diff options
Diffstat (limited to 'lass/2configs/websites')
| -rw-r--r-- | lass/2configs/websites/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 23 | ||||
| -rw-r--r-- | lass/2configs/websites/lassulus.nix | 20 |
3 files changed, 21 insertions, 23 deletions
diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix index bfd86ad7..ebf4d834 100644 --- a/lass/2configs/websites/default.nix +++ b/lass/2configs/websites/default.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; { services.nginx = { + enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c57fb590..9d28bedc 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -96,6 +96,7 @@ in { file_uploads = on ''; + systemd.services.nextcloud-setup.after = [ "secret-nextcloud_pw.service" ]; krebs.secret.files.nextcloud_pw = { path = "/run/nextcloud.pw"; owner.name = "nextcloud"; @@ -121,18 +122,17 @@ in { # MAIL STUFF # TODO: make into its own module - # workaround for android 7 - security.acme.certs."lassul.us".keyType = "rsa4096"; - services.roundcube = { enable = true; hostName = "mail.lassul.us"; extraConfig = '' - $config['smtp_port'] = 25; + $config['smtp_debug'] = true; + $config['smtp_host'] = "localhost:25"; ''; }; services.dovecot2 = { enable = true; + showPAMFailure = true; mailLocation = "maildir:~/Mail"; sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem"; sslServerKey = "/var/lib/acme/lassul.us/key.pem"; @@ -142,6 +142,17 @@ in { { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } ]; + environment.systemPackages = [ + (pkgs.writers.writeDashBin "debug_exim" '' + set -ef + export PATH="${lib.makeBinPath [ pkgs.coreutils ]}" + echo "$@" >> /tmp/xxx + /run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1 + echo "ok" >> /tmp/yyy + exit 23 + '') + ]; + krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext @@ -153,6 +164,7 @@ in { public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} + # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ { from = "dma@ubikmedia.de"; to = "domsen"; } @@ -180,14 +192,13 @@ in { "alewis.de" "jarugadesign.de" "beesmooth.ch" + "event-extra.de" ]; dkim = [ { domain = "ubikmedia.eu"; } { domain = "apanowicz.de"; } { domain = "beesmooth.ch"; } ]; - ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; - ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; users.users.UBIK-SFTP = { diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 411234b8..9440413a 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -9,8 +9,6 @@ let in { imports = [ ./default.nix - ../git.nix - ./ref.ptkk.de ]; security.acme = { @@ -66,23 +64,11 @@ in { locations."= /gpg.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default}; ''; + locations."= /ip".extraConfig = '' + return 200 '$remote_addr'; + ''; }; - security.acme.certs."cgit.lassul.us" = { - email = "lassulus@lassul.us"; - webroot = "/var/lib/acme/acme-challenge"; - group = "nginx"; - }; - services.nginx.virtualHosts.cgit = { - serverName = "cgit.lassul.us"; - addSSL = true; - sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenge; - ''; - }; } - |