Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/lassulus'

Browse Source
This commit is contained in:
makefu 2016-10-27 14:54:32 +02:00
commit 32fff8c80e
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
10 changed files with 60 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
krebs/3modules/exim-smarthost.nix
View File

@ -246,12 +246,12 @@ let
remote_smtp: remote_smtp:
driver = smtp driver = smtp
${optionalString (cfg.dkim != []) '' ${optionalString (cfg.dkim != []) (indent ''
dkim_canon = relaxed dkim_canon = relaxed
dkim_domain = $sender_address_domain dkim_domain = $sender_address_domain
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}} dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}}
''} '')}
helo_data = ''${if eq{$acl_m_special_dom}{} \ helo_data = ''${if eq{$acl_m_special_dom}{} \
{$primary_hostname} \ {$primary_hostname} \
{$acl_m_special_dom} } {$acl_m_special_dom} }

1
lass/1systems/helios.nix
View File

@ -41,7 +41,6 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
firefox firefox
chromium chromium
oraclejre8
maven maven
arandr arandr
libreoffice libreoffice

5
lass/1systems/prism.nix
View File

@ -224,6 +224,11 @@ in {
OnCalendar = "*:0/5"; OnCalendar = "*:0/5";
}; };
} }
{
lass.usershadow = {
enable = true;
};
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

7
lass/2configs/default.nix
View File

@ -46,6 +46,13 @@ with import <stockholm/lib>;
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
}; };
} }
(let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
environment.variables = {
CURL_CA_BUNDLE = ca-bundle;
GIT_SSL_CAINFO = ca-bundle;
SSL_CERT_FILE = ca-bundle;
};
})
]; ];
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d"; ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731";
}; };
} }

1
lass/2configs/repo-sync.nix
View File

@ -93,6 +93,7 @@ in {
(sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote "painload" "https://github.com/krebscode/painload")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go") (sync-retiolum "go")
(sync-retiolum "much") (sync-retiolum "much")

14
lass/2configs/websites/domsen.nix
View File

@ -142,28 +142,26 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; } { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
]; ];
krebs.exim-smarthost = { krebs.exim-smarthost = {
authenticators.PLAIN = '' authenticators.PLAIN = ''
driver = plaintext driver = plaintext
server_prompts = : public_name = PLAIN
server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}" server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
server_set_id = $auth2
''; '';
authenticators.LOGIN = '' authenticators.LOGIN = ''
driver = plaintext driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::" server_prompts = "Username:: : Password::"
server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}" server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
server_set_id = $auth1
''; '';
internet-aliases = [ internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
]; ];
system-aliases = [ sender_domains = [
"jla-trading.com"
]; ];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem";

10
lass/2configs/websites/fritz.nix
View File

@ -88,13 +88,7 @@ in {
]; ];
}; };
services.phpfpm.phpIni = pkgs.runCommand "php.ini" { services.phpfpm.phpOptions = ''
options = '' sendmail_path = ${sendmail} -t
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
sendmail_path = "${sendmail} -t -i"
'';
} ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out
''; '';
} }

41
lass/3modules/usershadow.nix
View File

@ -13,22 +13,27 @@
type = types.str; type = types.str;
default = "/home/%/.shadow"; default = "/home/%/.shadow";
}; };
path = mkOption {
type = types.str;
};
}; };
imp = { imp = {
environment.systemPackages = [ usershadow ]; environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = '' security.pam.services.sshd.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so auth required pam_permit.so
account required pam_permit.so account required pam_permit.so
session required pam_permit.so session required pam_permit.so
''; '';
security.pam.services.exim.text = '' security.pam.services.dovecot2.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so auth required pam_permit.so
account required pam_permit.so account required pam_permit.so
session required pam_permit.so session required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment}
''; '';
}; };
@ -38,7 +43,7 @@
"bytestring" "bytestring"
]; ];
body = pkgs.writeHaskell "passwords" { body = pkgs.writeHaskell "passwords" {
executables.verify = { executables.verify_pam = {
extra-depends = deps; extra-depends = deps;
text = '' text = ''
import Data.Monoid import Data.Monoid
@ -61,18 +66,42 @@
if res then exitSuccess else exitFailure if res then exitSuccess else exitFailure
''; '';
}; };
executables.verify_arg = {
extra-depends = deps;
text = ''
import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
import System.Exit (exitFailure, exitSuccess)
main :: IO ()
main = do
argsList <- getArgs
let shadowFilePattern = argsList !! 0
let user = argsList !! 1
let password = argsList !! 2
let shadowFile = lhs <> user <> tail rhs
(lhs, rhs) = span (/= '%') shadowFilePattern
hash <- readFile shadowFile
let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
if res then do (putStr "yes") else exitFailure
'';
};
executables.passwd = { executables.passwd = {
extra-depends = deps; extra-depends = deps;
text = '' text = ''
import System.Environment (getEnv) import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2) import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8 import qualified Data.ByteString.Char8 as BS8
import System.IO (stdin, hSetEcho, putStr) import System.IO (stdin, hSetEcho, putStrLn)
main :: IO () main :: IO ()
main = do main = do
home <- getEnv "HOME" home <- getEnv "HOME"
putStr "password:" putStrLn "password:"
hSetEcho stdin False hSetEcho stdin False
password <- BS8.hGetLine stdin password <- BS8.hGetLine stdin
hash <- makePasswordWith pbkdf2 password 10 hash <- makePasswordWith pbkdf2 password 10

1
lass/5pkgs/xmonad-lass.nix
View File

@ -129,6 +129,7 @@ myKeyMap =
, ("M4-<Esc>", toggleWS) , ("M4-<Esc>", toggleWS)
, ("M4-S-<Enter>", spawn urxvtcPath) , ("M4-S-<Enter>", spawn urxvtcPath)
, ("M4-x", floatNext True >> spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath)
, ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
, ("M4-f", floatNext True) , ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts) , ("M4-b", sendMessage ToggleStruts)