summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-02-26 00:02:06 +0100
committerlassulus <lass@lassul.us>2017-03-02 20:07:50 +0100
commit21ccde0d722c49a584486e882e5d4a304468949e (patch)
tree99925d9eb303a951567d128aa9cae37f539fe852 /lass
parent8a3515e1a6fa8dfc6b7377a0567426d11774e144 (diff)
l 2: add security-workarounds
Diffstat (limited to 'lass')
-rw-r--r--lass/2configs/default.nix4
-rw-r--r--lass/2configs/security-workarounds.nix8
2 files changed, 10 insertions, 2 deletions
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8100a433f..5f383a91d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
+ ./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 000000000..537c8a59b
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # http://seclists.org/oss-sec/2017/q1/471
+ boot.extraModprobeConfig = ''
+ install dccp /run/current-system/sw/bin/false
+ '';
+}