my-guix/config.scm

798 lines
25 KiB
Scheme
Raw Permalink Normal View History

2024-11-04 16:32:24 +00:00
(use-modules
(gnu)
(guix store)
(guix packages)
(gnu packages databases)
(rosenthal packages binaries)
(rosenthal packages emacs-xyz)
(guix transformations)
(gnu packages audio)
(gnu packages librewolf)
(gnu packages sqlite)
(gnu packages gdb)
(gnu packages graphics)
(gnu packages java)
(gnu packages fcitx5)
(gnu packages ibus)
(gnu packages gnuzilla)
(gnu services mcron)
(gnu packages haskell)
(gnu packages ebook)
(gnu packages lisp-xyz)
(gnu packages rust-apps)
(rde features bluetooth)
(gnu packages jami)
(gnu packages suckless)
(gnu packages finance)
(gnu packages pdf)
(gnu packages cran)
(gnu packages kde)
(gnu packages tex)
(gnu packages samba)
(gnu packages docker)
(gnu services docker)
(gnu services certbot)
(gnu services auditd)
(gnu packages unicode)
(gnu packages python-build)
(gnu packages glib)
(gnu packages mail)
(gnu packages gcc)
(gnu packages rust)
(guix git-download)
(guix git)
(gnu packages
commencement)
(gnu packages golang)
(gnu packages haskell-xyz)
(gnu packages kde-pim)
(gnu packages guile-xyz)
(gnu packages python-xyz)
(gnu packages pulseaudio)
(gnu packages texinfo)
(gnu packages cmake)
(gnu packages mpd)
(gnu packages disk)
(gnu packages android)
(gnu packages freedesktop)
(gnu packages image)
(gnu packages terminals)
(gnu packages music)
(gnu packages compton)
(gnu packages version-control)
(gnu packages lxqt)
(gnu packages file-systems)
(gnu services base)
(gnu packages base)
(gnu packages xfce)
(guix channels)
(guix inferior)
(srfi srfi-1)
(gnu packages tor)
(gnu packages commencement)
(gnu packages image-viewers)
(gnu packages messaging)
(gnu packages vim)
(gnu packages gstreamer)
(gnu packages virtualization)
(gnu packages web-browsers)
(gnu services)
(gnu services vpn)
(gnu services dbus)
(gnu services shepherd)
(gnu system shadow)
(gnu services configuration)
(gnu packages build-tools)
(gnu packages admin)
(gnu packages qt)
(gnu packages lxde)
(gnu packages python)
(gnu packages bittorrent)
(gnu packages chromium)
(gnu packages compression)
(gnu packages ncurses)
(gnu packages web)
(gnu packages fonts)
(gnu packages vpn)
(gnu packages curl)
(gnu packages password-utils)
(gnu packages emacs)
(gnu packages node)
(gnu packages emacs-xyz)
(gnu packages engineering)
(gnu packages fontutils)
(gnu packages gimp)
(gnu packages gnome)
(gnu packages gnome-xyz)
(gnu packages gnupg)
(gnu packages haskell-apps)
(gnu packages imagemagick)
(gnu packages libreoffice)
(gnu packages linux)
(gnu packages package-management)
(gnu packages rsync)
(gnu packages ssh)
(gnu packages telegram)
(gnu packages video)
(gnu packages wm)
(gnu packages benchmark)
(gnu packages xdisorg)
(gnu packages xorg)
(gnu home services gnupg)
(gnu home services xdg)
(gnu packages lisp)
(gnu packages networking)
(gnu packages security-token)
(gnu packages tls)
(nongnu packages compression)
(nongnu packages clojure)
(nongnu packages linux)
(nongnu system linux-initrd))
(use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization)
(use-package-modules package-management version-control gcc bash certs admin linux)
(define my-kernel linux)
(define xmonad-0.18.0
(package
(inherit xmonad)
(version "0.18.0")))
(define my-packages
(list
xmonad-0.18.0
))
(operating-system
(kernel my-kernel)
(kernel-arguments
'("quiet" ; Reduces boot verbosity
"noatime" ; Disables access time updates for performance
"zswap.enabled=1" ; Enables zswap for compressed caching of swap pages
"zswap.compressor=zstd" ; Sets zswap compressor to zstd for efficiency
"zswap.max_pool_percent=36"; Configures zswap to use up to 36% of RAM
"elevator=deadline" ; Sets the I/O scheduler to deadline for balanced performance
"mitigations=auto" ; Enables CPU mitigations as appropriate (security vs performance)
"ksm=1" ; Allows Kernel Samepage Merging for memory efficiency
"spectre_v2=on" ; Enables Spectre v2 mitigations
"nopti" ; Disables Page Table Isolation for performance (may impact security)
"rootflags=data=writeback" ; Improves performance for writes with writeback caching
"transparent_hugepage=madvise" ; Uses transparent huge pages with advice for allocations
"maxcpus=4" ; Limits CPU cores for the kernel (can be set to auto for all)
"noirqdebug" ; Disables IRQ debugging messages
"watchdog" ; Enables hardware watchdog
"noreplace-smp" ; Avoids replacing the SMP kernel after a panic
"softlockup_panic" ; Causes kernel panic if a soft lockup is detected
"preempt=full" ; Enables full preemptive kernel for better responsiveness
"sysrq_always_enabled=1" ; Keeps SysRq features enabled
"ipv6.disable=1" ; Disables IPv6 support to potentially simplify networking
"oem" ; OEM specific configurations
"amdgpu.ppfeaturemask=0xffffffff" ; Configures all powerplay features for AMD GPU
"amdgpu.dc=1" ; Enable Display Core for better graphics handling
"amdgpu.dpm=1" ; Enable Dynamic Power Management for AMD GPU
"amdgpu.aspm=1" ; Enable Active State Power Management on AMD GPUs
"irqaffinity=1" ; Assign IRQs to CPUs to improve stability
"cpufreq.default_governor=performance"; CPU runs at maximum speed for optimal performance
))
(initrd microcode-initrd)
(firmware (list linux-firmware))
(locale "en_US.utf8")
(timezone "America/Sao_Paulo")
(keyboard-layout (keyboard-layout "br"))
(host-name "lisp")
;; The list of user accounts ('root' is implicit).
(users (cons* (user-account
(name "berkeley")
(comment "Berkeley")
(group "users")
(home-directory "/home/berkeley")
(supplementary-groups '("wheel" "netdev" "audio" "video" "plugdev")))
%base-user-accounts))
;; Packages installed system-wide. Users can also install packages
;; under their own account: use 'guix search KEYWORD' to search
;; for packages and 'guix install PACKAGE' to install a package.
(packages (append (list
;emacs-org-roam
;emacs-org-roam-ui
postgresql
;foliate
polybar
gstreamer
gst-plugins-bad
gst-plugins-good
nyxt
cmus
v4l-utils
xdg-utils
curl
gthumb
mangohud
containerd
qtsolutions
glances
zstd
sqlite
mpv
kitty
maim
;;
procps
scrot
mupdf
zathura
matterbridge
sbcl
go
clisp
fdm
;;jami
;navidrome-bin
;mullvad-vpn
smartmontools
;;
udevil
samba
cifs-utils
mergerfs
parted
net-tools
ntfs-3g
texlive-lua-uni-algos
texlive-csplain
texlive-lua-uni-algos
texlive-pwebmac
texlive-olsak-misc
texlive-pdfoverlay
texlive-texosquery
texlive-pdfx
texlive-pdfprivacy
texlive-pdfcomment
texlive-iftex
texlive-tex
texlive-montex
texlive-pdfescape
texlive-texdef
texlive-pdfpages
extractpdfmark
texlive-csplain
poppler-qt5
poppler
texlive-pdf14
texlive-thumbpdf
texlive-pax
texlive-etex
texlive-axodraw2
texlive-repltext
texlive-luatex
texlive-hyperref
texlive-xetex
texlive-pdftexcmds
texlive-epstopdf
texlive-epsf-dvipdfmx
texlive-dvipdfmx
texlive-texsurgery
texlive-ptex2pdf
texlive-jadetex
texlive-texlogfilter
texlive-svg-inkscape
texlive-purifyeps
texlive-navigator
texlive-latex-uni8
texlive-biblatex
texlive-latex-make
texlive-pgf
texlive-pdftricks
texlive-pdflatexpicscale
texlive-pdfmanagement-testphase
texlive-pdflatexpicscale
texlive-pdfextra
texlive-tagpdf
texlive-pdfreview
texlive-pdfmsym
texlive-mptopdf
texlive-inter
texlive-pdftex-quiet
texlive-pdftex
texlive-knuth-pdf
texlive-xmltexconfig
texlive-pdfjam
texlive-luatex85
texlive-grayhints
texlive-fig4latex
texlive-tpic2pdftex
texlive-pst2pdf
texlive-pdfslide
texlive-minim-pdf
texlive-hvextern
texlive-flippdf
texlive-combinedgraphics
texlive-autopdf
texlive-xetex-pstricks
texlive-texonly
texlive-scikgtex
texlive-pdfsync
texlive-mathastext
texlive-luainputenc
texlive-pdfcomment
texlive-pdfprivacy
texlive-pdfoverlay
texlive-pdfpages
texlive-latexmk
texlive-hyperxmp
texlive-datetime2-en-fulltext
texlive-commonunicode
texlive-pict2e
texlive-intopdf
texlive-filemod
texlive-textcsc
texlive-texpower
texlive-texdoc
texlive-pst-pdf
texlive-pdfpc-movie
texlive-pdfmarginpar
texlive-pdfbook2
texlive-pdf-trans
texlive-lobster2
texlive-hitex
texlive-epstopdf-pkg
texlive-epspdfconversion
texlive-collection-luatex
texlive-bxpdfver
texlive-asmeconf
texlive-synctex
texlive-pdfcolmk
texlive-pdfcolfoot
texlive-lapdf
texlive-fixpdfmag
python-pdfminer-six
texlive-zhmetrics-uptex
texlive-xpdfopen
texlive-xcpdftips
texlive-quattrocento
texlive-pdfxup
texlive-pdfpc
texlive-pdfarticle
texlive-oswald
texlive-nunito
texlive-magra
texlive-librebaskerville
texlive-l3experimental
texlive-knuth-hint
texlive-forum
texlive-epspdf
texlive-dickimaw
texlive-convbkmk
texlive-changebar
texlive-cascadia-code
texlive-cabin
texlive-bitter
texlive-auto-pst-pdf-lua
texlive-arvo
texlive-archivo
texlive-sanitize-umlaut
texlive-protex
texlive-pdftricks2
texlive-pdflscape
texlive-ocg-p
texlive-minim-xmp
texlive-gregoriotex
texlive-docshots
texlive-biber
emacs-latex-preview-pane
texlive-pwebmac
texlive-olsak-misc
texlive-pdfoverlay
texlive-texosquery
texlive-pdfx
texlive-pdfprivacy
texlive-pdfcomment
texlive-iftex
texlive-tex
texlive-montex
texlive-pdfescape
texlive-texdef
texlive-pdfpages
texlive-twemoji-colr
texlive-noto-emoji
texlive-hwemoji
texlive-byo-twemojis
unicode-emoji
texlive-twemojis
texlive-emojicite
texlive-emoji
texlive-scheme-basic
texlive-cm-super
texlive-listings
texmaker
texlive-pgf
texlive-beamer
texlive-hyperref
alacritty
libxfont
libxft
;;protonup-ng
wipe
imagemagick
unzip
compton
p7zip
gedit
htop
openjdk
;;element-desktop
;; bluetooth
bluez
blueman
;; ime
fcitx5
fcitx5-gtk
fcitx5-qt
fcitx5-anthy
fcitx5-gtk4
fcitx5-configtool
netdiscover
fping
gparted
texstudio
texlive-bibtex
bcachefs-tools
whois
python-pip
setxkbmap
xfe
;;clamav
libbluray
libaacs
libbdplus
vim
neovim
;emacs-telega
cmake
neofetch
kleopatra
flatpak
fuse
pfetch
icecat
qutebrowser
;;mullvadbrowser
nftables
git-lfs
ghc-git-lfs
hashcat
haunt
openssl
flameshot
openshot
obs
go
;ffmpeg-vvdec
lm-sensors
vlc
virt-manager
guix
nsxiv
git
inxi
tor
monero-gui
; emacs-org-roam
torsocks
tor-client
privoxy
terminator
openvpn
kiwix-tools
librewolf
pavucontrol
pavucontrol-qt
emacs
keepassxc
wireshark
tcpdump
nmap
firejail
xf86-video-amdgpu
asciinema
alsa-lib
alsa-utils
binutils
dbus
xset
lxrandr
dosfstools
elogind
qtox
exfat-utils
exfatprogs
fuse-exfat
gnupg
libinput
texinfo
xf86-input-keyboard
xf86-input-libinput
xf86-input-mouse
xf86-input-synaptics
;;emacs-org-timeblock
xrandr
ungoogled-chromium
qbittorrent
macchanger
;ghc-ncurses
guile-ncurses
;ncurses
;guile
;emacs-geiser
;emacs-geiser-guile
fontconfig
picom
mpd
brightnessctl
feh
gimp
fzf
xmodmap
rofi
coreutils
qemu
xwininfo
xprop
xpra
libfido2
grep
iptables
node
jq
python
sed
nomacs
meson
ncurses
;;ueberzug++
;; lots of fonts from package fonts.scm
font-adobe-source-code-pro font-adobe-source-han-sans
font-adobe-source-sans-pro font-adobe-source-serif-pro
font-anonymous-pro font-anonymous-pro-minus font-awesome
font-cns11643 font-cns11643-swjz font-comic-neue font-culmus
font-dejavu font-dosis font-dseg font-fantasque-sans font-fira-code
font-fira-mono font-fira-sans font-fontna-yasashisa-antique
font-google-material-design-icons font-google-noto font-google-roboto
font-hack font-hermit font-ibm-plex font-inconsolata font-iosevka
font-iosevka-aile font-iosevka-etoile font-iosevka-slab
font-iosevka-term font-iosevka-term-slab
font-ipa-mj-mincho font-jetbrains-mono font-lato font-liberation
font-linuxlibertine font-lohit font-meera-inimai font-mononoki
font-mplus-testflight
font-public-sans font-rachana font-sarasa-gothic font-sil-andika
font-sil-charis font-sil-gentium font-tamzen font-terminus
font-tex-gyre font-un font-vazir font-wqy-microhei
font-wqy-zenhei
python-emoji
ghc-emojis
ghc
guile-semver
ranger
xmessage
xrdb
xmonad
sysbench
xmobar
ghc
ghc-xmonad-contrib
gcc
gcc-toolchain
linux-libre-headers
yt-dlp
rofi
emacs-emojify
unicode-emoji
;;rust-unic-emoji-char
r-emojifont
font-google-noto-emoji
;; font-apple-color-emoji
emacs-company-emoji
font-openmoji
vim-characterize
extractpdfmark
poppler-qt5
poppler
python-pdfminer-six
lz4
zstd
rust
blueman
bluez
bluez-alsa
;goldendict-ng
;suckless-dictpopup
;;rust-version-check
;;rust-deunicode
nheko
lf
fuse
;; lots of fonts from package xorg.scm
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
font-misc-misc font-mutt-misc font-schumacher-misc
font-screen-cyrillic font-sony-misc font-sun-misc font-util
font-winitzki-cyrillic font-xfree86-type1
youtube-dl
noisetorch
linux-firmware
nix
dmidecode
(specification->package "i3-wm")
(specification->package "dmidecode")
(specification->package "i3status")
(specification->package "dmenu")
(specification->package "st")
(specification->package "emacs")
(specification->package "jami")
(specification->package "steam")
(specification->package "texstudio")
(specification->package "libreoffice")
(specification->package "qemu")
(specification->package "telegram-desktop")
(specification->package "alacritty")
(specification->package "xkill")
(specification->package "guile")
(specification->package "ueberzug++")
(specification->package "fcitx5-gtk4")
(specification->package "fcitx5-qt")
(specification->package "fcitx5-gtk")
(specification->package "torbrowser")
(specification->package "unrar")
(specification->package "nicotine+")
(specification->package "icecat")
(specification->package "qutebrowser")
(specification->package "gimp")
(specification->package "tor-client")
(specification->package "make")
(specification->package "element-desktop")
(specification->package "font-apple-color-emoji")
(specification->package "xmonad")
(specification->package "xmobar")
(specification->package "xmodmap")
(specification->package "rofi")
(specification->package "bluez-alsa")
(specification->package "bluez")
(specification->package "fuse")
(specification->package "blueman")
(specification->package "navidrome-bin"))
%base-packages))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
;;(home-environment (packages (cons* anki ))) ;; figure out how to install it from here
;;(home-environment (packages (cons* anki ))) ;; figure out how to install it from here
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list
(service bluetooth-service-type
(bluetooth-configuration
(auto-enable? #t)))
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
-A INPUT -p tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp --dport 631 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
COMMIT
"))))
(simple-service 'blueman dbus-root-service-type (list blueman))
(simple-service 'my-jp-ime-env session-environment-service-type
'(("GTK_IM_MODULE" . "fcitx")
("QT_IM_MODULE" . "fcitx")
("GUIX_GTK2_IM_MODULE_FILE" . "/run/current-system/profile/lib/gtk-2.0/2.10.0/immodules-gtk2.cache")
("GUIX_GTK3_IM_MODULE_FILE" . "/run/current-system/profile/lib/gtk-3.0/3.0.0/immodules-gtk3.cache")
("XMODIFIERS=@im=" . "fcitx")
("INPUT_METHOD" . "fcitx")
("XIM_PROGRAM" . "fcitx")
("GLFW_IM_MODULE" . "ibus")))
(service docker-service-type)
(service containerd-service-type)
(service nix-service-type)
(service tor-service-type
(tor-configuration
(config-file (plain-file "torrc"
"HttpTunnelPort 9050\n\
VirtualAddrNetwork 10.192.0.0/10\n\
AutomapHostsOnResolve 1\n\
TransPort 9040\n\
DNSPort 53\n\
SOCKSPort 0\n\
ORPort 443\n\
BridgeRelay 1\n\
ExitRelay 0"))))
(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")
(tls-port "16555")))
(simple-service 'my-jp-ime-env session-environment-service-type
'(("GTK_IM_MODULE" . "fcitx")
("QT_IM_MODULE" . "fcitx")
("GUIX_GTK2_IM_MODULE_FILE" . "/run/current-system/profile/lib/gtk-2.0/2.10.0/immodules-gtk2.cache")
("GUIX_GTK3_IM_MODULE_FILE" . "/run/current-system/profile/lib/gtk-3.0/3.0.0/immodules-gtk3.cache")
("XMODIFIERS=@im=" . "fcitx")
("INPUT_METHOD" . "fcitx")
("XIM_PROGRAM" . "fcitx")
("GLFW_IM_MODULE" . "ibus")))
(service zram-device-service-type
(zram-device-configuration
(size (* 2 (expt 2 30)))
(compression-algorithm 'zstd)
(priority 100)))
(service mcron-service-type
(mcron-configuration
(jobs (list #~(job "10 15 * * *"
"find /tmp/mpv-screenshots/ -type f \\( -iname '*.png' -o -iname '*.jpg' \\) -exec sh -c 'cwebp -q 80 \"$0\" -o \"${0%.*}.webp\" && rm \"$0\"' {} \\;")))))
(set-xorg-configuration
(xorg-configuration
(keyboard-layout keyboard-layout))))
%desktop-services))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/nvme0n1"))
(theme (grub-theme
(resolution '(1920 . 1080))
(image (local-file "/var/cache/wallpaper.png"))))))
(swap-devices (list (swap-space
(priority 50)
(target (uuid
"85b7b3d8-657a-443c-b010-52d224bc4483")))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "02E2-0AB2"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device (uuid "38467002-a282-4387-8319-cff6d93cd23b" 'ext4))
(type "ext4"))
(file-system
(mount-point "/files")
(device (uuid "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" 'ext4))
(type "ext4"))
(file-system
(mount-point "/var/cache")
(device (uuid "9d009d01-d635-4d56-987a-ffc2699da9fb" 'ext4))
(type "ext4"))
%base-file-systems)))