mirror of https://gitlab.com/curben/blog
post: nixos 21.05 upgrade note
This commit is contained in:
parent
1d1bd91266
commit
2bbe0cc629
|
@ -0,0 +1,92 @@
|
|||
---
|
||||
title: My upgrade note of NixOS 21.05
|
||||
excerpt: Changes that I made when upgrading from 20.09 to 21.05
|
||||
date: 2021-06-13
|
||||
tags:
|
||||
- server
|
||||
- linux
|
||||
- tor
|
||||
- nixos
|
||||
---
|
||||
|
||||
This post details the changes I made to my NixOS' configuration when upgrading from 20.09 to 21.05.
|
||||
|
||||
## isNormalUser/isSystemUser
|
||||
|
||||
Either [`isNormalUser`](https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.isNormalUser&from=0&size=50&sort=relevance&query=isnormaluser) or `isSystemUser` must now be set. This mainly affects service user (user that is created solely to run a service).
|
||||
|
||||
``` diff
|
||||
users = {
|
||||
users = {
|
||||
fooService = {
|
||||
home = "/var/www";
|
||||
createHome = true;
|
||||
+ isSystemUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
## Make home folder world-readable
|
||||
|
||||
I have a "{% post_link rsync-setup-nixos '/var/www' %}" folder which I use to serve this website. Previously, `chmod +xr` was persistent but now NixOS always set the permission of a user's home folder to be `chmod 700` every time `nixos-rebuild` is executed. As a workaround, I have to configure nix to execute chmod after `nixos-rebuild` and during boot.
|
||||
|
||||
``` nix
|
||||
system.activationScripts = {
|
||||
www-data.text =
|
||||
''
|
||||
chmod +xr "/var/www"
|
||||
'';
|
||||
};
|
||||
```
|
||||
|
||||
## Tor onion
|
||||
|
||||
Some settings have been renamed:
|
||||
|
||||
1. hiddenServices -> relay.onionServices
|
||||
2. `map.*.toHost` -> `map.*.target.addr`
|
||||
3. extraConfig -> settings
|
||||
|
||||
|
||||
``` diff
|
||||
services.tor = {
|
||||
enable = true;
|
||||
enableGeoIP = false;
|
||||
- hiddenServices = {
|
||||
- myOnion = {
|
||||
- version = 3;
|
||||
- map = [
|
||||
- {
|
||||
- port = "80";
|
||||
- toHost = "[::1]";
|
||||
- toPort = "8080";
|
||||
- }
|
||||
- ];
|
||||
- }
|
||||
- }
|
||||
- extraConfig =
|
||||
- ''
|
||||
- ClientUseIPv4 0
|
||||
- ClientUseIPv6 1
|
||||
- ClientPreferIPv6ORPort 1
|
||||
- '';
|
||||
+ relay.onionServices = {
|
||||
+ myOnion = {
|
||||
+ version = 3;
|
||||
+ map = [{
|
||||
+ port = 80;
|
||||
+ target = {
|
||||
+ addr = "[::1]";
|
||||
+ port = 8080;
|
||||
+ };
|
||||
+ }];
|
||||
+ };
|
||||
+ };
|
||||
+ settings = {
|
||||
+ ClientUseIPv4 = false;
|
||||
+ ClientUseIPv6 = true;
|
||||
+ ClientPreferIPv6ORPort = true;
|
||||
+ };
|
||||
};
|
||||
```
|
Loading…
Reference in New Issue