diff options
Diffstat (limited to 'tw/home/common.scm')
| -rw-r--r-- | tw/home/common.scm | 355 |
1 files changed, 174 insertions, 181 deletions
diff --git a/tw/home/common.scm b/tw/home/common.scm index b01ce218..b90d4bc5 100644 --- a/tw/home/common.scm +++ b/tw/home/common.scm @@ -35,157 +35,150 @@ (define-public common-services (list (service home-zsh-service-type - (home-zsh-configuration - (zshrc (list (local-file "files/zshrc") - (local-file "files/prompt.zsh"))))) - - (simple-service - 'common-config home-xdg-configuration-files-service-type - `(("git/config" ,(local-file "files/gitconfig")) - ("htop/htoprc" ,(local-file "files/htoprc")) - ("lesskey" ,(local-file "files/lesskey")) - ("ranger/rc.conf" ,(local-file "files/ranger.conf")) - ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. - ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) - - (simple-service - 'common-scripts home-files-service-type - ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. - `((".local/bin/ppscm" ,(local-file "files/ppscm" #:recursive? #t)))) ; pretty-print scheme files - - (simple-service - 'gnupg-config home-files-service-type - `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, - ;; so we can't use `home-xdg-configuration-files-service-type'. - (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) - (".local/share/gnupg/gpg-agent.conf" - ,(mixed-text-file "gpg-agent.conf" "\ + (home-zsh-configuration + (zshrc (list (local-file "files/zshrc") + (local-file "files/prompt.zsh"))))) + + (simple-service 'common-config home-xdg-configuration-files-service-type + `(("git/config" ,(local-file "files/gitconfig")) + ("htop/htoprc" ,(local-file "files/htoprc")) + ("lesskey" ,(local-file "files/lesskey")) + ("ranger/rc.conf" ,(local-file "files/ranger.conf")) + ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. + ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) + + (simple-service 'common-scripts home-files-service-type + ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. + `((".local/bin/ppscm" ,(local-file "files/ppscm" #:recursive? #t)))) ; pretty-print scheme files + + (simple-service 'gnupg-config home-files-service-type + `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, + ;; so we can't use `home-xdg-configuration-files-service-type'. + (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) + (".local/share/gnupg/gpg-agent.conf" + ,(mixed-text-file "gpg-agent.conf" "\ pinentry-program " (file-append pinentry-rofi "/bin/pinentry-rofi") " # Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 auto-expand-secmem ")))) - (simple-service - 'gnupg-agent home-shepherd-service-type - (list - (shepherd-service - (documentation "GPG agent; caches key passwords.") - (provision '(gpg-agent)) - (start #~(lambda _ - (invoke #$(file-append gnupg "/bin/gpg-agent") - "--daemon" "--no-detach"))) - (stop #~(lambda _ - (invoke "gpg-connect-agent" "killagent" "/bye")))))) - - (simple-service - 'common-environment home-environment-variables-service-type - `(;; Path to my own package definitions. If invoking `guix home' - ;; afresh, this needs to be set manually to find these packages. - ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") - - ;; Prepend my own binaries to $PATH. These should probably all - ;; be managed through `home-files-service-type'. - ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") - - ;; Default terminal-related applications (except Emacs, which is separate). - ("PAGER" . "less") - ;; Guix force-overrides $LESS by default, so force-force it to do what I - ;; want instead. `less' reads the `lesskey' file configured above. - ("GUIX_PAGER" . "env -u LESS less") - ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. - ("GROFF_NO_SGR" . "1") - - ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. - ("HISTSIZE" . "10000000") - - ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") - ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") - ("GTAGSLABEL" . "pygments") - - ;; Disable at-spi-dbus-launcher accessibility service. - ("NO_AT_BRIDGE" . "1") - - ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. - ("GUILE_AUTO_COMPILE" . "0") - - ;; For some reason, Guix doesn't seem to add these paths automatically. - ("GUILE_LOAD_PATH" . - ,(string-append - "$GUIX_PACKAGE_PATH:" - "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" - "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) - ("GUILE_LOAD_COMPILED_PATH" . - ,(string-append - "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" - "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" - "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) + (simple-service 'gnupg-agent home-shepherd-service-type + (list + (shepherd-service + (documentation "GPG agent; caches key passwords.") + (provision '(gpg-agent)) + (start #~(lambda _ + (invoke #$(file-append gnupg "/bin/gpg-agent") + "--daemon" "--no-detach"))) + (stop #~(lambda _ + (invoke "gpg-connect-agent" "killagent" "/bye")))))) + + (simple-service 'common-environment home-environment-variables-service-type + `(;; Path to my own package definitions. If invoking `guix home' + ;; afresh, this needs to be set manually to find these packages. + ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") + + ;; Prepend my own binaries to $PATH. These should probably all + ;; be managed through `home-files-service-type'. + ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") + + ;; Default terminal-related applications (except Emacs, which is separate). + ("PAGER" . "less") + ;; Guix force-overrides $LESS by default, so force-force it to do what I + ;; want instead. `less' reads the `lesskey' file configured above. + ("GUIX_PAGER" . "env -u LESS less") + ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. + ("GROFF_NO_SGR" . "1") + + ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. + ("HISTSIZE" . "10000000") + + ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") + ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") + ("GTAGSLABEL" . "pygments") + + ;; Disable at-spi-dbus-launcher accessibility service. + ("NO_AT_BRIDGE" . "1") + + ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. + ("GUILE_AUTO_COMPILE" . "0") + + ;; For some reason, Guix doesn't seem to add these paths automatically. + ("GUILE_LOAD_PATH" . + ,(string-append + "$GUIX_PACKAGE_PATH:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) + ("GUILE_LOAD_COMPILED_PATH" . + ,(string-append + "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) ;; XDG basedir spec compliance for various programs ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. - (simple-service - 'xdg-spec-compliance home-environment-variables-service-type - '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") - ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") - ("BUP_DIR" . "$XDG_DATA_HOME/bup") - ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") - ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") - ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") - ("FG_HOME" . "$XDG_DATA_HOME/fgfs") - ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") - ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") - ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") - ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") - ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") - ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") - ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") - ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. - ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 - ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") - ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") - ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") - ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") - ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") - ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") - ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") - ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") - ("STACK_ROOT" . "$XDG_DATA_HOME/stack") - ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") - ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") - ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") - ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") - ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") - ("_JAVA_OPTIONS" . - "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) - - (service - home-openssh-service-type - (home-openssh-configuration - (hosts - (let ((my-hosts/ports - '(("vin.twilken.net" . 50022) - ("vin.wg" . 50022) - ("pi3.twilken.net" . 51022) - ("pi3.wg" . 51022) - ("lud.twilken.net" . 22022) - ("lud.wg" . 22022) - ("matrix.twilken.net" . 22022))) - (git-hosts - '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) - (cern-ci-hosts/users - '(("alimonitor.cern.ch" . "alibuild") - ("alinsure.cern.ch" . "alibuild") - ("alibuildmac*.cern.ch" . "alibuild") - ("aido*osx*.cern.ch" . "alibuild") - ("alibuild*.cern.ch" . "root") - ("alissandra*.cern.ch" . "root") - ("alimesos*.cern.ch" . "root") - ("alientest*.cern.ch" . "root") - ("aliflow*.cern.ch" . "root") - ("alijenkins*.cern.ch" . "root")))) - - (define (cern-extra-content delegate-kerberos-credentials?) - (string-append "\ + (simple-service 'xdg-spec-compliance home-environment-variables-service-type + '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") + ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") + ("BUP_DIR" . "$XDG_DATA_HOME/bup") + ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") + ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") + ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") + ("FG_HOME" . "$XDG_DATA_HOME/fgfs") + ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") + ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") + ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") + ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") + ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") + ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") + ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") + ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. + ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 + ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") + ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") + ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") + ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") + ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") + ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") + ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") + ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") + ("STACK_ROOT" . "$XDG_DATA_HOME/stack") + ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") + ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") + ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") + ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") + ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") + ("_JAVA_OPTIONS" . + "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) + + (service home-openssh-service-type + (home-openssh-configuration + (hosts + (let ((my-hosts/ports + '(("vin.twilken.net" . 50022) + ("vin.wg" . 50022) + ("pi3.twilken.net" . 51022) + ("pi3.wg" . 51022) + ("lud.twilken.net" . 22022) + ("lud.wg" . 22022) + ("matrix.twilken.net" . 22022))) + (git-hosts + '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) + (cern-ci-hosts/users + '(("alimonitor.cern.ch" . "alibuild") + ("alinsure.cern.ch" . "alibuild") + ("alibuildmac*.cern.ch" . "alibuild") + ("aido*osx*.cern.ch" . "alibuild") + ("alibuild*.cern.ch" . "root") + ("alissandra*.cern.ch" . "root") + ("alimesos*.cern.ch" . "root") + ("alientest*.cern.ch" . "root") + ("aliflow*.cern.ch" . "root") + ("alijenkins*.cern.ch" . "root")))) + + (define (cern-extra-content delegate-kerberos-credentials?) + (string-append "\ # Kerberos authentication GSSAPIAuthentication yes GSSAPIDelegateCredentials " (if delegate-kerberos-credentials? "yes" "no") " @@ -193,42 +186,42 @@ PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboar ProxyJump \"twilken@lxplus.cern.ch\" ")) - ;; Earlier rules take precedence over later ones. - `(,(openssh-host (name "*.srcf.net") (user "tw466")) - ,(openssh-host (name "*.fritz.box") - (extra-content "ProxyJump lud.twilken.net")) - ,@(map (lambda (host port) - (openssh-host (name host) (port port) (user "timo"))) - (map car my-hosts/ports) - (map cdr my-hosts/ports)) - ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) - ;; BitBucket apparently only supports ssh-rsa. - ,(openssh-host (name "bitbucket.org") - (host-key-algorithms '("+ssh-rsa")) - (accepted-key-types '("+ssh-rsa"))) - ,(openssh-host (name "gitlab.cern.ch") - (port 7999) - (extra-content "ProxyJump none")) ; no jump needed - ;; Avoid ProxyJump loops. - ,(openssh-host (name "lxplus.cern.ch") - (extra-content "ProxyJump none")) - ,(openssh-host (name "twilkendesktop.cern.ch") - (port 22022) - (forward-x11? #t) - (extra-content (cern-extra-content #t))) - ,@(map (lambda (host user) - (openssh-host (name host) - (user user) - (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) - (map car cern-ci-hosts/users) - (map cdr cern-ci-hosts/users)) - ,(openssh-host (name "*.cern.ch") - (user "twilken") - (identity-file "~/.local/share/ssh-keys/cern_id_rsa") - (extra-content (cern-extra-content #f))) - ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' - ;; manages that and might delete keys there. - ,(openssh-host (name "*") - (identity-file "~/.local/share/ssh-keys/id_rsa") - ;; Remote servers probably don't know about xterm-kitty. - (extra-content "SetEnv TERM=xterm-256color"))))))))) + ;; Earlier rules take precedence over later ones. + `(,(openssh-host (name "*.srcf.net") (user "tw466")) + ,(openssh-host (name "*.fritz.box") + (extra-content "ProxyJump lud.twilken.net")) + ,@(map (lambda (host port) + (openssh-host (name host) (port port) (user "timo"))) + (map car my-hosts/ports) + (map cdr my-hosts/ports)) + ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) + ;; BitBucket apparently only supports ssh-rsa. + ,(openssh-host (name "bitbucket.org") + (host-key-algorithms '("+ssh-rsa")) + (accepted-key-types '("+ssh-rsa"))) + ,(openssh-host (name "gitlab.cern.ch") + (port 7999) + (extra-content "ProxyJump none")) ; no jump needed + ;; Avoid ProxyJump loops. + ,(openssh-host (name "lxplus.cern.ch") + (extra-content "ProxyJump none")) + ,(openssh-host (name "twilkendesktop.cern.ch") + (port 22022) + (forward-x11? #t) + (extra-content (cern-extra-content #t))) + ,@(map (lambda (host user) + (openssh-host (name host) + (user user) + (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) + (map car cern-ci-hosts/users) + (map cdr cern-ci-hosts/users)) + ,(openssh-host (name "*.cern.ch") + (user "twilken") + (identity-file "~/.local/share/ssh-keys/cern_id_rsa") + (extra-content (cern-extra-content #f))) + ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' + ;; manages that and might delete keys there. + ,(openssh-host (name "*") + (identity-file "~/.local/share/ssh-keys/id_rsa") + ;; Remote servers probably don't know about xterm-kitty. + (extra-content "SetEnv TERM=xterm-256color"))))))))) |