summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix2
-rw-r--r--krebs/3modules/newsbot-js.nix4
-rw-r--r--lass/1systems/mors.nix3
-rw-r--r--lass/1systems/shodan.nix22
-rw-r--r--lass/2configs/c-base.nix4
-rw-r--r--lass/2configs/websites/domsen.nix34
-rw-r--r--lass/2configs/websites/fritz.nix2
-rw-r--r--lass/2configs/websites/lassulus.nix2
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix2
9 files changed, 35 insertions, 40 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 5c4f5fa24..ad1221e8e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -305,5 +305,7 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
};
+ sokratess = {
+ };
};
}
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index b58c555e7..2ff9a5ebb 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -1,10 +1,8 @@
{ config, lib, pkgs, ... }:
-with builtins;
-with lib;
+with import <stockholm/lib>;
let
- inherit (config.krebs.lib) genid;
cfg = config.krebs.newsbot-js;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index ae48761e7..c3d027edc 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -77,6 +77,9 @@ with import <stockholm/lib>;
];
};
}
+ {
+ services.redis.enable = true;
+ }
];
krebs.build.host = config.krebs.hosts.mors;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 5140591af..9d1df1d72 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
-with builtins;
+with import <stockholm/lib>;
{
imports = [
../.
@@ -22,6 +22,26 @@ with builtins;
# };
# };
#}
+ {
+ users.users.sokratess = {
+ uid = genid "sokratess";
+ home = "/home/sokratess";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ password = "aidsballs";
+ };
+ krebs.per-user.sokratess.packages = [
+ pkgs.firefox
+ pkgs.python27Packages.virtualenv
+ pkgs.python27Packages.ipython
+ pkgs.python27Packages.python
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 9295fd9ef..3e533fb74 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -16,6 +16,10 @@ in {
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+ environment.systemPackages = [
+ pkgs.cifs-utils
+ ];
+
services.openvpn.servers = {
c-base = {
config = ''
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3a3e60d39..18c771fad 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -2,7 +2,7 @@
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
genid_signed
;
@@ -22,25 +22,6 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
- check-password = pkgs.writeDash "check-password" ''
- read pw
-
- file="/home/$PAM_USER/.shadow"
-
- #check if shadow file exists
- test -e "$file" || exit 123
-
- hash="$(${pkgs.coreutils}/bin/head -1 $file)"
- salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
- calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
- if [ "$calc_hash" == $hash ]; then
- exit 0
- else
- exit 1
- fi
- '';
-
in {
imports = [
./sqlBackup.nix
@@ -164,19 +145,6 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
- security.pam.services.exim.text = ''
- auth required pam_env.so
- auth sufficient pam_exec.so debug expose_authtok ${check-password}
- auth sufficient pam_unix.so likeauth nullok
- auth required pam_deny.so
- account required pam_unix.so
- password required pam_cracklib.so retry=3 type=
- password sufficient pam_unix.so nullok use_authtok md5shadow
- password required pam_deny.so
- session required pam_limits.so
- session required pam_unix.so
- '';
-
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 48d96b1bf..d93d310da 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
head
;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 04c19fad0..b8342e148 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index fb1a58109..0c409ca87 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})