My system configuration looks something like this (some parts redacted). --8<---------------cut here---------------start------------->8--- (use-modules (gnu) (guix modules) (srfi srfi-1) ;; for mcron experiment (gnu packages autotools) (gnu packages guile-xyz) (gnu packages man) (gnu packages texinfo) (guix git) (guix packages)) (use-service-modules admin audio desktop docker linux mail mcron networking nfs nix spice ssh sysctl telephony virtualization vpn xorg) (use-package-modules android bootloaders certs gnome linux nfs ratpoison rsync tls) (define updatedb-job ;; Run 'updatedb' at 3AM every day. #~(job '(next-hour '(3)) (lambda () (execl #$(file-append findutils "/bin/updatedb") "updatedb" "--prunepaths=/gnu/store /tmp /var/tmp /var/lib")) "updatedb")) (define btrfs-balance-job ;; Re-allocate chunks which are using less than 5% of their chunk ;; space, to regain Btrfs 'unallocated' space. The usage is kept ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () (execl #$(file-append btrfs-progs "/bin/btrfs") "balance" "start" "-dusage=5" "/")) "btrfs-balance")) (define i2c-udev-rule ;; Sets i2c group to i2c devices, so that we can access it as a ;; simple user, e.g. using ddcutil. (udev-rule "90-i2c.rules" (string-append "KERNEL==\"i2c-[0-9]*\", " "GROUP=\"i2c\""))) (define c920-webcam-udev-rule (udev-rule "90-c920-webcam.rules" (string-append "SUBSYSTEM==\"usb\", " "ATTRS{idVendor}==\"046d\", " "ATTRS{idProduct}==\"082d\", " "GROUP=\"video\""))) (define %my-desktop-services (remove (lambda (service) (eq? (service-kind service) gdm-service-type)) %desktop-services)) ;; TODO: Honor rootflags in the initrd, ;; then remove degraded. (define %common-btrfs-options '(("compress-force" . "zstd") ("space_cache" . "v2") "degraded")) (define %system (operating-system (host-name "hurd") (timezone "America/Montreal") (keyboard-layout (keyboard-layout "dvorak")) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list "/dev/sda" "/dev/sdb" "/dev/sdc")) (terminal-outputs '(console)) (keyboard-layout keyboard-layout))) (kernel-arguments '("quiet" "snd_hda_intel.dmic_detect=0" "modprobe.blacklist=rtl8187")) (mapped-devices (list (mapped-device (source "/dev/sda2") (target "cryptroot") (type luks-device-mapping)) (mapped-device (source "/dev/sdb2") (target "cryptroot-mirror") (type luks-device-mapping)) (mapped-device (source "/dev/sdc2") (target "cryptroot-mirror2") (type luks-device-mapping)))) ;; Note: Using any of the LUKS encrypted drives exposed under ;; /dev/mapper is enough to reference the Btrfs RAID-1 array, ;; since the 'btrfs device scan' command is executed in the init ;; RAM disk and takes care of assembling the array. (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/cryptroot") (type "btrfs") (options (alist->file-system-options (cons '("subvol" . "@root") %common-btrfs-options))) (dependencies mapped-devices)) (file-system (device "/dev/mapper/cryptroot") (mount-point "/home") (type "btrfs") (options (alist->file-system-options (cons '("subvol" . "@home") %common-btrfs-options))) (dependencies mapped-devices)) (file-system (device "/dev/mapper/cryptroot") (mount-point "/data") (type "btrfs") (options (alist->file-system-options (cons '("subvol" . "@data") %common-btrfs-options))) (dependencies mapped-devices)) %base-file-systems)) (users (cons (user-account (name "me") (group "users") (supplementary-groups '("lp" ;for bluetooth "dialout" ;for serial port "adbusers" ;for adb "i2c" ;for ddcutil "realtime" ;for jackd "kvm" "libvirt" "docker" "wheel" "netdev" "audio" "video")) (home-directory "/home/maxim")) %base-user-accounts)) (groups (cons* (user-group (system? #t) (name "adbusers")) (user-group (system? #t) (name "i2c")) (user-group (system? #t) (name "realtime")) %base-groups)) (services (cons* (service docker-service-type (docker-configuration (debug? #t))) (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc64le")))) (service earlyoom-service-type) (service zram-device-service-type (zram-device-configuration (size "6G") (compression-algorithm 'ZSTD))) (bluetooth-service #:auto-enable? #t) (pam-limits-service (list ;; Required in order for jackd to function properly. (pam-limits-entry "@realtime" 'both 'rtprio 99) (pam-limits-entry "@realtime" 'both 'memlock 'unlimited))) (service mcron-service-type (mcron-configuration (mcron (package/inherit mcron (source (git-checkout (url "file:///home/maxim/src/mcron"))) (native-inputs (append `(("autoconf" ,autoconf) ("automake" ,automake) ("help2man" ,help2man) ("texinfo" ,texinfo)) (package-native-inputs mcron))))) (jobs (list updatedb-job btrfs-balance-job)))) (service mpd-service-type (mpd-configuration (user "me"))) ;; Virtualization services to use with GNOME Boxes. (service libvirt-service-type (libvirt-configuration (unix-sock-group "libvirt"))) (service virtlog-service-type) (service opendht-service-type (opendht-configuration (enable-logging? #t) (peer-discovery? #t) (proxy-server-port 8282))) (service openssh-service-type (openssh-configuration (port-number 22) (permit-root-login #f) (password-authentication? #f) (use-pam? #f)))) (service slim-service-type (slim-configuration (auto-login? #f) (default-user "me") (xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout))))) (service nix-service-type) (service nfs-service-type (nfs-configuration (nfs-versions '("4.2" "4.1" "4.0" "3" "2")) ; for U-Boot (exports '(("/some/path/to/rootfs" "*(rw,no_root_squash,no_subtree_check)"))) (nfsd-udp? #t))) ;for U-Boot (service guix-publish-service-type (guix-publish-configuration (advertise? #t) (host "0.0.0.0"))) ;listen on all interfaces (modify-services %my-desktop-services ;; Ignore the silly HHKB2 power off key shortcut. (elogind-service-type config => (elogind-configuration (inherit config) (handle-power-key 'ignore))) ;; Enable using adb as a simple user with a multitude of devices. (udev-service-type config => (udev-configuration (inherit config) (rules (cons* android-udev-rules i2c-udev-rule c920-webcam-udev-rule (udev-configuration-rules config))))) (network-manager-service-type config => (network-manager-configuration (inherit config) (vpn-plugins (list network-manager-openvpn network-manager-openconnect)))) (guix-service-type config => (guix-configuration (inherit config) (substitute-urls '("http://127.0.0.1:8181" "https://ci.guix.gnu.org")) (discover? #t) (authorized-keys (cons* keys... %default-authorized-guix-keys)) (log-compression 'none) (extra-options '("--max-jobs=4"))))))) ;; Packages installed by default. (packages (append (map specification->package '("ratpoison" "linux-pam" ;for the pam_limits manpage "nss-certs" ;for HTTPS access "rsync" ;for the backup script "btrfs-progs" "nix" "nfs-utils" "ntfs-3g")) ;for mount.ntfs %base-packages)) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss))) %system --8<---------------cut here---------------end--------------->8--- But virtualizing it with `guix system vm` doesn't trigger the bug, I'm guessing because the NFS export doesn't work (it fails quickly rather than take time like it would on an actual boot). Thanks, Maxim