forked from M-Labs/it-infra
nixops: work around openssl3 pam_p11 breakage
This commit is contained in:
parent
2f704a7534
commit
ffb286ba05
@ -15,11 +15,13 @@ in
|
||||
(./. + "/${host}-hardware-configuration.nix")
|
||||
];
|
||||
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
|
||||
libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
|
||||
pam_p11 = super.pam_p11.overrideAttrs(oa: {
|
||||
patchPhase = oa.patchPhase or "" + ''
|
||||
substituteInPlace src/match_openssh.c --replace \
|
||||
'"%s/.ssh/authorized_keys", pw->pw_dir)' \
|
||||
'"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
|
||||
patches = [];
|
||||
postPatch = ''
|
||||
substituteInPlace src/match_openssh.c --replace \
|
||||
'"%s/.ssh/authorized_keys", pw->pw_dir)' \
|
||||
'"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
|
||||
'';
|
||||
});
|
||||
gnome = super.gnome // {
|
||||
@ -28,6 +30,9 @@ in
|
||||
});
|
||||
};
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openssl-1.1.1t"
|
||||
];
|
||||
|
||||
networking.hostName = host;
|
||||
networking.firewall.allowedTCPPorts = [ 1883 ];
|
||||
|
Loading…
Reference in New Issue
Block a user