This commit is contained in:
Daniel Ziltener 2024-01-05 15:31:18 +01:00
parent c0069f400e
commit 7f6d64d599
Signed by: zilti
GPG key ID: B38976E82C9DAE42
4 changed files with 132 additions and 56 deletions

View file

@ -43,13 +43,13 @@ This is to be run after setting up the partitions.
- gnu
- gnu image
- zilti packages hyprland
- gnu packages gnome
- gnu services admin
- gnu services authentication
- gnu services base
- gnu services configuration
- gnu services dbus
- gnu services desktop
- gnu services docker
- gnu services linux
- gnu services networking
- gnu services pm
@ -86,6 +86,8 @@ This is to be run after setting up the partitions.
- emacs-xyz
- fonts
- gl
- gnome
- linux
- pciutils
- readline
- terminals
@ -209,6 +211,7 @@ These services are unmodified, or have just few settings.
| tlp | () |
| thermald | ((adaptive? #t)) |
| bluetooth | () |
| docker | () |
| earlyoom | ((minimum-available-memory 5) (minimum-free-swap 5)) |
| inputattach | () |
| libvirt | ((unix-sock-group "libvirt")) |
@ -360,9 +363,77 @@ This is the full operating system specification.
(name "zilti")
(group "users")
(supplementary-groups
'("avahi" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "seat")))
'("avahi" "docker" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "seat")))
%base-user-accounts))
<<root-package-block>>
<<root-services-block>>
(name-service-switch %mdns-host-lookup-nss))
#+end_src
* Other Components
** Podman
Podman needs the files =/etc/subuid= and =/etc/subgid=.
#+begin_src fundamental :tangle etc/subuid :mkdirp yes
zilti:1001:65536
#+end_src
#+begin_src fundamental :tangle etc/subgid :mkdirp yes
zilti:1000:1000
#+end_src
Then, there is the =policy.json=:
#+begin_src json :tangle podman/policy.json :mkdirp yes
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker": {
"docker.io": [
{
"type": "insecureAcceptAnything"
}
],
"docker.io/library": [
{
"type": "insecureAcceptAnything"
}
],
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
#+end_src
And finally the registries.
#+begin_src conf :tangle podman/registries.conf :mkdirp yes
[registries.search]
registries = ["docker.io", "registry.access.redhat.com", "quay.io"]
#+end_src

View file

@ -2,13 +2,13 @@
(gnu)
(gnu image)
(zilti packages hyprland)
(gnu packages gnome)
(gnu services admin)
(gnu services authentication)
(gnu services base)
(gnu services configuration)
(gnu services dbus)
(gnu services desktop)
(gnu services docker)
(gnu services linux)
(gnu services networking)
(gnu services pm)
@ -29,6 +29,8 @@
emacs-xyz
fonts
gl
gnome
linux
pciutils
readline
terminals
@ -72,7 +74,7 @@
(name "zilti")
(group "users")
(supplementary-groups
'("avahi" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "seat")))
'("avahi" "docker" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "seat")))
%base-user-accounts))
(packages
(append
@ -120,6 +122,9 @@
(service
bluetooth-service-type
(bluetooth-configuration))
(service
docker-service-type
(docker-configuration))
(service
earlyoom-service-type
(earlyoom-configuration

View file

@ -906,10 +906,10 @@ Point must be at the beginning of balanced expression (sexp)."
;; Magit requires 'transient' >= 0.5.0, but due to bad defaults, Emacs' package manager refuses to
;; upgrade this and other built-in packages to higher releases from GNU Elpa.
(use-package transient
:init
(progn (unload-feature 'transient t)
(require 'transient)))
;; (use-package transient
;; :init
;; (progn (unload-feature 'transient t)
;; (require 'transient)))
;; To fix this, you have to add this to your init file:
;; (setq package-install-upgrade-built-in t)
;; You must also make sure the updated version is loaded, by evaluating the `progn` form below.

View file

@ -205,63 +205,63 @@
"xdg-desktop-portal"
"xdg-desktop-portal-wlr"
"emacs-el-patch"
"emacs-guix"
"emacs-org"
"emacs-org-roam"
"emacs-consult-notes"
"emacs-websocket"
"emacs-org-roam-ui"
"emacs-org-modern"
"emacs-org-rainbow-tags"
"emacs-color-theme-modern"
"emacs-moe-theme"
"emacs-catppuccin-theme"
"emacs-unicode-fonts"
"emacs-ligature"
"emacs-visual-fill-column"
"emacs-adaptive-wrap"
"emacs-keychain-environment"
"emacs-pass"
"emacs-evil"
"emacs-evil-collection"
"emacs-orderless"
"emacs-embark-consult"
"emacs-wgrep"
"emacs-vertico"
"emacs-marginalia"
"emacs-nerd-icons-completion"
"emacs-which-key"
"emacs-cape"
"emacs-catppuccin-theme"
"emacs-cider@1.12.0"
;;"emacs-code-review"
"emacs-color-theme-modern"
"emacs-consult-eglot"
"emacs-consult-notes"
"emacs-corfu"
"emacs-nerd-icons-corfu"
;; "emacs-corfu-terminal"
"emacs-tempel"
"emacs-xref-union"
"emacs-goto-chg"
"emacs-evil-easymotion"
"emacs-evil-snipe"
"emacs-paredit"
"emacs-dhall-mode"
"emacs-editorconfig"
"emacs-eglot"
"emacs-consult-eglot"
"emacs-tree-sitter"
"emacs-clojure-mode"
"emacs-cider"
"emacs-el-patch"
"emacs-embark-consult"
"emacs-envrc"
"emacs-evil"
"emacs-evil-collection"
"emacs-evil-easymotion"
"emacs-evil-snipe"
"emacs-forge"
"emacs-geiser"
"emacs-paren-face"
"emacs-highlight-parentheses"
"emacs-geiser-chicken"
"emacs-geiser-guile"
"emacs-zig-mode"
"emacs-dhall-mode"
"emacs-transient"
"emacs-git-gutter"
"emacs-goto-chg"
"emacs-guix"
"emacs-highlight-parentheses"
"emacs-keychain-environment"
"emacs-ligature"
"emacs-magit"
"emacs-magit-todos"
"emacs-forge"
"emacs-code-review"
"emacs-git-gutter"
"emacs-envrc"
"emacs-marginalia"
"emacs-moe-theme"
"emacs-nerd-icons-completion"
"emacs-nerd-icons-corfu"
"emacs-orderless"
"emacs-org"
"emacs-org-modern"
"emacs-org-rainbow-tags"
"emacs-org-roam"
"emacs-org-roam-ui"
"emacs-paredit"
"emacs-paren-face"
"emacs-pass"
"emacs-seq"
"emacs-tempel"
"emacs-transient"
"emacs-tree-sitter"
"emacs-unicode-fonts"
"emacs-vertico"
"emacs-visual-fill-column"
"emacs-websocket"
"emacs-wgrep"
"emacs-which-key"
"emacs-xref-union"
"emacs-zig-mode"
;; "emacs-corfu-terminal"
)))
(service home-openssh-service-type
(home-openssh-configuration