Flake: add nixpkgs pr

flake.nix

@@ -108,7 +108,9 @@
         nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
           name = "patched-nixpkgs";
           src = nixpkgs-raw;
-          patches = [];
+          patches = [
+            ./nixpkgs-patches/fix-endlessh-dns-resolution.patch
+          ];
         };
         # https://discourse.nixos.org/t/proper-way-of-applying-patch-to-system-managed-via-flake/21073/26
         nixpkgs-unstable = (import "${nixpkgs-unstable-patched}/flake.nix").outputs {self = inputs.nixpkgs-unstable-raw;};

nixpkgs-patches/fix-endlessh-dns-resolution.patch

@@ -0,0 +1,31 @@
+From 99778e1bb590c984d91f39322e57d59220402c59 Mon Sep 17 00:00:00 2001
+From: azahi <azat@bahawi.net>
+Date: Wed, 8 Jan 2025 13:47:09 +0300
+Subject: [PATCH] nixos/endlessh-go: fix DNS resolution
+
+As suggested by toast003[1].
+
+[1]: https://github.com/shizunge/endlessh-go/discussions/127#discussioncomment-11760912
+---
+ nixos/modules/services/security/endlessh-go.nix | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/nixos/modules/services/security/endlessh-go.nix b/nixos/modules/services/security/endlessh-go.nix
+index b8b51acc81d0e..5c69d412a7d3c 100644
+--- a/nixos/modules/services/security/endlessh-go.nix
++++ b/nixos/modules/services/security/endlessh-go.nix
+@@ -110,7 +110,13 @@ in
+             );
+           DynamicUser = true;
+           RootDirectory = rootDirectory;
+-          BindReadOnlyPaths = [ builtins.storeDir ];
++          BindReadOnlyPaths = [
++            builtins.storeDir
++            "-/etc/hosts"
++            "-/etc/localtime"
++            "-/etc/nsswitch.conf"
++            "-/etc/resolv.conf"
++          ];
+           InaccessiblePaths = [ "-+${rootDirectory}" ];
+           RuntimeDirectory = baseNameOf rootDirectory;
+           RuntimeDirectoryMode = "700";