From 2487bc13cd739e083d626acfeed9c72b0c0abfc6 Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Tue, 1 Nov 2022 15:52:46 +0100
Subject: [PATCH] Downgrade OpenSSL used by nginx to 1.1 until there is a
 security patch for 3.0

---
 flake.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/flake.nix b/flake.nix
index ef28669..ecbada0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,6 +20,10 @@
           ];
         };
       };
+
+      openssl1_1Overlay = final: prev: {
+        nginxStable = prev.nginxStable.override { openssl = pkgs.openssl_1_1; };
+      };
     in
     {
       devShells.x86_64-linux.default = pkgs.mkShell {
@@ -50,6 +54,7 @@
             ./profiles/db.nix
             (
               {
+                nixpkgs.overlays = [ openssl1_1Overlay ];
                 sops.defaultSopsFile = ./secrets.enc.yml;
                 networking.hostName = "db1";
                 networking.domain = "banditlair.com";
@@ -68,6 +73,7 @@
             ./profiles/backend.nix
             (
               {
+                nixpkgs.overlays = [ openssl1_1Overlay ];
                 sops.defaultSopsFile = ./secrets.enc.yml;
                 networking.hostName = "backend1";
                 networking.domain = "banditlair.com";
@@ -88,6 +94,7 @@
             ./profiles/storage.nix
             (
               {
+                nixpkgs.overlays = [ openssl1_1Overlay ];
                 sops.defaultSopsFile = ./secrets.enc.yml;
                 networking.hostName = "storage1";
                 networking.domain = "banditlair.com";