd-service-type
           (greetd-configuration
            (greeter-supplementary-groups
             (list "video" "input"))
            (terminals
             (list
              (greetd-terminal-configuration
               (terminal-vt "1"))
              (greetd-terminal-configuration
               (terminal-vt "2"))
              (greetd-terminal-configuration
               (terminal-vt "3"))
              (greetd-terminal-configuration
               (terminal-vt "4"))
              #;(greetd-terminal-configuration
              (terminal-vt "7")
              (terminal-switch #t)
              (default-session-command
              (greetd-wlgreet-session
              (command
              (file-append swayfx "/bin/sway")))))
              (greetd-terminal-configuration
               (terminal-vt "8"))))))
#+end_src

*** Screen Locker Service

For some reason, this service runs on root level for Guix.

#+NAME: screen-lock-service
#+begin_src scheme
  (service screen-locker-service-type
           (screen-locker-configuration
            (name "swaylock")
            (program
             (file-append swaylock-effects "/bin/swaylock"))
            (using-setuid? #f)))
#+end_src

* Operating System

This is the full operating system specification.

#+begin_src scheme :noweb no-export :results code :tangle config.scm
  (operating-system
   (host-name "ziltis-machine")
   (timezone "Europe/Berlin")
   (locale "de_DE.utf8")
   (keyboard-layout
    (keyboard-layout "de" #:options '("caps:swapescape")))
   (kernel linux)
   (initrd microcode-initrd)
   (firmware (list linux-firmware))
   (bootloader
    (bootloader-configuration
     (bootloader grub-efi-bootloader)
     (targets
      '("/boot/efi"))
     (keyboard-layout keyboard-layout)))
   (file-systems %local-filesystem)
   (swap-devices %local-swap)
   (users
    (cons*
     (user-account
      (name "zilti")
      (group "users")
      (supplementary-groups
       '("wheel" "netdev" "audio" "video" "libvirt")))
     %base-user-accounts))
    <<root-package-block>>
    <<root-services-block>>
   (name-service-switch %mdns-host-lookup-nss))
#+end_src
. 2023-11-29 12:52:46 +00:00			`#+TITLE: GUIX System Configuration`
. 2023-12-01 13:22:33 +00:00			`#+AUTHOR: Daniel Ziltener`
. 2023-12-01 14:48:18 +00:00			`#+PROPERTY: scheme-implementation guile`
. 2023-12-12 09:57:23 +00:00			`#+PROPERTY: header-args:scheme :comments both :session guile`
. 2023-12-01 13:22:33 +00:00
			`#+begin_src emacs-lisp :results none`
			`(org-babel-lob-ingest "./library.org")`
			`#+end_src`
. 2023-11-29 12:52:46 +00:00
. 2023-12-11 11:54:43 +00:00			`* Makefile`

			`#+begin_src makefile :tangle Makefile`
			`~/.config/guix/channels.scm:`
			`mkdir -p ~/.config/guix`
			`cp channels.scm ~/.config/guix/channels.scm`

			`install:`
			`guix archive --authorize < signing-key.pub`
			`guix system reconfigure ./config.scm --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org'`
			`#+end_src`

. 2023-12-11 15:56:04 +00:00			`* System Installation Script`

			`This is to be run after setting up the partitions.`

			`#+begin_src sh :tangle sysinst.sh`
			`#!/bin/sh`
			`herd start cow-store /mnt`
. 2023-12-12 08:48:38 +00:00			`mkdir -p /mnt/etc/guix/`
			`cp channels.scm /mnt/etc/guix/`
			`mkdir -p /etc/guix`
			`cp channels.scm /etc/guix`
. 2023-12-11 15:56:04 +00:00			`guix pull`
			`sed -i 's\|/etc/config.scm\|/mnt/etc/config.scm\|g' ./config.scm`
. 2023-12-12 08:48:38 +00:00			`guix system init ./config.scm /mnt --substitute-urls="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org"`
. 2023-12-11 15:56:04 +00:00			`#+end_src`

. 2023-11-29 12:52:46 +00:00			`* Modules`

			`#+NAME: module-list`
			`- gnu`
. 2023-12-01 13:32:56 +00:00			`- gnu image`
			`- gnu services authentication`
. 2023-11-29 12:52:46 +00:00			`- gnu services base`
. 2023-12-01 13:22:33 +00:00			`- gnu services dbus`
. 2023-11-29 12:52:46 +00:00			`- gnu services desktop`
. 2023-12-01 13:22:33 +00:00			`- gnu services linux`
. 2023-11-29 12:52:46 +00:00			`- gnu services networking`
			`- gnu services pm`
. 2023-12-01 13:22:33 +00:00			`- gnu services virtualization`
			`- gnu services xorg`
. 2023-11-29 12:52:46 +00:00			`- gnu system nss`
. 2023-12-11 11:54:43 +00:00			`- nongnu packages linux`
			`- nongnu system linux-initrd`
. 2023-11-29 12:52:46 +00:00
. 2023-12-12 09:57:23 +00:00			`#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm`
. 2023-12-01 13:32:56 +00:00			`<<list-to-use(use-call="use-modules",entries=module-list,all-parens=1)>>`
. 2023-12-01 13:22:33 +00:00			`#+end_src`

. 2023-11-29 12:52:46 +00:00			`** Service Modules`

			`#+NAME: service-module-list`
			`- desktop`
. 2023-12-01 13:22:33 +00:00			`- xorg`

. 2023-12-12 09:57:23 +00:00			`#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm`
. 2023-12-01 13:22:33 +00:00			`<<list-to-use(use-call="use-service-modules",entries=service-module-list)>>`
			`#+end_src`
. 2023-11-29 12:52:46 +00:00
. 2023-12-12 09:57:23 +00:00			`#+RESULTS:`

. 2023-11-29 12:52:46 +00:00			`** Package Modules`

			`#+NAME: package-module-list`
			`- bootloaders`
			`- certs`
			`- emacs`
. 2023-12-01 13:22:33 +00:00			`- emacs-xyz`
			`- fonts`
. 2023-12-12 09:28:30 +00:00			`- pciutils`
. 2023-12-01 13:22:33 +00:00			`- readline`
			`- terminals`
			`- version-control`
. 2023-11-29 12:52:46 +00:00			`- wm`
			`- xorg`

. 2023-12-12 09:57:23 +00:00			`#+begin_src scheme :noweb yes :exports none :results output :tangle config.scm`
. 2023-12-01 13:22:33 +00:00			`<<list-to-use(use-call="use-package-modules",entries=package-module-list)>>`
			`#+end_src`

			`* Configuration Definitions`

			`** File System`

			`The variable ~%local-filesystem~ extracts the file system definitions from the installer-provided`
			`=config.scm= file.`

			`#+begin_src scheme :tangle config.scm`
			`(define %local-filesystem`
			`(call-with-input-file "/etc/config.scm"`
			`(lambda (port)`
			`(read port)`
			`(read port)`
			`(eval (cadar (last-pair (read port)))`
			`(interaction-environment)))))`
			`#+end_src`

. 2023-12-12 09:57:23 +00:00			`#+RESULTS:`

. 2023-12-01 13:22:33 +00:00			`As a sibling to the former, the variable ~%local-swap~ does the same with the swap partition.`

			`#+begin_src scheme :tangle config.scm`
. 2023-12-12 09:26:28 +00:00			`(define %local-swap`
. 2023-12-01 13:22:33 +00:00			`(call-with-input-file "/etc/config.scm"`
			`(lambda (port)`
			`(read port)`
			`(read port)`
			`(let* ((os-list (read port))`
			`(os-list-length (length os-list)))`
			`(eval`
. 2023-12-01 13:34:09 +00:00			`(cadr`
. 2023-12-01 13:22:33 +00:00			`(list-ref os-list`
			`(- os-list-length 2)))`
			`(interaction-environment))))))`
			`#+end_src`

. 2023-12-11 11:54:43 +00:00			`** Channels`

			`This adds the Nonguix channel.`

			`#+begin_src scheme :tangle channels.scm`
			`;; Copy this to ~/.config/guix/channels.scm.`
			`(cons* (channel`
			`(name 'nonguix)`
			`(url "https://gitlab.com/nonguix/nonguix")`
			`;; Enable signature verification:`
			`(introduction`
			`(make-channel-introduction`
			`"897c1a470da759236cc11798f4e0a5f7d4d59fbc"`
			`(openpgp-fingerprint`
			`"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))`
			`%default-channels)`
			`#+end_src`

. 2023-12-01 13:22:33 +00:00			`** Packages`

			`#+NAME: root-packages`
			`- emacs`
			`- emacs-desktop-environment`
			`- font-terminus`
			`- git`
. 2023-12-11 10:59:44 +00:00			`- hwdata`
. 2023-12-01 13:22:33 +00:00			`- nss-certs`
			`- readline`

			`#+NAME: root-package-block`
			`#+begin_src scheme :noweb no-export`
			`(packages`
			`(append`
			`<<org-to-scheme-sym-list(input=root-packages)>>`
			`%base-packages))`
			`#+end_src`

. 2023-12-12 09:57:23 +00:00			`#+RESULTS: root-package-block`

. 2023-12-01 13:22:33 +00:00			`** Services`

			`#+NAME: root-services-block`
			`#+begin_src scheme :noweb yes :exports none :results code`
			`(services`
			`(append`
. 2023-12-11 10:59:44 +00:00			`<<root-modified-desktop-services>>`
. 2023-12-01 13:38:40 +00:00			`<<root-simple-service-block>>`
			`(list`
			`<<greeter-service>>)`
			`(list`
			`<<screen-lock-service>>)`
			`))`
. 2023-12-01 13:22:33 +00:00			`#+end_src`

			`*** Simple Services`

			`These services are unmodified, or have just few settings.`

			`#+NAME: root-simple-services`
			`\| Service \| Options \|`
			`\|-------------+------------------------------------------------------\|`
			`\| tlp \| () \|`
. 2023-12-01 14:30:07 +00:00			`\| thermald \| ((adaptive? #t)) \|`
. 2023-12-01 13:22:33 +00:00			`\| bluetooth \| () \|`
			`\| earlyoom \| ((minimum-available-memory 5) (minimum-free-swap 5)) \|`
			`\| inputattach \| () \|`
			`\| libvirt \| ((unix-sock-group "libvirt")) \|`
			`\| fstrim \| () \|`
			`\| fprintd \| () \|`

			`#+NAME: root-simple-service-block`
. 2023-12-12 09:57:23 +00:00			`#+begin_src scheme :noweb yes :exports none :results output`
. 2023-12-01 13:22:33 +00:00			`<<service-converter(input=root-simple-services)>>`
			`#+end_src`

. 2023-12-11 10:59:44 +00:00			`*** Modified Desktop Services`

. 2023-12-11 11:54:43 +00:00			`#+NAME: nonguix-pubkey`
			`#+begin_src scheme :tangle keys/non-guix.pub :mkdirp yes`
			`(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))`
			`#+end_src`

. 2023-12-11 10:59:44 +00:00			`#+NAME: root-modified-desktop-services`
			`#+begin_src scheme :exports none :results code`
. 2023-12-11 11:54:43 +00:00			`(modify-services`
			`%desktop-services`
			`(delete login-service-type)`
			`(delete mingetty-service-type)`
			`(delete console-font-service-type)`
			`(guix-service-type config => (guix-configuration`
			`(inherit config)`
			`(substitute-urls`
			`(append (list "https://substitutes.nonguix.org")`
			`%default-substitute-urls))`
			`(authorized-keys`
			`(append (list (plain-file "non-guix.pub"`
			`"<<nonguix-pubkey>>")))))))`
. 2023-12-11 10:59:44 +00:00			`#+end_src`

. 2023-12-01 13:22:33 +00:00			`*** Greeter Service`

			`=greetd= is a broken mess, yet here we are.`

			`#+NAME: greeter-service`
			`#+begin_src scheme`
			`(service greetd-service-type`
			`(greetd-configuration`
			`(greeter-supplementary-groups`
			`(list "video" "input"))`
			`(terminals`
			`(list`
			`(greetd-terminal-configuration`
. 2023-12-01 15:19:17 +00:00			`(terminal-vt "1"))`
			`(greetd-terminal-configuration`
			`(terminal-vt "2"))`
			`(greetd-terminal-configuration`
			`(terminal-vt "3"))`
			`(greetd-terminal-configuration`
			`(terminal-vt "4"))`
			`#;(greetd-terminal-configuration`
. 2023-12-01 15:47:03 +00:00			`(terminal-vt "7")`
			`(terminal-switch #t)`
			`(default-session-command`
			`(greetd-wlgreet-session`
			`(command`
. 2023-12-01 15:19:17 +00:00			`(file-append swayfx "/bin/sway")))))`
. 2023-12-01 13:22:33 +00:00			`(greetd-terminal-configuration`
			`(terminal-vt "8"))))))`
			`#+end_src`

			`*** Screen Locker Service`

			`For some reason, this service runs on root level for Guix.`

			`#+NAME: screen-lock-service`
			`#+begin_src scheme`
			`(service screen-locker-service-type`
			`(screen-locker-configuration`
			`(name "swaylock")`
			`(program`
			`(file-append swaylock-effects "/bin/swaylock"))`
			`(using-setuid? #f)))`
			`#+end_src`

			`* Operating System`

			`This is the full operating system specification.`

			`#+begin_src scheme :noweb no-export :results code :tangle config.scm`
			`(operating-system`
			`(host-name "ziltis-machine")`
			`(timezone "Europe/Berlin")`
			`(locale "de_DE.utf8")`
			`(keyboard-layout`
			`(keyboard-layout "de" #:options '("caps:swapescape")))`
. 2023-12-11 11:54:43 +00:00			`(kernel linux)`
			`(initrd microcode-initrd)`
			`(firmware (list linux-firmware))`
. 2023-12-01 13:22:33 +00:00			`(bootloader`
			`(bootloader-configuration`
. 2023-12-01 13:34:54 +00:00			`(bootloader grub-efi-bootloader)`
. 2023-12-01 13:22:33 +00:00			`(targets`
			`'("/boot/efi"))`
			`(keyboard-layout keyboard-layout)))`
			`(file-systems %local-filesystem)`
. 2023-12-12 09:26:28 +00:00			`(swap-devices %local-swap)`
. 2023-12-01 13:22:33 +00:00			`(users`
			`(cons*`
			`(user-account`
			`(name "zilti")`
			`(group "users")`
			`(supplementary-groups`
			`'("wheel" "netdev" "audio" "video" "libvirt")))`
			`%base-user-accounts))`
			`<<root-package-block>>`
			`<<root-services-block>>`
			`(name-service-switch %mdns-host-lookup-nss))`
			`#+end_src`