diff options
author | lassulus <lass@lassul.us> | 2017-02-26 00:02:06 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-03-02 20:07:50 +0100 |
commit | 21ccde0d722c49a584486e882e5d4a304468949e (patch) | |
tree | 99925d9eb303a951567d128aa9cae37f539fe852 /lass/2configs | |
parent | 8a3515e1a6fa8dfc6b7377a0567426d11774e144 (diff) |
l 2: add security-workarounds
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/default.nix | 4 | ||||
-rw-r--r-- | lass/2configs/security-workarounds.nix | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8100a433f..5f383a91d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import <stockholm/lib>; { imports = [ @@ -11,6 +10,7 @@ with import <stockholm/lib>; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} |