diff options
author | tv <tv@krebsco.de> | 2019-04-17 17:17:25 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-04-17 17:17:25 +0200 |
commit | 20fa5109afc6263a023005e7a40fbf6c14b7ca93 (patch) | |
tree | 572727d1dc699545e416e8cb199210a3f582fd44 /lass | |
parent | d0883b3d3e44051fa569f4bc205abc557b0466e2 (diff) | |
parent | 7083200810b4cca19b02550e1ec2a000aa686b63 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/blue/config.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
-rw-r--r-- | lass/2configs/hw/x220.nix | 5 | ||||
-rw-r--r-- | lass/2configs/syncthing.nix | 1 | ||||
-rw-r--r-- | lass/3modules/usershadow.nix | 27 |
5 files changed, 25 insertions, 12 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a287f548b..43c80d52f 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,9 +15,11 @@ with import <stockholm/lib>; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; environment.shellAliases = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fa5fb5518..52bcc9e15 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -52,10 +52,12 @@ with import <stockholm/lib>; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index f5651da13..5649041f9 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -30,8 +30,7 @@ }; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 842abc195..d8b3c9f90 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; services.syncthing = { enable = true; group = "syncthing"; + configDir = "/var/lib/syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb2890969..d967a108a 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -31,13 +31,20 @@ session required pam_loginuid.so ''; - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; }; usershadow = let { @@ -46,10 +53,13 @@ "bytestring" ]; body = pkgs.writeHaskellPackage "passwords" { + ghc-options = [ + "-rtsopts" + "-Wall" + ]; executables.verify_pam = { extra-depends = deps; text = '' - import Data.Monoid import System.IO import Data.Char (chr) import System.Environment (getEnv, getArgs) @@ -72,7 +82,6 @@ executables.verify_arg = { extra-depends = deps; text = '' - import Data.Monoid import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 |