From 76668334958011b69747d5e09691cf21703938cc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 26 Jan 2022 13:11:06 +0100
Subject: move security-workarounds to krebs and cleanup

---
 krebs/2configs/default.nix              | 1 +
 krebs/2configs/security-workarounds.nix | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 krebs/2configs/security-workarounds.nix

(limited to 'krebs')

diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 9200d41f..38d77031 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     ./backup.nix
+    ./security-workarounds.nix
   ];
   krebs.announce-activation.enable = true;
   krebs.enable = true;
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
new file mode 100644
index 00000000..27d1f848
--- /dev/null
+++ b/krebs/2configs/security-workarounds.nix
@@ -0,0 +1,6 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  # https://github.com/berdav/CVE-2021-4034
+  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
+}
-- 
cgit v1.2.3