From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:09:26 +0200 Subject: l 2 websites domsen: remove obsolete code --- lass/2configs/websites/domsen.nix | 32 -------------------------------- 1 file changed, 32 deletions(-) (limited to 'lass/2configs/websites/domsen.nix') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..5a4748f42 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext -- cgit v1.2.3 From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:40:11 +0200 Subject: l: import --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs/websites/domsen.nix') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5a4748f42..18c771fad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -2,7 +2,7 @@ let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid genid_signed ; -- cgit v1.2.3 From e15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Oct 2016 15:12:52 +0200 Subject: Revert "l 2 websites domsen: remove obsolete code" This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e. --- lass/2configs/websites/domsen.nix | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'lass/2configs/websites/domsen.nix') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 18c771fad..0a53bc93b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,6 +22,25 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; + check-password = pkgs.writeDash "check-password" '' + read pw + + file="/home/$PAM_USER/.shadow" + + #check if shadow file exists + test -e "$file" || exit 123 + + hash="$(${pkgs.coreutils}/bin/head -1 $file)" + salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" + + calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" + if [ "$calc_hash" == $hash ]; then + exit 0 + else + exit 1 + fi + ''; + in { imports = [ ./sqlBackup.nix @@ -145,6 +164,19 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; + security.pam.services.exim.text = '' + auth required pam_env.so + auth sufficient pam_exec.so debug expose_authtok ${check-password} + auth sufficient pam_unix.so likeauth nullok + auth required pam_deny.so + account required pam_unix.so + password required pam_cracklib.so retry=3 type= + password sufficient pam_unix.so nullok use_authtok md5shadow + password required pam_deny.so + session required pam_limits.so + session required pam_unix.so + ''; + krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext -- cgit v1.2.3 From c091949a151e0a613ad31fd390b1c19bfddfde3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Oct 2016 14:19:26 +0200 Subject: l 2 websites domsen: make smtp/imap finally work --- lass/2configs/websites/domsen.nix | 46 +++++---------------------------------- 1 file changed, 6 insertions(+), 40 deletions(-) (limited to 'lass/2configs/websites/domsen.nix') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 0a53bc93b..fa56d0e12 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -161,41 +142,26 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; } { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext - server_prompts = : - server_condition = "''${if pam{$auth2:$auth3}{yes}{no}}" - server_set_id = $auth2 + public_name = PLAIN + server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} ''; authenticators.LOGIN = '' driver = plaintext + public_name = LOGIN server_prompts = "Username:: : Password::" - server_condition = "''${if pam{$auth1:$auth2}{yes}{no}}" - server_set_id = $auth1 + server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } - { from = "testuser@lassul.us"; to = "testuser"; } ]; - system-aliases = [ + sender_domains = [ + "jla-trading.com" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; -- cgit v1.2.3