summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/security-workarounds.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs/security-workarounds.nix')
-rw-r--r--krebs/2configs/security-workarounds.nix25
1 files changed, 24 insertions, 1 deletions
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index b1a492f5..cb5d236a 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,4 +1,27 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
{
+ # OpenSSL pre-3.0.7 vulnerabilities
+ nixpkgs.overlays = [
+ (self: super: {
+ exim =
+ super.exim.overrideAttrs (old: let
+ key = if builtins.hasAttr "preBuild" old then
+ "preBuild"
+ else
+ "configurePhase";
+ in {
+ buildInputs = old.buildInputs ++ [ self.gnutls ];
+ ${key} = /* sh */ ''
+ ${old.${key}}
+ sed -Ei '
+ s:^USE_OPENSSL=.*:# &:
+ s:^# (USE_GNUTLS)=.*:\1=yes:
+ s:^# (USE_GNUTLS_PC=.*):\1:
+ ' Local/Makefile
+ '';
+ });
+ })
+ ];
+ # OpenSSL pre-3.0.7 vulnerabilities
+ services.nginx.package = lib.mkDefault (pkgs.nginxStable.override { openssl = pkgs.libressl; });
}