diff options
| -rw-r--r-- | .examples/desktop-os-minimal.scm | 41 | ||||
| -rw-r--r-- | .examples/desktop-os.scm | 39 | ||||
| -rw-r--r-- | DOCS.md | 44 | ||||
| -rw-r--r-- | px/services/base.scm | 63 | ||||
| -rw-r--r-- | px/services/desktop.scm | 135 | ||||
| -rw-r--r-- | px/services/device.scm | 59 | ||||
| -rw-r--r-- | px/system/config.scm | 48 | ||||
| -rw-r--r-- | px/system/os.scm | 38 |
8 files changed, 208 insertions, 259 deletions
diff --git a/.examples/desktop-os-minimal.scm b/.examples/desktop-os-minimal.scm new file mode 100644 index 0000000..c036aa4 --- /dev/null +++ b/.examples/desktop-os-minimal.scm @@ -0,0 +1,41 @@ +;; PantherX OS Server Configuration + +(use-modules (gnu) + (gnu system) + (px system config)) + +(define %ssh-public-key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7gcLZzs2JiEx2kWCc8lTHOC0Gqpgcudv0QVJ4QydPg franz") + +(px-desktop-os + (operating-system + (host-name "px-base") + (timezone "Europe/Berlin") + (locale "en_US.utf8") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")))) + + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "panther") + (comment "panther's account") + (group "users") + ;; Set the default password to 'pantherx' + ;; Important: Change with 'passwd panther' after first login + (password (crypt "pantherx" "$6$abc")) + (supplementary-groups '("wheel" + "audio" "video")) + (home-directory "/home/panther")) + %base-user-accounts)) + + (services %px-desktop-minmal-services)) + + #:open-ports '(("tcp" "ssh")) + #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key)))) diff --git a/.examples/desktop-os.scm b/.examples/desktop-os.scm new file mode 100644 index 0000000..bc8a2b2 --- /dev/null +++ b/.examples/desktop-os.scm @@ -0,0 +1,39 @@ +;; PantherX OS Server Configuration + +(use-modules (gnu) + (gnu system) + (px system config)) + +(define %ssh-public-key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7gcLZzs2JiEx2kWCc8lTHOC0Gqpgcudv0QVJ4QydPg franz") + +(px-desktop-os + (operating-system + (host-name "px-base") + (timezone "Europe/Berlin") + (locale "en_US.utf8") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")))) + + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "panther") + (comment "panther's account") + (group "users") + ;; Set the default password to 'pantherx' + ;; Important: Change with 'passwd panther' after first login + (password (crypt "pantherx" "$6$abc")) + (supplementary-groups '("wheel" + "audio" "video")) + (home-directory "/home/panther")) + %base-user-accounts))) + + #:open-ports '(("tcp" "ssh")) + #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key)))) @@ -1,3 +1,47 @@ +## System Configuration Templates + +### Desktop + +- `px-desktop-os` +- `px-desktop-ee-os` + +#### Services + +Internally: + +- `%px-desktop-base-minimal-services` is great for custom-desktops, and excludes + - `sddm-service-type` + - `gnome-keyring-service-type` + - `openssh-service-type` +- `%px-desktop-base-services` is similiar to guix `%desktop-services` + +Stable: + +- `%px-desktop-minmal-services` (`%px-desktop-base-minimal-services`) + - Ideal for Sway +- `%px-desktop-services` (`%px-desktop-base-services`) + - Ideal for Gnome, LXQt, KDE, etc. +- `%px-desktop-ee-services` (`%px-desktop-base-services`) + +### Server + +- `px-server-os` +- `px-server-ee-os` + +#### Services + +- `%px-server-services` is %base-services, with: + - `openssh-service-type` (permit root login; disable password auth) + - `nftables-service-type` (firewall) + - `ntp-service-type` (time sync) + - `dhcp-client-service-type` (dhcp) +- `%px-server-ee-services` + +By default, the following ports are open: + +- 22 (SSH) +- 80 (HTTP) +- 443 (HTTPS) ## Services diff --git a/px/services/base.scm b/px/services/base.scm index 42911f2..93a71bb 100644 --- a/px/services/base.scm +++ b/px/services/base.scm @@ -6,34 +6,23 @@ ;;; (define-module (px services base) - #:use-module (gnu packages gnome) - #:use-module (gnu packages openbox) + #:use-module (guix gexp) + #:use-module (guix utils) + #:use-module (srfi srfi-1) #:use-module (gnu packages networking) - #:use-module (gnu packages security-token) - #:use-module (gnu packages xdisorg) #:use-module (gnu services) - #:use-module (gnu services avahi) #:use-module (gnu services base) - #:use-module (gnu services cups) - #:use-module (gnu services dbus) #:use-module (gnu services desktop) #:use-module (gnu services networking) - #:use-module (gnu services pm) - #:use-module (gnu services sddm) - #:use-module (gnu services sound) #:use-module (gnu services ssh) - #:use-module (gnu services xorg) - #:use-module (px packages desktop) + #:use-module (px services desktop) #:use-module (px services device) #:use-module (px services security-token) - #:use-module (guix gexp) - #:use-module (guix utils) - #:use-module (ice-9 match) - #:use-module (srfi srfi-1) + #:export (%px-core-services - %px-desktop-core-services + %px-desktop-minmal-services %px-desktop-services %px-desktop-ee-services @@ -42,51 +31,39 @@ ;;; ;;; CORE -;;; px-core-os services ;;; (define %px-core-services - (append (list - (service dhcp-client-service-type) - (service ntp-service-type)) + (append (list (service dhcp-client-service-type) + (service ntp-service-type)) %base-services)) ;;; ;;; DESKTOP -;;; px-desktop-os services -;;; px-desktop-ee-os services ;;; -(define %px-desktop-core-services - (append %desktop-services-assembly-plain)) +(define %px-desktop-minmal-services + (append %px-desktop-base-minimal-services)) (define %px-desktop-services - (append %desktop-services-assembly)) + (append %px-desktop-base-services)) (define %px-desktop-ee-services ;; TODO: Does not include default desktop - (append (list - (service px-device-identity-service-type) - (service px-user-identity-service-type)) - %desktop-services-assembly)) + (append (list (service px-device-identity-service-type) + (service px-user-identity-service-type)) + %px-desktop-base-services)) ;;; ;;; SERVER -;;; px-server-os services -;;; px-server-ee-os services ;;; (define %px-server-services - (append (list - (service openssh-service-type - (openssh-configuration (permit-root-login 'prohibit-password))) - - (service ntp-service-type) - (service nftables-service-type) - (service dhcp-client-service-type)) - %base-services)) + (append (list (service openssh-service-type + (openssh-configuration (permit-root-login 'prohibit-password))) + (service nftables-service-type)) + %px-core-services)) (define %px-server-ee-services - (append (list - (service px-device-identity-service-type)) - %px-server-services)) + (append (list (service px-device-identity-service-type)) + %px-server-services)) diff --git a/px/services/desktop.scm b/px/services/desktop.scm index 4644edb..b6cbddc 100644 --- a/px/services/desktop.scm +++ b/px/services/desktop.scm @@ -36,7 +36,7 @@ #:use-module (srfi srfi-1) #:use-module (guix utils) #:use-module (ice-9 match) - #:export (px-desktop-configuration + #:export (px-desktop-configuration px-desktop-configuration? polkit-network-manager-service @@ -44,8 +44,9 @@ create-swap-space-service - %desktop-services-assembly - %desktop-services-assembly-plain)) + %px-desktop-base-services + %px-desktop-base-minimal-services + %desktop-services-assembly-plain)) ;; ;; allow netdev group to control network manger @@ -145,20 +146,19 @@ ;; Generic Desktop for Qt, GTP (define* (desktop-services-for-system #:optional (system (or (%current-target-system) (%current-system)))) + + ;; + ;; GUIX DEFAULT + ;; + ;; List of services typically useful for a "desktop" use case. - - ;; Since GDM depends on Rust (gdm -> gnome-shell -> gjs -> mozjs -> rust) - ;; and Rust is currently unavailable on non-x86_64 platforms, default to - ;; SDDM there (FIXME). (cons* (service screen-locker-service-type (screen-locker-configuration (name "xlock") (program (file-append xlockmore "/bin/xlock")))) - ;; Add udev rules for MTP devices so that non-root users can access - ;; them. - (simple-service 'mtp udev-service-type - (list libmtp)) + ;; Add udev rules for MTP devices so that non-root users can access them. + (simple-service 'mtp udev-service-type (list libmtp)) ;; Add udev rules for scanners. (service sane-service-type) ;; Add polkit rules, so that non-root users in the wheel group can @@ -210,7 +210,10 @@ (service pulseaudio-service-type) (service alsa-service-type) - ;; PantherX Specific + ;; + ;; PANTHERX SPECIFIC + ;; + (simple-service 'custom-udev-rules udev-service-type (list libu2f-host)) @@ -256,107 +259,13 @@ %base-services)) -(define-syntax %desktop-services-assembly +(define-syntax %px-desktop-base-services (identifier-syntax (desktop-services-for-system))) -;; Generic Desktop for use with other locker's and DE's; for ex. Sway on Wayland -(define* (desktop-services-for-system-plain #:optional (system (or (%current-target-system) - (%current-system)))) - ;; List of services typically useful for a "desktop" use case. - - ;; Since GDM depends on Rust (gdm -> gnome-shell -> gjs -> mozjs -> rust) - ;; and Rust is currently unavailable on non-x86_64 platforms, default to - ;; SDDM there (FIXME). - (cons* - ;; Add udev rules for MTP devices so that non-root users can access - ;; them. - (simple-service 'mtp udev-service-type - (list libmtp)) - ;; Add udev rules for scanners. - (service sane-service-type) - ;; Add polkit rules, so that non-root users in the wheel group can - ;; perform administrative tasks (similar to "sudo"). - polkit-wheel-service - - ;; Allow desktop users to also mount NTFS and NFS file systems - ;; without root. - (simple-service 'mount-setuid-helpers setuid-program-service-type - (map (lambda (program) - (setuid-program - (program program))) - (list (file-append nfs-utils "/sbin/mount.nfs") - (file-append ntfs-3g "/sbin/mount.ntfs-3g")))) - - ;; The global fontconfig cache directory can sometimes contain - ;; stale entries, possibly referencing fonts that have been GC'd, - ;; so mount it read-only. - fontconfig-file-system-service - - ;; NetworkManager and its applet. - (service network-manager-service-type) - (service wpa-supplicant-service-type) ;needed by NetworkManager - (service modem-manager-service-type) - (service usb-modeswitch-service-type) - - ;; The D-Bus clique. - (service avahi-service-type) - (service udisks-service-type) - (service upower-service-type) - (service accountsservice-service-type) - (service cups-pk-helper-service-type) - (service colord-service-type) - (service geoclue-service-type) - (service polkit-service-type) - (service elogind-service-type) - (service dbus-root-service-type) - - (service ntp-service-type) - - (service x11-socket-directory-service-type) - - (service pulseaudio-service-type) - (service alsa-service-type) - - ;; PantherX Specific - (simple-service 'custom-udev-rules udev-service-type - (list libu2f-host)) - - (ledger-wallet-service) - (nitro-key-service) - (coinkite-service) - - ;; Power savings - (service tlp-service-type) - - ;; Prevent overheating - ;; TLP does not conflict with thermald. - (service thermald-service-type) - - ;; Bluetooth service - ;; (bluetooth-service #:auto-enable? #t) - (service bluetooth-service-type - (bluetooth-configuration (auto-enable? #t))) - - ;; Printing - (service cups-service-type - (cups-configuration (web-interface? #t) - (browsing? #t) - (default-paper-size "a4"))) - - ;; Keychain - (service gnome-keyring-service-type - (gnome-keyring-configuration (pam-services '(("passwd" . passwd) - ("greetd" . login))))) - - ;; SSH is enabled by default but only with SSH key - (service openssh-service-type - (openssh-configuration (permit-root-login 'prohibit-password))) - - ;; Firewall - (service nftables-service-type - (nftables-configuration (ruleset (make-firewall-rules '())))) - - %base-services)) -(define-syntax %desktop-services-assembly-plain - (identifier-syntax (desktop-services-for-system-plain))) +(define %px-desktop-base-minimal-services + (modify-services + %px-desktop-base-services + (delete sddm-service-type) + (delete gnome-keyring-service-type) + (delete openssh-service-type)))
\ No newline at end of file diff --git a/px/services/device.scm b/px/services/device.scm index ac405e5..e00fc4a 100644 --- a/px/services/device.scm +++ b/px/services/device.scm @@ -33,10 +33,7 @@ px-device-runner-service-type px-file-upload-configuration - px-file-upload-service-type - - btuart-configuration - btuart-service-type)) + px-file-upload-service-type)) ;; ;; Device Identity Service @@ -241,56 +238,4 @@ delete_on_success = ~a" px-device-identity tpm2-tss-engine))))) (description - "Service definition to run file upload on intervals"))) - -;; -;; btuart-service-type -;; - -(define-record-type* <btuart-configuration> btuart-configuration - make-btuart-configuration - btuart-configuration? - (package - btuart-configuration-package - (default bluez)) - (device btuart-configuration-device - (default "/dev/ttyAMA0")) - (protocol btuart-configuration-protocol - (default "bcm")) - (baudrate btuart-configuration-baudrate - (default "3000000")) - (flow-control? btuart-configuration-flow-control? - (default #t))) - -(define btuart-shepherd-service - (match-lambda - (($ <btuart-configuration> - package - device - protocol - baudrate - flow-control?) - (list (shepherd-service (documentation - "attach serial lines as Bluetooth HCI interfaces") - (provision '(btuart)) - (requirement '(udev)) - (start #~(make-forkexec-constructor (list #$(file-append - package - "/bin/btattach") - "-B" - #$device - "-P" - #$protocol - "-S" - #$baudrate - (when #$flow-control? - "-N")))) - (one-shot? #t)))))) - -(define btuart-service-type - (service-type (name 'btuart) - (extensions (list (service-extension - shepherd-root-service-type - btuart-shepherd-service))) - (default-value (btuart-configuration)) - (description "Attach serial lines as Bluetooth HCI interfaces"))) + "Service definition to run file upload on intervals")))
\ No newline at end of file diff --git a/px/system/config.scm b/px/system/config.scm index e2c2f30..85a4b1c 100644 --- a/px/system/config.scm +++ b/px/system/config.scm @@ -22,8 +22,8 @@ #:use-module (guix gexp) #:use-module (guix channels) #:use-module (srfi srfi-1) - #:export (px-core-os + #:export (px-core-os px-desktop-os px-desktop-ee-os @@ -34,25 +34,24 @@ %default-pantherx-channel) ;; Re-export for convenience - #:re-export (%px-core-services + #:re-export (%px-core-services + %px-desktop-minmal-services + %px-desktop-services + %px-desktop-ee-services - %px-desktop-core-services - %px-desktop-services - %px-desktop-ee-services + %px-server-services + %px-server-ee-services - %px-server-services - %px-server-ee-services + %px-core-packages - %px-core-packages + %px-desktop-core-packages + %px-desktop-packages-gtk + %px-desktop-packages-qt + %px-desktop-packages + %px-desktop-ee-packages - %px-desktop-core-packages - %px-desktop-packages-gtk - %px-desktop-packages-qt - %px-desktop-packages - %px-desktop-ee-packages - - %px-server-packages - %px-server-ee-packages)) + %px-server-packages + %px-server-ee-packages)) ;;; ;;; PantherX Desktop OS defintions @@ -68,14 +67,13 @@ ;; For use in unattended-upgrade-service-type (define %default-pantherx-channel (channel - (name 'pantherx) - (branch "master") - (url "https://channels.pantherx.org/git/panther.git") - (introduction - (make-channel-introduction - "54b4056ac571611892c743b65f4c47dc298c49da" - (openpgp-fingerprint - "A36A D41E ECC7 A871 1003 5D24 524F EB1A 9D33 C9CB"))))) + (name 'pantherx) + (branch "master") + (url "https://channels.pantherx.org/git/panther.git") + (introduction + (make-channel-introduction "54b4056ac571611892c743b65f4c47dc298c49da" + (openpgp-fingerprint + "A36A D41E ECC7 A871 1003 5D24 524F EB1A 9D33 C9CB"))))) ;;; ;;; CORE @@ -159,4 +157,4 @@ #:authorized-keys authorized-keys #:templates templates #:default-packages %px-server-ee-packages - #:default-services %px-server-ee-services))
\ No newline at end of file + #:default-services %px-server-ee-services)) diff --git a/px/system/os.scm b/px/system/os.scm index 26b5a2b..4383928 100644 --- a/px/system/os.scm +++ b/px/system/os.scm @@ -19,24 +19,22 @@ #:use-module (guix records) #:use-module (ice-9 match) #:use-module (srfi srfi-1) - #:export (make-os + + #:export (make-os os-template os-template-service - ;; used in px system config prepare-packages prepare-services prepare-swap-devices - ;; used in ee repo adjust-bootloader-theme - - ;; This is not used anywhere - ;; %px-artwork-repository - ;; %px-grub-theme - ;; %px-substitute-server-url - ;; %px-substitute-server-key + %px-substitute-server-key + %nonguix-substitute-server-key + %px-substitute-server-key + %nonguix-substitute-server-key + apply-px-substitute-server)) ;;; @@ -262,18 +260,16 @@ return @code{defaule-value} if there is no modification applied." (else (operating-system-firmware config)))) (define %pantherx-default-channels - (append - (list - (channel - (name 'pantherx) - (branch "master") - (url "https://channels.pantherx.org/git/panther.git") - (introduction - (make-channel-introduction - "54b4056ac571611892c743b65f4c47dc298c49da" - (openpgp-fingerprint - "A36A D41E ECC7 A871 1003 5D24 524F EB1A 9D33 C9CB"))))) - %default-channels)) + (append (list (channel + (name 'pantherx) + (branch "master") + (url "https://channels.pantherx.org/git/panther.git") + (introduction + (make-channel-introduction + "54b4056ac571611892c743b65f4c47dc298c49da" + (openpgp-fingerprint + "A36A D41E ECC7 A871 1003 5D24 524F EB1A 9D33 C9CB"))))) + %default-channels)) ;; ;; OS config generation |