From 8f51d7e2ea58a0887f303bf0cedfd99fa53baad0 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Thu, 27 Jan 2022 07:39:58 +1000
Subject: [PATCH] nix: avoid CVE-2021-4034 (PwnKit)

---
 nix/sources.json           | 6 +++---
 profiles/server_common.nix | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/nix/sources.json b/nix/sources.json
index a360c83..854066b 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -62,10 +62,10 @@
         "homepage": "https://github.com/NixOS/nixpkgs",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "604c44137d97b5111be1ca5c0d97f6e24fbc5c2c",
-        "sha256": "0gzhigyn8f7vps4a5vc1c8wbim59724s179a7d0h3gv6ss9avdj4",
+        "rev": "b3d86c56c786ad9530f1400adbd4dfac3c42877b",
+        "sha256": "09nslcjdgwwb6j9alxrsnq1wvhifq1nmzl2w02l305j0wsmgdial",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/604c44137d97b5111be1ca5c0d97f6e24fbc5c2c.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/b3d86c56c786ad9530f1400adbd4dfac3c42877b.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgsUnstable": {
diff --git a/profiles/server_common.nix b/profiles/server_common.nix
index 0eca6ff..5bd8538 100644
--- a/profiles/server_common.nix
+++ b/profiles/server_common.nix
@@ -15,4 +15,7 @@
     withUtempter = true;
   };
 
+  # avoid CVE-2021-4034 (PwnKit)
+  security.polkit.enable = false;
+
 }