summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-10-26 15:12:52 +0200
committerlassulus <lass@aidsballs.de>2016-10-26 15:12:52 +0200
commite15b9e5a44b69c7b2c81ab6d3d6c91edc6d69712 (patch)
tree2da90cc236188a062b123a9e4930e3ceed2272fa
parentb43f47f0b30618e810c7c2c2b186acdbeaed73d6 (diff)
Revert "l 2 websites domsen: remove obsolete code"
This reverts commit 0398342657a9548b9ada4524335b3ca864fd9c2e.
-rw-r--r--lass/2configs/websites/domsen.nix32
1 files changed, 32 insertions, 0 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 18c771fad..0a53bc93b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,6 +22,25 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
+ check-password = pkgs.writeDash "check-password" ''
+ read pw
+
+ file="/home/$PAM_USER/.shadow"
+
+ #check if shadow file exists
+ test -e "$file" || exit 123
+
+ hash="$(${pkgs.coreutils}/bin/head -1 $file)"
+ salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
+
+ calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
+ if [ "$calc_hash" == $hash ]; then
+ exit 0
+ else
+ exit 1
+ fi
+ '';
+
in {
imports = [
./sqlBackup.nix
@@ -145,6 +164,19 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
+ security.pam.services.exim.text = ''
+ auth required pam_env.so
+ auth sufficient pam_exec.so debug expose_authtok ${check-password}
+ auth sufficient pam_unix.so likeauth nullok
+ auth required pam_deny.so
+ account required pam_unix.so
+ password required pam_cracklib.so retry=3 type=
+ password sufficient pam_unix.so nullok use_authtok md5shadow
+ password required pam_deny.so
+ session required pam_limits.so
+ session required pam_unix.so
+ '';
+
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext