post: nixos 21.05 upgrade note

2021-06-13 09:42:48 +00:00 · 2021-06-13 09:42:48 +00:00 · 2bbe0cc629
parent 1d1bd91266
commit 2bbe0cc629
1 changed files with 92 additions and 0 deletions
--- a/source/_posts/upgrade-note-nixos-21-05.md
+++ b/source/_posts/upgrade-note-nixos-21-05.md
@ -0,0 +1,92 @@
+---
+title: My upgrade note of NixOS 21.05
+excerpt: Changes that I made when upgrading from 20.09 to 21.05
+date: 2021-06-13
+tags:
+- server
+- linux
+- tor
+- nixos
+---
+
+This post details the changes I made to my NixOS' configuration when upgrading from 20.09 to 21.05.
+
+## isNormalUser/isSystemUser
+
+Either [`isNormalUser`](https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.isNormalUser&from=0&size=50&sort=relevance&query=isnormaluser) or `isSystemUser` must now be set. This mainly affects service user (user that is created solely to run a service).
+
+``` diff
+  users = {
+    users = {
+      fooService = {
+        home = "/var/www";
+        createHome = true;
+        isSystemUser = true;
+      };
+    };
+  };
+```
+
+## Make home folder world-readable
+
+I have a "{% post_link rsync-setup-nixos '/var/www' %}" folder which I use to serve this website. Previously, `chmod +xr` was persistent but now NixOS always set the permission of a user's home folder to be `chmod 700` every time `nixos-rebuild` is executed. As a workaround, I have to configure nix to execute chmod after `nixos-rebuild` and during boot.
+
+``` nix
+  system.activationScripts = {
+     www-data.text =
+     ''
+       chmod +xr "/var/www"
+     '';
+  };
+```
+
+## Tor onion
+
+Some settings have been renamed:
+
+1. hiddenServices -> relay.onionServices
+2. `map.*.toHost` -> `map.*.target.addr`
+3. extraConfig -> settings
+
+
+``` diff
+  services.tor = {
+    enable = true;
+    enableGeoIP = false;
+-    hiddenServices = {
+-      myOnion = {
+-        version = 3;
+-        map = [
+-          {
+-            port = "80";
+-            toHost = "[::1]";
+-            toPort = "8080";
+-          }
+-        ];
+-      }
+-    }
+-    extraConfig =
+-      ''
+-        ClientUseIPv4 0
+-        ClientUseIPv6 1
+-        ClientPreferIPv6ORPort 1
+-      '';
+    relay.onionServices = {
+      myOnion = {
+        version = 3;
+        map = [{
+          port = 80;
+          target = {
+            addr = "[::1]";
+            port = 8080;
+          };
+        }];
+      };
+    };
+    settings = {
+      ClientUseIPv4 = false;
+      ClientUseIPv6 = true;
+      ClientPreferIPv6ORPort = true;
+    };
+  };
+```