diff options
Diffstat (limited to 'tw/home/common.scm')
-rw-r--r-- | tw/home/common.scm | 229 |
1 files changed, 229 insertions, 0 deletions
diff --git a/tw/home/common.scm b/tw/home/common.scm new file mode 100644 index 00000000..45136be3 --- /dev/null +++ b/tw/home/common.scm @@ -0,0 +1,229 @@ +(define-module (tw home common) + #:use-module (gnu) + #:use-module (gnu home services) + #:use-module (gnu home services shells) + #:use-module (gnu home services shepherd) + #:use-module (gnu home services ssh) + #:use-module (guix gexp) + #:use-module (tw packages shell)) + +(use-package-modules admin compression curl databases disk dns file finance + gnupg graphviz imagemagick less linux lisp maths + password-utils pretty-print pv python python-xyz rsync + shells shellutils ssh textutils tmux version-control + video vim web) + +(define-public common-packages + (list + curl dos2unix fdupes file git gnupg gnuplot graphviz hledger imagemagick jq + less lesspipe net-tools openssh password-store pass-otp pv python + python-ipython recutils rsync sbcl smartmontools source-highlight tmux tree + xxd zip unzip + get-iplayer ffmpeg atomicparsley yt-dlp + + ;; Install only bind-utils like dig, not the full suite. + (list isc-bind "utils") + + ;; Ranger can do code highlighting using python-pygments and + ;; image previews in kitty using python-pillow. + ranger python-pygments python-pillow mediainfo python-pdftotext + + ;; Shell + zsh zsh-autosuggestions zsh-syntax-highlighting zsh-autopair + zsh-completions)) + +(define-public common-services + (list + (service home-zsh-service-type + (home-zsh-configuration + (zshrc (list (local-file "files/zshrc") + (local-file "files/prompt.zsh"))))) + + (simple-service + 'common-config home-xdg-configuration-files-service-type + `(("git/config" ,(local-file "files/gitconfig")) + ("htop/htoprc" ,(local-file "files/htoprc")) + ("lesskey" ,(local-file "files/lesskey")) + ("ranger/rc.conf" ,(local-file "files/ranger.conf")) + ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. + ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) + + (simple-service + 'gnupg-config home-files-service-type + `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, + ;; so we can't use `home-xdg-configuration-files-service-type'. + (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) + (".local/share/gnupg/gpg-agent.conf" + ,(mixed-text-file "gpg-agent.conf" "\ +pinentry-program " (file-append pinentry-rofi "/bin/pinentry-rofi") " +# Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 +auto-expand-secmem +")))) + + (simple-service + 'gnupg-agent home-shepherd-service-type + (list + (shepherd-service + (documentation "GPG agent; caches key passwords.") + (provision '(gpg-agent)) + (start #~(lambda _ + (invoke #$(file-append gnupg "/bin/gpg-agent") + "--daemon" "--no-detach"))) + (stop #~(lambda _ + (invoke "gpg-connect-agent" "killagent" "/bye")))))) + + (simple-service + 'common-environment home-environment-variables-service-type + `(;; Path to my own package definitions. If invoking `guix home' + ;; afresh, this needs to be set manually to find these packages. + ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") + + ;; Prepend my own binaries to $PATH. These should probably all + ;; be managed through `home-files-service-type'. + ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") + + ;; Default terminal-related applications (except Emacs, which is separate). + ("PAGER" . "less") + ;; Guix force-overrides $LESS by default, so force-force it to do what I + ;; want instead. `less' reads the `lesskey' file configured above. + ("GUIX_PAGER" . "env -u LESS less") + ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. + ("GROFF_NO_SGR" . "1") + + ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. + ("HISTSIZE" . "10000000") + + ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") + ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") + ("GTAGSLABEL" . "pygments") + + ;; Disable at-spi-dbus-launcher accessibility service. + ("NO_AT_BRIDGE" . "1") + + ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. + ("GUILE_AUTO_COMPILE" . "0") + + ;; For some reason, Guix doesn't seem to add these paths automatically. + ("GUILE_LOAD_PATH" . + ,(string-append + "$GUIX_PACKAGE_PATH:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) + ("GUILE_LOAD_COMPILED_PATH" . + ,(string-append + "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) + + ;; XDG basedir spec compliance for various programs + ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. + ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. + (simple-service + 'xdg-spec-compliance home-environment-variables-service-type + '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") + ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") + ("BUP_DIR" . "$XDG_DATA_HOME/bup") + ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") + ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") + ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") + ("FG_HOME" . "$XDG_DATA_HOME/fgfs") + ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") + ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") + ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") + ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") + ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") + ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") + ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") + ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. + ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 + ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") + ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") + ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") + ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") + ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") + ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") + ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") + ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") + ("STACK_ROOT" . "$XDG_DATA_HOME/stack") + ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") + ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") + ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") + ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") + ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") + ("_JAVA_OPTIONS" . + "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) + + (service + home-openssh-service-type + (home-openssh-configuration + (hosts + (let ((my-hosts/ports + '(("vin.twilken.net" . 50022) + ("vin.wg" . 50022) + ("pi3.twilken.net" . 51022) + ("pi3.wg" . 51022) + ("lud.twilken.net" . 22022) + ("lud.wg" . 22022) + ("matrix.twilken.net" . 22022))) + (git-hosts + '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) + (cern-ci-hosts/users + '(("alimonitor.cern.ch" . "alibuild") + ("alinsure.cern.ch" . "alibuild") + ("alibuildmac*.cern.ch" . "alibuild") + ("aido*osx*.cern.ch" . "alibuild") + ("alibuild*.cern.ch" . "root") + ("alissandra*.cern.ch" . "root") + ("alimesos*.cern.ch" . "root") + ("alientest*.cern.ch" . "root") + ("aliflow*.cern.ch" . "root") + ("alijenkins*.cern.ch" . "root")))) + + (define (cern-extra-content delegate-kerberos-credentials?) + (string-append "\ +# Kerberos authentication +GSSAPIAuthentication yes +GSSAPIDelegateCredentials " (if delegate-kerberos-credentials? "yes" "no") " +PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive +ProxyJump \"twilken@lxplus.cern.ch\" +")) + + ;; Earlier rules take precedence over later ones. + `(,(openssh-host (name "*.srcf.net") (user "tw466")) + ,(openssh-host (name "*.fritz.box") + (extra-content "ProxyJump lud.twilken.net")) + ,@(map (lambda (host port) + (openssh-host (name host) (port port) (user "timo"))) + (map car my-hosts/ports) + (map cdr my-hosts/ports)) + ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) + ;; BitBucket apparently only supports ssh-rsa. + ,(openssh-host (name "bitbucket.org") + (host-key-algorithms '("+ssh-rsa")) + (accepted-key-types '("+ssh-rsa"))) + ,(openssh-host (name "gitlab.cern.ch") + (port 7999) + (extra-content "ProxyJump none")) ; no jump needed + ;; Avoid ProxyJump loops. + ,(openssh-host (name "lxplus.cern.ch") + (extra-content "ProxyJump none")) + ,(openssh-host (name "twilkendesktop.cern.ch") + (port 22022) + (forward-x11? #t) + (extra-content (cern-extra-content #t))) + ,@(map (lambda (host user) + (openssh-host (name host) + (user user) + (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) + (map car cern-ci-hosts/users) + (map cdr cern-ci-hosts/users)) + ,(openssh-host (name "*.cern.ch") + (user "twilken") + (identity-file "~/.local/share/ssh-keys/cern_id_rsa") + (extra-content (cern-extra-content #f))) + ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' + ;; manages that and might delete keys there. + ,(openssh-host (name "*") + (identity-file "~/.local/share/ssh-keys/id_rsa") + ;; Remote servers probably don't know about xterm-kitty. + (extra-content "SetEnv TERM=xterm-256color"))))))))) |