mirror of https://gitlab.com/curben/blog
93 lines
2.1 KiB
Markdown
93 lines
2.1 KiB
Markdown
|
---
|
||
|
title: My upgrade note of NixOS 21.05
|
||
|
excerpt: Changes that I made when upgrading from 20.09 to 21.05
|
||
|
date: 2021-06-13
|
||
|
tags:
|
||
|
- server
|
||
|
- linux
|
||
|
- tor
|
||
|
- nixos
|
||
|
---
|
||
|
|
||
|
This post details the changes I made to my NixOS' configuration when upgrading from 20.09 to 21.05.
|
||
|
|
||
|
## isNormalUser/isSystemUser
|
||
|
|
||
|
Either [`isNormalUser`](https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.isNormalUser&from=0&size=50&sort=relevance&query=isnormaluser) or `isSystemUser` must now be set. This mainly affects service user (user that is created solely to run a service).
|
||
|
|
||
|
``` diff
|
||
|
users = {
|
||
|
users = {
|
||
|
fooService = {
|
||
|
home = "/var/www";
|
||
|
createHome = true;
|
||
|
+ isSystemUser = true;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
```
|
||
|
|
||
|
## Make home folder world-readable
|
||
|
|
||
|
I have a "{% post_link rsync-setup-nixos '/var/www' %}" folder which I use to serve this website. Previously, `chmod +xr` was persistent but now NixOS always set the permission of a user's home folder to be `chmod 700` every time `nixos-rebuild` is executed. As a workaround, I have to configure nix to execute chmod after `nixos-rebuild` and during boot.
|
||
|
|
||
|
``` nix
|
||
|
system.activationScripts = {
|
||
|
www-data.text =
|
||
|
''
|
||
|
chmod +xr "/var/www"
|
||
|
'';
|
||
|
};
|
||
|
```
|
||
|
|
||
|
## Tor onion
|
||
|
|
||
|
Some settings have been renamed:
|
||
|
|
||
|
1. hiddenServices -> relay.onionServices
|
||
|
2. `map.*.toHost` -> `map.*.target.addr`
|
||
|
3. extraConfig -> settings
|
||
|
|
||
|
|
||
|
``` diff
|
||
|
services.tor = {
|
||
|
enable = true;
|
||
|
enableGeoIP = false;
|
||
|
- hiddenServices = {
|
||
|
- myOnion = {
|
||
|
- version = 3;
|
||
|
- map = [
|
||
|
- {
|
||
|
- port = "80";
|
||
|
- toHost = "[::1]";
|
||
|
- toPort = "8080";
|
||
|
- }
|
||
|
- ];
|
||
|
- }
|
||
|
- }
|
||
|
- extraConfig =
|
||
|
- ''
|
||
|
- ClientUseIPv4 0
|
||
|
- ClientUseIPv6 1
|
||
|
- ClientPreferIPv6ORPort 1
|
||
|
- '';
|
||
|
+ relay.onionServices = {
|
||
|
+ myOnion = {
|
||
|
+ version = 3;
|
||
|
+ map = [{
|
||
|
+ port = 80;
|
||
|
+ target = {
|
||
|
+ addr = "[::1]";
|
||
|
+ port = 8080;
|
||
|
+ };
|
||
|
+ }];
|
||
|
+ };
|
||
|
+ };
|
||
|
+ settings = {
|
||
|
+ ClientUseIPv4 = false;
|
||
|
+ ClientUseIPv6 = true;
|
||
|
+ ClientPreferIPv6ORPort = true;
|
||
|
+ };
|
||
|
};
|
||
|
```
|