From 1b025cde78499a30fb04c8cbb83cd60c0d075966 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 20 Dec 2022 13:02:48 +0100
Subject: [PATCH] systemd: fetch regression patch

---
 nix/checks/nixos-test.nix          |  6 +++++-
 nix/checks/systemd-vaultd-test.nix | 11 -----------
 nix/checks/unittests.nix           |  2 +-
 nix/modules/systemd-vaultd.nix     |  2 ++
 nix/pkgs/systemd.nix               | 19 +++++++++++++++++++
 5 files changed, 27 insertions(+), 13 deletions(-)
 create mode 100644 nix/pkgs/systemd.nix

diff --git a/nix/checks/nixos-test.nix b/nix/checks/nixos-test.nix
index 6471740..efd42ff 100644
--- a/nix/checks/nixos-test.nix
+++ b/nix/checks/nixos-test.nix
@@ -12,7 +12,11 @@ in {
   systemd-vaultd = makeTest' (import ./systemd-vaultd-test.nix);
   unittests = makeTest' {
     name = "unittests";
-    nodes.server = {};
+    nodes.server = {
+      imports = [
+        ../modules/systemd-vaultd.nix
+      ];
+    };
 
     testScript = ''
       start_all()
diff --git a/nix/checks/systemd-vaultd-test.nix b/nix/checks/systemd-vaultd-test.nix
index 5ef7c83..b980a95 100644
--- a/nix/checks/systemd-vaultd-test.nix
+++ b/nix/checks/systemd-vaultd-test.nix
@@ -53,17 +53,6 @@
       };
     };
 
-    systemd.package = pkgs.systemd.overrideAttrs (old: {
-      patches =
-        old.patches
-        ++ [
-          (pkgs.fetchpatch {
-            url = "https://github.com/Mic92/systemd/commit/93a2921a81cab3be9b7eacab6b0095c96a0ae9e2.patch";
-            sha256 = "sha256-7WlhMLE7sfD3Cxn6n6R1sUNzUOvas7XMyabi3bsq7jM=";
-          })
-        ];
-    });
-
     services.vault.agents.default.settings = {
       vault = {
         address = "http://localhost:8200";
diff --git a/nix/checks/unittests.nix b/nix/checks/unittests.nix
index 994fe42..c9c4d00 100644
--- a/nix/checks/unittests.nix
+++ b/nix/checks/unittests.nix
@@ -4,9 +4,9 @@
   pkgs,
   lib,
   coreutils,
-  systemd,
 }: let
   systemd-vaultd = pkgs.callPackage ../../default.nix {};
+  systemd = pkgs.callPackage ../pkgs/systemd.nix {};
 in
   writeShellScript "unittests" ''
     set -eu -o pipefail
diff --git a/nix/modules/systemd-vaultd.nix b/nix/modules/systemd-vaultd.nix
index aa42d5a..a574d84 100644
--- a/nix/modules/systemd-vaultd.nix
+++ b/nix/modules/systemd-vaultd.nix
@@ -10,6 +10,8 @@ in {
     ./vault-secrets.nix
   ];
 
+  systemd.package = pkgs.callPackage ../pkgs/systemd.nix {};
+
   systemd.sockets.systemd-vaultd = {
     description = "systemd-vaultd socket";
     wantedBy = ["sockets.target"];
diff --git a/nix/pkgs/systemd.nix b/nix/pkgs/systemd.nix
new file mode 100644
index 0000000..1ad18a8
--- /dev/null
+++ b/nix/pkgs/systemd.nix
@@ -0,0 +1,19 @@
+{
+  systemd,
+  fetchpatch,
+}:
+systemd.overrideAttrs (old: {
+  patches =
+    old.patches
+    ++ [
+      (fetchpatch {
+        url = "https://github.com/Mic92/systemd/commit/93a2921a81cab3be9b7eacab6b0095c96a0ae9e2.patch";
+        sha256 = "sha256-7WlhMLE7sfD3Cxn6n6R1sUNzUOvas7XMyabi3bsq7jM=";
+      })
+      # included in next release: https://github.com/systemd/systemd/pull/25721
+      (fetchpatch {
+        url = "https://github.com/systemd/systemd/commit/39ed2f02d0a00505fce34ce4281cc6e4f016ec6b.patch";
+        sha256 = "sha256-RD8GhOxzNNgC0KKThRaeF2uP8Y+Tt7kVSDtf1ukUwcI=";
+      })
+    ];
+})