-{ config, pkgs, lib, php, name, secrets, ... }:
+{ config, pkgs, lib, ports, name, secrets, ... }:
{
# ssh-keyscan eldiron | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1dxr5lhvtnjssfaqpnf6qx80h8gfwkxg3tdf35m6n9wljmk7wadfs3kmahj" ];
"nodejs-16.20.2" # for landing page building
];
- nixpkgs.overlays = [
- php.overlays.php
- ];
+ nixpkgs.overlays = builtins.attrValues ports.overlays;
powerManagement.cpuFreqGovernor = "powersave";
security.acme.certs."${name}".postRun = builtins.concatStringsSep "\n" [
./buildbot
./coturn.nix
./dns.nix
+ ./borg_backup.nix
./duply_backup.nix
./gemini
./gitolite
./vpn
];
+ services.borgBackup.enable = true;
+ services.borgBackup.profiles.global = {
+ bucket = "global";
+ hash = false;
+ remotes = [ "attilax" ];
+ ignoredPaths = [
+ "udev"
+ "portables"
+ "machines"
+ "nixos"
+ "nixos-containers"
+ ];
+ };
myServices.buildbot.enable = true;
myServices.databases.enable = true;
myServices.gitolite.enable = true;
table = ldap_users
user_column = login
pw_type = function
- auth_query = SELECT (mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
+ auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
#pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u
'';
};
projects / perso / Immae / Config / Nix.git / blobdiff