diff options
author | lassulus <lass@aidsballs.de> | 2016-10-26 15:12:52 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-10-26 15:12:52 +0200 |
commit | e15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 (patch) | |
tree | 2da90cc236188a062b123a9e4930e3ceed2272fa /lass/2configs/websites/domsen.nix | |
parent | b43f47f0b30618e810c7c2c2b186acdbeaed73d6 (diff) |
Revert "l 2 websites domsen: remove obsolete code"
This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e.
Diffstat (limited to 'lass/2configs/websites/domsen.nix')
-rw-r--r-- | lass/2configs/websites/domsen.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 18c771fad..0a53bc93b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,6 +22,25 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; + check-password = pkgs.writeDash "check-password" '' + read pw + + file="/home/$PAM_USER/.shadow" + + #check if shadow file exists + test -e "$file" || exit 123 + + hash="$(${pkgs.coreutils}/bin/head -1 $file)" + salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" + + calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" + if [ "$calc_hash" == $hash ]; then + exit 0 + else + exit 1 + fi + ''; + in { imports = [ ./sqlBackup.nix @@ -145,6 +164,19 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; + security.pam.services.exim.text = '' + auth required pam_env.so + auth sufficient pam_exec.so debug expose_authtok ${check-password} + auth sufficient pam_unix.so likeauth nullok + auth required pam_deny.so + account required pam_unix.so + password required pam_cracklib.so retry=3 type= + password sufficient pam_unix.so nullok use_authtok md5shadow + password required pam_deny.so + session required pam_limits.so + session required pam_unix.so + ''; + krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext |