From 48282200043d63c5e0434fdd7b8dc79aa271b8ae Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:08:55 +0200
Subject: l 2 c-base: add cifs-utils

---
 lass/2configs/c-base.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 9d13bc30d..679a90b7e 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -16,6 +16,10 @@ in {
 
   users.extraGroups.cbasevpn.gid = genid "cbasevpn";
 
+  environment.systemPackages = [
+    pkgs.cifs-utils
+  ];
+
   services.openvpn.servers = {
     c-base = {
       config = ''
-- 
cgit v1.2.3


From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:09:26 +0200
Subject: l 2 websites domsen: remove obsolete code

---
 lass/2configs/websites/domsen.nix | 32 --------------------------------
 1 file changed, 32 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3a3e60d39..5a4748f42 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
     exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
   '';
 
-  check-password = pkgs.writeDash "check-password" ''
-    read pw
-
-    file="/home/$PAM_USER/.shadow"
-
-    #check if shadow file exists
-    test -e "$file" || exit 123
-
-    hash="$(${pkgs.coreutils}/bin/head -1 $file)"
-    salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
-    calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
-    if [ "$calc_hash" == $hash ]; then
-      exit 0
-    else
-      exit 1
-    fi
-  '';
-
 in {
   imports = [
     ./sqlBackup.nix
@@ -164,19 +145,6 @@ in {
     { predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
   ];
 
-  security.pam.services.exim.text = ''
-    auth        required      pam_env.so
-    auth        sufficient    pam_exec.so debug expose_authtok ${check-password}
-    auth        sufficient    pam_unix.so likeauth nullok
-    auth        required      pam_deny.so
-    account     required      pam_unix.so
-    password    required      pam_cracklib.so retry=3 type=
-    password    sufficient    pam_unix.so nullok use_authtok md5shadow
-    password    required      pam_deny.so
-    session     required      pam_limits.so
-    session     required      pam_unix.so
-  '';
-
   krebs.exim-smarthost = {
     authenticators.PLAIN = ''
       driver = plaintext
-- 
cgit v1.2.3


From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:40:11 +0200
Subject: l: import <stockholm/lib>

---
 lass/2configs/websites/domsen.nix             | 2 +-
 lass/2configs/websites/fritz.nix              | 2 +-
 lass/2configs/websites/lassulus.nix           | 2 +-
 lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 5a4748f42..18c771fad 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -2,7 +2,7 @@
 
 let
 
-  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+  inherit (import <stockholm/lib>)
     genid
     genid_signed
   ;
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 48d96b1bf..d93d310da 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,7 +2,7 @@
 
 with lib;
 let
-  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+  inherit (import <stockholm/lib>)
     genid
     head
   ;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 04c19fad0..b8342e148 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -2,7 +2,7 @@
 
 with lib;
 let
-  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+  inherit (import <stockholm/lib>)
     genid
   ;
 
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index fb1a58109..0c409ca87 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 
 let
-  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+  inherit (import <stockholm/lib>)
     genid
   ;
   inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
-- 
cgit v1.2.3


From 8dc0352e4f585ca6b3a7507663dfcbd91fef098a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 22 Oct 2016 01:29:16 +0200
Subject: l 2 nixpkgs: b8ede35 -> 686bc9c

---
 lass/2configs/nixpkgs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 73c96e876..4ef4c6ce7 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
+    ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
   };
 }
-- 
cgit v1.2.3


From e15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 26 Oct 2016 15:12:52 +0200
Subject: Revert "l 2 websites domsen: remove obsolete code"

This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e.
---
 lass/2configs/websites/domsen.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 18c771fad..0a53bc93b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,6 +22,25 @@ let
     exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
   '';
 
+  check-password = pkgs.writeDash "check-password" ''
+    read pw
+
+    file="/home/$PAM_USER/.shadow"
+
+    #check if shadow file exists
+    test -e "$file" || exit 123
+
+    hash="$(${pkgs.coreutils}/bin/head -1 $file)"
+    salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
+
+    calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
+    if [ "$calc_hash" == $hash ]; then
+      exit 0
+    else
+      exit 1
+    fi
+  '';
+
 in {
   imports = [
     ./sqlBackup.nix
@@ -145,6 +164,19 @@ in {
     { predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
   ];
 
+  security.pam.services.exim.text = ''
+    auth        required      pam_env.so
+    auth        sufficient    pam_exec.so debug expose_authtok ${check-password}
+    auth        sufficient    pam_unix.so likeauth nullok
+    auth        required      pam_deny.so
+    account     required      pam_unix.so
+    password    required      pam_cracklib.so retry=3 type=
+    password    sufficient    pam_unix.so nullok use_authtok md5shadow
+    password    required      pam_deny.so
+    session     required      pam_limits.so
+    session     required      pam_unix.so
+  '';
+
   krebs.exim-smarthost = {
     authenticators.PLAIN = ''
       driver = plaintext
-- 
cgit v1.2.3


From 7e809cfc8b6112068b872b85c400794b5b102cc5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 12:50:03 +0200
Subject: l 2: globally set CA/SSL stuff

---
 lass/2configs/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 43c4d5b0d..a7d2a6cef 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -46,6 +46,13 @@ with import <stockholm/lib>;
         NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
       };
     }
+    (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
+      environment.variables = {
+        CURL_CA_BUNDLE = ca-bundle;
+        GIT_SSL_CAINFO = ca-bundle;
+        SSL_CERT_FILE = ca-bundle;
+      };
+    })
   ];
 
   networking.hostName = config.krebs.build.host.name;
-- 
cgit v1.2.3


From d06da3496447d369bef0c9f52d3eb0ebdef8a801 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 12:50:28 +0200
Subject: l 2 nixpkgs: 686bc9c -> 0195ab8

---
 lass/2configs/nixpkgs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 4ef4c6ce7..e665b6c6f 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
+    ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731";
   };
 }
-- 
cgit v1.2.3


From 809a42339d2fa3e52d69a5d6966e60ae45968be5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:16:51 +0200
Subject: l 2 repo-sync: sync painload

---
 lass/2configs/repo-sync.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index f88149730..f2e4de6a7 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -93,6 +93,7 @@ in {
     (sync-remote "xintmap" "https://github.com/4z3/xintmap")
     (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
     (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
+    (sync-remote "painload" "https://github.com/krebscode/painload")
     (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
     (sync-retiolum "go")
     (sync-retiolum "much")
-- 
cgit v1.2.3


From b97145eedd566925d6c94fb2039f6de86cfec9c8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 13:30:16 +0200
Subject: l 2 websites fritz: update phpConfig

---
 lass/2configs/websites/fritz.nix | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index d93d310da..52914f444 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -88,13 +88,7 @@ in {
     ];
   };
 
-  services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
-     options = ''
-      extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
-      sendmail_path = "${sendmail} -t -i"
-    '';
-  } ''
-    cat ${pkgs.php}/etc/php-recommended.ini > $out
-    echo "$options" >> $out
+  services.phpfpm.phpOptions = ''
+    sendmail_path = ${sendmail} -t
   '';
 }
-- 
cgit v1.2.3


From c091949a151e0a613ad31fd390b1c19bfddfde3a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 27 Oct 2016 14:19:26 +0200
Subject: l 2 websites domsen: make smtp/imap finally work

---
 lass/2configs/websites/domsen.nix | 46 +++++----------------------------------
 1 file changed, 6 insertions(+), 40 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 0a53bc93b..fa56d0e12 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
     exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
   '';
 
-  check-password = pkgs.writeDash "check-password" ''
-    read pw
-
-    file="/home/$PAM_USER/.shadow"
-
-    #check if shadow file exists
-    test -e "$file" || exit 123
-
-    hash="$(${pkgs.coreutils}/bin/head -1 $file)"
-    salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
-    calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
-    if [ "$calc_hash" == $hash ]; then
-      exit 0
-    else
-      exit 1
-    fi
-  '';
-
 in {
   imports = [
     ./sqlBackup.nix
@@ -161,41 +142,26 @@ in {
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
     { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
-    { predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
   ];
 
-  security.pam.services.exim.text = ''
-    auth        required      pam_env.so
-    auth        sufficient    pam_exec.so debug expose_authtok ${check-password}
-    auth        sufficient    pam_unix.so likeauth nullok
-    auth        required      pam_deny.so
-    account     required      pam_unix.so
-    password    required      pam_cracklib.so retry=3 type=
-    password    sufficient    pam_unix.so nullok use_authtok md5shadow
-    password    required      pam_deny.so
-    session     required      pam_limits.so
-    session     required      pam_unix.so
-  '';
-
   krebs.exim-smarthost = {
     authenticators.PLAIN = ''
       driver = plaintext
-      server_prompts = :
-      server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}"
-      server_set_id = $auth2
+      public_name = PLAIN
+      server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
     '';
     authenticators.LOGIN = ''
       driver = plaintext
+      public_name = LOGIN
       server_prompts = "Username:: : Password::"
-      server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}"
-      server_set_id = $auth1
+      server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
     '';
     internet-aliases = [
       { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
-      { from = "testuser@lassul.us"; to = "testuser"; }
     ];
-    system-aliases = [
+    sender_domains = [
+      "jla-trading.com"
     ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";
-- 
cgit v1.2.3