diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index ff09318..a6b9a93 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -20,8 +20,8 @@ in
       ./afws-module.nix
       ./rt.nix
       (builtins.fetchTarball {
-        url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/29916981e7b3b5782dc5085ad18490113f8ff63b/nixos-mailserver-nixos.tar.gz";
-        sha256 = "sha256:0clvw4622mqzk1aqw1qn6shl9pai097q62mq1ibzscnjayhp278b";
+        url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/af7d3bf5daeba3fc28089b015c0dd43f06b176f2/nixos-mailserver-nixos.tar.gz";
+        sha256 = "sha256:1j0r52ij5pw8b8wc5xz1bmm5idwkmsnwpla6smz8gypcjls860ma";
       })
     ];
 
@@ -491,6 +491,7 @@ in
     enable = true;
     radios.${netifWifi} = {
       band = "2g";
+      channel = 7;
       countryCode = "HK";
       networks.${netifWifi} = {
         ssid = "M-Labs";
@@ -638,7 +639,6 @@ in
     SUBSYSTEM=="usb", ATTRS{idVendor}=="07cf", ATTRS{idProduct}=="4204", MODE="0660", GROUP="lp"
     '';
 
-  sound.enable = true;
   services.mpd.enable = true;
   services.mpd.musicDirectory = "/tank/sb-public/FLAC";
   services.mpd.network.listenAddress = "192.168.1.1";
diff --git a/nixbld-etc-nixos/nix-networked-derivations.patch b/nixbld-etc-nixos/nix-networked-derivations.patch
index 6827040..282f5ee 100644
--- a/nixbld-etc-nixos/nix-networked-derivations.patch
+++ b/nixbld-etc-nixos/nix-networked-derivations.patch
@@ -1,8 +1,8 @@
-diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
-index 763045a80..d7c5cc82e 100644
---- a/src/libstore/build/local-derivation-goal.cc
-+++ b/src/libstore/build/local-derivation-goal.cc
-@@ -190,6 +190,8 @@ void LocalDerivationGoal::tryLocalBuild()
+diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc
+index 2a09e3dd4..7dc03855f 100644
+--- a/src/libstore/unix/build/local-derivation-goal.cc
++++ b/src/libstore/unix/build/local-derivation-goal.cc
+@@ -197,6 +197,8 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
  
      assert(derivationType);
  
@@ -11,7 +11,7 @@ index 763045a80..d7c5cc82e 100644
      /* Are we doing a chroot build? */
      {
          auto noChroot = parsedDrv->getBoolAttr("__noChroot");
-@@ -207,7 +209,7 @@ void LocalDerivationGoal::tryLocalBuild()
+@@ -214,7 +216,7 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
          else if (settings.sandboxMode == smDisabled)
              useChroot = false;
          else if (settings.sandboxMode == smRelaxed)
@@ -20,7 +20,7 @@ index 763045a80..d7c5cc82e 100644
      }
  
      auto & localStore = getLocalStore();
-@@ -717,7 +719,7 @@ void LocalDerivationGoal::startBuilder()
+@@ -737,7 +739,7 @@ void LocalDerivationGoal::startBuilder()
                  "nogroup:x:65534:\n", sandboxGid()));
  
          /* Create /etc/hosts with localhost entry. */
@@ -29,7 +29,7 @@ index 763045a80..d7c5cc82e 100644
              writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n");
  
          /* Make the closure of the inputs available in the chroot,
-@@ -921,7 +923,7 @@ void LocalDerivationGoal::startBuilder()
+@@ -938,7 +940,7 @@ void LocalDerivationGoal::startBuilder()
             us.
          */
  
@@ -38,16 +38,16 @@ index 763045a80..d7c5cc82e 100644
              privateNetwork = true;
  
          userNamespaceSync.create();
-@@ -1160,7 +1162,7 @@ void LocalDerivationGoal::initEnv()
+@@ -1177,7 +1179,7 @@ void LocalDerivationGoal::initEnv()
         to the builder is generally impure, but the output of
         fixed-output derivations is by definition pure (since we
         already know the cryptographic hash of the output). */
 -    if (!derivationType->isSandboxed()) {
 +    if (networked || !derivationType->isSandboxed()) {
-         for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings()))
-             env[i] = getEnv(i).value_or("");
-     }
-@@ -1829,7 +1831,7 @@ void LocalDerivationGoal::runChild()
+         auto & impureEnv = settings.impureEnv.get();
+         if (!impureEnv.empty())
+             experimentalFeatureSettings.require(Xp::ConfigurableImpureEnv);
+@@ -1851,7 +1853,7 @@ void LocalDerivationGoal::runChild()
              /* Fixed-output derivations typically need to access the
                 network, so give them access to /etc/resolv.conf and so
                 on. */
@@ -56,7 +56,7 @@ index 763045a80..d7c5cc82e 100644
                  // Only use nss functions to resolve hosts and
                  // services. Don’t use it for anything else that may
                  // be configured for this system. This limits the
-@@ -2071,7 +2073,7 @@ void LocalDerivationGoal::runChild()
+@@ -2083,7 +2085,7 @@ void LocalDerivationGoal::runChild()
                  #include "sandbox-defaults.sb"
                  ;
  
@@ -65,11 +65,11 @@ index 763045a80..d7c5cc82e 100644
                  sandboxProfile +=
                      #include "sandbox-network.sb"
                      ;
-diff --git a/src/libstore/build/local-derivation-goal.hh b/src/libstore/build/local-derivation-goal.hh
-index 86b86c01e..95b03aae8 100644
---- a/src/libstore/build/local-derivation-goal.hh
-+++ b/src/libstore/build/local-derivation-goal.hh
-@@ -82,6 +82,8 @@ struct LocalDerivationGoal : public DerivationGoal
+diff --git a/src/libstore/unix/build/local-derivation-goal.hh b/src/libstore/unix/build/local-derivation-goal.hh
+index bf25cf2a6..28f8c1e95 100644
+--- a/src/libstore/unix/build/local-derivation-goal.hh
++++ b/src/libstore/unix/build/local-derivation-goal.hh
+@@ -83,6 +83,8 @@ struct LocalDerivationGoal : public DerivationGoal
       */
      Path chrootRootDir;