From 34996d7cbbfa5d66b823ca7787ef72eec9c224ab Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Sat, 1 Jun 2024 17:13:19 +0200
Subject: feat(etebase)!: disable etebase-server

Sadly, it's author didn't manage to update to a newer version of django
before the used version (3.2) reached EOL and was affected by
CVE-2024-27351. It's unreasonable to continue using it.
---
 system/services/etebase/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/services/etebase/default.nix b/system/services/etebase/default.nix
index 65cc435..2d1a740 100644
--- a/system/services/etebase/default.nix
+++ b/system/services/etebase/default.nix
@@ -1,6 +1,8 @@
 {config, ...}: {
   services.etebase-server = {
-    enable = true;
+    # FIXME: etebase uses an insecure database backend
+    # (django3.2). We should consider alternatives.
+    enable = false; 
     port = 8001;
     settings = {
       global.secret_file = "${config.age.secrets.etebase-server.path}";
-- 
cgit 1.4.1