curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post: nixos 21.05 upgrade note

This commit is contained in:
Ming Di Leom 2021-06-13 09:42:48 +00:00
parent 1d1bd91266
commit 2bbe0cc629
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
source/_posts/upgrade-note-nixos-21-05.md Normal file
View File

@ -0,0 +1,92 @@
---
title: My upgrade note of NixOS 21.05
excerpt: Changes that I made when upgrading from 20.09 to 21.05
date: 2021-06-13
tags:
- server
- linux
- tor
- nixos
---
This post details the changes I made to my NixOS' configuration when upgrading from 20.09 to 21.05.
## isNormalUser/isSystemUser
Either [`isNormalUser`](https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.isNormalUser&from=0&size=50&sort=relevance&query=isnormaluser) or `isSystemUser` must now be set. This mainly affects service user (user that is created solely to run a service).
``` diff
users = {
users = {
fooService = {
home = "/var/www";
createHome = true;
+ isSystemUser = true;
};
};
};
```
## Make home folder world-readable
I have a "{% post_link rsync-setup-nixos '/var/www' %}" folder which I use to serve this website. Previously, `chmod +xr` was persistent but now NixOS always set the permission of a user's home folder to be `chmod 700` every time `nixos-rebuild` is executed. As a workaround, I have to configure nix to execute chmod after `nixos-rebuild` and during boot.
``` nix
system.activationScripts = {
www-data.text =
''
chmod +xr "/var/www"
'';
};
```
## Tor onion
Some settings have been renamed:
1. hiddenServices -> relay.onionServices
2. `map.*.toHost` -> `map.*.target.addr`
3. extraConfig -> settings
``` diff
services.tor = {
enable = true;
enableGeoIP = false;
- hiddenServices = {
- myOnion = {
- version = 3;
- map = [
- {
- port = "80";
- toHost = "[::1]";
- toPort = "8080";
- }
- ];
- }
- }
- extraConfig =
- ''
- ClientUseIPv4 0
- ClientUseIPv6 1
- ClientPreferIPv6ORPort 1
- '';
+ relay.onionServices = {
+ myOnion = {
+ version = 3;
+ map = [{
+ port = 80;
+ target = {
+ addr = "[::1]";
+ port = 8080;
+ };
+ }];
+ };
+ };
+ settings = {
+ ClientUseIPv4 = false;
+ ClientUseIPv6 = true;
+ ClientPreferIPv6ORPort = true;
+ };
};
```