Ananta
My literate Guix Config
rad:z2ZspMG5EPwUK1JwyPULzzGEq99Yr
Visibility
public
Delegates
did:key:z6MkmAD3z3GA7GT9oQ3Z1KAeQ22VjPGrSS2BTb5jnFkiQpAv
Default branch
main → 915502db379e8599c27cf51f5fa513f15011f593 (Sun Feb 15 15:50:59 2026)
Threshold
1
README.md
# Table of Contents
1. [Guix System](#orgf4a78c8)
2. [Guix Home](#org859bad5)
3. [Base](#org17bee83)
1. [Kernel](#orgd5ded91)
2. [File Systems](#orgeb2209b)
3. [Users](#org1a3eab0)
4. [Shell Utilities](#org30d4a8a)
5. [SOPS Secrets](#org8ccb290)
4. [Power Management](#org97f534e)
5. [Networking & SSH](#org47df4b6)
1. [nftables](#orgcf33285)
2. [tailscale](#org72c40c8)
3. [openssh](#org2681133)
4. [fail2ban](#orgcfdad76)
6. [OpenPGP & Security Token](#org5f73a29)
1. [pcscd](#org038db76)
2. [gpg-agent](#orga8feb13)
3. [libfido2](#orgdf25a0f)
7. [Containers & Virtualization](#orgd6716c0)
1. [containerd](#orgb322014)
2. [docker](#org8e12365)
3. [podman](#org597186b)
8. [Continuous Integration](#org591b30a)
1. [cuirass-remote-worker](#org4e22a9c)
9. [Monitoring](#orgecb6fab)
1. [alloy](#orgaa887d4)
10. [Graphical Session](#org281a9b8)
1. [niri](#orgb9942cb)
2. [shepherd](#org15915b8)
3. [noctalia-shell](#org1fbf998)
4. [polkit-gnome](#org470734e)
5. [gnome-keyring](#org4239035)
6. [qogir-icon-theme](#orgcb7d11c)
7. [fontconfig](#org2fe6173)
11. [Applications](#orgc3d2b41)
1. [adb](#org3154fc1)
2. [email](#orgea28be8)
3. [fcitx5](#org372a3f8)
4. [gdb](#org159679c)
5. [git](#org01ac86f)
6. [radicle](#org3dd008e)
7. [guile](#org269321e)
8. [jellyfin-mpv-shim](#orgca30597)
9. [librewolf](#orgc9df8fc)
10. [mpv](#orge8e3432)
11. [nano](#org710d6da)
12. [prismlauncher](#org6c6d0bd)
13. [steam](#org2ac6c89)
14. [syncthing](#orgd676c87)
15. [thunar](#org180e8aa)
16. [wezterm](#orga977f3c)
17. [wget](#orge83ea2c)
12. [Emacs](#orgfb3d0e4)
13. [Modules](#org5470768)
1. [Helpers](#orgbefae47)
1. [xdg](#org8a35950)
2. [keys](#org0b4c644)
3. [network manager](#orgb922edf)
<a id="orgf4a78c8"></a>
## Guix System
(use-modules (ice-9 match)
(gnu)
(guix packages)
(nonguix)
(rosenthal)
(sops secrets)
(guix gexp)
(gnu services cuirass)
(gnu services containers)
(gnu services docker)
(gnu services linux)
(gnu services networking)
(gnu services pm)
(gnu services security)
(gnu services security-token)
(gnu services ssh)
(gnu services sysctl)
(gnu services xorg)
(gnu services syncthing)
(rosenthal services keyboard)
(rosenthal services monitoring)
(rosenthal services networking)
(rosenthal services shellutils)
(rosenthal services web)
(sops services sops)
(gnu home services)
(gnu home services dotfiles)
(gnu home services shepherd)
(gnu home services fontutils)
(gnu home services gnupg)
(gnu home services shells)
(sops home services sops)
(gnu packages android)
(gnu packages cpp)
(gnu packages fcitx5)
(gnu packages file-systems)
(gnu packages games)
(gnu packages gnome-xyz)
(gnu packages gnupg)
(gnu packages guile)
(gnu packages java)
(gnu packages linux)
(gnu packages mail)
(gnu packages python-xyz)
(gnu packages rust)
(gnu packages rust-apps)
(gnu packages security-token)
(gnu packages shells)
(gnu packages ssh)
(gnu packages terminals)
(gnu packages video)
(gnu packages xorg)
(gnu packages zig-xyz)
(rosenthal packages password-utils))
(define (home-radicle-shepherd-service config)
(list (shepherd-service (provision '(radicle))
(documentation "Start radicle")
(start #~(make-forkexec-constructor (list (string-append #$radicle
"/bin/radicle-node")
"--force")))
(stop #~(make-kill-destructor)))))
(define-public home-radicle-service-type
(service-type (name 'home-radicle)
(extensions (list (service-extension
home-shepherd-service-type
home-radicle-shepherd-service)))
(default-value #f)
(description "Launch the radicle node")))
(define %xdg-data-home
(or (getenv "XDG_DATA_HOME")
(in-vicinity (getenv "HOME") ".local/share")))
;; Source: <https://wiki.archlinux.org/title/XDG_Base_Directory>
(define %xdg-base-directory-env-vars
'(;; bash
("HISTFILE" . "$XDG_STATE_HOME/bash/history")
;; docker
("DOCKER_CONFIG" . "$XDG_CONFIG_HOME/docker")
;; gdb
("GDBHISTFILE" . "$XDG_STATE_HOME/gdb/history")
;; go
("GOMODCACHE" . "$XDG_CACHE_HOME/go/mod")
("GOPATH" . "$XDG_DATA_HOME/go")
;; gradle
("GRADLE_USER_HOME" . "$XDG_DATA_HOME/gradle")
;; guile
("GUILE_HISTORY" . "$XDG_STATE_HOME/guile/history")
;; java
("_JAVA_OPTIONS" . "-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java")
;; luanti
("MINETEST_USER_PATH" . "$XDG_DATA_HOME/luanti")
;; node
("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc")
;; nvidia-driver
("CUDA_CACHE_PATH" . "$XDG_CACHE_HOME/nv")
;; password-store
("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/pass")
;; python
;; TODO: Python 3.13.
("PYTHON_HISTORY" . "$XDG_STATE_HOME/python/history")
;; rust
("CARGO_HOME" . "$XDG_DATA_HOME/cargo")
;; sqlite
("SQLITE_HISTORY" . "$XDG_STATE_HOME/sqlite_history")
;; wget
("WGETRC" . "$XDG_CONFIG_HOME/wgetrc")))
(define %guix-keys
(list (plain-file "dorphine.pub"
"(public-key (ecc (curve Ed25519)
(q #A279175682D0DAE3E11268E67E1F3FA47C38D7E509F7725567CF891E248E719F#)))")
(plain-file "nuporta.pub"
"(public-key (ecc (curve Ed25519)
(q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))")
(plain-file "ignamma.pub"
"(public-key (ecc (curve Ed25519)
(q #6FEEB15C4363F9975EB15C908EC911A4362E486DA642431FA2438C0B1C3D55F5#)))")
(plain-file "workers-hako.pub"
"(public-key (ecc (curve Ed25519)
(q #7927EA1162184C1FAA62D20C111121A4604F00956E69F0FEB89EEE1721647897#)))")
(plain-file "workers-poesty.pub"
"(public-key (ecc (curve Ed25519)
(q #8C4662FA0BC955B33261EEA5AA15F33081A7BEC991E5F990F7382F0988459B37#)))")
;; Guix Moe
(plain-file "guix-moe-old.pub"
"(public-key (ecc (curve Ed25519)
(q #374EC58F5F2EC0412431723AF2D527AD626B049D657B5633AAAEBC694F3E33F9#)))")
(plain-file "guix-moe.pub"
"(public-key (ecc (curve Ed25519)
(q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))")
;; Nonguix
(plain-file "nonguix.pub"
"(public-key (ecc (curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))
(define %network-manager-ipv6-privacy
`("ip6-privacy.conf"
,(plain-file "ip6-privacy.conf" "\
# Use IPv6 Privacy Extensions.
[connection]
ipv6.ip6-privacy=2\n")))
;; NOTE: When using on cloud machines, refer to the terms of the provider
;; first.
(define %network-manager-random-mac-address
`("rand_mac.conf"
,(plain-file "rand_mac.conf" "\
# Generate a random MAC for each network connection and associate the two
# permanently.
[connection-mac-randomization]
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=stable\n")))
(define %os
(operating-system
(host-name "windows")
(timezone "Asia/Kolkata")
(keyboard-layout
(keyboard-layout "us" "" #:options '("ctrl:nocaps")))
(bootloader
(bootloader-configuration
(bootloader grub-efi-bootloader)
(targets '("/boot/efi"))
(keyboard-layout keyboard-layout)))
(kernel linux)
(initrd microcode-initrd)
(firmware (cons* linux-firmware sof-firmware %base-firmware))
(kernel-arguments
(cons* "kernel.sysrq=1"
"memtest=3"
"modprobe.blacklist=amdgpu,pcspkr,hid_nintendo"
"zswap.enabled=1"
"zswap.max_pool_percent=90"
%default-kernel-arguments))
(file-systems (append (list
(file-system
(mount-point "/boot/efi")
(device (uuid "61F0-B1B7"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device (uuid
"d3550e19-5bef-4b2b-b55b-ea48919e20d1"
'ext4))
(type "ext4"))) %base-file-systems))
(swap-devices
(list (swap-space
(target
(uuid "101b0d73-bede-445b-9f90-63c7a43b3e09")))))
(users (cons* (user-account
(name "akshit")
(group "users")
(supplementary-groups '("audio" "docker" "kvm" "plugdev" "video" "wheel"))
(shell (file-append fish "/bin/fish"))) %base-user-accounts))
(packages
(append (specifications->packages
'(;; CLI Utilities.
"curl"
"dconf"
"fd"
"jujutsu"
"git"
"gnupg"
"mosh"
"ncurses"
"ripgrep"
"rsync"
;"sops"
"unzip"
;; Desktop applications.
;"digikam"
;"gimp"
"imv"
;"kdenlive"
;"libreoffice"
"obs-nvidia"
;"telegram-desktop"
"zathura"
"zathura-pdf-poppler"
;; Necessary things
"nss-certs"
"niri"
"wl-clipboard"
"xdg-desktop-portal-gnome"
"xdg-desktop-portal-gtk"
"xdg-utils"
"font-adobe-source-serif"
"font-apple-new-york"
"font-apple-sf-pro"
"font-chiron-hei-hk"
"font-chiron-sung-hk"
"font-google-noto"
"font-google-noto-emoji"
"font-nerd-symbols"
"font-sarasa-gothic"
"font-victor-mono"
"radicle"
"librewolf"
"adaptive-tab-bar-colour-icecat"
"bitwarden-icecat"
"livemarks-icecat"
"ohmyech-icecat"
"ublock-origin-icecat"
"mpv-nvidia"
"mangohud"
"steam-nvidia"
"exo"
"file-roller"
"thunar"
"thunar-archive-plugin"
"thunar-media-tags-plugin"
"thunar-volman"
"tumbler"
"wezterm"
"emacs-pgtk"
"emacs-gcmh"
"emacs-no-littering"
"emacs-beancount"
"emacs-caddyfile-mode"
"emacs-edit-indirect"
"emacs-fish-mode"
"emacs-json-mode"
"emacs-kdl-mode"
"emacs-markdown-mode"
"emacs-nftables-mode"
"emacs-zig-mode"
"python"
"rust"
"rust:cargo"
"zig"))
%base-packages))
(services
(cons* (service guix-home-service-type
`(("akshit" ,(home-environment
(services
(cons* (service home-dotfiles-service-type
(home-dotfiles-configuration
(directories '("files/dotfiles"))))
(simple-service 'xdg-base-directory home-environment-variables-service-type
%xdg-base-directory-env-vars)
(simple-service 'modprobed-db home-shepherd-service-type
(list (shepherd-timer '(update-modprobed-db)
#~(calendar-event #:minutes '(0))
#~(#$(file-append modprobed-db "/bin/modprobed-db") "storesilent"))))
(service home-fish-service-type)
(service home-fish-plugin-atuin-service-type)
(service home-fish-plugin-direnv-service-type)
(service home-fish-plugin-zoxide-service-type)
(simple-service 'fish-emacs-eat home-fish-service-type
(home-fish-extension
(config
(list (plain-file "emacs-eat.fish" "\
if test -n \"$EAT_SHELL_INTEGRATION_DIR\"
source $EAT_SHELL_INTEGRATION_DIR/fish
end")))))
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program (file-append pinentry-qt "/bin/pinentry-qt"))
(ssh-support? #t)))
(service home-niri-service-type
(home-niri-configuration
(config
(computed-substitution-with-inputs "niri.kdl"
(local-file "files/niri.kdl")
(list wezterm xwayland-satellite)))))
(service home-noctalia-shell-service-type)
(service home-polkit-gnome-service-type)
(service home-theme-service-type
(home-theme-configuration
(packages (list qogir-icon-theme))
(icon-theme "Qogir")
(cursor-theme "Qogir")))
(simple-service 'extend-fontconfig home-fontconfig-service-type
(let ((sans "SF Pro Text")
(serif "New York Medium")
(mono "Victor Mono")
(emoji "Noto Color Emoji"))
`((alias
(family "sans-serif")
(prefer
(family ,sans)
(family "Chiron Hei HK VF")
(family ,emoji)))
(alias
(family "serif")
(prefer
(family ,serif)
(family "Chiron Sung HK VF")
(family ,emoji)))
(alias
(family "monospace")
(prefer
(family ,mono)
(family "Chiron Sung HK VF")
(family ,emoji)))
,@(map (lambda (name)
`(alias
(family ,name)
(prefer
(family ,sans)
(family "sans-serif"))))
'("BlinkMacSystemFont"
"-apple-system"
"system-ui"
"ui-sans-serif"))
(alias
(family "ui-serif")
(prefer
(family ,serif)
(family "serif")))
(alias
(family "ui-monospace")
(prefer
(family ,mono)
(family "monospace"))))))
(service home-fcitx5-service-type
(home-fcitx5-configuration
(themes (list fcitx5-material-color-theme))
(input-method-editors (list fcitx5-rime))
(gtk-im-module? #t)
(qt-im-module? #t)))
(service home-radicle-service-type)
(simple-service 'mpv-mpris home-xdg-configuration-files-service-type
`(("mpv/scripts/mpris.so"
,(file-append mpv-mpris "/lib/mpris.so"))))
(simple-service 'emacs-environment home-environment-variables-service-type
`(("EDITOR" . "emacsclient")
("VISUAL" . "$EDITOR")
("SSL_CERT_DIR" . "/etc/ssl/certs/")
("SSL_CERT_FILE" . "/etc/ssl/certs/ca-certificates.crt")
("GIT_SSL_CAINFO" . "$SSL_CERT_FILE")
("ESHELL" . ,(file-append fish "/bin/fish"))))
(simple-service 'emacs home-shepherd-service-type
(list (shepherd-service
(provision '(emacs-daemon))
(start #~(make-forkexec-constructor '("emacs" "--fg-daemon")))
(stop #~(make-kill-destructor)))))
(service home-keyboard-service-type keyboard-layout)
%rosenthal-desktop-home-services))))))
(simple-service 'extend-kernel-module-loader kernel-module-loader-service-type
'("sch_fq_pie" "tcp_bbr"))
(simple-service 'extend-sysctl sysctl-service-type
'(("net.core.default_qdisc" . "fq_pie")
("net.ipv4.tcp_congestion_control" . "bbr")
;; https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
("net.core.rmem_max" . "7500000")
("net.core.wmem_max" . "7500000")))
(service tlp-service-type)
(simple-service 'auto-power-off shepherd-root-service-type
(list (shepherd-timer '(auto-power-off)
#~(calendar-event #:minutes '(0 10 20 30 40 50))
#~(#$(program-file "auto-power-off"
#~(begin
(use-modules (ice-9 textual-ports))
(define %battery-capacity
(call-with-input-file "/sys/class/power_supply/BAT1/capacity"
(compose string->number get-line)))
(when (<= %battery-capacity 10)
(system* "loginctl" "poweroff"))))))))
(udev-rules-service 'u2f libfido2 #:groups '("plugdev"))
(service containerd-service-type)
(service docker-service-type)
(simple-service 'niri-nvidia-profile etc-service-type
`(("nvidia/nvidia-application-profiles-rc.d/50-limit-free-buffer-pool-in-wayland-compositors.json"
,(computed-file "50-limit-free-buffer-pool-in-wayland-compositors.json"
(with-extensions (list guile-json-4)
#~(begin
(use-modules (json))
(call-with-output-file #$output
(lambda (port)
(scm->json
'(("profiles"
. #((("settings"
. #((("value" . 0)
("key" . "GLVidHeapReuseRatio"))))
("name" . "Limit Free Buffer Pool On Wayland Compositors"))))
("rules"
. #((("profile" . "Limit Free Buffer Pool On Wayland Compositors")
("pattern"
("matches" . "niri")
("feature" . "procname"))))))
port
#:pretty #t)))))))))
(service gnome-keyring-service-type)
(udev-rules-service 'steam-devices steam-devices-udev-rules)
(udev-rules-service 'controller (udev-rule "60-controller-permission.rules" "\
KERNEL==\"event*\", ATTRS{idVendor}==\"045e\", ATTRS{idProduct}==\"028e\", \
MODE=\"0660\", GROUP=\"users\""))
(service syncthing-service-type
(syncthing-configuration
(user "akshit")))
;(service guix-publish-service-type
; (guix-publish-configuration
; (port 49637)
; (host "0.0.0.0")
; (advertise? #t)))
(simple-service 'extend-guix guix-service-type
(guix-extension
(authorized-keys %guix-keys)
(substitute-urls '("https://cache-cdn.guix.moe"))))
(simple-service 'guix-gc shepherd-root-service-type
(list (shepherd-timer '(guix-gc)
#~(calendar-event #:days-of-week '(sunday) #:hours '(12) #:minutes '(0))
#~("/run/current-system/profile/bin/guix" "gc" "--delete-generations=1m")
#:requirement '(user-processes guix-daemon))))
(modify-services %rosenthal-desktop-services/tuigreet
(elogind-service-type
config => (elogind-configuration
(inherit config)
(handle-suspend-key 'ignore)
(handle-hibernate-key 'ignore)
(handle-lid-switch 'ignore)
(handle-lid-switch-external-power 'ignore)))
(guix-service-type
config => (guix-configuration
(inherit config)
(discover? #t)
(extra-options '("--cores=16"))
(tmpdir "/var/tmp")))
(network-manager-service-type
config => (network-manager-configuration
(inherit config)
(extra-configuration-files
(list %network-manager-ipv6-privacy
%network-manager-random-mac-address)))))))
(name-service-switch %mdns-host-lookup-nss)))
((compose (nonguix-transformation-nvidia #:open-source-kernel-module? #t #:s0ix-power-management? #t)
;(rosenthal-transformation-zfs #:boot? #t)
)
%os)
<a id="org859bad5"></a>
## Guix Home
(service guix-home-service-type
`(("akshit" ,(home-environment
(services
(cons* (service home-dotfiles-service-type
(home-dotfiles-configuration
(directories '("files/dotfiles"))))
(simple-service 'xdg-base-directory home-environment-variables-service-type
%xdg-base-directory-env-vars)
(simple-service 'modprobed-db home-shepherd-service-type
(list (shepherd-timer '(update-modprobed-db)
#~(calendar-event #:minutes '(0))
#~(#$(file-append modprobed-db "/bin/modprobed-db") "storesilent"))))
(service home-fish-service-type)
(service home-fish-plugin-atuin-service-type)
(service home-fish-plugin-direnv-service-type)
(service home-fish-plugin-zoxide-service-type)
(simple-service 'fish-emacs-eat home-fish-service-type
(home-fish-extension
(config
(list (plain-file "emacs-eat.fish" "\
if test -n \"$EAT_SHELL_INTEGRATION_DIR\"
source $EAT_SHELL_INTEGRATION_DIR/fish
end")))))
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program (file-append pinentry-qt "/bin/pinentry-qt"))
(ssh-support? #t)))
(service home-niri-service-type
(home-niri-configuration
(config
(computed-substitution-with-inputs "niri.kdl"
(local-file "files/niri.kdl")
(list wezterm xwayland-satellite)))))
(service home-noctalia-shell-service-type)
(service home-polkit-gnome-service-type)
(service home-theme-service-type
(home-theme-configuration
(packages (list qogir-icon-theme))
(icon-theme "Qogir")
(cursor-theme "Qogir")))
(simple-service 'extend-fontconfig home-fontconfig-service-type
(let ((sans "SF Pro Text")
(serif "New York Medium")
(mono "Victor Mono")
(emoji "Noto Color Emoji"))
`((alias
(family "sans-serif")
(prefer
(family ,sans)
(family "Chiron Hei HK VF")
(family ,emoji)))
(alias
(family "serif")
(prefer
(family ,serif)
(family "Chiron Sung HK VF")
(family ,emoji)))
(alias
(family "monospace")
(prefer
(family ,mono)
(family "Chiron Sung HK VF")
(family ,emoji)))
,@(map (lambda (name)
`(alias
(family ,name)
(prefer
(family ,sans)
(family "sans-serif"))))
'("BlinkMacSystemFont"
"-apple-system"
"system-ui"
"ui-sans-serif"))
(alias
(family "ui-serif")
(prefer
(family ,serif)
(family "serif")))
(alias
(family "ui-monospace")
(prefer
(family ,mono)
(family "monospace"))))))
(service home-fcitx5-service-type
(home-fcitx5-configuration
(themes (list fcitx5-material-color-theme))
(input-method-editors (list fcitx5-rime))
(gtk-im-module? #t)
(qt-im-module? #t)))
(service home-radicle-service-type)
(simple-service 'mpv-mpris home-xdg-configuration-files-service-type
`(("mpv/scripts/mpris.so"
,(file-append mpv-mpris "/lib/mpris.so"))))
(simple-service 'emacs-environment home-environment-variables-service-type
`(("EDITOR" . "emacsclient")
("VISUAL" . "$EDITOR")
("SSL_CERT_DIR" . "/etc/ssl/certs/")
("SSL_CERT_FILE" . "/etc/ssl/certs/ca-certificates.crt")
("GIT_SSL_CAINFO" . "$SSL_CERT_FILE")
("ESHELL" . ,(file-append fish "/bin/fish"))))
(simple-service 'emacs home-shepherd-service-type
(list (shepherd-service
(provision '(emacs-daemon))
(start #~(make-forkexec-constructor '("emacs" "--fg-daemon")))
(stop #~(make-kill-destructor)))))
(service home-keyboard-service-type keyboard-layout)
%rosenthal-desktop-home-services))))))
`dorphine/dotfiles` directory is created when tangling this file.
(service home-dotfiles-service-type
(home-dotfiles-configuration
(directories '("files/dotfiles"))))
(simple-service 'xdg-base-directory home-environment-variables-service-type
%xdg-base-directory-env-vars)
<a id="org17bee83"></a>
## Base
<a id="orgd5ded91"></a>
### Kernel
(simple-service 'extend-kernel-module-loader kernel-module-loader-service-type
'("sch_fq_pie" "tcp_bbr"))
(simple-service 'extend-sysctl sysctl-service-type
'(("net.core.default_qdisc" . "fq_pie")
("net.ipv4.tcp_congestion_control" . "bbr")
;; https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
("net.core.rmem_max" . "7500000")
("net.core.wmem_max" . "7500000")))
(simple-service 'modprobed-db home-shepherd-service-type
(list (shepherd-timer '(update-modprobed-db)
#~(calendar-event #:minutes '(0))
#~(#$(file-append modprobed-db "/bin/modprobed-db") "storesilent"))))
DBPATH="/home/akshit/.config"
COLORS=light
IGNORE=(nvidia nvidia_drm nvidia_modeset nvidia_uvm)
<a id="orgeb2209b"></a>
### File Systems
(list
(file-system
(mount-point "/boot/efi")
(device (uuid "61F0-B1B7"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device (uuid
"d3550e19-5bef-4b2b-b55b-ea48919e20d1"
'ext4))
(type "ext4")))
<a id="org1a3eab0"></a>
### Users
Personal account.
(user-account
(name "akshit")
(group "users")
(supplementary-groups '("audio" "docker" "kvm" "plugdev" "video" "wheel"))
(shell (file-append fish "/bin/fish")))
(service home-fish-service-type)
<a id="org30d4a8a"></a>
### Shell Utilities
(service home-fish-plugin-atuin-service-type)
(service home-fish-plugin-direnv-service-type)
(service home-fish-plugin-zoxide-service-type)
(simple-service 'fish-emacs-eat home-fish-service-type
(home-fish-extension
(config
(list (plain-file "emacs-eat.fish" "\
if test -n \"$EAT_SHELL_INTEGRATION_DIR\"
source $EAT_SHELL_INTEGRATION_DIR/fish
end")))))
<a id="org8ccb290"></a>
### SOPS Secrets
Create GPG home directory specifically for use with SOPS.
MY_GPGHOME="<GPG homedir>"
mkdir --parents --mode=0700 "$MY_GPGHOME"
cat <<EOF > "$MY_GPGHOME/gpg.conf"
pinentry-mode loopback
EOF
cat <<EOF > "$MY_GPGHOME/gpg-agent.conf"
allow-loopback-pinentry
EOF
unset MY_GPGHOME
Generate passwordless ECC key:
MY_GPGHOME="<GPG homedir>"
MY_NAME="<Your Name>"
echo '
%no-protection
Key-Type: EDDSA
Key-Curve: ed25519
Subkey-Type: ECDH
Subkey-Curve: cv25519
Name-Real: $MY_NAME
Expire-Date: 0' | gpg --homedir "$MY_GPGHOME" --batch --generate-key
unset MY_GPGHOME MY_NAME
;:noweb-ref home-service
(service home-sops-secrets-service-type
(home-sops-service-configuration
(sops sops)
(gnupg-home (in-vicinity %xdg-data-home "sops"))
(secrets
(list (sops-secret
(key '("mail"))
(file %sops-dorphine))))))
<a id="org97f534e"></a>
## Power Management
(service tlp-service-type)
(simple-service 'auto-power-off shepherd-root-service-type
(list (shepherd-timer '(auto-power-off)
#~(calendar-event #:minutes '(0 10 20 30 40 50))
#~(#$(program-file "auto-power-off"
#~(begin
(use-modules (ice-9 textual-ports))
(define %battery-capacity
(call-with-input-file "/sys/class/power_supply/BAT1/capacity"
(compose string->number get-line)))
(when (<= %battery-capacity 10)
(system* "loginctl" "poweroff"))))))))
<a id="org47df4b6"></a>
## Networking & SSH
<a id="orgcf33285"></a>
### nftables
;:noweb-ref service
(service nftables-service-type
(nftables-configuration
(ruleset (local-file "files/dorphine.nftables"))))
;:tangle ../files/tangled/dorphine/dorphine.nftables
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# early drop of invalid connections
ct state invalid drop
# allow established/related connections
ct state { established, related } accept
# allow from loopback
iif lo accept
# drop connections to lo not coming from lo
iif != lo ip daddr 127.0.0.1/8 drop
iif != lo ip6 daddr ::1/128 drop
# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# allow avahi
udp dport mdns accept
# allow caddy
tcp dport https accept
udp dport https accept
# allow cuirass
tcp dport 5558 accept
# allow guix-publish
tcp dport 49637 accept
# allow minecraft
tcp dport 25565 accept
# allow syncthing
udp dport 21027 accept
meta l4proto { tcp, udp } th dport 22000 accept
# allow tailscale
tcp dport 41641 accept
# allow warframe
udp dport { 4950, 4955 } accept
tcp dport 6695-6699 accept
# reject everything else
reject with icmpx type port-unreachable
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
<a id="org72c40c8"></a>
### tailscale
;:noweb-ref service
(service tailscale-service-type)
<a id="org2681133"></a>
### openssh
;:noweb-ref service
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(permit-root-login 'prohibit-password)
(password-authentication? #f)))
<a id="orgcfdad76"></a>
### fail2ban
;:noweb-ref service
(service fail2ban-service-type
(fail2ban-configuration
(extra-jails
(list (fail2ban-jail-configuration
(name "sshd")
(enabled? #t))))))
<a id="org5f73a29"></a>
## OpenPGP & Security Token
<a id="org038db76"></a>
### pcscd
;:noweb-ref service
(service pcscd-service-type)
<a id="orga8feb13"></a>
### gpg-agent
(service home-gpg-agent-service-type
(home-gpg-agent-configuration
(pinentry-program (file-append pinentry-qt "/bin/pinentry-qt"))
(ssh-support? #t)))
<a id="orgdf25a0f"></a>
### libfido2
(udev-rules-service 'u2f libfido2 #:groups '("plugdev"))
<a id="orgd6716c0"></a>
## Containers & Virtualization
<a id="orgb322014"></a>
### containerd
(service containerd-service-type)
<a id="org8e12365"></a>
### docker
(service docker-service-type)
<a id="org597186b"></a>
### podman
(service rootless-podman-service-type
(rootless-podman-configuration
(subgids
(list (subid-range (name "akshit"))))
(subuids
(list (subid-range (name "akshit"))))))
<a id="org591b30a"></a>
## Continuous Integration
<a id="org4e22a9c"></a>
### cuirass-remote-worker
Open TCP port 5558 and connect to server IPv4 address.
;:noweb-ref service
(service cuirass-remote-worker-service-type
(cuirass-remote-worker-configuration
(publish-port 5558)
(workers 2)
(systems '("x86_64-linux" "i686-linux"))
(server "100.97.195.93:5555") ;nuporta (Tailscale)
(substitute-urls
'("https://ci.guix.moe"
"https://ci.guix.gnu.org"
"https://bordeaux.guix.gnu.org"
"https://substitutes.nonguix.org"))))
<a id="orgecb6fab"></a>
## Monitoring
<a id="orgaa887d4"></a>
### alloy
;:noweb-ref service
(service alloy-service-type
(alloy-configuration
(config
(plain-file "dorphine.alloy"
(string-join
(list (sops-str %sops-dorphine '("alloy"))
(file-content (testament-plain "alloy/node-exporter.alloy")))
"\n")))))
<a id="org281a9b8"></a>
## Graphical Session
<a id="orgb9942cb"></a>
### niri
"niri"
"wl-clipboard"
"xdg-desktop-portal-gnome"
"xdg-desktop-portal-gtk"
"xdg-utils"
(service home-niri-service-type
(home-niri-configuration
(config
(computed-substitution-with-inputs "niri.kdl"
(local-file "files/niri.kdl")
(list wezterm xwayland-satellite)))))
prefer-no-csd
screenshot-path "~/Pictures/Screenshots/%Y%m%d-%H%M%S.png"
xwayland-satellite {
path "$$bin/xwayland-satellite$$"
}
// Guix Home (home-shepherd-service-type)
spawn-at-startup "shepherd"
hotkey-overlay {
skip-at-startup
}
window-rule {
match app-id="librewolf" title="^Picture-in-Picture$"
open-floating true
}
window-rule {
match app-id="steam" title=r#"^notificationtoasts_\d+_desktop$"#
default-floating-position x=10 y=10 relative-to="bottom-right"
}
window-rule {
match app-id="thunar" title="^File Operation Progress$"
open-floating true
}
// Noctalia
window-rule {
geometry-corner-radius 20
clip-to-geometry true
}
debug {
honor-xdg-activation-with-invalid-serial
}
// Set the regular wallpaper on the backdrop.
layer-rule {
match namespace="^noctalia-wallpaper*"
place-within-backdrop true
}
// Optionally, disable the workspace shadows in the overview.
overview {
workspace-shadow {
off
}
}
layout {
// Set transparent workspace background color so you see the backdrop at all times.
background-color "transparent"
focus-ring {
off
}
border {
off
}
}
input {
keyboard {
repeat-delay 300
repeat-rate 30
}
touchpad {
tap
natural-scroll
}
warp-mouse-to-focus
}
output "eDP-1" {
mode "2560x1440@240.002"
}
output "DP-1" {
focus-at-startup
}
binds {
XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; }
XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; }
XF86AudioMicMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteInput"; }
XF86AudioPlay allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "play"; }
XF86AudioStop allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "pause"; }
XF86AudioPrev allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "previous"; }
XF86AudioNext allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "media" "next"; }
XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "-d" "intel_backlight" "set" "+5%"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "-d" "intel_backlight" "set" "5%-"; }
Mod+O { spawn "noctalia-shell" "ipc" "call" "controlCenter" "toggle"; }
Mod+A { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; }
Mod+D { spawn "noctalia-shell" "ipc" "call" "plugin:clipper" "togglePanel"; }
Mod+S { spawn "noctalia-shell" "ipc" "call" "settings" "toggle"; }
Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Mod+Shift+E { spawn "herd" "restart" "noctalia-shell"; }
Mod+E { spawn "emacsclient" "--create-frame" "--no-wait"; }
Mod+Return { spawn "$$bin/wezterm$$"; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+Shift+Left { move-column-left; }
Mod+Shift+Down { move-window-down; }
Mod+Shift+Up { move-window-up; }
Mod+Shift+Right { move-column-right; }
Mod+WheelScrollDown { focus-column-right; }
Mod+WheelScrollUp { focus-column-left; }
Mod+Shift+WheelScrollDown { move-column-right; }
Mod+Shift+WheelScrollUp { move-column-left; }
Mod+Ctrl+Left { focus-monitor-left; }
Mod+Ctrl+Right { focus-monitor-right; }
Mod+Ctrl+Shift+Left { move-column-to-monitor-left; }
Mod+Ctrl+Shift+Right { move-column-to-monitor-right; }
Mod+Ctrl+WheelScrollDown { focus-monitor-right; }
Mod+Ctrl+WheelScrollUp { focus-monitor-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-to-monitor-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-to-monitor-left; }
Mod+Comma { consume-or-expel-window-left; }
Mod+Period { consume-or-expel-window-right; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
Mod+C { center-column; }
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
Mod+Q { close-window; }
Mod+Tab repeat=false { toggle-overview; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
Mod+1 { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+3 { focus-workspace 3; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Ctrl+1 { move-column-to-workspace 1; }
Mod+Ctrl+2 { move-column-to-workspace 2; }
Mod+Ctrl+3 { move-column-to-workspace 3; }
Mod+Ctrl+4 { move-column-to-workspace 4; }
Mod+Ctrl+5 { move-column-to-workspace 5; }
Mod+Ctrl+6 { move-column-to-workspace 6; }
Mod+Ctrl+7 { move-column-to-workspace 7; }
Mod+Ctrl+8 { move-column-to-workspace 8; }
Mod+Ctrl+9 { move-column-to-workspace 9; }
}
[High VRAM usage fix](https://niri-wm.github.io/niri/Nvidia.html):
(simple-service 'niri-nvidia-profile etc-service-type
`(("nvidia/nvidia-application-profiles-rc.d/50-limit-free-buffer-pool-in-wayland-compositors.json"
,(computed-file "50-limit-free-buffer-pool-in-wayland-compositors.json"
(with-extensions (list guile-json-4)
#~(begin
(use-modules (json))
(call-with-output-file #$output
(lambda (port)
(scm->json
'(("profiles"
. #((("settings"
. #((("value" . 0)
("key" . "GLVidHeapReuseRatio"))))
("name" . "Limit Free Buffer Pool On Wayland Compositors"))))
("rules"
. #((("profile" . "Limit Free Buffer Pool On Wayland Compositors")
("pattern"
("matches" . "niri")
("feature" . "procname"))))))
port
#:pretty #t)))))))))
<a id="org15915b8"></a>
### shepherd
Autostart Shepherd in environments that support XDG Autostart (e.g. GNOME).
[Desktop Entry]
Type=Application
Name=Shepherd
Exec=shepherd
<a id="org1fbf998"></a>
### noctalia-shell
Run `herd restart noctalia-shell` on initial setup / after home environment
reconfiguration.
(service home-noctalia-shell-service-type)
<a id="org470734e"></a>
### polkit-gnome
(service home-polkit-gnome-service-type)
<a id="org4239035"></a>
### gnome-keyring
(service gnome-keyring-service-type)
<a id="orgcb7d11c"></a>
### qogir-icon-theme
(service home-theme-service-type
(home-theme-configuration
(packages (list qogir-icon-theme))
(icon-theme "Qogir")
(cursor-theme "Qogir")))
<a id="org2fe6173"></a>
### fontconfig
"font-adobe-source-serif"
"font-apple-new-york"
"font-apple-sf-pro"
"font-chiron-hei-hk"
"font-chiron-sung-hk"
"font-google-noto"
"font-google-noto-emoji"
"font-nerd-symbols"
"font-sarasa-gothic"
"font-victor-mono"
fontconfig on Guix is [known](https://codeberg.org/guix/guix/pulls/5654#issuecomment-9928509) not working with some locales (e.g. `zh_CN.utf8`),
use `en_US.utf8` (the default) if you have encountered issues.
(simple-service 'extend-fontconfig home-fontconfig-service-type
(let ((sans "SF Pro Text")
(serif "New York Medium")
(mono "Victor Mono")
(emoji "Noto Color Emoji"))
`((alias
(family "sans-serif")
(prefer
(family ,sans)
(family "Chiron Hei HK VF")
(family ,emoji)))
(alias
(family "serif")
(prefer
(family ,serif)
(family "Chiron Sung HK VF")
(family ,emoji)))
(alias
(family "monospace")
(prefer
(family ,mono)
(family "Chiron Sung HK VF")
(family ,emoji)))
,@(map (lambda (name)
`(alias
(family ,name)
(prefer
(family ,sans)
(family "sans-serif"))))
'("BlinkMacSystemFont"
"-apple-system"
"system-ui"
"ui-sans-serif"))
(alias
(family "ui-serif")
(prefer
(family ,serif)
(family "serif")))
(alias
(family "ui-monospace")
(prefer
(family ,mono)
(family "monospace"))))))
<a id="orgc3d2b41"></a>
## Applications
<a id="org3154fc1"></a>
### adb
;:noweb-ref service
(udev-rules-service 'android android-udev-rules #:groups '("adbusers"))
<a id="orgea28be8"></a>
### email
;:noweb-ref home-service
(simple-service 'update-mailbox home-shepherd-service-type
(list
(shepherd-timer '(update-mailbox)
#~(calendar-event #:minutes '(0 15 30 45))
#~(#$(program-file "update-mailbox"
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (ice-9 match)
(guix build utils))
;; Sync with mail server.
(invoke #$(file-append isync "/bin/mbsync") "-a"
"--config" #$(local-file (testament-plain "dorphine/mbsync.conf")))
;; Index.
(let ((notmuch #$(file-append notmuch "/bin/notmuch")))
(invoke notmuch "new")
(map (match-lambda
((query . tags)
(apply invoke notmuch "tag"
`(,@(map symbol->string tags) "--" ,query))))
'(;; self
("tag:new AND from:hako@ultrarare.space"
. (+sent))
("tag:new AND (tag:replied OR tag:sent)"
. (-unread))
;; mailing lists
("tag:new AND folder:lists/emacs-devel"
. (+lists +lists/emacs-devel -inbox -new))
("tag:new AND folder:lists/guile-devel"
. (+lists +lists/guile-devel -inbox -new))
("tag:new AND folder:lists/guix-devel"
. (+lists +lists/guix-devel -inbox -new))
("tag:new AND folder:lists/guix-user"
. (+lists +lists/guix-user -inbox -new))
;; folders
("folder:local/Drafts"
. (+draft -unread -inbox -new))
("folder:imap/Archive"
. (+archive -unread -inbox -new))
("folder:imap/Junk"
. (+spam -inbox -new))
("folder:imap/Trash"
. (+trashed -inbox -new))
;; others
("tag:new"
. (+inbox -new)))))
;; Send queued mail.
(invoke "emacsclient" "--eval" "(smtpmail-send-queued-mail)"))))))))
mbsync:
;:tangle ./files/mbsync.conf
Create Both
Expunge Both
CopyArrivalDate yes
MaildirStore local
Path ~/.local/share/mail/imap/
Inbox ~/.local/share/mail/imap/INBOX
Subfolders Verbatim
IMAPAccount hako
Host mail.boiledscript.com
User "hako@ultrarare.space"
PassCmd "cat $XDG_RUNTIME_DIR/secrets/mail"
TLSType IMAPS
IMAPStore remote
Account hako
Channel hako
Far :remote:
Near :local:
Pattern *
SyncState *
l2md:
[general]
base = ~/.local/share/l2md/
oneshot = 1
# emacs-devel@gnu.org
[repo emacs-devel]
url = https://yhetil.org/emacs-devel/0
maildir = ~/.local/share/mail/lists/emacs-devel
# guile-devel@gnu.org
[repo guile-devel]
url = https://yhetil.org/guile-devel/0
maildir = ~/.local/share/mail/lists/guile-devel
# guix-devel@gnu.org
[repo guix-devel]
url = https://yhetil.org/guix-devel/0
maildir = ~/.local/share/mail/lists/guix-devel
# help-guix@gnu.org
[repo guix-user]
url = https://yhetil.org/guix-user/0
maildir = ~/.local/share/mail/lists/guix-user
notmuch:
;:tangle ./files/dotfiles/.config/notmuch/default/config :tangle no
[database]
path=/home/hako/.local/share/mail
[user]
name=Hilton Chain
primary_email=hako@ultrarare.space
[show]
extra_headers=Message-ID;In-Reply-To;References
[new]
tags=new
[search]
exclude_tags=draft;spam
<a id="org372a3f8"></a>
### fcitx5
(service home-fcitx5-service-type
(home-fcitx5-configuration
(themes (list fcitx5-material-color-theme))
(input-method-editors (list fcitx5-rime))
(gtk-im-module? #t)
(qt-im-module? #t)))
<a id="org159679c"></a>
### gdb
Copied from `%default-gdbinit`.
# Tell GDB where to look for separate debugging files.
guile
(use-modules (gdb))
(execute (string-append "set debug-file-directory "
(string-join
(filter file-exists?
(append
(if (getenv "GDB_DEBUG_FILE_DIRECTORY")
(list (getenv "GDB_DEBUG_FILE_DIRECTORY"))
'())
(list "~/.guix-profile/lib/debug"
"~/.guix-home/profile/lib/debug"
"/run/current-system/profile/lib/debug")))
":")))
end
# Authorize extensions found in the store, such as the
# pretty-printers of libstdc++.
set auto-load safe-path /gnu/store/*/lib
<a id="org01ac86f"></a>
### git
[core]
quotePath = false
[init]
defaultBranch = master
[commit]
gpgsign = false
[user]
name = Akshit Gaur
email = akshitgaur@proton.me
;signingkey = ACC66D09CA528292!
[pull]
rebase = true
[rerere]
enabled = true
[diff "scheme"]
xfuncname = "^(\\(define.*)$"
[diff "texinfo"]
xfuncname = "^@node[[:space:]]+([^,]+).*$"
[url "git@codeberg.org:"]
pushInsteadOf = "https://codeberg.org/"
[url "git@github.com:"]
pushInsteadOf = "https://github.com/"
[url "git@gitlab.com:"]
pushInsteadOf = "https://gitlab.com/"
[url "forgejo@git.urspace.moe:"]
pushInsteadOf = "https://git.urspace.moe/"
For emacs-forge.
[github]
user = akshitgaur2005
[gitlab]
user = akshitgaur2005
[AGit Workflow](https://forgejo.org/docs/latest/user/agit-support/) helpers.
;:tangle ./files/dotfiles/.config/git/config :tangle no
[alias]
pr-push = "!f() { branch=$1; topic=$(git branch --show-current); shift; git push origin $topic:refs/for/$branch/$topic -o force-push \"$@\"; }; f"
pr-apply = "!f() { for id in $(git cherry HEAD pullreqs/$1 | cut -c2-); do git cherry-pick --signoff $id; done; }; f"
<a id="org3dd008e"></a>
### radicle
(define (home-radicle-shepherd-service config)
(list (shepherd-service (provision '(radicle))
(documentation "Start radicle")
(start #~(make-forkexec-constructor (list (string-append #$radicle
"/bin/radicle-node")
"--force")))
(stop #~(make-kill-destructor)))))
(define-public home-radicle-service-type
(service-type (name 'home-radicle)
(extensions (list (service-extension
home-shepherd-service-type
home-radicle-shepherd-service)))
(default-value #f)
(description "Launch the radicle node")))
(service home-radicle-service-type)
"radicle"
<a id="org269321e"></a>
### guile
Copied from `%default-dotguile`.
(cond ((false-if-exception (resolve-interface '(ice-9 readline)))
=>
(lambda (module)
;; Enable completion and input history at the REPL.
((module-ref module 'activate-readline))))
(else
(display "Consider installing the 'guile-readline' package for
convenient interactive line editing and input history.\n\n")))
(unless (getenv "INSIDE_EMACS")
(cond ((false-if-exception (resolve-interface '(ice-9 colorized)))
=>
(lambda (module)
;; Enable completion and input history at the REPL.
((module-ref module 'activate-colorized))))
(else
(display "Consider installing the 'guile-colorized' package
for a colorful Guile experience.\n\n"))))
<a id="orgca30597"></a>
### jellyfin-mpv-shim
;:noweb-ref home-service
(simple-service 'jellyfin-mpv-shim home-shepherd-service-type
(list (shepherd-service
(provision '(jellyfin-mpv-shim))
(start
#~(make-forkexec-constructor
'(#$(file-append jellyfin-mpv-shim "/bin/jellyfin-mpv-shim"))))
(stop #~(make-kill-destructor)))))
<a id="orgc9df8fc"></a>
### librewolf
"librewolf"
"adaptive-tab-bar-colour-icecat"
"bitwarden-icecat"
"livemarks-icecat"
"ohmyech-icecat"
"ublock-origin-icecat"
<a id="orge8e3432"></a>
### mpv
"mpv-nvidia"
# https://vcb-s.com/archives/7594
profile=high-quality
cscale=catmull_rom
deband=yes
blend-subtitles=video
video-sync=display-resample
interpolation=yes
tscale=oversample
sub-auto=fuzzy
hwdec=auto-safe
# uosc
osd-bar=no
border=no
fullscreen=yes
force-window=yes
idle=yes
screenshot-directory=/home/akshit/Pictures/MPV/
screenshot-template="%F %P"
(simple-service 'mpv-mpris home-xdg-configuration-files-service-type
`(("mpv/scripts/mpris.so"
,(file-append mpv-mpris "/lib/mpris.so"))))
<a id="org710d6da"></a>
### nano
Copied from `%default-nanorc`.
# Include all the syntax highlighting modules.
include /run/current-system/profile/share/nano/*.nanorc
<a id="org6c6d0bd"></a>
### prismlauncher
;:noweb-ref package
"prismlauncher-dolly"
;:noweb-ref home-service
(simple-service 'openjdk-for-prismlauncher home-files-service-type
(map (lambda (jdk)
(list (in-vicinity ".local/share/PrismLauncher/java" (package-version jdk))
jdk))
(list openjdk25)))
<a id="org2ac6c89"></a>
### steam
"mangohud"
"steam-nvidia"
(simple-service 'nonguix-sandbox-home home-environment-variables-service-type
`(("GUIX_SANDBOX_HOME" . "/var/lib/Sandbox")))
(udev-rules-service 'steam-devices steam-devices-udev-rules)
(udev-rules-service 'controller (udev-rule "60-controller-permission.rules" "\
KERNEL==\"event*\", ATTRS{idVendor}==\"045e\", ATTRS{idProduct}==\"028e\", \
MODE=\"0660\", GROUP=\"users\""))
See also: <https://github.com/ValveSoftware/steam-for-linux/issues/2092>
(udev-rule "60-controller-permission.rules" "\
KERNEL==\"event*\", ATTRS{idVendor}==\"045e\", ATTRS{idProduct}==\"028e\", \
MODE=\"0660\", GROUP=\"users\"")
<a id="orgd676c87"></a>
### syncthing
(service syncthing-service-type
(syncthing-configuration
(user "akshit")))
<a id="org180e8aa"></a>
### thunar
"exo"
"file-roller"
"thunar"
"thunar-archive-plugin"
"thunar-media-tags-plugin"
"thunar-volman"
"tumbler"
TerminalEmulator=open-wezterm-here
<a id="orga977f3c"></a>
### wezterm
"wezterm"
local wezterm = require 'wezterm'
local config = wezterm.config_builder()
-- This improves input latency in my environment.
config.enable_wayland = false
config.window_background_opacity = 0.97
config.color_scheme = 'Catppuccin Mocha'
return config
<a id="orge83ea2c"></a>
### wget
hsts-file = ~/.cache/wget-hsts
<a id="orgfb3d0e4"></a>
## Emacs
(simple-service 'emacs-environment home-environment-variables-service-type
`(("EDITOR" . "emacsclient")
("VISUAL" . "$EDITOR")
("SSL_CERT_DIR" . "/etc/ssl/certs/")
("SSL_CERT_FILE" . "/etc/ssl/certs/ca-certificates.crt")
("GIT_SSL_CAINFO" . "$SSL_CERT_FILE")
("ESHELL" . ,(file-append fish "/bin/fish"))))
(simple-service 'emacs home-shepherd-service-type
(list (shepherd-service
(provision '(emacs-daemon))
(start #~(make-forkexec-constructor '("emacs" "--fg-daemon")))
(stop #~(make-kill-destructor)))))
"emacs-pgtk"
"emacs-gcmh"
"emacs-no-littering"
"emacs-beancount"
"emacs-caddyfile-mode"
"emacs-edit-indirect"
"emacs-fish-mode"
"emacs-json-mode"
"emacs-kdl-mode"
"emacs-markdown-mode"
"emacs-nftables-mode"
"emacs-zig-mode"
"python"
"rust"
"rust:cargo"
"zig"
<a id="org5470768"></a>
## Modules
Guile builtins
(ice-9 match)
Utilities
(gnu)
(guix packages)
(nonguix)
(rosenthal)
(sops secrets)
(guix gexp)
Guix System - services
(gnu services cuirass)
(gnu services containers)
(gnu services docker)
(gnu services linux)
(gnu services networking)
(gnu services pm)
(gnu services security)
(gnu services security-token)
(gnu services ssh)
(gnu services sysctl)
(gnu services xorg)
(gnu services syncthing)
(rosenthal services keyboard)
(rosenthal services monitoring)
(rosenthal services networking)
(rosenthal services shellutils)
(rosenthal services web)
(sops services sops)
Guix Home - services
(gnu home services)
(gnu home services dotfiles)
(gnu home services shepherd)
(gnu home services fontutils)
(gnu home services gnupg)
(gnu home services shells)
(sops home services sops)
Guix packages
(gnu packages android)
(gnu packages cpp)
(gnu packages fcitx5)
(gnu packages file-systems)
(gnu packages games)
(gnu packages gnome-xyz)
(gnu packages gnupg)
(gnu packages guile)
(gnu packages java)
(gnu packages linux)
(gnu packages mail)
(gnu packages python-xyz)
(gnu packages rust)
(gnu packages rust-apps)
(gnu packages security-token)
(gnu packages shells)
(gnu packages ssh)
(gnu packages terminals)
(gnu packages video)
(gnu packages xorg)
(gnu packages zig-xyz)
(rosenthal packages password-utils)
<a id="orgbefae47"></a>
# Helpers
<a id="org8a35950"></a>
## xdg
(define %xdg-data-home
(or (getenv "XDG_DATA_HOME")
(in-vicinity (getenv "HOME") ".local/share")))
;; Source: <https://wiki.archlinux.org/title/XDG_Base_Directory>
(define %xdg-base-directory-env-vars
'(;; bash
("HISTFILE" . "$XDG_STATE_HOME/bash/history")
;; docker
("DOCKER_CONFIG" . "$XDG_CONFIG_HOME/docker")
;; gdb
("GDBHISTFILE" . "$XDG_STATE_HOME/gdb/history")
;; go
("GOMODCACHE" . "$XDG_CACHE_HOME/go/mod")
("GOPATH" . "$XDG_DATA_HOME/go")
;; gradle
("GRADLE_USER_HOME" . "$XDG_DATA_HOME/gradle")
;; guile
("GUILE_HISTORY" . "$XDG_STATE_HOME/guile/history")
;; java
("_JAVA_OPTIONS" . "-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java")
;; luanti
("MINETEST_USER_PATH" . "$XDG_DATA_HOME/luanti")
;; node
("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc")
;; nvidia-driver
("CUDA_CACHE_PATH" . "$XDG_CACHE_HOME/nv")
;; password-store
("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/pass")
;; python
;; TODO: Python 3.13.
("PYTHON_HISTORY" . "$XDG_STATE_HOME/python/history")
;; rust
("CARGO_HOME" . "$XDG_DATA_HOME/cargo")
;; sqlite
("SQLITE_HISTORY" . "$XDG_STATE_HOME/sqlite_history")
;; wget
("WGETRC" . "$XDG_CONFIG_HOME/wgetrc")))
<a id="org0b4c644"></a>
## keys
(define %guix-keys
(list (plain-file "dorphine.pub"
"(public-key (ecc (curve Ed25519)
(q #A279175682D0DAE3E11268E67E1F3FA47C38D7E509F7725567CF891E248E719F#)))")
(plain-file "nuporta.pub"
"(public-key (ecc (curve Ed25519)
(q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))")
(plain-file "ignamma.pub"
"(public-key (ecc (curve Ed25519)
(q #6FEEB15C4363F9975EB15C908EC911A4362E486DA642431FA2438C0B1C3D55F5#)))")
(plain-file "workers-hako.pub"
"(public-key (ecc (curve Ed25519)
(q #7927EA1162184C1FAA62D20C111121A4604F00956E69F0FEB89EEE1721647897#)))")
(plain-file "workers-poesty.pub"
"(public-key (ecc (curve Ed25519)
(q #8C4662FA0BC955B33261EEA5AA15F33081A7BEC991E5F990F7382F0988459B37#)))")
;; Guix Moe
(plain-file "guix-moe-old.pub"
"(public-key (ecc (curve Ed25519)
(q #374EC58F5F2EC0412431723AF2D527AD626B049D657B5633AAAEBC694F3E33F9#)))")
(plain-file "guix-moe.pub"
"(public-key (ecc (curve Ed25519)
(q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))")
;; Nonguix
(plain-file "nonguix.pub"
"(public-key (ecc (curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")))
<a id="orgb922edf"></a>
## network manager
(define %network-manager-ipv6-privacy
`("ip6-privacy.conf"
,(plain-file "ip6-privacy.conf" "\
# Use IPv6 Privacy Extensions.
[connection]
ipv6.ip6-privacy=2\n")))
;; NOTE: When using on cloud machines, refer to the terms of the provider
;; first.
(define %network-manager-random-mac-address
`("rand_mac.conf"
,(plain-file "rand_mac.conf" "\
# Generate a random MAC for each network connection and associate the two
# permanently.
[connection-mac-randomization]
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=stable\n")))