From 76668334958011b69747d5e09691cf21703938cc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 26 Jan 2022 13:11:06 +0100
Subject: [PATCH] move security-workarounds to krebs and cleanup

---
 krebs/2configs/default.nix                        | 1 +
 {lass => krebs}/2configs/security-workarounds.nix | 6 +-----
 lass/2configs/default.nix                         | 2 +-
 3 files changed, 3 insertions(+), 6 deletions(-)
 rename {lass => krebs}/2configs/security-workarounds.nix (51%)

diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 9200d41fe..38d770316 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     ./backup.nix
+    ./security-workarounds.nix
   ];
   krebs.announce-activation.enable = true;
   krebs.enable = true;
diff --git a/lass/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
similarity index 51%
rename from lass/2configs/security-workarounds.nix
rename to krebs/2configs/security-workarounds.nix
index 4b0d48671..27d1f8485 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,10 +1,6 @@
 { config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 {
-  # http://seclists.org/oss-sec/2017/q1/471
-  boot.extraModprobeConfig = ''
-    install dccp /run/current-system/sw/bin/false
-  '';
-
+  # https://github.com/berdav/CVE-2021-4034
   security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
 }
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dc97719ad..e2163b688 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -8,7 +8,7 @@ with import <stockholm/lib>;
     ./vim.nix
     ./zsh.nix
     ./htop.nix
-    ./security-workarounds.nix
+    <stockholm/krebs/2configs/security-workarounds.nix>
     ./wiregrill.nix
     {
       users.extraUsers =