diff options
Diffstat (limited to 'flakes/private/system')
| -rw-r--r-- | flakes/private/system/flake.lock | 4 | ||||
| -rw-r--r-- | flakes/private/system/flake.nix | 12 |
2 files changed, 14 insertions, 2 deletions
diff --git a/flakes/private/system/flake.lock b/flakes/private/system/flake.lock index 49fb3b5..a675105 100644 --- a/flakes/private/system/flake.lock +++ b/flakes/private/system/flake.lock | |||
| @@ -19,7 +19,7 @@ | |||
| 19 | "environment": { | 19 | "environment": { |
| 20 | "locked": { | 20 | "locked": { |
| 21 | "lastModified": 1, | 21 | "lastModified": 1, |
| 22 | "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", | 22 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
| 23 | "path": "../environment", | 23 | "path": "../environment", |
| 24 | "type": "path" | 24 | "type": "path" |
| 25 | }, | 25 | }, |
| @@ -69,7 +69,7 @@ | |||
| 69 | }, | 69 | }, |
| 70 | "locked": { | 70 | "locked": { |
| 71 | "lastModified": 1, | 71 | "lastModified": 1, |
| 72 | "narHash": "sha256-etK0kcWYmiCmdex+9CjWWqn4q8EonDutUP0yFH+odrE=", | 72 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
| 73 | "path": "../../mypackages", | 73 | "path": "../../mypackages", |
| 74 | "type": "path" | 74 | "type": "path" |
| 75 | }, | 75 | }, |
diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix index ad6c58c..9010140 100644 --- a/flakes/private/system/flake.nix +++ b/flakes/private/system/flake.nix | |||
| @@ -30,6 +30,17 @@ | |||
| 30 | secrets.deleteSecretsVars = true; | 30 | secrets.deleteSecretsVars = true; |
| 31 | secrets.secretsVars = "/run/keys/vars.yml"; | 31 | secrets.secretsVars = "/run/keys/vars.yml"; |
| 32 | 32 | ||
| 33 | programs.ssh.package = lib.mkDefault ( | ||
| 34 | pkgs.openssh.overrideAttrs(old: rec { | ||
| 35 | patches = old.patches ++ [ | ||
| 36 | # Mitigation for CVE https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt | ||
| 37 | (pkgs.fetchpatch { | ||
| 38 | url = "https://raw.githubusercontent.com/NixOS/nixpkgs/342bfe5c431fd7828fee8fa7e07a4d8fbfd18618/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch"; | ||
| 39 | sha256 = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw="; | ||
| 40 | }) | ||
| 41 | ]; | ||
| 42 | }) | ||
| 43 | ); | ||
| 33 | services.openssh.enable = true; | 44 | services.openssh.enable = true; |
| 34 | 45 | ||
| 35 | nixpkgs.overlays = | 46 | nixpkgs.overlays = |
| @@ -54,6 +65,7 @@ | |||
| 54 | users.users.acme.uid = myuids.lib.uids.acme; | 65 | users.users.acme.uid = myuids.lib.uids.acme; |
| 55 | environment.systemPackages = [ | 66 | environment.systemPackages = [ |
| 56 | pkgs.inetutils | 67 | pkgs.inetutils |
| 68 | pkgs.btop | ||
| 57 | pkgs.htop | 69 | pkgs.htop |
| 58 | pkgs.iftop | 70 | pkgs.iftop |
| 59 | pkgs.bind.dnsutils | 71 | pkgs.bind.dnsutils |