From 6b35c751d857206447fd81c583d538d41c747c73 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Fri, 2 Jun 2023 17:36:05 +0800 Subject: [PATCH] nixbld: NixOS 23.05 compatibility --- nixbld-etc-nixos/configuration.nix | 16 +++++---- .../nix-28-networked-derivations.patch | 34 +++++++++---------- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index b5e8552..b6d9a80 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -326,15 +326,16 @@ in # Enable the OpenSSH daemon. services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.gatewayPorts = "clientspecified"; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.settings.GatewayPorts = "clientspecified"; programs.mosh.enable = true; programs.fish.enable = true; + programs.zsh.enable = true; # Enable CUPS to print documents. services.avahi.enable = true; - services.avahi.interfaces = [ netifLan ]; + services.avahi.allowInterfaces = [ netifLan ]; services.avahi.publish.enable = true; services.avahi.publish.userServices = true; nixpkgs.config.allowUnfree = true; @@ -549,11 +550,14 @@ in services.gitea = { enable = true; - httpPort = 3001; - rootUrl = "https://git.m-labs.hk/"; appName = "M-Labs Git"; mailerPasswordFile = "/etc/nixos/secret/mailerpassword"; settings = { + server = { + ROOT_URL = "https://git.m-labs.hk/"; + HTTP_PORT = 3001; + }; + indexer = { REPO_INDEXER_ENABLED = true; }; @@ -941,7 +945,7 @@ in services.nextcloud = { enable = true; - package = pkgs.nextcloud25; + package = pkgs.nextcloud26; hostName = "files.m-labs.hk"; https = true; enableBrokenCiphersForSSE = false; diff --git a/nixbld-etc-nixos/nix-28-networked-derivations.patch b/nixbld-etc-nixos/nix-28-networked-derivations.patch index 3575f0d..5fb15be 100644 --- a/nixbld-etc-nixos/nix-28-networked-derivations.patch +++ b/nixbld-etc-nixos/nix-28-networked-derivations.patch @@ -1,17 +1,17 @@ diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc -index 4c91fa4fb..e2139d6c6 100644 +index 61ee5d7aa..f38684973 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc -@@ -378,6 +378,8 @@ void LocalDerivationGoal::startBuilder() - additionalSandboxProfile = parsedDrv->getStringAttr("__sandboxProfile").value_or(""); - #endif +@@ -176,6 +176,8 @@ void LocalDerivationGoal::tryLocalBuild() { + return; + } + networked = parsedDrv->getBoolAttr("__networked"); + /* Are we doing a chroot build? */ { auto noChroot = parsedDrv->getBoolAttr("__noChroot"); -@@ -395,7 +397,7 @@ void LocalDerivationGoal::startBuilder() +@@ -193,7 +195,7 @@ void LocalDerivationGoal::tryLocalBuild() { else if (settings.sandboxMode == smDisabled) useChroot = false; else if (settings.sandboxMode == smRelaxed) @@ -20,7 +20,7 @@ index 4c91fa4fb..e2139d6c6 100644 } auto & localStore = getLocalStore(); -@@ -608,7 +610,7 @@ void LocalDerivationGoal::startBuilder() +@@ -677,7 +679,7 @@ void LocalDerivationGoal::startBuilder() "nogroup:x:65534:\n", sandboxGid())); /* Create /etc/hosts with localhost entry. */ @@ -29,7 +29,7 @@ index 4c91fa4fb..e2139d6c6 100644 writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n"); /* Make the closure of the inputs available in the chroot, -@@ -799,7 +801,7 @@ void LocalDerivationGoal::startBuilder() +@@ -884,7 +886,7 @@ void LocalDerivationGoal::startBuilder() us. */ @@ -38,7 +38,7 @@ index 4c91fa4fb..e2139d6c6 100644 privateNetwork = true; userNamespaceSync.create(); -@@ -1063,7 +1065,7 @@ void LocalDerivationGoal::initEnv() +@@ -1179,7 +1181,7 @@ void LocalDerivationGoal::initEnv() to the builder is generally impure, but the output of fixed-output derivations is by definition pure (since we already know the cryptographic hash of the output). */ @@ -47,7 +47,7 @@ index 4c91fa4fb..e2139d6c6 100644 for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings())) env[i] = getEnv(i).value_or(""); } -@@ -1677,7 +1679,7 @@ void LocalDerivationGoal::runChild() +@@ -1811,7 +1813,7 @@ void LocalDerivationGoal::runChild() /* Fixed-output derivations typically need to access the network, so give them access to /etc/resolv.conf and so on. */ @@ -56,20 +56,20 @@ index 4c91fa4fb..e2139d6c6 100644 // Only use nss functions to resolve hosts and // services. Don’t use it for anything else that may // be configured for this system. This limits the -@@ -1921,7 +1923,7 @@ void LocalDerivationGoal::runChild() - - sandboxProfile += "(import \"sandbox-defaults.sb\")\n"; +@@ -2059,7 +2061,7 @@ void LocalDerivationGoal::runChild() + #include "sandbox-defaults.sb" + ; - if (!derivationType.isSandboxed()) + if (networked || !derivationType.isSandboxed()) - sandboxProfile += "(import \"sandbox-network.sb\")\n"; - - /* Add the output paths we'll use at build-time to the chroot */ + sandboxProfile += + #include "sandbox-network.sb" + ; diff --git a/src/libstore/build/local-derivation-goal.hh b/src/libstore/build/local-derivation-goal.hh -index d456e9cae..0b43a6bd4 100644 +index 34c4e9187..c4c26fd6f 100644 --- a/src/libstore/build/local-derivation-goal.hh +++ b/src/libstore/build/local-derivation-goal.hh -@@ -41,6 +41,8 @@ struct LocalDerivationGoal : public DerivationGoal +@@ -44,6 +44,8 @@ struct LocalDerivationGoal : public DerivationGoal Path chrootRootDir;