diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/newsbot-js.nix | 4 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 3 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 22 | ||||
-rw-r--r-- | lass/2configs/c-base.nix | 4 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 34 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 |
9 files changed, 35 insertions, 40 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5c4f5fa24..ad1221e8e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -305,5 +305,7 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index b58c555e7..2ff9a5ebb 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: -with builtins; -with lib; +with import <stockholm/lib>; let - inherit (config.krebs.lib) genid; cfg = config.krebs.newsbot-js; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index ae48761e7..c3d027edc 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -77,6 +77,9 @@ with import <stockholm/lib>; ]; }; } + { + services.redis.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 5140591af..9d1df1d72 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with builtins; +with import <stockholm/lib>; { imports = [ ../. @@ -22,6 +22,26 @@ with builtins; # }; # }; #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9295fd9ef..3e533fb74 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -16,6 +16,10 @@ in { users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + environment.systemPackages = [ + pkgs.cifs-utils + ]; + services.openvpn.servers = { c-base = { config = '' diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..18c771fad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -2,7 +2,7 @@ let - inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + inherit (import <stockholm/lib>) genid genid_signed ; @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 48d96b1bf..d93d310da 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + inherit (import <stockholm/lib>) genid head ; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 04c19fad0..b8342e148 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + inherit (import <stockholm/lib>) genid ; diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index fb1a58109..0c409ca87 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + inherit (import <stockholm/lib>) genid ; inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) |