;;;; system-config.scm ;;; Modules (use-modules (gnu)) (use-package-modules bash cups firmware fonts gnome rsync ssh wm xorg) (use-service-modules cups desktop docker networking ssh xorg) (use-modules (nongnu packages linux) (nongnu packages nvidia) (nongnu system linux-initrd)) (use-modules (aerique packages finance)) ;;; Functions (define etc-hosts-config (plain-file "etc-hosts-config" "...")) ; contents removed for mailinglist (define etc-resolv-config (plain-file "etc-resolv-config" "...")) ; contents removed for mailinglist (define etc-sudoers-config (plain-file "etc-sudoers-config" "Defaults timestamp_timeout=480 root ALL=(ALL) ALL %wheel ALL=(ALL) ALL brainrot ALL=(ALL) NOPASSWD:/run/current-system/profile/bin/chvt,/run/current-system/profile/bin/loginctl")) ;;; Operating System definition (this needs to come last) (operating-system (kernel linux) ; Nvidia 470 driver doesn't build here. ;; XXX mailinglist: I use the one below but tried the one above for ;; diagnosing the issue ;(kernel linux-lts) ; linux-5.15 for the working Nvidia 470 driver. (kernel-loadable-modules (list nvidia-driver)) ;; Blacklisting Nouveau so Intel i915 will be used (works better atm). (kernel-arguments (append (list (string-append "modprobe.blacklist=bluetooth,btrtl,btintel," "btcm,btusb,nouveau,pcspkr") "cpufreq.default_governor=powersave" "mem_sleep_default=deep" ; slightly lower power draw "nvidia.NVreg_RegistryDwords=\"OverrideMaxPerf=0x0\"") %default-kernel-arguments)) (initrd microcode-initrd) (firmware (list linux-firmware sof-firmware)) (locale "en_DK.utf8") (timezone "Europe/Amsterdam") (keyboard-layout (keyboard-layout "us")) (host-name "...") (hosts-file etc-hosts-config) (sudoers-file etc-sudoers-config) (users (cons* (user-account (name "...") (comment "Erik Winkels") (group "users") (home-directory "/home/...") (supplementary-groups '("wheel" "netdev" "audio" "video" "docker" "kvm"))) %base-user-accounts)) (packages (append (map specification->package '("brightnessctl" "cpupower" "curl" "dmenu" "docker-compose" "dxvk" "file" "flameshot" "font-dejavu" "font-terminus" "fontconfig" "i3-gaps" "i3blocks" "i3lock" "i3status" "inxi" "lshw" "lsof" "mc" "mesa-utils" "nss-certs" "rsync" "vulkan-tools" "w3m" "xauth" "xdpyinfo" "xev" "xkill" "xrandr" "xset" "xterm" "xz" "ncurses" ; for `clear` "vim-full")) ; for `+clipboard` %base-packages)) (services (append (list (service cups-service-type (cups-configuration (web-interface? #t) (extensions (list cups-filters brlaser foomatic-filters)))) (service docker-service-type) (service openssh-service-type (openssh-configuration (port-number 24))) (pam-limits-service ;; For Lutris / Wine esync (list (pam-limits-entry "*" 'hard 'nofile 524288))) (screen-locker-service i3lock "i3lock") (simple-service 'resolv.conf etc-service-type (list `("resolv.conf" ,etc-resolv-config))) (udev-rules-service 'ledger-devices ledger-udev-rules) (udev-rules-service 'nvidia-gpu nvidia-driver) ;; Hardcoded path by some work stuff. (extra-special-file "/bin/bash" (file-append bash "/bin/bash")) ;; Might hopefully make running 3rd-party binaries easier, ;; but might also break stuff. (Things that `conda` installs, ;; or binaries in an AppImage.) (extra-special-file "/lib64/ld-linux-x86-64.so.2" (file-append glibc "/lib/ld-linux-x86-64.so.2")) ;; `rsync` and `ssh` are so Ansible won't shit itself ;; This can't go into a `guix shell` manifest since Ansible ;; checks for hardcoded paths. (extra-special-file "/usr/bin/rsync" (file-append rsync "/bin/rsync")) (extra-special-file "/usr/bin/ssh" (file-append openssh "/bin/ssh")) (set-xorg-configuration (xorg-configuration (modules (cons* nvidia-driver %default-xorg-modules)) ;; Trying this for a while since starting slow apps with ;; `DRI_PRIME=1` works. (drivers '("modesetting" "nvidia")) (keyboard-layout keyboard-layout)))) ;%desktop-services)) (modify-services %desktop-services (delete bluetooth-service) ;(delete pulseaudio-service-type) (console-font-service-type config => (map (lambda (tty) (cons tty (file-append font-terminus "/share/consolefonts/ter-u32n"))) '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6"))) (guix-service-type config => (guix-configuration (inherit config) (substitute-urls (append '("https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys (append (list (local-file "signing-key.pub")) %default-authorized-guix-keys)))) (elogind-service-type config => (elogind-configuration (inherit config) (handle-lid-switch-external-power 'suspend))) (network-manager-service-type config => (network-manager-configuration (inherit config) (vpn-plugins (list network-manager-openvpn))))))) (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets '("/boot/efi")) (theme (grub-theme (inherit (grub-theme)) (gfxmode '("1600x1200" "auto")))) (keyboard-layout keyboard-layout))) (mapped-devices (list (mapped-device (source (uuid "...")) (target "cryptroot") (type luks-device-mapping)))) (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/cryptroot") (type "ext4") (dependencies mapped-devices)) (file-system (mount-point "/boot/efi") (device (uuid "..." 'fat32)) (type "vfat")) %base-file-systems)))