chore(tazjin/nixos): Remove strongswan overlay
This is no longer required; said customer has switched to Tailscale. Change-Id: Iebe2fdfbf4013af86b7236e061cf4dbf47ac7c9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5537 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
parent
988ac68100
commit
dd2ae8552f
3 changed files with 0 additions and 37 deletions
25
third_party/overlays/strongswan-workaround.nix
vendored
25
third_party/overlays/strongswan-workaround.nix
vendored
|
@ -1,25 +0,0 @@
|
|||
# Workaround for an issue where strongswan 5.9.5 can not connect to
|
||||
# some servers that do not have a mitigation for CVE-2021-45079
|
||||
# applied.
|
||||
#
|
||||
# Of course ideally the servers would be patched, but the world is not
|
||||
# ideal.
|
||||
#
|
||||
# Only intended for use by //users/tazjin/nixos/...
|
||||
{ ... }:
|
||||
|
||||
self: super: {
|
||||
# Downgrade strongswan to 5.9.4
|
||||
#
|
||||
# See https://github.com/NixOS/nixpkgs/pull/156567
|
||||
strongswan = super.strongswan.overrideAttrs (_: rec {
|
||||
version = "5.9.4";
|
||||
|
||||
src = self.fetchFromGitHub {
|
||||
owner = "strongswan";
|
||||
repo = "strongswan";
|
||||
rev = version;
|
||||
sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
|
||||
};
|
||||
});
|
||||
}
|
|
@ -30,12 +30,6 @@ in
|
|||
|
||||
nix.settings.trusted-users = [ "tazjin" ];
|
||||
|
||||
# Work around strongswan 5.9.4 being incompatible with servers not
|
||||
# patched against some CVE. I need this for work ..
|
||||
nixpkgs.overlays = [
|
||||
depot.third_party.overlays.strongswan-workaround
|
||||
];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/4c51357a-1e34-4b59-b169-63af1fcdce71";
|
||||
|
|
|
@ -21,12 +21,6 @@ lib.fix (self: {
|
|||
|
||||
tvl.cache.enable = true;
|
||||
|
||||
# Work around strongswan 5.9.4 being incompatible with servers not
|
||||
# patched against some CVE. I need this for work ..
|
||||
nixpkgs.overlays = [
|
||||
depot.third_party.overlays.strongswan-workaround
|
||||
];
|
||||
|
||||
boot = rec {
|
||||
initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
initrd.kernelModules = [ ];
|
||||
|
|
Loading…
Reference in a new issue