nixops: work around openssl3 pam_p11 breakage

This commit is contained in:
Sebastien Bourdeauducq 2023-05-23 17:38:50 +08:00
parent 2f704a7534
commit ffb286ba05

View File

@ -15,8 +15,10 @@ in
(./. + "/${host}-hardware-configuration.nix")
];
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
pam_p11 = super.pam_p11.overrideAttrs(oa: {
patchPhase = oa.patchPhase or "" + ''
patches = [];
postPatch = ''
substituteInPlace src/match_openssh.c --replace \
'"%s/.ssh/authorized_keys", pw->pw_dir)' \
'"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
@ -28,6 +30,9 @@ in
});
};
};
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1t"
];
networking.hostName = host;
networking.firewall.allowedTCPPorts = [ 1883 ];