From 544e270d63baf6194eebefb9790dbdf603a47b83 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 22 Aug 2022 10:22:05 +0000 Subject: [PATCH] Migrate from ferdi to ferdium To avoid CVE-2022-32320. --- flake.lock | 17 +++++++++++++++++ flake.nix | 2 ++ home-manager/modules/default.nix | 2 +- home-manager/modules/{ferdi.nix => ferdium.nix} | 2 +- machines/hafnium/configuration.nix | 3 ++- overlays/nixpkgsMaster.nix | 15 +++++++++++++++ 6 files changed, 38 insertions(+), 3 deletions(-) rename home-manager/modules/{ferdi.nix => ferdium.nix} (86%) create mode 100644 overlays/nixpkgsMaster.nix diff --git a/flake.lock b/flake.lock index 3f7fb8a..ee3a1bc 100644 --- a/flake.lock +++ b/flake.lock @@ -88,6 +88,22 @@ "type": "github" } }, + "nixpkgsMaster": { + "locked": { + "lastModified": 1661160886, + "narHash": "sha256-hjxZ3ZjiP3PbsU7++9X4YXlHU2gVVMf8Wua9zTsAAWo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f090e17f3bf257939c1e1158b9429c5b3929b2b6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1661009065, @@ -125,6 +141,7 @@ "home-manager": "home-manager", "nix-pre-commit-hooks": "nix-pre-commit-hooks", "nixpkgs": "nixpkgs_2", + "nixpkgsMaster": "nixpkgsMaster", "nur": "nur", "sops-nix": "sops-nix" } diff --git a/flake.nix b/flake.nix index 9bef14a..107c516 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ inputs = { flake-utils.url = "github:numtide/flake-utils"; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; + nixpkgsMaster.url = "github:NixOS/nixpkgs/master"; nur.url = "github:nix-community/NUR"; @@ -70,6 +71,7 @@ , nixpkgs ? inputs.nixpkgs }: nixpkgs.lib.nixosSystem rec { inherit system; + specialArgs = { inherit self system; }; modules = [ (./machines + "/${hostname}/configuration.nix") diff --git a/home-manager/modules/default.nix b/home-manager/modules/default.nix index e3c114f..30171c5 100644 --- a/home-manager/modules/default.nix +++ b/home-manager/modules/default.nix @@ -4,7 +4,7 @@ imports = [ ./${nixosConfig.myConfig.terminalEmulator}.nix ./direnv.nix - ./ferdi.nix + ./ferdium.nix ./firefox ./fish.nix ./fpv.nix diff --git a/home-manager/modules/ferdi.nix b/home-manager/modules/ferdium.nix similarity index 86% rename from home-manager/modules/ferdi.nix rename to home-manager/modules/ferdium.nix index 3c6272d..0109d07 100644 --- a/home-manager/modules/ferdi.nix +++ b/home-manager/modules/ferdium.nix @@ -2,6 +2,6 @@ lib.mkIf nixosConfig.myConfig.tradebyte.enable { home.packages = with pkgs; [ - ferdi + master.ferdium ]; } diff --git a/machines/hafnium/configuration.nix b/machines/hafnium/configuration.nix index 4b483d9..c3ccaf1 100644 --- a/machines/hafnium/configuration.nix +++ b/machines/hafnium/configuration.nix @@ -1,9 +1,10 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, self, system, ... }: { imports = [ ./hardware-configuration.nix ../../home-manager/users/jal.nix + ../../overlays/nixpkgsMaster.nix ]; networking = { diff --git a/overlays/nixpkgsMaster.nix b/overlays/nixpkgsMaster.nix new file mode 100644 index 0000000..119df70 --- /dev/null +++ b/overlays/nixpkgsMaster.nix @@ -0,0 +1,15 @@ +{ self, system, ... }: + +let + inherit (self) inputs; +in +{ + nixpkgs.overlays = [ + (final: prev: { + master = import inputs.nixpkgsMaster { + inherit system; + config = prev.config; + }; + }) + ]; +}