From 4d4a42b57666d5aae7facd3327972236ad986cbb Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Kill history to remove past secrets --- channels.scm | 10 + home-configuration.scm | 176 +++++++ home-files/emacs-configuration.el | 96 ++++ home-files/git-ignore.conf | 48 ++ izumi.org | 944 ++++++++++++++++++++++++++++++++++++++ system-configuration.scm | 655 ++++++++++++++++++++++++++ system-files/smtpd.conf | 24 + system-files/sudoers | 3 + 8 files changed, 1956 insertions(+) create mode 100644 channels.scm create mode 100644 home-configuration.scm create mode 100644 home-files/emacs-configuration.el create mode 100644 home-files/git-ignore.conf create mode 100644 izumi.org create mode 100644 system-configuration.scm create mode 100644 system-files/smtpd.conf create mode 100644 system-files/sudoers diff --git a/channels.scm b/channels.scm new file mode 100644 index 0000000..7fb8c27 --- /dev/null +++ b/channels.scm @@ -0,0 +1,10 @@ +(append + %default-channels + (list + (channel + (name 'nonguix) + (url "https://gitlab.com/nonguix/nonguix") + (introduction + (make-channel-introduction + "897c1a470da759236cc11798f4e0a5f7d4d59fbc" + (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))))) diff --git a/home-configuration.scm b/home-configuration.scm new file mode 100644 index 0000000..12b64ec --- /dev/null +++ b/home-configuration.scm @@ -0,0 +1,176 @@ +(use-modules + (gnu home services shells) + (gnu packages) + (gnu packages emacs) + (gnu packages fonts) + (gnu packages gnome) + (gnu packages gnupg) + (gnu packages noweb) + (gnu packages version-control) + (nongnu packages mozilla)) + +(use-modules + (gnu) + (gnu home services)) + +(use-package-modules emacs-xyz) + +(use-service-modules) +(use-modules + (gnu) + (gnu home services) + (guix build-system emacs) + (guix git-download) + ((guix licenses) + #:prefix license:) + (guix packages)) + +(use-package-modules base emacs-xyz gawk) +(use-modules + (gnu services) + (gnu home services) + (guix gexp)) +(use-modules + (gnu home services shells) + (gnu services)) + +(home-environment + (packages + (list + dconf-editor + emacs + emacs-org-modern + emacs-paredit + firefox + font-google-noto + font-google-noto-emoji + font-google-noto-sans-cjk + font-google-noto-serif-cjk + git + gnupg + gnome-tweaks + noweb + pinentry)) + (services + (append + (list + (simple-service + 'emacs-home-profile + home-profile-service-type + (append + (list emacs-guix emacs-nix-mode) + (list + (let + ((commit* "cfab3eb8e1c25640439f10789872e28872d656a0")) + (package + (name "emacs-org-fc") + (version (git-version "0.1.0" "0" commit*)) + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "git://localhost/marek/org-fc") + (commit commit*))) + (file-name (git-file-name name version)) + (sha256 (base32 "0x8bxjh4r1wqh48f69x8k6gxfpixhwci365n0rh827csfjaqs5hg")))) + (build-system emacs-build-system) + (arguments + (list + #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) + #:exclude #~ (cons "^test/" %default-exclude) + #:tests? #t + #:test-command + #~ + (list + "emacs" + "--batch" + "-L" "." + "-L" "tests/" + "-l" "tests/org-fc-filter-test.el" + "-l" "tests/org-fc-indexer-test.el" + "-l" "tests/org-fc-review-data-test.el" + "-f" "ert-run-tests-batch-and-exit") + #:phases + #~ + (modify-phases + %standard-phases + (add-after + 'unpack + 'qualify-paths + (lambda* + (#:key inputs + #:allow-other-keys) + (substitute* + "org-fc-awk.el" + (("\"find ") + (string-append + "\"" + (search-input-file inputs "/bin/find") + " ")) + (("\"gawk ") + (string-append + "\"" + (search-input-file inputs "/bin/gawk") + " ")) + (("\"xargs ") + (string-append + "\"" + (search-input-file inputs "/bin/xargs") + " ")))))))) + (inputs (list findutils gawk)) + (propagated-inputs (list emacs-hydra)) + (home-page "https://www.leonrische.me/fc/index.html") + (synopsis "Spaced repetition system for Emacs Org mode") + (description + (string-append + "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" + "It allows you to mark headlines in a file as flashcards, turning pieces of\n" + "knowledge you want to learn into a question-answer test. These cards are\n" + "reviewed at regular interval. After each review, the next review interval is\n" + "calculated based on how well you remembered the contents of the card.\n")) + (license license:gpl3+)))))) + (simple-service + 'home-files + home-files-service-type + (list + (list ".emacs" (local-file "home-files/emacs-configuration.el")) + (list + ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + (local-file "home-files/git-ignore.conf"))))) + (list + (let* + ((and "&& ") + (collect-garbage "sudo guix gc -d 7d ") + (configuration-prefix "/home/marek/src/izumi/") + (pull-guix "guix pull ") + (reconfigure-home + (string-append + "guix home reconfigure " + configuration-prefix + "home-configuration.scm ")) + (reconfigure-system + (string-append + "sudo guix system reconfigure " + configuration-prefix + "system-configuration.scm ")) + (update-system + (string-append + pull-guix + and + reconfigure-system + and + reconfigure-home + and + collect-garbage))) + (service + home-bash-service-type + (home-bash-configuration + (aliases + (list + `("collect-garbage" . ,collect-garbage) + `("pull-guix" . ,pull-guix) + `("reconfigure-home" . ,reconfigure-home) + `("reconfigure-system" . ,reconfigure-system) + `("update-system" . ,update-system)))))))))) diff --git a/home-files/emacs-configuration.el b/home-files/emacs-configuration.el new file mode 100644 index 0000000..54b17f0 --- /dev/null +++ b/home-files/emacs-configuration.el @@ -0,0 +1,96 @@ +;;; https://github.com/fimblo/dot.emacs +;;; Theme Activation +(load-theme 'misterioso) + +(global-visual-line-mode t) + +;;; Disable Org Indent Mode +(add-hook 'org-mode-hook (lambda () (org-indent-mode -1))) + +;;; Enable ParEdit +(add-hook 'prog-mode-hook 'enable-paredit-mode) + +;;; https://elpa.gnu.org/packages/aggressive-indent.html +;;; Automatic Activation of Aggressive Indent +;; (global-aggressive-indent-mode) + +;; Highlight the pair of delimiters under the cursor +(setq-default show-paren-mode 1 + show-paren-delay 0) + +;;; https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html +;;; Copyright Information +(setq-default user-full-name "Marek Paśnikowski" + user-mail-address "marekpasnikowski@protonmail.com") + +;;; Startup Screen Inhibition +(setq-default inhibit-startup-screen t) + +;; Enable the column-80 line +(setq-default display-fill-column-indicator 1 + display-fill-column-indicator-column t + fill-column 80) +(global-display-fill-column-indicator-mode) + +;;; Enable Org Modern Style +;(with-eval-after-load 'org (global-org-modern-mode)) + +;; Prepare Literate Programming +(setq-default + org-startup-indented t + org-confirm-babel-evaluate nil + org-src-fontify-natively t + org-src-tab-acts-natively t) +(org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) + (scheme . t ) + (shell . t ))) + +(add-to-list 'auto-mode-alist '("\\.epub\\'" . nov-mode)) + +;; Monospace Font in Ebook Reader +(setq-default nov-variable-pitch nil) + +;; Disable Toolbar +(tool-bar-mode -1) + +;; GNUS Configuration +;; (setq-default gnus-auto-select-first nil +;; gnus-select-method '(nnnil "") +;; gnus-secondary-select-methods '((nnimap "outlook" +;; (nnimap-address "outlook.office365.com") +;; (nnimap-server-port 993) +;; (nnimap-stream ssl) +;; (nnimap-authinfo-file "~/.authinfo")) +;; (nnimap "home" +;; (nnimap-address "serwer1930490.home.pl") +;; (nnimap-server-port 993) +;; (nnimap-stream ssl) +;; (nnimap-authinfo-file "~/.authinfo"))) +;; nnmail-split-method 'nnmail-split-fancy +;; nnmail-split-fancy '(| "normal")) +;; (add-hook 'gnus-group-mode-hook 'gnus-topic-mode) + +;; ORG-FC Configuration +(require 'org-fc-hydra) +(setq-default + org-fc-algorithm 'tn + org-fc-shuffle-positions t + org-fc-directories '("~/Dokumenty/fiszki")) + +;; Nix Mode +;; (require 'nix-mode) +;; (add-to-list 'auto-mode-alist '("\\.nix\\'" . nix-mode)) + + +(setq scroll-preserve-screen-position t + scroll-conservatively 0 + maximum-scroll-margin 0.5 + scroll-margin 99999) + +(setq tramp-remote-path + (append tramp-remote-path + '(tramp-own-remote-path + "~/.guix-profile/bin" + "~/.guix-profile/sbin" + "/run/current-system/profile/bin" + "/run/current-system/profile/sbin"))) diff --git a/home-files/git-ignore.conf b/home-files/git-ignore.conf new file mode 100644 index 0000000..98e588f --- /dev/null +++ b/home-files/git-ignore.conf @@ -0,0 +1,48 @@ +# -*- mode: gitignore; -*- +*~ +\#*\# +/.emacs.desktop +/.emacs.desktop.lock +*.elc +auto-save-list +tramp +.\#* + +# Org-mode +.org-id-locations +*_archive + +# flymake-mode +*_flymake.* + +# eshell files +/eshell/history +/eshell/lastdir + +# elpa packages +/elpa/ + +# reftex files +*.rel + +# AUCTeX auto folder +/auto/ + +# cask packages +.cask/ +dist/ + +# Flycheck +flycheck_*.el + +# server auth directory +/server/ + +# projectiles files +.projectile + +# directory configuration +.dir-locals.el + +# network security +/network-security.data diff --git a/izumi.org b/izumi.org new file mode 100644 index 0000000..9a1518c --- /dev/null +++ b/izumi.org @@ -0,0 +1,944 @@ +#+TITLE: Configuration of the Izumi computer +#+AUTHOR: Marek Paśnikowski +#+STARTUP: content +#+PROPERTY: header-args:scheme :noweb yes +#+PROPERTY: header-args:scheme+ :noweb-prefix yes + +* DONE The Monolith + +#+NAME: OPERATING-SYSTEM +#+BEGIN_SRC scheme :tangle system-configuration.scm + ( add-to-load-path "/home/marek/Dokumenty/secrets" ) + + ( use-modules + ( marek ) + ( gnu ) + ( guix records ) + ( ice-9 match ) + ( nongnu packages linux ) + ( nongnu system linux-initrd ) ) + + ( use-package-modules + admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail + version-control ) + + ( use-service-modules + base certbot cgit desktop mail shepherd ssh version-control web xorg ) + + ( define-record-type* + + dkimproxy-out-signature-configuration + make-dkimproxy-out-signature-configuration + dkimproxy-out-signature-configuration? + ( type + dkimproxy-out-signature-configuration-type + ( default 'dkim ) ) + ( key + dkimproxy-out-signature-configuration-key + ( default #f ) ) + ( algorithm + dkimproxy-out-signature-configuration-algorithm + ( default #f ) ) + ( method + dkimproxy-out-signature-configuration-method + ( default #f) ) + ( domain + dkimproxy-out-signature-configuration-domain + ( default #f ) ) + ( identity + dkimproxy-out-signature-configuration-identity + ( default #f ) ) + ( selector + dkimproxy-out-signature-configuration-selector + ( default #f ) ) ) + + ( define generate-dkimproxy-out-signature-configuration + ( match-lambda + ( ( $ + + type + key + algorithm + method + domain + identity + selector ) + ( string-append + ( match type + ( 'dkim "dkim" ) + ( 'domainkeys "domainkeys" ) ) + ( if ( or key algorithm method domain identity selector ) + ( string-append + "(" + ( string-join + `( ,@ ( if key + ( list ( string-append "key=" key ) ) + '() ) + ,@ ( if algorithm + ( list ( string-append "a=" algorithm ) ) + '() ) + ,@ ( if method + ( list ( string-append "c=" method ) ) + '() ) + ,@ ( if domain + ( list ( string-append "d=" domain ) ) + '() ) + ,@ ( if identity + ( list ( string-append "i=" identity ) ) + '() ) + ,@ ( if selector + ( list ( string-append "s=" selector ) ) + '() ) ) + "," ) + ")" ) + "" ) ) ) ) ) + + ( define-record-type* + + dkimproxy-out-configuration + make-dkimproxy-out-configuration + dkimproxy-out-configuration? + ( package + dkimproxy-out-configuration-package + ( default dkimproxy ) ) + ( listen + dkimproxy-out-configuration-listen + ( default #f ) ) + ( relay + dkimproxy-out-configuration-relay + ( default #f ) ) + ( list-id-map + dkimproxy-out-configuration-list-id-map + ( default '() ) ) + ( sender-map + dkimproxy-out-configuration-sender-map + ( default '() ) ) + ( reject-error? + dkimproxy-out-configuration-sender-reject-error? + ( default #f ) ) + ( config-file + dkimproxy-out-configuration-config-file + ( default #f ) ) ) + + ( define ( generate-map-file config filename ) + ( apply + plain-file + filename + ( map ( lambda ( config ) + ( match config + ( ( selector ( config ... ) ) + ( string-append + selector " " + ( string-join + ( map + generate-dkimproxy-out-signature-configuration + config ) + "\n") ) ) + ( ( selector config ) + ( string-append + selector " " + ( generate-dkimproxy-out-signature-configuration + config ) ) ) ) ) + config ) ) ) + + ( define dkimproxy-out-shepherd-service + ( match-lambda + ( ( $ + + package + listen + relay + list-id-map + sender-map + reject-error? + config-file ) + ( list + ( shepherd-service + ( provision '( dkimproxy-out ) ) + ( requirement '( loopback ) ) + ( documentation "Outbound DKIM proxy." ) + ( start + ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) + ( if config-file + #~ + ( make-forkexec-constructor + ( list + #$ + proxy + ( string-append "--conf_file=" #$ config-file ) + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" ) + #:pid-file "/var/run/dkimproxy.out.pid" ) + ( let* + ( ( first-signature + ( match sender-map + ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) + ( ( ( sender signature ) _ ... ) signature ) ) ) + ( domains + ( apply append + ( map + ( lambda ( sender ) + ( match sender + ( ( ( domains ... ) config ) domains ) + ( ( domain config ) domain ) ) ) + sender-map ) ) ) + ( sender-map + ( generate-map-file sender-map "sender.map" ) ) + ( listid-map + ( if ( null? list-id-map ) + #f + ( generate-map-file list-id-map "listid.map" ) ) ) + ( keyfile + ( dkimproxy-out-signature-configuration-key + first-signature ) ) + ( selector + ( dkimproxy-out-signature-configuration-selector + first-signature ) ) + ( method + ( dkimproxy-out-signature-configuration-method + first-signature ) ) + ( signature + ( match ( dkimproxy-out-signature-configuration-type + first-signature ) + ( 'dkim "dkim" ) + ( 'domainkeys "domainkeys" ) ) ) ) + #~ + ( make-forkexec-constructor + `( ,#$ + proxy + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" + ,( string-append "--listen=" #$ listen ) + ,( string-append "--relay=" #$ relay ) + ,( string-append "--sender_map=" #$ sender-map ) + ,@ ( if #$ listid-map + ( list + ( string-append "--listid_map=" #$ listid-map ) ) + '() ) + ,( string-append "--domain=" #$ domains ) + ,( string-append "--keyfile=" #$ keyfile ) + ,( string-append "--selector=" #$ selector ) + ,@ ( if #$ method + ( list + ( string-append "--method=" #$ method ) ) + '() ) + ,@ ( if #$ reject-error? + '( "--reject_error" ) + '() ) + ,@ ( if #$ signature + ( list + ( string-append "--signature=" #$ signature ) ) + '() ) ) ) ) ) ) ) + ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) + + ( define %dkimproxy-accounts + ( list ( user-group + ( name "dkimproxy" ) + ( system? #t ) ) + ( user-account + ( name "dkimproxy" ) + ( group "dkimproxy" ) + ( system? #t ) + ( comment "Dkimproxy user" ) + ( home-directory "/var/empty" ) + ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) + + ( define dkimproxy-out-service-type + ( service-type + ( name 'dkimproxy-out ) + ( description "stub" ) + ( extensions + ( list + ( service-extension + account-service-type + ( const %dkimproxy-accounts ) ) + ( service-extension + shepherd-root-service-type + dkimproxy-out-shepherd-service ) ) ) ) ) + + ( define aliases-file + ( mixed-text-file "aliases" "@ vmail\n" ) ) + + ( define relays-file + ( mixed-text-file + "other-relays" + "mx1.forwardemail.net\n" + "mx2.forwardemail.net\n" ) ) + + ( define blacklist-file + ( mixed-text-file + "blacklist" + "@yahoo.com.cn\n" + "@qq.com\n" + "@fnac.com\n" + "@just-aero.us\n" + "@elitetorrent1.com\n" ) ) + + ( define ( opensmtpd-conf interface domain ) + ( mixed-text-file + "smtpd.conf" + "# This is the smtpd server system-wide configuration file.\n" + "# See smtpd.conf(5) for more information.\n" + "\n" + "# My TLS certificate and key\n" + "pki marekpasnikowski.pl cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"\n" + "pki marekpasnikowski.pl key \"/etc/letsencrypt/live/" domain "/privkey.pem\"\n" + "\n" + "# Edit this file to add add more virtual users (passwords are read in that file\n" + "# instead of /etc/passwd\n" + "table passwd file:" smtpd-keys "\n" + "\n" + "table other-relays file:" relays-file "\n" + "table blacklist file:" blacklist-file "\n" + "\n" + "# A simple spam filter\n" + "# filter spam-filter phase mail-from match mail-from reject \"555\"\n" + "\n" + "# port 25 is used only for receiving from external servers, and they may start\n" + "# a TLS session if they want.\n" + "listen on " interface " port 25 # tls pki marekpasnikowski.pl filter spam-filter\n" + "\n" + "# For sending messages from outside of this server, you need to authenticate and\n" + "# use TLS.\n" + "listen on " interface " port 465 smtps pki marekpasnikowski.pl mask-src auth \n" + "\n" + "# Localhost is used by the .onion, so we use the same configuration for \n" + "# local connections." + "listen on lo port 25 tls pki marekpasnikowski.pl filter spam-filter\n" + "# Since incoming connection uses tor, we don't need tls, but still require\n" + "# authentication; we're not a relay\n" + "# listen on lo port 587 tls pki marekpasnikowski.pl mask-src auth \n" + "\n" + "# DKIMproxy\n" + "listen on lo port 10028 tag DKIM_OUT\n" + "\n" + "# The socket is considered an internal connection\n" + "listen on socket mask-src\n" + "\n" + "# Maybe it'll work better if we connect to gmail only with v4?\n" + "# limit mta for domain gmail.com inet4\n" + "\n" + "# TODO: manage these files directly in the configuration?\n" + "# If you edit the file, you have to run \"smtpctl update table aliases\"\n" + "table aliases file:" aliases-file "\n" + "\n" + "# We define some actions\n" + "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual \n" + "action outbound relay helo \"" domain "\"\n" + "action godkim relay host smtp://127.0.0.1:10027\n" + "\n" + "# We accept to relay any mail from authenticated users\n" + "match for any from any auth action godkim\n" + "match tag DKIM_OUT for any action outbound\n" + "\n" + "# Then, we reject on some other conditions:\n" + "\n" + "# If the mail tries to impersonate us\n" + "# match !from src mail-from \"@marekpasnikowski.pl\" for any reject\n" + "\n" + "# If it comes from someone on the blacklist\n" + "match from any mail-from reject\n" + "\n" + "# Finally, if we accept incoming messages\n" + "match from any for domain \"marekpasnikowski.pl\" action receive\n" + "match for local action receive\n" ) ) + + ( define ( wip-dkim-service domain ) + ( service dkimproxy-out-service-type + ( dkimproxy-out-configuration + ( listen "127.0.0.1:10027" ) + ( relay "127.0.0.1:10028" ) + ( sender-map + `( ( ,domain + ( ,( dkimproxy-out-signature-configuration + ( algorithm "rsa-sha256" ) + ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) + ( method "relaxed" ) + ( selector "dkim" ) + ( type 'dkim ) ) + ,( dkimproxy-out-signature-configuration + ( method "mofws" ) + ( type 'domainkeys ) ) ) ) ) ) ) ) ) + + ( define ( wip-imap-service domain ) + ( service dovecot-service-type + ( dovecot-configuration + ( disable-plaintext-auth? #t ) + ( mail-location "maildir:~/Maildir" ) + ( namespaces + ( list + ( namespace-configuration + ( name "inbox" ) + ( inbox? #t ) + ( mailboxes + ( list + ( mailbox-configuration + ( name "Archive" ) + ( auto "subscribe" ) + ( special-use ( list "\\Archive" ) ) ) + ( mailbox-configuration + ( name "Drafts" ) + ( auto "subscribe" ) + ( special-use ( list "\\Drafts" ) ) ) + ( mailbox-configuration + ( name "Junk" ) + ( auto "subscribe" ) + ( special-use ( list "\\Junk" ) ) ) + ( mailbox-configuration + ( name "Sent" ) + ( auto "subscribe" ) + ( special-use ( list "\\Sent" ) ) ) + ( mailbox-configuration + ( name "Trash" ) + ( auto "subscribe" ) + ( special-use ( list "\\Trash" ) ) ) ) ) ) ) ) + ( passdbs + ( list + ( passdb-configuration + ( args ( list "username_format=%n" "/etc/dovecot-passwd" ) ) + ( driver "passwd-file" ) ) ) ) + ( protocols + ( list + ( protocol-configuration ( name "imap" ) ) + ( protocol-configuration ( name "lmtp" ) ) ) ) + ( services + ( list + ( service-configuration + ( kind "lmtp" ) + ( listeners + ( list + ( inet-listener-configuration + ( address "192.168.10.2 127.0.0.1" ) + ( port 24 ) + ( protocol "lmtp" ) ) + ( unix-listener-configuration + ( group "vmail" ) + ( mode "0666" ) + ( path "lmtp" ) + ( user "vmail" ) ) ) ) ) + ( service-configuration + ( kind "imap-login" ) + ( listeners + ( list + ( inet-listener-configuration + ( address "192.168.10.2" ) + ( port 993 ) + ( protocol "imaps" ) + ;; How does the boolean type map to + ;; the three configuration options? + ;; ( ssl? "required" ) + ) ) ) ) ) ) + ( ssl? "required" ) + ( ssl-cert + ( string-append + " + ( elogind-configuration + ( inherit configuration ) + ( handle-lid-switch 'ignore ) + ( handle-lid-switch-docked 'ignore ) + ( handle-lid-switch-external-power 'ignore ) ) ) + ( gdm-service-type + configuration => + ( gdm-configuration + ( inherit configuration ) + ( auto-suspend? #f ) + ( wayland? #t ) ) ) + ( guix-service-type + configuration => + ( let* + ( ( non-guix.pub + ( string-append + "( public-key ( ecc ( curve Ed25519 )" + "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) + ( authorized-keys + ( append + %default-authorized-guix-keys + ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) + ( extra-options + ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) + ( substitute-urls + ( append + %default-substitute-urls + ( list "https://substitutes.nonguix.org" ) ) ) ) + ( guix-configuration + ( inherit configuration ) + ( authorized-keys authorized-keys ) + ( extra-options extra-options ) + ( substitute-urls substitute-urls ) ) ) ) ) + ( wip-mail-services + #:interface "enp1s0" + #:domain "marekpasnikowski.pl" ) + ( list + ( service certbot-service-type + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" ) ) ) ) ) + ( email certbot-mail ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( service cgit-service-type + ( cgit-configuration + ( nginx + ( list + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( body + ( list + "fastcgi_param HTTP_HOST $server_name ;" + "fastcgi_param PATH_INFO $uri ;" + "fastcgi_param QUERY_STRING $args ;" + "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" + "fastcgi_pass 127.0.0.1:9000 ;" ) ) + ( uri "@cgit" ) ) + ( nginx-location-configuration + ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root cgit ) + ( server-name ( list "git.marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) + ( try-files ( list "$uri" "@cgit" ) ) ) ) ) + ( repositories + ( list + ( repository-cgit-configuration + ( hide? #t ) + ( path "/srv/git/marek/packages" ) ) ) ) + ( repository-directory "/srv/git/marek" ) ) ) + ( service git-daemon-service-type ) + ( service gitolite-service-type + ( gitolite-configuration + ( admin-pubkey gitolite-keys ) ) ) + ( service gnome-desktop-service-type ) + ( service nginx-service-type + ( nginx-configuration + ( server-blocks + ( list + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( uri "/.well-known" ) + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root "/srv/www/marek/marekpasnikowski.pl" ) + ( server-name ( list "marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) + ( service openssh-service-type ) + ( simple-service 'base-profile profile-service-type + ( append %base-packages + ( list + plasma plasma-desktop plasma-framework plasma-integration + plasma-nano plasma-nm plasma-pa plasma-pass plasma-vault + plasma-welcome plasma-workspace plasma-bigscreen plasma-mobile + plasma-phonebook plasma-browser-integration + plasma-mobile-settings plasma-mobile-sounds + plasma-wayland-protocols plasma-active-window-control + plasma-phone-components plasma-redshift-control plasma-disks + plasma-firewall plasma-systemmonitor breeze breeze-gtk bluedevil + breeze-icons kdeplasma-addons keysmith kmenuedit krunner kwin + latte-dock plasma-workspace-wallpapers polkit-kde-agent + system-settings calindori discover elisa kpipewire ksysguard + attica kaccounts-integration kde-frameworkintegration kmail + kscreen akonadi akonadi-contacts akonadi-mime akonadi-notes + akonadi-search akonadi-calendar kdepim-runtime kalendar ) ) ) + ( simple-service + 'nss-profile + profile-service-type + ( list nss-certs ) ) + ( simple-service + 'etc-files + etc-service-type + ( list + `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) + `( "dovecot-passwd" ,dovecot-keys ) ) ) ) ) ) + ( sudoers-file ( local-file "system-files/sudoers" ) ) + ( swap-devices + ( list + ( swap-space + ( target "/dev/sda3" ) ) ) ) + ( timezone "Europe/Warsaw" ) + ( users + ( append + %base-user-accounts + ( list + ( user-account + ( comment "vmail" ) + ( group "vmail" ) + ( home-directory "/home/vmail" ) + ( name "vmail" ) + ( system? #t ) ) + ( user-account + ( comment "Marek Paśnikowski" ) + ( group "users" ) + ( home-directory "/home/marek" ) + ( name "marek" ) + ( supplementary-groups + ( list "audio" "netdev" "video" "wheel" ) ) ) ) ) ) ) +#+END_SRC + +#+NAME: OPENSMTPD-CONFIGURATION-FILE +#+BEGIN_SRC conf :tangle system-files/smtpd.conf + # The prefix on GUIX is not the default one — it is /etc . + table aliases file:/etc/aliases + + # The mail certificates are issued by Let‘s Encrypt and served by NGINX + pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" + pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" + + # Listen for local messages. + listen on lo + + # Listen for messages from the internet. + listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" + listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" + + # There is no filtering in the design, so the two actions are enough. + action receive maildir alias + action send relay + + # Match incoming messages. + match from local for local action receive + match from any for domain "marekpasnikowski.pl" action receive + + # Match outgoing messages. + match for any action send +#+END_SRC + +* [[https://guix.gnu.org/manual/en/html_node/Home-Configuration.html][13 Home Configuration]] + +#+BEGIN_SRC scheme :tangle home-configuration.scm + (use-modules + (gnu home services shells) + (gnu packages) + (gnu packages emacs) + (gnu packages fonts) + (gnu packages gnome) + (gnu packages gnupg) + (gnu packages noweb) + (gnu packages version-control) + (nongnu packages mozilla)) + + <> + <> + <> + <> + + (home-environment + (packages + (list + dconf-editor + emacs + emacs-org-modern + emacs-paredit + firefox + font-google-noto + font-google-noto-emoji + font-google-noto-sans-cjk + font-google-noto-serif-cjk + git + gnupg + gnome-tweaks + noweb + pinentry)) + (services + (append + <> + <>))) +#+END_SRC + +** [[https://guix.gnu.org/manual/en/html_node/Home-Services.html][13.3 Home Services]] + +#+NAME: ESSENTIAL-HOME-SERVICES +#+BEGIN_SRC scheme + (list + <> + <>) +#+END_SRC + +#+NAME: SHELLS +#+BEGIN_SRC scheme + (list + <>) +#+END_SRC + +*** [[https://guix.gnu.org/manual/en/html_node/Essential-Home-Services.html][13.3.1 Essential Home Services]] + +#+NAME: ESSENTIAL-HOME-MODULES +#+BEGIN_SRC scheme + (use-modules + (gnu services) + (gnu home services) + (guix gexp)) +#+END_SRC + +#+NAME: EMACS-HOME-PROFILE +#+BEGIN_SRC scheme + (simple-service + 'emacs-home-profile + home-profile-service-type + (append + <> + <>)) +#+END_SRC + +#+NAME: HOME-FILES-SERVICE-TYPE +#+BEGIN_SRC scheme + (simple-service + 'home-files + home-files-service-type + (list + (list ".emacs" (local-file "home-files/emacs-configuration.el")) + (list + ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + (local-file "home-files/git-ignore.conf")))) +#+END_SRC + +*** [[https://guix.gnu.org/manual/en/html_node/Shells-Home-Services.html][13.3.2 Shells]] + +#+NAME: SHELLS-MODULES +#+BEGIN_SRC scheme + (use-modules + (gnu home services shells) + (gnu services)) +#+END_SRC + +#+NAME: HOME-BASH-SERVICE-TYPE +#+BEGIN_SRC scheme + (let* + ((and "&& ") + (collect-garbage "sudo guix gc -d 7d ") + (configuration-prefix "/home/marek/src/izumi/") + (pull-guix "guix pull ") + (reconfigure-home + (string-append + "guix home reconfigure " + configuration-prefix + "home-configuration.scm ")) + (reconfigure-system + (string-append + "sudo guix system reconfigure " + configuration-prefix + "system-configuration.scm ")) + (update-system + (string-append + pull-guix + and + reconfigure-system + and + reconfigure-home + and + collect-garbage))) + (service + home-bash-service-type + (home-bash-configuration + (aliases + (list + `("collect-garbage" . ,collect-garbage) + `("pull-guix" . ,pull-guix) + `("reconfigure-home" . ,reconfigure-home) + `("reconfigure-system" . ,reconfigure-system) + `("update-system" . ,update-system)))))) +#+END_SRC + +* [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] + +#+NAME: EMACS-ORG-FC-TN-MODULES +#+BEGIN_SRC scheme + (use-modules + (gnu) + (gnu home services) + (guix build-system emacs) + (guix git-download) + ((guix licenses) + #:prefix license:) + (guix packages)) + + (use-package-modules base emacs-xyz gawk) +#+END_SRC + +#+NAME: EMACS-ORG-FC-TN-PACKAGES +#+BEGIN_SRC scheme + (list + (let + ((commit* "cfab3eb8e1c25640439f10789872e28872d656a0")) + (package + (name "emacs-org-fc") + (version (git-version "0.1.0" "0" commit*)) + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "git://localhost/marek/org-fc") + (commit commit*))) + (file-name (git-file-name name version)) + (sha256 (base32 "0x8bxjh4r1wqh48f69x8k6gxfpixhwci365n0rh827csfjaqs5hg")))) + (build-system emacs-build-system) + (arguments + (list + #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) + #:exclude #~ (cons "^test/" %default-exclude) + #:tests? #t + #:test-command + #~ + (list + "emacs" + "--batch" + "-L" "." + "-L" "tests/" + "-l" "tests/org-fc-filter-test.el" + "-l" "tests/org-fc-indexer-test.el" + "-l" "tests/org-fc-review-data-test.el" + "-f" "ert-run-tests-batch-and-exit") + #:phases + #~ + (modify-phases + %standard-phases + (add-after + 'unpack + 'qualify-paths + (lambda* + (#:key inputs + #:allow-other-keys) + (substitute* + "org-fc-awk.el" + (("\"find ") + (string-append + "\"" + (search-input-file inputs "/bin/find") + " ")) + (("\"gawk ") + (string-append + "\"" + (search-input-file inputs "/bin/gawk") + " ")) + (("\"xargs ") + (string-append + "\"" + (search-input-file inputs "/bin/xargs") + " ")))))))) + (inputs (list findutils gawk)) + (propagated-inputs (list emacs-hydra)) + (home-page "https://www.leonrische.me/fc/index.html") + (synopsis "Spaced repetition system for Emacs Org mode") + (description + (string-append + "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" + "It allows you to mark headlines in a file as flashcards, turning pieces of\n" + "knowledge you want to learn into a question-answer test. These cards are\n" + "reviewed at regular interval. After each review, the next review interval is\n" + "calculated based on how well you remembered the contents of the card.\n")) + (license license:gpl3+)))) +#+END_SRC + +* [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/index.html][Emacs-Guix]] + +** [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/Installation.html][2. Installation]] + +#+NAME: EMACS-GUIX-MODULES +#+BEGIN_SRC scheme + (use-modules + (gnu) + (gnu home services)) + + (use-package-modules emacs-xyz) + + (use-service-modules) +#+END_SRC + +#+NAME: EMACS-GUIX-PACKAGES +#+BEGIN_SRC scheme + (list emacs-guix emacs-nix-mode) +#+END_SRC + +* EOF diff --git a/system-configuration.scm b/system-configuration.scm new file mode 100644 index 0000000..19b35ff --- /dev/null +++ b/system-configuration.scm @@ -0,0 +1,655 @@ +( add-to-load-path "/home/marek/Dokumenty/secrets" ) + +( use-modules + ( marek ) + ( gnu ) + ( guix records ) + ( ice-9 match ) + ( nongnu packages linux ) + ( nongnu system linux-initrd ) ) + +( use-package-modules + admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail + version-control ) + +( use-service-modules + base certbot cgit desktop mail shepherd ssh version-control web xorg ) + +( define-record-type* + + dkimproxy-out-signature-configuration + make-dkimproxy-out-signature-configuration + dkimproxy-out-signature-configuration? + ( type + dkimproxy-out-signature-configuration-type + ( default 'dkim ) ) + ( key + dkimproxy-out-signature-configuration-key + ( default #f ) ) + ( algorithm + dkimproxy-out-signature-configuration-algorithm + ( default #f ) ) + ( method + dkimproxy-out-signature-configuration-method + ( default #f) ) + ( domain + dkimproxy-out-signature-configuration-domain + ( default #f ) ) + ( identity + dkimproxy-out-signature-configuration-identity + ( default #f ) ) + ( selector + dkimproxy-out-signature-configuration-selector + ( default #f ) ) ) + +( define generate-dkimproxy-out-signature-configuration + ( match-lambda + ( ( $ + + type + key + algorithm + method + domain + identity + selector ) + ( string-append + ( match type + ( 'dkim "dkim" ) + ( 'domainkeys "domainkeys" ) ) + ( if ( or key algorithm method domain identity selector ) + ( string-append + "(" + ( string-join + `( ,@ ( if key + ( list ( string-append "key=" key ) ) + '() ) + ,@ ( if algorithm + ( list ( string-append "a=" algorithm ) ) + '() ) + ,@ ( if method + ( list ( string-append "c=" method ) ) + '() ) + ,@ ( if domain + ( list ( string-append "d=" domain ) ) + '() ) + ,@ ( if identity + ( list ( string-append "i=" identity ) ) + '() ) + ,@ ( if selector + ( list ( string-append "s=" selector ) ) + '() ) ) + "," ) + ")" ) + "" ) ) ) ) ) + +( define-record-type* + + dkimproxy-out-configuration + make-dkimproxy-out-configuration + dkimproxy-out-configuration? + ( package + dkimproxy-out-configuration-package + ( default dkimproxy ) ) + ( listen + dkimproxy-out-configuration-listen + ( default #f ) ) + ( relay + dkimproxy-out-configuration-relay + ( default #f ) ) + ( list-id-map + dkimproxy-out-configuration-list-id-map + ( default '() ) ) + ( sender-map + dkimproxy-out-configuration-sender-map + ( default '() ) ) + ( reject-error? + dkimproxy-out-configuration-sender-reject-error? + ( default #f ) ) + ( config-file + dkimproxy-out-configuration-config-file + ( default #f ) ) ) + +( define ( generate-map-file config filename ) + ( apply + plain-file + filename + ( map ( lambda ( config ) + ( match config + ( ( selector ( config ... ) ) + ( string-append + selector " " + ( string-join + ( map + generate-dkimproxy-out-signature-configuration + config ) + "\n") ) ) + ( ( selector config ) + ( string-append + selector " " + ( generate-dkimproxy-out-signature-configuration + config ) ) ) ) ) + config ) ) ) + +( define dkimproxy-out-shepherd-service + ( match-lambda + ( ( $ + + package + listen + relay + list-id-map + sender-map + reject-error? + config-file ) + ( list + ( shepherd-service + ( provision '( dkimproxy-out ) ) + ( requirement '( loopback ) ) + ( documentation "Outbound DKIM proxy." ) + ( start + ( let ( ( proxy ( file-append package "/bin/dkimproxy.out" ) ) ) + ( if config-file + #~ + ( make-forkexec-constructor + ( list + #$ + proxy + ( string-append "--conf_file=" #$ config-file ) + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" ) + #:pid-file "/var/run/dkimproxy.out.pid" ) + ( let* + ( ( first-signature + ( match sender-map + ( ( ( sender ( signature _ ... ) ) _ ... ) signature ) + ( ( ( sender signature ) _ ... ) signature ) ) ) + ( domains + ( apply append + ( map + ( lambda ( sender ) + ( match sender + ( ( ( domains ... ) config ) domains ) + ( ( domain config ) domain ) ) ) + sender-map ) ) ) + ( sender-map + ( generate-map-file sender-map "sender.map" ) ) + ( listid-map + ( if ( null? list-id-map ) + #f + ( generate-map-file list-id-map "listid.map" ) ) ) + ( keyfile + ( dkimproxy-out-signature-configuration-key + first-signature ) ) + ( selector + ( dkimproxy-out-signature-configuration-selector + first-signature ) ) + ( method + ( dkimproxy-out-signature-configuration-method + first-signature ) ) + ( signature + ( match ( dkimproxy-out-signature-configuration-type + first-signature ) + ( 'dkim "dkim" ) + ( 'domainkeys "domainkeys" ) ) ) ) + #~ + ( make-forkexec-constructor + `( ,#$ + proxy + "--pidfile=/var/run/dkimproxy.out.pid" + "--user=dkimproxy" "--group=dkimproxy" + ,( string-append "--listen=" #$ listen ) + ,( string-append "--relay=" #$ relay ) + ,( string-append "--sender_map=" #$ sender-map ) + ,@ ( if #$ listid-map + ( list + ( string-append "--listid_map=" #$ listid-map ) ) + '() ) + ,( string-append "--domain=" #$ domains ) + ,( string-append "--keyfile=" #$ keyfile ) + ,( string-append "--selector=" #$ selector ) + ,@ ( if #$ method + ( list + ( string-append "--method=" #$ method ) ) + '() ) + ,@ ( if #$ reject-error? + '( "--reject_error" ) + '() ) + ,@ ( if #$ signature + ( list + ( string-append "--signature=" #$ signature ) ) + '() ) ) ) ) ) ) ) + ( stop #~ ( make-kill-destructor ) ) ) ) ) ) ) + +( define %dkimproxy-accounts + ( list ( user-group + ( name "dkimproxy" ) + ( system? #t ) ) + ( user-account + ( name "dkimproxy" ) + ( group "dkimproxy" ) + ( system? #t ) + ( comment "Dkimproxy user" ) + ( home-directory "/var/empty" ) + ( shell ( file-append shadow "/sbin/nologin" ) ) ) ) ) + +( define dkimproxy-out-service-type + ( service-type + ( name 'dkimproxy-out ) + ( description "stub" ) + ( extensions + ( list + ( service-extension + account-service-type + ( const %dkimproxy-accounts ) ) + ( service-extension + shepherd-root-service-type + dkimproxy-out-shepherd-service ) ) ) ) ) + +( define aliases-file + ( mixed-text-file "aliases" "@ vmail\n" ) ) + +( define relays-file + ( mixed-text-file + "other-relays" + "mx1.forwardemail.net\n" + "mx2.forwardemail.net\n" ) ) + +( define blacklist-file + ( mixed-text-file + "blacklist" + "@yahoo.com.cn\n" + "@qq.com\n" + "@fnac.com\n" + "@just-aero.us\n" + "@elitetorrent1.com\n" ) ) + +( define ( opensmtpd-conf interface domain ) + ( mixed-text-file + "smtpd.conf" + "# This is the smtpd server system-wide configuration file.\n" + "# See smtpd.conf(5) for more information.\n" + "\n" + "# My TLS certificate and key\n" + "pki marekpasnikowski.pl cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"\n" + "pki marekpasnikowski.pl key \"/etc/letsencrypt/live/" domain "/privkey.pem\"\n" + "\n" + "# Edit this file to add add more virtual users (passwords are read in that file\n" + "# instead of /etc/passwd\n" + "table passwd file:" smtpd-keys "\n" + "\n" + "table other-relays file:" relays-file "\n" + "table blacklist file:" blacklist-file "\n" + "\n" + "# A simple spam filter\n" + "# filter spam-filter phase mail-from match mail-from reject \"555\"\n" + "\n" + "# port 25 is used only for receiving from external servers, and they may start\n" + "# a TLS session if they want.\n" + "listen on " interface " port 25 # tls pki marekpasnikowski.pl filter spam-filter\n" + "\n" + "# For sending messages from outside of this server, you need to authenticate and\n" + "# use TLS.\n" + "listen on " interface " port 465 smtps pki marekpasnikowski.pl mask-src auth \n" + "\n" + "# Localhost is used by the .onion, so we use the same configuration for \n" + "# local connections." + "listen on lo port 25 tls pki marekpasnikowski.pl filter spam-filter\n" + "# Since incoming connection uses tor, we don't need tls, but still require\n" + "# authentication; we're not a relay\n" + "# listen on lo port 587 tls pki marekpasnikowski.pl mask-src auth \n" + "\n" + "# DKIMproxy\n" + "listen on lo port 10028 tag DKIM_OUT\n" + "\n" + "# The socket is considered an internal connection\n" + "listen on socket mask-src\n" + "\n" + "# Maybe it'll work better if we connect to gmail only with v4?\n" + "# limit mta for domain gmail.com inet4\n" + "\n" + "# TODO: manage these files directly in the configuration?\n" + "# If you edit the file, you have to run \"smtpctl update table aliases\"\n" + "table aliases file:" aliases-file "\n" + "\n" + "# We define some actions\n" + "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual \n" + "action outbound relay helo \"" domain "\"\n" + "action godkim relay host smtp://127.0.0.1:10027\n" + "\n" + "# We accept to relay any mail from authenticated users\n" + "match for any from any auth action godkim\n" + "match tag DKIM_OUT for any action outbound\n" + "\n" + "# Then, we reject on some other conditions:\n" + "\n" + "# If the mail tries to impersonate us\n" + "# match !from src mail-from \"@marekpasnikowski.pl\" for any reject\n" + "\n" + "# If it comes from someone on the blacklist\n" + "match from any mail-from reject\n" + "\n" + "# Finally, if we accept incoming messages\n" + "match from any for domain \"marekpasnikowski.pl\" action receive\n" + "match for local action receive\n" ) ) + +( define ( wip-dkim-service domain ) + ( service dkimproxy-out-service-type + ( dkimproxy-out-configuration + ( listen "127.0.0.1:10027" ) + ( relay "127.0.0.1:10028" ) + ( sender-map + `( ( ,domain + ( ,( dkimproxy-out-signature-configuration + ( algorithm "rsa-sha256" ) + ( key "/etc/mail/dkim/marekpasnikowski.pl.key" ) + ( method "relaxed" ) + ( selector "dkim" ) + ( type 'dkim ) ) + ,( dkimproxy-out-signature-configuration + ( method "mofws" ) + ( type 'domainkeys ) ) ) ) ) ) ) ) ) + +( define ( wip-imap-service domain ) + ( service dovecot-service-type + ( dovecot-configuration + ( disable-plaintext-auth? #t ) + ( mail-location "maildir:~/Maildir" ) + ( namespaces + ( list + ( namespace-configuration + ( name "inbox" ) + ( inbox? #t ) + ( mailboxes + ( list + ( mailbox-configuration + ( name "Archive" ) + ( auto "subscribe" ) + ( special-use ( list "\\Archive" ) ) ) + ( mailbox-configuration + ( name "Drafts" ) + ( auto "subscribe" ) + ( special-use ( list "\\Drafts" ) ) ) + ( mailbox-configuration + ( name "Junk" ) + ( auto "subscribe" ) + ( special-use ( list "\\Junk" ) ) ) + ( mailbox-configuration + ( name "Sent" ) + ( auto "subscribe" ) + ( special-use ( list "\\Sent" ) ) ) + ( mailbox-configuration + ( name "Trash" ) + ( auto "subscribe" ) + ( special-use ( list "\\Trash" ) ) ) ) ) ) ) ) + ( passdbs + ( list + ( passdb-configuration + ( args ( list "username_format=%n" "/etc/dovecot-passwd" ) ) + ( driver "passwd-file" ) ) ) ) + ( protocols + ( list + ( protocol-configuration ( name "imap" ) ) + ( protocol-configuration ( name "lmtp" ) ) ) ) + ( services + ( list + ( service-configuration + ( kind "lmtp" ) + ( listeners + ( list + ( inet-listener-configuration + ( address "192.168.10.2 127.0.0.1" ) + ( port 24 ) + ( protocol "lmtp" ) ) + ( unix-listener-configuration + ( group "vmail" ) + ( mode "0666" ) + ( path "lmtp" ) + ( user "vmail" ) ) ) ) ) + ( service-configuration + ( kind "imap-login" ) + ( listeners + ( list + ( inet-listener-configuration + ( address "192.168.10.2" ) + ( port 993 ) + ( protocol "imaps" ) + ;; How does the boolean type map to + ;; the three configuration options? + ;; ( ssl? "required" ) + ) ) ) ) ) ) + ( ssl? "required" ) + ( ssl-cert + ( string-append + " + ( elogind-configuration + ( inherit configuration ) + ( handle-lid-switch 'ignore ) + ( handle-lid-switch-docked 'ignore ) + ( handle-lid-switch-external-power 'ignore ) ) ) + ( gdm-service-type + configuration => + ( gdm-configuration + ( inherit configuration ) + ( auto-suspend? #f ) + ( wayland? #t ) ) ) + ( guix-service-type + configuration => + ( let* + ( ( non-guix.pub + ( string-append + "( public-key ( ecc ( curve Ed25519 )" + "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) + ( authorized-keys + ( append + %default-authorized-guix-keys + ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) + ( extra-options + ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) + ( substitute-urls + ( append + %default-substitute-urls + ( list "https://substitutes.nonguix.org" ) ) ) ) + ( guix-configuration + ( inherit configuration ) + ( authorized-keys authorized-keys ) + ( extra-options extra-options ) + ( substitute-urls substitute-urls ) ) ) ) ) + ( wip-mail-services + #:interface "enp1s0" + #:domain "marekpasnikowski.pl" ) + ( list + ( service certbot-service-type + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" ) ) ) ) ) + ( email certbot-mail ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( service cgit-service-type + ( cgit-configuration + ( nginx + ( list + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( body + ( list + "fastcgi_param HTTP_HOST $server_name ;" + "fastcgi_param PATH_INFO $uri ;" + "fastcgi_param QUERY_STRING $args ;" + "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" + "fastcgi_pass 127.0.0.1:9000 ;" ) ) + ( uri "@cgit" ) ) + ( nginx-location-configuration + ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root cgit ) + ( server-name ( list "git.marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) + ( try-files ( list "$uri" "@cgit" ) ) ) ) ) + ( repositories + ( list + ( repository-cgit-configuration + ( hide? #t ) + ( path "/srv/git/marek/packages" ) ) ) ) + ( repository-directory "/srv/git/marek" ) ) ) + ( service git-daemon-service-type ) + ( service gitolite-service-type + ( gitolite-configuration + ( admin-pubkey gitolite-keys ) ) ) + ( service gnome-desktop-service-type ) + ( service nginx-service-type + ( nginx-configuration + ( server-blocks + ( list + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( uri "/.well-known" ) + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root "/srv/www/marek/marekpasnikowski.pl" ) + ( server-name ( list "marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) + ( service openssh-service-type ) + ( simple-service 'base-profile profile-service-type + ( append %base-packages + ( list + plasma plasma-desktop plasma-framework plasma-integration + plasma-nano plasma-nm plasma-pa plasma-pass plasma-vault + plasma-welcome plasma-workspace plasma-bigscreen plasma-mobile + plasma-phonebook plasma-browser-integration + plasma-mobile-settings plasma-mobile-sounds + plasma-wayland-protocols plasma-active-window-control + plasma-phone-components plasma-redshift-control plasma-disks + plasma-firewall plasma-systemmonitor breeze breeze-gtk bluedevil + breeze-icons kdeplasma-addons keysmith kmenuedit krunner kwin + latte-dock plasma-workspace-wallpapers polkit-kde-agent + system-settings calindori discover elisa kpipewire ksysguard + attica kaccounts-integration kde-frameworkintegration kmail + kscreen akonadi akonadi-contacts akonadi-mime akonadi-notes + akonadi-search akonadi-calendar kdepim-runtime kalendar ) ) ) + ( simple-service + 'nss-profile + profile-service-type + ( list nss-certs ) ) + ( simple-service + 'etc-files + etc-service-type + ( list + `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) + `( "dovecot-passwd" ,dovecot-keys ) ) ) ) ) ) + ( sudoers-file ( local-file "system-files/sudoers" ) ) + ( swap-devices + ( list + ( swap-space + ( target "/dev/sda3" ) ) ) ) + ( timezone "Europe/Warsaw" ) + ( users + ( append + %base-user-accounts + ( list + ( user-account + ( comment "vmail" ) + ( group "vmail" ) + ( home-directory "/home/vmail" ) + ( name "vmail" ) + ( system? #t ) ) + ( user-account + ( comment "Marek Paśnikowski" ) + ( group "users" ) + ( home-directory "/home/marek" ) + ( name "marek" ) + ( supplementary-groups + ( list "audio" "netdev" "video" "wheel" ) ) ) ) ) ) ) diff --git a/system-files/smtpd.conf b/system-files/smtpd.conf new file mode 100644 index 0000000..9fe7503 --- /dev/null +++ b/system-files/smtpd.conf @@ -0,0 +1,24 @@ +# The prefix on GUIX is not the default one — it is /etc . +table aliases file:/etc/aliases + +# The mail certificates are issued by Let‘s Encrypt and served by NGINX +pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" +pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" + +# Listen for local messages. +listen on lo + +# Listen for messages from the internet. +listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" +listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" + +# There is no filtering in the design, so the two actions are enough. +action receive maildir alias +action send relay + +# Match incoming messages. +match from local for local action receive +match from any for domain "marekpasnikowski.pl" action receive + +# Match outgoing messages. +match for any action send diff --git a/system-files/sudoers b/system-files/sudoers new file mode 100644 index 0000000..6af6e3b --- /dev/null +++ b/system-files/sudoers @@ -0,0 +1,3 @@ +root ALL=(ALL) ALL +%wheel ALL=(ALL) ALL +Defaults passwd_timeout=0 -- cgit v1.2.3 From 274d71de16bfe68b5157d76601ac8c725260e53d Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Enable work with remote configuration repository --- home-configuration.scm | 12 +++++++++--- izumi.org | 12 +++++++++--- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 12b64ec..6b7bc68 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -141,20 +141,26 @@ (local-file "home-files/git-ignore.conf"))))) (list (let* - ((and "&& ") + ((and " && ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/src/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append + "git pull " + configuration-prefix + and "guix home reconfigure " configuration-prefix - "home-configuration.scm ")) + "home-configuration.scm")) (reconfigure-system (string-append + "git pull " + configuration-prefix + and "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm ")) + "system-configuration.scm")) (update-system (string-append pull-guix diff --git a/izumi.org b/izumi.org index 9a1518c..954d034 100644 --- a/izumi.org +++ b/izumi.org @@ -795,20 +795,26 @@ #+NAME: HOME-BASH-SERVICE-TYPE #+BEGIN_SRC scheme (let* - ((and "&& ") + ((and " && ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/src/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append + "git pull " + configuration-prefix + and "guix home reconfigure " configuration-prefix - "home-configuration.scm ")) + "home-configuration.scm")) (reconfigure-system (string-append + "git pull " + configuration-prefix + and "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm ")) + "system-configuration.scm")) (update-system (string-append pull-guix -- cgit v1.2.3 From d9d1411461902dfbfa20d73b17bd58b2c4cf82db Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Install pwgen --- home-configuration.scm | 4 +++- izumi.org | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 6b7bc68..8bccc5f 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -29,6 +29,7 @@ (use-modules (gnu services) (gnu home services) + (gnu packages password-utils) (guix gexp)) (use-modules (gnu home services shells) @@ -179,4 +180,5 @@ `("pull-guix" . ,pull-guix) `("reconfigure-home" . ,reconfigure-home) `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system)))))))))) + `("update-system" . ,update-system))))) + (simple-service packages home-profile-service-type (list pwgen))))))) diff --git a/izumi.org b/izumi.org index 954d034..0b1bfcb 100644 --- a/izumi.org +++ b/izumi.org @@ -757,6 +757,7 @@ (use-modules (gnu services) (gnu home services) + (gnu packages password-utils) (guix gexp)) #+END_SRC @@ -833,7 +834,8 @@ `("pull-guix" . ,pull-guix) `("reconfigure-home" . ,reconfigure-home) `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system)))))) + `("update-system" . ,update-system))))) + (simple-service packages home-profile-service-type (list pwgen))) #+END_SRC * [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] -- cgit v1.2.3 From fed7905485fafdc7819abc125e5e04b0c4061c01 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Fix error with cases of divergent branches --- home-configuration.scm | 4 ++-- izumi.org | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 8bccc5f..d3dec78 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -148,7 +148,7 @@ (pull-guix "guix pull ") (reconfigure-home (string-append - "git pull " + "git pull --rebase=true " configuration-prefix and "guix home reconfigure " @@ -156,7 +156,7 @@ "home-configuration.scm")) (reconfigure-system (string-append - "git pull " + "git pull --rebase=true " configuration-prefix and "sudo guix system reconfigure " diff --git a/izumi.org b/izumi.org index 0b1bfcb..ee4c904 100644 --- a/izumi.org +++ b/izumi.org @@ -802,7 +802,7 @@ (pull-guix "guix pull ") (reconfigure-home (string-append - "git pull " + "git pull --rebase=true " configuration-prefix and "guix home reconfigure " @@ -810,7 +810,7 @@ "home-configuration.scm")) (reconfigure-system (string-append - "git pull " + "git pull --rebase=true " configuration-prefix and "sudo guix system reconfigure " -- cgit v1.2.3 From 9f6c62c99c617663f3cc8019bbb8e26ed819f973 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Fix position of pwgen installation declaration --- home-configuration.scm | 6 +++--- izumi.org | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index d3dec78..8fb18fe 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -51,7 +51,8 @@ gnupg gnome-tweaks noweb - pinentry)) + pinentry + pwgen)) (services (append (list @@ -180,5 +181,4 @@ `("pull-guix" . ,pull-guix) `("reconfigure-home" . ,reconfigure-home) `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system))))) - (simple-service packages home-profile-service-type (list pwgen))))))) + `("update-system" . ,update-system)))))))))) diff --git a/izumi.org b/izumi.org index ee4c904..4464eef 100644 --- a/izumi.org +++ b/izumi.org @@ -728,7 +728,8 @@ gnupg gnome-tweaks noweb - pinentry)) + pinentry + pwgen)) (services (append <> @@ -834,8 +835,7 @@ `("pull-guix" . ,pull-guix) `("reconfigure-home" . ,reconfigure-home) `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system))))) - (simple-service packages home-profile-service-type (list pwgen))) + `("update-system" . ,update-system)))))) #+END_SRC * [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] -- cgit v1.2.3 From 94353dfb5fa2e881ac685dd6b89f9fab777e57a4 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Test fix for aliases --- home-configuration.scm | 11 +++++------ izumi.org | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 8fb18fe..35c2529 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -176,9 +176,8 @@ home-bash-service-type (home-bash-configuration (aliases - (list - `("collect-garbage" . ,collect-garbage) - `("pull-guix" . ,pull-guix) - `("reconfigure-home" . ,reconfigure-home) - `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system)))))))))) + `(("collect-garbage" . ,collect-garbage) + ("pull-guix" . ,pull-guix) + ("reconfigure-home" . ,reconfigure-home) + ("reconfigure-system" . ,reconfigure-system) + ("update-system" . ,update-system)))))))))) diff --git a/izumi.org b/izumi.org index 4464eef..d8cfaf3 100644 --- a/izumi.org +++ b/izumi.org @@ -830,12 +830,11 @@ home-bash-service-type (home-bash-configuration (aliases - (list - `("collect-garbage" . ,collect-garbage) - `("pull-guix" . ,pull-guix) - `("reconfigure-home" . ,reconfigure-home) - `("reconfigure-system" . ,reconfigure-system) - `("update-system" . ,update-system)))))) + `(("collect-garbage" . ,collect-garbage) + ("pull-guix" . ,pull-guix) + ("reconfigure-home" . ,reconfigure-home) + ("reconfigure-system" . ,reconfigure-system) + ("update-system" . ,update-system)))))) #+END_SRC * [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] -- cgit v1.2.3 From fb576303f6fd16901e0ac4ed856b50ac4014a353 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Improve HOME-FILES-SERVICE-TYPE's formatting --- home-configuration.scm | 18 +++++++++--------- izumi.org | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 35c2529..25812ca 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -132,15 +132,15 @@ "reviewed at regular interval. After each review, the next review interval is\n" "calculated based on how well you remembered the contents of the card.\n")) (license license:gpl3+)))))) - (simple-service - 'home-files - home-files-service-type - (list - (list ".emacs" (local-file "home-files/emacs-configuration.el")) - (list - ".config/git/ignore" - ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - (local-file "home-files/git-ignore.conf"))))) + ( simple-service + 'home-files + home-files-service-type + ( list + ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) + ( list + ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + ( local-file "home-files/git-ignore.conf" ) ) ) )) (list (let* ((and " && ") diff --git a/izumi.org b/izumi.org index d8cfaf3..10c4420 100644 --- a/izumi.org +++ b/izumi.org @@ -774,15 +774,15 @@ #+NAME: HOME-FILES-SERVICE-TYPE #+BEGIN_SRC scheme - (simple-service - 'home-files - home-files-service-type - (list - (list ".emacs" (local-file "home-files/emacs-configuration.el")) - (list - ".config/git/ignore" - ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - (local-file "home-files/git-ignore.conf")))) + ( simple-service + 'home-files + home-files-service-type + ( list + ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) + ( list + ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + ( local-file "home-files/git-ignore.conf" ) ) ) ) #+END_SRC *** [[https://guix.gnu.org/manual/en/html_node/Shells-Home-Services.html][13.3.2 Shells]] -- cgit v1.2.3 From 1fd180c62dfe96d32015850b25cc018359d72595 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Use git -C to actually pull updates --- home-configuration.scm | 12 +++++++----- izumi.org | 12 +++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 25812ca..8fc6b37 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -143,26 +143,28 @@ ( local-file "home-files/git-ignore.conf" ) ) ) )) (list (let* - ((and " && ") + ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/src/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append - "git pull --rebase=true " + "git -C " configuration-prefix + " pull " and "guix home reconfigure " configuration-prefix - "home-configuration.scm")) + "home-configuration.scm ")) (reconfigure-system (string-append - "git pull --rebase=true " + "git -C " configuration-prefix + " pull " and "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm")) + "system-configuration.scm ")) (update-system (string-append pull-guix diff --git a/izumi.org b/izumi.org index 10c4420..d2c05fd 100644 --- a/izumi.org +++ b/izumi.org @@ -797,26 +797,28 @@ #+NAME: HOME-BASH-SERVICE-TYPE #+BEGIN_SRC scheme (let* - ((and " && ") + ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/src/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append - "git pull --rebase=true " + "git -C " configuration-prefix + " pull " and "guix home reconfigure " configuration-prefix - "home-configuration.scm")) + "home-configuration.scm ")) (reconfigure-system (string-append - "git pull --rebase=true " + "git -C " configuration-prefix + " pull " and "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm")) + "system-configuration.scm ")) (update-system (string-append pull-guix -- cgit v1.2.3 From c7eaf561411e852f6adb48c735aec4b69a61cc36 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:15 +0100 Subject: Link to the channels.scm file inside the GNU store --- home-configuration.scm | 1 + izumi.org | 1 + 2 files changed, 2 insertions(+) diff --git a/home-configuration.scm b/home-configuration.scm index 8fc6b37..db0133b 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -137,6 +137,7 @@ home-files-service-type ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) + ( list ".config/guix/channels" ( local-file "channels.scm" ) ) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore diff --git a/izumi.org b/izumi.org index d2c05fd..881a1f6 100644 --- a/izumi.org +++ b/izumi.org @@ -779,6 +779,7 @@ home-files-service-type ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) + ( list ".config/guix/channels" ( local-file "channels.scm" ) ) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore -- cgit v1.2.3 From b377dadce8e59c56d3fcf45eb44bbdea1ef69565 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Bring back the fix to the error on divergent Git branches --- home-configuration.scm | 4 ++-- izumi.org | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index db0133b..b290fd6 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -152,7 +152,7 @@ (string-append "git -C " configuration-prefix - " pull " + " pull --rebase=true " and "guix home reconfigure " configuration-prefix @@ -161,7 +161,7 @@ (string-append "git -C " configuration-prefix - " pull " + " pull --rebase=true " and "sudo guix system reconfigure " configuration-prefix diff --git a/izumi.org b/izumi.org index 881a1f6..559b2b5 100644 --- a/izumi.org +++ b/izumi.org @@ -806,7 +806,7 @@ (string-append "git -C " configuration-prefix - " pull " + " pull --rebase=true " and "guix home reconfigure " configuration-prefix @@ -815,7 +815,7 @@ (string-append "git -C " configuration-prefix - " pull " + " pull --rebase=true " and "sudo guix system reconfigure " configuration-prefix -- cgit v1.2.3 From d1bb3d1d451a0a41a4e14fbbbedd8f98dcbcb970 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Fix missing file extension on the channels file --- home-configuration.scm | 2 +- izumi.org | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index b290fd6..9eb11d7 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -137,7 +137,7 @@ home-files-service-type ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) - ( list ".config/guix/channels" ( local-file "channels.scm" ) ) + ( list ".config/guix/channels.scm" ( local-file "channels.scm" ) ) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore diff --git a/izumi.org b/izumi.org index 559b2b5..43be347 100644 --- a/izumi.org +++ b/izumi.org @@ -779,7 +779,7 @@ home-files-service-type ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) - ( list ".config/guix/channels" ( local-file "channels.scm" ) ) + ( list ".config/guix/channels.scm" ( local-file "channels.scm" ) ) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore -- cgit v1.2.3 From e749d673e667f5e404784ca9b61d73c933d0e895 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: feat(service): install Radicale server Add Radicale service in order to serve CardDAV. --- izumi.org | 14 +++++++++++++- system-configuration.scm | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/izumi.org b/izumi.org index 43be347..28799e5 100644 --- a/izumi.org +++ b/izumi.org @@ -8,7 +8,7 @@ #+NAME: OPERATING-SYSTEM #+BEGIN_SRC scheme :tangle system-configuration.scm - ( add-to-load-path "/home/marek/Dokumenty/secrets" ) + ( add-to-load-path "/home/marek/Dokumenty/secrets/" ) ( use-modules ( marek ) @@ -613,6 +613,18 @@ ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) ( service openssh-service-type ) + ( service radicale-service-type + ( radicale-configuration + ( config-file + ( mixed-text-file + "radicale.conf" + "[auth]\n" + "type = htpasswd\n" + "htpasswd_filename = " radicale-keys "\n" + "htpasswd_encryption = plain\n" + "\n" + "[server]\n" + "hosts = localhost:5232\n" ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages ( list diff --git a/system-configuration.scm b/system-configuration.scm index 19b35ff..f5f1a7d 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -1,4 +1,4 @@ -( add-to-load-path "/home/marek/Dokumenty/secrets" ) +( add-to-load-path "/home/marek/Dokumenty/secrets/" ) ( use-modules ( marek ) @@ -603,6 +603,18 @@ ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) ( service openssh-service-type ) + ( service radicale-service-type + ( radicale-configuration + ( config-file + ( mixed-text-file + "radicale.conf" + "[auth]\n" + "type = htpasswd\n" + "htpasswd_filename = " radicale-keys "\n" + "htpasswd_encryption = plain\n" + "\n" + "[server]\n" + "hosts = localhost:5232\n" ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages ( list -- cgit v1.2.3 From 7f583e3fcad6b095c7f347b0aa52af21c2cc1d43 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Improve formatting of channels.scm --- channels.scm | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/channels.scm b/channels.scm index 7fb8c27..99011a4 100644 --- a/channels.scm +++ b/channels.scm @@ -1,10 +1,11 @@ -(append - %default-channels - (list - (channel - (name 'nonguix) - (url "https://gitlab.com/nonguix/nonguix") - (introduction - (make-channel-introduction - "897c1a470da759236cc11798f4e0a5f7d4d59fbc" - (openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))))) +( append + %default-channels + ( list + ( channel + ( name 'nonguix ) + ( url "https://gitlab.com/nonguix/nonguix" ) + ( introduction + ( make-channel-introduction + "897c1a470da759236cc11798f4e0a5f7d4d59fbc" + ( openpgp-fingerprint + "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5" ) ) ) ) ) ) -- cgit v1.2.3 From a95671ead58b4f4fdc49234b41a621306ac92778 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: feat(nginx): configure Radicale settings Set up the reverse proxy for radicale.marekpasnikowski.pl and listen for this subdomain. Configure the SSL certificates to include the subdomain. Fix a warning about wrong X-Script-name and include a link to .well-known folder in order to fix synchronization with Sailfish OS. --- izumi.org | 25 +++++++++++++++++++++++-- system-configuration.scm | 25 +++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/izumi.org b/izumi.org index 28799e5..2faf761 100644 --- a/izumi.org +++ b/izumi.org @@ -553,7 +553,8 @@ ( domains ( list "marekpasnikowski.pl" - "git.marekpasnikowski.pl" ) ) ) ) ) + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) ( email certbot-mail ) ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) ( service cgit-service-type @@ -598,6 +599,7 @@ ( nginx-configuration ( server-blocks ( list + ;; Top-Level ( nginx-server-configuration ( locations ( list @@ -611,7 +613,26 @@ ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) + ;; Radicale + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( body + ( list + "proxy_pass http://localhost:5232/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;" ) ) + ( uri "/" ) ) + ( nginx-location-configuration + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) ( service openssh-service-type ) ( service radicale-service-type ( radicale-configuration diff --git a/system-configuration.scm b/system-configuration.scm index f5f1a7d..b30e48c 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -543,7 +543,8 @@ ( domains ( list "marekpasnikowski.pl" - "git.marekpasnikowski.pl" ) ) ) ) ) + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) ( email certbot-mail ) ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) ( service cgit-service-type @@ -588,6 +589,7 @@ ( nginx-configuration ( server-blocks ( list + ;; Top-Level ( nginx-server-configuration ( locations ( list @@ -601,7 +603,26 @@ ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ) ) ) ) + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) + ;; Radicale + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( body + ( list + "proxy_pass http://localhost:5232/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;" ) ) + ( uri "/" ) ) + ( nginx-location-configuration + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) ( service openssh-service-type ) ( service radicale-service-type ( radicale-configuration -- cgit v1.2.3 From 2f2fc8c847a2ae24248bd874b5d1c75610c851cf Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Fix load path to the secrets --- izumi.org | 2 +- system-configuration.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/izumi.org b/izumi.org index 43be347..c757621 100644 --- a/izumi.org +++ b/izumi.org @@ -8,7 +8,7 @@ #+NAME: OPERATING-SYSTEM #+BEGIN_SRC scheme :tangle system-configuration.scm - ( add-to-load-path "/home/marek/Dokumenty/secrets" ) + ( add-to-load-path "/home/marek/Dokumenty/secrets/" ) ( use-modules ( marek ) diff --git a/system-configuration.scm b/system-configuration.scm index 19b35ff..dd24d9e 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -1,4 +1,4 @@ -( add-to-load-path "/home/marek/Dokumenty/secrets" ) +( add-to-load-path "/home/marek/Dokumenty/secrets/" ) ( use-modules ( marek ) -- cgit v1.2.3 From 71226d152e6160f5ac22b17366f4ae741a328793 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: stop manipulating client repository with configurations --- home-configuration.scm | 8 -------- izumi.org | 8 -------- 2 files changed, 16 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 9eb11d7..f409f1a 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -150,19 +150,11 @@ (pull-guix "guix pull ") (reconfigure-home (string-append - "git -C " - configuration-prefix - " pull --rebase=true " - and "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append - "git -C " - configuration-prefix - " pull --rebase=true " - and "sudo guix system reconfigure " configuration-prefix "system-configuration.scm ")) diff --git a/izumi.org b/izumi.org index 2faf761..e29b5a2 100644 --- a/izumi.org +++ b/izumi.org @@ -837,19 +837,11 @@ (pull-guix "guix pull ") (reconfigure-home (string-append - "git -C " - configuration-prefix - " pull --rebase=true " - and "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append - "git -C " - configuration-prefix - " pull --rebase=true " - and "sudo guix system reconfigure " configuration-prefix "system-configuration.scm ")) -- cgit v1.2.3 From 78c6048843fbea0158290aecc878366ef70c4fc8 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Flesh out unified git server with SSH and HTTPS Previously Gitolite and cgit were serving different directories, and also an old installation of git-daemon was still declared in the system. This commit points cgit to Gitolite's repositories and removes the git-daemon. --- izumi.org | 3 +-- system-configuration.scm | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/izumi.org b/izumi.org index e29b5a2..daf3472 100644 --- a/izumi.org +++ b/izumi.org @@ -589,8 +589,7 @@ ( repository-cgit-configuration ( hide? #t ) ( path "/srv/git/marek/packages" ) ) ) ) - ( repository-directory "/srv/git/marek" ) ) ) - ( service git-daemon-service-type ) + ( repository-directory "/var/lib/gitolite/repositories" ) ) ) ( service gitolite-service-type ( gitolite-configuration ( admin-pubkey gitolite-keys ) ) ) diff --git a/system-configuration.scm b/system-configuration.scm index b30e48c..a5a3082 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -579,8 +579,7 @@ ( repository-cgit-configuration ( hide? #t ) ( path "/srv/git/marek/packages" ) ) ) ) - ( repository-directory "/srv/git/marek" ) ) ) - ( service git-daemon-service-type ) + ( repository-directory "/var/lib/gitolite/repositories" ) ) ) ( service gitolite-service-type ( gitolite-configuration ( admin-pubkey gitolite-keys ) ) ) -- cgit v1.2.3 From 38a87de2d6d1f71530c8590d2ae9db5d142f8e6f Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Allow cgit to see gitolite repositories The gitolite service is implemented in such a way, that only the git group can access the gitolite home directory. This blocks cgit from accessing the repositories subfolder. The simple addition of the executable bit on the /var/lib/gitolite directory allows the access to the desired subfolder without actually exposing any other contents of the gitolite home directory. Additionaly a reminder to upstream this change is emitted on each system reconfiguration. --- home-configuration.scm | 6 +++++- izumi.org | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index f409f1a..86fb5d6 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -157,7 +157,11 @@ (string-append "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm ")) + "system-configuration.scm " + and + "sudo chmod 751 /var/lib/gitolite " + and + "echo 'WARNING: Upstream the correct permission bits to gitolite.'")) (update-system (string-append pull-guix diff --git a/izumi.org b/izumi.org index daf3472..0fd8277 100644 --- a/izumi.org +++ b/izumi.org @@ -843,7 +843,11 @@ (string-append "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm ")) + "system-configuration.scm " + and + "sudo chmod 751 /var/lib/gitolite " + and + "echo 'WARNING: Upstream the correct permission bits to gitolite.'")) (update-system (string-append pull-guix -- cgit v1.2.3 From bc88cebdf3337b74521e0e5b093d4bb1e5c060a6 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Set emacsclient as the default editor Vim being the editor that pops on every git commit is a problem for me. My editor of choice is Emacs. The EDITOR variable is set to "emacsclient -nw" in order to use emacs whenever an editor is needed. --- home-configuration.scm | 6 +++++- izumi.org | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 86fb5d6..0bb7c22 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -141,7 +141,11 @@ ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - ( local-file "home-files/git-ignore.conf" ) ) ) )) + ( local-file "home-files/git-ignore.conf" ) ) ) ) + (simple-service + 'environment-variables + home-environment-variables-service-type + `(("EDITOR" . "emacsclient -nw")))) (list (let* ((and "&& ") diff --git a/izumi.org b/izumi.org index 0fd8277..0a9f776 100644 --- a/izumi.org +++ b/izumi.org @@ -774,7 +774,11 @@ #+BEGIN_SRC scheme (list <> - <>) + <> + (simple-service + 'environment-variables + home-environment-variables-service-type + `(("EDITOR" . "emacsclient -nw")))) #+END_SRC #+NAME: SHELLS -- cgit v1.2.3 From d06a965c13a2588ab85376f5a4809b7dabade7d3 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 09:51:16 +0100 Subject: Set less restrictive umask in gitolite It is not possible to manually control access rights to gitolite repositories with chmod, as each interaction with the git server progressively erases the reading rights for the world. Set a world reading umask in order to allow cgit to see all the git data in repositories. --- izumi.org | 3 ++- system-configuration.scm | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/izumi.org b/izumi.org index 0a9f776..187eaf5 100644 --- a/izumi.org +++ b/izumi.org @@ -592,7 +592,8 @@ ( repository-directory "/var/lib/gitolite/repositories" ) ) ) ( service gitolite-service-type ( gitolite-configuration - ( admin-pubkey gitolite-keys ) ) ) + ( admin-pubkey gitolite-keys ) + ( rc-file ( gitolite-rc-file ( umask #o0022 ) ) ) ) ) ( service gnome-desktop-service-type ) ( service nginx-service-type ( nginx-configuration diff --git a/system-configuration.scm b/system-configuration.scm index a5a3082..4736b7f 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -582,7 +582,8 @@ ( repository-directory "/var/lib/gitolite/repositories" ) ) ) ( service gitolite-service-type ( gitolite-configuration - ( admin-pubkey gitolite-keys ) ) ) + ( admin-pubkey gitolite-keys ) + ( rc-file ( gitolite-rc-file ( umask #o0022 ) ) ) ) ) ( service gnome-desktop-service-type ) ( service nginx-service-type ( nginx-configuration -- cgit v1.2.3 From ec31546372241b1593021751fa46c49631eb4bf1 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Sun, 14 Jan 2024 14:16:38 +0100 Subject: Add alias to emacsclient -nw It was getting tiring to keep typing the full emacsclient command each I wanted to write some code. Alias it to simple "edit". --- home-configuration.scm | 1 + izumi.org | 1 + 2 files changed, 2 insertions(+) diff --git a/home-configuration.scm b/home-configuration.scm index 0bb7c22..9877ebe 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -180,6 +180,7 @@ (home-bash-configuration (aliases `(("collect-garbage" . ,collect-garbage) + ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) diff --git a/izumi.org b/izumi.org index 187eaf5..c383451 100644 --- a/izumi.org +++ b/izumi.org @@ -867,6 +867,7 @@ (home-bash-configuration (aliases `(("collect-garbage" . ,collect-garbage) + ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) -- cgit v1.2.3 From 77d0779d958bd1821ca8b5bc6ed87c3b4cbcd7c7 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Tue, 16 Jan 2024 08:40:43 +0100 Subject: Remove KDE packages --- izumi.org | 16 +--------------- system-configuration.scm | 16 +--------------- 2 files changed, 2 insertions(+), 30 deletions(-) diff --git a/izumi.org b/izumi.org index c383451..b88e976 100644 --- a/izumi.org +++ b/izumi.org @@ -648,21 +648,7 @@ "hosts = localhost:5232\n" ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages - ( list - plasma plasma-desktop plasma-framework plasma-integration - plasma-nano plasma-nm plasma-pa plasma-pass plasma-vault - plasma-welcome plasma-workspace plasma-bigscreen plasma-mobile - plasma-phonebook plasma-browser-integration - plasma-mobile-settings plasma-mobile-sounds - plasma-wayland-protocols plasma-active-window-control - plasma-phone-components plasma-redshift-control plasma-disks - plasma-firewall plasma-systemmonitor breeze breeze-gtk bluedevil - breeze-icons kdeplasma-addons keysmith kmenuedit krunner kwin - latte-dock plasma-workspace-wallpapers polkit-kde-agent - system-settings calindori discover elisa kpipewire ksysguard - attica kaccounts-integration kde-frameworkintegration kmail - kscreen akonadi akonadi-contacts akonadi-mime akonadi-notes - akonadi-search akonadi-calendar kdepim-runtime kalendar ) ) ) + ( list ) ) ) ( simple-service 'nss-profile profile-service-type diff --git a/system-configuration.scm b/system-configuration.scm index 4736b7f..db7780c 100644 --- a/system-configuration.scm +++ b/system-configuration.scm @@ -638,21 +638,7 @@ "hosts = localhost:5232\n" ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages - ( list - plasma plasma-desktop plasma-framework plasma-integration - plasma-nano plasma-nm plasma-pa plasma-pass plasma-vault - plasma-welcome plasma-workspace plasma-bigscreen plasma-mobile - plasma-phonebook plasma-browser-integration - plasma-mobile-settings plasma-mobile-sounds - plasma-wayland-protocols plasma-active-window-control - plasma-phone-components plasma-redshift-control plasma-disks - plasma-firewall plasma-systemmonitor breeze breeze-gtk bluedevil - breeze-icons kdeplasma-addons keysmith kmenuedit krunner kwin - latte-dock plasma-workspace-wallpapers polkit-kde-agent - system-settings calindori discover elisa kpipewire ksysguard - attica kaccounts-integration kde-frameworkintegration kmail - kscreen akonadi akonadi-contacts akonadi-mime akonadi-notes - akonadi-search akonadi-calendar kdepim-runtime kalendar ) ) ) + ( list ) ) ) ( simple-service 'nss-profile profile-service-type -- cgit v1.2.3 From 1a284fa4279fc2f4085a827b24de5d60c6037502 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Tue, 16 Jan 2024 11:47:49 +0100 Subject: Repair ORG-FC package After transfer to the proper git server and removal of git-daemon, the emacs-org-fc package broke due to the dangling repository link. Another problem found was that the forcible rewrite to the current email address of my patches, the commit hashes have changed. This commit fixes those problems. --- home-configuration.scm | 4 ++-- izumi.org | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 9877ebe..1b2cbe2 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -63,7 +63,7 @@ (list emacs-guix emacs-nix-mode) (list (let - ((commit* "cfab3eb8e1c25640439f10789872e28872d656a0")) + ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.0" "0" commit*)) @@ -72,7 +72,7 @@ (method git-fetch) (uri (git-reference - (url "git://localhost/marek/org-fc") + (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "0x8bxjh4r1wqh48f69x8k6gxfpixhwci365n0rh827csfjaqs5hg")))) diff --git a/izumi.org b/izumi.org index b88e976..44c0d41 100644 --- a/izumi.org +++ b/izumi.org @@ -880,7 +880,7 @@ #+BEGIN_SRC scheme (list (let - ((commit* "cfab3eb8e1c25640439f10789872e28872d656a0")) + ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.0" "0" commit*)) @@ -889,7 +889,7 @@ (method git-fetch) (uri (git-reference - (url "git://localhost/marek/org-fc") + (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "0x8bxjh4r1wqh48f69x8k6gxfpixhwci365n0rh827csfjaqs5hg")))) -- cgit v1.2.3 From 8c9f2c66672004d172cb27fa4208a8a53dbee79c Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Tue, 16 Jan 2024 12:00:08 +0100 Subject: Repair the home-bash-configuration service While searching for a way to ensure $GUIX_PROFILE is always set, I found out that the bash service should not be declared explicitly, but extended instead. This commit solves both problems by switching to home-bash-extension and then sourcing the .profile file within .bashrc . The .profile file is sourced explicitly, because sourcing indirectly by means of .bash_profile opens an infinite loop. As it turned out, the .bash_profile file sources .bashrc . --- home-configuration.scm | 8 +++++--- izumi.org | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/home-configuration.scm b/home-configuration.scm index 1b2cbe2..101dce2 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -175,13 +175,15 @@ reconfigure-home and collect-garbage))) - (service + (simple-service + 'bash-extension home-bash-service-type - (home-bash-configuration + (home-bash-extension (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) - ("update-system" . ,update-system)))))))))) + ("update-system" . ,update-system))) + (bashrc (list (plain-file "source-home-profile" "source ~/.profile\n")))))))))) diff --git a/izumi.org b/izumi.org index 44c0d41..02a7de5 100644 --- a/izumi.org +++ b/izumi.org @@ -848,16 +848,18 @@ reconfigure-home and collect-garbage))) - (service + (simple-service + 'bash-extension home-bash-service-type - (home-bash-configuration + (home-bash-extension (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) - ("update-system" . ,update-system)))))) + ("update-system" . ,update-system))) + (bashrc (list (plain-file "source-home-profile" "source ~/.profile\n")))))) #+END_SRC * [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] -- cgit v1.2.3 From f1a8593c6252a98ffcc964d2245bbf02a2aed0b6 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Tue, 16 Jan 2024 15:44:55 +0100 Subject: Enable cryptography for git Configure the GPG key for git to use. --- home-configuration.scm | 1 + home-files/gitconfig | 4 ++++ izumi.org | 1 + 3 files changed, 6 insertions(+) create mode 100644 home-files/gitconfig diff --git a/home-configuration.scm b/home-configuration.scm index 101dce2..3e61353 100644 --- a/home-configuration.scm +++ b/home-configuration.scm @@ -138,6 +138,7 @@ ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) ( list ".config/guix/channels.scm" ( local-file "channels.scm" ) ) + ( list ".gitconfig" ( local-file "home-files/gitconfig")) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore diff --git a/home-files/gitconfig b/home-files/gitconfig new file mode 100644 index 0000000..4e9c1ca --- /dev/null +++ b/home-files/gitconfig @@ -0,0 +1,4 @@ +[user] + email = marek@marekpasnikowski.pl + name = Marek Paśnikowski + signingkey = 6D81B1207711899F diff --git a/izumi.org b/izumi.org index 02a7de5..25cf9ab 100644 --- a/izumi.org +++ b/izumi.org @@ -803,6 +803,7 @@ ( list ( list ".emacs" ( local-file "home-files/emacs-configuration.el" ) ) ( list ".config/guix/channels.scm" ( local-file "channels.scm" ) ) + ( list ".gitconfig" ( local-file "home-files/gitconfig")) ( list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore -- cgit v1.2.3 From de2092343301239ff4f5c0aa3f80688346c4b777 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Thu, 18 Jan 2024 12:56:21 +0100 Subject: Enable autoSetupRemote for git I always use branches to test changes before commiting them to master. The default behavior of git with regards to pushing new branches was getting tiring, so I decided switch the suggested option. --- home-files/gitconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home-files/gitconfig b/home-files/gitconfig index 4e9c1ca..5195158 100644 --- a/home-files/gitconfig +++ b/home-files/gitconfig @@ -2,3 +2,6 @@ email = marek@marekpasnikowski.pl name = Marek Paśnikowski signingkey = 6D81B1207711899F + +[push] + autoSetupRemote = true -- cgit v1.2.3