summaryrefslogtreecommitdiff
path: root/guix/systems/work/system.scm
diff options
context:
space:
mode:
authorJake Koroman <jake@jakekoroman.com>2025-05-30 14:41:33 -0400
committerJake Koroman <jake@jakekoroman.com>2025-05-30 14:41:33 -0400
commit5421a0480aac9ec5a1f05e37b19f85cbbdf8c0fc (patch)
tree9d38bda921af1c9a16fb05e37f285d47657b1da6 /guix/systems/work/system.scm
Ready. Set. Go!HEADmaster
Diffstat (limited to 'guix/systems/work/system.scm')
-rw-r--r--guix/systems/work/system.scm236
1 files changed, 236 insertions, 0 deletions
diff --git a/guix/systems/work/system.scm b/guix/systems/work/system.scm
new file mode 100644
index 0000000..32e24a6
--- /dev/null
+++ b/guix/systems/work/system.scm
@@ -0,0 +1,236 @@
+(define-module (systems work system)
+ #:use-module (systems work home)
+
+ #:use-module (gnu)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages chromium)
+ #:use-module (gnu packages containers)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages emacs)
+ #:use-module (gnu packages emacs-xyz)
+ #:use-module (gnu packages file)
+ #:use-module (gnu packages fonts)
+ #:use-module (gnu packages freedesktop)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages libreoffice)
+ #:use-module (gnu packages librewolf)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages mail)
+ #:use-module (gnu packages password-utils)
+ #:use-module (gnu packages rdesktop)
+ #:use-module (gnu packages samba)
+ #:use-module (gnu packages suckless)
+ #:use-module (gnu packages terminals)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu packages vpn)
+ #:use-module (gnu packages wm)
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages xorg)
+
+ #:use-module (nongnu packages linux)
+ #:use-module (nongnu packages mozilla)
+ #:use-module (nongnu system linux-initrd)
+
+ #:use-module (gnu services containers)
+ #:use-module (gnu services cups)
+ #:use-module (gnu services desktop)
+ #:use-module (gnu services guix)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services pm)
+ #:use-module (gnu services sddm)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu services xorg)
+
+ #:use-module (gnu system accounts))
+
+(define %system-user-name "jake")
+
+(define %nonguix-signing-key
+ (plain-file "non-guix.pub"
+ "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
+
+(define %desktop-packages
+ (list i3-wm i3status xrdb xterm font-iosevka ungoogled-chromium firefox librewolf
+ brightnessctl network-manager-applet dmenu curl btop git (list git "send-email")
+ password-store pass-otp rofi pinentry-rofi gnupg amdgpu-firmware
+ xdg-utils xss-lock file netcat-openbsd podman podman-compose xinit))
+
+(define %work-packages
+ (list samba cifs-utils openconnect libreoffice freerdp))
+
+(define %zsa-voyager-rules
+ (udev-rule "50-zsa.rules"
+ "
+# Rules for Oryx web flashing and live training
+KERNEL==\"hidraw*\", ATTRS{idVendor}==\"16c0\", MODE=\"0664\", GROUP=\"plugdev\"
+KERNEL==\"hidraw*\", ATTRS{idVendor}==\"3297\", MODE=\"0664\", GROUP=\"plugdev\"
+# Keymapp Flashing rules for the Voyager
+SUBSYSTEMS==\"usb\", ATTRS{idVendor}==\"3297\", MODE:=\"0666\", SYMLINK+=\"ignition_dfu\"
+"))
+
+(define garbage-collect-timer
+ (shepherd-timer '(garbage-collection) "0 16 * * 5"
+ #~("/run/current-system/profile/bin/guix"
+ "gc" "-d" "2m" "-F" "100G") ;; 100GB bc /gun/store is on the root partition which is ~512G.
+ #:documentation "Garbage collect at 16:00 every friday."
+ #:requirement '(guix-daemon)))
+
+(define updatedb-timer
+ (shepherd-timer '(updatedb) "0 12 * * *"
+ #~(#$(file-append findutils "/bin/updatedb")
+ "--prunepaths=/tmp /var/tmp /gnu/store")
+ #:documentation "Update file db every day at 12:00"
+ #:requirement '(user-processes)))
+
+(operating-system
+ (kernel linux)
+ (initrd microcode-initrd)
+ (firmware (list linux-firmware))
+ (locale "en_CA.utf8")
+ (timezone "America/Toronto")
+ (keyboard-layout
+ (keyboard-layout
+ "us"
+ #:options '("ctrl:nocaps")))
+ (host-name "work")
+
+ ;; The list of user accounts ('root' is implicit).
+ (users (cons* (user-account
+ (name %system-user-name)
+ (comment "Jake")
+ (group "users")
+ (home-directory "/home/jake")
+ (supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
+ %base-user-accounts))
+ (groups (cons* (user-group
+ (name "plugdev"))
+ %base-groups))
+
+ (packages (append %desktop-packages
+ %work-packages
+ %base-packages))
+
+ (setuid-programs %default-privileged-programs)
+ (name-service-switch %mdns-host-lookup-nss)
+
+ (services
+ (append (list
+ (service openssh-service-type)
+ (service tor-service-type)
+ (service cups-service-type
+ (cups-configuration
+ (extensions (list cups-filters))
+ (web-interface? #t)))
+ (service tlp-service-type)
+
+ (simple-service 'extra-hosts hosts-service-type
+ (list (host "10.172.91.160" "milton-myaccount.erthcorp.com")))
+
+ (udev-rules-service 'zsa-voyager %zsa-voyager-rules)
+
+ ;; (service sddm-service-type)
+ (set-xorg-configuration
+ (xorg-configuration (keyboard-layout keyboard-layout)))
+ ;; sddm-service-type)
+
+ (service rootless-podman-service-type
+ (rootless-podman-configuration
+ (subgids
+ (list (subid-range (name %system-user-name))))
+ (subuids
+ (list (subid-range (name %system-user-name))))))
+ (service iptables-service-type)
+
+ (simple-service 'my-timers
+ shepherd-root-service-type
+ (list
+ updatedb-timer
+ garbage-collect-timer))
+
+ (service guix-home-service-type
+ `((,%system-user-name ,work-home-config))))
+
+ (modify-services %desktop-services
+ (guix-service-type config => (guix-configuration
+ (inherit config)
+ ;; XXX: seems to break NetworkManager
+ ;; https://issues.guix.gnu.org/78047#4
+ ;; (privileged? #f)
+ (substitute-urls
+ (append (list "https://substitutes.nonguix.org")
+ %default-substitute-urls))
+ (authorized-keys
+ (cons* %nonguix-signing-key
+ %default-authorized-guix-keys))))
+ (delete gdm-service-type))))
+
+ (bootloader
+ (bootloader-configuration
+ (bootloader grub-efi-bootloader)
+ (targets (list "/boot/efi"))
+ (keyboard-layout keyboard-layout)))
+
+ (mapped-devices
+ (list
+ (mapped-device
+ (source (uuid "b218be66-7f59-4990-8775-9abe9bec45fb"))
+ (target "enc")
+ (type luks-device-mapping))))
+
+ (file-systems (cons*
+ (file-system
+ (mount-point "/")
+ (device "/dev/mapper/enc")
+ (options "subvol=root")
+ (flags '(no-atime))
+ (type "btrfs")
+ (dependencies mapped-devices))
+ (file-system
+ (mount-point "/gnu")
+ (device "/dev/mapper/enc")
+ (options "subvol=gnu")
+ (flags '(no-atime))
+ (type "btrfs")
+ (dependencies mapped-devices))
+ (file-system
+ (mount-point "/home")
+ (device "/dev/mapper/enc")
+ (options "subvol=home")
+ (flags '(no-atime))
+ (type "btrfs")
+ (dependencies mapped-devices))
+ (file-system
+ (mount-point "/boot")
+ (device "/dev/mapper/enc")
+ (options "subvol=boot")
+ (type "btrfs")
+ (dependencies mapped-devices))
+ (file-system
+ (mount-point "/boot/efi")
+ (device (uuid "ACA4-E018" 'fat32))
+ (type "vfat"))
+ (file-system
+ (mount-point "/media/nas")
+ (type "nfs")
+ (device "192.168.0.95:/mnt/md0/public")
+ (options "user,rw")
+ (mount? #f)
+ (create-mount-point? #t))
+ (file-system
+ (mount-point "/media/s")
+ (type "cifs")
+ (device "//mhshare.miltonhydro.com/shared")
+ (options "user,gid=users,credentials=/root/smb-creds,forcegid")
+ (mount? #f)
+ (create-mount-point? #t))
+ (file-system
+ (mount-point "/media/r")
+ (type "cifs")
+ (device "//mhreport.miltonhydro.com/inetpub")
+ (options "user,gid=users,credentials=/root/smb-creds,forcegid")
+ (mount? #f)
+ (create-mount-point? #t))
+ %base-file-systems)))
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-16 09:59:51 +0000