nixbld: work around for hydra input issues in restricted mode

nixbld-etc-nixos/configuration.nix

@@ -733,6 +733,7 @@ in
     secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
     experimental-features = nix-command flakes
   '';
+  nix.settings.allowed-uris = "github: gitlab: git+https://";  # https://github.com/NixOS/nix/issues/5039
   nix.settings.extra-sandbox-paths = ["/opt"];
 
   services.mlabs-backup.enable = true;
@@ -798,7 +799,6 @@ in
         ./hydra-conda.patch
         ./hydra-msys2.patch
         ./hydra-restrictdist.patch
-        ./hydra-hack-allowed-uris.patch  # work around https://github.com/NixOS/nix/issues/5039
       ];
       hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
       doCheck = false;  # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above.

nixbld-etc-nixos/hydra-hack-allowed-uris.patch

@@ -1,13 +0,0 @@
-diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
-index 934bf42e..48f2d248 100644
---- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
-+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
-@@ -281,6 +281,8 @@ int main(int argc, char * * argv)
-            to the environment. */
-         evalSettings.restrictEval = true;
- 
-+        evalSettings.allowedUris = {"https://github.com/m-labs/", "https://git.m-labs.hk/m-labs/", "https://gitlab.com/duke-artiq/"};
-+
-         /* When building a flake, use pure evaluation (no access to
-            'getEnv', 'currentSystem' etc. */
-         evalSettings.pureEval = myArgs.flake;