Configuration of my Guix System, commented
I’ve tweaked my Guix config for 18 months and now I’m mostly happy with it. I’m sharing it, because it contains a few hacks I direly needed. I hope they are helpful to you.
This is the full config of the base system. All users can have their own installed packages on top of these or replacing these.
See Guix Work for settings I use to turn this system into a production machine for programming.
Replace SHARED by your shared family account, and MYSELF by your name.
(use-modules (gnu) (gnu system nss) (gnu system pam) (rnrs lists) (gnu services databases)) (use-service-modules desktop networking ssh xorg mcron cups sysctl virtualization sound) (use-package-modules android bootloaders ccache certs cups databases emacs emacs-xyz fonts geo ghostscript gnome gnupg guile guile-xyz linux nano ntp python python-xyz ratpoison scanner screen ssh suckless tex version-control vim wm xfce xorg gnuzilla) ;; setup custom sudo rules so some clearly specified commands can be ;; run without password, ALWAYS use absolute filenames here! To ;; continue working when I install a tool as user, I setup sudo-rules ;; for both the system-tools and my user-tools. (define %sudoers-specification (plain-file "sudoers" "\ root ALL=(ALL) ALL %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/cpupower %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/mount --bind /run/user/1000/intellij/caches /home/MYSELF/.IntelliJIdea2019.3/system/caches %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/mount --bind /run/user/1000/intellij/index /home/MYSELF/.IntelliJIdea2019.3/system/index %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/umount /home/MYSELF/.IntelliJIdea2019.3/system/caches %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/umount /home/MYSELF/.IntelliJIdea2019.3/system/index %wheel ALL=(ALL) NOPASSWD: /run/current-system/profile/bin/umount %wheel ALL=(ALL) NOPASSWD: /home/MYSELF/.guix-profile/bin/mount --bind /run/user/1000/intellij/caches /home/MYSELF/.IntelliJIdea2019.3/system/caches %wheel ALL=(ALL) NOPASSWD: /home/MYSELF/.guix-profile/bin/mount --bind /run/user/1000/intellij/index /home/MYSELF/.IntelliJIdea2019.3/system/index %wheel ALL=(ALL) NOPASSWD: /home/MYSELF/.guix-profile/bin/umount /home/MYSELF/.IntelliJIdea2019.3/system/caches %wheel ALL=(ALL) NOPASSWD: /home/MYSELF/.guix-profile/bin/umount /home/MYSELF/.IntelliJIdea2019.3/system/index %wheel ALL=(ALL) NOPASSWD: /home/MYSELF/.guix-profile/bin/umount ")) ;; cron format: minute hour day-of-month month day-of-week ;; TODO: migrate crons to clearer syntax: #~(job '(next-hour '(3)) (string-append #$btrfs-progs "/bin/btrfs scrub start -c 3 /"))) (define cpupower-powersave-job ;; Set the governor to powersave every minute, except for the time ;; between 3 and 5 to permit rebuilding. This reduces my ;; power-consumption from 120W to 30W. #~(job "* 0-2,5-23 * * *" ;Vixie cron syntax "cpupower frequency-set -g powersave -u 1200000")) ;; use powersave governor with a maximum frequency of 1200MHz (define lift-nofile-limit-job ;; Lift the maximum open files restriction for all processes every 30 minutes #~(job "0-59/30 * * * *" ;Vixie cron syntax "for i in $(pgrep .); do sudo prlimit --pid $i --nofile=1000000:1000000; done")) (define renice-guix-daemon-job ;; renice guix-daemon to prevent competing with work #~(job "* 7 * * *" "sleep 300; pgrep guix-daemon | xargs renice -n 10")) (define guix-reconfigure-job ;; gc (remove packages older than 2 months, keep at least 500G free), pull and update every day at 03:05 #~(job "5 3 * * *" ;Vixie cron syntax "guix gc --optimize -d 2m && guix gc -F 500G && guix pull && guix system reconfigure -k /etc/config.scm")) (define guix-release-throttle-job ;; release CPU throttle at 3:00, just before guix reconfigure starts #~(job "0 3 * * *" ;Vixie cron syntax "cpupower frequency-set -g powersave -u 6000000")) (define arnebab-org-publish-job ;; gc (publish my website every day at 02:00 #~(job "* 2 * * *" ;Vixie cron syntax "su - MYSELF bash -c 'cd ~/Schreibtisch/arnebab-org && make && hg push sr.ht && hg push'")) (operating-system (host-name "fluss") (timezone "Europe/Berlin") (locale "de_DE.utf8") (sudoers-file %sudoers-specification) (hosts-file ;; Create a /etc/hosts file with aliases for "localhost" ;; and "mymachine", as well as for Facebook servers. (plain-file "hosts" (string-append (local-host-aliases host-name) ;; block facebook, just ;; because I can %facebook-host-aliases " # prevent connection to repo.maven.apache.org to avoid leaking build information 127.0.0.1 repo.maven.apache.org\n"))) (keyboard-layout (keyboard-layout "de")) ;keyboard-layout for the console ;; Use the UEFI variant of GRUB with the EFI System ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (target "/boot/efi") (keyboard-layout keyboard-layout))) ;; for grub ;; Assume the target root file system is labelled "my-root", ;; and the EFI System Partition has UUID 1234-ABCD. (file-systems (append (list (file-system (device (file-system-label "wurzel")) (mount-point "/") (type "ext4")) (file-system (device (uuid "D632-E42D" 'fat)) (mount-point "/boot/efi") (type "vfat")) (file-system (device (file-system-label "stamm")) (mount-point "/home") (type "ext4")) (file-system (device (file-system-label "blattwerk")) (mount-point "/mnt/blattwerk") (type "ext4")) (file-system (device (file-system-label "schatten")) (mount-point "/mnt/schatten") (type "ext4")) ;; does not work: ;; (file-system ;; (device "none") ;; (mount-point "/run/user/1000") ;; (type "tmpfs") ;; (options "defaults,size=8G")) ) %base-file-systems)) (swap-devices (list "/swapfiles/swapfile1" ;; swapfile2 is for interactive emergency use in ;; case I run OOM, for example when working ;; while chromium is being built "/swapfiles/swapfile3" "/swapfiles/swapfile4")) (users (append (list (user-account (name "SHARED") (comment "OUR_NAME") (group "users") (supplementary-groups '("netdev" "audio" "video" "lpadmin" "kvm" "lp" "cdrom" "disk" "scanner" "adbusers")) (home-directory "/home/SHARED")) (user-account (name "MYSELF") (comment "ME_AND_MYSELF") (group "users") (supplementary-groups '("wheel" "netdev" "audio" "video" "lpadmin" "kvm" "fuse" "lp" "cdrom" "disk" "scanner" "adbusers")) (home-directory "/home/MYSELF")) ) %base-user-accounts)) (groups (append (list (user-group (name "fuse")) (user-group (name "cdrom")) (user-group (name "scanner")) (user-group (name "adbusers"))) %base-groups)) ;; Setup installed packages in the base-system (available to all users) (packages (append (list xfce ;fallback window manager nss-certs ;for HTTPS access nano emacs emacs-guix guile-wisp mercurial ;because that should always be at hand vim ;some tools expect it to be there gvfs ;for user mounts openssh ;so that gnome ssh access works gpgme ;for the symlink from /usr/bin/gpgme-json cpupower ;for the cpu throttle cron jobs cups foomatic-filters hplip sane-backends ijs ghostscript ;print and scan ntp openntpd python-dbus fuse ccache ;speed up compiles on fast disks postgresql ;; had to be be installed in the system for the postgres service ;; lots of fonts from package fonts.scm font-adobe-source-code-pro font-adobe-source-han-sans font-adobe-source-sans-pro font-adobe-source-serif-pro font-anonymous-pro font-anonymous-pro-minus font-awesome font-bitstream-vera font-blackfoundry-inria font-cantarell font-cns11643 font-cns11643-swjz font-comic-neue font-culmus font-dejavu font-dosis font-dseg font-fantasque-sans font-fira-code font-fira-mono font-fira-sans font-fontna-yasashisa-antique font-gnu-freefont font-gnu-freefont-ttf font-gnu-unifont font-go font-google-material-design-icons font-google-noto font-google-roboto font-hack font-hermit font-ibm-plex font-inconsolata font-iosevka font-iosevka-aile font-iosevka-etoile font-iosevka-slab font-iosevka-sparkle font-iosevka-term font-iosevka-term-slab font-ipa-mj-mincho font-jetbrains-mono font-lato font-liberation font-linuxlibertine font-lohit font-meera-inimai font-mononoki font-mplus-testflight font-open-dyslexic font-opendyslexic font-public-sans font-rachana font-sarasa-gothic font-sil-andika font-sil-charis font-sil-gentium font-tamzen font-terminus font-tex-gyre font-ubuntu font-un font-vazir font-wqy-microhei font-wqy-zenhei ;; lots of fonts from package xorg.scm font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic font-misc-misc font-mutt-misc font-schumacher-misc font-screen-cyrillic font-sony-misc font-sun-misc font-util font-winitzki-cyrillic font-xfree86-type1 ) %base-packages)) ;; Setup services (services (append (list ; login to temporary hurd-vm via sudo herd start childhurd && ssh root@localhost -p 10022 (service hurd-vm-service-type (hurd-vm-configuration (disk-size (* 5000 (expt 2 20))) ;5G (memory-size 1024))) ;1024MiB (pam-limits-service (list ;; release all max open files limits (pam-limits-entry "*" 'hard 'nofile 250000) (pam-limits-entry "*" 'soft 'nofile 250000) (pam-limits-entry "MYSELF" 'hard 'nofile 250000) (pam-limits-entry "MYSELF" 'soft 'nofile 250000))) (service gnome-desktop-service-type) (dropbear-service (dropbear-configuration (port-number 22))) (service mcron-service-type (mcron-configuration (jobs (list cpupower-powersave-job lift-nofile-limit-job renice-guix-daemon-job guix-reconfigure-job guix-release-throttle-job arnebab-org-publish-job)))) ;; TODO: add /usr/bin/env ;; (service special-files-service-type ;; `(("/usr/bin/env" ,(file-append (canonical-package coreutils) "/bin/env")))) (service cups-service-type (cups-configuration (web-interface? #t) (extensions (list cups-filters hplip)))) (set-xorg-configuration (xorg-configuration ;set keyboard-layout for Xorg (keyboard-layout keyboard-layout))) (postgresql-service #:extension-packages (list postgis)) (simple-service 'custom-udev-rules udev-service-type (list sane-backends android-udev-rules))) (modify-services %desktop-services (ntp-service-type config => (ntp-configuration (allow-large-adjustment? #t))) (alsa-service-type config => ;disable routing alsa over pulse, because that broke audacity. (alsa-configuration (pulseaudio? #f))) (sysctl-service-type config => (sysctl-configuration (settings (append '(("fs.file-max" . "500000") ("fs.inotify.max_user_watches" . "524288")) %default-sysctl-settings))))))) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss))