1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
|
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWNNXK00OOOOOOOOOOO00KXNNWWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWN0kdlc;,'..... .....',;:ldx0NWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMXxc'. .':xXWMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMW0: cXMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMNKxc,. lNMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMKocoddol:;,... .xWMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMNo. ..',;;;;,'... ,0MMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMO' lNMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMXc .xWMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMWx. ;KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMM0, lNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNl .xWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWx. ,KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMO' cXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMWNXKKXXXO, c0K00KKKXNWMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMNOocll:::::;'. ...........,cxKWMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMKc.';'. .l0kdc;'.. ..,cok0x. ,OWMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMNo..:' .xWMMMWNKOxdolc:;;,,;;:cloxk0XWWMMMX: cNMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMNl .:. 'OMMMMMMMMMMMMMWWWWWWWWMMMMMMMMMMMMNl :XMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMWk..;, 'OWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMX: .dWMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMNo..;, 'lkKNWMMMMMMMMMMMMMMMMMMMMMMMMWX0d;. .cXMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMNd..,;. .';cloxkkO0000000000OOkxdlc;'. .oXMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMW0c..,,'. ........... .:OWMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMW0o,.',,'. .'lONMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMWNOo:,''...... .;lkXWMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMWWXkoc;,,......... .....dKNMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWX0kxoc:;,,'''....... .,:codolddl;oXMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMWNNWMMMMMMMMMMMWWNNXXXXXXXXKl,xNWNKOkkk0Xo,kWNNWMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMWXXWMMMMMMMMMMMMMMMMMMMMMMMMWd;xWXO0OO0NMNo,OMWXXWMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMKOXMMMMMMMMMMMMMMMMMMMMMMMMMMKc;kXNWNWMWXd;oNMMN0KMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMM0kNMMMMMMMMMMMMMMMMMMMMMMMMMMMXd:ldkOOkoc:xNMMMWOOWMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMOdKMMMMMMMMMMMMMMMMMMMMMMMMMMMMWXOdooodx0NMMMMMNxkWMMMMMMMMMMMMMMMMMMMMMMMM
;MMMMMMMMMMMMMMMMMMMMMMMMMXoxNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWkoKMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMW0ldXMMMMMMMMMMMMMMWWNXXWWNXNWWMMMMMMMMMMMMMMNxlOWMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMWKocd0NWMMMMMWNKkoc;'.;dx:.';cok0NWMMMMMWNKxcl0WMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMNOocccllool:,. .;oo:.. .':looollcclONMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWNKkxocc::::cloxOKXNNNKOxdlc:::::codk0NWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWMMMMMMMMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
;;
(use-modules
(gnu)
(guix store)
(guix packages)
(gnu packages finance)
(gnu packages haskell)
(gnu packages pdf)
(gnu packages cran)
(gnu packages kde)
(gnu packages tex)
(gnu packages unicode)
(gnu packages python-build)
(gnu packages glib)
(gnu packages gcc)
(gnu packages
commencement)
(gnu packages haskell-xyz)
(gnu packages kde-pim)
(gnu packages guile-xyz)
(gnu packages python-xyz)
(gnu packages pulseaudio)
(gnu packages texinfo)
(gnu packages cmake)
(gnu packages mpd)
(gnu packages disk)
(gnu packages android)
(gnu packages freedesktop)
(gnu packages gnuzilla)
(gnu packages image)
(gnu packages image-viewers)
(gnu packages messaging)
(gnu packages vim)
(gnu packages gstreamer)
(gnu packages virtualization)
(gnu packages web-browsers)
(gnu services)
(gnu services vpn)
(gnu services dbus)
(gnu services shepherd)
(gnu system shadow)
(gnu services configuration)
(gnu packages build-tools)
(gnu packages admin)
(gnu packages qt)
(gnu packages lxde)
(gnu packages python)
(gnu packages bittorrent)
(gnu packages chromium)
(gnu packages compression)
(gnu packages tor)
(gnu packages ncurses)
(gnu packages web)
(gnu packages fonts)
(gnu packages vpn)
(gnu packages curl)
(gnu packages password-utils)
(gnu packages emacs)
(gnu packages node)
(gnu packages emacs-xyz)
(gnu packages engineering)
(gnu packages fontutils)
(gnu packages gimp)
(gnu packages gnome)
(gnu packages gnome-xyz)
(gnu packages gnupg)
(gnu packages haskell-apps)
(gnu packages imagemagick)
(gnu packages java)
(gnu packages libreoffice)
(gnu packages linux)
(gnu packages package-management)
(gnu packages rsync)
(gnu packages ssh)
(gnu packages telegram)
(gnu packages video)
(gnu packages wm)
(gnu packages benchmark)
(gnu packages xdisorg)
(gnu packages xorg)
(gnu home services gnupg)
(gnu home services xdg)
(gnu packages terminals)
(gnu packages music)
(gnu packages compton)
(gnu packages version-control)
(gnu packages lxqt)
(gnu packages file-systems)
(gnu packages lisp)
(gnu packages networking)
(gnu home services gnupg)
(gnu home services xdg)
(gnu packages security-token)
(gnu packages tls)
(gnu packages graphics)
(nongnu packages compression)
(nongnu packages clojure)
(nongnu packages linux)
(nongnu system linux-initrd))
(use-service-modules base cups desktop networking ssh xorg linux virtualization)
(use-package-modules linux )
(define my-kernel linux-6.7)
(define-public bitmask-service-type
(service-type
(name 'bitmask)
(description "Setup the @uref{https://bitmask.net, Bitmask} VPN
application.")
(default-value bitmask)
(extensions
(list
;; To configure polkit policy of bitmask.
(service-extension polkit-service-type list)
;; To add bitmask to the system profile.
(service-extension profile-service-type list)))))
(operating-system
(kernel my-kernel)
(initrd microcode-initrd)
(firmware (list linux-firmware))
(locale "en_US.utf8")
(timezone "America/Sao_Paulo")
(keyboard-layout (keyboard-layout "br"))
(host-name "lisp")
;; The list of user accounts ('root' is implicit).
(users (cons* (user-account
(name "berkeley")
(comment "Berkeley")
(group "users")
(home-directory "/home/berkeley")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
%base-user-accounts))
;; Packages installed system-wide. Users can also install packages
;; under their own account: use 'guix search KEYWORD' to search
;; for packages and 'guix install PACKAGE' to install a package.
(packages (append (list
;emacs-org-roam
;emacs-org-roam-ui
polybar
gstreamer
gst-plugins-bad
gst-plugins-good
nyxt
cmus
xdg-utils
curl
gthumb
mangohud
qtsolutions
glances
zstd
mpv
kitty
maim
procps
scrot
mupdf
zathura
matterbridge
texlive-scheme-basic
texlive-listings
texmaker
texlive-pgf
texlive-beamer
texlive-hyperref
alacritty
wipe
imagemagick
unzip
compton
p7zip
gedit
htop
netdiscover
fping
gparted
texstudio
texlive-bibtex
bcachefs-tools
whois
python-pip
setxkbmap
xfe
;;clamav
libbluray
libaacs
libbdplus
vim
neovim
;emacs-telega
cmake
neofetch
kleopatra
krita
flatpak
pfetch
icecat
hashcat
haunt
openssl
flameshot
openshot
obs
ffmpeg
lm-sensors
vlc
virt-manager
guix
nsxiv
git
inxi
tor
monero-gui
; emacs-org-roam
torsocks
tor-client
privoxy
terminator
openvpn
pavucontrol
pavucontrol-qt
emacs
keepassxc
wireshark
tcpdump
nmap
firejail
bitmask
;;
xf86-video-amdgpu
asciinema
alsa-lib
alsa-utils
binutils
dbus
xset
lxrandr
dosfstools
elogind
qtox
exfat-utils
exfatprogs
fuse-exfat
gnupg
libinput
texinfo
xf86-input-keyboard
xf86-input-libinput
xf86-input-mouse
xf86-input-synaptics
;;emacs-org-timeblock
xrandr
ungoogled-chromium
qbittorrent
macchanger
;guile
;emacs-geiser
;emacs-geiser-guile
fontconfig
picom
mpd
brightnessctl
feh
gimp
fzf
xmodmap
rofi
coreutils
qemu
xwininfo
xprop
xpra
libfido2
grep
iptables
node
jq
python
sed
nomacs
meson
ncurses
;; lots of fonts from package fonts.scm
font-adobe-source-code-pro font-adobe-source-han-sans
font-adobe-source-sans-pro font-adobe-source-serif-pro
font-anonymous-pro font-anonymous-pro-minus font-awesome
font-cns11643 font-cns11643-swjz font-comic-neue font-culmus
font-dejavu font-dosis font-dseg font-fantasque-sans font-fira-code
font-fira-mono font-fira-sans font-fontna-yasashisa-antique
font-google-material-design-icons font-google-noto font-google-roboto
font-hack font-hermit font-ibm-plex font-inconsolata font-iosevka
font-iosevka-aile font-iosevka-etoile font-iosevka-slab
font-iosevka-term font-iosevka-term-slab
font-ipa-mj-mincho font-jetbrains-mono font-lato font-liberation
font-linuxlibertine font-lohit font-meera-inimai font-mononoki
font-mplus-testflight
font-public-sans font-rachana font-sarasa-gothic font-sil-andika
font-sil-charis font-sil-gentium font-tamzen font-terminus
font-tex-gyre font-un font-vazir font-wqy-microhei
font-wqy-zenhei
python-emoji
ghc-emojis
ghc
xmessage
xrdb
xmonad
sysbench
xmobar
ghc
ghc-xmonad-contrib
gcc
gcc-toolchain
linux-libre-headers
yt-dlp
rofi
texlive-emoji
emacs-emojify
texlive-twemoji-colr
texlive-noto-emoji
texlive-hwemoji
texlive-byo-twemojis
unicode-emoji
texlive-twemojis
texlive-emojicite
;;rust-unic-emoji-char
r-emojifont
font-google-noto-emoji
;; font-apple-color-emoji
emacs-company-emoji
font-openmoji
vim-characterize
texlive-lua-uni-algos
texlive-pwebmac
texlive-olsak-misc
texlive-pdfoverlay
texlive-texosquery
texlive-pdfx
texlive-pdfprivacy
texlive-pdfcomment
texlive-iftex
texlive-tex
texlive-montex
texlive-pdfescape
texlive-texdef
texlive-pdfpages
extractpdfmark
texlive-csplain
poppler-qt5
poppler
texlive-pdf14
texlive-thumbpdf
texlive-pax
texlive-etex
texlive-axodraw2
texlive-repltext
texlive-luatex
texlive-hyperref
texlive-xetex
texlive-pdftexcmds
texlive-epstopdf
texlive-epsf-dvipdfmx
texlive-dvipdfmx
texlive-texsurgery
texlive-ptex2pdf
texlive-jadetex
texlive-texlogfilter
texlive-svg-inkscape
texlive-purifyeps
texlive-navigator
texlive-latex-uni8
texlive-biblatex
texlive-latex-make
texlive-pgf
texlive-pdftricks
texlive-pdflatexpicscale
texlive-pdfmanagement-testphase
texlive-pdflatexpicscale
texlive-pdfextra
texlive-tagpdf
texlive-pdfreview
texlive-pdfmsym
texlive-mptopdf
texlive-inter
texlive-pdftex-quiet
texlive-pdftex
texlive-knuth-pdf
texlive-xmltexconfig
texlive-pdfjam
texlive-luatex85
texlive-grayhints
texlive-fig4latex
texlive-tpic2pdftex
texlive-pst2pdf
texlive-pdfslide
texlive-minim-pdf
texlive-hvextern
texlive-flippdf
texlive-combinedgraphics
texlive-autopdf
texlive-xetex-pstricks
texlive-texonly
texlive-scikgtex
texlive-pdfsync
texlive-mathastext
texlive-luainputenc
texlive-pdfcomment
texlive-pdfprivacy
texlive-pdfoverlay
texlive-pdfpages
texlive-latexmk
texlive-hyperxmp
texlive-datetime2-en-fulltext
texlive-commonunicode
texlive-pict2e
texlive-intopdf
texlive-filemod
texlive-textcsc
texlive-texpower
texlive-texdoc
texlive-pst-pdf
texlive-pdfpc-movie
texlive-pdfmarginpar
texlive-pdfbook2
texlive-pdf-trans
texlive-lobster2
texlive-hitex
texlive-epstopdf-pkg
texlive-epspdfconversion
texlive-collection-luatex
texlive-bxpdfver
texlive-asmeconf
texlive-synctex
texlive-pdfcolmk
texlive-pdfcolfoot
texlive-lapdf
texlive-fixpdfmag
python-pdfminer-six
texlive-zhmetrics-uptex
texlive-xpdfopen
texlive-xcpdftips
texlive-quattrocento
texlive-pdfxup
texlive-pdfpc
texlive-pdfarticle
texlive-oswald
texlive-nunito
texlive-magra
texlive-librebaskerville
texlive-l3experimental
texlive-knuth-hint
texlive-forum
texlive-epspdf
texlive-dickimaw
texlive-convbkmk
texlive-changebar
texlive-cascadia-code
texlive-cabin
texlive-bitter
texlive-auto-pst-pdf-lua
texlive-arvo
texlive-archivo
texlive-sanitize-umlaut
texlive-protex
texlive-pdftricks2
texlive-pdflscape
texlive-ocg-p
texlive-minim-xmp
texlive-gregoriotex
texlive-docshots
emacs-latex-preview-pane
;;rust-deunicode
nheko
;; lots of fonts from package xorg.scm
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
font-misc-misc font-mutt-misc font-schumacher-misc
font-screen-cyrillic font-sony-misc font-sun-misc font-util
font-winitzki-cyrillic font-xfree86-type1
sbcl-stumpwm-swm-gaps
sbcl-stumpwm-pamixer
sbcl-stumpwm-screenshot
sbcl-stumpwm-disk
sbcl-stumpwm-ttf-fonts
stumpwm `(,stumpwm "lib")
sbcl-stumpwm-mem
sbcl-stumpwm-cpu
sbcl-stumpwm-net
;emacs-stumpwm-mode
stumpish
youtube-dl
linux-firmware
(specification->package "i3-wm")
(specification->package "i3status")
(specification->package "dmenu")
(specification->package "st")
(specification->package "emacs")
(specification->package "emacs-exwm")
(specification->package
"emacs-desktop-environment")
(specification->package "nss-certs"))
%base-packages))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
;;(home-environment (packages (cons* anki ))) ;; figure out how to install it from here
;;(home-environment (packages (cons* anki ))) ;; figure out how to install it from here
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
;-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
;-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
;-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
;-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
;-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
COMMIT
"))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT DROP
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
COMMIT
"))))
(service tor-service-type
(tor-configuration
(config-file (plain-file "tor-config"
"HttpTunnelPort 9050"
; "VirtualAddrNetwork 10.192.0.0/10
; AutomapHostsOnResolve 1
; TransPort 9040
; DNSPort 53
; SOCKSPort 0
; ORPort 443
; BridgeRelay 1
; ExitRelay 0"
))))
(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")
(tls-port "16555")))
(service zram-device-service-type
(zram-device-configuration
(size (* 2 (expt 2 30)))
(compression-algorithm 'zstd)
(priority 100)))
(set-xorg-configuration
(xorg-configuration
(keyboard-layout keyboard-layout))))
%desktop-services))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/nvme0n1"))
(keyboard-layout keyboard-layout)))
(swap-devices (list (swap-space
(priority 50)
(target (uuid
"85b7b3d8-657a-443c-b010-52d224bc4483")))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "02E2-0AB2"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device (uuid
"38467002-a282-4387-8319-cff6d93cd23b"
'ext4))
(type "ext4"))
(file-system
(mount-point "/files")
(device (uuid
"7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886"
'ext4))
(type "ext4"))
(file-system
(mount-point "/virt")
(device (uuid
"9d009d01-d635-4d56-987a-ffc2699da9fb"
'ext4))
(type "ext4"))
%base-file-systems)))
|
