summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-04-17 17:17:25 +0200
committertv <tv@krebsco.de>2019-04-17 17:17:25 +0200
commit20fa5109afc6263a023005e7a40fbf6c14b7ca93 (patch)
tree572727d1dc699545e416e8cb199210a3f582fd44 /lass
parentd0883b3d3e44051fa569f4bc205abc557b0466e2 (diff)
parent7083200810b4cca19b02550e1ec2a000aa686b63 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/config.nix2
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/2configs/hw/x220.nix5
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/3modules/usershadow.nix27
5 files changed, 25 insertions, 12 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a287f548b..43c80d52f 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -15,9 +15,11 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
environment.shellAliases = {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index fa5fb5518..52bcc9e15 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -52,10 +52,12 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
}
{
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index f5651da13..5649041f9 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -30,8 +30,7 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 842abc195..d8b3c9f90 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
services.syncthing = {
enable = true;
group = "syncthing";
+ configDir = "/var/lib/syncthing";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index cb2890969..d967a108a 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -31,13 +31,20 @@
session required pam_loginuid.so
'';
- security.pam.services.dovecot2.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- session required pam_env.so envfile=${config.system.build.pamEnvironment}
- '';
+ security.pam.services.dovecot2 = {
+ text = ''
+ auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
+ auth required pam_permit.so
+ account required pam_permit.so
+ session required pam_permit.so
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
+ '';
+ };
+
+ security.wrappers.shadow_verify_pam = {
+ source = "${usershadow}/bin/verify_pam";
+ owner = "root";
+ };
};
usershadow = let {
@@ -46,10 +53,13 @@
"bytestring"
];
body = pkgs.writeHaskellPackage "passwords" {
+ ghc-options = [
+ "-rtsopts"
+ "-Wall"
+ ];
executables.verify_pam = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
@@ -72,7 +82,6 @@
executables.verify_arg = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.Environment (getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8