From 853e54ec8458d9fa1222fb72f9871427d45fd8eb Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 3 Jan 2022 14:56:44 +0100 Subject: htgen: use currect group names --- krebs/3modules/htgen.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 4221703ec..375e26974 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -75,7 +75,12 @@ let } ) cfg; - users.groups = mapAttrs (_: _: {}) cfg; + users.groups = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + name = htgen.user.name; + gid = htgen.user.uid; + } + ) cfg; }; in out -- cgit v1.2.3 From e82cbd6f35c85ce4aeb2e0f4572e6742c536d941 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 4 Jan 2022 20:30:02 +0100 Subject: exim: set User= but run as root LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the credentials to User=. As currently Exim is currently has to be run as root in order to use the standard SMTP port and for local deliveries[1], set User=exim, but run all processes as root. [1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270 --- krebs/3modules/exim.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 972c7f437..0f0aa67f0 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -65,8 +65,9 @@ in { config.environment.etc."exim.conf".source ]; serviceConfig = { - ExecStart = "${pkgs.exim}/bin/exim -bdf -q30m"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecStart = "+${pkgs.exim}/bin/exim -bdf -q30m"; + ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + User = cfg.user.name; }; wantedBy = [ "multi-user.target" ]; }; -- cgit v1.2.3 From a5df5deb3b91b01fc0e8822fc4b5615b8e9ab524 Mon Sep 17 00:00:00 2001 From: Lennart Date: Wed, 5 Jan 2022 21:23:53 +0100 Subject: add ed25519 pubkey to {catalonia,karakalpakstan}.r --- krebs/3modules/external/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 4c4e53f2f..fac91f632 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -662,6 +662,7 @@ in { vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; }; }; }; @@ -686,6 +687,7 @@ in { /n/eHElmKWoMCXhkV/mee1Cl2Y74XKivM6ov3lLvIDRxdXl46PvBFVkCAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "P9yurwK2l1npimgm3yk8WXigWLfEtJ6G1w/3kVCPG7F"; }; }; }; -- cgit v1.2.3 From deda4c978956e39c3b6345e5ef5604b2bc020e00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 5 Jan 2022 21:34:08 +0100 Subject: external: add kmein grocy, remove radio --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index fac91f632..66914797d 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -320,7 +320,7 @@ in { aliases = [ "zaatar.r" "zaatar.kmein.r" - "radio.kmein.r" + "grocy.kmein.r" "bvg.kmein.r" "moodle.kmein.r" ]; -- cgit v1.2.3