sway.scm 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411
  1. ;; Copyright © 2021 Joshua Branson <jbranso@dismail.de>
  2. ;; This is an operating system configuration template
  3. ;; for a "bare bones" setup, with no X11 display server.
  4. ;;nginx: [emerg] unexpected "}" in /gnu/store/5lbwcjf9kc6vvbi4jxhfw84j2r58qdwx-nginx.conf:43
  5. (add-to-load-path (dirname (current-filename)))
  6. (use-modules
  7. (gnu)
  8. (guix)
  9. ;;(guile-web)
  10. (srfi srfi-1)
  11. ;;(secret nginx)
  12. ;;(secret hostfile)
  13. ;; (sway-service)
  14. ;;(endlessh-service)
  15. ;;(services myvpn)
  16. )
  17. (use-service-modules
  18. admin
  19. avahi
  20. base
  21. databases
  22. desktop
  23. dict
  24. linux
  25. mail
  26. mcron
  27. networking
  28. sound
  29. ssh
  30. sysctl
  31. xorg
  32. vpn
  33. web)
  34. (use-package-modules base databases perl geo idutils gnome package-management)
  35. (define mbsync-every-5-minutes
  36. ;; Every 5 minutes
  37. ;; The job's action is a shell command.
  38. #~(job "*/5 * * * *" ;Vixie cron syntax
  39. "mbsync -c /home/joshua/.mbsyncrc -a"
  40. #:user "joshua"))
  41. (define %15-minutes (* 15 60))
  42. ;;I do not use zile. So no need to have it.
  43. (define %my-base-packages
  44. (remove (lambda (package)
  45. (member (package-name package)
  46. (list "zile")))
  47. (cons* postgresql %base-packages)))
  48. (define (auto-login-to-tty config tty user)
  49. (if (string=? tty (mingetty-configuration-tty config))
  50. (mingetty-configuration
  51. (inherit config)
  52. (auto-login user))
  53. config))
  54. ;; allegedly %desktop-services now contains network-manager-applet...? Can I remove that?
  55. (define %my-desktop-services
  56. (modify-services %desktop-services
  57. (delete avahi-service-type)
  58. (delete bluetooth-service)
  59. ;;elogind-service
  60. (delete gdm-service-type)
  61. (delete geoclue-service)
  62. ;; I customize my pulseaudio-service down below,
  63. ;; so I need to remove it here.
  64. (delete pulseaudio-service-type)
  65. (mingetty-service-type config =>
  66. (auto-login-to-tty config "tty3" "joshua"))
  67. (guix-service-type config =>
  68. (guix-configuration
  69. (inherit config)
  70. (max-silent-time %15-minutes)
  71. ;;(timeout %15-minutes)
  72. ;; ok specifying the --fallback breaks the daemon. weird.
  73. ;; (extra-options '("--fallback"))
  74. ;; I have two CPUs...
  75. (extra-options '("--max-jobs=2"))
  76. ))
  77. (network-manager-service-type config =>
  78. (network-manager-configuration
  79. (inherit config)
  80. ;;(dns "none") ;;DO NOT update resolve.conf
  81. ;;(vpn-plugins (list network-manager-openvpn))
  82. ))
  83. ))
  84. (define %current-directory "/home/joshua/prog/gnu/guix/guix-config/")
  85. (operating-system
  86. (host-name "dobby")
  87. ;;(hosts-file (local-file (string-append %current-directory "my-hosts-file")))
  88. ;;(host-file (text-file* "hosts" "::1 localhost dobby\n"))
  89. ;;(host-file (text-file "hosts" "::1 localhost dobby\n"))
  90. (hosts-file
  91. (plain-file "hosts"
  92. (string-append
  93. "127.0.0.1 localhost dobby\n"
  94. "127.0.0.1 localhost dobby\n"
  95. "127.0.0.1 www.norm.com norm.com norm\n"
  96. "127.0.0.1 www.test.com test.com test\n"
  97. "127.0.0.1 guile.web.server.com guile.web.com www.date.com date.com\n"
  98. "127.0.0.1 local.gnucode.me\n"
  99. ;; this is my guix linode server
  100. "45.56.66.20 locke-lamora lamora locke\n"
  101. "127.0.0.1 local.propernaming.org"
  102. ;;%other-hosts-file-lines
  103. "::1 localhost dobby"
  104. )))
  105. (timezone "America/Indiana/Indianapolis")
  106. (locale "en_US.utf8")
  107. ;;(initrd-modules (list "e1000e" "i915" %base-initrd-modules))
  108. ;; when I reboot, does cat /proc/cmdline still show that I blacklisted:
  109. ;; modprobe.blacklist=usbmouse,usbkbd ?
  110. (kernel-arguments (append
  111. (list "modprobe.blacklist=pcspkr")
  112. %default-kernel-arguments))
  113. (keyboard-layout (keyboard-layout "us" "dvorak"
  114. #:model "thinkpad"
  115. #:options '("ctrl:swapcaps")))
  116. ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
  117. ;; target hard disk, and "my-root" is the label of the target
  118. ;; root file system.
  119. (bootloader (bootloader-configuration
  120. (bootloader grub-bootloader)
  121. (keyboard-layout keyboard-layout)
  122. (target "/dev/sda")
  123. (menu-entries
  124. (list
  125. (menu-entry
  126. (label "Debian 10")
  127. (linux "/boot/vmlinuz-4.19.0-8-amd64")
  128. (linux-arguments '("root=/dev/sda3" "quiet"
  129. ; "iomem=relaxed"
  130. ; the above is useful when I reflash retroboot. retroboot.org
  131. ))
  132. (initrd "/boot/initrd.img-4.19.0-8-amd64"))))))
  133. (file-systems
  134. (cons*
  135. (file-system
  136. (mount-point "/")
  137. (device
  138. (uuid "4bf80701-e54e-44eb-817f-b2f52f5af80e"
  139. 'ext4))
  140. (type "ext4"))
  141. ;;(file-system
  142. ;; (mount-point "/mnt/debian")
  143. ;; (device "/dev/sda3")
  144. ;; (type "ext4"))
  145. %base-file-systems))
  146. (users (cons* (user-account
  147. (name "joshua")
  148. (comment "Joshua Branson")
  149. (group "users")
  150. (home-directory "/home/joshua")
  151. (supplementary-groups
  152. '("audio" "kvm" "netdev" "video" "wheel"
  153. ;;"wireshark"
  154. )))
  155. ;; I was using this as an account to try to update the video of guix's front page.
  156. ;; (user-account
  157. ;; (name "hermione")
  158. ;; (comment "Hermione Granger")
  159. ;; (group "users")
  160. ;; (home-directory "/home/hermione")
  161. ;; (supplementary-groups
  162. ;; '("audio" "video")))
  163. ;;(user-group (name "wireshark"))
  164. %base-user-accounts))
  165. ;; (skeletons (cons*
  166. ;; `(".config/termite/config")
  167. ;; %default-skeletons))
  168. ;; Globally-installed packages.
  169. (packages (append (map specification->package
  170. '("sway" "nss-certs" ;;"nix"
  171. ))
  172. %my-base-packages
  173. ))
  174. ;; Add services to the baseline: a DHCP client and
  175. ;; an SSH server.
  176. (services
  177. (cons*
  178. (service dicod-service-type)
  179. ;; I could use getmail... service type... I do not believe that
  180. ;; the getmail service synchrozies between the maildir and remote service
  181. ;; (service getmail-service-type (getmail-configuration
  182. ;; (getmail-configuration-file (getmail-retriever-configuration
  183. ;; (server "jbranso@dismail.de") (username "jbranso@dismail.de")
  184. ;; ;; this is the SSL/TLS port STARTTLS Port is 143 (port 993)
  185. ;; (password "some password here") ;; This is what I should use
  186. ;; (password-command)) (getmail-destination-configuration (type
  187. ;; "Maildir") (path "/home/joshua/.mail/dismail.de/")))))
  188. ;; https://lists.gnu.org/archive/html/help-guix/2016-08/msg00061.html
  189. ;; https://help.ubuntu.com/community/Dovecot
  190. ;;https://help.ubuntu.com/community/DovecotLDAP
  191. (dovecot-service #:config
  192. (dovecot-configuration
  193. (mail-location "maildir:~/.mail/dismail.de:LAYOUT=fs")
  194. (listen '("127.0.0.1"))
  195. ;; this will change a login of "joshua" to a login of "joshua@dismail.de"
  196. ;;(auth-default-realm "dismail.de")
  197. ;; I do not need ssl support in a locally running dovecot. :)
  198. (ssl? "no")
  199. ;; I have find this useful if dovecot cannot find
  200. ;; my mail
  201. (mail-debug? #t)
  202. ;;currently the only way to login to dovecot is to use
  203. ;; joshua and my regular user password
  204. ;; joshua@dismail.de fails and
  205. ;; jbranso@dismial.de fails.
  206. (protocols
  207. (list (protocol-configuration
  208. (name "imap")
  209. (mail-max-userip-connections 1))))
  210. (services (list
  211. (service-configuration
  212. (kind "imap")
  213. (client-limit 1)))) ))
  214. ;; enable gpg
  215. ;;
  216. ;; GPG_TTY=$(tty)
  217. ;; export GPG_TTY
  218. ;; # start the gpg agent
  219. ;; gpgconf --kill gpg-agent # (just in case it’s already running)
  220. ;; eval $(gpg-agent --daemon) # start the gpg-agent
  221. ;; (service gpg-agent-service-type)
  222. ;; this is a service that will reclaim memory in memory tight situations
  223. (service earlyoom-service-type
  224. (earlyoom-configuration
  225. (prefer-regexp "icecat|chromium|firefox")))
  226. ;; (service endlessh-service-type
  227. ;; (endlessh-configuration
  228. ;; (port-number 22)
  229. ;; (log-level 1)))
  230. (service mcron-service-type
  231. (mcron-configuration
  232. (jobs (list mbsync-every-5-minutes))))
  233. (service nftables-service-type
  234. (nftables-configuration
  235. (ruleset
  236. (local-file (string-append %current-directory "nftables.conf")))))
  237. (service nginx-service-type
  238. (nginx-configuration
  239. (server-blocks
  240. (list
  241. (nginx-server-configuration
  242. (server-name '("date.com"))
  243. (listen '("date.com"))
  244. (root "/home/joshua/prog/guile/decent-dating/")
  245. (locations
  246. (list
  247. (nginx-location-configuration
  248. (uri "/")
  249. (body '("proxy_pass http://date.com:8082;")))
  250. (nginx-location-configuration
  251. (uri "/css/")
  252. (body '("root /home/joshua/prog/guile/decent-dating/;")))
  253. (nginx-location-configuration
  254. (uri "/img/")
  255. (body '("root /home/joshua/prog/guile/decent-dating/;")))
  256. )))
  257. (nginx-server-configuration
  258. (server-name '("local.gnucode.me"))
  259. (listen '("local.gnucode.me"))
  260. (root "/home/joshua/prog/guile/gnucode.me/site/")
  261. (locations
  262. (list
  263. (nginx-location-configuration
  264. (uri "/form/")
  265. (body '("proxy_pass http://local.gnucode.me:8081;")))
  266. (nginx-location-configuration
  267. (uri "/form/css/")
  268. (body '("root /home/joshua/prog/guile/;")))
  269. )))
  270. ;; (nginx-server-configuration
  271. ;; (server-name '("local.propernaming.org"))
  272. ;; (listen '("local.propernaming.org"))
  273. ;; (root "/home/joshua/prog/guile/propernaming/site/")
  274. ;; (locations
  275. ;; (list
  276. ;; (nginx-location-configuration
  277. ;; (uri "/css/")
  278. ;; (body '("root /home/joshua/prog/guile/propernaming/site/;")))
  279. ;; )))
  280. ;;%nginx-servers
  281. ))))
  282. ;; (service postgresql-service-type
  283. ;; (postgresql-configuration
  284. ;; (postgresql postgresql-13)
  285. ;; ;; this is for zipcode things for my dating site
  286. ;; (extension-packages (list postgis))))
  287. ;; I would prefer to instead of copying the file, just modify the default script
  288. ;; certainly guile can take the default script, change a line, and pass back
  289. ;; the modified file.
  290. ;;
  291. ;; This bit of code lets me change the input and out speakers and microphones for my laptop
  292. ;; so that I can use the nice headset that I have.
  293. (service pulseaudio-service-type
  294. (pulseaudio-configuration
  295. (script-file
  296. (local-file
  297. (string-append %current-directory "/pulse/default.pa")))))
  298. ;; (service sway-service-type)
  299. ;; (service sway-service-type
  300. ;; (sway-configuration
  301. ;; (user "joshua")
  302. ;; (group "users")
  303. ;; (variables
  304. ;; (sway-variables-configuration
  305. ;; (letter-left "n")
  306. ;; (letter-right "s")
  307. ;; (letter-up "t")
  308. ;; (letter-down "h")
  309. ;; (default-terminal "termite")
  310. ;; (keyboard-layout (list "dvorak"))
  311. ;; (xkb-options (list "ctrl:swapcaps"))
  312. ;; (tap-to-click? #t)
  313. ;; (natural-scroll? #t)
  314. ;; ))
  315. ;; (bindsyms
  316. ;; (list %sway-basic-bindsyms
  317. ;; %sway-moving-around-bindsyms
  318. ;; %sway-layout-bindsyms
  319. ;; %sway-scratchpad-bindsyms
  320. ;; (sway-bindsym
  321. ;; (command "exec pactl set-sink-volume @DEFAULT_SINK@ +10%")
  322. ;; (key-combo "XF86AudioRaiseVolume"))
  323. ;; (sway-bindsym
  324. ;; (command "exec pactl set-sink-volume @DEFAULT_SINK@ -10%")
  325. ;; (key-combo "XF86AudioLowerVolume"))
  326. ;; (sway-bindsym
  327. ;; (command "exec pactl set-sink-mute @DEFAULT_SINK@ toggle")
  328. ;; (key-combo "XF86AudioMute"))
  329. ;; (sway-bindsym
  330. ;; (command "exec eject")
  331. ;; (key-combo "f9"))))))
  332. ;;Ludo is adding rotlog service to %base-services. (service
  333. ;;rottlog-service-type)
  334. ;; guix system: error: service 'sysctl' provided more than once
  335. ;; (service sysctl-service-type
  336. ;; (sysctl-configuration
  337. ;; (settings
  338. ;; '(
  339. ;; ;; security thing
  340. ;; ;; https://www.phoronix.com/scan.php?page=news_item&px=Dmesg-Unrestricted-2019-So-Far
  341. ;; ;;("kernel.dmesg_restrict" . "1")
  342. ;; ("vm.swappiness" . "30")
  343. ;; ;;disable ipv6
  344. ;; ("net.ipv6.conf.all.disable_ipv6" . "1")
  345. ;; ("net.ipv6.conf.all.disable_policy" . "1")
  346. ;; ("net.ipv6.conf.default.disable_ipv6" . "1")
  347. ;; ("net.ipv6.conf.default.disable_policy" . "1")
  348. ;; ("net.ipv6.conf.enp0s10.disable_ipv6" . "1")
  349. ;; ("net.ipv6.conf.enp0s10.disable_policy" . "1")
  350. ;; ("net.ipv6.conf.lo.disable_ipv6" . "1")
  351. ;; ("net.ipv6.conf.lo.disable_policy" . "1")
  352. ;; ))))
  353. ;; make guix system autoupgrade itself once a week!
  354. (service unattended-upgrade-service-type
  355. (unattended-upgrade-configuration
  356. (schedule "30 01 * * 0")
  357. (system-expiration (* 3 30 24 3600))))
  358. (extra-special-file "/usr/bin/perl"
  359. (file-append perl "/bin/perl"))
  360. ;; currently does not work so not enabling it.
  361. ;; (service wireguard-service-type
  362. ;; (wireguard-configuration
  363. ;; (private-key "/home/joshua/prog/gnu/guix/guix-config/wireguard-keys/privatekey")
  364. ;; (peers
  365. ;; (list
  366. ;; (wireguard-peer
  367. ;; (name "my client laptop")
  368. ;; (endpoint "wireguard.gnucode.me:51820")
  369. ;; (public-key "9zhoGW8DYr9zJHFbzBZUSBQHWlY6h/9HeoNzrC58dTc=")
  370. ;; (allowed-ips '("0.0.0.0/0")))))))
  371. ;; Fedora is including a zram device by default
  372. (service zram-device-service-type
  373. (zram-device-configuration
  374. (size "512M")))
  375. %my-desktop-services)))