9 files changed, 167 insertions, 45 deletions

diff --git a/modules/core/common.nix b/modules/core/common.nix
index f394b038..9c9c7a67 100644
--- a/modules/core/common.nix
+++ b/modules/core/common.nix
@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 with lib;
 
@@ -41,9 +41,7 @@ with lib;
       vuizvui = import ../../pkgs { inherit pkgs; };
     });
 
-    nix.binaryCaches = options.nix.binaryCaches.default ++ [
-      "https://headcounter.org/hydra/"
-    ];
+    nix.binaryCaches = [ "https://headcounter.org/hydra/" ];
     nix.binaryCachePublicKeys = [
       "headcounter.org:/7YANMvnQnyvcVB6rgFTdb8p5LG1OTXaO+21CaOSBzg="
     ];
diff --git a/modules/module-list.nix b/modules/module-list.nix
index c75b8dae..df539e6e 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -11,6 +11,7 @@
   ./programs/fish/fasd.nix
   ./services/postfix
   ./services/starbound.nix
+  ./services/guix.nix
   ./system/iso.nix
   ./system/kernel/bfq
   ./system/kernel/rckernel.nix
diff --git a/modules/services/guix.nix b/modules/services/guix.nix
new file mode 100644
index 00000000..287ac619
--- /dev/null
+++ b/modules/services/guix.nix
@@ -0,0 +1,106 @@
+# ATTN: this is a WIP service, use at your own risk!
+{ config, lib, pkgs, ... }:
+# https://www.gnu.org/software/guix/manual/en/html_node/Binary-Installation.html
+
+let
+  guixBinaryTar = pkgs.fetchurl {
+    url = "https://alpha.gnu.org/gnu/guix/guix-binary-0.16.0.x86_64-linux.tar.xz";
+    sha256 = "049l0zim30cd0gyly2h3jaw4cshdk78h7xdb9ac173h72i13afbj";
+  };
+
+  #*/
+  guixInstallScriptIdempotent = pkgs.writeScript "guix-install.sh" ''
+    #!/bin/sh
+    set -euo pipefail
+
+    # extract guix
+    if ! test -e /gnu; then
+      echo "INFO: installing guix"
+
+      tmp=$(mktemp -d)
+      pushd $tmp >/dev/null
+      export PATH=${pkgs.xz}/bin:$PATH
+      ${pkgs.gnutar}/bin/tar xf ${guixBinaryTar}
+      mkdir -p /var
+      cp -r ./var/guix /var
+      cp -r ./gnu /
+      popd >/dev/null
+
+      # XXX
+      # change the mtime of all compiled guile files,
+      # because tar in this script somehow changes the mtime
+      # of extracted files to the current time, and nobody knows
+      # why. If the sources are newer than the .go files, guile
+      # will try to recompile everything.
+      find /gnu/store/ -ipath "*guile*ccache*/*.go" | xargs touch -m
+    fi
+
+    # install root user profile
+    if ! test -e /root/.config/guix/current; then
+      mkdir -p /root/.config/guix
+      ln -s /var/guix/profiles/per-user/root/current-guix \
+        /root/.config/guix/current
+    fi
+
+    echo INFO: finished installing guix!
+  '';
+
+  guixBuildGroup = "guixbuilders";
+
+  guixBuildUser = id: {
+    name = "guix-build-user-${toString id}";
+    createHome = false;
+    description = "Guix build user ${toString id}";
+    extraGroups = [ guixBuildGroup ];
+    isSystemUser = true;
+  };
+
+  guixBuildUsers = numberOfUsers:
+    builtins.listToAttrs
+      (map (user: {
+        name = user.name;
+        value = user;
+      }) (builtins.genList guixBuildUser numberOfUsers));
+in
+{
+  options = {
+    vuizvui.services.guix.enable =
+      lib.mkEnableOption "the guix daemon and init /gnu/store";
+  };
+
+  config = lib.mkIf config.vuizvui.services.guix.enable {
+    users.users = guixBuildUsers 10;
+    users.groups = { "${guixBuildGroup}" = {}; };
+
+    systemd.services.guix-install = {
+      serviceConfig = {
+        ExecStart = guixInstallScriptIdempotent;
+        Type = "oneshot";
+      };
+    };
+
+    systemd.services.guix-daemon = {
+      serviceConfig = {
+        ExecStart = "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=${guixBuildGroup}";
+        Environment = "GUIX_LOCPATH=/var/guix/profiles/per-user/root/guix-profix/lib/locale";
+        RemainAfterExit = true;
+        StandardOutput = "syslog";
+        StandardError = "syslog";
+        TasksMax = 8192;
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "guix-install.service" ];
+      wants = [ "guix-install.service" ];
+    };
+
+    environment.shellInit = ''
+      export GUIX_PROFILE="$HOME/.config/guix/current"
+      source $GUIX_PROFILE/etc/profile
+      export GUIX_LOCPATH="${pkgs.glibcLocales}/lib/locale"
+      export INFOPATH="$GUIX_PROFILE/share/info:$INFOPATH"
+
+      guix archive --authorize < \
+        /root/.config/guix/current/share/guix/ci.guix.info.pub
+    '';
+  };
+}
diff --git a/modules/user/aszlig/profiles/workstation/default.nix b/modules/user/aszlig/profiles/workstation/default.nix
index e9893f29..ec195727 100644
--- a/modules/user/aszlig/profiles/workstation/default.nix
+++ b/modules/user/aszlig/profiles/workstation/default.nix
@@ -25,7 +25,12 @@ in {
     in singleton (pkgs.writeScriptBin "xreset" ''
       #!${pkgs.stdenv.shell}
       ${pkgs.xorg.xrandr}/bin/xrandr ${concatStringsSep " " randrConf}
-    '') ++ import ./packages.nix pkgs;
+    '') ++ import ./packages.nix pkgs ++ [
+      (pkgs.vuizvui.aszlig.psi.override {
+        jid = "aszlig@aszlig.net";
+        resource = config.networking.hostName;
+      })
+    ];
 
     environment.pathsToLink = lib.singleton "/share/chromium/extensions";
 
@@ -117,6 +122,9 @@ in {
 
     vuizvui.system.kernel.zswap.enable = true;
 
+    location.latitude = 48.4284;
+    location.longitude = 10.866;
+
     services = {
       openssh.enable = true;
 
@@ -144,8 +152,6 @@ in {
 
       redshift = {
         enable = true;
-        latitude = "48.428404";
-        longitude = "10.866007";
         temperature.day = 5500;
         temperature.night = 3500;
       };
diff --git a/modules/user/aszlig/profiles/workstation/packages.nix b/modules/user/aszlig/profiles/workstation/packages.nix
index 72b04be1..093e2bed 100644
--- a/modules/user/aszlig/profiles/workstation/packages.nix
+++ b/modules/user/aszlig/profiles/workstation/packages.nix
@@ -17,7 +17,6 @@ pkgs: with pkgs; [
   figlet
   firefox
   flac
-  gajim
   gdb
   ghostscript
   vuizvui.aszlig.git-detach
@@ -62,7 +61,6 @@ pkgs: with pkgs; [
   radare2
   rlwrap
   rsync
-  vuizvui.aszlig.santander
   samplicator
   screen
   scrot
diff --git a/modules/user/aszlig/programs/zsh/default.nix b/modules/user/aszlig/programs/zsh/default.nix
index fb3b9a49..e66be125 100644
--- a/modules/user/aszlig/programs/zsh/default.nix
+++ b/modules/user/aszlig/programs/zsh/default.nix
@@ -41,25 +41,26 @@ in {
     programs.zsh.shellAliases.t = "task";
     programs.zsh.shellAliases.p = "gopass";
 
+    programs.zsh.setOptions = lib.mkForce [
+      "auto_cd"
+      "auto_pushd"
+      "beep"
+      "correct"
+      "dvorak"
+      "extended_glob"
+      "extended_history"
+      "hist_fcntl_lock"
+      "hist_ignore_dups"
+      "hist_no_store"
+      "hist_reduce_blanks"
+      "interactive_comments"
+    ];
+
     programs.zsh.interactiveShellInit = mkAfter ''
       export HISTFILE=~/.histfile
       export HISTSIZE=100000
       export SAVEHIST=100000
 
-      unsetopt SHARE_HISTORY
-
-      setopt extendedglob
-      setopt extendedhistory
-      setopt globcomplete
-      setopt histnostore
-      setopt histreduceblanks
-      setopt correct
-      setopt dvorak
-      setopt interactivecomments
-      setopt autopushd
-      setopt autocd
-      setopt beep
-
       bindkey -v
       if [[ "$TERM" = xterm ]]; then
         bindkey -v '\e[H' vi-beginning-of-line
@@ -110,9 +111,6 @@ in {
       zstyle ':completion:*' use-compctl false
       zstyle ':completion:*' verbose true
 
-      autoload -Uz compinit
-      compinit
-
       autoload -Uz zmv
     '';
 
diff --git a/modules/user/devhell/profiles/base.nix b/modules/user/devhell/profiles/base.nix
index 17fdf073..cba7f19e 100644
--- a/modules/user/devhell/profiles/base.nix
+++ b/modules/user/devhell/profiles/base.nix
@@ -33,7 +33,6 @@ in {
 
     hardware = {
       enableAllFirmware = true;
-      cpu.intel.updateMicrocode = true;
       opengl = {
         s3tcSupport = true;
         driSupport32Bit = true;
@@ -41,6 +40,7 @@ in {
       pulseaudio = {
         enable = true;
         systemWide = false;
+        extraConfig = "load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1";
       };
     };
 
@@ -48,7 +48,7 @@ in {
 
     users.users.dev = {
       isNormalUser = true;
-      extraGroups = [ "plugdev" "docker" "vboxusers" "wheel" "mpd" "libvirtd" "wireshark" ];
+      extraGroups = [ "plugdev" "docker" "vboxusers" "wheel" "mpd" "libvirtd" "wireshark" "video" "audio" ];
       uid = 1000;
       shell = "${pkgs.zsh}/bin/zsh";
     };
@@ -111,7 +111,7 @@ in {
         ttf_bitstream_vera
         ubuntu_font_family
         unifont
-        vistafonts
+        #vistafonts
         wqy_microhei
       ] ++ lib.filter lib.isDerivation (lib.attrValues lohit-fonts);
     };
diff --git a/modules/user/devhell/profiles/packages.nix b/modules/user/devhell/profiles/packages.nix
index 47a96100..a37381c9 100644
--- a/modules/user/devhell/profiles/packages.nix
+++ b/modules/user/devhell/profiles/packages.nix
@@ -16,7 +16,9 @@ in {
       };
 
       polybar = super.polybar.override {
-        i3Support = true;
+        nlSupport = true;
+        pulseSupport = true;
+        i3GapsSupport = true;
         mpdSupport = true;
       };
 
@@ -130,6 +132,7 @@ in {
       hplipWithPlugin
       htop
       i3lock-color
+      i3lock-fancy
       iftop
       imagemagick
       iotop
@@ -173,6 +176,7 @@ in {
       netrw
       netsniff-ng
       nitrogen
+      nitrokey-udev-rules
       nixops
       nload
       nmap
@@ -245,6 +249,7 @@ in {
       vlock
       vorbisTools
       vorbisgain
+      vscodium
       w3m
       wavpack
       weechat
diff --git a/modules/user/devhell/profiles/services.nix b/modules/user/devhell/profiles/services.nix
index 144dcaff..927fa3e9 100644
--- a/modules/user/devhell/profiles/services.nix
+++ b/modules/user/devhell/profiles/services.nix
@@ -22,30 +22,46 @@ in {
       };
     };
 
+    location.provider = "geoclue2";
+
     services = {
       keybase.enable = true;
       pcscd.enable = true;
       gpm.enable = true;
       openssh.enable = true;
-      thermald.enable = true;
       udisks2.enable = true;
       geoip-updater.enable = true;
       geoclue2.enable = true;
+      redshift.enable = true;
 
-      redshift = {
+      compton = {
         enable = true;
-        provider = "geoclue2";
+        vSync = true;
+        backend = "glx";
       };
     };
 
-    services.offlineimap = {
-      enable = true;
-      install = true;
-      path = [ pkgs.notmuch ];
-    };
 
     services.xserver = {
-      displayManager.lightdm.enable = true;
+      displayManager.lightdm = {
+        enable = true;
+        greeters.mini = {
+          enable = true;
+          user = "dev";
+          extraConfig = ''
+            [greeter]
+            show-password-label = true
+            password-label-text = >
+            show-input-cursor = false
+            [greeter-theme]
+            text-color = "#4C566A"
+            window-color = "#3B4252"
+            border-width = 0px
+            layout-space = 5
+            password-background-color = "#3B4252"
+          '';
+        };
+      };
       desktopManager.xterm.enable = false;
       desktopManager.default = "none";
     };
@@ -58,12 +74,6 @@ in {
       };
     };
 
-    services.syncthing = {
-      enable = true;
-      user = "dev";
-      dataDir = "/home/dev/syncthing/";
-    };
-
     services.journald.extraConfig = ''
       SystemMaxUse = 50M
     '';