1 files changed, 77 insertions, 0 deletions

diff --git a/nonguix/transformations.scm b/nonguix/transformations.scm
new file mode 100644
index 00000000..ea381274
--- /dev/null
+++ b/nonguix/transformations.scm
@@ -0,0 +1,77 @@
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+;;; Copyright © 2025 Hilton Chain <hako@ultrarare.space>
+
+(define-module (nonguix transformations)
+  #:use-module (guix channels)
+  #:use-module (guix diagnostics)
+  #:use-module (guix gexp)
+  #:use-module (guix i18n)
+  #:use-module (guix packages)
+  #:use-module (gnu system)
+  #:use-module (nongnu system linux-initrd)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (nongnu services nvidia)
+  #:use-module (gnu packages package-management)
+  #:use-module (nongnu packages linux)
+  #:use-module (nongnu packages nvidia)
+  #:export (nonguix-transformation-guix))
+
+(define* (nonguix-transformation-guix #:key (substitutes? #t)
+                                      (channel? #t)
+                                      (guix-source? #f))
+  "Return a procedure that transforms an operating system, setting up Nonguix
+signing key for the Guix daemon.
+
+Additionally, SUBSTITUTES? (default: #t) sets up the substitute server,
+CHANNEL? (default: #t) adds Nonguix channel specification into
+'/etc/guix/channels.scm' and GUIX-SOURCE? (default: #f) builds Nonguix channel
+into the default Guix.
+
+FIXME: GUIX-SOURCE? is disabled by default due to performance issue."
+
+  (define %nonguix-signing-key
+    (plain-file "nonguix.pub" "
+(public-key
+ (ecc
+  (curve Ed25519)
+  (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
+
+  (define %nonguix-channel
+    (channel
+      (name 'nonguix)
+      (url "https://gitlab.com/nonguix/nonguix")
+      ;; Enable signature verification:
+      (introduction
+       (make-channel-introduction
+        "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
+        (openpgp-fingerprint
+         "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5")))))
+
+  (lambda (os)
+    (operating-system
+      (inherit os)
+      (services
+       (modify-services (operating-system-user-services os)
+         (guix-service-type
+          config => (guix-configuration
+                     (inherit config)
+                     (channels
+                      (let ((configured-channels
+                             (guix-configuration-channels config)))
+                        (if channel?
+                            (cons %nonguix-channel
+                                  (or configured-channels %default-channels))
+                            configured-channels)))
+                     (guix
+                      (if guix-source?
+                          (guix-for-channels channels)
+                          (guix-configuration-guix config)))
+                     (authorized-keys
+                      (cons %nonguix-signing-key
+                            (guix-configuration-authorized-keys config)))
+                     (substitute-urls
+                      `(,@(guix-configuration-substitute-urls config)
+                        ,@(if substitutes?
+                              '("https://substitutes.nonguix.org")
+                              '()))))))))))