Add cyberchef to gitea host and big rework on user

.gitattributes

@@ -1,2 +1 @@
 *.png filter=lfs diff=lfs merge=lfs -text
-*.enc filter=git-crypt diff=git-crypt

hosts/gitea/pkgs/cyberchef/default.nix

@@ -0,0 +1,35 @@
+{ pkgs ? import <nixpkgs> {}
+, stdenv ? pkgs.stdenv
+, lib ? pkgs.lib
+, ...
+}:
+stdenv.mkDerivation rec {
+  pname = "cyberchef";
+  version = "10.4.0";
+
+  src = pkgs.fetchzip {
+    url = "https://github.com/gchq/CyberChef/releases/download/v${version}/CyberChef_v${version}.zip";
+    sha256 = "sha256-BjdeOTVZUMitmInL/kE6a/aw/lH4YwKNWxdi0B51xzc=";
+    stripRoot = false;
+  };
+
+  nativeBuildInputs = [
+    pkgs.unzip
+  ];
+
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    mkdir $out
+    cp -r ${src}/* $out
+    cp -r $out/CyberChef_v${version}.html $out/index.html
+
+  '';
+
+  meta = with lib; {
+    description = " The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis";
+    homepage = "https://gchq.github.io/CyberChef";
+    license = licenses.mit;
+    maintainers = with maintainers; [ nyxkrage ];
+  };
+}

hosts/gitea/services/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./gitea.nix
     ./postgres.nix
+    ./nginx.nix
     ./sshd.nix
   ];
 }

hosts/gitea/services/nginx.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }: {
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts."static" = {
+      default = true;
+      listen = [{
+        ssl = false;
+        port = 8000;
+        addr = "0.0.0.0";
+      }];
+      root = pkgs.callPackage ../pkgs/cyberchef {};
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 8000 ];
+}

hosts/proxy/default.nix

@@ -0,0 +1,39 @@
+{ config
+, modulesPath
+, pkgs
+, ...
+}: {
+  imports = [
+    ./hardware.nix
+    (import ../common/network.nix { hostName = "proxy"; macAddresses = [ "00:50:50:00:00:00" ]; ipv4Addresses = [ "192.168.1.5" ]; })
+    ../common
+    
+    ./services
+  ];
+
+  users.users.admin = {
+    isNormalUser = true;
+    description = "Proxy Administrator";
+    hashedPassword = "$y$j9T$oL/jNqI1yz65OuUnJvpCn1$MC7.xSyvprru7QmqQVsGyBKZf2b4w7R7U.TmfzSBY39";
+    extraGroups = [
+      "wheel" # Sudoer
+    ];
+    shell = pkgs.bash;
+  };
+  nix.settings.build-cores = 2;
+
+  graphical = false;
+  vm-guest = true;
+
+  sops = {
+    defaultSopsFile = ../../secrets/proxy.yaml;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}

hosts/proxy/services/default.nix

@@ -0,0 +1,6 @@
+{ ...} : {
+  imports = [
+    ./nginx.nix
+    ./sshd.nix
+  ];
+}

hosts/proxy/services/nginx.nix

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }: {
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts."static" = {
+      default = true;
+      root = ./.
+    }
+  };
+}

hosts/proxy/services/sshd.nix

@@ -0,0 +1,7 @@
+{ config, ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+  };
+  networking.firewall.allowedTCPPorts = config.services.openssh.ports;
+}

users/carsten/conf/doom/config.el

@@ -77,13 +77,22 @@
 ;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
 ;; they are implemented.
 
-(defun ctp/org-heading-colors ()
-  (face-remap-add-relative 'org-level-1 (list :foreground (catppuccin-get-color 'blue)))
-  (face-remap-add-relative 'org-level-2 (list :foreground (catppuccin-get-color 'red)))
-  (face-remap-add-relative 'org-level-3 (list :foreground (catppuccin-get-color 'green)))
-  (face-remap-add-relative 'org-level-4 (list :foreground (catppuccin-get-color 'lavender)))
-  (face-remap-add-relative 'org-level-5 (list :foreground (catppuccin-get-color 'yellow)))
-  (face-remap-add-relative 'org-level-6 (list :foreground (catppuccin-get-color 'maroon)))
-  (face-remap-add-relative 'org-level-7 (list :foreground (catppuccin-get-color 'teal)))
-  (face-remap-add-relative 'org-level-8 (list :foreground (catppuccin-get-color 'mauve))))
-(add-hook! 'org-mode-hook 'ctp/org-heading-colors)
+(use-package! org
+  :config
+  (setq org-src-fontify-natively t)
+  (add-to-list 'org-src-block-faces '("" '(:foreground (catppuccin-get-color 'green))))
+
+  (defun ctp/text-org-blocks ()
+    (face-remap-add-relative 'org-block (list :foreground (catppuccin-get-color 'text))))
+  (add-hook! 'org-mode-hook 'ctp/text-org-blocks)
+
+  (defun ctp/org-heading-colors ()
+    (face-remap-add-relative 'org-level-1 (list :foreground (catppuccin-get-color 'blue)))
+    (face-remap-add-relative 'org-level-2 (list :foreground (catppuccin-get-color 'red)))
+    (face-remap-add-relative 'org-level-3 (list :foreground (catppuccin-get-color 'green)))
+    (face-remap-add-relative 'org-level-4 (list :foreground (catppuccin-get-color 'lavender)))
+    (face-remap-add-relative 'org-level-5 (list :foreground (catppuccin-get-color 'yellow)))
+    (face-remap-add-relative 'org-level-6 (list :foreground (catppuccin-get-color 'maroon)))
+    (face-remap-add-relative 'org-level-7 (list :foreground (catppuccin-get-color 'teal)))
+    (face-remap-add-relative 'org-level-8 (list :foreground (catppuccin-get-color 'mauve))))
+  (add-hook! 'org-mode-hook 'ctp/org-heading-colors))

users/carsten/conf/doom/packages.el

@@ -49,3 +49,4 @@
 ;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
 ;(unpin! t)
 (package! meson-mode)
+(package! org-mode :pin "fe74a3ed2d8")

users/carsten/pkgs/areon-pro/default.nix

@@ -1,6 +1,6 @@
-{ pkgs
-, lib
-, stdenv
+{ pkgs ? import <nixpkgs> {}
+, lib ? pkgs.lib
+, stdenv ? pkgs.stdenv
 }: stdenv.mkDerivation rec {
   pname = "areon-pro";
   version = "1.0.0";
@@ -11,8 +11,12 @@
   phases = [ "installPhase" ];
 
   installPhase = ''
-    mkdir -p $out/share/fonts/truetype/
-    find ${src} -not -path '*/.*' -type f -exec sh -c 'cp {} $out/share/fonts/truetype/$(echo {} | sed "s/\.enc$//")' \;
+    mkdir -p $out/share/fonts/truetype
+    if file ${src}/* | grep 'TrueType Font data' >/dev/null; then
+      cp ${src}/* $out/share/fonts/truetype
+    else
+      printf "\033[0;33m[WARN]\033[0m: AreonPro fonts are propietary and are encrypted, please run git crypt unlock and rebuild to make sure they are properly copied to the store"
+    fi
   '';
 
   meta = with lib; {

users/carsten/pkgs/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./firefox.nix
     ./gpg.nix
+    ./editors.nix
   ];
 
   programs.bash.enable = true;

users/carsten/pkgs/editors.nix

@@ -1,7 +1,7 @@
-{ ... }: {
+{ pkgs, ... }: {
   programs.neovim.enable = true;
   programs.emacs = {
     enable = true;
     package = pkgs.emacsUnstable;
   };
-}
+}