From c091949a151e0a613ad31fd390b1c19bfddfde3a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 14:19:26 +0200
Subject: l 2 websites domsen: make smtp/imap finally work

---
 lass/2configs/websites/domsen.nix | 46 +++++----------------------------------
 1 file changed, 6 insertions(+), 40 deletions(-)

(limited to 'lass/2configs/websites/domsen.nix')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 0a53bc93..fa56d0e1 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
     exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
   '';
 
-  check-password = pkgs.writeDash "check-password" ''
-    read pw
-
-    file="/home/$PAM_USER/.shadow"
-
-    #check if shadow file exists
-    test -e "$file" || exit 123
-
-    hash="$(${pkgs.coreutils}/bin/head -1 $file)"
-    salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
-    calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
-    if [ "$calc_hash" == $hash ]; then
-      exit 0
-    else
-      exit 1
-    fi
-  '';
-
 in {
   imports = [
     ./sqlBackup.nix
@@ -161,41 +142,26 @@ in {
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
     { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
-    { predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
   ];
 
-  security.pam.services.exim.text = ''
-    auth        required      pam_env.so
-    auth        sufficient    pam_exec.so debug expose_authtok ${check-password}
-    auth        sufficient    pam_unix.so likeauth nullok
-    auth        required      pam_deny.so
-    account     required      pam_unix.so
-    password    required      pam_cracklib.so retry=3 type=
-    password    sufficient    pam_unix.so nullok use_authtok md5shadow
-    password    required      pam_deny.so
-    session     required      pam_limits.so
-    session     required      pam_unix.so
-  '';
-
   krebs.exim-smarthost = {
     authenticators.PLAIN = ''
       driver = plaintext
-      server_prompts = :
-      server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}"
-      server_set_id = $auth2
+      public_name = PLAIN
+      server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
     '';
     authenticators.LOGIN = ''
       driver = plaintext
+      public_name = LOGIN
       server_prompts = "Username:: : Password::"
-      server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}"
-      server_set_id = $auth1
+      server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
     '';
     internet-aliases = [
       { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
-      { from = "testuser@lassul.us"; to = "testuser"; }
     ];
-    system-aliases = [
+    sender_domains = [
+      "jla-trading.com"
     ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";
-- 
cgit v1.2.3