summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix2
-rw-r--r--lass/1systems/mors.nix3
-rw-r--r--lass/1systems/shodan.nix20
-rw-r--r--lass/2configs/c-base.nix4
-rw-r--r--lass/2configs/websites/domsen.nix32
5 files changed, 29 insertions, 32 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 5c4f5fa24..ad1221e8e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -305,5 +305,7 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
};
+ sokratess = {
+ };
};
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index ae48761e7..c3d027edc 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -77,6 +77,9 @@ with import <stockholm/lib>;
];
};
}
+ {
+ services.redis.enable = true;
+ }
];
krebs.build.host = config.krebs.hosts.mors;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 5140591af..7c44807a6 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -22,6 +22,26 @@ with builtins;
# };
# };
#}
+ {
+ users.users.sokratess = {
+ uid = genid "sokratess";
+ home = "/home/sokratess";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ password = "aidsballs";
+ };
+ krebs.per-user.sokratess.packages = [
+ pkgs.firefox
+ pkgs.python27Packages.virtualenv
+ pkgs.python27Packages.ipython
+ pkgs.python27Packages.python
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 9295fd9ef..3e533fb74 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -16,6 +16,10 @@ in {
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+ environment.systemPackages = [
+ pkgs.cifs-utils
+ ];
+
services.openvpn.servers = {
c-base = {
config = ''
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3a3e60d39..5a4748f42 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
- check-password = pkgs.writeDash "check-password" ''
- read pw
-
- file="/home/$PAM_USER/.shadow"
-
- #check if shadow file exists
- test -e "$file" || exit 123
-
- hash="$(${pkgs.coreutils}/bin/head -1 $file)"
- salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
- calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
- if [ "$calc_hash" == $hash ]; then
- exit 0
- else
- exit 1
- fi
- '';
-
in {
imports = [
./sqlBackup.nix
@@ -164,19 +145,6 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
- security.pam.services.exim.text = ''
- auth required pam_env.so
- auth sufficient pam_exec.so debug expose_authtok ${check-password}
- auth sufficient pam_unix.so likeauth nullok
- auth required pam_deny.so
- account required pam_unix.so
- password required pam_cracklib.so retry=3 type=
- password sufficient pam_unix.so nullok use_authtok md5shadow
- password required pam_deny.so
- session required pam_limits.so
- session required pam_unix.so
- '';
-
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext