guix-config.scm 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. ;; This is an operating system configuration template
  2. ;; for a "desktop" setup with GNOME and Xfce where the
  3. ;; root partition is encrypted with LUKS.
  4. (use-modules (gnu) (gnu system nss))
  5. (use-service-modules desktop web certbot)
  6. (use-package-modules certs gnome)
  7. (define %nginx-deploy-hook
  8. (program-file
  9. "nginx-deploy-hook"
  10. #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
  11. (kill pid SIGHUP))))
  12. (operating-system
  13. (host-name "dobby")
  14. (timezone "Indianapolis")
  15. (locale "en_US.utf8")
  16. ;; Use the UEFI variant of GRUB with the EFI System
  17. ;; Partition mounted on /boot/efi.
  18. (bootloader (bootloader-configuration
  19. (bootloader grub-efi-bootloader)
  20. (target "/boot/efi")))
  21. ;; Specify a mapped device for the encrypted root partition.
  22. ;; The UUID is that returned by 'cryptsetup luksUUID'.
  23. (mapped-devices
  24. (list (mapped-device
  25. (source (uuid "12345678-1234-1234-1234-123456789abc"))
  26. (target "my-root")
  27. (type luks-device-mapping))))
  28. (file-systems (cons* (file-system
  29. (device "/dev/sda1")
  30. (mount-point "/")
  31. (type "xfs"))
  32. (file-system
  33. (device "/dev/sda3")
  34. (mount-point "/var")
  35. ;; no programs in var need to be exec-ed
  36. (flags '(no-exec))
  37. (type "xfs"))
  38. (file-system
  39. (device "/dev/sda5")
  40. (mount-point "/home")
  41. ;; no programs in /home need to be exec-ed
  42. (flags '(no-exec))
  43. (type "xfs"))
  44. (file-system
  45. (device "/dev/sda6")
  46. (mount-point "/home/joshua/programming")
  47. (type "xfs"))
  48. %base-file-systems))
  49. (swap-devices '("/dev/sda2"))
  50. (users (cons (user-account
  51. (name "joshua")
  52. (comment "joshua")
  53. (group "users")
  54. (supplementary-groups '("wheel" "netdev"
  55. "audio" "video"))
  56. (home-directory "/home/joshua"))
  57. %base-user-accounts))
  58. ;; This is where we specify system-wide packages.
  59. (packages (cons* nss-certs ;for HTTPS access
  60. gvfs ;for user mounts
  61. %base-packages))
  62. ;; Add GNOME and/or Xfce---we can choose at the log-in
  63. ;; screen with F1. Use the "desktop" services, which
  64. ;; include the X11 log-in service, networking with
  65. ;; NetworkManager, and more.
  66. (services (cons* (gnome-desktop-service)
  67. (service (ssdm-configuration
  68. (display-server "wayland")
  69. (auto-login-user "joshua")
  70. (auto-login-session "gnome.desktop")))
  71. (service nginx-service-type
  72. (nginx-configuration
  73. (server-blocks
  74. (list (nginx-server-configuration
  75. (server-name '("www.gnu-hurd.com"))
  76. (root "/var/www/html/www.gnu-hurd.com"))))))
  77. (service certbot-service-type
  78. (certbot-configuration
  79. (email "jbranso@dismail.de")
  80. (certificates
  81. (list
  82. (certificate-configuration
  83. (domains '("gnu-hurd.com" "www.gnu-hurd.com"))
  84. (deploy-hook %nginx-deploy-hook))
  85. ))))
  86. %desktop-services))
  87. ;; Allow resolution of '.local' host names with mDNS.
  88. (name-service-switch %mdns-host-lookup-nss))