wip
This commit is contained in:
mwiegand
parent
b8f5888c3e
commit
ca52fc7b64
7 changed files with 32 additions and 4 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
connect = host=${host} dbname=${name} user=${user} password=${password}
|
connect = host=${host} dbname=${name} user=${user} password=${password}
|
||||||
driver = pgsql
|
driver = pgsql
|
||||||
default_pass_scheme = SHA512-CRYPT
|
default_pass_scheme = ARGON2ID
|
||||||
|
|
||||||
password_query = SELECT CONCAT(users.name, '@', domains.name) AS user, password\
|
password_query = SELECT CONCAT(users.name, '@', domains.name) AS user, password\
|
||||||
FROM users \
|
FROM users \
|
||||||
|
|
|
||||||
1
bundles/dovecot/files/sudors
Normal file
1
bundles/dovecot/files/sudors
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
www-data ALL=(ALL) NOPASSWD: /usr/bin/doveadm pw -s ARGON2ID
|
||||||
|
|
@ -9,7 +9,9 @@ $config['password_log'] = true;
|
||||||
$config['password_hosts'] = null;
|
$config['password_hosts'] = null;
|
||||||
$config['password_force_save'] = false;
|
$config['password_force_save'] = false;
|
||||||
$config['password_force_new_user'] = false;
|
$config['password_force_new_user'] = false;
|
||||||
$config['password_algorithm'] = 'sha512-crypt';
|
$config['password_algorithm'] = 'dovecot';
|
||||||
$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';
|
$config['password_dovecotpw'] = '/usr/bin/sudo /usr/bin/doveadm pw';
|
||||||
|
$config['password_dovecotpw_method'] = 'ARGON2ID';
|
||||||
|
$config['password_dovecotpw_with_method'] = true;
|
||||||
$config['password_db_dsn'] = 'pgsql://mailserver:${mailserver_db_password}@localhost/mailserver';
|
$config['password_db_dsn'] = 'pgsql://mailserver:${mailserver_db_password}@localhost/mailserver';
|
||||||
$config['password_query'] = "UPDATE users SET password=%P FROM domains WHERE domains.id = domain_id AND domains.name = %d AND users.name = %l";
|
$config['password_query'] = "UPDATE users SET password=%D FROM domains WHERE domains.id = domain_id AND domains.name = %d AND users.name = %l";
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,9 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'sudoers': {
|
||||||
|
'www-data': ['/usr/bin/doveadm pw -s ARGON2ID'],
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
|
|
|
||||||
11
bundles/sudo/items.py
Normal file
11
bundles/sudo/items.py
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
directories = {
|
||||||
|
'/etc/sudoers.d': {
|
||||||
|
'purge': True,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for user, commands in node.metadata.get('sudoers').items():
|
||||||
|
files[f'/etc/sudoers.d/{user}'] = {
|
||||||
|
'content': f"{user} ALL=(ALL) NOPASSWD: {', '.join(commands)}",
|
||||||
|
'mode': '500',
|
||||||
|
}
|
||||||
10
bundles/sudo/metadata.py
Normal file
10
bundles/sudo/metadata.py
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
defaults = {
|
||||||
|
'apt': {
|
||||||
|
'packages': {
|
||||||
|
'sudo': {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'sudoers': {
|
||||||
|
'root': ['ALL'],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
'bundles': [
|
'bundles': [
|
||||||
|
'sudo',
|
||||||
'users',
|
'users',
|
||||||
'zsh',
|
'zsh',
|
||||||
],
|
],
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue