summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/default.nix1
-rw-r--r--krebs/2configs/security-workarounds.nix (renamed from lass/2configs/security-workarounds.nix)6
-rw-r--r--lass/2configs/default.nix2
3 files changed, 3 insertions, 6 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 9200d41fe..38d770316 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
{
imports = [
./backup.nix
+ ./security-workarounds.nix
];
krebs.announce-activation.enable = true;
krebs.enable = true;
diff --git a/lass/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 4b0d48671..27d1f8485 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,10 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
- # http://seclists.org/oss-sec/2017/q1/471
- boot.extraModprobeConfig = ''
- install dccp /run/current-system/sw/bin/false
- '';
-
+ # https://github.com/berdav/CVE-2021-4034
security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dc97719ad..e2163b688 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -8,7 +8,7 @@ with import <stockholm/lib>;
./vim.nix
./zsh.nix
./htop.nix
- ./security-workarounds.nix
+ <stockholm/krebs/2configs/security-workarounds.nix>
./wiregrill.nix
{
users.extraUsers =