summaryrefslogtreecommitdiff
path: root/px/services/desktop.scm
diff options
context:
space:
mode:
Diffstat (limited to 'px/services/desktop.scm')
-rw-r--r--px/services/desktop.scm277
1 files changed, 0 insertions, 277 deletions
diff --git a/px/services/desktop.scm b/px/services/desktop.scm
deleted file mode 100644
index 079c49b..0000000
--- a/px/services/desktop.scm
+++ /dev/null
@@ -1,277 +0,0 @@
-;;; Package Repository for GNU Guix
-;;; Copyright © 2021-2023 Reza Alizadeh Majd <r.majd@pantherx.org>
-;;; Copyright © 2021-2025 Franz Geffke <m@f-a.nz>
-
-(define-module (px services desktop)
- #:use-module (gnu packages admin)
- #:use-module (gnu packages base)
- #:use-module (gnu packages linux)
- #:use-module (gnu packages xdisorg)
- #:use-module (gnu packages libusb)
- #:use-module (gnu packages nfs)
- #:use-module (gnu services)
- #:use-module (gnu services avahi)
- #:use-module (gnu services base)
- #:use-module (gnu services cups)
- #:use-module (gnu services dbus)
- #:use-module (gnu services desktop)
- #:use-module (gnu packages gnome)
- #:use-module (gnu packages lxqt)
- #:use-module (gnu packages security-token)
- #:use-module (gnu services networking)
- #:use-module (gnu services shepherd)
- #:use-module (gnu services sddm)
- #:use-module (gnu services ssh)
- #:use-module (gnu services xorg)
- #:use-module (gnu services sound)
- #:use-module (gnu services pm)
- #:use-module (gnu system)
- #:use-module (gnu system setuid)
- #:use-module (guix build utils)
- #:use-module (guix gexp)
- #:use-module (guix packages)
- #:use-module (guix records)
- #:use-module (px packages desktop)
- #:use-module (px services security-token)
- #:use-module (srfi srfi-1)
- #:use-module (guix utils)
- #:use-module (ice-9 match)
- #:export (px-desktop-configuration
- px-desktop-configuration?
-
- polkit-network-manager-service
- polkit-elogind-service
-
- create-swap-space-service
-
- %px-desktop-base-services
- %px-desktop-base-minimal-services
- %desktop-services-assembly-plain))
-
-;;
-;; allow netdev group to control network manger
-;;
-
-(define polkit-network-manager
- (file-union "polkit-nm"
- `(("share/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules" ,
- (plain-file "nm.rules"
- "polkit.addRule(function(action, subject) {
- if (action.id.indexOf(\"org.freedesktop.NetworkManager.\") == 0 && subject.isInGroup(\"netdev\")) {
- return polkit.Result.YES;
- }
-});
-")))))
-
-;; primarily for ARM
-
-(define polkit-network-manager-service
- (simple-service 'polkit-nm polkit-service-type
- (list polkit-network-manager)))
-
-;;
-;; Allow users group to perform reboot/poweroff
-;; primarily for ARM
-;;
-
-(define polkit-loginctl
- (file-union "polkit-loginctl"
- `(("share/polkit-1/rules.d/10-enable-session-power.rules" ,(plain-file
- "login.rules"
- "polkit.addRule(function(action, subject) {
- if ( (action.id == \"org.freedesktop.login1.reboot\" ||
- action.id == \"org.freedesktop.login1.reboot-multiple-sessions\" ||
- action.id == \"org.freedesktop.login1.power-off\" ||
- action.id == \"org.freedesktop.login1.power-off-multiple-sessions\")
- && subject.isInGroup(\"users\") ) {
- return polkit.Result.YES;
- }
-});
-")))))
-
-(define polkit-elogind-service
- (simple-service 'polkit-login polkit-service-type
- (list polkit-loginctl)))
-
-(define (make-firewall-rules open-ports)
-
- (define (make-port-rules open-ports status)
- "Generate list of strings each is a port/service rule for nftables"
- (reduce-right append
- '()
- (map (match-lambda
- ((protocol ports ...)
- (map (lambda (port)
- (string-append " "
- protocol
- " dport "
- port
- " "
- status)) ports))) open-ports)))
-
- (let ((port-rules (make-port-rules open-ports "accept")))
- (plain-file "nftables"
- (string-append "#PantherX firewall rules\n"
- "table inet filter {\n"
- " chain input {\n"
- " type filter hook input priority 0; policy drop;
-"
- " # early drop of invalid connections\n"
- " ct state invalid drop\n"
- " # allow established/related connections
-"
- " ct state { established, related } accept
-"
- " # allow from loopback\n"
- " iifname lo accept\n"
- " # allow icmp\n"
- " ip protocol icmp accept\n"
- " ip6 nexthdr icmpv6 accept\n"
- (string-join port-rules "\n"
- 'suffix)
- " # reject everything else\n"
- " reject with icmpx type port-unreachable
-"
- " }\n"
- " chain forward {\n"
- " type filter hook forward priority 0; policy drop;
-"
- " }\n"
- " chain output {\n"
- " type filter hook output priority 0; policy accept;
-"
- " }\n"
- "}\n"))))
-
-;; Generic Desktop for Qt, GTP
-(define* (desktop-services-for-system #:optional (system (or (%current-target-system)
- (%current-system))))
-
- ;;
- ;; GUIX DEFAULT
- ;;
-
- ;; List of services typically useful for a "desktop" use case.
- (cons* (service screen-locker-service-type
- (screen-locker-configuration (name "xlock")
- (program (file-append xlockmore
- "/bin/xlock"))))
-
- ;; Add udev rules for MTP devices so that non-root users can access them.
- (simple-service 'mtp udev-service-type (list libmtp))
- ;; Add udev rules for scanners.
- (service sane-service-type)
- ;; Add polkit rules, so that non-root users in the wheel group can
- ;; perform administrative tasks (similar to "sudo").
- polkit-wheel-service
-
- ;; Allow desktop users to also mount NTFS and NFS file systems
- ;; without root.
- (simple-service 'mount-setuid-helpers privileged-program-service-type
- (map file-like->setuid-program
- (list (file-append nfs-utils "/sbin/mount.nfs")
- (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
-
- ;; This is a volatile read-write file system mounted at /var/lib/gdm,
- ;; to avoid GDM stale cache and permission issues.
- gdm-file-system-service
-
- ;; The global fontconfig cache directory can sometimes contain
- ;; stale entries, possibly referencing fonts that have been GC'd,
- ;; so mount it read-only.
- fontconfig-file-system-service
-
- ;; NetworkManager and its applet.
- (service network-manager-service-type)
- (service wpa-supplicant-service-type) ;needed by NetworkManager
- (simple-service 'network-manager-applet profile-service-type
- (list network-manager-applet))
- (service modem-manager-service-type)
- (service usb-modeswitch-service-type)
-
- ;; The D-Bus clique.
- (service avahi-service-type)
- (service udisks-service-type)
- (service upower-service-type)
- (service accountsservice-service-type)
- (service cups-pk-helper-service-type)
- (service colord-service-type)
- (service geoclue-service-type)
- (service polkit-service-type)
- (service elogind-service-type)
- (service dbus-root-service-type)
-
- (service ntp-service-type)
-
- (service x11-socket-directory-service-type)
-
- (service pulseaudio-service-type)
- (service alsa-service-type)
-
- ;;
- ;; PANTHERX SPECIFIC
- ;;
-
- (simple-service 'custom-udev-rules udev-service-type
- (list libu2f-host))
-
- ;; Adding plugdev group once should suffice
- (udev-rules-service 'nitro %nitro-key-udev-rule #:groups '("plugdev"))
- ;; Using the rules from libfido2 package
- (udev-rules-service 'fido2 libfido2)
- (udev-rules-service 'yubikey yubikey-personalization)
- (udev-rules-service 'coinkite %coinkite-udev-rule)
-
- ;; Power savings
- (service tlp-service-type)
-
- ;; Bluetooth service
- ;; (bluetooth-service #:auto-enable? #t)
- (service bluetooth-service-type
- (bluetooth-configuration (auto-enable? #t)))
-
- ;; Prevent overheating
- ;; TLP does not conflict with thermald.
- (service thermald-service-type)
-
- ;; Display manager
- (service sddm-service-type
- (sddm-configuration (minimum-uid 1000)
- (theme "px-sddm-theme")))
-
- ;; Printing
- (service cups-service-type
- (cups-configuration (web-interface? #t)
- (browsing? #t)
- (default-paper-size "a4")))
-
- ;; Keychain
- (service gnome-keyring-service-type
- (gnome-keyring-configuration (pam-services '(("passwd" . passwd)
- ("sddm" . login)))))
-
- ;; SSH is enabled by default but only with SSH key
- (service openssh-service-type
- (openssh-configuration (permit-root-login 'prohibit-password)))
-
- ;; Firewall
- (service nftables-service-type
- (nftables-configuration (ruleset (make-firewall-rules '()))))
-
- %base-services))
-
-(define-syntax %px-desktop-base-services
- (identifier-syntax (desktop-services-for-system)))
-
-
-(define %px-desktop-base-minimal-services
- (modify-services
- %px-desktop-base-services
- (delete login-service-type)
- (delete agetty-service-type)
- (delete mingetty-service-type)
- (delete pulseaudio-service-type)
- (delete alsa-service-type)
- (delete sddm-service-type)
- (delete gnome-keyring-service-type)
- (delete openssh-service-type))) \ No newline at end of file
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-04 17:25:14 +0000