New paste Repaste Download
(use-modules (gnu)
     (nongnu packages linux)
     (nongnu system linux-initrd)
     ;; (gnu home)
     (gnu services mcron)
     (gnu services sysctl)
     (gnu services virtualization)
     (gnu packages firmware)
     (gnu packages file-systems)
             (gnu packages admin)
             (gnu packages cryptsetup)
             (gnu packages rsync))
(use-service-modules cups desktop networking ssh xorg)
(define %sudoers-specification
  (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
guix ALL=NOPASSWD: /home/guix/.guix-home/profile/sbin/nvme smart-log /dev/nvme0, /run/current-system/profile/sbin/zpool status
"))
;; (define guix-home
;;   (home-environment
;;    ...))
(define garbage-collector-job
  #~(job '(next-hour '(3))
"guix gc --collect-garbage"
         "garbagecollector"))
(define clean-history-job
  #~(job '(next-minute '(0 30))
"bash /home/guix/bin/cleanhistory"
         "clean history"
#:user "guix"))
(operating-system
(kernel linux)
(kernel-arguments '("intel_iommu=on"))
(kernel-loadable-modules (list (list zfs "module")))
(initrd microcode-initrd)
(initrd-modules (cons* "vfio_pci" "vfio" "vfio_iommu_type1" %base-initrd-modules))
(firmware (list linux-firmware))
(locale "en_US.utf8")
(timezone "US")
(keyboard-layout (keyboard-layout "us"))
(host-name "fileserver")
(sudoers-file %sudoers-specification)
(bootloader (bootloader-configuration
              (bootloader grub-efi-bootloader)
              (targets (list "/boot/efi"))
              (keyboard-layout keyboard-layout)))
(swap-devices (list (swap-space
                      (target (uuid
                               "[redacted]")))))
(mapped-devices (list (mapped-device
                        (source (uuid
                                 "[redacted]"))
                        (target "cryptroot")
                        (type luks-device-mapping))))
(file-systems (cons* (file-system
                       (mount-point "/")
                       (device "/dev/mapper/cryptroot")
                       (type "ext4")
                       (dependencies mapped-devices))
                      (file-system
                       (mount-point "/boot/efi")
                       (device (uuid "[redacted]"
                                     'fat32))
                       (type "vfat")) %base-file-systems))
(users (cons* (user-account
                (name "guix")
                (comment "Guix")
                (group "users")
                (home-directory "/home/guix")
                (supplementary-groups '("wheel" "netdev" "audio" "video" "libvirt")))
               %base-user-accounts))
(packages (cons* zfs cryptsetup tree rsync %base-packages))
(services (cons*
;;     (service guix-home-service-type
    ;;      `(("guix" ,guix-home)))
    ;; Virtualization
    (service libvirt-service-type)
    (service virtlog-service-type)
    (extra-special-file "/usr/share/OVMF/OVMF_CODE.fd"
(file-append ovmf "/share/firmware/ovmf_code_x64.bin"))
    (extra-special-file "/usr/share/OVMF/OVMF_VARS.fd"
(file-append ovmf "/share/firmware/ovmf_vars_x64.bin"))
    ;; SSH
    (service openssh-service-type
     (openssh-configuration
      (password-authentication? #false)
      (port-number [redacted])
      (authorized-keys
       `(("guix" ,(plain-file "[redacted].pub"
      "ssh-rsa [redacted]"))))))
    ;; Firewall
    (service iptables-service-type)
    ;; Scheduled jobs
    (simple-service 'my-cron-jobs
    mcron-service-type
    (list garbage-collector-job
  clean-history-job))
    ;; Service modifications
    (modify-services %desktop-services
                             (delete gdm-service-type)
     (guix-service-type config => (guix-configuration
   (inherit config)
   (substitute-urls
    (append (list "https://substitutes.nonguix.org")
    %default-substitute-urls))
   (authorized-keys
    (append (list (plain-file "non-guix.pub"
      "(public-key
(ecc
  (curve Ed25519)
  (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
  )
)
"))
    %default-authorized-guix-keys))))
     (sysctl-service-type config =>
  (sysctl-configuration
   (settings (append '(("net.ipv4.ip_forward" . "1"))
     %default-sysctl-settings))))))))
Filename: None. Size: 4kb. View raw, , hex, or download this file.
;; This "home-environment" file can be passed to 'guix home reconfigure'
;; to reproduce the content of your profile.  This is "symbolic": it only
;; specifies package names.  To reproduce the exact same profile, you also
;; need to capture the channels being used, as returned by "guix describe".
;; See the "Replicating Guix" section in the manual.
(use-modules (gnu home)
             (gnu packages)
             (gnu services)
             (guix gexp)
             (gnu home services shells))
(home-environment
;; Below is the list of packages that will show up in your
;; Home profile, under ~/.guix-home/profile.
(packages (specifications->packages (list "emacs"
   "nvme-cli"
   "fastfetch"
   "btop"
   "bc"
   "shellcheck"
   "tealdeer")))
;; Below is the list of Home services.  To search for available
;; services, run 'guix home search KEYWORD' in a terminal.
(services
  (list (service home-bash-service-type
                 (home-bash-configuration
                  (aliases '(("grep" . "grep --color=auto")
                             ("ip" . "ip -color=auto")
                             ("ll" . "ls -l")
                             ("ls" . "ls -p --color=auto")))
                  (bashrc (list (local-file "/home/guix/.config/guix/home/.bashrc"
                                            "bashrc")))
                  (bash-profile (list (local-file
                                       "/home/guix/.config/guix/home/.bash_profile"
                                       "bash_profile"))))))))
Filename: None. Size: 2kb. View raw, , hex, or download this file.

This paste expires on 2025-05-30 21:51:29.175558. Pasted through web.