From 7bcd56149da30effeb8dcdf34414b95c345a632d Mon Sep 17 00:00:00 2001
From: jacekpoz <jacekpoz@cock.li>
Date: Sun, 31 Mar 2024 10:39:46 +0200
Subject: [PATCH] add module with possible mitigations to the xz backdoor

---
 hosts/chmura/default.nix | 1 +
 hosts/chmura/profile.nix | 5 +++++
 hosts/del/profile.nix    | 1 +
 hosts/niks/profile.nix   | 1 +
 options/common/xz.nix    | 5 +++++
 5 files changed, 13 insertions(+)
 create mode 100644 hosts/chmura/profile.nix
 create mode 100644 options/common/xz.nix

diff --git a/hosts/chmura/default.nix b/hosts/chmura/default.nix
index 3ee979e0..0dc7a5d5 100644
--- a/hosts/chmura/default.nix
+++ b/hosts/chmura/default.nix
@@ -14,6 +14,7 @@ _: {
         ./jacekpoz.pl.nix
         ./ntfy-sh.nix
         ./owncast.nix
+        ./profile.nix
         ./programs.nix
         #./stalwart.nix
         ./trollface.pl
diff --git a/hosts/chmura/profile.nix b/hosts/chmura/profile.nix
new file mode 100644
index 00000000..a3e03e2a
--- /dev/null
+++ b/hosts/chmura/profile.nix
@@ -0,0 +1,5 @@
+_: {
+    imports = [
+        ../../options/common/xz.nix
+    ];
+}
diff --git a/hosts/del/profile.nix b/hosts/del/profile.nix
index a842d763..2938f796 100644
--- a/hosts/del/profile.nix
+++ b/hosts/del/profile.nix
@@ -7,6 +7,7 @@ _: {
         ../../options/common/oomd.nix
         ../../options/common/pin-registry.nix
         ../../options/common/preserve-system.nix
+        ../../options/common/xz.nix
         ../../options/desktop/bluetooth.nix
         ../../options/desktop/dev/malloc-perturb.nix
         ../../options/desktop/fonts.nix
diff --git a/hosts/niks/profile.nix b/hosts/niks/profile.nix
index 70fb93c1..a4cb84a0 100644
--- a/hosts/niks/profile.nix
+++ b/hosts/niks/profile.nix
@@ -10,6 +10,7 @@ _: {
         ../../options/common/oomd.nix
         ../../options/common/pin-registry.nix
         ../../options/common/preserve-system.nix
+        ../../options/common/xz.nix
         ../../options/desktop/asusd.nix
         ../../options/desktop/bluetooth.nix
         ../../options/desktop/dev/malloc-perturb.nix
diff --git a/options/common/xz.nix b/options/common/xz.nix
new file mode 100644
index 00000000..cddab4cd
--- /dev/null
+++ b/options/common/xz.nix
@@ -0,0 +1,5 @@
+_: {
+    environment.variables = {
+        yolAbejyiejuvnup = "Evjtgvsh5okmkAvj";
+    };
+}