From 21ccde0d722c49a584486e882e5d4a304468949e Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 26 Feb 2017 00:02:06 +0100
Subject: l 2: add security-workarounds

---
 lass/2configs/default.nix              | 4 ++--
 lass/2configs/security-workarounds.nix | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 lass/2configs/security-workarounds.nix

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8100a433..5f383a91 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
 with import <stockholm/lib>;
 {
   imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
     ../2configs/vim.nix
     ../2configs/monitoring/client.nix
     ./backups.nix
+    ./security-workarounds.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 00000000..537c8a59
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  # http://seclists.org/oss-sec/2017/q1/471
+  boot.extraModprobeConfig = ''
+    install dccp /run/current-system/sw/bin/false
+  '';
+}
-- 
cgit v1.2.3