;; This "home-environment" file can be passed to 'guix home reconfigure' ;; to reproduce the content of your profile. This is "symbolic": it only ;; specifies package names. To reproduce the exact same profile, you also ;; need to capture the channels being used, as returned by "guix describe". ;; See the "Replicating Guix" section in the manual. ;; See also, for some tips: ;; https://github.com/alezost/shepherd-config/blob/master/init.scm ;; TODO: Integrate upstream (ctp) configs into ~/guix-home using git submodules: ;; https://github.com/catppuccin/grub ; TODO: make this system-wide ;; https://github.com/catppuccin/tty ; system-wide ;; https://github.com/catppuccin/papirus-folders ;; https://github.com/catppuccin/Kvantum ;; https://github.com/catppuccin/fzf ;; https://github.com/catppuccin/obs ;; https://github.com/catppuccin/insomnia ;; https://github.com/catppuccin/neomutt ;; https://github.com/catppuccin/zathura ;; https://github.com/catppuccin/firefox ; for icecat ;; Manual installation needed? ;; https://github.com/catppuccin/dark-reader ;; https://github.com/catppuccin/github (use-modules (gnu home) (gnu home services) (gnu home services desktop) (gnu home services guix) (gnu home services pm) (gnu home services shells) (gnu home services shepherd) (gnu home services ssh) (gnu packages) (gnu services) (gnu services shepherd) (guix channels) (guix modules) (guix gexp)) (fluid-set! read-eval? #t) ; allow #. read expansions in this file ;; One of "latte" (light theme), "frappe", "macchiato", "mocha" (dark ;; themes); ordered brightest to darkest. ;; Set and use this at read time so that `local-file' gets a literal ;; argument. Anything else confuses it and causes it to search ;; relative to the working directory, not this file's directory. #.(define catppuccin-theme-variant "mocha") (define* (package-binary specification #:optional (binary specification)) "Get the path of BINARY inside the package referred to by SPECIFICATION." (file-append (specification->package specification) (string-append "/bin/" binary))) ;; See also: `file-join' in (gnu home services ssh). (define (combined-text-file name . files) "A file which is the concatenation of the contents of other files." ;; We need to use #$output for `computed-file' to work. ;; Of course this isn't documented anywhere! (computed-file name (with-imported-modules (source-module-closure '((guix build utils))) ; for `dump-port' #~(begin (use-modules (guix build utils)) (call-with-output-file #$output (lambda (oport) (for-each (lambda (in-file) (call-with-input-file in-file (lambda (iport) (dump-port iport oport)))) '#$files))))))) (define (text-file/substitutions name input-file . substitutions) "A file containing another file's content with regexp substitutions. Each item in SUBSTITUTIONS is a `cons' of a regular expression and a replacement spec (to which `regexp-substitute/global' is applied)." (computed-file name #~(begin (use-modules (ice-9 regex) (ice-9 textual-ports)) (call-with-output-file #$output (lambda (oport) (call-with-input-file #$input-file (lambda (iport) (let loop ((output (get-string-all iport)) (substitutions '#$substitutions)) (if (null? substitutions) (put-string oport output) (loop (call-with-output-string (lambda (sport) (apply regexp-substitute/global sport (caar substitutions) output (cdar substitutions)))) (cdr substitutions))))))))))) (define gui-packages '(;; i3 and Xorg. i3 itself must be installed system-wide for gdm to pick it up. ;; acpilight is a drop-in xbacklight replacement, as xbacklight doesn't work on my system. "acpilight" "arandr" "blueman" "dunst" "gnupg" "gimp" "hsetroot" "inkscape" "icecat" "kdeconnect" "libreoffice" "mpv" "nheko" "password-store" "pass-otp" "polybar" "rofi" "rofi-calc" "signal-desktop" "simple-scan" "xdg-utils" "xdot" "xclip" "xdotool" "xdpyinfo" "xev" "xfd" "xfontsel" "xinput" "xkill" "xprop" "xrandr" "xrdb" "xsel" "xset" "xwininfo" "zoom" "zathura" "zathura-ps" "zathura-pdf-poppler" "dconf" "dconf-editor" ; required for config by blueman, cozy, ... ;; "gnome-keyring" ; installed system-wide; see system-configuration.scm ;; "geoclue" ; for redshift -- installed system-wide ;; Games "freeciv" "warzone2100" "widelands" ; "0ad" "pioneer" ;; Fonts "font-hermit" "font-inconsolata" "font-fira-code" "font-fira-sans" "font-libertinus" "font-openmoji" ;; Theming "papirus-icon-theme" ;; My own packages -- needs GUIX_PACKAGE_PATH to be set; see below. "catppuccin-gtk-theme" "catppuccin-mocha-dark-cursors" "simutrans")) (define (polybar-service monitor) (shepherd-service (documentation (string-append "Polybar desktop bar for monitor" monitor ".")) (provision (list (string->symbol (string-append "polybar-" monitor)))) (start #~(make-forkexec-constructor (list #$(package-binary "polybar")) #:environment-variables (cons #$(string-append "POLYBAR_MONITOR=" monitor) (default-environment-variables)))) (stop #~(make-kill-destructor)))) (define gui-services (list ;; Batsignal: battery level notifications. (service home-batsignal-service-type (home-batsignal-configuration (batteries '("BAT0")))) ;; Redshift: make the screen turn redder at night. (service home-redshift-service-type (home-redshift-configuration ;; See info '(guix)Desktop Home Services'. (location-provider 'manual) ;; Approximate location (latitude 46.0) (longitude 6.0) ;; (location-provider 'geoclue2) ; currently waits forever for a location -- not sure why geoclue doesn't work ;; (daytime-temperature 6500) ; default 6500 ;; (nighttime-temperature 4500) ; default 4500 (daytime-brightness 1.0) (nighttime-brightness 0.7) (extra-content "fade=0"))) ; with fade=1, restarting redshift causes flickering for a few secs ;; The dbus service doesn't seem to be added automatically. (service home-dbus-service-type (home-dbus-configuration)) (simple-service 'gui-services home-shepherd-service-type (list (shepherd-service (documentation "KDE connect applet.") (provision '(kdeconnect-applet)) (requirement '(kdeconnectd)) (start #~(make-forkexec-constructor (list #$(package-binary "kdeconnect" "kdeconnect-indicator")))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "KDE connect daemon.") (provision '(kdeconnectd)) (start #~(make-forkexec-constructor (list #$(file-append (specification->package "kdeconnect") (string-append "/libexec/kdeconnectd"))))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "Blueman applet; provides a GUI for connection to bluetooth devices.") (provision '(blueman-applet)) (start #~(make-forkexec-constructor (list #$(package-binary "blueman" "blueman-applet")))) (stop #~(make-kill-destructor))) (polybar-service "eDP-1") (polybar-service "HDMI-1-1") (shepherd-service (documentation "Dunst notification daemon; displays desktop notifications.") (provision '(dunst)) (start #~(make-forkexec-constructor (list #$(package-binary "dunst")))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "Picom compositor; enables transparent windows in X.") (provision '(picom)) (start #~(make-forkexec-constructor (list #$(package-binary "picom") "--experimental-backends" "--config" #$(local-file "picom.conf")))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "Source Xresources on login.") (provision '(xrdb)) (one-shot? #t) (start #~(lambda _ (invoke #$(package-binary "xrdb") "-merge" (string-append (getenv "XDG_CONFIG_HOME") "/X11/Xresources"))))) ;; By default, xdotool gets most of "#@\|~()<>[]{} wrong. Make ;; it use the correct keymap by re-setting the same one again. (shepherd-service (documentation "Fix X keyboard map on login; passmenu needs this.") (provision '(fix-xdotool)) (one-shot? #t) (start #~(lambda _ (use-modules (ice-9 rdelim) (ice-9 regex) (ice-9 popen)) (let ((port (open-pipe* OPEN_READ #$(package-binary "setxkbmap") "-query"))) (let loop ((line (read-line port))) (unless (eof-object? line) (let ((mtch (string-match "^layout:[[:space:]]*" line))) (if mtch (system* #$(package-binary "setxkbmap") (match:suffix mtch)) (loop (read-line port)))))))))) (shepherd-service (documentation "Set up X displays on login.") (provision '(xorg-setup)) (one-shot? #t) (start #~(lambda _ (invoke #$(package-binary "numlockx") "on") ;; Turn off the monitors if there is no input for 10 minutes. (invoke #$(package-binary "xset") "dpms" "600" "600" "600") (invoke #$(package-binary "xrandr") "--output" "eDP-1" "--auto" ;; Don't use --auto for this monitor. That ;; configures it at 60 Hz, which causes ;; it to briefly turn off every few minutes. "--output" "HDMI-1-1" "--mode" "2560x1440" "--rate" "120.00" "--right-of" "eDP-1") ;; Set the desktop background picture. Hopefully doing this just after ;; xrandr works and sets it for both screens. (invoke #$(package-binary "hsetroot") "-cover" (string-append (getenv "HOME") "/pictures/Backgrounds/greece/IMG_20181201_104748_DRO.jpg"))))))) ;; Configuration files for GUI programs in $XDG_CONFIG_HOME. (simple-service 'gui-config home-xdg-configuration-files-service-type `(("dunst/dunstrc" ,(local-file "dunstrc")) ("dunst/dunstrc.d/50-catppuccin.conf" ,(local-file #.(string-append "catppuccin/dunst/src/" catppuccin-theme-variant ".conf") "dunst-theme.conf")) ("emacs/include" ,(local-file "emacs-packages" #:recursive? #t)) ("emacs/init.el" ,(local-file "emacs-init.el")) (#.(string-append "emacs/catppuccin-" catppuccin-theme-variant "-theme.el") ,(local-file #.(string-append "catppuccin/emacs/catppuccin-" catppuccin-theme-variant "-theme.el"))) ("gtk-2.0/gtkrc" ,(local-file "gtk2.ini")) ("gtk-3.0/settings.ini" ,(local-file "gtk3.ini")) ("i3/config" ,(local-file "i3.conf")) ("kdeglobals" ; TODO: this works for some programs (e.g. kdeconnect-app), ; but not for others (e.g. nheko, kdeconnect-settings)... ,(local-file #.(let ((variant (string-upcase catppuccin-theme-variant 0 1))) (string-append "catppuccin/kde/" variant "/Catppuccin" variant ".colors")))) ("kitty/diff.conf" ,(local-file #.(string-append "catppuccin/kitty/diff-" catppuccin-theme-variant ".conf") "kitty-diff-theme.conf")) ("kitty/kitty.conf" ,(combined-text-file "kitty.conf" (local-file "kitty.conf") (local-file #.(string-append "catppuccin/kitty/" catppuccin-theme-variant ".conf") "kitty-theme.conf"))) ("polybar/config.ini" ,(local-file "polybar.ini")) ("polybar/catppuccin.ini" ,(local-file #.(string-append "catppuccin/polybar/themes/" catppuccin-theme-variant ".ini"))) ("rofi/config.rasi" ,(local-file "rofi.rasi")) ("rofi/themes/catppuccin.rasi" ,(text-file/substitutions "catppuccin.rasi" (local-file #.(string-append "catppuccin/rofi/basic/.local/share/rofi/themes/catppuccin-" catppuccin-theme-variant ".rasi")) '("JetBrainsMono Nerd Font 14" pre "Fira Sans 12" post) ; default font '("border-col: #[0-9a-f]*;" pre "border-col: #585b70;" post))) ; i3 border colour ("zathura/zathurarc" ,(local-file "zathurarc")) ("zathura/catppuccin" ,(local-file #.(string-append "catppuccin/zathura/src/catppuccin-" catppuccin-theme-variant))))) (simple-service 'gui-files home-files-service-type `((".icons/default/index.theme" ,(local-file "cursors.ini")))) (simple-service 'gui-environment-variables home-environment-variables-service-type `(("TERMINAL" . "kitty") ("_JAVA_OPTIONS" . ,(string-append "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true " "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel " "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel")) ;; Smooth trackpad scrolling in Firefox/Icecat. ;; https://wiki.archlinux.org/index.php/Firefox/Tweaks#Pixel-perfect_trackpad_scrolling ("MOZ_USE_XINPUT2" . "1"))) (simple-service 'gui-scripts home-files-service-type `(;; https://sw.kovidgoyal.net/kitty/kittens/diff/ (".local/bin/kdiff" ; show a diff ,(program-file "kdiff" #~(apply execl #$(package-binary "kitty") "kitty" "+kitten" "diff" (cdr (command-line))))) (".local/bin/icat" ; kitty's "catimg" equivalent ,(program-file "icat" #~(apply execl #$(package-binary "kitty") "kitty" "+kitten" "icat" (cdr (command-line))))) ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. (".local/bin/sessionmenu" ,(local-file "sessionmenu" #:recursive? #t)) ; rofi logout/reboot menu (".local/bin/passmenu" ,(local-file "passmenu" #:recursive? #t)) ; rofi passwords menu (".local/bin/volume" ,(local-file "volume" #:recursive? #t)))))) ; set volume on key press (home-environment (packages ;; These packages will show up in the home profile, under ~/.guix-home/profile. `(;; Install only bind-utils like dig, not the full suite. (,(specification->package "bind") "utils") ,@(specifications->packages gui-packages) ,@(specifications->packages '(;; CLI tools "adb" "beets" "curl" "dos2unix" "fdupes" "file" "fzf" "git" "gnuplot" "graphviz" "hledger" "imagemagick" "jq" "lesspipe" "nvme-cli" "openssh" "powertop" "pulsemixer" "pv" "python" "python-ipython" "recutils" "rsync" "sbcl" "smartmontools" "source-highlight" "tk" "tmux" "tree" "xxd" "zip" "unzip" "get-iplayer" "ffmpeg" "atomicparsley" "yt-dlp" "neomutt" "mailcap" "lynx" ; mail (lynx for HTML mail) ;; Ranger can do code highlighting using python-pygments and ;; image previews in kitty using python-pillow. "ranger" "python-pygments" "python-pillow" "mediainfo" "python-pdftotext" "xcwd" ; my own package ;; Work "s3cmd" "python-alibuild" ; "python-alidistlint" ;; Development & language servers "make" "clang" ; for clangd "python-lsp-server" ;; Supported OotB by eglot, but not packaged by guix: ;; https://github.com/mads-hartmann/bash-language-server ;; https://github.com/regen100/cmake-language-server ;; https://github.com/hrsh7th/vscode-langservers-extracted ; {html,css,json}-languageserver ;; https://github.com/golang/tools/tree/master/gopls ; maybe? ;; https://github.com/artempyanykh/marksman ; Markdown ;; https://github.com/jeapostrophe/racket-langserver ;; https://github.com/astoff/digestif ; (La)TeX ;; https://github.com/redhat-developer/yaml-language-server ;; Needs eglot config + not packaged (from lsp-mode): ;; https://github.com/graphql/graphiql/tree/main/packages/graphql-language-service-cli#readme ;; https://github.com/haskell/haskell-language-server / https://github.com/haskell/ghcide ;; https://github.com/eclipse/lemminx ;; Emacs "emacs" "emacs-use-package" "emacs-eglot" "emacs-counsel" "emacs-counsel-dash" "sqlite" ; emacs-counsel-dash requires the sqlite3 binary "emacs-ivy" "emacs-ivy-posframe" "emacs-company" "emacs-company-quickhelp" "emacs-company-posframe" "emacs-autothemer" ; for catppuccin/emacs "emacs-undo-tree" "emacs-aggressive-indent" "emacs-which-key" "emacs-smart-mode-line" "emacs-diminish" "emacs-rainbow-mode" "emacs-guix" ;; TODO: "emacs-editorconfig" "emacs-sly" "emacs-sly-macrostep" "emacs-org" ; "emacs-org-modern" theme? "emacs-evil" "emacs-evil-collection" "emacs-evil-expat" ; for :reverse, :remove, :rename, :colo, :g*, ... ex commands "emacs-evil-surround" ;; "emacs-evil-owl" ; tests failing "emacs-evil-args" "emacs-evil-numbers" "emacs-evil-multiedit" "emacs-evil-goggles" "emacs-evil-traces" "emacs-evil-commentary" "emacs-evil-replace-with-register" "emacs-evil-org" "emacs-evil-markdown" "emacs-evil-tex" "emacs-evil-text-object-python" "emacs-geiser" "emacs-geiser-racket" "emacs-geiser-guile" "emacs-ledger-mode" ; "emacs-hledger-mode" "emacs-flymake-collection" ; "emacs-flymake-flycheck" ; if needed "emacs-cmake-mode" "emacs-graphviz-dot-mode" "emacs-hcl-mode" "emacs-mmm-mode" "emacs-puppet-mode" "emacs-web-mode" "emacs-rec-mode" "emacs-yaml-mode" "shellcheck" ;; Shell "zsh" "zsh-autosuggestions" "zsh-syntax-highlighting" "zsh-autopair" "zsh-completions")))) ; my own package ;; To search for available home services, run 'guix home search KEYWORD'. (services (cons* ;; User shepherd services. (simple-service 'terminal-services home-shepherd-service-type (list (shepherd-service (documentation "Emacs server; connect using emacsclient.") (provision '(emacs)) (start #~(make-forkexec-constructor (list #$(package-binary "emacs") "--fg-daemon"))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "GPG agent; caches key passwords.") (provision '(gpg-agent)) (start #~(lambda _ (invoke #$(package-binary "gnupg" "gpg-agent") "--daemon" "--no-detach"))) (stop #~(lambda _ (invoke "gpg-connect-agent" "killagent" "/bye")))))) ;; Configuration files for terminal-only programs in $XDG_CONFIG_HOME. (service home-xdg-configuration-files-service-type `(;; All alibuild needs is an empty file. ("alibuild/disable-analytics" ,(plain-file "alibuild-disable-analytics" "")) ("git/config" ,(local-file "gitconfig")) ("htop/htoprc" ,(local-file "htoprc")) ("mutt/muttrc" ,(local-file "muttrc")) ("mutt/catppuccin.muttrc" ,(local-file #.(if (string=? catppuccin-theme-variant "latte") "catppuccin/neomutt/latte-neomuttrc" "catppuccin/neomutt/neomuttrc"))) ("lesskey" ,(local-file "lesskey")) ("ranger/rc.conf" ,(local-file "ranger.conf")) ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. ("user-dirs.dirs" ,(local-file "user-dirs.dirs")) ("X11/XCompose" ,(local-file "XCompose")) ; see also: $XCOMPOSEFILE variable ("X11/Xresources" ,(local-file "Xresources")))) (simple-service 'terminal-files home-files-service-type `((".mailcap" ,(local-file "mailcap")) ;; The file from git main is newer than the one bundled with the ;; packaged neomutt version and contains a few fixes. (".local/bin/mutt_oauth2.py" ,(local-file "neomutt/contrib/oauth2/mutt_oauth2.py" #:recursive? #t)) ;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, ;; so we can't use `home-xdg-configuration-files-service-type'. (".local/share/gnupg/gpg.conf" ,(local-file "gpg.conf")) (".local/share/gnupg/gpg-agent.conf" ,(mixed-text-file "gpg-agent.conf" "\ pinentry-program " (package-binary "pinentry-rofi") " # Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 auto-expand-secmem ")))) (service home-zsh-service-type (home-zsh-configuration (zshrc (list (local-file "zshrc") (local-file "prompt.zsh"))))) (simple-service 'terminal-environment-variables home-environment-variables-service-type `(;; Path to my own package definitions. If invoking `guix home' ;; afresh, this needs to be set manually to find these packages. ("GUIX_PACKAGE_PATH" . "$HOME/src/packages/guix") ;; Prepend my own binaries to $PATH. These should probably all ;; be managed through `home-files-service-type'. ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") ;; Default terminal-related applications ("EDITOR" . "emacsclient -qc") ;; Tell emacsclient to return immediately after opening the ;; file. I can't put this in $EDITOR as many programs expect ;; $EDITOR to exit only when the user is done editing. ("ASYNC_EDITOR" . "emacsclient -qcn") ("PAGER" . "less") ;; Guix force-overrides $LESS by default, so force-force it to do what I want instead. ;; `less' reads the `lesskey' file configured above. ("GUIX_PAGER" . "env -u LESS less") ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. ("GROFF_NO_SGR" . "1") ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too ("HISTSIZE" . "10000000") ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") ("GTAGSLABEL" . "pygments") ;; Disable at-spi-dbus-launcher accessibility service. ("NO_AT_BRIDGE" . "1") ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. ("GUILE_AUTO_COMPILE" . "0") ;; For some reason, Guix doesn't seem to add these paths automatically. ("GUILE_LOAD_PATH" . ,(string-append "$GUIX_PACKAGE_PATH:" "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) ("GUILE_LOAD_COMPILED_PATH" . ,(string-append "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) ;; XDG basedir spec compliance for various programs ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. (simple-service 'xdg-spec-compliance home-environment-variables-service-type '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") ("BUP_DIR" . "$XDG_DATA_HOME/bup") ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") ("FG_HOME" . "$XDG_DATA_HOME/fgfs") ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") ("STACK_ROOT" . "$XDG_DATA_HOME/stack") ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") ("_JAVA_OPTIONS" . "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) (service home-openssh-service-type (home-openssh-configuration (hosts (let ((my-hosts/ports '(("vin.twilken.net" . 50022) ("vin.wg" . 50022) ("pi3.twilken.net" . 51022) ("pi3.wg" . 51022) ("lud.twilken.net" . 22022) ("lud.wg" . 22) ("matrix.twilken.net" . 22022))) (git-hosts '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) (cern-ci-hosts/users '(("alimonitor.cern.ch" . "alibuild") ("alinsure.cern.ch" . "alibuild") ("alibuildmac*.cern.ch" . "alibuild") ("aido*osx*.cern.ch" . "alibuild") ("alibuild*.cern.ch" . "root") ("alissandra*.cern.ch" . "root") ("alimesos*.cern.ch" . "root") ("alientest*.cern.ch" . "root") ("aliflow*.cern.ch" . "root") ("alijenkins*.cern.ch" . "root")))) (define (cern-extra-content delegate-kerberos-credentials?) (string-append "\ # Kerberos authentication GSSAPIAuthentication yes GSSAPIDelegateCredentials " (if delegate-kerberos-credentials? "yes" "no") " PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive ProxyJump \"twilken@lxplus.cern.ch\" ")) ;; Earlier rules take precedence over later ones. `(,(openssh-host (name "*.srcf.net") (user "tw466")) ,(openssh-host (name "*.fritz.box") (extra-content "ProxyJump lud.twilken.net")) ,@(map (lambda (host port) (openssh-host (name host) (port port) (user "timo"))) (map car my-hosts/ports) (map cdr my-hosts/ports)) ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) ;; BitBucket apparently only supports ssh-rsa. ,(openssh-host (name "bitbucket.org") (host-key-algorithms '("+ssh-rsa")) (accepted-key-types '("+ssh-rsa"))) ,(openssh-host (name "gitlab.cern.ch") (port 7999) (extra-content "ProxyJump none")) ; no jump needed ;; Avoid ProxyJump loops. ,(openssh-host (name "lxplus.cern.ch") (extra-content "ProxyJump none")) ,(openssh-host (name "twilkendesktop.cern.ch") (port 22022) (forward-x11? #t) (extra-content (cern-extra-content #t))) ,@(map (lambda (host user) (openssh-host (name host) (user user) (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) (map car cern-ci-hosts/users) (map cdr cern-ci-hosts/users)) ,(openssh-host (name "*.cern.ch") (user "twilken") (identity-file "~/.local/share/ssh-keys/cern_id_rsa") (extra-content (cern-extra-content #f))) ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' ;; manages that and might delete keys there. ,(openssh-host (name "*") (identity-file "~/.local/share/ssh-keys/id_rsa") ;; Remote servers probably don't know about xterm-kitty. (extra-content "SetEnv TERM=xterm-256color"))))))) (simple-service ; this can't be a `service' as that would remove the 'guix channel 'nonfree-channels home-channels-service-type (list ;; Nonguix is also needed system-wide for non-free drivers! (channel (name 'nonguix) (url "https://gitlab.com/nonguix/nonguix") ;; Enable signature verification: (introduction (make-channel-introduction "897c1a470da759236cc11798f4e0a5f7d4d59fbc" (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) (channel (name 'guix-gaming-games) (url "https://gitlab.com/guix-gaming-channels/games") ;; Enable signature verification: (introduction (make-channel-introduction "c23d64f1b8cc086659f8781b27ab6c7314c5cca5" (openpgp-fingerprint "50F3 3E2E 5B0C 3D90 0424 ABE8 9BDC F497 A4BB CC7F")))))) gui-services)))