summaryrefslogtreecommitdiff
path: root/guix/system-create.scm
blob: 6102105b20bc3f03cf98d55ffec90b5ba791bcb2 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

(define-module (system-create)
  #:use-module (gnu)
  #:use-module (gnu services)
  #:use-module (gnu services dbus)
  #:use-module (gnu services docker)
  #:use-module (gnu services file-sharing)
  #:use-module (gnu system)
  #:use-module (gnu system setuid)
  #:use-module (gnu system nss)
  #:use-module (gnu packages lisp)
  #:use-module (gnu services docker)
  #:use-module (nongnu packages linux)
  #:use-module (nongnu system linux-initrd)
  #:use-module (rosenthal services networking)
  #:export (system-create))

(use-service-modules cups desktop networking ssh xorg docker guix
		     admin pm docker virtualization)

(use-package-modules nfs certs shells ssh linux bash emacs networking
		     wm fonts libusb cups freedesktop file-systems version-control
		     package-management)

(define thanos/system-packages
  '("sway" "swaylock" "swaylock-effects" "swaybg"
    "waybar" "gnupg" "pinentry" "font-jetbrains-mono"
    "docker" "docker-cli" "dbus" "xf86-input-libinput"
    "xf86-video-fbdev" "tailscale-bin" "virt-manager"))

(define* (system-create #:key
			(system-packages thanos/system-packages)
			(kernel linux-lts)
			(time-zone "Europe/Athens")
		        hostname
			filesystem
			swap-uuid
			(swapcaps? #t))
  (operating-system
   (locale "en_US.utf8")
   (timezone time-zone)
   (host-name hostname)
   (keyboard-layout (if swapcaps?
			(keyboard-layout "us" #:options '("ctrl:swapcaps"))
			(keyboard-layout "us")))

   (kernel kernel)
   (initrd microcode-initrd)
   (firmware (list linux-firmware))


   (users (cons* (user-account
                  (name "thanos")
                  (comment "Thanos Apollo")
                  (group "users")
                  (home-directory "/home/thanos")
                  (supplementary-groups '("wheel" "netdev" "audio" "video" "docker" "kvm"
					  "libvirt")))
		 %base-user-accounts))

   (packages
    (append
     (map specification->package system-packages)
     %base-packages))

   (services
    (append (list
	     (service docker-service-type)
	     (service containerd-service-type)
	     (service libvirt-service-type
                      (libvirt-configuration
                       (unix-sock-group "libvirt")
                       (tls-port "16555")))
	     ;; udev
	     (udev-rules-service 'pipewire-add-udev-rules pipewire)
	     (udev-rules-service 'brightnessctl-udev-rules brightnessctl)
	     ;; Networking services
	     (service tailscale-service-type)
	     (service wpa-supplicant-service-type) ;; Needed by NetworkManager
	     (service network-manager-service-type)
	     (service block-facebook-hosts-service-type)
	     (simple-service 'add-extra-hosts
                             hosts-service-type
                             (list (host "192.168.0.100" "constantine"
					 '())
				   (host "192.168.0.101" "uranus"
					 '())))

	     (service transmission-daemon-service-type
		      (transmission-daemon-configuration
		       ;; Accept requests from this and other hosts on the
		       ;; local network
		       (rpc-whitelist-enabled? #t)
		       (rpc-whitelist '("::1" "127.0.0.1" "192.168.*"))
		       (rpc-username "z3us")
		       ;; hashed password
		       (rpc-password "{eab35f5df5b1e2691acf11f49be1b1dcffa55a59FyE5eNd8")))

	     ;; tty login
	     (service elogind-service-type)


	     (service openssh-service-type
		      (openssh-configuration
		       (permit-root-login 'prohibit-password)))

	     (service screen-locker-service-type
		      (screen-locker-configuration
		       (name "swaylock")
		       (program (file-append swaylock "/bin/swaylock"))
		       (using-pam? #t)
		       (using-setuid? #f)))

	     (service modem-manager-service-type)  ;; For cellular modems
	     polkit-wheel-service
	     (service tor-service-type)
	     (service cups-service-type)

	     (service udisks-service-type)
	     (service upower-service-type)
	     (service cups-pk-helper-service-type)
	     (service geoclue-service-type)

	     fontconfig-file-system-service ;; Manage the fontconfig cache

	     ;; Power and thermal management services
	     (service thermald-service-type)
	     (service tlp-service-type
		      (tlp-configuration
		       (cpu-boost-on-ac? #t)
		       (wifi-pwr-on-bat? #t))))

	    ;; Services specifics for constantine
	    (if (string= hostname "constantine")
		(list
		 (service oci-container-service-type
			  (list
			   (oci-container-configuration
			    (image "ollama/ollama:rocm")
			    (network "host")
			    (ports
			     '(("11434" . "11434")))
			    (volumes
			     '(("/ollama" . "/root/.ollama"))))
			   (oci-container-configuration
			    (image "jellyfin/jellyfin")
			    (network "host")
			    (volumes
			     '(("/home/jelly/config" . "/config")
			       ("/home/jelly/cache" . "/cache")
			       ("/hdd" . "/media"))))
			   (oci-container-configuration
			    (image "rssbridge/rss-bridge")
			    (network "host")
			    (ports
			     '(("3000" . "80")))))))
		;; For everything else
		(list))
	    %base-services))


   (bootloader (bootloader-configuration
		(bootloader grub-efi-bootloader)
		(targets (list "/boot/efi"))
		(keyboard-layout keyboard-layout)))

   ;; Filesystem
   (swap-devices (list (swap-space
			(target (uuid swap-uuid)))))

   ;; run 'lsblk -f' to get UUIDs.
   (file-systems filesystem)))