-;; This is an operating system configuration template
-;; for a "desktop" setup with X11.
-
-(use-modules (gnu) (gnu system nss))
-(use-service-modules desktop)
-(use-package-modules xfce ratpoison wicd avahi xorg certs)
-
-(operating-system
- (host-name "antelope")
- (timezone "Europe/Paris")
- (locale "en_US.UTF-8")
-
- ;; Assuming /dev/sdX is the target hard disk, and "root" is
- ;; the label of the target root file system.
- (bootloader (grub-configuration (device "/dev/sdX")))
- (file-systems (cons (file-system
- (device "root")
- (title 'label)
- (mount-point "/")
- (type "ext4"))
- %base-file-systems))
-
- (users (cons (user-account
- (name "bob")
- (comment "Alice's brother")
- (group "users")
- (supplementary-groups '("wheel" "netdev"
- "audio" "video"))
- (home-directory "/home/bob"))
- %base-user-accounts))
-
- ;; Add Xfce and Ratpoison; that allows us to choose
- ;; sessions using either of these at the log-in screen.
- (packages (cons* xfce ratpoison ;desktop environments
- xterm wicd avahi ;useful tools
- nss-certs ;for HTTPS access
- %base-packages))
-
- ;; Use the "desktop" services, which include the X11
- ;; log-in service, networking with Wicd, and more.
- (services %desktop-services)
-
- ;; Allow resolution of '.local' host names with mDNS.
- (name-service-switch %mdns-host-lookup-nss))
+;; This is an operating system configuration template
+;; for a "desktop" setup with GNOME and Xfce where the
+;; root partition is encrypted with LUKS.
+
+(use-modules (gnu) (gnu system nss))
+(use-service-modules desktop xorg)
+(use-package-modules certs gnome)
+
+(operating-system
+ (host-name "antelope")
+ (timezone "Europe/Paris")
+ (locale "en_US.utf8")
+
+ ;; Choose US English keyboard layout. The "altgr-intl"
+ ;; variant provides dead keys for accented characters.
+ (keyboard-layout (keyboard-layout "us" "altgr-intl"))
+
+ ;; Use the UEFI variant of GRUB with the EFI System
+ ;; Partition mounted on /boot/efi.
+ (bootloader (bootloader-configuration
+ (bootloader grub-efi-bootloader)
+ (target "/boot/efi")
+ (keyboard-layout keyboard-layout)))
+
+ ;; Specify a mapped device for the encrypted root partition.
+ ;; The UUID is that returned by 'cryptsetup luksUUID'.
+ (mapped-devices
+ (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "my-root")
+ (type luks-device-mapping))))
+
+ (file-systems (append
+ (list (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4")
+ (dependencies mapped-devices))
+ (file-system
+ (device (uuid "1234-ABCD" 'fat))
+ (mount-point "/boot/efi")
+ (type "vfat")))
+ %base-file-systems))
+
+ ;; Create user `bob' with `alice' as its initial password.
+ (users (cons (user-account
+ (name "bob")
+ (comment "Alice's brother")
+ (password (crypt "alice" "$6$abc"))
+ (group "users")
+ (supplementary-groups '("wheel" "netdev"
+ "audio" "video")))
+ %base-user-accounts))
+
+ ;; This is where we specify system-wide packages.
+ (packages (append (list
+ ;; for HTTPS access
+ nss-certs
+ ;; for user mounts
+ gvfs)
+ %base-packages))
+
+ ;; Add GNOME and Xfce---we can choose at the log-in screen
+ ;; by clicking the gear. Use the "desktop" services, which
+ ;; include the X11 log-in service, networking with
+ ;; NetworkManager, and more.
+ (services (append (list (service gnome-desktop-service-type)
+ (service xfce-desktop-service-type)
+ (set-xorg-configuration
+ (xorg-configuration
+ (keyboard-layout keyboard-layout))))
+ %desktop-services))
+
+ ;; Allow resolution of '.local' host names with mDNS.
+ (name-service-switch %mdns-host-lookup-nss))