diff options
| -rw-r--r-- | .dir-locals.el | 2 | ||||
| -rw-r--r-- | tw/home/common.scm | 355 | ||||
| -rw-r--r-- | tw/home/emacs.scm | 51 | ||||
| -rw-r--r-- | tw/home/lap.scm | 419 | ||||
| -rw-r--r-- | tw/system/common.scm | 37 | ||||
| -rw-r--r-- | tw/system/lap.scm | 80 | ||||
| -rw-r--r-- | tw/system/lud.scm | 240 |
7 files changed, 579 insertions, 605 deletions
diff --git a/.dir-locals.el b/.dir-locals.el index 1618d636..f2f5ef8a 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -121,6 +121,8 @@ ;; My own functions. (eval . (put 'combined-text-file 'scheme-indent-function 1)) + (eval . (put 'service 'scheme-indent-function 1)) + (eval . (put 'simple-service 'scheme-indent-function 2)) ;; This notably allows '(' in Paredit to not insert a space when the ;; preceding symbol is one of these. diff --git a/tw/home/common.scm b/tw/home/common.scm index b01ce218..b90d4bc5 100644 --- a/tw/home/common.scm +++ b/tw/home/common.scm @@ -35,157 +35,150 @@ (define-public common-services (list (service home-zsh-service-type - (home-zsh-configuration - (zshrc (list (local-file "files/zshrc") - (local-file "files/prompt.zsh"))))) - - (simple-service - 'common-config home-xdg-configuration-files-service-type - `(("git/config" ,(local-file "files/gitconfig")) - ("htop/htoprc" ,(local-file "files/htoprc")) - ("lesskey" ,(local-file "files/lesskey")) - ("ranger/rc.conf" ,(local-file "files/ranger.conf")) - ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. - ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) - - (simple-service - 'common-scripts home-files-service-type - ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. - `((".local/bin/ppscm" ,(local-file "files/ppscm" #:recursive? #t)))) ; pretty-print scheme files - - (simple-service - 'gnupg-config home-files-service-type - `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, - ;; so we can't use `home-xdg-configuration-files-service-type'. - (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) - (".local/share/gnupg/gpg-agent.conf" - ,(mixed-text-file "gpg-agent.conf" "\ + (home-zsh-configuration + (zshrc (list (local-file "files/zshrc") + (local-file "files/prompt.zsh"))))) + + (simple-service 'common-config home-xdg-configuration-files-service-type + `(("git/config" ,(local-file "files/gitconfig")) + ("htop/htoprc" ,(local-file "files/htoprc")) + ("lesskey" ,(local-file "files/lesskey")) + ("ranger/rc.conf" ,(local-file "files/ranger.conf")) + ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. + ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) + + (simple-service 'common-scripts home-files-service-type + ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. + `((".local/bin/ppscm" ,(local-file "files/ppscm" #:recursive? #t)))) ; pretty-print scheme files + + (simple-service 'gnupg-config home-files-service-type + `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, + ;; so we can't use `home-xdg-configuration-files-service-type'. + (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) + (".local/share/gnupg/gpg-agent.conf" + ,(mixed-text-file "gpg-agent.conf" "\ pinentry-program " (file-append pinentry-rofi "/bin/pinentry-rofi") " # Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 auto-expand-secmem ")))) - (simple-service - 'gnupg-agent home-shepherd-service-type - (list - (shepherd-service - (documentation "GPG agent; caches key passwords.") - (provision '(gpg-agent)) - (start #~(lambda _ - (invoke #$(file-append gnupg "/bin/gpg-agent") - "--daemon" "--no-detach"))) - (stop #~(lambda _ - (invoke "gpg-connect-agent" "killagent" "/bye")))))) - - (simple-service - 'common-environment home-environment-variables-service-type - `(;; Path to my own package definitions. If invoking `guix home' - ;; afresh, this needs to be set manually to find these packages. - ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") - - ;; Prepend my own binaries to $PATH. These should probably all - ;; be managed through `home-files-service-type'. - ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") - - ;; Default terminal-related applications (except Emacs, which is separate). - ("PAGER" . "less") - ;; Guix force-overrides $LESS by default, so force-force it to do what I - ;; want instead. `less' reads the `lesskey' file configured above. - ("GUIX_PAGER" . "env -u LESS less") - ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. - ("GROFF_NO_SGR" . "1") - - ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. - ("HISTSIZE" . "10000000") - - ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") - ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") - ("GTAGSLABEL" . "pygments") - - ;; Disable at-spi-dbus-launcher accessibility service. - ("NO_AT_BRIDGE" . "1") - - ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. - ("GUILE_AUTO_COMPILE" . "0") - - ;; For some reason, Guix doesn't seem to add these paths automatically. - ("GUILE_LOAD_PATH" . - ,(string-append - "$GUIX_PACKAGE_PATH:" - "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" - "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) - ("GUILE_LOAD_COMPILED_PATH" . - ,(string-append - "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" - "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" - "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) + (simple-service 'gnupg-agent home-shepherd-service-type + (list + (shepherd-service + (documentation "GPG agent; caches key passwords.") + (provision '(gpg-agent)) + (start #~(lambda _ + (invoke #$(file-append gnupg "/bin/gpg-agent") + "--daemon" "--no-detach"))) + (stop #~(lambda _ + (invoke "gpg-connect-agent" "killagent" "/bye")))))) + + (simple-service 'common-environment home-environment-variables-service-type + `(;; Path to my own package definitions. If invoking `guix home' + ;; afresh, this needs to be set manually to find these packages. + ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") + + ;; Prepend my own binaries to $PATH. These should probably all + ;; be managed through `home-files-service-type'. + ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") + + ;; Default terminal-related applications (except Emacs, which is separate). + ("PAGER" . "less") + ;; Guix force-overrides $LESS by default, so force-force it to do what I + ;; want instead. `less' reads the `lesskey' file configured above. + ("GUIX_PAGER" . "env -u LESS less") + ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. + ("GROFF_NO_SGR" . "1") + + ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. + ("HISTSIZE" . "10000000") + + ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") + ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") + ("GTAGSLABEL" . "pygments") + + ;; Disable at-spi-dbus-launcher accessibility service. + ("NO_AT_BRIDGE" . "1") + + ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. + ("GUILE_AUTO_COMPILE" . "0") + + ;; For some reason, Guix doesn't seem to add these paths automatically. + ("GUILE_LOAD_PATH" . + ,(string-append + "$GUIX_PACKAGE_PATH:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) + ("GUILE_LOAD_COMPILED_PATH" . + ,(string-append + "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) ;; XDG basedir spec compliance for various programs ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. - (simple-service - 'xdg-spec-compliance home-environment-variables-service-type - '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") - ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") - ("BUP_DIR" . "$XDG_DATA_HOME/bup") - ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") - ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") - ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") - ("FG_HOME" . "$XDG_DATA_HOME/fgfs") - ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") - ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") - ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") - ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") - ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") - ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") - ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") - ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. - ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 - ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") - ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") - ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") - ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") - ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") - ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") - ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") - ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") - ("STACK_ROOT" . "$XDG_DATA_HOME/stack") - ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") - ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") - ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") - ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") - ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") - ("_JAVA_OPTIONS" . - "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) - - (service - home-openssh-service-type - (home-openssh-configuration - (hosts - (let ((my-hosts/ports - '(("vin.twilken.net" . 50022) - ("vin.wg" . 50022) - ("pi3.twilken.net" . 51022) - ("pi3.wg" . 51022) - ("lud.twilken.net" . 22022) - ("lud.wg" . 22022) - ("matrix.twilken.net" . 22022))) - (git-hosts - '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) - (cern-ci-hosts/users - '(("alimonitor.cern.ch" . "alibuild") - ("alinsure.cern.ch" . "alibuild") - ("alibuildmac*.cern.ch" . "alibuild") - ("aido*osx*.cern.ch" . "alibuild") - ("alibuild*.cern.ch" . "root") - ("alissandra*.cern.ch" . "root") - ("alimesos*.cern.ch" . "root") - ("alientest*.cern.ch" . "root") - ("aliflow*.cern.ch" . "root") - ("alijenkins*.cern.ch" . "root")))) - - (define (cern-extra-content delegate-kerberos-credentials?) - (string-append "\ + (simple-service 'xdg-spec-compliance home-environment-variables-service-type + '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") + ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") + ("BUP_DIR" . "$XDG_DATA_HOME/bup") + ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") + ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") + ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") + ("FG_HOME" . "$XDG_DATA_HOME/fgfs") + ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") + ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") + ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") + ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") + ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") + ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") + ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") + ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. + ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 + ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") + ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") + ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") + ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") + ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") + ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") + ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") + ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") + ("STACK_ROOT" . "$XDG_DATA_HOME/stack") + ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") + ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") + ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") + ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") + ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") + ("_JAVA_OPTIONS" . + "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) + + (service home-openssh-service-type + (home-openssh-configuration + (hosts + (let ((my-hosts/ports + '(("vin.twilken.net" . 50022) + ("vin.wg" . 50022) + ("pi3.twilken.net" . 51022) + ("pi3.wg" . 51022) + ("lud.twilken.net" . 22022) + ("lud.wg" . 22022) + ("matrix.twilken.net" . 22022))) + (git-hosts + '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) + (cern-ci-hosts/users + '(("alimonitor.cern.ch" . "alibuild") + ("alinsure.cern.ch" . "alibuild") + ("alibuildmac*.cern.ch" . "alibuild") + ("aido*osx*.cern.ch" . "alibuild") + ("alibuild*.cern.ch" . "root") + ("alissandra*.cern.ch" . "root") + ("alimesos*.cern.ch" . "root") + ("alientest*.cern.ch" . "root") + ("aliflow*.cern.ch" . "root") + ("alijenkins*.cern.ch" . "root")))) + + (define (cern-extra-content delegate-kerberos-credentials?) + (string-append "\ # Kerberos authentication GSSAPIAuthentication yes GSSAPIDelegateCredentials " (if delegate-kerberos-credentials? "yes" "no") " @@ -193,42 +186,42 @@ PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboar ProxyJump \"twilken@lxplus.cern.ch\" ")) - ;; Earlier rules take precedence over later ones. - `(,(openssh-host (name "*.srcf.net") (user "tw466")) - ,(openssh-host (name "*.fritz.box") - (extra-content "ProxyJump lud.twilken.net")) - ,@(map (lambda (host port) - (openssh-host (name host) (port port) (user "timo"))) - (map car my-hosts/ports) - (map cdr my-hosts/ports)) - ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) - ;; BitBucket apparently only supports ssh-rsa. - ,(openssh-host (name "bitbucket.org") - (host-key-algorithms '("+ssh-rsa")) - (accepted-key-types '("+ssh-rsa"))) - ,(openssh-host (name "gitlab.cern.ch") - (port 7999) - (extra-content "ProxyJump none")) ; no jump needed - ;; Avoid ProxyJump loops. - ,(openssh-host (name "lxplus.cern.ch") - (extra-content "ProxyJump none")) - ,(openssh-host (name "twilkendesktop.cern.ch") - (port 22022) - (forward-x11? #t) - (extra-content (cern-extra-content #t))) - ,@(map (lambda (host user) - (openssh-host (name host) - (user user) - (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) - (map car cern-ci-hosts/users) - (map cdr cern-ci-hosts/users)) - ,(openssh-host (name "*.cern.ch") - (user "twilken") - (identity-file "~/.local/share/ssh-keys/cern_id_rsa") - (extra-content (cern-extra-content #f))) - ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' - ;; manages that and might delete keys there. - ,(openssh-host (name "*") - (identity-file "~/.local/share/ssh-keys/id_rsa") - ;; Remote servers probably don't know about xterm-kitty. - (extra-content "SetEnv TERM=xterm-256color"))))))))) + ;; Earlier rules take precedence over later ones. + `(,(openssh-host (name "*.srcf.net") (user "tw466")) + ,(openssh-host (name "*.fritz.box") + (extra-content "ProxyJump lud.twilken.net")) + ,@(map (lambda (host port) + (openssh-host (name host) (port port) (user "timo"))) + (map car my-hosts/ports) + (map cdr my-hosts/ports)) + ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) + ;; BitBucket apparently only supports ssh-rsa. + ,(openssh-host (name "bitbucket.org") + (host-key-algorithms '("+ssh-rsa")) + (accepted-key-types '("+ssh-rsa"))) + ,(openssh-host (name "gitlab.cern.ch") + (port 7999) + (extra-content "ProxyJump none")) ; no jump needed + ;; Avoid ProxyJump loops. + ,(openssh-host (name "lxplus.cern.ch") + (extra-content "ProxyJump none")) + ,(openssh-host (name "twilkendesktop.cern.ch") + (port 22022) + (forward-x11? #t) + (extra-content (cern-extra-content #t))) + ,@(map (lambda (host user) + (openssh-host (name host) + (user user) + (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) + (map car cern-ci-hosts/users) + (map cdr cern-ci-hosts/users)) + ,(openssh-host (name "*.cern.ch") + (user "twilken") + (identity-file "~/.local/share/ssh-keys/cern_id_rsa") + (extra-content (cern-extra-content #f))) + ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' + ;; manages that and might delete keys there. + ,(openssh-host (name "*") + (identity-file "~/.local/share/ssh-keys/id_rsa") + ;; Remote servers probably don't know about xterm-kitty. + (extra-content "SetEnv TERM=xterm-256color"))))))))) diff --git a/tw/home/emacs.scm b/tw/home/emacs.scm index d3696ac2..5b7b0437 100644 --- a/tw/home/emacs.scm +++ b/tw/home/emacs.scm @@ -7,6 +7,30 @@ (use-package-modules base cmake emacs emacs-xyz databases finance haskell-apps llvm python-xyz sqlite) +(define-public emacs-services + (list + (simple-service 'emacs-config home-xdg-configuration-files-service-type + `(("emacs/include" ,(local-file "files/emacs-packages" #:recursive? #t)) + ("emacs/init.el" ,(local-file "files/emacs-init.el")) + (,(string-append "emacs/" (local-file-name catppuccin-emacs-theme)) + ,catppuccin-emacs-theme))) + + (simple-service 'emacsclient-is-editor home-environment-variables-service-type + `(("EDITOR" . "emacsclient -qc") + ;; Tell emacsclient to return immediately after opening the file. I + ;; can't put this in $EDITOR as many programs expect $EDITOR to exit + ;; only when the user is done editing. + ("ASYNC_EDITOR" . "emacsclient -qcn"))) + + (simple-service 'emacs-server home-shepherd-service-type + (list + (shepherd-service + (documentation "Emacs server; connect using emacsclient.") + (provision '(emacs)) + (start #~(make-forkexec-constructor + (list #$(file-append emacs "/bin/emacs") "--fg-daemon"))) + (stop #~(make-kill-destructor))))))) + (define-public emacs-packages (list ;; Development & language servers @@ -74,30 +98,3 @@ emacs-hcl-mode emacs-ledger-mode emacs-mmm-mode emacs-puppet-mode emacs-rec-mode emacs-web-mode emacs-yaml-mode)) - -(define-public emacs-services - (list - (simple-service - 'emacs-config home-xdg-configuration-files-service-type - `(("emacs/include" ,(local-file "files/emacs-packages" #:recursive? #t)) - ("emacs/init.el" ,(local-file "files/emacs-init.el")) - (,(string-append "emacs/" (local-file-name catppuccin-emacs-theme)) - ,catppuccin-emacs-theme))) - - (simple-service - 'emacs-is-editor home-environment-variables-service-type - `(("EDITOR" . "emacsclient -qc") - ;; Tell emacsclient to return immediately after opening the file. I - ;; can't put this in $EDITOR as many programs expect $EDITOR to exit - ;; only when the user is done editing. - ("ASYNC_EDITOR" . "emacsclient -qcn"))) - - (simple-service - 'emacs-server home-shepherd-service-type - (list - (shepherd-service - (documentation "Emacs server; connect using emacsclient.") - (provision '(emacs)) - (start #~(make-forkexec-constructor - (list #$(file-append emacs "/bin/emacs") "--fg-daemon"))) - (stop #~(make-kill-destructor))))))) diff --git a/tw/home/lap.scm b/tw/home/lap.scm index 6e600843..c256bbbc 100644 --- a/tw/home/lap.scm +++ b/tw/home/lap.scm @@ -44,30 +44,27 @@ (define pim-services (list - (simple-service - 'pim-config home-xdg-configuration-files-service-type - `(("khal/config" ,(local-file "files/khal.conf")) - ("khard/khard.conf" ,(local-file "files/khard.conf")) - ("mutt/muttrc" ,(local-file "files/muttrc")) - ("mutt/catppuccin.muttrc" ,catppuccin-muttrc) - ("newsboat/config" ,(local-file "files/newsboat.conf")) - ("newsboat/config.catppuccin" ,catppuccin-newsboat) - ("vdirsyncer/config" ,(local-file "files/vdirsyncer.conf")))) + (simple-service 'pim-config home-xdg-configuration-files-service-type + `(("khal/config" ,(local-file "files/khal.conf")) + ("khard/khard.conf" ,(local-file "files/khard.conf")) + ("mutt/muttrc" ,(local-file "files/muttrc")) + ("mutt/catppuccin.muttrc" ,catppuccin-muttrc) + ("newsboat/config" ,(local-file "files/newsboat.conf")) + ("newsboat/config.catppuccin" ,catppuccin-newsboat) + ("vdirsyncer/config" ,(local-file "files/vdirsyncer.conf")))) - (simple-service - 'pim-cronjobs home-mcron-service-type - (list #~(job "15 */4 * * *" ; every four hours at HH:15 - (string-append #$(file-append vdirsyncer "/bin/vdirsyncer") " metasync")) - #~(job "0,30 * * * *" ; every half hour - (string-append #$(file-append vdirsyncer "/bin/vdirsyncer") " sync")))) + (simple-service 'pim-cronjobs home-mcron-service-type + (list #~(job "15 */4 * * *" ; every four hours at HH:15 + (string-append #$(file-append vdirsyncer "/bin/vdirsyncer") " metasync")) + #~(job "0,30 * * * *" ; every half hour + (string-append #$(file-append vdirsyncer "/bin/vdirsyncer") " sync")))) - (simple-service - 'mail-files home-files-service-type - `((".mailcap" ,(local-file "files/mailcap")) - ;; The file from git main is newer than the one bundled with the - ;; packaged neomutt version and contains a few fixes. - (".local/bin/mutt_oauth2.py" - ,(local-file "files/neomutt/contrib/oauth2/mutt_oauth2.py" #:recursive? #t)))))) + (simple-service 'mail-files home-files-service-type + `((".mailcap" ,(local-file "files/mailcap")) + ;; The file from git main is newer than the one bundled with the + ;; packaged neomutt version and contains a few fixes. + (".local/bin/mutt_oauth2.py" + ,(local-file "files/neomutt/contrib/oauth2/mutt_oauth2.py" #:recursive? #t)))))) (define (polybar-service monitor) (shepherd-service @@ -114,221 +111,215 @@ (services (cons* ;; Configuration files for terminal-only programs in $XDG_CONFIG_HOME. - (simple-service - 'laptop-config home-xdg-configuration-files-service-type - `(;; All alibuild needs is an empty file. - ("alibuild/disable-analytics" - ,(plain-file "alibuild-disable-analytics" "")) - ("X11/XCompose" ,(local-file "files/XCompose")) ; see also: $XCOMPOSEFILE variable - ("X11/Xresources" ,(local-file "files/Xresources")))) + (simple-service 'laptop-config home-xdg-configuration-files-service-type + `(;; All alibuild needs is an empty file. + ("alibuild/disable-analytics" + ,(plain-file "alibuild-disable-analytics" "")) + ("X11/XCompose" ,(local-file "files/XCompose")) ; see also: $XCOMPOSEFILE variable + ("X11/Xresources" ,(local-file "files/Xresources")))) - (simple-service ; this can't be a `service' as that would remove the 'guix channel - 'nonfree-channels home-channels-service-type - (list - ;; Nonguix is also needed system-wide for non-free drivers! - (channel - (name 'nonguix) - (url "https://gitlab.com/nonguix/nonguix") - ;; Enable signature verification: - (introduction - (make-channel-introduction - "897c1a470da759236cc11798f4e0a5f7d4d59fbc" - (openpgp-fingerprint - "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) - (channel - (name 'guix-gaming-games) - (url "https://gitlab.com/guix-gaming-channels/games") - ;; Enable signature verification: - (introduction - (make-channel-introduction - "c23d64f1b8cc086659f8781b27ab6c7314c5cca5" - (openpgp-fingerprint - "50F3 3E2E 5B0C 3D90 0424 ABE8 9BDC F497 A4BB CC7F")))))) + ;; This can't be a `service' as that would remove the 'guix channel. + (simple-service 'nonfree-channels home-channels-service-type + (list + ;; Nonguix is also needed system-wide for non-free drivers! + (channel + (name 'nonguix) + (url "https://gitlab.com/nonguix/nonguix") + ;; Enable signature verification: + (introduction + (make-channel-introduction + "897c1a470da759236cc11798f4e0a5f7d4d59fbc" + (openpgp-fingerprint + "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) + (channel + (name 'guix-gaming-games) + (url "https://gitlab.com/guix-gaming-channels/games") + ;; Enable signature verification: + (introduction + (make-channel-introduction + "c23d64f1b8cc086659f8781b27ab6c7314c5cca5" + (openpgp-fingerprint + "50F3 3E2E 5B0C 3D90 0424 ABE8 9BDC F497 A4BB CC7F")))))) ;; Batsignal: battery level notifications. (service home-batsignal-service-type - (home-batsignal-configuration - (batteries '("BAT0")))) + (home-batsignal-configuration + (batteries '("BAT0")))) ;; Redshift: make the screen turn redder at night. (service home-redshift-service-type - (home-redshift-configuration - ;; See info '(guix)Desktop Home Services'. - (location-provider 'manual) - ;; Approximate location - (latitude 46.0) - (longitude 6.0) - ;; (location-provider 'geoclue2) ; TODO: currently waits forever for a location -- not sure why geoclue doesn't work - ;; (daytime-temperature 6500) ; default 6500 - ;; (nighttime-temperature 4500) ; default 4500 - (daytime-brightness 1.0) - (nighttime-brightness 0.7) - (extra-content "fade=0"))) ; with fade=1, restarting redshift causes flickering for a few secs + (home-redshift-configuration + ;; See info '(guix)Desktop Home Services'. + (location-provider 'manual) + ;; Approximate location + (latitude 46.0) + (longitude 6.0) + ;; (location-provider 'geoclue2) ; TODO: currently waits forever for a location -- not sure why geoclue doesn't work + ;; (daytime-temperature 6500) ; default 6500 + ;; (nighttime-temperature 4500) ; default 4500 + (daytime-brightness 1.0) + (nighttime-brightness 0.7) + (extra-content "fade=0"))) ; with fade=1, restarting redshift causes flickering for a few secs ;; The dbus service doesn't seem to be added automatically. (service home-dbus-service-type - (home-dbus-configuration)) + (home-dbus-configuration)) - (simple-service - 'gui-services home-shepherd-service-type - (list - (shepherd-service - (documentation "KDE connect applet.") - (provision '(kdeconnect-applet)) - (requirement '(kdeconnectd)) - (start #~(make-forkexec-constructor - (list #$(file-append kdeconnect "/bin/kdeconnect-indicator")))) - (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "KDE connect daemon.") - (provision '(kdeconnectd)) - (start #~(make-forkexec-constructor - (list #$(file-append kdeconnect "/libexec/kdeconnectd")))) - (stop #~(make-kill-destructor))) + (simple-service 'gui-services home-shepherd-service-type + (list + (shepherd-service + (documentation "KDE connect applet.") + (provision '(kdeconnect-applet)) + (requirement '(kdeconnectd)) + (start #~(make-forkexec-constructor + (list #$(file-append kdeconnect "/bin/kdeconnect-indicator")))) + (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "KDE connect daemon.") + (provision '(kdeconnectd)) + (start #~(make-forkexec-constructor + (list #$(file-append kdeconnect "/libexec/kdeconnectd")))) + (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "NetworkManager applet; provides a GUI for network connections.") - (provision '(nm-applet)) - (start #~(make-forkexec-constructor - (list #$(file-append network-manager-applet "/bin/nm-applet")))) - (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "NetworkManager applet; provides a GUI for network connections.") + (provision '(nm-applet)) + (start #~(make-forkexec-constructor + (list #$(file-append network-manager-applet "/bin/nm-applet")))) + (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "Blueman applet; provides a GUI for connection to bluetooth devices.") - (provision '(blueman-applet)) - (start #~(make-forkexec-constructor - (list #$(file-append blueman "/bin/blueman-applet")))) - (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "Blueman applet; provides a GUI for connection to bluetooth devices.") + (provision '(blueman-applet)) + (start #~(make-forkexec-constructor + (list #$(file-append blueman "/bin/blueman-applet")))) + (stop #~(make-kill-destructor))) - (polybar-service "eDP-1") - (polybar-service "HDMI-1-1") + (polybar-service "eDP-1") + (polybar-service "HDMI-1-1") - (shepherd-service - (documentation "Dunst notification daemon; displays desktop notifications.") - (provision '(dunst)) - (start #~(make-forkexec-constructor - (list #$(file-append dunst "/bin/dunst")))) - (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "Dunst notification daemon; displays desktop notifications.") + (provision '(dunst)) + (start #~(make-forkexec-constructor + (list #$(file-append dunst "/bin/dunst")))) + (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "Picom compositor; enables transparent windows in X.") - (provision '(picom)) - (start #~(make-forkexec-constructor - (list #$(file-append picom "/bin/picom") "--experimental-backends" - "--config" #$(local-file "files/picom.conf")))) - (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "Picom compositor; enables transparent windows in X.") + (provision '(picom)) + (start #~(make-forkexec-constructor + (list #$(file-append picom "/bin/picom") "--experimental-backends" + "--config" #$(local-file "files/picom.conf")))) + (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "Source Xresources on login.") - (provision '(xrdb)) - (one-shot? #t) - (start #~(lambda _ - (invoke #$(file-append xrdb "/bin/xrdb") "-merge" - (string-append (getenv "XDG_CONFIG_HOME") "/X11/Xresources"))))) + (shepherd-service + (documentation "Source Xresources on login.") + (provision '(xrdb)) + (one-shot? #t) + (start #~(lambda _ + (invoke #$(file-append xrdb "/bin/xrdb") "-merge" + (string-append (getenv "XDG_CONFIG_HOME") "/X11/Xresources"))))) - ;; By default, xdotool gets most of "#@\|~()<>[]{} wrong. Make - ;; it use the correct keymap by re-setting the same one again. - (shepherd-service - (documentation "Fix X keyboard map on login; passmenu needs this.") - (provision '(fix-xdotool)) - (one-shot? #t) - (start #~(lambda _ - (use-modules (ice-9 rdelim) - (ice-9 regex) - (ice-9 popen)) - (let ((port (open-pipe* OPEN_READ #$(file-append setxkbmap "/bin/setxkbmap") - "-query"))) - (let loop ((line (read-line port))) - (unless (eof-object? line) - (let ((mtch (string-match "^layout:[[:space:]]*" line))) - (if mtch - (system* #$(file-append setxkbmap "/bin/setxkbmap") - (match:suffix mtch)) - (loop (read-line port)))))))))) + ;; By default, xdotool gets most of "#@\|~()<>[]{} wrong. Make + ;; it use the correct keymap by re-setting the same one again. + (shepherd-service + (documentation "Fix X keyboard map on login; passmenu needs this.") + (provision '(fix-xdotool)) + (one-shot? #t) + (start #~(lambda _ + (use-modules (ice-9 rdelim) + (ice-9 regex) + (ice-9 popen)) + (let ((port (open-pipe* OPEN_READ #$(file-append setxkbmap "/bin/setxkbmap") + "-query"))) + (let loop ((line (read-line port))) + (unless (eof-object? line) + (let ((mtch (string-match "^layout:[[:space:]]*" line))) + (if mtch + (system* #$(file-append setxkbmap "/bin/setxkbmap") + (match:suffix mtch)) + (loop (read-line port)))))))))) - (shepherd-service - (documentation "Set up X displays on login.") - (provision '(xorg-setup)) - (one-shot? #t) - (start #~(lambda _ - (system* #$(file-append numlockx "/bin/numlockx") "on") - ;; Turn off the monitors if there is no input for 10 minutes. - (system* #$(file-append xset "/bin/xset") "dpms" "600" "600" "600") - (system* #$(file-append xrandr "/bin/xrandr") - "--output" "eDP-1" "--auto" - ;; Don't use --auto for this monitor. That - ;; configures it at 60 Hz, which causes - ;; it to briefly turn off every few minutes. - "--output" "HDMI-1-1" "--mode" "2560x1440" "--rate" "120.00" - "--right-of" "eDP-1") - ;; Set the desktop background picture. Hopefully doing this just after - ;; xrandr works and sets it for both screens. - (system* #$(file-append hsetroot "/bin/hsetroot") "-cover" - (string-append (getenv "HOME") - "/pictures/Backgrounds/greece/IMG_20181201_104748_DRO.jpg"))))))) + (shepherd-service + (documentation "Set up X displays on login.") + (provision '(xorg-setup)) + (one-shot? #t) + (start #~(lambda _ + (system* #$(file-append numlockx "/bin/numlockx") "on") + ;; Turn off the monitors if there is no input for 10 minutes. + (system* #$(file-append xset "/bin/xset") "dpms" "600" "600" "600") + (system* #$(file-append xrandr "/bin/xrandr") + "--output" "eDP-1" "--auto" + ;; Don't use --auto for this monitor. That + ;; configures it at 60 Hz, which causes + ;; it to briefly turn off every few minutes. + "--output" "HDMI-1-1" "--mode" "2560x1440" "--rate" "120.00" + "--right-of" "eDP-1") + ;; Set the desktop background picture. Hopefully doing this just after + ;; xrandr works and sets it for both screens. + (system* #$(file-append hsetroot "/bin/hsetroot") "-cover" + (string-append (getenv "HOME") + "/pictures/Backgrounds/greece/IMG_20181201_104748_DRO.jpg"))))))) ;; Configuration files for GUI programs in $XDG_CONFIG_HOME. - (simple-service - 'gui-config home-xdg-configuration-files-service-type - `(("dunst/dunstrc" ,(local-file "files/dunstrc")) - ("dunst/dunstrc.d/50-catppuccin.conf" ,catppuccin-dunstrc) - ("gtk-2.0/gtkrc" ,(local-file "files/gtk2.ini")) - ("gtk-3.0/settings.ini" ,(local-file "files/gtk3.ini")) - ("i3/config" ,(local-file "files/i3.conf")) - ;; TODO: "kdeglobals" works for some programs (e.g. kdeconnect-app), - ;; but not for others (e.g. nheko, kdeconnect-settings)... - ("kdeglobals" ,catppuccin-kdeglobals) - ("kitty/diff.conf" ,catppuccin-kitty-diff) - ("kitty/kitty.conf" - ,(combined-text-file "kitty.conf" - (local-file "files/kitty.conf") - catppuccin-kitty)) - ("polybar/config.ini" ,(local-file "files/polybar.ini")) - ("polybar/catppuccin.ini" ,catppuccin-polybar) - ("rofi/config.rasi" ,(local-file "files/rofi.rasi")) - ("rofi/themes/catppuccin.rasi" ,catppuccin-rofi) - ("zathura/zathurarc" ,(local-file "files/zathurarc")) - ("zathura/catppuccin" ,catppuccin-zathura))) + (simple-service 'gui-config home-xdg-configuration-files-service-type + `(("dunst/dunstrc" ,(local-file "files/dunstrc")) + ("dunst/dunstrc.d/50-catppuccin.conf" ,catppuccin-dunstrc) + ("gtk-2.0/gtkrc" ,(local-file "files/gtk2.ini")) + ("gtk-3.0/settings.ini" ,(local-file "files/gtk3.ini")) + ("i3/config" ,(local-file "files/i3.conf")) + ;; TODO: "kdeglobals" works for some programs (e.g. kdeconnect-app), + ;; but not for others (e.g. nheko, kdeconnect-settings)... + ("kdeglobals" ,catppuccin-kdeglobals) + ("kitty/diff.conf" ,catppuccin-kitty-diff) + ("kitty/kitty.conf" + ,(combined-text-file "kitty.conf" + (local-file "files/kitty.conf") + catppuccin-kitty)) + ("polybar/config.ini" ,(local-file "files/polybar.ini")) + ("polybar/catppuccin.ini" ,catppuccin-polybar) + ("rofi/config.rasi" ,(local-file "files/rofi.rasi")) + ("rofi/themes/catppuccin.rasi" ,catppuccin-rofi) + ("zathura/zathurarc" ,(local-file "files/zathurarc")) + ("zathura/catppuccin" ,catppuccin-zathura))) - (simple-service - 'cursor-theme home-files-service-type - `((".icons/default/index.theme" ,(local-file "files/cursors.ini")))) + (simple-service 'cursor-theme home-files-service-type + `((".icons/default/index.theme" ,(local-file "files/cursors.ini")))) - (simple-service - 'gui-environment home-environment-variables-service-type - `(("TERMINAL" . "kitty") - ("_JAVA_OPTIONS" . - ,(string-append - "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true " - "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel " - "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel")) - ;; Smooth trackpad scrolling in Firefox/Icecat. - ;; https://wiki.archlinux.org/index.php/Firefox/Tweaks#Pixel-perfect_trackpad_scrolling - ("MOZ_USE_XINPUT2" . "1"))) + (simple-service 'gui-environment home-environment-variables-service-type + `(("TERMINAL" . "kitty") + ("_JAVA_OPTIONS" . + ,(string-append + "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true " + "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel " + "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel")) + ;; Smooth trackpad scrolling in Firefox/Icecat. + ;; https://wiki.archlinux.org/index.php/Firefox/Tweaks#Pixel-perfect_trackpad_scrolling + ("MOZ_USE_XINPUT2" . "1"))) - (simple-service - 'gui-scripts home-files-service-type - `(;; https://sw.kovidgoyal.net/kitty/kittens/diff/ - (".local/bin/kdiff" ; show a diff - ,(program-file "kdiff" #~(apply execl #$(file-append kitty "/bin/kitty") "kitty" - "+kitten" "diff" (cdr (command-line))))) - (".local/bin/icat" ; kitty's "catimg" equivalent - ,(program-file "icat" #~(apply execl #$(file-append kitty "/bin/kitty") "kitty" - "+kitten" "icat" (cdr (command-line))))) - (".local/bin/screenlock" - ,(program-file - "screenlock" - #~(begin ; Wrapper around i3lock to turn off the screen and pause notifications. - (system* #$(file-append dunst "/bin/dunstctl") "set-paused" "true") - (system* #$(file-append xset "/bin/xset") "dpms" "0" "0" "5") - ;; We mustn't use `file-append' here, as we have to pick up the - ;; setuid binary for i3lock installed by the system config. - (system* "i3lock" "-nc" #$catppuccin-background-color) - (system* #$(file-append xset "/bin/xset") "dpms" "600" "600" "600") - (system* #$(file-append dunst "/bin/dunstctl") "set-paused" "false")))) - ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. - (".local/bin/sessionmenu" ,(local-file "files/sessionmenu" #:recursive? #t)) - (".local/bin/passmenu" ,(local-file "files/passmenu" #:recursive? #t)) - (".local/bin/volume" ,(local-file "files/volume" #:recursive? #t)))) + (simple-service 'gui-scripts home-files-service-type + `(;; https://sw.kovidgoyal.net/kitty/kittens/diff/ + (".local/bin/kdiff" ; show a diff + ,(program-file "kdiff" #~(apply execl #$(file-append kitty "/bin/kitty") "kitty" + "+kitten" "diff" (cdr (command-line))))) + (".local/bin/icat" ; kitty's "catimg" equivalent + ,(program-file "icat" #~(apply execl #$(file-append kitty "/bin/kitty") "kitty" + "+kitten" "icat" (cdr (command-line))))) + (".local/bin/screenlock" + ,(program-file + "screenlock" + #~(begin ; Wrapper around i3lock to turn off the screen and pause notifications. + (system* #$(file-append dunst "/bin/dunstctl") "set-paused" "true") + (system* #$(file-append xset "/bin/xset") "dpms" "0" "0" "5") + ;; We mustn't use `file-append' here, as we have to pick up the + ;; setuid binary for i3lock installed by the system config. + (system* "i3lock" "-nc" #$catppuccin-background-color) + (system* #$(file-append xset "/bin/xset") "dpms" "600" "600" "600") + (system* #$(file-append dunst "/bin/dunstctl") "set-paused" "false")))) + ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. + (".local/bin/sessionmenu" ,(local-file "files/sessionmenu" #:recursive? #t)) + (".local/bin/passmenu" ,(local-file "files/passmenu" #:recursive? #t)) + (".local/bin/volume" ,(local-file "files/volume" #:recursive? #t)))) (append common-services emacs-services pim-services)))) diff --git a/tw/system/common.scm b/tw/system/common.scm index 2266cbb9..d96faef8 100644 --- a/tw/system/common.scm +++ b/tw/system/common.scm @@ -82,22 +82,21 @@ ff02::3 ip6-allhosts (define-public (wireguard-service host) (let ((own-peer (assoc-ref %wireguard-peers host))) - (service - wireguard-service-type - (wireguard-configuration - (addresses - (map (lambda (cidr) - (let ((ipv4 (string-match "/32$" cidr)) - (ipv6 (string-match "/128$" cidr))) - (cond - (ipv4 (regexp-substitute #f ipv4 'pre "/24")) - (ipv6 (regexp-substitute #f ipv6 'pre "/64")) - (#t cidr)))) - (wireguard-peer-allowed-ips own-peer))) - (port - (let ((endpoint (wireguard-peer-endpoint own-peer))) - (if endpoint - (string->number (cadr (string-split endpoint #\:))) - 58921))) - (private-key "/etc/wireguard/private.key") - (peers (delq own-peer (map cdr %wireguard-peers))))))) + (service wireguard-service-type + (wireguard-configuration + (addresses + (map (lambda (cidr) + (let ((ipv4 (string-match "/32$" cidr)) + (ipv6 (string-match "/128$" cidr))) + (cond + (ipv4 (regexp-substitute #f ipv4 'pre "/24")) + (ipv6 (regexp-substitute #f ipv6 'pre "/64")) + (#t cidr)))) + (wireguard-peer-allowed-ips own-peer))) + (port + (let ((endpoint (wireguard-peer-endpoint own-peer))) + (if endpoint + (string->number (cadr (string-split endpoint #\:))) + 58921))) + (private-key "/etc/wireguard/private.key") + (peers (delq own-peer (map cdr %wireguard-peers))))))) diff --git a/tw/system/lap.scm b/tw/system/lap.scm index 9dd81d80..504f5cc7 100644 --- a/tw/system/lap.scm +++ b/tw/system/lap.scm @@ -166,12 +166,12 @@ support extra features (acr, pmu, gr).") (kernel nongnu:linux-lts) (kernel-arguments (cons* ;;"nosplash" - ;;"vt.global_cursor_default=0" - ;;"video.use_native_backlight=1" - ;;"nvidia-drm.modeset=1" - ;;"acpi_osi=\"!Windows 2015\"" - ;;"acpi_enforce_resources=lax" - %default-kernel-arguments)) + ;;"vt.global_cursor_default=0" + ;;"video.use_native_backlight=1" + ;;"nvidia-drm.modeset=1" + ;;"acpi_osi=\"!Windows 2015\"" + ;;"acpi_enforce_resources=lax" + %default-kernel-arguments)) (initrd microcode-initrd) ;; TODO: nouveau complains about missing firmware (see dmesg). (firmware (cons* nongnu:atheros-firmware ; for atk10k/QCA6174/hw3.0 (wifi card) @@ -282,42 +282,42 @@ support extra features (acr, pmu, gr).") (services (cons* (service syncthing-service-type - (syncthing-configuration - (user "timo"))) + (syncthing-configuration + (user "timo"))) (service cups-service-type - (cups-configuration - (web-interface? #t) - (default-shared? #f) - ;; See info '(guix)Printing Services' for more extensions. - (extensions - (list cups-filters foomatic-filters brlaser)))) + (cups-configuration + (web-interface? #t) + (default-shared? #f) + ;; See info '(guix)Printing Services' for more extensions. + (extensions + (list cups-filters foomatic-filters brlaser)))) (bluetooth-service) (wireguard-service 'lap) (service docker-service-type - (docker-configuration)) + (docker-configuration)) (service krb5-service-type - (krb5-configuration - (default-realm "CERN.CH") - (rdns? #f) - (realms (list (krb5-realm - (name "CERN.CH") - (default-domain "cern.ch") - (kdc "cerndc.cern.ch")))))) + (krb5-configuration + (default-realm "CERN.CH") + (rdns? #f) + (realms (list (krb5-realm + (name "CERN.CH") + (default-domain "cern.ch") + (kdc "cerndc.cern.ch")))))) (service tlp-service-type - (tlp-configuration)) ; TODO: configure properly + (tlp-configuration)) ; TODO: configure properly (service thermald-service-type - (thermald-configuration - (adaptive? #t))) + (thermald-configuration + (adaptive? #t))) (service earlyoom-service-type - (earlyoom-configuration)) ; TODO: configure at least `avoid-regexp' + (earlyoom-configuration)) ; TODO: configure at least `avoid-regexp' ;; Disabled as it doesn't work with my hardware. ;; It always says "logging in with fingerprint failed" and blocks password login in gdm. @@ -331,7 +331,7 @@ support extra features (acr, pmu, gr).") ;; If using a DM other than GDM, add it to `pam-services' in ;; `gnome-keyring-configuration' (see its docs). (service gnome-keyring-service-type - (gnome-keyring-configuration)) + (gnome-keyring-configuration)) ;; Allow anyone in the "video" group to set the display's brightness. ;; Run `udevadm info -q all /sys/class/backlight/intel_backlight' @@ -346,23 +346,21 @@ support extra features (acr, pmu, gr).") (set-xorg-configuration custom-xorg-config) - (simple-service - 'cronjobs mcron-service-type - ;; I don't think jobs run on boot if they would have run when the - ;; computer was turned off, so choose a time when the computer is - ;; probably turned on. - (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G") - #~(job "0 22 * * *" ; after guix gc - (string-append #$(file-append util-linux "/sbin/fstrim") - " --fstab --verbose")))) + (simple-service 'cronjobs mcron-service-type + ;; I don't think jobs run on boot if they would have run when the + ;; computer was turned off, so choose a time when the computer is + ;; probably turned on. + (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G") + #~(job "0 22 * * *" ; after guix gc + (string-append #$(file-append util-linux "/sbin/fstrim") + " --fstab --verbose")))) ;; The nonguix channel is added to channels.scm as an `extra-special-file'. ;; The gaming channel (https://gitlab.com/guix-gaming-channels) is per-user only. - (simple-service - 'nonguix guix-service-type - (guix-extension - (authorized-keys (list nonguix-signing-key)) - (substitute-urls '("https://substitutes.nonguix.org")))) + (simple-service 'nonguix guix-service-type + (guix-extension + (authorized-keys (list nonguix-signing-key)) + (substitute-urls '("https://substitutes.nonguix.org")))) (extra-special-file "/etc/guix/channels.scm" extra-channels) diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 0035d1ab..15cdbeaf 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -72,11 +72,10 @@ SSLSessionCacheTimeout 1200 ") (define nextcloud-services - (list (simple-service - 'nextcloud-https-server httpd-service-type - ;; The certbot service redirects everything on port 80 to - ;; port 443 by default, modulo its own /.well-known paths. - (list (httpd-virtualhost "*:443" (list "\ + (list (simple-service 'nextcloud-https-server httpd-service-type + ;; The certbot service redirects everything on port 80 to + ;; port 443 by default, modulo its own /.well-known paths. + (list (httpd-virtualhost "*:443" (list "\ # For Nextcloud. ServerName cloud.wilkenfamily.de DocumentRoot /var/www/nextcloud @@ -121,59 +120,55 @@ Header always set Strict-Transport-Security \"max-age=15552000\" ")))) (service php-fpm-service-type - (php-fpm-configuration - (user "httpd") - (group "httpd") - (socket "/var/run/php-fpm.sock") - (socket-user "httpd") - (socket-group "httpd") - (php-ini-file nextcloud-php.ini))) - - (simple-service - 'nextcloud-certificates certbot-service-type - (list (certificate-configuration - (domains '("cloud.wilkenfamily.de")) - (deploy-hook httpd-cert-deploy-hook)))) + (php-fpm-configuration + (user "httpd") + (group "httpd") + (socket "/var/run/php-fpm.sock") + (socket-user "httpd") + (socket-group "httpd") + (php-ini-file nextcloud-php.ini))) + + (simple-service 'nextcloud-certificates certbot-service-type + (list (certificate-configuration + (domains '("cloud.wilkenfamily.de")) + (deploy-hook httpd-cert-deploy-hook)))) ;; Nextcloud cron - (simple-service - 'nextcloud-cron mcron-service-type - (list #~(job "*/5 * * * *" - (lambda () - (chdir "/var/www/nextcloud") - ;; `setgid' first while we're still root - (setgid (group:gid (getgr "httpd"))) - (setuid (passwd:uid (getpw "httpd"))) - (execl #$(file-append php "/bin/php") "php" - "-c" #$nextcloud-php.ini "cron.php")) - (string-append - #$(file-append php "/bin/php") - " -c " #$nextcloud-php.ini - " /var/www/nextcloud/cron.php")) - - ;; Nextcloud backups - ;; Requires: sudo, php, btrfs, mysqldump, rsync - (let ((backup-script (local-file "files/nextcloud-backup" #:recursive? #t))) - #~(job "0 6 * * *" - (lambda () - ;; Pass through the php.ini file that allows us to - ;; use Nextcloud's occ script. - (execl #$backup-script "nextcloud-backup" #$nextcloud-php.ini)) - (string-append #$backup-script " " #$nextcloud-php.ini))))))) + (simple-service 'nextcloud-cron mcron-service-type + (list #~(job "*/5 * * * *" + (lambda () + (chdir "/var/www/nextcloud") + ;; `setgid' first while we're still root + (setgid (group:gid (getgr "httpd"))) + (setuid (passwd:uid (getpw "httpd"))) + (execl #$(file-append php "/bin/php") "php" + "-c" #$nextcloud-php.ini "cron.php")) + (string-append + #$(file-append php "/bin/php") + " -c " #$nextcloud-php.ini + " /var/www/nextcloud/cron.php")) + + ;; Nextcloud backups + ;; Requires: sudo, php, btrfs, mysqldump, rsync + (let ((backup-script (local-file "files/nextcloud-backup" #:recursive? #t))) + #~(job "0 6 * * *" + (lambda () + ;; Pass through the php.ini file that allows us to + ;; use Nextcloud's occ script. + (execl #$backup-script "nextcloud-backup" #$nextcloud-php.ini)) + (string-append #$backup-script " " #$nextcloud-php.ini))))))) (define matrix-services - (list (simple-service - 'synapse-certificates certbot-service-type - (list (certificate-configuration - (domains '("matrix.twilken.net")) - (deploy-hook httpd-cert-deploy-hook)))) - - (simple-service - 'synapse-https-proxy httpd-service-type - ;; Synapse can't access certbot certs, but Apache/httpd - ;; can, so proxy HTTPS access through. It's good to have - ;; Synapse available on port 443 anyway. - (list (httpd-virtualhost "*:443" (list "\ + (list (simple-service 'synapse-certificates certbot-service-type + (list (certificate-configuration + (domains '("matrix.twilken.net")) + (deploy-hook httpd-cert-deploy-hook)))) + + (simple-service 'synapse-https-proxy httpd-service-type + ;; Synapse can't access certbot certs, but Apache/httpd + ;; can, so proxy HTTPS access through. It's good to have + ;; Synapse available on port 443 anyway. + (list (httpd-virtualhost "*:443" (list "\ # Redirect to Synapse, to avoid having to specify its port number in Matrix clients. ServerName matrix.twilken.net SSLEngine on @@ -184,15 +179,15 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" ;; TODO: Postgres for Synapse ;; (service postgresql-service-type - ;; (postgresql-configuration - ;; (postgresql postgresql-15) - ;; (data-directory "/var/lib/postgresql/data"))) + ;; (postgresql-configuration + ;; (postgresql postgresql-15) + ;; (data-directory "/var/lib/postgresql/data"))) ;; (service postgresql-role-service-type - ;; (postgresql-role-configuration - ;; (roles (list (postgresql-role - ;; (name "synapse") ; TODO - ;; (create-database? #t)))))) + ;; (postgresql-role-configuration + ;; (roles (list (postgresql-role + ;; (name "synapse") ; TODO + ;; (create-database? #t)))))) ;; TODO: Matrix/Synapse ;; TODO: Matrix bridges @@ -236,16 +231,16 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" (services (append (list (service openssh-service-type - (openssh-configuration - (port-number 22022) - (password-authentication? #f) - (accepted-environment '("LANG" "LC_*")) - (authorized-keys - `(("timo" - ,(local-file "files/timo.pub")) - ("ira" ; for Duplicity backups - ,(local-file "files/kitchen-pc.pub") - ,(local-file "files/wilken-laptop.pub")))))) + (openssh-configuration + (port-number 22022) + (password-authentication? #f) + (accepted-environment '("LANG" "LC_*")) + (authorized-keys + `(("timo" + ,(local-file "files/timo.pub")) + ("ira" ; for Duplicity backups + ,(local-file "files/kitchen-pc.pub") + ,(local-file "files/wilken-laptop.pub")))))) (service tor-service-type) @@ -254,74 +249,73 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" (service ntp-service-type) (service thermald-service-type - (thermald-configuration - (adaptive? #t))) + (thermald-configuration + (adaptive? #t))) - (simple-service - 'cronjobs mcron-service-type - (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G") - #~(job "0 22 * * *" ; after guix gc - (string-append #$(file-append util-linux "/sbin/fstrim") - " --fstab --verbose")))) + (simple-service 'cronjobs mcron-service-type + (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G") + #~(job "0 22 * * *" ; after guix gc + (string-append #$(file-append util-linux "/sbin/fstrim") + " --fstab --verbose")))) ;; Transmission (torrents) (service transmission-daemon-service-type - (transmission-daemon-configuration - (download-dir "/var/data/bt") - (incomplete-dir "/var/data/bt/incomplete") - (incomplete-dir-enabled? #t) - (speed-limit-up-enabled? #t) - (speed-limit-up 512) ; KiB/s - (encryption 'require-encrypted-connections) - ;; Don't try to configure port forwarding automatically. - (port-forwarding-enabled? #f) - ;; Make RPC interface only accessible via WireGuard. - (rpc-bind-address "10.0.0.2") - (rpc-whitelist-enabled? #t) - (rpc-whitelist '("127.0.0.1" "::1" - "10.0.0.*" "fc00::*")) - (rpc-host-whitelist-enabled? #t) - (rpc-host-whitelist '("lud.wg")))) + (transmission-daemon-configuration + (download-dir "/var/data/bt") + (incomplete-dir "/var/data/bt/incomplete") + (incomplete-dir-enabled? #t) + (speed-limit-up-enabled? #t) + (speed-limit-up 512) ; KiB/s + (encryption 'require-encrypted-connections) + ;; Don't try to configure port forwarding automatically. + (port-forwarding-enabled? #f) + ;; Make RPC interface only accessible via WireGuard. + (rpc-bind-address "10.0.0.2") + (rpc-whitelist-enabled? #t) + (rpc-whitelist '("127.0.0.1" "::1" + "10.0.0.*" "fc00::*")) + (rpc-host-whitelist-enabled? #t) + (rpc-host-whitelist '("lud.wg")))) ;; TODO: Streama ;; Syncthing (service syncthing-service-type - (syncthing-configuration - (user "syncthing") - (group "syncthing"))) + (syncthing-configuration + (user "syncthing") + (group "syncthing"))) ;; certbot for Synapse + Apache/Nextcloud ;; This also installs a nginx server on port 80, redirecting to port 443. (service certbot-service-type - (certbot-configuration - (email "letsencrypt@twilken.net"))) + (certbot-configuration + (email "letsencrypt@twilken.net"))) (service httpd-service-type - (httpd-configuration - (config - (httpd-config-file - (listen '("443")) ; leave port 80 free for certbot/nginx - (modules - (cons* (httpd-module (name "ssl_module") (file "modules/mod_ssl.so")) - (httpd-module (name "proxy_module") (file "modules/mod_proxy.so")) - (httpd-module (name "rewrite_module") (file "modules/mod_rewrite.so")) - (httpd-module (name "alias_module") (file "modules/mod_alias.so")) - (httpd-module (name "socache_shmcb_module") ; for SSLStaplingCache - (file "modules/mod_socache_shmcb.so")) - (httpd-module (name "proxy_fcgi_module") ; for PHP/FastCGI - (file "modules/mod_proxy_fcgi.so")) - %default-httpd-modules)) - ;; Preserve default value for `extra-config'. - (extra-config - (list "TypesConfig etc/httpd/mime.types\n" - "ServerAdmin webmaster@twilken.net\n" - httpd-intermediate-ssl-config)))))) + (httpd-configuration + (config + (httpd-config-file + (listen '("443")) ; leave port 80 free for certbot/nginx + (modules + (cons* (httpd-module (name "ssl_module") (file "modules/mod_ssl.so")) + (httpd-module (name "proxy_module") (file "modules/mod_proxy.so")) + (httpd-module (name "rewrite_module") (file "modules/mod_rewrite.so")) + (httpd-module (name "alias_module") (file "modules/mod_alias.so")) + (httpd-module (name "socache_shmcb_module") ; for SSLStaplingCache + (file "modules/mod_socache_shmcb.so")) + (httpd-module (name "proxy_fcgi_module") ; for PHP/FastCGI + (file "modules/mod_proxy_fcgi.so")) + %default-httpd-modules)) + ;; Preserve default value for `extra-config'. + (extra-config + (list "TypesConfig etc/httpd/mime.types\n" + "ServerAdmin webmaster@twilken.net\n" + httpd-intermediate-ssl-config)))))) ;; For Nextcloud (and Streama) (service mysql-service-type - (mysql-configuration - (extra-content "\ + (mysql-configuration + (extra-content "\ [mysqld] character-set-server = utf8mb4 collation-server = utf8mb4_general_ci @@ -335,8 +329,8 @@ innodb_io_capacity = 4000 ;; Prometheus node exporter (service prometheus-node-exporter-service-type - (prometheus-node-exporter-configuration - (web-listen-address "10.0.0.2:9100"))) + (prometheus-node-exporter-configuration + (web-listen-address "10.0.0.2:9100"))) ;; TODO: JSON exporter (Nextcloud) |