/ README.org
README.org
1 #+title: Guix Literate Config 2 #+author: Akshit Gaur 3 #+PROPERTY: header-args :mkdirp yes :noweb-prefix no 4 5 ** Guix System 6 #+begin_src scheme :tangle ./acer.scm :noweb yes 7 (use-modules <<module>>) 8 9 <<helper>> 10 11 (define %os 12 (operating-system 13 (host-name "windows") 14 (timezone "Asia/Kolkata") 15 (keyboard-layout 16 (keyboard-layout "us" "" #:options '("ctrl:nocaps"))) 17 (bootloader 18 (bootloader-configuration 19 (bootloader grub-efi-bootloader) 20 (targets '("/boot/efi")) 21 (keyboard-layout keyboard-layout))) 22 (kernel linux) 23 (initrd microcode-initrd) 24 (firmware (cons* linux-firmware sof-firmware %base-firmware)) 25 (kernel-arguments 26 (cons* "kernel.sysrq=1" 27 "memtest=3" 28 "modprobe.blacklist=amdgpu,pcspkr,hid_nintendo" 29 "zswap.enabled=1" 30 "zswap.max_pool_percent=90" 31 %default-kernel-arguments)) 32 (file-systems (append <<file-systems>> %base-file-systems)) 33 (swap-devices 34 (list (swap-space 35 (target 36 (uuid "101b0d73-bede-445b-9f90-63c7a43b3e09"))))) 37 (users (cons* <<user>> %base-user-accounts)) 38 (packages 39 (append (specifications->packages 40 '(;; CLI Utilities. 41 "curl" 42 "dconf" 43 "fd" 44 "jujutsu" 45 "git" 46 "gnupg" 47 "mosh" 48 "ncurses" 49 "ripgrep" 50 "rsync" 51 ;"sops" 52 "unzip" 53 54 ;; Desktop applications. 55 ;"digikam" 56 ;"gimp" 57 "imv" 58 ;"kdenlive" 59 ;"libreoffice" 60 "obs-nvidia" 61 ;"telegram-desktop" 62 "zathura" 63 "zathura-pdf-poppler" 64 65 ;; Necessary things 66 "nss-certs" 67 68 <<package>>)) 69 %base-packages)) 70 (services 71 (cons* <<service>> 72 73 ;(service guix-publish-service-type 74 ; (guix-publish-configuration 75 ; (port 49637) 76 ; (host "0.0.0.0") 77 ; (advertise? #t))) 78 79 (simple-service 'extend-guix guix-service-type 80 (guix-extension 81 (authorized-keys %guix-keys) 82 (substitute-urls '("https://cache-cdn.guix.moe")))) 83 84 (simple-service 'guix-gc shepherd-root-service-type 85 (list (shepherd-timer '(guix-gc) 86 #~(calendar-event #:days-of-week '(sunday) #:hours '(12) #:minutes '(0)) 87 #~("/run/current-system/profile/bin/guix" "gc" "--delete-generations=1m") 88 #:requirement '(user-processes guix-daemon)))) 89 90 (modify-services %rosenthal-desktop-services/tuigreet 91 (elogind-service-type 92 config => (elogind-configuration 93 (inherit config) 94 (handle-suspend-key 'ignore) 95 (handle-hibernate-key 'ignore) 96 (handle-lid-switch 'ignore) 97 (handle-lid-switch-external-power 'ignore))) 98 (guix-service-type 99 config => (guix-configuration 100 (inherit config) 101 (discover? #t) 102 (extra-options '("--cores=16")) 103 (tmpdir "/var/tmp"))) 104 (network-manager-service-type 105 config => (network-manager-configuration 106 (inherit config) 107 (extra-configuration-files 108 (list %network-manager-ipv6-privacy 109 %network-manager-random-mac-address))))))) 110 (name-service-switch %mdns-host-lookup-nss))) 111 112 ((compose (nonguix-transformation-nvidia #:open-source-kernel-module? #t #:s0ix-power-management? #t) 113 ;(rosenthal-transformation-zfs #:boot? #t) 114 ) 115 %os) 116 #+end_src 117 118 ** Guix Home 119 #+begin_src scheme :noweb yes :noweb-ref service 120 (service guix-home-service-type 121 `(("akshit" ,(home-environment 122 (services 123 (cons* <<home-service>> 124 (service home-keyboard-service-type keyboard-layout) 125 %rosenthal-desktop-home-services)))))) 126 #+end_src 127 128 =dorphine/dotfiles= directory is created when tangling this file. 129 130 #+begin_src scheme :noweb yes :noweb-ref home-service 131 (service home-dotfiles-service-type 132 (home-dotfiles-configuration 133 (directories '("files/dotfiles")))) 134 #+end_src 135 136 #+begin_src scheme :noweb yes :noweb-ref home-service 137 (simple-service 'xdg-base-directory home-environment-variables-service-type 138 %xdg-base-directory-env-vars) 139 #+end_src 140 141 ** Base 142 *** Kernel 143 #+begin_src scheme :noweb-ref service 144 (simple-service 'extend-kernel-module-loader kernel-module-loader-service-type 145 '("sch_fq_pie" "tcp_bbr")) 146 147 (simple-service 'extend-sysctl sysctl-service-type 148 '(("net.core.default_qdisc" . "fq_pie") 149 ("net.ipv4.tcp_congestion_control" . "bbr") 150 ;; https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes 151 ("net.core.rmem_max" . "7500000") 152 ("net.core.wmem_max" . "7500000"))) 153 #+end_src 154 155 #+begin_src scheme :noweb-ref home-service 156 (simple-service 'modprobed-db home-shepherd-service-type 157 (list (shepherd-timer '(update-modprobed-db) 158 #~(calendar-event #:minutes '(0)) 159 #~(#$(file-append modprobed-db "/bin/modprobed-db") "storesilent")))) 160 #+end_src 161 162 #+begin_src conf :tangle ./files/dotfiles/.config/modprobed-db.conf 163 DBPATH="/home/akshit/.config" 164 COLORS=light 165 IGNORE=(nvidia nvidia_drm nvidia_modeset nvidia_uvm) 166 #+end_src 167 168 *** File Systems 169 #+begin_src scheme :noweb-ref file-systems 170 (list 171 (file-system 172 (mount-point "/boot/efi") 173 (device (uuid "61F0-B1B7" 174 'fat32)) 175 (type "vfat")) 176 (file-system 177 (mount-point "/") 178 (device (uuid 179 "d3550e19-5bef-4b2b-b55b-ea48919e20d1" 180 'ext4)) 181 (type "ext4"))) 182 #+end_src 183 184 *** Users 185 Personal account. 186 #+begin_src scheme :noweb yes :noweb-ref user 187 (user-account 188 (name "akshit") 189 (group "users") 190 (supplementary-groups '("audio" "docker" "kvm" "plugdev" "video" "wheel")) 191 (shell (file-append fish "/bin/fish"))) 192 #+end_src 193 194 #+begin_src scheme :noweb-ref home-service 195 (service home-fish-service-type) 196 #+end_src 197 198 *** Shell Utilities 199 #+begin_src scheme :noweb-ref home-service 200 (service home-fish-plugin-atuin-service-type) 201 (service home-fish-plugin-direnv-service-type) 202 (service home-fish-plugin-zoxide-service-type) 203 #+end_src 204 205 #+begin_src scheme :noweb-ref home-service 206 (simple-service 'fish-emacs-eat home-fish-service-type 207 (home-fish-extension 208 (config 209 (list (plain-file "emacs-eat.fish" "\ 210 if test -n \"$EAT_SHELL_INTEGRATION_DIR\" 211 source $EAT_SHELL_INTEGRATION_DIR/fish 212 end"))))) 213 #+end_src 214 215 *** SOPS Secrets 216 Create GPG home directory specifically for use with SOPS. 217 #+begin_src shell 218 MY_GPGHOME="<GPG homedir>" 219 220 mkdir --parents --mode=0700 "$MY_GPGHOME" 221 cat <<EOF > "$MY_GPGHOME/gpg.conf" 222 pinentry-mode loopback 223 EOF 224 cat <<EOF > "$MY_GPGHOME/gpg-agent.conf" 225 allow-loopback-pinentry 226 EOF 227 228 unset MY_GPGHOME 229 #+end_src 230 231 Generate passwordless ECC key: 232 #+begin_src shell 233 MY_GPGHOME="<GPG homedir>" 234 MY_NAME="<Your Name>" 235 236 echo ' 237 %no-protection 238 Key-Type: EDDSA 239 Key-Curve: ed25519 240 Subkey-Type: ECDH 241 Subkey-Curve: cv25519 242 Name-Real: $MY_NAME 243 Expire-Date: 0' | gpg --homedir "$MY_GPGHOME" --batch --generate-key 244 245 unset MY_GPGHOME MY_NAME 246 #+end_src 247 248 #+begin_src scheme 249 ;:noweb-ref home-service 250 (service home-sops-secrets-service-type 251 (home-sops-service-configuration 252 (sops sops) 253 (gnupg-home (in-vicinity %xdg-data-home "sops")) 254 (secrets 255 (list (sops-secret 256 (key '("mail")) 257 (file %sops-dorphine)))))) 258 #+end_src 259 260 ** Power Management 261 #+begin_src scheme :noweb-ref service 262 (service tlp-service-type) 263 #+end_src 264 265 #+begin_src scheme :noweb-ref service 266 (simple-service 'auto-power-off shepherd-root-service-type 267 (list (shepherd-timer '(auto-power-off) 268 #~(calendar-event #:minutes '(0 10 20 30 40 50)) 269 #~(#$(program-file "auto-power-off" 270 #~(begin 271 (use-modules (ice-9 textual-ports)) 272 273 (define %battery-capacity 274 (call-with-input-file "/sys/class/power_supply/BAT1/capacity" 275 (compose string->number get-line))) 276 277 (when (<= %battery-capacity 10) 278 (system* "loginctl" "poweroff")))))))) 279 #+end_src 280 281 ** Networking & SSH 282 *** nftables 283 #+begin_src scheme 284 ;:noweb-ref service 285 (service nftables-service-type 286 (nftables-configuration 287 (ruleset (local-file "files/dorphine.nftables")))) 288 #+end_src 289 290 #+begin_src nftables 291 ;:tangle ../files/tangled/dorphine/dorphine.nftables 292 flush ruleset 293 294 table inet filter { 295 chain input { 296 type filter hook input priority 0; policy drop; 297 298 # early drop of invalid connections 299 ct state invalid drop 300 301 # allow established/related connections 302 ct state { established, related } accept 303 304 # allow from loopback 305 iif lo accept 306 # drop connections to lo not coming from lo 307 iif != lo ip daddr 127.0.0.1/8 drop 308 iif != lo ip6 daddr ::1/128 drop 309 310 # allow icmp 311 ip protocol icmp accept 312 ip6 nexthdr icmpv6 accept 313 314 # allow avahi 315 udp dport mdns accept 316 317 # allow caddy 318 tcp dport https accept 319 udp dport https accept 320 321 # allow cuirass 322 tcp dport 5558 accept 323 324 # allow guix-publish 325 tcp dport 49637 accept 326 327 # allow minecraft 328 tcp dport 25565 accept 329 330 # allow syncthing 331 udp dport 21027 accept 332 meta l4proto { tcp, udp } th dport 22000 accept 333 334 # allow tailscale 335 tcp dport 41641 accept 336 337 # allow warframe 338 udp dport { 4950, 4955 } accept 339 tcp dport 6695-6699 accept 340 341 # reject everything else 342 reject with icmpx type port-unreachable 343 } 344 chain forward { 345 type filter hook forward priority 0; policy drop; 346 } 347 chain output { 348 type filter hook output priority 0; policy accept; 349 } 350 } 351 #+end_src 352 353 *** tailscale 354 #+begin_src scheme 355 ;:noweb-ref service 356 (service tailscale-service-type) 357 #+end_src 358 359 *** openssh 360 #+begin_src scheme 361 ;:noweb-ref service 362 (service openssh-service-type 363 (openssh-configuration 364 (openssh openssh-sans-x) 365 (permit-root-login 'prohibit-password) 366 (password-authentication? #f))) 367 #+end_src 368 369 *** fail2ban 370 #+begin_src scheme 371 ;:noweb-ref service 372 (service fail2ban-service-type 373 (fail2ban-configuration 374 (extra-jails 375 (list (fail2ban-jail-configuration 376 (name "sshd") 377 (enabled? #t)))))) 378 #+end_src 379 380 ** OpenPGP & Security Token 381 *** pcscd 382 #+begin_src scheme 383 ;:noweb-ref service 384 (service pcscd-service-type) 385 #+end_src 386 387 *** gpg-agent 388 #+begin_src scheme :noweb-ref home-service 389 (service home-gpg-agent-service-type 390 (home-gpg-agent-configuration 391 (pinentry-program (file-append pinentry-qt "/bin/pinentry-qt")) 392 (ssh-support? #t))) 393 #+end_src 394 395 *** libfido2 396 #+begin_src scheme :noweb-ref service 397 (udev-rules-service 'u2f libfido2 #:groups '("plugdev")) 398 #+end_src 399 400 ** Containers & Virtualization 401 *** containerd 402 #+begin_src scheme :noweb-ref service 403 (service containerd-service-type) 404 #+end_src 405 406 *** docker 407 #+begin_src scheme :noweb-ref service 408 (service docker-service-type) 409 #+end_src 410 411 *** podman 412 #+begin_src scheme :noweb service 413 (service rootless-podman-service-type 414 (rootless-podman-configuration 415 (subgids 416 (list (subid-range (name "akshit")))) 417 (subuids 418 (list (subid-range (name "akshit")))))) 419 #+end_src 420 421 ** Continuous Integration 422 *** cuirass-remote-worker 423 Open TCP port 5558 and connect to server IPv4 address. 424 #+begin_src scheme 425 ;:noweb-ref service 426 (service cuirass-remote-worker-service-type 427 (cuirass-remote-worker-configuration 428 (publish-port 5558) 429 (workers 2) 430 (systems '("x86_64-linux" "i686-linux")) 431 (server "100.97.195.93:5555") ;nuporta (Tailscale) 432 (substitute-urls 433 '("https://ci.guix.moe" 434 "https://ci.guix.gnu.org" 435 "https://bordeaux.guix.gnu.org" 436 "https://substitutes.nonguix.org")))) 437 #+end_src 438 439 ** Monitoring 440 *** alloy 441 #+begin_src scheme 442 ;:noweb-ref service 443 (service alloy-service-type 444 (alloy-configuration 445 (config 446 (plain-file "dorphine.alloy" 447 (string-join 448 (list (sops-str %sops-dorphine '("alloy")) 449 (file-content (testament-plain "alloy/node-exporter.alloy"))) 450 "\n"))))) 451 #+end_src 452 453 ** Graphical Session 454 *** niri 455 #+begin_src scheme :noweb-ref package 456 "niri" 457 "wl-clipboard" 458 "xdg-desktop-portal-gnome" 459 "xdg-desktop-portal-gtk" 460 "xdg-utils" 461 #+end_src 462 463 #+begin_src scheme :noweb-ref home-service 464 (service home-niri-service-type 465 (home-niri-configuration 466 (config 467 (computed-substitution-with-inputs "niri.kdl" 468 (local-file "files/niri.kdl") 469 (list wezterm xwayland-satellite))))) 470 #+end_src 471 472 #+begin_src kdl :tangle ./files/niri.kdl 473 prefer-no-csd 474 screenshot-path "~/Pictures/Screenshots/%Y%m%d-%H%M%S.png" 475 476 xwayland-satellite { 477 path "$$bin/xwayland-satellite$$" 478 } 479 480 // Guix Home (home-shepherd-service-type) 481 spawn-at-startup "shepherd" 482 483 hotkey-overlay { 484 skip-at-startup 485 } 486 487 window-rule { 488 match app-id="librewolf" title="^Picture-in-Picture$" 489 open-floating true 490 } 491 492 window-rule { 493 match app-id="steam" title=r#"^notificationtoasts_\d+_desktop$"# 494 default-floating-position x=10 y=10 relative-to="bottom-right" 495 } 496 497 window-rule { 498 match app-id="thunar" title="^File Operation Progress$" 499 open-floating true 500 } 501 502 // Noctalia 503 window-rule { 504 geometry-corner-radius 20 505 clip-to-geometry true 506 } 507 508 debug { 509 honor-xdg-activation-with-invalid-serial 510 } 511 512 // Set the regular wallpaper on the backdrop. 513 layer-rule { 514 match namespace="^noctalia-wallpaper*" 515 place-within-backdrop true 516 } 517 518 // Optionally, disable the workspace shadows in the overview. 519 overview { 520 workspace-shadow { 521 off 522 } 523 } 524 525 layout { 526 // Set transparent workspace background color so you see the backdrop at all times. 527 background-color "transparent" 528 529 focus-ring { 530 off 531 } 532 border { 533 off 534 } 535 } 536 537 input { 538 keyboard { 539 repeat-delay 300 540 repeat-rate 30 541 } 542 touchpad { 543 tap 544 natural-scroll 545 } 546 warp-mouse-to-focus 547 } 548 549 output "eDP-1" { 550 mode "2560x1440@240.002" 551 } 552 553 output "DP-1" { 554 focus-at-startup 555 } 556 557 binds { 558 XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } 559 XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } 560 XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } 561 XF86AudioMicMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteInput"; } 562 XF86AudioPlay allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "play"; } 563 XF86AudioStop allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "pause"; } 564 XF86AudioPrev allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "previous"; } 565 XF86AudioNext allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "next"; } 566 XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "-d" "intel_backlight" "set" "+5%"; } 567 XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "-d" "intel_backlight" "set" "5%-"; } 568 569 Mod+O { spawn "noctalia-shell" "ipc" "call" "controlCenter" "toggle"; } 570 Mod+A { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } 571 Mod+D { spawn "noctalia-shell" "ipc" "call" "plugin:clipper" "togglePanel"; } 572 Mod+S { spawn "noctalia-shell" "ipc" "call" "settings" "toggle"; } 573 Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } 574 Mod+Shift+E { spawn "herd" "restart" "noctalia-shell"; } 575 576 Mod+E { spawn "emacsclient" "--create-frame" "--no-wait"; } 577 Mod+Return { spawn "$$bin/wezterm$$"; } 578 579 Mod+Left { focus-column-left; } 580 Mod+Down { focus-window-down; } 581 Mod+Up { focus-window-up; } 582 Mod+Right { focus-column-right; } 583 584 Mod+Shift+Left { move-column-left; } 585 Mod+Shift+Down { move-window-down; } 586 Mod+Shift+Up { move-window-up; } 587 Mod+Shift+Right { move-column-right; } 588 589 Mod+WheelScrollDown { focus-column-right; } 590 Mod+WheelScrollUp { focus-column-left; } 591 592 Mod+Shift+WheelScrollDown { move-column-right; } 593 Mod+Shift+WheelScrollUp { move-column-left; } 594 595 Mod+Ctrl+Left { focus-monitor-left; } 596 Mod+Ctrl+Right { focus-monitor-right; } 597 598 Mod+Ctrl+Shift+Left { move-column-to-monitor-left; } 599 Mod+Ctrl+Shift+Right { move-column-to-monitor-right; } 600 601 Mod+Ctrl+WheelScrollDown { focus-monitor-right; } 602 Mod+Ctrl+WheelScrollUp { focus-monitor-left; } 603 604 Mod+Ctrl+Shift+WheelScrollDown { move-column-to-monitor-right; } 605 Mod+Ctrl+Shift+WheelScrollUp { move-column-to-monitor-left; } 606 607 Mod+Comma { consume-or-expel-window-left; } 608 Mod+Period { consume-or-expel-window-right; } 609 Mod+F { maximize-column; } 610 Mod+Shift+F { fullscreen-window; } 611 Mod+C { center-column; } 612 Mod+V { toggle-window-floating; } 613 Mod+Shift+V { switch-focus-between-floating-and-tiling; } 614 615 Mod+Q { close-window; } 616 617 Mod+Tab repeat=false { toggle-overview; } 618 619 Print { screenshot; } 620 Ctrl+Print { screenshot-screen; } 621 Alt+Print { screenshot-window; } 622 623 Mod+1 { focus-workspace 1; } 624 Mod+2 { focus-workspace 2; } 625 Mod+3 { focus-workspace 3; } 626 Mod+4 { focus-workspace 4; } 627 Mod+5 { focus-workspace 5; } 628 Mod+6 { focus-workspace 6; } 629 Mod+7 { focus-workspace 7; } 630 Mod+8 { focus-workspace 8; } 631 Mod+9 { focus-workspace 9; } 632 Mod+Ctrl+1 { move-column-to-workspace 1; } 633 Mod+Ctrl+2 { move-column-to-workspace 2; } 634 Mod+Ctrl+3 { move-column-to-workspace 3; } 635 Mod+Ctrl+4 { move-column-to-workspace 4; } 636 Mod+Ctrl+5 { move-column-to-workspace 5; } 637 Mod+Ctrl+6 { move-column-to-workspace 6; } 638 Mod+Ctrl+7 { move-column-to-workspace 7; } 639 Mod+Ctrl+8 { move-column-to-workspace 8; } 640 Mod+Ctrl+9 { move-column-to-workspace 9; } 641 } 642 #+end_src 643 644 [[https://niri-wm.github.io/niri/Nvidia.html][High VRAM usage fix]]: 645 646 #+begin_src scheme :noweb-ref service 647 (simple-service 'niri-nvidia-profile etc-service-type 648 `(("nvidia/nvidia-application-profiles-rc.d/50-limit-free-buffer-pool-in-wayland-compositors.json" 649 ,(computed-file "50-limit-free-buffer-pool-in-wayland-compositors.json" 650 (with-extensions (list guile-json-4) 651 #~(begin 652 (use-modules (json)) 653 (call-with-output-file #$output 654 (lambda (port) 655 (scm->json 656 '(("profiles" 657 . #((("settings" 658 . #((("value" . 0) 659 ("key" . "GLVidHeapReuseRatio")))) 660 ("name" . "Limit Free Buffer Pool On Wayland Compositors")))) 661 ("rules" 662 . #((("profile" . "Limit Free Buffer Pool On Wayland Compositors") 663 ("pattern" 664 ("matches" . "niri") 665 ("feature" . "procname")))))) 666 port 667 #:pretty #t))))))))) 668 #+end_src 669 *** shepherd 670 Autostart Shepherd in environments that support XDG Autostart (e.g. GNOME). 671 #+begin_src conf :tangle ./files/dotfiles/.config/autostart/shepherd.desktop 672 [Desktop Entry] 673 Type=Application 674 Name=Shepherd 675 Exec=shepherd 676 #+end_src 677 678 *** noctalia-shell 679 Run ~herd restart noctalia-shell~ on initial setup / after home environment 680 reconfiguration. 681 682 #+begin_src scheme :noweb-ref home-service 683 (service home-noctalia-shell-service-type) 684 #+end_src 685 686 *** polkit-gnome 687 #+begin_src scheme :noweb-ref home-service 688 (service home-polkit-gnome-service-type) 689 #+end_src 690 691 *** gnome-keyring 692 #+begin_src scheme :noweb-ref service 693 (service gnome-keyring-service-type) 694 #+end_src 695 696 *** qogir-icon-theme 697 #+begin_src scheme :noweb-ref home-service 698 (service home-theme-service-type 699 (home-theme-configuration 700 (packages (list qogir-icon-theme)) 701 (icon-theme "Qogir") 702 (cursor-theme "Qogir"))) 703 #+end_src 704 705 *** fontconfig 706 #+begin_src scheme :noweb-ref package 707 "font-adobe-source-serif" 708 "font-apple-new-york" 709 "font-apple-sf-pro" 710 "font-chiron-hei-hk" 711 "font-chiron-sung-hk" 712 "font-google-noto" 713 "font-google-noto-emoji" 714 "font-nerd-symbols" 715 "font-sarasa-gothic" 716 "font-victor-mono" 717 #+end_src 718 719 fontconfig on Guix is [[https://codeberg.org/guix/guix/pulls/5654#issuecomment-9928509][known]] not working with some locales (e.g. =zh_CN.utf8=), 720 use =en_US.utf8= (the default) if you have encountered issues. 721 722 #+begin_src scheme :noweb-ref home-service 723 (simple-service 'extend-fontconfig home-fontconfig-service-type 724 (let ((sans "SF Pro Text") 725 (serif "New York Medium") 726 (mono "Victor Mono") 727 (emoji "Noto Color Emoji")) 728 `((alias 729 (family "sans-serif") 730 (prefer 731 (family ,sans) 732 (family "Chiron Hei HK VF") 733 (family ,emoji))) 734 (alias 735 (family "serif") 736 (prefer 737 (family ,serif) 738 (family "Chiron Sung HK VF") 739 (family ,emoji))) 740 (alias 741 (family "monospace") 742 (prefer 743 (family ,mono) 744 (family "Chiron Sung HK VF") 745 (family ,emoji))) 746 747 ,@(map (lambda (name) 748 `(alias 749 (family ,name) 750 (prefer 751 (family ,sans) 752 (family "sans-serif")))) 753 '("BlinkMacSystemFont" 754 "-apple-system" 755 "system-ui" 756 "ui-sans-serif")) 757 (alias 758 (family "ui-serif") 759 (prefer 760 (family ,serif) 761 (family "serif"))) 762 (alias 763 (family "ui-monospace") 764 (prefer 765 (family ,mono) 766 (family "monospace")))))) 767 #+end_src 768 769 ** Applications 770 *** adb 771 #+begin_src scheme 772 ;:noweb-ref service 773 (udev-rules-service 'android android-udev-rules #:groups '("adbusers")) 774 #+end_src 775 776 *** email 777 #+begin_src scheme 778 ;:noweb-ref home-service 779 (simple-service 'update-mailbox home-shepherd-service-type 780 (list 781 (shepherd-timer '(update-mailbox) 782 #~(calendar-event #:minutes '(0 15 30 45)) 783 #~(#$(program-file "update-mailbox" 784 (with-imported-modules '((guix build utils)) 785 #~(begin 786 (use-modules (ice-9 match) 787 (guix build utils)) 788 ;; Sync with mail server. 789 (invoke #$(file-append isync "/bin/mbsync") "-a" 790 "--config" #$(local-file (testament-plain "dorphine/mbsync.conf"))) 791 ;; Index. 792 (let ((notmuch #$(file-append notmuch "/bin/notmuch"))) 793 (invoke notmuch "new") 794 (map (match-lambda 795 ((query . tags) 796 (apply invoke notmuch "tag" 797 `(,@(map symbol->string tags) "--" ,query)))) 798 '(;; self 799 ("tag:new AND from:hako@ultrarare.space" 800 . (+sent)) 801 ("tag:new AND (tag:replied OR tag:sent)" 802 . (-unread)) 803 ;; mailing lists 804 ("tag:new AND folder:lists/emacs-devel" 805 . (+lists +lists/emacs-devel -inbox -new)) 806 ("tag:new AND folder:lists/guile-devel" 807 . (+lists +lists/guile-devel -inbox -new)) 808 ("tag:new AND folder:lists/guix-devel" 809 . (+lists +lists/guix-devel -inbox -new)) 810 ("tag:new AND folder:lists/guix-user" 811 . (+lists +lists/guix-user -inbox -new)) 812 ;; folders 813 ("folder:local/Drafts" 814 . (+draft -unread -inbox -new)) 815 ("folder:imap/Archive" 816 . (+archive -unread -inbox -new)) 817 ("folder:imap/Junk" 818 . (+spam -inbox -new)) 819 ("folder:imap/Trash" 820 . (+trashed -inbox -new)) 821 ;; others 822 ("tag:new" 823 . (+inbox -new))))) 824 ;; Send queued mail. 825 (invoke "emacsclient" "--eval" "(smtpmail-send-queued-mail)")))))))) 826 #+end_src 827 828 mbsync: 829 #+begin_src conf 830 ;:tangle ./files/mbsync.conf 831 Create Both 832 Expunge Both 833 CopyArrivalDate yes 834 835 MaildirStore local 836 Path ~/.local/share/mail/imap/ 837 Inbox ~/.local/share/mail/imap/INBOX 838 Subfolders Verbatim 839 840 IMAPAccount hako 841 Host mail.boiledscript.com 842 User "hako@ultrarare.space" 843 PassCmd "cat $XDG_RUNTIME_DIR/secrets/mail" 844 TLSType IMAPS 845 846 IMAPStore remote 847 Account hako 848 849 Channel hako 850 Far :remote: 851 Near :local: 852 Pattern * 853 SyncState * 854 #+end_src 855 856 l2md: 857 #+begin_src conf :tangle ./files/dotfiles/.config/l2md/config 858 [general] 859 base = ~/.local/share/l2md/ 860 oneshot = 1 861 862 # emacs-devel@gnu.org 863 [repo emacs-devel] 864 url = https://yhetil.org/emacs-devel/0 865 maildir = ~/.local/share/mail/lists/emacs-devel 866 867 # guile-devel@gnu.org 868 [repo guile-devel] 869 url = https://yhetil.org/guile-devel/0 870 maildir = ~/.local/share/mail/lists/guile-devel 871 872 # guix-devel@gnu.org 873 [repo guix-devel] 874 url = https://yhetil.org/guix-devel/0 875 maildir = ~/.local/share/mail/lists/guix-devel 876 877 # help-guix@gnu.org 878 [repo guix-user] 879 url = https://yhetil.org/guix-user/0 880 maildir = ~/.local/share/mail/lists/guix-user 881 #+end_src 882 883 notmuch: 884 #+begin_src conf 885 ;:tangle ./files/dotfiles/.config/notmuch/default/config :tangle no 886 [database] 887 path=/home/hako/.local/share/mail 888 889 [user] 890 name=Hilton Chain 891 primary_email=hako@ultrarare.space 892 893 [show] 894 extra_headers=Message-ID;In-Reply-To;References 895 896 [new] 897 tags=new 898 899 [search] 900 exclude_tags=draft;spam 901 #+end_src 902 903 *** fcitx5 904 #+begin_src scheme :noweb-ref home-service 905 (service home-fcitx5-service-type 906 (home-fcitx5-configuration 907 (themes (list fcitx5-material-color-theme)) 908 (input-method-editors (list fcitx5-rime)) 909 (gtk-im-module? #t) 910 (qt-im-module? #t))) 911 #+end_src 912 913 *** gdb 914 Copied from =%default-gdbinit=. 915 #+begin_src scheme :tangle ./files/dotfiles/.config/gdb/gdbinit 916 # Tell GDB where to look for separate debugging files. 917 guile 918 (use-modules (gdb)) 919 (execute (string-append "set debug-file-directory " 920 (string-join 921 (filter file-exists? 922 (append 923 (if (getenv "GDB_DEBUG_FILE_DIRECTORY") 924 (list (getenv "GDB_DEBUG_FILE_DIRECTORY")) 925 '()) 926 (list "~/.guix-profile/lib/debug" 927 "~/.guix-home/profile/lib/debug" 928 "/run/current-system/profile/lib/debug"))) 929 ":"))) 930 end 931 932 # Authorize extensions found in the store, such as the 933 # pretty-printers of libstdc++. 934 set auto-load safe-path /gnu/store/*/lib 935 #+end_src 936 937 *** git 938 #+begin_src conf :tangle ./files/dotfiles/.config/git/config 939 [core] 940 quotePath = false 941 [init] 942 defaultBranch = master 943 [commit] 944 gpgsign = false 945 [user] 946 name = Akshit Gaur 947 email = akshitgaur@proton.me 948 ;signingkey = ACC66D09CA528292! 949 [pull] 950 rebase = true 951 [rerere] 952 enabled = true 953 954 [diff "scheme"] 955 xfuncname = "^(\\(define.*)$" 956 [diff "texinfo"] 957 xfuncname = "^@node[[:space:]]+([^,]+).*$" 958 959 [url "git@codeberg.org:"] 960 pushInsteadOf = "https://codeberg.org/" 961 [url "git@github.com:"] 962 pushInsteadOf = "https://github.com/" 963 [url "git@gitlab.com:"] 964 pushInsteadOf = "https://gitlab.com/" 965 [url "forgejo@git.urspace.moe:"] 966 pushInsteadOf = "https://git.urspace.moe/" 967 #+end_src 968 969 For emacs-forge. 970 #+begin_src conf :tangle ./files/dotfiles/.config/git/config 971 [github] 972 user = akshitgaur2005 973 [gitlab] 974 user = akshitgaur2005 975 #+end_src 976 977 [[https://forgejo.org/docs/latest/user/agit-support/][AGit Workflow]] helpers. 978 #+begin_src conf 979 ;:tangle ./files/dotfiles/.config/git/config :tangle no 980 [alias] 981 pr-push = "!f() { branch=$1; topic=$(git branch --show-current); shift; git push origin $topic:refs/for/$branch/$topic -o force-push \"$@\"; }; f" 982 pr-apply = "!f() { for id in $(git cherry HEAD pullreqs/$1 | cut -c2-); do git cherry-pick --signoff $id; done; }; f" 983 #+end_src 984 985 *** radicle 986 #+begin_src scheme :noweb-ref helper 987 (define (home-radicle-shepherd-service config) 988 (list (shepherd-service (provision '(radicle)) 989 (documentation "Start radicle") 990 (start #~(make-forkexec-constructor (list (string-append #$radicle 991 "/bin/radicle-node") 992 "--force"))) 993 (stop #~(make-kill-destructor))))) 994 995 (define-public home-radicle-service-type 996 (service-type (name 'home-radicle) 997 (extensions (list (service-extension 998 home-shepherd-service-type 999 home-radicle-shepherd-service))) 1000 (default-value #f) 1001 (description "Launch the radicle node"))) 1002 #+end_src 1003 1004 #+begin_src scheme :noweb-ref home-service 1005 (service home-radicle-service-type) 1006 #+end_src 1007 1008 #+begin_src scheme :noweb-ref package 1009 "radicle" 1010 #+end_src 1011 *** guile 1012 Copied from =%default-dotguile=. 1013 #+begin_src scheme :tangle ./files/dotfiles/.guile 1014 (cond ((false-if-exception (resolve-interface '(ice-9 readline))) 1015 => 1016 (lambda (module) 1017 ;; Enable completion and input history at the REPL. 1018 ((module-ref module 'activate-readline)))) 1019 (else 1020 (display "Consider installing the 'guile-readline' package for 1021 convenient interactive line editing and input history.\n\n"))) 1022 1023 (unless (getenv "INSIDE_EMACS") 1024 (cond ((false-if-exception (resolve-interface '(ice-9 colorized))) 1025 => 1026 (lambda (module) 1027 ;; Enable completion and input history at the REPL. 1028 ((module-ref module 'activate-colorized)))) 1029 (else 1030 (display "Consider installing the 'guile-colorized' package 1031 for a colorful Guile experience.\n\n")))) 1032 #+end_src 1033 1034 *** jellyfin-mpv-shim 1035 #+begin_src scheme 1036 ;:noweb-ref home-service 1037 (simple-service 'jellyfin-mpv-shim home-shepherd-service-type 1038 (list (shepherd-service 1039 (provision '(jellyfin-mpv-shim)) 1040 (start 1041 #~(make-forkexec-constructor 1042 '(#$(file-append jellyfin-mpv-shim "/bin/jellyfin-mpv-shim")))) 1043 (stop #~(make-kill-destructor))))) 1044 #+end_src 1045 1046 *** librewolf 1047 #+begin_src scheme :noweb-ref package 1048 "librewolf" 1049 "adaptive-tab-bar-colour-icecat" 1050 "bitwarden-icecat" 1051 "livemarks-icecat" 1052 "ohmyech-icecat" 1053 "ublock-origin-icecat" 1054 #+end_src 1055 1056 *** mpv 1057 #+begin_src scheme :noweb-ref package 1058 "mpv-nvidia" 1059 #+end_src 1060 1061 #+begin_src conf :tangle ./files/dotfiles/.config/mpv/mpv.conf 1062 # https://vcb-s.com/archives/7594 1063 profile=high-quality 1064 cscale=catmull_rom 1065 deband=yes 1066 blend-subtitles=video 1067 video-sync=display-resample 1068 interpolation=yes 1069 tscale=oversample 1070 sub-auto=fuzzy 1071 hwdec=auto-safe 1072 1073 # uosc 1074 osd-bar=no 1075 border=no 1076 1077 fullscreen=yes 1078 force-window=yes 1079 idle=yes 1080 screenshot-directory=/home/akshit/Pictures/MPV/ 1081 screenshot-template="%F %P" 1082 #+end_src 1083 1084 #+begin_src scheme :noweb-ref home-service 1085 (simple-service 'mpv-mpris home-xdg-configuration-files-service-type 1086 `(("mpv/scripts/mpris.so" 1087 ,(file-append mpv-mpris "/lib/mpris.so")))) 1088 #+end_src 1089 1090 *** nano 1091 Copied from =%default-nanorc=. 1092 1093 #+begin_src conf :tangle ./files/dotfiles/.config/nano/naonrc 1094 # Include all the syntax highlighting modules. 1095 include /run/current-system/profile/share/nano/*.nanorc 1096 #+end_src 1097 1098 *** prismlauncher 1099 #+begin_src scheme 1100 ;:noweb-ref package 1101 "prismlauncher-dolly" 1102 #+end_src 1103 1104 #+begin_src scheme 1105 ;:noweb-ref home-service 1106 (simple-service 'openjdk-for-prismlauncher home-files-service-type 1107 (map (lambda (jdk) 1108 (list (in-vicinity ".local/share/PrismLauncher/java" (package-version jdk)) 1109 jdk)) 1110 (list openjdk25))) 1111 #+end_src 1112 1113 *** steam 1114 #+begin_src scheme :noweb-ref package 1115 "mangohud" 1116 "steam-nvidia" 1117 #+end_src 1118 1119 #+begin_src scheme :noweb-ref home-environment-variable 1120 (simple-service 'nonguix-sandbox-home home-environment-variables-service-type 1121 `(("GUIX_SANDBOX_HOME" . "/var/lib/Sandbox"))) 1122 #+end_src 1123 1124 #+begin_src scheme :noweb yes :noweb-ref service 1125 (udev-rules-service 'steam-devices steam-devices-udev-rules) 1126 (udev-rules-service 'controller <<controller-permission-udev-rule>>) 1127 #+end_src 1128 1129 See also: <https://github.com/ValveSoftware/steam-for-linux/issues/2092> 1130 #+name: controller-permission-udev-rule 1131 #+begin_src scheme 1132 (udev-rule "60-controller-permission.rules" "\ 1133 KERNEL==\"event*\", ATTRS{idVendor}==\"045e\", ATTRS{idProduct}==\"028e\", \ 1134 MODE=\"0660\", GROUP=\"users\"") 1135 #+end_src 1136 1137 *** syncthing 1138 #+begin_src scheme :noweb-ref service 1139 (service syncthing-service-type 1140 (syncthing-configuration 1141 (user "akshit"))) 1142 #+end_src 1143 1144 *** thunar 1145 #+begin_src scheme :noweb-ref package 1146 "exo" 1147 "file-roller" 1148 "thunar" 1149 "thunar-archive-plugin" 1150 "thunar-media-tags-plugin" 1151 "thunar-volman" 1152 "tumbler" 1153 #+end_src 1154 1155 #+begin_src conf :tangle ./files/dotfiles/.config/xfce4/helpers.rc 1156 TerminalEmulator=open-wezterm-here 1157 #+end_src 1158 1159 *** wezterm 1160 #+begin_src scheme :noweb-ref package 1161 "wezterm" 1162 #+end_src 1163 1164 #+begin_src lua :tangle ./files/dotfiles/.config/wezterm/wezterm.lua 1165 local wezterm = require 'wezterm' 1166 local config = wezterm.config_builder() 1167 1168 -- This improves input latency in my environment. 1169 config.enable_wayland = false 1170 1171 config.window_background_opacity = 0.97 1172 config.color_scheme = 'Catppuccin Mocha' 1173 1174 return config 1175 #+end_src 1176 1177 *** wget 1178 #+begin_src conf :tangle ./files/dotfiles/.config/wgetrc 1179 hsts-file = ~/.cache/wget-hsts 1180 #+end_src 1181 1182 ** Emacs 1183 #+begin_src scheme :noweb-ref home-service 1184 (simple-service 'emacs-environment home-environment-variables-service-type 1185 `(("EDITOR" . "emacsclient") 1186 ("VISUAL" . "$EDITOR") 1187 ("SSL_CERT_DIR" . "/etc/ssl/certs/") 1188 ("SSL_CERT_FILE" . "/etc/ssl/certs/ca-certificates.crt") 1189 ("GIT_SSL_CAINFO" . "$SSL_CERT_FILE") 1190 ("ESHELL" . ,(file-append fish "/bin/fish")))) 1191 #+end_src 1192 1193 #+begin_src scheme :noweb-ref home-service 1194 (simple-service 'emacs home-shepherd-service-type 1195 (list (shepherd-service 1196 (provision '(emacs-daemon)) 1197 (start #~(make-forkexec-constructor '("emacs" "--fg-daemon"))) 1198 (stop #~(make-kill-destructor))))) 1199 #+end_src 1200 1201 #+begin_src scheme :noweb-ref package 1202 "emacs-pgtk" 1203 "emacs-gcmh" 1204 "emacs-no-littering" 1205 "emacs-beancount" 1206 "emacs-caddyfile-mode" 1207 "emacs-edit-indirect" 1208 "emacs-fish-mode" 1209 "emacs-json-mode" 1210 "emacs-kdl-mode" 1211 "emacs-markdown-mode" 1212 "emacs-nftables-mode" 1213 "emacs-zig-mode" 1214 #+end_src 1215 1216 #+begin_src scheme :noweb-ref package 1217 "python" 1218 "rust" 1219 "rust:cargo" 1220 "zig" 1221 #+end_src 1222 1223 ** Modules 1224 Guile builtins 1225 #+begin_src scheme :noweb-ref module 1226 (ice-9 match) 1227 #+end_src 1228 1229 Utilities 1230 #+begin_src scheme :noweb-ref module 1231 (gnu) 1232 (guix packages) 1233 (nonguix) 1234 (rosenthal) 1235 (sops secrets) 1236 (guix gexp) 1237 #+end_src 1238 1239 Guix System - services 1240 #+begin_src scheme :noweb-ref module 1241 (gnu services cuirass) 1242 (gnu services containers) 1243 (gnu services docker) 1244 (gnu services linux) 1245 (gnu services networking) 1246 (gnu services pm) 1247 (gnu services security) 1248 (gnu services security-token) 1249 (gnu services ssh) 1250 (gnu services sysctl) 1251 (gnu services xorg) 1252 (gnu services syncthing) 1253 (rosenthal services keyboard) 1254 (rosenthal services monitoring) 1255 (rosenthal services networking) 1256 (rosenthal services shellutils) 1257 (rosenthal services web) 1258 (sops services sops) 1259 #+end_src 1260 1261 Guix Home - services 1262 #+begin_src scheme :noweb-ref module 1263 (gnu home services) 1264 (gnu home services dotfiles) 1265 (gnu home services shepherd) 1266 (gnu home services fontutils) 1267 (gnu home services gnupg) 1268 (gnu home services shells) 1269 (sops home services sops) 1270 #+end_src 1271 1272 Guix packages 1273 #+begin_src scheme :noweb-ref module 1274 (gnu packages android) 1275 (gnu packages cpp) 1276 (gnu packages fcitx5) 1277 (gnu packages file-systems) 1278 (gnu packages games) 1279 (gnu packages gnome-xyz) 1280 (gnu packages gnupg) 1281 (gnu packages guile) 1282 (gnu packages java) 1283 (gnu packages linux) 1284 (gnu packages mail) 1285 (gnu packages python-xyz) 1286 (gnu packages rust) 1287 (gnu packages rust-apps) 1288 (gnu packages security-token) 1289 (gnu packages shells) 1290 (gnu packages ssh) 1291 (gnu packages terminals) 1292 (gnu packages video) 1293 (gnu packages xorg) 1294 (gnu packages zig-xyz) 1295 (rosenthal packages password-utils) 1296 #+end_src 1297 1298 * Helpers 1299 ** xdg 1300 #+begin_src scheme :noweb-ref helper 1301 (define %xdg-data-home 1302 (or (getenv "XDG_DATA_HOME") 1303 (in-vicinity (getenv "HOME") ".local/share"))) 1304 1305 ;; Source: <https://wiki.archlinux.org/title/XDG_Base_Directory> 1306 (define %xdg-base-directory-env-vars 1307 '(;; bash 1308 ("HISTFILE" . "$XDG_STATE_HOME/bash/history") 1309 ;; docker 1310 ("DOCKER_CONFIG" . "$XDG_CONFIG_HOME/docker") 1311 ;; gdb 1312 ("GDBHISTFILE" . "$XDG_STATE_HOME/gdb/history") 1313 ;; go 1314 ("GOMODCACHE" . "$XDG_CACHE_HOME/go/mod") 1315 ("GOPATH" . "$XDG_DATA_HOME/go") 1316 ;; gradle 1317 ("GRADLE_USER_HOME" . "$XDG_DATA_HOME/gradle") 1318 ;; guile 1319 ("GUILE_HISTORY" . "$XDG_STATE_HOME/guile/history") 1320 ;; java 1321 ("_JAVA_OPTIONS" . "-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java") 1322 ;; luanti 1323 ("MINETEST_USER_PATH" . "$XDG_DATA_HOME/luanti") 1324 ;; node 1325 ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") 1326 ;; nvidia-driver 1327 ("CUDA_CACHE_PATH" . "$XDG_CACHE_HOME/nv") 1328 ;; password-store 1329 ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/pass") 1330 ;; python 1331 ;; TODO: Python 3.13. 1332 ("PYTHON_HISTORY" . "$XDG_STATE_HOME/python/history") 1333 ;; rust 1334 ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") 1335 ;; sqlite 1336 ("SQLITE_HISTORY" . "$XDG_STATE_HOME/sqlite_history") 1337 ;; wget 1338 ("WGETRC" . "$XDG_CONFIG_HOME/wgetrc"))) 1339 #+end_src 1340 1341 ** keys 1342 #+begin_src scheme :noweb-ref helper 1343 (define %guix-keys 1344 (list (plain-file "dorphine.pub" 1345 "(public-key (ecc (curve Ed25519) 1346 (q #A279175682D0DAE3E11268E67E1F3FA47C38D7E509F7725567CF891E248E719F#)))") 1347 (plain-file "nuporta.pub" 1348 "(public-key (ecc (curve Ed25519) 1349 (q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))") 1350 (plain-file "ignamma.pub" 1351 "(public-key (ecc (curve Ed25519) 1352 (q #6FEEB15C4363F9975EB15C908EC911A4362E486DA642431FA2438C0B1C3D55F5#)))") 1353 (plain-file "workers-hako.pub" 1354 "(public-key (ecc (curve Ed25519) 1355 (q #7927EA1162184C1FAA62D20C111121A4604F00956E69F0FEB89EEE1721647897#)))") 1356 (plain-file "workers-poesty.pub" 1357 "(public-key (ecc (curve Ed25519) 1358 (q #8C4662FA0BC955B33261EEA5AA15F33081A7BEC991E5F990F7382F0988459B37#)))") 1359 ;; Guix Moe 1360 (plain-file "guix-moe-old.pub" 1361 "(public-key (ecc (curve Ed25519) 1362 (q #374EC58F5F2EC0412431723AF2D527AD626B049D657B5633AAAEBC694F3E33F9#)))") 1363 (plain-file "guix-moe.pub" 1364 "(public-key (ecc (curve Ed25519) 1365 (q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))") 1366 ;; Nonguix 1367 (plain-file "nonguix.pub" 1368 "(public-key (ecc (curve Ed25519) 1369 (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))) 1370 #+end_src 1371 1372 ** network manager 1373 #+begin_src scheme :noweb-ref helper 1374 (define %network-manager-ipv6-privacy 1375 `("ip6-privacy.conf" 1376 ,(plain-file "ip6-privacy.conf" "\ 1377 # Use IPv6 Privacy Extensions. 1378 [connection] 1379 ipv6.ip6-privacy=2\n"))) 1380 1381 ;; NOTE: When using on cloud machines, refer to the terms of the provider 1382 ;; first. 1383 (define %network-manager-random-mac-address 1384 `("rand_mac.conf" 1385 ,(plain-file "rand_mac.conf" "\ 1386 # Generate a random MAC for each network connection and associate the two 1387 # permanently. 1388 [connection-mac-randomization] 1389 ethernet.cloned-mac-address=stable 1390 wifi.cloned-mac-address=stable\n"))) 1391 #+end_src