From e5270a24055a4065ca43a15a48e4efad527bc740 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 24 Nov 2016 23:58:49 +0100
Subject: l 2 nixpkgs: 0195ab8 -> ee52e98

---
 lass/2configs/nixpkgs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index e665b6c6f..caca98746 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731";
+    ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
   };
 }
-- 
cgit v1.2.3


From ab684bf6d8af062e64638aa529da82a62c394e84 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 25 Nov 2016 00:00:50 +0100
Subject: l 2 websites util: disable deprecated ssl stuff

---
 lass/2configs/websites/util.nix | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 55be8a8d9..3356fe9a8 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -8,28 +8,29 @@ rec {
     let
       domain = head domains;
     in {
-      security.acme = {
-        certs."${domain}" = {
-          email = "lassulus@gmail.com";
-          webroot = "/var/lib/acme/challenges/${domain}";
-          plugins = [
-            "account_key.json"
-            "key.pem"
-            "fullchain.pem"
-          ];
-          group = "nginx";
-          allowKeysForGroup = true;
-          extraDomains = genAttrs domains (_: null);
-        };
-      };
+      #security.acme = {
+      #  certs."${domain}" = {
+      #    email = "lassulus@gmail.com";
+      #    webroot = "/var/lib/acme/challenges/${domain}";
+      #    plugins = [
+      #      "account_key.json"
+      #      "key.pem"
+      #      "fullchain.pem"
+      #    ];
+      #    group = "nginx";
+      #    allowKeysForGroup = true;
+      #    extraDomains = genAttrs domains (_: null);
+      #  };
+      #};
 
       krebs.nginx.servers."${domain}" = {
+        ssl.acmeEnable = true;
         server-names = domains;
-        locations = [
-          (nameValuePair "/.well-known/acme-challenge" ''
-            root /var/lib/acme/challenges/${domain}/;
-          '')
-        ];
+        #locations = [
+        #  (nameValuePair "/.well-known/acme-challenge" ''
+        #    root /var/lib/acme/challenges/${domain}/;
+        #  '')
+        #];
       };
     };
 
@@ -37,7 +38,7 @@ rec {
     {
       imports = [
         ( manageCerts domains )
-        ( activateACME (head domains) )
+        #( activateACME (head domains) )
       ];
     };
 
-- 
cgit v1.2.3


From 2ea9b739ac64773de0a490736d6e1bdf556c6b60 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 25 Nov 2016 00:07:55 +0100
Subject: l 3 usershadow: update passwd to behave correctly

---
 lass/3modules/usershadow.nix | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

(limited to 'lass')

diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index a8ab1c52a..c0be053ab 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -70,9 +70,7 @@
         extra-depends = deps;
         text = ''
           import Data.Monoid
-          import System.IO
-          import Data.Char (chr)
-          import System.Environment (getEnv, getArgs)
+          import System.Environment (getArgs)
           import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
           import qualified Data.ByteString.Char8 as BS8
           import System.Exit (exitFailure, exitSuccess)
@@ -96,16 +94,29 @@
           import System.Environment (getEnv)
           import Crypto.PasswordStore (makePasswordWith, pbkdf2)
           import qualified Data.ByteString.Char8 as BS8
-          import System.IO (stdin, hSetEcho, putStrLn)
+          import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn)
+          import Control.Exception (bracket_)
 
           main :: IO ()
           main = do
             home <- getEnv "HOME"
-            putStrLn "password:"
-            hSetEcho stdin False
-            password <- BS8.hGetLine stdin
-            hash <- makePasswordWith pbkdf2 password 10
-            BS8.writeFile (home ++ "/.shadow") hash
+            mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do
+              putStr "Enter new UNIX password: "
+              hFlush stdout
+              password <- BS8.hGetLine stdin
+              putStrLn ""
+              putStr "Retype new UNIX password: "
+              hFlush stdout
+              password2 <- BS8.hGetLine stdin
+              return $ if password == password2
+                then Just password
+                else Nothing
+            case mb_password of
+              Just password -> do
+                hash <- makePasswordWith pbkdf2 password 10
+                BS8.writeFile (home ++ "/.shadow") hash
+                putStrLn "passwd: all authentication tokens updated successfully."
+              Nothing -> putStrLn "Sorry, passwords do not match"
         '';
       };
     };
-- 
cgit v1.2.3


From 77cb4502d7b1692fdb22923dca6ef9c11d046860 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 25 Nov 2016 00:22:34 +0100
Subject: l 2 mail: SC2068

---
 lass/2configs/mail.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index c637b08fb..872acc003 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -12,7 +12,7 @@ let
 
   msmtp = pkgs.writeBashBin "msmtp" ''
     ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
-      ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+      ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
   '';
 
   muttrc = pkgs.writeText "muttrc" ''
-- 
cgit v1.2.3


From d98faa8340f852ea96c7da60cda766db0dd2499c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 25 Nov 2016 00:28:21 +0100
Subject: l 2 repo-sync: use FQDN for tv's repo

---
 lass/2configs/repo-sync.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index baa4bb380..765769936 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -41,7 +41,7 @@ let
           mirror.url = "${mirror}${name}";
         };
         tv = {
-          origin.url = "http://cgit.ni.i/${name}";
+          origin.url = "http://cgit.ni.r/${name}";
           mirror.url = "${mirror}${name}";
         };
         lassulus = {
-- 
cgit v1.2.3


From 2b42e312d9c709701b7ba41f569e2041b1f975b8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 26 Nov 2016 19:10:23 +0100
Subject: l 2: reject the correct way with iptables

---
 lass/2configs/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index a7d2a6cef..21a2ec038 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -194,7 +194,9 @@ with import <stockholm/lib>;
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
-        { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; }
+        { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
+        { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
+        { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
       ];
     };
   };
-- 
cgit v1.2.3


From da3022389d1da7ac9c2ca42eb2d16582b96e0074 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 27 Nov 2016 13:20:27 +0100
Subject: l 1 helios: enable pulseaudio

---
 lass/1systems/helios.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lass')

diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 82db8ef7b..4472816e3 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -28,6 +28,9 @@ with import <stockholm/lib>;
       services.xserver.enable = true;
       services.xserver.desktopManager.xfce.enable = true;
       networking.wireless.enable = true;
+      hardware.pulseaudio = {
+        enable = true;
+      };
       users.users.ferret = {
         uid = genid "ferret";
         home = "/home/ferret";
-- 
cgit v1.2.3