summaryrefslogtreecommitdiff
path: root/px/system
diff options
context:
space:
mode:
authorFranz Geffke <franz@pantherx.org>2023-06-25 16:07:34 +0100
committerFranz Geffke <franz@pantherx.org>2023-06-25 16:07:34 +0100
commit54b4056ac571611892c743b65f4c47dc298c49da (patch)
tree36e4a84137d2b9bc9a241cf82563da6114bf6189 /px/system
initial commit
Diffstat (limited to 'px/system')
-rw-r--r--px/system/config.scm223
-rw-r--r--px/system/config/config205
-rw-r--r--px/system/config/pxconfig11
-rw-r--r--px/system/install.scm28
-rw-r--r--px/system/os.scm319
-rw-r--r--px/system/raspberry.scm255
6 files changed, 1041 insertions, 0 deletions
diff --git a/px/system/config.scm b/px/system/config.scm
new file mode 100644
index 0000000..6ec4f4c
--- /dev/null
+++ b/px/system/config.scm
@@ -0,0 +1,223 @@
+;;; PantherX System Configuration Module
+;;; This module supports configuration modules for PantherX OS definitions
+;;;
+;;; Reza Alizadeh Majd <r.majd@pantherx.org>
+;;; Franz Geffke <franz@pantherx.org>
+;;;
+
+(define-module (px system config)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader u-boot)
+ #:use-module (gnu services)
+ #:use-module (gnu system)
+ #:use-module (gnu system accounts)
+ #:use-module (gnu system nss)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system shadow)
+ #:use-module (nongnu packages linux)
+ #:use-module (nongnu system linux-initrd)
+ #:use-module (px packages base)
+ #:use-module (px services base)
+ #:use-module (px system os)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:export (px-core-os
+
+ px-desktop-os
+ px-desktop-ee-os
+ px-new-desktop
+
+ px-server-os
+ px-server-ee-os
+
+ px-core-arm-os
+ px-gui-arm-os
+ px-desktop-arm-os
+
+ %px-server-open-ports-common)
+
+;; Re-export for convenience
+#:re-export (%px-core-services
+
+ px-desktop-service-type
+
+ %px-desktop-services
+ %px-desktop-ee-services
+
+ %px-server-services
+ %px-server-ee-services
+
+ %px-core-arm-services
+ %px-gui-arm-services
+ %px-desktop-arm-services
+
+ %px-core-packages
+
+ %px-desktop-packages-gtk
+ %px-desktop-packages-qt
+ %px-desktop-packages
+ %px-desktop-ee-packages
+
+ %px-server-packages
+ %px-server-ee-packages
+ %px-core-arm-packages
+ %px-gui-arm-packages))
+
+;;;
+;;; PantherX Desktop OS defintions
+;;;
+
+(define %px-desktop-swap-devices
+ (list (swap-space (target "/swapfile"))))
+
+(define %px-server-open-ports-common
+ '(("tcp" "ssh" "http" "https")))
+
+;;;
+;;; CORE
+;;;
+
+(define* (px-core-os os-config #:key
+ (kernel 'libre)
+ (templates '())
+ (open-ports #f)
+ (authorized-keys '()))
+ "returns operating-system definition for px-core-os, based on config"
+ (make-os os-config
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-core-packages
+ #:default-services %px-core-services))
+
+;;;
+;;; DESKTOP
+;;;
+
+(define* (px-desktop-os os-config #:key
+ (kernel 'nonlibre)
+ (templates '())
+ (open-ports #f)
+ (authorized-keys '()))
+ (make-os (operating-system
+ (inherit os-config)
+ (swap-devices
+ (prepare-swap-devices os-config %px-desktop-swap-devices)))
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-desktop-packages
+ #:default-services %px-desktop-services))
+
+(define* (px-desktop-ee-os os-config #:key
+ (kernel 'nonlibre)
+ (templates '())
+ (open-ports #f)
+ (authorized-keys '()))
+ (make-os (operating-system
+ (inherit os-config)
+ (swap-devices
+ (prepare-swap-devices os-config %px-desktop-swap-devices)))
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-desktop-ee-packages
+ #:default-services %px-desktop-ee-services))
+
+(define* (px-new-desktop os-config #:key
+ (kernel 'nonlibre)
+ (open-ports #f)
+ (authorized-keys '())
+ (templates '()))
+ (make-os os-config
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-desktop-packages
+ #:default-services %px-desktop-services))
+
+;;;
+;;; SERVER
+;;;
+
+(define* (px-server-os os-config #:key
+ (kernel 'libre)
+ (templates '())
+ (open-ports %px-server-open-ports-common)
+ (authorized-keys '()))
+ (make-os os-config
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-server-packages
+ #:default-services %px-server-services))
+
+(define* (px-server-ee-os os-config #:key
+ (kernel 'libre)
+ (templates '())
+ (open-ports %px-server-open-ports-common)
+ (authorized-keys '()))
+ (make-os os-config
+ #:kernel kernel
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates templates
+ #:default-packages %px-server-ee-packages
+ #:default-services %px-server-ee-services))
+
+
+;;;
+;;; ARM
+;;;
+
+(define px-core-arm-os
+ (operating-system
+ (host-name "pantherx")
+ (timezone "Europe/Berlin")
+ (locale "en_US.utf8")
+
+ (bootloader (bootloader-configuration
+ (bootloader u-boot-bootloader)
+ (targets '("/dev/vda"))))
+
+ (file-systems (cons (file-system
+ (device "/dev/sda1")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ (users (cons* (user-account
+ (name "panther")
+ (comment "default user")
+ (group "users")
+ (password (crypt "pantherx" "$6$abc"))
+ (supplementary-groups '("wheel" "netdev" "lp"
+ "video" "audio")))
+ %base-user-accounts))
+
+ (packages %px-core-arm-packages)
+ (services %px-core-arm-services)
+ (name-service-switch %mdns-host-lookup-nss)))
+
+(define px-gui-arm-os
+ (operating-system
+ (inherit px-core-arm-os)
+ (host-name "pantherx")
+ (packages %px-gui-arm-packages)
+ (services %px-gui-arm-services)))
+
+(define (px-desktop-arm-os os-config)
+ (let ((selected-packages (prepare-packages os-config %px-desktop-arm-packages))
+ (selected-services (prepare-services os-config %px-desktop-arm-services)))
+ (operating-system
+ (inherit os-config)
+
+ (packages selected-packages)
+ (services selected-services)
+
+ (name-service-switch %mdns-host-lookup-nss)))) \ No newline at end of file
diff --git a/px/system/config/config b/px/system/config/config
new file mode 100644
index 0000000..c919b65
--- /dev/null
+++ b/px/system/config/config
@@ -0,0 +1,205 @@
+;; This is an operating system configuration template
+;; for PantherX core Desktop
+
+(use-modules (gnu)
+ (gnu system nss)
+ (gnu packages fonts)
+ (gnu packages gnuzilla)
+ (gnu packages gnome)
+ (gnu packages qt)
+ (gnu packages rsync)
+ (gnu packages vim)
+ (guix build utils)
+ (px packages accounts)
+ (px packages user-services)
+ (px packages themes)
+ (px packages desktop)
+ (px packages software)
+ (px packages tarsnap)
+ (px packages settings)
+ (px packages hub)
+ (srfi srfi-1))
+
+
+(load "pxconfig.scm")
+(use-modules (pxconfig))
+
+;; Yeap! We really need to organize those package more logically ...
+
+(use-service-modules desktop networking ssh xorg sddm dbus avahi)
+(use-package-modules connman screen ssh certs tls version-control lxqt xorg)
+
+
+;;
+;; PantherX Packages Definition
+;;
+(define %panther-packages
+ (cons* px-user-services
+
+ ;; PantherX Desktop Applications
+ px-software
+ px-settings-ui
+
+ ;; px-accounts-service related plugins
+ px-accounts-service-plugin-oauth2-github
+ px-accounts-service-plugin-oauth2-mastodon
+ px-accounts-service-plugin-oauth2-google
+
+ ;; px-hub-service related plugins
+ px-hub-service-plugin-mastodon
+
+ ;; px-settings-service related plugins
+ px-settings-service-plugin-accounts
+ px-settings-service-plugin-software
+
+ %base-packages))
+
+
+;;
+;; PantherX Services Definition
+;;
+(define %panther-services
+ (cons*
+ ;; Desktopp
+ (service sddm-service-type
+ (sddm-configuration
+ (minimum-uid 1000)
+ (theme "darkine")))
+ (service elogind-service-type)
+ (service udisks-service-type)
+ (service dbus-root-service-type)
+ (service colord-service-type)
+ (service polkit-service-type)
+ (service ntp-service-type)
+ (service avahi-service-type)
+ (service upower-service-type)
+
+ ;; network configuration
+ (service openssh-service-type
+ (openssh-configuration
+ (port-number 22)
+ (permit-root-login 'without-password)
+ (authorized-keys
+ `())))
+ (service wpa-supplicant-service-type)
+ (service connman-service-type
+ (connman-configuration
+ (disable-vpn? #f)))
+
+ ;; System Services
+ ;; We need to Authorize public key of PantherX build server
+ ;; before using this new configuration on core image:
+ ;; $ guix archive --authorize < path/to/signing-key.pub
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-configuration
+ (substitute-urls '("https://ci.guix.gnu.org"
+ "https://build.pantherx.org")))))))
+
+;;
+;; PantherX Skeleton Fils Definition
+;;
+(define (pantherx-skeletons)
+ (define mkpath
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p #$output))))
+
+ (let ((gtk2 "\
+# Created by lxqt-config-appearance (DO NOT EDIT!)
+gtk-theme-name = \"Breeze\"
+gtk-icon-theme-name = \"breeze\"
+gtk-font-name = \"Source Sans Pro 11\"
+gtk-button-images = 1
+gtk-menu-images = 1
+gtk-toolbar-style = GTK_TOOLBAR_BOTH_HORIZ")
+ (gtk3 "\
+# Created by lxqt-config-appearance (DO NOT EDIT!)
+[Settings]
+gtk-theme-name = Breeze
+gtk-icon-theme-name = breeze
+# GTK3 ignores bold or italic attributes.
+gtk-font-name = Source Sans Pro 11
+gtk-menu-images = 1
+gtk-button-images = 1
+gtk-toolbar-style = GTK_TOOLBAR_BOTH_HORIZ")
+ (pcmanfmqt "\
+[Desktop]
+Wallpaper=/run/current-system/profile/share/wallpapers/pantherx/wallpaper.jpg
+WallpaperMode=zoom"))
+ (append
+ `((".config/guix" ,(computed-file "channels_dir" mkpath))
+ (".gtkrc-2.0" ,(plain-file "gtk2" gtk2))
+ (".config/gtk-3.0" ,(computed-file "gtk3_dir" mkpath))
+ (".config/gtk-3.0/settings.ini" ,(plain-file "gtk3" gtk3))
+ (".config/pcmanfm-qt/lxqt" ,(computed-file "pcmanfmqt_dir" mkpath))
+ (".config/pcmanfm-qt/lxqt/settings.conf" ,(plain-file "pcmanfmqt" pcmanfmqt)))
+ (default-skeletons)
+ )))
+
+
+(load "pxconfig.scm")
+(use-modules (pxconfig))
+
+;;
+;; Operating System Definition
+;;
+(operating-system
+ (host-name hostname)
+ (timezone timezone)
+ (locale locale)
+
+ ;; Boot in "legacy" BIOS mode
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/sda")))
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ ;; in case of low memory occurence during build, you need to uncomment
+ ;; `swap-devices` section and perform these steps before reconfigure:
+ ;;
+ ;; 1. fallocate -l 1G /swapfile
+ ;; 2. chmod 600 /swapfile
+ ;; 3. mkswap /swapfile
+ ;; 4. swapon /swapfile
+ ; (swap-devices '("/swapfile"))
+
+ ;; The "root" account is implicit
+ (users (cons (user-account
+ (name username)
+ (comment comment)
+ (group groupname)
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer. Adding it to "audio"
+ ;; and "video" allows the user to play sound
+ ;; and access the webcam.
+ (supplementary-groups '("wheel"
+ "audio" "video"))
+ (home-directory (string-append "/home/" username)))
+ %base-user-accounts))
+
+ (skeletons (pantherx-skeletons))
+
+ ;; Globally-installed packages.
+ (packages (cons* openssh nss-certs gnutls
+ git vim rsync ;; development
+ screen ;; terminal window manager
+ ;; Desktop
+ px-desktop-dev ;; desktop
+ ;; PantherX stuff for desktop
+ ;; tarsnap
+ ;; build failed: px-settings-service
+ ;; Temporary - to reduce compile times
+ ;; qtwebkit
+ %panther-packages))
+
+ ;; Add services to the baseline
+ (services %panther-services)
+
+ ;; Allow resolution of '.local' host names with mDNS.
+ (name-service-switch %mdns-host-lookup-nss))
diff --git a/px/system/config/pxconfig b/px/system/config/pxconfig
new file mode 100644
index 0000000..f30b93b
--- /dev/null
+++ b/px/system/config/pxconfig
@@ -0,0 +1,11 @@
+
+(define-module (pxconfig)
+ #:export (username comment groupname timezone locale hostname)
+ #:declarative? #f)
+
+(define username "panther")
+(define comment "-")
+(define groupname "users")
+(define hostname "my-computer.local")
+(define timezone "Europe/Berlin")
+(define locale "en_US.UTF-8")
diff --git a/px/system/install.scm b/px/system/install.scm
new file mode 100644
index 0000000..14263b3
--- /dev/null
+++ b/px/system/install.scm
@@ -0,0 +1,28 @@
+;;; PantherX disk image configuration file
+;;;
+;;; Author: Reza Alizadeh Majd <r.majd@PantherX.org>
+;;; Version: 1.0.0
+;;; Time-stamp: <2022-02-09 21:33:50 reza>
+
+;; Generate a bootable image (e.g. for USB sticks, etc.) with:
+;; $ guix system disk-image path/to/px-install.scm
+;; Using Guix time-machine
+;; $ guix time-machine --channels=/path/to/channels.scm -- system disk-image /path/to/px-install.scm
+
+(define-module (px system install)
+ #:use-module (gnu system)
+ #:use-module (gnu system install)
+ #:use-module (nongnu packages linux)
+ #:use-module (px packages setup)
+ #:export (installation-os-nonfree))
+
+(define px-installation-os
+ (operating-system
+ (inherit installation-os)
+ (kernel linux)
+ (firmware (list linux-firmware))
+
+ (packages (cons* px-install
+ (operating-system-packages installation-os)))))
+
+px-installation-os
diff --git a/px/system/os.scm b/px/system/os.scm
new file mode 100644
index 0000000..cdff7e8
--- /dev/null
+++ b/px/system/os.scm
@@ -0,0 +1,319 @@
+(define-module (px system os)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader grub)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system linux-initrd)
+ #:use-module (gnu system nss)
+ #:use-module (nongnu packages linux)
+ #:use-module (nongnu system linux-initrd)
+ #:use-module (guix gexp)
+ #:use-module (guix git-download)
+ #:use-module (guix packages)
+ #:use-module (guix records)
+ #:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
+ #:export (make-os
+
+ os-template
+ os-template-service
+
+ ;; used in px system config
+ prepare-packages
+ prepare-services
+ prepare-swap-devices
+
+ ;; used in ee repo
+ adjust-bootloader-theme
+
+ ;; This is not used anywhere
+ ;; %px-artwork-repository
+ ;; %px-grub-theme
+
+ ;; %px-substitute-server-url
+ ;; %px-substitute-server-key
+ ;; apply-px-substitute-server
+ ))
+
+;;;
+;;; Templates
+;;;
+
+(define-record-type* <os-template-service>
+ os-template-service make-os-template-service
+ os-template-service?
+ (type os-template-service-type) ; type of modification required: 'add 'edit 'delete
+ (kind os-template-service-kind) ; service-kind that needs to be matched
+ (action os-template-service-action ; action to be applied on service
+ (default #f)))
+
+(define-record-type* <os-template>
+ os-template make-os-template
+ os-template?
+ (title os-template-title)
+ (firmwares os-template-firmwares ; list of firmwares to be installed
+ (default '()))
+ (packages os-template-packages ; list of <package> to be installed
+ (default '()))
+ (services os-template-services ; list of <os-template-service>
+ (default '())))
+
+(define (apply-template-firmwares initial-firmwares template-firmwares)
+ (fold (lambda (firmware result)
+ (if (memq firmware result)
+ result
+ (cons firmware result)))
+ initial-firmwares
+ template-firmwares))
+
+(define (apply-template-package-imports initial-packages template-packages)
+ (fold (lambda (pkg result)
+ (if (memq pkg result)
+ result
+ (cons pkg result)))
+ initial-packages
+ template-packages))
+
+(define (apply-template-service-modifications initial-services template-services)
+ (fold (lambda (svc result)
+ (match svc
+ (($ <os-template-service> type kind action)
+ (case type
+ ((add) (cons (if action
+ (service kind action)
+ (service kind))
+ result))
+ ((edit) (modify-services result
+ (kind config => (action config))))
+ ((delete) (remove (lambda (s)
+ (eq? (service-kind s) kind))
+ result))
+ (else result)))))
+ initial-services
+ template-services))
+
+(define (apply-templates os-configuration os-templates)
+ (fold (lambda (template result)
+ (let ((target-firmwares (apply-template-firmwares
+ (operating-system-firmware os-configuration)
+ (os-template-firmwares template)))
+ (target-packages (apply-template-package-imports
+ (operating-system-packages result)
+ (os-template-packages template)))
+ (target-services (apply-template-service-modifications
+ (operating-system-user-services result)
+ (os-template-services template))))
+ (operating-system
+ (inherit result)
+ (firmware target-firmwares)
+ (packages target-packages)
+ (services target-services))))
+ os-configuration
+ os-templates))
+
+;;
+;; Firewall customization
+;;
+
+(define (make-firewall-rules open-ports)
+ (define (make-port-rules open-ports status)
+ "Generate list of strings each is a port/service rule for nftables"
+ (reduce-right append '()
+ (map (match-lambda
+ ((protocol ports ...)
+ (map (lambda (port)
+ (string-append " " protocol " dport " port " " status))
+ ports)))
+ open-ports)))
+ (let ((port-rules (make-port-rules open-ports "accept")))
+ (plain-file "nftables"
+ (string-append
+ "#PantherX firewall rules\n"
+ "table inet filter {\n"
+ " chain input {\n"
+ " type filter hook input priority 0; policy drop;\n"
+ " # early drop of invalid connections\n"
+ " ct state invalid drop\n"
+ " # allow established/related connections\n"
+ " ct state { established, related } accept\n"
+ " # allow from loopback\n"
+ " iifname lo accept\n"
+ " # allow icmp\n"
+ " ip protocol icmp accept\n"
+ " ip6 nexthdr icmpv6 accept\n"
+ (string-join port-rules "\n" 'suffix)
+ " # reject everything else\n"
+ " reject with icmpx type port-unreachable\n"
+ " }\n"
+ " chain forward {\n"
+ " type filter hook forward priority 0; policy drop;\n"
+ " }\n"
+ " chain output {\n"
+ " type filter hook output priority 0; policy accept;\n"
+ " }\n"
+ "}\n"))))
+
+;;
+;; OS customization
+;;
+
+(define %px-artwork-repository
+ (let ((commit "ecfd456e814a59e3b6743bcda83eab5d5c12ae99"))
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.pantherx.org/development/desktop/px-artwork.git")
+ (commit commit)))
+ (file-name (string-append "px-artwork-" (string-take commit 7)
+ "-checkout"))
+ (sha256
+ (base32
+ "06i47c8qp239c9rgkcizk3jd8rld4qbx90s5gg1a1rw1x90p245z")))))
+
+(define %px-grub-theme
+ (grub-theme
+ (image (file-append %px-artwork-repository
+ "/grub/PantherX-4-3.svg"))))
+
+(define %px-substitute-server-url
+ "https://packages.pantherx.org")
+
+(define %px-substitute-server-key
+ (plain-file "packages.pantherx.org.pub"
+ "(public-key
+ (ecc
+ (curve Ed25519)
+ (q #E8322D13EA02C09F06CB70FDA2ABBFD5E463F2AA34C18C692F5E25858F4E315D#)
+ )
+ )
+"))
+
+(define (adjust-bootloader-theme config)
+ (let* ((bootloader-config (operating-system-bootloader config))
+ (bootloader (bootloader-configuration-bootloader bootloader-config)))
+ (case (bootloader-name bootloader)
+ ((grub grub-efi)
+ (bootloader-configuration
+ (inherit bootloader-config)
+ (theme %px-grub-theme)))
+ (else bootloader-config))))
+
+(define (prepare-packages config default-packages)
+ "Check if custom packages provided in system configuration file or not.
+return @code{default-packages} if there was no modifications applied."
+ (let ((package-list (operating-system-packages config)))
+ (if (eq? package-list %base-packages)
+ default-packages
+ package-list)))
+
+(define (prepare-services config default-services)
+ "Check if custom services provided in system configuration file or not.
+return @code{default-services} if there is no modification applied."
+ (let ((service-list (operating-system-user-services config)))
+ (if (eq? service-list %base-services)
+ default-services
+ service-list)))
+
+(define (prepare-swap-devices config default-value)
+ "Check if custom definition provided for swap-devices or not.
+return @code{defaule-value} if there is no modification applied."
+ (let ((devices (operating-system-swap-devices config)))
+ (if (eq? devices '())
+ default-value
+ devices)))
+
+(define (prepare-kernel config kernel)
+ (case kernel
+ ((libre) linux-libre)
+ ((nonlibre) linux)
+ (else (operating-system-kernel config))))
+
+(define (prepare-initrd config kernel)
+ (case kernel
+ ((libre) base-initrd)
+ ((nonlibre) microcode-initrd)
+ (else (operating-system-initrd config))))
+
+(define (prepare-firmwares config kernel)
+ (case kernel
+ ((libre) %base-firmware)
+ ((nonlibre) (list linux-firmware))
+ (else (operating-system-firmware config))))
+
+;;
+;; OS config generation
+;;
+
+(define (apply-px-substitute-server guix-config)
+ (let ((existing-urls (guix-configuration-substitute-urls guix-config))
+ (existing-keys (guix-configuration-authorized-keys guix-config)))
+ (guix-configuration
+ (inherit guix-config)
+ (substitute-urls (append (list %px-substitute-server-url)
+ existing-urls))
+ (authorized-keys (append (list %px-substitute-server-key)
+ existing-keys)))))
+
+(define* (make-os config #:key
+ (kernel 'libre)
+ (open-ports #f)
+ (authorized-keys '())
+ (templates '())
+ default-packages
+ default-services)
+ "Create <operating-system> definition based on provided templates and default
+packages and services"
+
+ (define (apply-firewall-rules config)
+ (nftables-configuration
+ (inherit config)
+ (ruleset (if open-ports
+ (make-firewall-rules open-ports)
+ (nftables-configuration-ruleset config)))))
+ (define (apply-authorized-keys config)
+ (if (> (length authorized-keys) 0)
+ (openssh-configuration
+ (inherit config)
+ (authorized-keys authorized-keys))
+ config))
+ (define (apply-swap-changes config)
+ (let ((devices (operating-system-swap-devices config)))
+ (if (eq? devices '())
+ (list (swap-space (target "/swapfile")))
+ devices)))
+ (let ((target-kernel (prepare-kernel config kernel))
+ (target-initrd (prepare-initrd config kernel))
+ (target-firmwares (prepare-firmwares config kernel))
+ (target-bootloader (adjust-bootloader-theme config))
+ (target-packages (prepare-packages config default-packages))
+ (target-services (prepare-services config default-services)))
+ (apply-templates
+ (operating-system
+ (inherit config)
+ (bootloader target-bootloader)
+ (kernel target-kernel)
+ (initrd target-initrd)
+ (firmware target-firmwares)
+ (swap-devices (apply-swap-changes config))
+
+ (packages target-packages)
+ (services (fold (lambda (svc result)
+ (let ((type (service-kind svc))
+ (value (service-value svc)))
+ (cond
+ ((eq? type guix-service-type)
+ (cons (service guix-service-type (apply-px-substitute-server value)) result))
+ ((eq? type nftables-service-type)
+ (cons (service nftables-service-type (apply-firewall-rules value)) result))
+ ((eq? type openssh-service-type)
+ (cons (service openssh-service-type (apply-authorized-keys value)) result))
+ (else (cons svc result)))))
+ '()
+ target-services))
+ (name-service-switch %mdns-host-lookup-nss))
+ templates)))
diff --git a/px/system/raspberry.scm b/px/system/raspberry.scm
new file mode 100644
index 0000000..f63c69c
--- /dev/null
+++ b/px/system/raspberry.scm
@@ -0,0 +1,255 @@
+(define-module (px system raspberry)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu image)
+ #:use-module (gnu services)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system image)
+ #:use-module (gnu system nss)
+ #:use-module (gnu system shadow)
+ #:use-module (guix gexp)
+ #:use-module (guix platforms arm)
+ #:use-module (nongnu packages linux)
+ #:use-module (px bootloader u-boot)
+ #:use-module (px system os)
+ #:use-module (px hardware raspberrypi)
+ #:use-module (px packages base)
+ #:use-module (px packages bootloaders)
+ #:use-module (px packages linux)
+ #:use-module (px services base)
+ #:use-module (px services device)
+ #:use-module (px system config)
+ #:use-module (srfi srfi-26)
+ #:export (%raspberrypi-config-params
+ %raspberrypi-cmdline-params
+ raspberrypi-gui-os
+ raspberrypi-gui-image
+
+ %reterminal-config-params
+ %reterminal-cmdline-params
+ reterminal-image-type
+
+ %reterminal-core-packages
+ %reterminal-core-services
+ reterminal-core-os
+ reterminal-core-image
+
+ %reterminal-gui-packages
+ %reterminal-gui-services
+ reterminal-gui-os))
+
+
+(define %raspberrypi-config-params
+ (list "enable_uart=1"
+ "uart_2ndstage=1"
+ "arm_64bit=1"
+ "kernel=u-boot.bin"))
+
+
+(define %raspberrypi-cmdline-params
+ (list "root=LABEL=RASPIROOT rw rootwait"
+ "console=serial0,115200 console=tty1 console=ttyAMA0,115200"
+ "selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=N"
+ "dwc_otg.lpm_enable=0 kgdboc=serial0,115200"))
+
+
+(define (make-raspberrypi-boot-partition config cmdline)
+ (partition
+ (size (* 128 (expt 2 20)))
+ (label "BOOT")
+ (file-system "fat32")
+ (flags '())
+ (initializer
+ (gexp (lambda* (root #:key #:allow-other-keys)
+ (use-modules (guix build utils))
+ (mkdir-p root)
+ (copy-recursively #$(file-append u-boot-rpi-arm64 "/libexec/u-boot.bin" )
+ (string-append root "/u-boot.bin"))
+ (copy-recursively #$(file-append raspberrypi-firmware "/" ) root)
+ (copy-recursively #$(file-append seeed-reterminal-dtoverlays "/" )
+ (string-append root "/overlays"))
+ (copy-recursively #$(plain-file "config.txt"
+ (string-join config "\n"))
+ (string-append root "/config.txt"))
+ (copy-recursively #$(plain-file "cmdline.txt"
+ (string-join cmdline " "))
+ (string-append root "/cmdline.txt"))
+ )))))
+
+(define %raspberrypi-boot-partition
+ (make-raspberrypi-boot-partition %raspberrypi-config-params
+ %raspberrypi-cmdline-params))
+
+
+(define %raspberrypi-root-partition
+ (partition
+ (size 'guess)
+ (label "RASPIROOT")
+ (file-system "ext4")
+ (flags '(boot))
+ (initializer (gexp initialize-root-partition))))
+
+
+(define raspberrypi-image-type
+ (image-type
+ (name 'raspberrypi-raw)
+ (constructor (cut image-with-os
+ (image-without-os
+ (format 'disk-image)
+ (partitions (list %raspberrypi-boot-partition
+ %raspberrypi-root-partition)))
+ <>))))
+
+
+(define raspberrypi-gui-os
+ (operating-system
+ (inherit px-gui-arm-os)
+
+ (bootloader (bootloader-configuration
+ (bootloader u-boot-rpi-arm64-bootloader)
+ (targets '("/dev/vda"))
+ (device-tree-support? #f)))
+ (kernel linux-raspberry-5.15)
+ (kernel-arguments (cons* "cgroup_enable=memory"
+ %default-kernel-arguments))
+ (initrd-modules '())
+ (firmware (list raspberrypi-firmware
+ brcm80211-firmware
+ bluez-firmware))
+ (file-systems (cons* (file-system
+ (device (file-system-label "BOOT"))
+ (mount-point "/boot/firmware")
+ (type "vfat"))
+ (file-system
+ (device (file-system-label "RASPIROOT"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (services (cons* (service btuart-service-type)
+ %px-gui-arm-services))))
+
+
+(define raspberrypi-gui-image
+ (image
+ (inherit
+ (os+platform->image raspberrypi-gui-os aarch64-linux
+ #:type raspberrypi-image-type))
+ (partition-table-type 'mbr)
+ (name 'raspberrypi-gui-image)))
+
+;;
+;; SEEED reTerminal core configurations
+;;
+
+(define %reterminal-config-params
+ (cons* "dtoverlay=dwc2,dr_mode=host"
+ "dtparam=ant2"
+ "disable_splash=1"
+ "ignore_lcd=1"
+ "dtoverlay=vc4-kms-v3d-pi4"
+ "dtoverlay=i2c3,pins_4_5"
+ "gpio=13=pu"
+ "dtoverlay=reTerminal,tp_rotate=0"
+ "dtoverlay=reTerminal-bridge"
+ "dtoverlay=reTerminal,key0=0x043,key1=0x044,key2=0x057,key3=0x058"
+ "vt.global_cursor_default=0"
+ %raspberrypi-config-params))
+
+(define %reterminal-cmdline-params
+ %raspberrypi-cmdline-params)
+
+(define %reterminal-boot-partition
+ (make-raspberrypi-boot-partition %reterminal-config-params
+ %reterminal-cmdline-params))
+
+
+(define reterminal-image-type
+ (image-type
+ (name 'reterminal-image-raw)
+ (constructor (cut image-with-os
+ (image-without-os
+ (format 'disk-image)
+ (partitions (list %reterminal-boot-partition
+ %raspberrypi-root-partition)))
+ <>))))
+
+(define %reterminal-core-packages
+ %px-core-arm-packages)
+
+
+(define %reterminal-core-services
+ %px-core-arm-services)
+
+
+(define* (reterminal-core-os #:key (open-ports %px-server-open-ports-common)
+ (authorized-keys '()))
+ (make-os
+ (operating-system
+ (host-name "reterminal-core")
+ (timezone "Europe/Berlin")
+ (locale "en_US.utf8")
+
+ (bootloader (bootloader-configuration
+ (bootloader u-boot-rpi-arm64-bootloader)
+ (targets '("/dev/vda"))
+ (device-tree-support? #f)))
+ (initrd-modules '())
+ (kernel linux-raspberry-5.15)
+ (kernel-loadable-modules %reterminal-kernel-modules)
+ (kernel-arguments (cons* "cgroup_enable=memory"
+ %default-kernel-arguments))
+ (file-systems (cons* (file-system
+ (device (file-system-label "BOOT"))
+ (mount-point "/boot/firmware")
+ (type "vfat"))
+ (file-system
+ (device (file-system-label "RASPIBOOT"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "panther")
+ (comment "panther's account")
+ (group "users")
+ (password (crypt "pantherx" "$6$abc"))
+ (supplementary-groups '("wheel"
+ "audio" "video"))
+ (home-directory "/home/panther"))
+ %base-user-accounts))
+ (name-service-switch %mdns-host-lookup-nss))
+ #:kernel 'custom
+ #:open-ports open-ports
+ #:authorized-keys authorized-keys
+ #:templates (list %raspberry-pi-4-template
+ %seeed-reterminal-template)
+ #:default-packages %reterminal-core-packages
+ #:default-services %reterminal-core-services)
+ )
+
+(define reterminal-core-image
+ (image
+ (inherit
+ (os+platform->image (reterminal-core-os)
+ aarch64-linux
+ #:type reterminal-image-type))
+ (partition-table-type 'mbr)
+ (name 'reterminal-core-image)))
+
+;;
+;; SEEED reTerminal GUI configuration
+;;
+
+
+(define %reterminal-gui-packages
+ (cons* seeed-reterminal-dtoverlays
+ %px-gui-arm-packages))
+
+(define %reterminal-gui-services
+ %px-gui-arm-services)
+
+(define reterminal-gui-os
+ (operating-system
+ (inherit raspberrypi-gui-os)
+ (kernel-loadable-modules %reterminal-kernel-modules)
+ (packages %reterminal-gui-packages)
+ (services %reterminal-gui-services)))
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-04 07:22:42 +0000