nixops: work around openssl3 pam_p11 breakage

This commit is contained in:
Sebastien Bourdeauducq 2023-05-23 17:38:50 +08:00
parent 2f704a7534
commit ffb286ba05
1 changed files with 9 additions and 4 deletions

View File

@ -15,8 +15,10 @@ in
(./. + "/${host}-hardware-configuration.nix") (./. + "/${host}-hardware-configuration.nix")
]; ];
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
pam_p11 = super.pam_p11.overrideAttrs(oa: { pam_p11 = super.pam_p11.overrideAttrs(oa: {
patchPhase = oa.patchPhase or "" + '' patches = [];
postPatch = ''
substituteInPlace src/match_openssh.c --replace \ substituteInPlace src/match_openssh.c --replace \
'"%s/.ssh/authorized_keys", pw->pw_dir)' \ '"%s/.ssh/authorized_keys", pw->pw_dir)' \
'"/etc/ssh/authorized_keys.d/%s", pw->pw_name)' '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
@ -28,6 +30,9 @@ in
}); });
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1t"
];
networking.hostName = host; networking.hostName = host;
networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedTCPPorts = [ 1883 ];