zilti/guixconfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
Daniel Ziltener 2024-03-26 19:09:53 +01:00
parent 753dc7452d
commit 8e7938a87e
Signed by: zilti
GPG key ID: B38976E82C9DAE42
3 changed files with 9 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
config.org
View file

@ -94,6 +94,7 @@ This is to be run after setting up the partitions.
- readline
- terminals
- version-control
- virtualization
- wm
- xdisorg
- xorg
@ -176,7 +177,6 @@ This adds the Nonguix channel.
- mesa
- nss-certs
- network-manager
- podman
- readline
- swayfx-0.3.2
- tuxedo-keyboard
@ -228,10 +228,10 @@ These services are unmodified, or have just few settings.
| tlp | () |
| thermald | ((adaptive? #t)) |
| bluetooth | () |
| docker | () |
| earlyoom | ((minimum-available-memory 5) (minimum-free-swap 5)) |
| inputattach | () |
| libvirt | ((unix-sock-group "libvirt")) |
| virtlog | () |
| fstrim | () |
| fprintd | () |
| plasma-desktop | () |
@ -390,77 +390,9 @@ This is the full operating system specification.
(name "zilti")
(group "users")
(supplementary-groups
'("avahi" "docker" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "lp")))
'("avahi" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "lp")))
%base-user-accounts))
<<root-package-block>>
<<root-services-block>>
(name-service-switch %mdns-host-lookup-nss))
#+end_src
* Other Components
** Podman
Podman needs the files =/etc/subuid= and =/etc/subgid=.
#+begin_src fundamental :tangle etc/subuid :mkdirp yes
zilti:1001:65536
#+end_src
#+begin_src fundamental :tangle etc/subgid :mkdirp yes
zilti:1000:1000
#+end_src
Then, there is the =policy.json=:
#+begin_src json :tangle podman/policy.json :mkdirp yes
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker": {
"docker.io": [
{
"type": "insecureAcceptAnything"
}
],
"docker.io/library": [
{
"type": "insecureAcceptAnything"
}
],
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
#+end_src
And finally the registries.
#+begin_src conf :tangle podman/registries.conf :mkdirp yes
[registries.search]
registries = ["docker.io", "registry.access.redhat.com", "quay.io"]
#+end_src

10
config.scm
View file

@ -37,6 +37,7 @@
readline
terminals
version-control
virtualization
wm
xdisorg
xorg)
@ -76,7 +77,7 @@
(name "zilti")
(group "users")
(supplementary-groups
'("avahi" "docker" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "lp")))
'("avahi" "users" "wheel" "netdev" "audio" "cdrom" "video" "libvirt" "lp")))
%base-user-accounts))
(packages
(append
@ -96,7 +97,6 @@
mesa
nss-certs
network-manager
podman
readline
swayfx-0.3.2
tuxedo-keyboard
@ -134,9 +134,6 @@
(service
bluetooth-service-type
(bluetooth-configuration))
(service
docker-service-type
(docker-configuration))
(service
earlyoom-service-type
(earlyoom-configuration
@ -149,6 +146,9 @@
libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")))
(service
virtlog-service-type
(virtlog-configuration))
(service
fstrim-service-type
(fstrim-configuration))

1
home/home-configuration.scm
View file

@ -208,6 +208,7 @@
"tree-sitter"
"ungoogled-chromium-wayland"
"unzip"
"virt-manager"
"visidata"
"waybar"
"wlogout"