diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 3 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 20 | ||||
-rw-r--r-- | lass/2configs/c-base.nix | 4 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 32 |
5 files changed, 29 insertions, 32 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5c4f5fa24..ad1221e8e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -305,5 +305,7 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index ae48761e7..c3d027edc 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -77,6 +77,9 @@ with import <stockholm/lib>; ]; }; } + { + services.redis.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 5140591af..7c44807a6 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -22,6 +22,26 @@ with builtins; # }; # }; #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9295fd9ef..3e533fb74 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -16,6 +16,10 @@ in { users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + environment.systemPackages = [ + pkgs.cifs-utils + ]; + services.openvpn.servers = { c-base = { config = '' diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..5a4748f42 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext |