cluster/services/nginx: switch to OpenSSL 1.1 to mitigate a to-be-disclosed vulnerability

2022-10-31 18:42:09 +01:00 · 2022-10-31 18:42:09 +01:00 · 41448f0c23
commit 41448f0c23
parent d560d76028
2 changed files with 8 additions and 1 deletions
--- a/cluster/services/nginx/default.nix
+++ b/cluster/services/nginx/default.nix
@ -1,6 +1,6 @@
 {
  services.nginx = {
    nodes.host = [ "VEGAS" "prophet" ];
-    nixos.host = [ ./nginx.nix ];
+    nixos.host = [ ./nginx.nix ./openssl-1.1.nix ];
  };
 }
--- a/cluster/services/nginx/openssl-1.1.nix
+++ b/cluster/services/nginx/openssl-1.1.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }:
+
+{
+  services.nginx.package = pkgs.nginx.override {
+    openssl = pkgs.openssl_1_1;
+  };
+}