diff --git a/.gitattributes b/.gitattributes index a61cc42..24a8e87 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1 @@ *.png filter=lfs diff=lfs merge=lfs -text -*.enc filter=git-crypt diff=git-crypt diff --git a/hosts/gitea/pkgs/cyberchef/default.nix b/hosts/gitea/pkgs/cyberchef/default.nix new file mode 100644 index 0000000..5b629d5 --- /dev/null +++ b/hosts/gitea/pkgs/cyberchef/default.nix @@ -0,0 +1,35 @@ +{ pkgs ? import {} +, stdenv ? pkgs.stdenv +, lib ? pkgs.lib +, ... +}: +stdenv.mkDerivation rec { + pname = "cyberchef"; + version = "10.4.0"; + + src = pkgs.fetchzip { + url = "https://github.com/gchq/CyberChef/releases/download/v${version}/CyberChef_v${version}.zip"; + sha256 = "sha256-BjdeOTVZUMitmInL/kE6a/aw/lH4YwKNWxdi0B51xzc="; + stripRoot = false; + }; + + nativeBuildInputs = [ + pkgs.unzip + ]; + + phases = [ "installPhase" ]; + + installPhase = '' + mkdir $out + cp -r ${src}/* $out + cp -r $out/CyberChef_v${version}.html $out/index.html + + ''; + + meta = with lib; { + description = " The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis"; + homepage = "https://gchq.github.io/CyberChef"; + license = licenses.mit; + maintainers = with maintainers; [ nyxkrage ]; + }; +} diff --git a/users/carsten/pkgs/areon-pro/fonts/.gitkeep b/hosts/gitea/pkgs/cyberchef/node-packages.json similarity index 100% rename from users/carsten/pkgs/areon-pro/fonts/.gitkeep rename to hosts/gitea/pkgs/cyberchef/node-packages.json diff --git a/hosts/gitea/services/default.nix b/hosts/gitea/services/default.nix index 466b2a8..2bb6830 100644 --- a/hosts/gitea/services/default.nix +++ b/hosts/gitea/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./gitea.nix ./postgres.nix + ./nginx.nix ./sshd.nix ]; } diff --git a/hosts/gitea/services/nginx.nix b/hosts/gitea/services/nginx.nix new file mode 100644 index 0000000..4cf6bec --- /dev/null +++ b/hosts/gitea/services/nginx.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: { + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."static" = { + default = true; + listen = [{ + ssl = false; + port = 8000; + addr = "0.0.0.0"; + }]; + root = pkgs.callPackage ../pkgs/cyberchef {}; + }; + }; + networking.firewall.allowedTCPPorts = [ 8000 ]; +} diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix new file mode 100644 index 0000000..11d00ac --- /dev/null +++ b/hosts/proxy/default.nix @@ -0,0 +1,39 @@ +{ config +, modulesPath +, pkgs +, ... +}: { + imports = [ + ./hardware.nix + (import ../common/network.nix { hostName = "proxy"; macAddresses = [ "00:50:50:00:00:00" ]; ipv4Addresses = [ "192.168.1.5" ]; }) + ../common + + ./services + ]; + + users.users.admin = { + isNormalUser = true; + description = "Proxy Administrator"; + hashedPassword = "$y$j9T$oL/jNqI1yz65OuUnJvpCn1$MC7.xSyvprru7QmqQVsGyBKZf2b4w7R7U.TmfzSBY39"; + extraGroups = [ + "wheel" # Sudoer + ]; + shell = pkgs.bash; + }; + nix.settings.build-cores = 2; + + graphical = false; + vm-guest = true; + + sops = { + defaultSopsFile = ../../secrets/proxy.yaml; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? +} diff --git a/hosts/proxy/services/default.nix b/hosts/proxy/services/default.nix new file mode 100644 index 0000000..971c7d4 --- /dev/null +++ b/hosts/proxy/services/default.nix @@ -0,0 +1,6 @@ +{ ...} : { + imports = [ + ./nginx.nix + ./sshd.nix + ]; +} diff --git a/hosts/proxy/services/nginx.nix b/hosts/proxy/services/nginx.nix new file mode 100644 index 0000000..8c3bff3 --- /dev/null +++ b/hosts/proxy/services/nginx.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: { + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."static" = { + default = true; + root = ./. + } + }; +} diff --git a/hosts/proxy/services/sshd.nix b/hosts/proxy/services/sshd.nix new file mode 100644 index 0000000..21b6071 --- /dev/null +++ b/hosts/proxy/services/sshd.nix @@ -0,0 +1,7 @@ +{ config, ... }: { + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; + networking.firewall.allowedTCPPorts = config.services.openssh.ports; +} diff --git a/users/carsten/conf/doom/config.el b/users/carsten/conf/doom/config.el index 095bcfe..009a499 100644 --- a/users/carsten/conf/doom/config.el +++ b/users/carsten/conf/doom/config.el @@ -77,13 +77,22 @@ ;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how ;; they are implemented. -(defun ctp/org-heading-colors () - (face-remap-add-relative 'org-level-1 (list :foreground (catppuccin-get-color 'blue))) - (face-remap-add-relative 'org-level-2 (list :foreground (catppuccin-get-color 'red))) - (face-remap-add-relative 'org-level-3 (list :foreground (catppuccin-get-color 'green))) - (face-remap-add-relative 'org-level-4 (list :foreground (catppuccin-get-color 'lavender))) - (face-remap-add-relative 'org-level-5 (list :foreground (catppuccin-get-color 'yellow))) - (face-remap-add-relative 'org-level-6 (list :foreground (catppuccin-get-color 'maroon))) - (face-remap-add-relative 'org-level-7 (list :foreground (catppuccin-get-color 'teal))) - (face-remap-add-relative 'org-level-8 (list :foreground (catppuccin-get-color 'mauve)))) -(add-hook! 'org-mode-hook 'ctp/org-heading-colors) +(use-package! org + :config + (setq org-src-fontify-natively t) + (add-to-list 'org-src-block-faces '("" '(:foreground (catppuccin-get-color 'green)))) + + (defun ctp/text-org-blocks () + (face-remap-add-relative 'org-block (list :foreground (catppuccin-get-color 'text)))) + (add-hook! 'org-mode-hook 'ctp/text-org-blocks) + + (defun ctp/org-heading-colors () + (face-remap-add-relative 'org-level-1 (list :foreground (catppuccin-get-color 'blue))) + (face-remap-add-relative 'org-level-2 (list :foreground (catppuccin-get-color 'red))) + (face-remap-add-relative 'org-level-3 (list :foreground (catppuccin-get-color 'green))) + (face-remap-add-relative 'org-level-4 (list :foreground (catppuccin-get-color 'lavender))) + (face-remap-add-relative 'org-level-5 (list :foreground (catppuccin-get-color 'yellow))) + (face-remap-add-relative 'org-level-6 (list :foreground (catppuccin-get-color 'maroon))) + (face-remap-add-relative 'org-level-7 (list :foreground (catppuccin-get-color 'teal))) + (face-remap-add-relative 'org-level-8 (list :foreground (catppuccin-get-color 'mauve)))) + (add-hook! 'org-mode-hook 'ctp/org-heading-colors)) diff --git a/users/carsten/conf/doom/packages.el b/users/carsten/conf/doom/packages.el index a39a993..993e305 100644 --- a/users/carsten/conf/doom/packages.el +++ b/users/carsten/conf/doom/packages.el @@ -49,3 +49,4 @@ ;; ...Or *all* packages (NOT RECOMMENDED; will likely break things) ;(unpin! t) (package! meson-mode) +(package! org-mode :pin "fe74a3ed2d8") diff --git a/users/carsten/pkgs/areon-pro/default.nix b/users/carsten/pkgs/areon-pro/default.nix index 94b3d66..0f60e09 100644 --- a/users/carsten/pkgs/areon-pro/default.nix +++ b/users/carsten/pkgs/areon-pro/default.nix @@ -1,6 +1,6 @@ -{ pkgs -, lib -, stdenv +{ pkgs ? import {} +, lib ? pkgs.lib +, stdenv ? pkgs.stdenv }: stdenv.mkDerivation rec { pname = "areon-pro"; version = "1.0.0"; @@ -11,8 +11,12 @@ phases = [ "installPhase" ]; installPhase = '' - mkdir -p $out/share/fonts/truetype/ - find ${src} -not -path '*/.*' -type f -exec sh -c 'cp {} $out/share/fonts/truetype/$(echo {} | sed "s/\.enc$//")' \; + mkdir -p $out/share/fonts/truetype + if file ${src}/* | grep 'TrueType Font data' >/dev/null; then + cp ${src}/* $out/share/fonts/truetype + else + printf "\033[0;33m[WARN]\033[0m: AreonPro fonts are propietary and are encrypted, please run git crypt unlock and rebuild to make sure they are properly copied to the store" + fi ''; meta = with lib; { diff --git a/users/carsten/pkgs/areon-pro/fonts/.gitattributes b/users/carsten/pkgs/areon-pro/fonts/.gitattributes new file mode 100644 index 0000000..f14c27b Binary files /dev/null and b/users/carsten/pkgs/areon-pro/fonts/.gitattributes differ diff --git a/users/carsten/pkgs/areon-pro/fonts/AreonPro-Bold.ttf.enc b/users/carsten/pkgs/areon-pro/fonts/AreonPro-Bold.ttf similarity index 100% rename from users/carsten/pkgs/areon-pro/fonts/AreonPro-Bold.ttf.enc rename to users/carsten/pkgs/areon-pro/fonts/AreonPro-Bold.ttf diff --git a/users/carsten/pkgs/areon-pro/fonts/AreonPro-BoldItalic.ttf.enc b/users/carsten/pkgs/areon-pro/fonts/AreonPro-BoldItalic.ttf similarity index 100% rename from users/carsten/pkgs/areon-pro/fonts/AreonPro-BoldItalic.ttf.enc rename to users/carsten/pkgs/areon-pro/fonts/AreonPro-BoldItalic.ttf diff --git a/users/carsten/pkgs/areon-pro/fonts/AreonPro-Italic.ttf.enc b/users/carsten/pkgs/areon-pro/fonts/AreonPro-Italic.ttf similarity index 100% rename from users/carsten/pkgs/areon-pro/fonts/AreonPro-Italic.ttf.enc rename to users/carsten/pkgs/areon-pro/fonts/AreonPro-Italic.ttf diff --git a/users/carsten/pkgs/areon-pro/fonts/AreonPro-Regular.ttf.enc b/users/carsten/pkgs/areon-pro/fonts/AreonPro-Regular.ttf similarity index 100% rename from users/carsten/pkgs/areon-pro/fonts/AreonPro-Regular.ttf.enc rename to users/carsten/pkgs/areon-pro/fonts/AreonPro-Regular.ttf diff --git a/users/carsten/pkgs/default.nix b/users/carsten/pkgs/default.nix index fceeccb..e098ac5 100644 --- a/users/carsten/pkgs/default.nix +++ b/users/carsten/pkgs/default.nix @@ -2,6 +2,7 @@ imports = [ ./firefox.nix ./gpg.nix + ./editors.nix ]; programs.bash.enable = true; diff --git a/users/carsten/pkgs/editors.nix b/users/carsten/pkgs/editors.nix index 094b290..9c87628 100644 --- a/users/carsten/pkgs/editors.nix +++ b/users/carsten/pkgs/editors.nix @@ -1,7 +1,7 @@ -{ ... }: { +{ pkgs, ... }: { programs.neovim.enable = true; programs.emacs = { enable = true; package = pkgs.emacsUnstable; }; -} \ No newline at end of file +}