From 2bbe0cc629f65afc038479dbbcb3636daefbde5b Mon Sep 17 00:00:00 2001 From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com> Date: Sun, 13 Jun 2021 09:42:48 +0000 Subject: [PATCH] post: nixos 21.05 upgrade note --- source/_posts/upgrade-note-nixos-21-05.md | 92 +++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 source/_posts/upgrade-note-nixos-21-05.md diff --git a/source/_posts/upgrade-note-nixos-21-05.md b/source/_posts/upgrade-note-nixos-21-05.md new file mode 100644 index 0000000..41c0dcc --- /dev/null +++ b/source/_posts/upgrade-note-nixos-21-05.md @@ -0,0 +1,92 @@ +--- +title: My upgrade note of NixOS 21.05 +excerpt: Changes that I made when upgrading from 20.09 to 21.05 +date: 2021-06-13 +tags: +- server +- linux +- tor +- nixos +--- + +This post details the changes I made to my NixOS' configuration when upgrading from 20.09 to 21.05. + +## isNormalUser/isSystemUser + +Either [`isNormalUser`](https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.isNormalUser&from=0&size=50&sort=relevance&query=isnormaluser) or `isSystemUser` must now be set. This mainly affects service user (user that is created solely to run a service). + +``` diff + users = { + users = { + fooService = { + home = "/var/www"; + createHome = true; ++ isSystemUser = true; + }; + }; + }; +``` + +## Make home folder world-readable + +I have a "{% post_link rsync-setup-nixos '/var/www' %}" folder which I use to serve this website. Previously, `chmod +xr` was persistent but now NixOS always set the permission of a user's home folder to be `chmod 700` every time `nixos-rebuild` is executed. As a workaround, I have to configure nix to execute chmod after `nixos-rebuild` and during boot. + +``` nix + system.activationScripts = { + www-data.text = + '' + chmod +xr "/var/www" + ''; + }; +``` + +## Tor onion + +Some settings have been renamed: + +1. hiddenServices -> relay.onionServices +2. `map.*.toHost` -> `map.*.target.addr` +3. extraConfig -> settings + + +``` diff + services.tor = { + enable = true; + enableGeoIP = false; +- hiddenServices = { +- myOnion = { +- version = 3; +- map = [ +- { +- port = "80"; +- toHost = "[::1]"; +- toPort = "8080"; +- } +- ]; +- } +- } +- extraConfig = +- '' +- ClientUseIPv4 0 +- ClientUseIPv6 1 +- ClientPreferIPv6ORPort 1 +- ''; ++ relay.onionServices = { ++ myOnion = { ++ version = 3; ++ map = [{ ++ port = 80; ++ target = { ++ addr = "[::1]"; ++ port = 8080; ++ }; ++ }]; ++ }; ++ }; ++ settings = { ++ ClientUseIPv4 = false; ++ ClientUseIPv6 = true; ++ ClientPreferIPv6ORPort = true; ++ }; + }; +```