diff options
| author | Vincent Ambo <mail@tazj.in> | 2022-05-09T11·37+0200 |
|---|---|---|
| committer | tazjin <tazjin@tvl.su> | 2022-05-10T13·41+0000 |
| commit | dd2ae8552fc871fbbb69589a8dbd65441828a378 (patch) | |
| tree | 9d319b5141267a6a48532c4ab6453a697ca9ad14 | |
| parent | 988ac68100458034c9966ce547adb8b0ddb91173 (diff) | |
chore(tazjin/nixos): Remove strongswan overlay r/4040
This is no longer required; said customer has switched to Tailscale. Change-Id: Iebe2fdfbf4013af86b7236e061cf4dbf47ac7c9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5537 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
| -rw-r--r-- | third_party/overlays/strongswan-workaround.nix | 25 | ||||
| -rw-r--r-- | users/tazjin/nixos/polyanka/default.nix | 6 | ||||
| -rw-r--r-- | users/tazjin/nixos/tverskoy/default.nix | 6 |
3 files changed, 0 insertions, 37 deletions
diff --git a/third_party/overlays/strongswan-workaround.nix b/third_party/overlays/strongswan-workaround.nix deleted file mode 100644 index a5c3c26ec981..000000000000 --- a/third_party/overlays/strongswan-workaround.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Workaround for an issue where strongswan 5.9.5 can not connect to -# some servers that do not have a mitigation for CVE-2021-45079 -# applied. -# -# Of course ideally the servers would be patched, but the world is not -# ideal. -# -# Only intended for use by //users/tazjin/nixos/... -{ ... }: - -self: super: { - # Downgrade strongswan to 5.9.4 - # - # See https://github.com/NixOS/nixpkgs/pull/156567 - strongswan = super.strongswan.overrideAttrs (_: rec { - version = "5.9.4"; - - src = self.fetchFromGitHub { - owner = "strongswan"; - repo = "strongswan"; - rev = version; - sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd"; - }; - }); -} diff --git a/users/tazjin/nixos/polyanka/default.nix b/users/tazjin/nixos/polyanka/default.nix index 58561f3dd6cc..5758ee39b3e5 100644 --- a/users/tazjin/nixos/polyanka/default.nix +++ b/users/tazjin/nixos/polyanka/default.nix @@ -30,12 +30,6 @@ in nix.settings.trusted-users = [ "tazjin" ]; - # Work around strongswan 5.9.4 being incompatible with servers not - # patched against some CVE. I need this for work .. - nixpkgs.overlays = [ - depot.third_party.overlays.strongswan-workaround - ]; - fileSystems."/" = { device = "/dev/disk/by-uuid/4c51357a-1e34-4b59-b169-63af1fcdce71"; diff --git a/users/tazjin/nixos/tverskoy/default.nix b/users/tazjin/nixos/tverskoy/default.nix index 31204a198092..b789e50d43f3 100644 --- a/users/tazjin/nixos/tverskoy/default.nix +++ b/users/tazjin/nixos/tverskoy/default.nix @@ -21,12 +21,6 @@ lib.fix (self: { tvl.cache.enable = true; - # Work around strongswan 5.9.4 being incompatible with servers not - # patched against some CVE. I need this for work .. - nixpkgs.overlays = [ - depot.third_party.overlays.strongswan-workaround - ]; - boot = rec { initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.kernelModules = [ ]; |