prog/gnu/guile/guix-config.scm

;; This is an operating system configuration template
;; for a "desktop" setup with GNOME and Xfce where the
;; root partition is encrypted with LUKS.

(use-modules (gnu) (gnu system nss))
(use-service-modules desktop web certbot)

(use-package-modules certs gnome)

(define %nginx-deploy-hook
  (program-file
   "nginx-deploy-hook"
   #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
       (kill pid SIGHUP))))

(operating-system
  (host-name "dobby")
  (timezone "Indianapolis")
  (locale "en_US.utf8")

  ;; Use the UEFI variant of GRUB with the EFI System
  ;; Partition mounted on /boot/efi.
  (bootloader (bootloader-configuration
               (bootloader grub-efi-bootloader)
               (target "/boot/efi")))

  ;; Specify a mapped device for the encrypted root partition.
  ;; The UUID is that returned by 'cryptsetup luksUUID'.
  (mapped-devices
   (list (mapped-device
          (source (uuid "12345678-1234-1234-1234-123456789abc"))
          (target "my-root")
          (type luks-device-mapping))))

  (file-systems (cons* (file-system
                         (device "/dev/sda1")
                         (mount-point "/")
                         (type "xfs"))
                       (file-system
                         (device "/dev/sda3")
                         (mount-point "/var")
                         ;; no programs in var need to be exec-ed
                         (flags '(no-exec))
                         (type "xfs"))
                       (file-system
                         (device "/dev/sda5")
                         (mount-point "/home")
                         ;; no programs in /home need to be exec-ed
                         (flags '(no-exec))
                         (type "xfs"))
                       (file-system
                         (device "/dev/sda6")
                         (mount-point "/home/joshua/programming")
                         (type "xfs"))
                       %base-file-systems))
  (swap-devices '("/dev/sda2"))

  (users (cons (user-account
                (name "joshua")
                (comment "joshua")
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video"))
                (home-directory "/home/joshua"))
               %base-user-accounts))

  ;; This is where we specify system-wide packages.
  (packages (cons* nss-certs         ;for HTTPS access
                   gvfs              ;for user mounts
                   %base-packages))

  ;; Add GNOME and/or Xfce---we can choose at the log-in
  ;; screen with F1.  Use the "desktop" services, which
  ;; include the X11 log-in service, networking with
  ;; NetworkManager, and more.
  (services (cons* (gnome-desktop-service)
                   (service (ssdm-configuration
                             (display-server "wayland")
                             (auto-login-user "joshua")
                             (auto-login-session "gnome.desktop")))
                   (service nginx-service-type
                            (nginx-configuration
                             (server-blocks
                              (list (nginx-server-configuration
                                     (server-name '("www.gnu-hurd.com"))
                                     (root "/var/www/html/www.gnu-hurd.com"))))))
                   (service certbot-service-type
                            (certbot-configuration
                             (email "jbranso@dismail.de")
                             (certificates
                              (list
                               (certificate-configuration
                                (domains '("gnu-hurd.com" "www.gnu-hurd.com"))
                                (deploy-hook %nginx-deploy-hook))
                               ))))

                   %desktop-services))

  ;; Allow resolution of '.local' host names with mDNS.
  (name-service-switch %mdns-host-lookup-nss))