From 1be57265103e717f60c716de08e26c9f12216cf6 Mon Sep 17 00:00:00 2001 From: Hilton Chain Date: Sat, 26 Nov 2022 10:56:57 +0800 Subject: [PATCH] Add common variables shared across my configurations. * rosenthal/utils/counter-stop.scm: New file. --- rosenthal/utils/counter-stop.scm | 156 +++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 rosenthal/utils/counter-stop.scm diff --git a/rosenthal/utils/counter-stop.scm b/rosenthal/utils/counter-stop.scm new file mode 100644 index 0000000..0c1a431 --- /dev/null +++ b/rosenthal/utils/counter-stop.scm @@ -0,0 +1,156 @@ +;; SPDX-FileCopyrightText: 2022 Hilton Chain +;; +;; SPDX-License-Identifier: GPL-3.0-or-later + +(define-module (rosenthal utils counter-stop) + #:use-module (srfi srfi-1) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (gnu packages) + #:use-module (gnu packages admin) + #:use-module (gnu packages bash) + #:use-module (gnu packages certs) + #:use-module (gnu packages compression) + #:use-module (gnu packages curl) + #:use-module (gnu packages less) + #:use-module (gnu packages linux) + #:use-module (gnu packages nano) + #:use-module (gnu packages nvi) + #:use-module (gnu packages texinfo) + #:use-module (gnu packages text-editors) + #:use-module (gnu services) + #:use-module (gnu services base) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services sysctl) + #:use-module (gnu system) + #:use-module (gnu system accounts) + #:use-module (gnu system file-systems) + #:use-module (gnu system keyboard) + #:use-module (gnu system shadow) + #:use-module (rosenthal utils kicksecure) + #:export (%guix-authorized-key-nonguix + %guix-authorized-key-tobias + + normalize-package + + %xdg-base-directory-environment-variables + + %rosenthal-default-kernel-arguments + %rosenthal-default-keyboard-layout + %rosenthal-base-initrd-modules + %rosenthal-base-file-systems + %rosenthal-base-packages + %rosenthal-base-services)) + +;; Common procedures and variables shared across my home environment and +;; operating system definitions. + +;; Keys +;; https://substitutes.nonguix.org/signing-key.pub +(define %guix-authorized-key-nonguix + (plain-file "nonguix.pub" " +(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) + +;; https://guix.tobias.gr/signing-key.pub +(define %guix-authorized-key-tobias + (plain-file "tobias.pub" " +(public-key + (ecc + (curve Ed25519) + (q #E21911E159DB6D031A763509A255B054360A4A96F5668CBBAC48052E67D274D3#)))")) + +;; Procedures +(define (normalize-package pkg) + (if (package? pkg) + `(,pkg "out") + pkg)) + +;; Variables +;; Source: +(define %xdg-base-directory-environment-variables + '(;; XDG Cache Home + ("LESSHISTFILE" . "$XDG_CACHE_HOME/.lesshst") + + ;; XDG Config Home + ("AWS_CONFIG_FILE" . "$XDG_CONFIG_HOME/aws/config") + ("AWS_SHARED_CREDENTIALS_FILE" . "$XDG_CONFIG_HOME/aws/credentials") + ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") + ("MBSYNCRC" . "$XDG_CONFIG_HOME/isync/mbsyncrc") + ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") + ("WAKATIME_HOME" . "$XDG_CONFIG_HOME/wakatime") + ("WGETRC" . "$XDG_CONFIG_HOME/wgetrc") + + ;; XDG Data Home + ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") + ("GDBHISTFILE" . "$XDG_DATA_HOME/gdb/history") + ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") + ("GOPATH" . "$XDG_DATA_HOME/go") + ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/pass"))) + +(define %rosenthal-default-kernel-arguments + `(,@(delete "nosmt=force" + %kicksecure-kernel-arguments) + "net.ifnames=0" + "nmi_watchdog=0")) + +(define %rosenthal-default-keyboard-layout + (keyboard-layout "us" "dvorak" + #:options '("ctrl:nocaps"))) + +(define %rosenthal-base-initrd-modules + '("btrfs" "xxhash_generic")) + +(define %rosenthal-base-file-systems + (delete %debug-file-system + %base-file-systems)) + +(define %rosenthal-base-packages + (let ((to-add (list curl + nss-certs + unzip + zstd)) + (to-remove (list bash-completion + info-reader + less + mg + nano + nvi + inetutils + isc-dhcp + iw + wireless-tools))) + (append to-add (lset-difference eqv? %base-packages to-remove)))) + +(define %rosenthal-base-services + (cons* (service nftables-service-type) + + (service openssh-service-type + (openssh-configuration + (permit-root-login 'prohibit-password))) + + (modify-services %base-services + (sysctl-service-type + config => (sysctl-configuration + (inherit config) + (settings `(,@%kicksecure-sysctl-rules + ("net.core.rmem_max" . "2500000") + ("net.ipv4.tcp_sack" . "0") + ("net.ipv4.tcp_dsack" . "0") + ("net.ipv4.tcp_fack" . "0") + ("vm.page-cluster" . "0") + ("vm.swappiness" . "90"))))) + (guix-service-type + config => (guix-configuration + (inherit config) + (substitute-urls + (cons* "https://nonguix.org" + "https://guix.tobias.gr" + %default-substitute-urls)) + (authorized-keys + (cons* %guix-authorized-key-nonguix + %guix-authorized-key-tobias + %default-authorized-guix-keys)))))))