28 lines
771 B
Nix
28 lines
771 B
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
# OpenSSL pre-3.0.7 vulnerabilities
|
|
nixpkgs.overlays = [
|
|
(self: super: {
|
|
exim =
|
|
super.exim.overrideAttrs (old: let
|
|
key = if builtins.hasAttr "preBuild" old then
|
|
"preBuild"
|
|
else
|
|
"configurePhase";
|
|
in {
|
|
buildInputs = old.buildInputs ++ [ self.gnutls ];
|
|
${key} = /* sh */ ''
|
|
${old.${key}}
|
|
sed -Ei '
|
|
s:^USE_OPENSSL=.*:# &:
|
|
s:^# (USE_GNUTLS)=.*:\1=yes:
|
|
s:^# (USE_GNUTLS_PC=.*):\1:
|
|
' Local/Makefile
|
|
'';
|
|
});
|
|
})
|
|
];
|
|
# OpenSSL pre-3.0.7 vulnerabilities
|
|
services.nginx.package = lib.mkDefault (pkgs.nginxStable.override { openssl = pkgs.libressl; });
|
|
}
|