From d73262f4e0aa2f64464a453be28d5fc4993aad19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:42 +0200 Subject: [PATCH 01/19] k 3 l: add sokratess user --- krebs/3modules/lass/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08e8995fa..f2c9c4684 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -305,5 +305,7 @@ with config.krebs.lib; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } From 35596f7aed2f2b43064c5d41121c0d3d17503641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:56 +0200 Subject: [PATCH 02/19] l 1 mors: activate redis --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1028ca652..b9373313c 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -77,6 +77,9 @@ with config.krebs.lib; ]; }; } + { + services.redis.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; From 48282200043d63c5e0434fdd7b8dc79aa271b8ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:08:55 +0200 Subject: [PATCH 03/19] l 2 c-base: add cifs-utils --- lass/2configs/c-base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9d13bc30d..679a90b7e 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -16,6 +16,10 @@ in { users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + environment.systemPackages = [ + pkgs.cifs-utils + ]; + services.openvpn.servers = { c-base = { config = '' From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:09:26 +0200 Subject: [PATCH 04/19] l 2 websites domsen: remove obsolete code --- lass/2configs/websites/domsen.nix | 32 ------------------------------- 1 file changed, 32 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..5a4748f42 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext From 51a9fb2dccf6996e1f4fe6f795076ebc6bc71d25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:10:59 +0200 Subject: [PATCH 05/19] l 1 shodan: add sokratess user --- lass/1systems/shodan.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 5140591af..7c44807a6 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -22,6 +22,26 @@ with builtins; # }; # }; #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:40:11 +0200 Subject: [PATCH 06/19] l: import --- krebs/3modules/newsbot-js.nix | 4 +--- lass/1systems/shodan.nix | 2 +- lass/2configs/websites/domsen.nix | 2 +- lass/2configs/websites/fritz.nix | 2 +- lass/2configs/websites/lassulus.nix | 2 +- lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +- 6 files changed, 6 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index b58c555e7..2ff9a5ebb 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: -with builtins; -with lib; +with import ; let - inherit (config.krebs.lib) genid; cfg = config.krebs.newsbot-js; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 7c44807a6..9d1df1d72 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with builtins; +with import ; { imports = [ ../. diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5a4748f42..18c771fad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -2,7 +2,7 @@ let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid genid_signed ; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 48d96b1bf..d93d310da 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid head ; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 04c19fad0..b8342e148 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index fb1a58109..0c409ca87 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; inherit (import {inherit lib pkgs;}) From 8dc0352e4f585ca6b3a7507663dfcbd91fef098a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Oct 2016 01:29:16 +0200 Subject: [PATCH 07/19] l 2 nixpkgs: b8ede35 -> 686bc9c --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 73c96e876..4ef4c6ce7 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; + ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d"; }; } From 75a3c4029db60013066b0850ed4df359fe2be3cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Oct 2016 14:25:52 +0200 Subject: [PATCH 08/19] l 1 helios: oraclejre -> jre --- lass/1systems/helios.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index c16080762..4e0b40906 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -41,7 +41,7 @@ with import ; environment.systemPackages = with pkgs; [ firefox chromium - oraclejre8 + jre maven arandr libreoffice From 384c96efd288c44b285d20ca8f5390b9d03af6d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Oct 2016 05:53:41 +0200 Subject: [PATCH 09/19] l 1 helios: remove jre from pkgs --- lass/1systems/helios.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 4e0b40906..82db8ef7b 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -41,7 +41,6 @@ with import ; environment.systemPackages = with pkgs; [ firefox chromium - jre maven arandr libreoffice From e15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Oct 2016 15:12:52 +0200 Subject: [PATCH 10/19] Revert "l 2 websites domsen: remove obsolete code" This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e. --- lass/2configs/websites/domsen.nix | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 18c771fad..0a53bc93b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,6 +22,25 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; + check-password = pkgs.writeDash "check-password" '' + read pw + + file="/home/$PAM_USER/.shadow" + + #check if shadow file exists + test -e "$file" || exit 123 + + hash="$(${pkgs.coreutils}/bin/head -1 $file)" + salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" + + calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" + if [ "$calc_hash" == $hash ]; then + exit 0 + else + exit 1 + fi + ''; + in { imports = [ ./sqlBackup.nix @@ -145,6 +164,19 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; + security.pam.services.exim.text = '' + auth required pam_env.so + auth sufficient pam_exec.so debug expose_authtok ${check-password} + auth sufficient pam_unix.so likeauth nullok + auth required pam_deny.so + account required pam_unix.so + password required pam_cracklib.so retry=3 type= + password sufficient pam_unix.so nullok use_authtok md5shadow + password required pam_deny.so + session required pam_limits.so + session required pam_unix.so + ''; + krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext From d1de9cb59f18144e34dd9744ba9535aa787dfecd Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 12:49:48 +0200 Subject: [PATCH 11/19] l 1 prism: enable usershadow --- lass/1systems/prism.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 76710ac9d..5da66d265 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -224,6 +224,11 @@ in { OnCalendar = "*:0/5"; }; } + { + lass.usershadow = { + enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From 7e809cfc8b6112068b872b85c400794b5b102cc5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 12:50:03 +0200 Subject: [PATCH 12/19] l 2: globally set CA/SSL stuff --- lass/2configs/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 43c4d5b0d..a7d2a6cef 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -46,6 +46,13 @@ with import ; NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + }) ]; networking.hostName = config.krebs.build.host.name; From d06da3496447d369bef0c9f52d3eb0ebdef8a801 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 12:50:28 +0200 Subject: [PATCH 13/19] l 2 nixpkgs: 686bc9c -> 0195ab8 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 4ef4c6ce7..e665b6c6f 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d"; + ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731"; }; } From 809a42339d2fa3e52d69a5d6966e60ae45968be5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 13:16:51 +0200 Subject: [PATCH 14/19] l 2 repo-sync: sync painload --- lass/2configs/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f88149730..f2e4de6a7 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -93,6 +93,7 @@ in { (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") + (sync-remote "painload" "https://github.com/krebscode/painload") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") From d0198ecd07ac825ebb6841619c4d3039aa476c54 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 13:29:03 +0200 Subject: [PATCH 15/19] l 3 usershadow: more validators, expose path --- lass/3modules/usershadow.nix | 41 ++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 1ee01e8d9..a8ab1c52a 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -13,22 +13,27 @@ type = types.str; default = "/home/%/.shadow"; }; + path = mkOption { + type = types.str; + }; }; imp = { environment.systemPackages = [ usershadow ]; + lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} + auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so ''; - security.pam.services.exim.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} + security.pam.services.dovecot2.text = '' + auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} ''; }; @@ -38,7 +43,7 @@ "bytestring" ]; body = pkgs.writeHaskell "passwords" { - executables.verify = { + executables.verify_pam = { extra-depends = deps; text = '' import Data.Monoid @@ -61,18 +66,42 @@ if res then exitSuccess else exitFailure ''; }; + executables.verify_arg = { + extra-depends = deps; + text = '' + import Data.Monoid + import System.IO + import Data.Char (chr) + import System.Environment (getEnv, getArgs) + import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) + import qualified Data.ByteString.Char8 as BS8 + import System.Exit (exitFailure, exitSuccess) + + main :: IO () + main = do + argsList <- getArgs + let shadowFilePattern = argsList !! 0 + let user = argsList !! 1 + let password = argsList !! 2 + let shadowFile = lhs <> user <> tail rhs + (lhs, rhs) = span (/= '%') shadowFilePattern + hash <- readFile shadowFile + let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash) + if res then do (putStr "yes") else exitFailure + ''; + }; executables.passwd = { extra-depends = deps; text = '' import System.Environment (getEnv) import Crypto.PasswordStore (makePasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 - import System.IO (stdin, hSetEcho, putStr) + import System.IO (stdin, hSetEcho, putStrLn) main :: IO () main = do home <- getEnv "HOME" - putStr "password:" + putStrLn "password:" hSetEcho stdin False password <- BS8.hGetLine stdin hash <- makePasswordWith pbkdf2 password 10 From b97145eedd566925d6c94fb2039f6de86cfec9c8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 13:30:16 +0200 Subject: [PATCH 16/19] l 2 websites fritz: update phpConfig --- lass/2configs/websites/fritz.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index d93d310da..52914f444 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -88,13 +88,7 @@ in { ]; }; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + sendmail_path = ${sendmail} -t ''; } From 01f313bf9e17fc3e1cbe108aeea4acc1cdcdcea9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 13:31:12 +0200 Subject: [PATCH 17/19] k 3 exim-smarthost: indent dkim config --- krebs/3modules/exim-smarthost.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 2ed5607f1..c96b14723 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -246,12 +246,12 @@ let remote_smtp: driver = smtp - ${optionalString (cfg.dkim != []) '' + ${optionalString (cfg.dkim != []) (indent '' dkim_canon = relaxed dkim_domain = $sender_address_domain dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}} - ''} + '')} helo_data = ''${if eq{$acl_m_special_dom}{} \ {$primary_hostname} \ {$acl_m_special_dom} } From c4bd497f1e680a751fe54c83734e790e3ea33cfa Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 14:19:04 +0200 Subject: [PATCH 18/19] l 5 xmonad-lass: add binding for termite --- lass/5pkgs/xmonad-lass.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 96b12b9d4..70be61022 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -129,6 +129,7 @@ myKeyMap = , ("M4-", toggleWS) , ("M4-S-", spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath) + , ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) From c091949a151e0a613ad31fd390b1c19bfddfde3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 14:19:26 +0200 Subject: [PATCH 19/19] l 2 websites domsen: make smtp/imap finally work --- lass/2configs/websites/domsen.nix | 46 ++++--------------------------- 1 file changed, 6 insertions(+), 40 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 0a53bc93b..fa56d0e12 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -161,41 +142,26 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; } { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext - server_prompts = : - server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}" - server_set_id = $auth2 + public_name = PLAIN + server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} ''; authenticators.LOGIN = '' driver = plaintext + public_name = LOGIN server_prompts = "Username:: : Password::" - server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}" - server_set_id = $auth1 + server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } - { from = "testuser@lassul.us"; to = "testuser"; } ]; - system-aliases = [ + sender_domains = [ + "jla-trading.com" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem";