envoi mail après login

port SSH alternatif
ajout utilisateur jellyfin dans groupe media
2019-06-07 11:57:12 +02:00 · 2019-06-07 10:28:24 +02:00 · 2019-06-07 10:27:23 +02:00 · 2019-06-07 10:26:33 +02:00
4 changed files with 22 additions and 6 deletions
--- a/services/mail-server.nix
+++ b/services/mail-server.nix
@ -17,8 +17,8 @@ in

  imports = [
    (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5/nixos-mailserver-8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5.tar.gz";
-      sha256 = "0pf25ns3yq9vdbpb30cplx4zkj7srrklamd6kw7ifaf7gyc7fy65";
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
+      sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
    })
  ];

--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@ -81,6 +81,9 @@ in
      # externalIP = "0.0.0.0";
      internalIPs = [ "10.30.0.0/16" ];
      internalInterfaces = [ "eno2" ];
+      forwardPorts = [
+        { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;}
+      ];
    };

    firewall = {
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -11,6 +11,16 @@ let
  musique_port = 52349;
  factorio_port = 52351;
  airsonic_port = 4040;
+
+  login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
+    if [ "$PAM_TYPE" != "close_session" ]; then
+    ${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re <<EOF
+    From: root@nyanlout.re
+    Subject: SSH Login: $PAM_USER from $PAM_RHOST
+    `env`
+    EOF
+    fi
+  '';
 in

 {
@ -415,9 +425,12 @@ in

  users.groups.acme.members = [ "matrix-synapse" ];

-  security.sudo.extraRules = [
-    { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
-  ];
+  security = {
+    sudo.extraRules = [
+      { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
+    ];
+    pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
+  };

  networking = {
    wireguard.interfaces = {
--- a/systems/LoutreOS/users.nix
+++ b/systems/LoutreOS/users.nix
@ -33,6 +33,6 @@

  users.extraGroups.medias = {
    gid = 498;
-    members = [ "slimserver" "radarr" "sonarr" "emby" "transmission" ];
+    members = [ "slimserver" "radarr" "sonarr" "jellyfin" "transmission" ];
  };
 }
Author	SHA1	Message	Date
nyanloutre	a93d836d36	envoi mail après login	2019-06-07 11:57:12 +02:00
nyanloutre	651a0d3c64	port SSH alternatif	2019-06-07 10:28:24 +02:00
nyanloutre	de25eb9a36	ajout utilisateur jellyfin dans groupe media	2019-06-07 10:27:23 +02:00
nyanloutre	b90a2c79b2	nixos-mailserver: update 2.2.1	2019-06-07 10:26:33 +02:00