From 2de13398e6a14c44afe0419428ddc6d78730b61e Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Mon, 1 Jul 2024 14:47:37 +0200
Subject: [PATCH] update nixpkgs-unstable-small

this includes the fix for a remote code excecution as root
 https://github.com/NixOS/nixpkgs/pull/323761
 (probably CVE-2024-6387)

annoyingly it did not bump the version number (to check that the fix
is indeed there, one has to check wich patches are applied).

it also adds nextcloud to the permitteed insecure packages because we
again didn't update it in time (in fairness, it is also broken).

fun irony!
---
 flake.lock | 6 +++---
 flake.nix  | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 22ac0b6..4db77f0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -89,11 +89,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719176307,
-        "narHash": "sha256-r8eUJqKlq2xQmK95s1Q9+OwV6Py/pPbDN8T6V4GLP8E=",
+        "lastModified": 1719825363,
+        "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5defcb4b0d6c286e8b4b2869cf38efb4cdeb5bf4",
+        "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index e49f0ef..ec1d631 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,6 +38,7 @@
           sources = inputs;
           system = "x86_64-linux";
           config.allowUnfree = true;
+          config.permittedInsecurePackages = [ "nextcloud-27.1.11" ];
         };
     in {
       nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {