diff options
Diffstat (limited to 'flakes/private/system')
-rw-r--r-- | flakes/private/system/flake.lock | 4 | ||||
-rw-r--r-- | flakes/private/system/flake.nix | 12 |
2 files changed, 14 insertions, 2 deletions
diff --git a/flakes/private/system/flake.lock b/flakes/private/system/flake.lock index 49fb3b5..a675105 100644 --- a/flakes/private/system/flake.lock +++ b/flakes/private/system/flake.lock | |||
@@ -19,7 +19,7 @@ | |||
19 | "environment": { | 19 | "environment": { |
20 | "locked": { | 20 | "locked": { |
21 | "lastModified": 1, | 21 | "lastModified": 1, |
22 | "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", | 22 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
23 | "path": "../environment", | 23 | "path": "../environment", |
24 | "type": "path" | 24 | "type": "path" |
25 | }, | 25 | }, |
@@ -69,7 +69,7 @@ | |||
69 | }, | 69 | }, |
70 | "locked": { | 70 | "locked": { |
71 | "lastModified": 1, | 71 | "lastModified": 1, |
72 | "narHash": "sha256-etK0kcWYmiCmdex+9CjWWqn4q8EonDutUP0yFH+odrE=", | 72 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
73 | "path": "../../mypackages", | 73 | "path": "../../mypackages", |
74 | "type": "path" | 74 | "type": "path" |
75 | }, | 75 | }, |
diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix index ad6c58c..9010140 100644 --- a/flakes/private/system/flake.nix +++ b/flakes/private/system/flake.nix | |||
@@ -30,6 +30,17 @@ | |||
30 | secrets.deleteSecretsVars = true; | 30 | secrets.deleteSecretsVars = true; |
31 | secrets.secretsVars = "/run/keys/vars.yml"; | 31 | secrets.secretsVars = "/run/keys/vars.yml"; |
32 | 32 | ||
33 | programs.ssh.package = lib.mkDefault ( | ||
34 | pkgs.openssh.overrideAttrs(old: rec { | ||
35 | patches = old.patches ++ [ | ||
36 | # Mitigation for CVE https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt | ||
37 | (pkgs.fetchpatch { | ||
38 | url = "https://raw.githubusercontent.com/NixOS/nixpkgs/342bfe5c431fd7828fee8fa7e07a4d8fbfd18618/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch"; | ||
39 | sha256 = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw="; | ||
40 | }) | ||
41 | ]; | ||
42 | }) | ||
43 | ); | ||
33 | services.openssh.enable = true; | 44 | services.openssh.enable = true; |
34 | 45 | ||
35 | nixpkgs.overlays = | 46 | nixpkgs.overlays = |
@@ -54,6 +65,7 @@ | |||
54 | users.users.acme.uid = myuids.lib.uids.acme; | 65 | users.users.acme.uid = myuids.lib.uids.acme; |
55 | environment.systemPackages = [ | 66 | environment.systemPackages = [ |
56 | pkgs.inetutils | 67 | pkgs.inetutils |
68 | pkgs.btop | ||
57 | pkgs.htop | 69 | pkgs.htop |
58 | pkgs.iftop | 70 | pkgs.iftop |
59 | pkgs.bind.dnsutils | 71 | pkgs.bind.dnsutils |