From d73262f4e0aa2f64464a453be28d5fc4993aad19 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:05:42 +0200
Subject: [PATCH 01/19] k 3 l: add sokratess user
---
krebs/3modules/lass/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 08e8995fa..f2c9c4684 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -305,5 +305,7 @@ with config.krebs.lib;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
};
+ sokratess = {
+ };
};
}
From 35596f7aed2f2b43064c5d41121c0d3d17503641 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:05:56 +0200
Subject: [PATCH 02/19] l 1 mors: activate redis
---
lass/1systems/mors.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1028ca652..b9373313c 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -77,6 +77,9 @@ with config.krebs.lib;
];
};
}
+ {
+ services.redis.enable = true;
+ }
];
krebs.build.host = config.krebs.hosts.mors;
From 48282200043d63c5e0434fdd7b8dc79aa271b8ae Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:08:55 +0200
Subject: [PATCH 03/19] l 2 c-base: add cifs-utils
---
lass/2configs/c-base.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 9d13bc30d..679a90b7e 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -16,6 +16,10 @@ in {
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+ environment.systemPackages = [
+ pkgs.cifs-utils
+ ];
+
services.openvpn.servers = {
c-base = {
config = ''
From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:09:26 +0200
Subject: [PATCH 04/19] l 2 websites domsen: remove obsolete code
---
lass/2configs/websites/domsen.nix | 32 -------------------------------
1 file changed, 32 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3a3e60d39..5a4748f42 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
- check-password = pkgs.writeDash "check-password" ''
- read pw
-
- file="/home/$PAM_USER/.shadow"
-
- #check if shadow file exists
- test -e "$file" || exit 123
-
- hash="$(${pkgs.coreutils}/bin/head -1 $file)"
- salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
- calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
- if [ "$calc_hash" == $hash ]; then
- exit 0
- else
- exit 1
- fi
- '';
-
in {
imports = [
./sqlBackup.nix
@@ -164,19 +145,6 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
- security.pam.services.exim.text = ''
- auth required pam_env.so
- auth sufficient pam_exec.so debug expose_authtok ${check-password}
- auth sufficient pam_unix.so likeauth nullok
- auth required pam_deny.so
- account required pam_unix.so
- password required pam_cracklib.so retry=3 type=
- password sufficient pam_unix.so nullok use_authtok md5shadow
- password required pam_deny.so
- session required pam_limits.so
- session required pam_unix.so
- '';
-
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
From 51a9fb2dccf6996e1f4fe6f795076ebc6bc71d25 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:10:59 +0200
Subject: [PATCH 05/19] l 1 shodan: add sokratess user
---
lass/1systems/shodan.nix | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 5140591af..7c44807a6 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -22,6 +22,26 @@ with builtins;
# };
# };
#}
+ {
+ users.users.sokratess = {
+ uid = genid "sokratess";
+ home = "/home/sokratess";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ password = "aidsballs";
+ };
+ krebs.per-user.sokratess.packages = [
+ pkgs.firefox
+ pkgs.python27Packages.virtualenv
+ pkgs.python27Packages.ipython
+ pkgs.python27Packages.python
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.shodan;
From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:40:11 +0200
Subject: [PATCH 06/19] l: import <stockholm/lib>
---
krebs/3modules/newsbot-js.nix | 4 +---
lass/1systems/shodan.nix | 2 +-
lass/2configs/websites/domsen.nix | 2 +-
lass/2configs/websites/fritz.nix | 2 +-
lass/2configs/websites/lassulus.nix | 2 +-
lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +-
6 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index b58c555e7..2ff9a5ebb 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -1,10 +1,8 @@
{ config, lib, pkgs, ... }:
-with builtins;
-with lib;
+with import <stockholm/lib>;
let
- inherit (config.krebs.lib) genid;
cfg = config.krebs.newsbot-js;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 7c44807a6..9d1df1d72 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
-with builtins;
+with import <stockholm/lib>;
{
imports = [
../.
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 5a4748f42..18c771fad 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -2,7 +2,7 @@
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
genid_signed
;
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 48d96b1bf..d93d310da 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
head
;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 04c19fad0..b8342e148 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index fb1a58109..0c409ca87 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
From 8dc0352e4f585ca6b3a7507663dfcbd91fef098a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 22 Oct 2016 01:29:16 +0200
Subject: [PATCH 07/19] l 2 nixpkgs: b8ede35 -> 686bc9c
---
lass/2configs/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 73c96e876..4ef4c6ce7 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
+ ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
};
}
From 75a3c4029db60013066b0850ed4df359fe2be3cd Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 22 Oct 2016 14:25:52 +0200
Subject: [PATCH 08/19] l 1 helios: oraclejre -> jre
---
lass/1systems/helios.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index c16080762..4e0b40906 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -41,7 +41,7 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
firefox
chromium
- oraclejre8
+ jre
maven
arandr
libreoffice
From 384c96efd288c44b285d20ca8f5390b9d03af6d6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 23 Oct 2016 05:53:41 +0200
Subject: [PATCH 09/19] l 1 helios: remove jre from pkgs
---
lass/1systems/helios.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 4e0b40906..82db8ef7b 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -41,7 +41,6 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
firefox
chromium
- jre
maven
arandr
libreoffice
From e15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 26 Oct 2016 15:12:52 +0200
Subject: [PATCH 10/19] Revert "l 2 websites domsen: remove obsolete code"
This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e.
---
lass/2configs/websites/domsen.nix | 32 +++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 18c771fad..0a53bc93b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,6 +22,25 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
+ check-password = pkgs.writeDash "check-password" ''
+ read pw
+
+ file="/home/$PAM_USER/.shadow"
+
+ #check if shadow file exists
+ test -e "$file" || exit 123
+
+ hash="$(${pkgs.coreutils}/bin/head -1 $file)"
+ salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
+
+ calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
+ if [ "$calc_hash" == $hash ]; then
+ exit 0
+ else
+ exit 1
+ fi
+ '';
+
in {
imports = [
./sqlBackup.nix
@@ -145,6 +164,19 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
+ security.pam.services.exim.text = ''
+ auth required pam_env.so
+ auth sufficient pam_exec.so debug expose_authtok ${check-password}
+ auth sufficient pam_unix.so likeauth nullok
+ auth required pam_deny.so
+ account required pam_unix.so
+ password required pam_cracklib.so retry=3 type=
+ password sufficient pam_unix.so nullok use_authtok md5shadow
+ password required pam_deny.so
+ session required pam_limits.so
+ session required pam_unix.so
+ '';
+
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
From d1de9cb59f18144e34dd9744ba9535aa787dfecd Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 12:49:48 +0200
Subject: [PATCH 11/19] l 1 prism: enable usershadow
---
lass/1systems/prism.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 76710ac9d..5da66d265 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -224,6 +224,11 @@ in {
OnCalendar = "*:0/5";
};
}
+ {
+ lass.usershadow = {
+ enable = true;
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 7e809cfc8b6112068b872b85c400794b5b102cc5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 12:50:03 +0200
Subject: [PATCH 12/19] l 2: globally set CA/SSL stuff
---
lass/2configs/default.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 43c4d5b0d..a7d2a6cef 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -46,6 +46,13 @@ with import <stockholm/lib>;
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
}
+ (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+ environment.variables = {
+ CURL_CA_BUNDLE = ca-bundle;
+ GIT_SSL_CAINFO = ca-bundle;
+ SSL_CERT_FILE = ca-bundle;
+ };
+ })
];
networking.hostName = config.krebs.build.host.name;
From d06da3496447d369bef0c9f52d3eb0ebdef8a801 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 12:50:28 +0200
Subject: [PATCH 13/19] l 2 nixpkgs: 686bc9c -> 0195ab8
---
lass/2configs/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 4ef4c6ce7..e665b6c6f 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
+ ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731";
};
}
From 809a42339d2fa3e52d69a5d6966e60ae45968be5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:16:51 +0200
Subject: [PATCH 14/19] l 2 repo-sync: sync painload
---
lass/2configs/repo-sync.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index f88149730..f2e4de6a7 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -93,6 +93,7 @@ in {
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
+ (sync-remote "painload" "https://github.com/krebscode/painload")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go")
(sync-retiolum "much")
From d0198ecd07ac825ebb6841619c4d3039aa476c54 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:29:03 +0200
Subject: [PATCH 15/19] l 3 usershadow: more validators, expose path
---
lass/3modules/usershadow.nix | 41 ++++++++++++++++++++++++++++++------
1 file changed, 35 insertions(+), 6 deletions(-)
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index 1ee01e8d9..a8ab1c52a 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -13,22 +13,27 @@
type = types.str;
default = "/home/%/.shadow";
};
+ path = mkOption {
+ type = types.str;
+ };
};
imp = {
environment.systemPackages = [ usershadow ];
+ lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
+ auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
'';
- security.pam.services.exim.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
+ security.pam.services.dovecot2.text = ''
+ auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
@@ -38,7 +43,7 @@
"bytestring"
];
body = pkgs.writeHaskell "passwords" {
- executables.verify = {
+ executables.verify_pam = {
extra-depends = deps;
text = ''
import Data.Monoid
@@ -61,18 +66,42 @@
if res then exitSuccess else exitFailure
'';
};
+ executables.verify_arg = {
+ extra-depends = deps;
+ text = ''
+ import Data.Monoid
+ import System.IO
+ import Data.Char (chr)
+ import System.Environment (getEnv, getArgs)
+ import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
+ import qualified Data.ByteString.Char8 as BS8
+ import System.Exit (exitFailure, exitSuccess)
+
+ main :: IO ()
+ main = do
+ argsList <- getArgs
+ let shadowFilePattern = argsList !! 0
+ let user = argsList !! 1
+ let password = argsList !! 2
+ let shadowFile = lhs <> user <> tail rhs
+ (lhs, rhs) = span (/= '%') shadowFilePattern
+ hash <- readFile shadowFile
+ let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
+ if res then do (putStr "yes") else exitFailure
+ '';
+ };
executables.passwd = {
extra-depends = deps;
text = ''
import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
- import System.IO (stdin, hSetEcho, putStr)
+ import System.IO (stdin, hSetEcho, putStrLn)
main :: IO ()
main = do
home <- getEnv "HOME"
- putStr "password:"
+ putStrLn "password:"
hSetEcho stdin False
password <- BS8.hGetLine stdin
hash <- makePasswordWith pbkdf2 password 10
From b97145eedd566925d6c94fb2039f6de86cfec9c8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:30:16 +0200
Subject: [PATCH 16/19] l 2 websites fritz: update phpConfig
---
lass/2configs/websites/fritz.nix | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index d93d310da..52914f444 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -88,13 +88,7 @@ in {
];
};
- services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
- options = ''
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- sendmail_path = "${sendmail} -t -i"
- '';
- } ''
- cat ${pkgs.php}/etc/php-recommended.ini > $out
- echo "$options" >> $out
+ services.phpfpm.phpOptions = ''
+ sendmail_path = ${sendmail} -t
'';
}
From 01f313bf9e17fc3e1cbe108aeea4acc1cdcdcea9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:31:12 +0200
Subject: [PATCH 17/19] k 3 exim-smarthost: indent dkim config
---
krebs/3modules/exim-smarthost.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 2ed5607f1..c96b14723 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -246,12 +246,12 @@ let
remote_smtp:
driver = smtp
- ${optionalString (cfg.dkim != []) ''
+ ${optionalString (cfg.dkim != []) (indent ''
dkim_canon = relaxed
dkim_domain = $sender_address_domain
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}}
- ''}
+ '')}
helo_data = ''${if eq{$acl_m_special_dom}{} \
{$primary_hostname} \
{$acl_m_special_dom} }
From c4bd497f1e680a751fe54c83734e790e3ea33cfa Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 14:19:04 +0200
Subject: [PATCH 18/19] l 5 xmonad-lass: add binding for termite
---
lass/5pkgs/xmonad-lass.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 96b12b9d4..70be61022 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -129,6 +129,7 @@ myKeyMap =
, ("M4-<Esc>", toggleWS)
, ("M4-S-<Enter>", spawn urxvtcPath)
, ("M4-x", floatNext True >> spawn urxvtcPath)
+ , ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)
From c091949a151e0a613ad31fd390b1c19bfddfde3a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 14:19:26 +0200
Subject: [PATCH 19/19] l 2 websites domsen: make smtp/imap finally work
---
lass/2configs/websites/domsen.nix | 46 ++++---------------------------
1 file changed, 6 insertions(+), 40 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 0a53bc93b..fa56d0e12 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
- check-password = pkgs.writeDash "check-password" ''
- read pw
-
- file="/home/$PAM_USER/.shadow"
-
- #check if shadow file exists
- test -e "$file" || exit 123
-
- hash="$(${pkgs.coreutils}/bin/head -1 $file)"
- salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
- calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
- if [ "$calc_hash" == $hash ]; then
- exit 0
- else
- exit 1
- fi
- '';
-
in {
imports = [
./sqlBackup.nix
@@ -161,41 +142,26 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
- security.pam.services.exim.text = ''
- auth required pam_env.so
- auth sufficient pam_exec.so debug expose_authtok ${check-password}
- auth sufficient pam_unix.so likeauth nullok
- auth required pam_deny.so
- account required pam_unix.so
- password required pam_cracklib.so retry=3 type=
- password sufficient pam_unix.so nullok use_authtok md5shadow
- password required pam_deny.so
- session required pam_limits.so
- session required pam_unix.so
- '';
-
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
- server_prompts = :
- server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}"
- server_set_id = $auth2
+ public_name = PLAIN
+ server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
'';
authenticators.LOGIN = ''
driver = plaintext
+ public_name = LOGIN
server_prompts = "Username:: : Password::"
- server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}"
- server_set_id = $auth1
+ server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
'';
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
- { from = "testuser@lassul.us"; to = "testuser"; }
];
- system-aliases = [
+ sender_domains = [
+ "jla-trading.com"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";