(define-module (tw home common) #:use-module (gnu) #:use-module (gnu home services) #:use-module (gnu home services shells) #:use-module (gnu home services shepherd) #:use-module (gnu home services ssh) #:use-module (guix gexp) #:use-module (tw packages shell)) (use-package-modules admin compression curl databases disk dns file finance gnupg graphviz imagemagick less linux lisp maths password-utils pretty-print pv python python-xyz rsync shells shellutils ssh textutils tmux version-control video vim web) (define-public common-packages (list curl dos2unix fdupes file git gnupg gnuplot graphviz hledger imagemagick jq less lesspipe net-tools openssh password-store pass-otp pv python python-ipython recutils rsync sbcl smartmontools source-highlight tmux tree xxd zip unzip get-iplayer ffmpeg atomicparsley yt-dlp ;; Install only bind-utils like dig, not the full suite. (list isc-bind "utils") ;; Ranger can do code highlighting using python-pygments and ;; image previews in kitty using python-pillow. ranger python-pygments python-pillow mediainfo python-pdftotext ;; Shell zsh zsh-autosuggestions zsh-syntax-highlighting zsh-autopair zsh-completions)) (export gnupg-services) ; there doesn't seem to be a `define*-public' macro (define* (gnupg-services #:key gui-pinentry?) (list (simple-service 'gnupg-config home-files-service-type `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, ;; so we can't use `home-xdg-configuration-files-service-type'. (".local/share/gnupg/gpg.conf" ,(local-file "files/gpg.conf")) (".local/share/gnupg/gpg-agent.conf" ,(mixed-text-file "gpg-agent.conf" "\ pinentry-program " (if gui-pinentry? (file-append pinentry-rofi "/bin/pinentry-rofi") (file-append pinentry-tty "/bin/pinentry-tty")) " # Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 auto-expand-secmem ")))) (simple-service 'gnupg-agent home-shepherd-service-type (list (shepherd-service (documentation "GPG agent; caches key passwords.") (provision '(gpg-agent)) (start #~(lambda _ (invoke #$(file-append gnupg "/bin/gpg-agent") "--daemon" "--no-detach"))) (stop #~(lambda _ (invoke "gpg-connect-agent" "killagent" "/bye")))))))) (define-public common-services (list (service home-zsh-service-type (home-zsh-configuration (zshrc (list (local-file "files/zshrc") (local-file "files/prompt.zsh"))))) (simple-service 'common-config home-xdg-configuration-files-service-type `(("git/config" ,(local-file "files/gitconfig")) ("htop/htoprc" ,(local-file "files/htoprc")) ("lesskey" ,(local-file "files/lesskey")) ("ranger/rc.conf" ,(local-file "files/ranger.conf")) ("tmux/tmux.conf" ,(local-file "files/tmux.conf")) ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. ("user-dirs.dirs" ,(local-file "files/user-dirs.dirs")))) (simple-service 'common-scripts home-files-service-type ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. `((".local/bin/ppscm" ,(local-file "files/ppscm" #:recursive? #t)))) ; pretty-print scheme files (simple-service 'common-environment home-environment-variables-service-type `(;; Path to my own package definitions. If invoking `guix home' ;; afresh, this needs to be set manually to find these packages. ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") ;; Prepend my own binaries to $PATH. These should probably all ;; be managed through `home-files-service-type'. ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") ;; Default terminal-related applications (except Emacs, which is separate). ("PAGER" . "less") ;; Guix force-overrides $LESS by default, so force-force it to do what I ;; want instead. `less' reads the `lesskey' file configured above. ("GUIX_PAGER" . "env -u LESS less") ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. ("GROFF_NO_SGR" . "1") ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. ("HISTSIZE" . "10000000") ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") ("GTAGSLABEL" . "pygments") ;; Disable at-spi-dbus-launcher accessibility service. ("NO_AT_BRIDGE" . "1") ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. ("GUILE_AUTO_COMPILE" . "0") ;; For some reason, Guix doesn't seem to add these paths automatically. ("GUILE_LOAD_PATH" . ,(string-append "$GUIX_PACKAGE_PATH:" "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) ("GUILE_LOAD_COMPILED_PATH" . ,(string-append "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) ;; XDG basedir spec compliance for various programs ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. (simple-service 'xdg-spec-compliance home-environment-variables-service-type '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") ("BUP_DIR" . "$XDG_DATA_HOME/bup") ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") ("FG_HOME" . "$XDG_DATA_HOME/fgfs") ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") ("STACK_ROOT" . "$XDG_DATA_HOME/stack") ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") ("_JAVA_OPTIONS" . "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) (service home-openssh-service-type (home-openssh-configuration (hosts (let ((my-hosts/ports '(("vin.twilken.net" . 22022) ("vin.wg" . 22022) ("pi3.twilken.net" . 51022) ("pi3.wg" . 51022) ("lud.twilken.net" . 22022) ("lud.wg" . 22022) ("matrix.twilken.net" . 22022))) (git-hosts '("github.com" "ssh.github.com" "bitbucket.org" "gitlab.cern.ch")) (cern-ci-hosts/users '(("alimonitor.cern.ch" . "alibuild") ("alinsure.cern.ch" . "alibuild") ("alibuildmac*.cern.ch" . "alibuild") ("aido*osx*.cern.ch" . "alibuild") ("alibuild*.cern.ch" . "root") ("alissandra*.cern.ch" . "root") ("alimesos*.cern.ch" . "root") ("alientest*.cern.ch" . "root") ("aliflow*.cern.ch" . "root") ("alijenkins*.cern.ch" . "root")))) (define (cern-extra-content delegate-kerberos-credentials?) (string-append "\ # Kerberos authentication GSSAPIAuthentication yes GSSAPIDelegateCredentials " (if delegate-kerberos-credentials? "yes" "no") " PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive ProxyJump \"twilken@lxplus.cern.ch\" ")) ;; Earlier rules take precedence over later ones. `(,(openssh-host (name "*.srcf.net") (user "tw466")) ,(openssh-host (name "*.fritz.box") (extra-content "ProxyJump lud.twilken.net")) ,@(map (lambda (host port) (openssh-host (name host) (port port) (user "timo"))) (map car my-hosts/ports) (map cdr my-hosts/ports)) ,@(map (lambda (host) (openssh-host (name host) (user "git"))) git-hosts) ;; BitBucket apparently only supports ssh-rsa. ,(openssh-host (name "bitbucket.org") (host-key-algorithms '("+ssh-rsa")) (accepted-key-types '("+ssh-rsa"))) ,(openssh-host (name "gitlab.cern.ch") (port 7999) (extra-content "ProxyJump none")) ; no jump needed ;; Avoid ProxyJump loops. ,(openssh-host (name "lxplus.cern.ch") (extra-content "ProxyJump none")) ,(openssh-host (name "twilkendesktop.cern.ch") (port 22022) (forward-x11? #t) (extra-content (cern-extra-content #t))) ,@(map (lambda (host user) (openssh-host (name host) (user user) (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) (map car cern-ci-hosts/users) (map cdr cern-ci-hosts/users)) ,(openssh-host (name "*.cern.ch") (user "twilken") (identity-file "~/.local/share/ssh-keys/cern_id_rsa") (extra-content (cern-extra-content #f))) ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' ;; manages that and might delete keys there. ,(openssh-host (name "*") (identity-file "~/.local/share/ssh-keys/id_rsa") ;; Remote servers probably don't know about xterm-kitty. (extra-content "SetEnv TERM=xterm-256color")))))))))