chore(tazjin/nixos): Remove strongswan overlay

This is no longer required; said customer has switched to Tailscale.

Change-Id: Iebe2fdfbf4013af86b7236e061cf4dbf47ac7c9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5537
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2022-05-09 13:37:02 +02:00 committed by tazjin
parent 988ac68100
commit dd2ae8552f
3 changed files with 0 additions and 37 deletions

View file

@ -1,25 +0,0 @@
# Workaround for an issue where strongswan 5.9.5 can not connect to
# some servers that do not have a mitigation for CVE-2021-45079
# applied.
#
# Of course ideally the servers would be patched, but the world is not
# ideal.
#
# Only intended for use by //users/tazjin/nixos/...
{ ... }:
self: super: {
# Downgrade strongswan to 5.9.4
#
# See https://github.com/NixOS/nixpkgs/pull/156567
strongswan = super.strongswan.overrideAttrs (_: rec {
version = "5.9.4";
src = self.fetchFromGitHub {
owner = "strongswan";
repo = "strongswan";
rev = version;
sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
};
});
}

View file

@ -30,12 +30,6 @@ in
nix.settings.trusted-users = [ "tazjin" ];
# Work around strongswan 5.9.4 being incompatible with servers not
# patched against some CVE. I need this for work ..
nixpkgs.overlays = [
depot.third_party.overlays.strongswan-workaround
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/4c51357a-1e34-4b59-b169-63af1fcdce71";

View file

@ -21,12 +21,6 @@ lib.fix (self: {
tvl.cache.enable = true;
# Work around strongswan 5.9.4 being incompatible with servers not
# patched against some CVE. I need this for work ..
nixpkgs.overlays = [
depot.third_party.overlays.strongswan-workaround
];
boot = rec {
initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
initrd.kernelModules = [ ];