diff options
-rw-r--r-- | lass/2configs/default.nix | 4 | ||||
-rw-r--r-- | lass/2configs/security-workarounds.nix | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8100a433f..5f383a91d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import <stockholm/lib>; { imports = [ @@ -11,6 +10,7 @@ with import <stockholm/lib>; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} |