diff options
| author | Vincent Ambo <mail@tazj.in> | 2020-12-25T10·13+0100 |
|---|---|---|
| committer | tazjin <mail@tazj.in> | 2021-01-09T13·21+0000 |
| commit | 88bf43878f243ca0276da4a21aa6a00a6a0dbc3c (patch) | |
| tree | e946796ccccb079a5995a7eedbf46f41f383e11d | |
| parent | 68c4730365a2874ee26d3cc92fbeb073de460a4b (diff) | |
chore(3p): Bump NixOS channels to 2020-12-28 r/2065
Changes: * ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the ability to configure OpenLDAP directly and now forces users to use some kind of weird Nix->OLC mapping that is mostly undocumented. This moves the config we need to the new format in a way that may or may not work and does the other arbitrary dance steps that someone decided to impose on us. Note that this now throws lots of warnings, but I can't be bothered to fix them. * 3p: Random package removals accomodated * users/glittershark: Pin grfn's kernel to 5.9, because the CK patch is not yet updated for 5.10 * users/glittershark: Update vendor hash for pg-dump-upsert, I suspect this changed because of something in the Go build machinery in nixpkgs. The deleteVendor flag also has no effect anymore and has been removed. * users/glittershark: agda build is broken, commenting out development home-manager environment until it can be fixed * third_party/haskell_overlay: updating random needs upper boundarles of a few dependencies relaxed (curse them) * third_party/gerrit_plugins: for some cursed reason the fixed-output hash of the gerrit owners plugin fetchgit changed, updated. Same for the checks plugin. Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
| -rw-r--r-- | ops/nixos/tvl-slapd/default.nix | 29 | ||||
| -rw-r--r-- | third_party/default.nix | 12 | ||||
| -rw-r--r-- | third_party/gerrit_plugins/default.nix | 4 | ||||
| -rw-r--r-- | third_party/haskell_overlay/default.nix | 4 | ||||
| -rw-r--r-- | third_party/nixpkgs-exposed.nix | 3 | ||||
| -rw-r--r-- | users/glittershark/system/home/modules/development.nix | 4 | ||||
| -rw-r--r-- | users/glittershark/system/system/modules/kernel.nix | 2 |
7 files changed, 31 insertions, 27 deletions
diff --git a/ops/nixos/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix index cb47d8b33e..3f3ec67893 100644 --- a/ops/nixos/tvl-slapd/default.nix +++ b/ops/nixos/tvl-slapd/default.nix @@ -164,29 +164,28 @@ in { services.openldap = { enable = true; dataDir = "/var/lib/openldap"; + database = "mdb"; suffix = "dc=tvl,dc=fyi"; rootdn = "cn=admin,dc=tvl,dc=fyi"; rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU"; - # ACL configuration - extraDatabaseConfig = '' - # Allow users to change their own password - access to attrs=userPassword - by self write - by anonymous auth - by users none + settings.children = { + "olcDatabase={1}mdb".attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcSuffix = "dc=tvl,dc=fyi"; + olcAccess = "to * by * read"; + }; - # Allow default read access to other directory elements - access to * by * read - ''; - - extraConfig = '' - moduleload pw-argon2 - ''; + "cn=module{0}".attrs = { + objectClass = "olcModuleList"; + olcModuleLoad = "pw-argon2"; + }; + }; # Contents are immutable at runtime, and adding user accounts etc. # is done statically in the LDIF-formatted contents in this folder. - declarativeContents = '' + declarativeContents."dc=tvl,dc=fyi" = '' dn: dc=tvl,dc=fyi dc: tvl o: TVL LDAP server diff --git a/third_party/default.nix b/third_party/default.nix index 086e25ab85..6d70fa0723 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -5,11 +5,11 @@ { ... }: let - # Tracking nixos-unstable as of 2020-11-21. - nixpkgsCommit = "a322b32e9d74fb476944ff6cfb55833dc69cfaaa"; + # Tracking nixos-unstable as of 2020-12-28. + nixpkgsCommit = "2f47650c2f28d87f86ab807b8a339c684d91ec56"; nixpkgsSrc = fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz"; - sha256 = "1r0mkiqxija75spnyksmh8x5j4smnrxv5f7768s81gsl570kls0l"; + sha256 = "17akl75x28rzq97gaad32flswdsp150nfsg7h909kda721zql71a"; }; nixpkgs = import nixpkgsSrc { config.allowUnfree = true; @@ -21,11 +21,11 @@ let ]; }; - # Tracking nixos-20.09 as of 2020-11-21. - stableCommit = "58f9c4c7d3a42c912362ca68577162e38ea8edfb"; + # Tracking nixos-20.09 as of 2020-12-28. + stableCommit = "0c81b9a4f170f734bd7e587a39e56470c59733e7"; stableNixpkgsSrc = fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz"; - sha256 = "1517dy07jf4zhzknqbgm617lgjxsn7a6k1vgq61c67f6h55qs5ij"; + sha256 = "1fl5ks6p78bamqanbk9xpy83jzzcdw2mdabrp59n33xv7jix1jzx"; }; stableNixpkgs = import stableNixpkgsSrc {}; diff --git a/third_party/gerrit_plugins/default.nix b/third_party/gerrit_plugins/default.nix index 1fb3377d3f..05dd9b8fd9 100644 --- a/third_party/gerrit_plugins/default.nix +++ b/third_party/gerrit_plugins/default.nix @@ -11,7 +11,7 @@ in src = pkgs.fetchgit { url = "https://gerrit.googlesource.com/plugins/owners"; rev = "17817c9e319073c03513f9d5177b6142b8fd567b"; - sha256 = "sha256:0gz9kqi32qnmhxc4r5fyrywfj3pfifiirk8l49f30m9rzhd9yrmy"; + sha256 = "sha256:1p089shybp50svckcq51d0hfisjvbggndmvmhh8pvzvi6w8n9d89"; deepClone = true; leaveDotGit = true; }; @@ -30,7 +30,7 @@ in src = pkgs.fetchgit { url = "https://gerrit.googlesource.com/plugins/checks"; rev = "ab49a63f5c159bda42d9ad1bdb9286bede6c5de4"; - sha256 = "sha256:1czsvdz50r2c53vyz65if5ddm3i32zxi448irj94hc1bxmygdqbc"; + sha256 = "sha256:1gy67ixjk91mvraww4iw69q7n03w719r3lrzv5xp5glxrzaf1mpf"; deepClone = true; leaveDotGit = true; }; diff --git a/third_party/haskell_overlay/default.nix b/third_party/haskell_overlay/default.nix index b996cd48c4..c1d2578085 100644 --- a/third_party/haskell_overlay/default.nix +++ b/third_party/haskell_overlay/default.nix @@ -50,6 +50,10 @@ self: super: with pkgs.haskell.lib; rec { sha256 = "06s3mmqbsfwv09j2s45qnd66nrxfp9280gnl9ng8yh128pfr7bjh"; } {}); + # random <1.2 + test-framework = doJailbreak super.test-framework; + hashable = doJailbreak super.hashable; + random-source = overrideSrc super.random-source rec { src = pkgs.fetchzip { url = "mirror://hackage/random-source-${version}/random-source-${version}.tar.gz"; diff --git a/third_party/nixpkgs-exposed.nix b/third_party/nixpkgs-exposed.nix index d4eb212e53..0a61ad89ee 100644 --- a/third_party/nixpkgs-exposed.nix +++ b/third_party/nixpkgs-exposed.nix @@ -71,6 +71,7 @@ lib libredirect linuxPackages + linuxPackages_5_9 luajit lutris makeFontsConf @@ -158,7 +159,7 @@ mercurial perl perlPackages - utillinuxMinimal; + ; haskellPackages = (nixpkgs.haskellPackages.override { overrides = (import ./haskell_overlay { pkgs = nixpkgs; }); diff --git a/users/glittershark/system/home/modules/development.nix b/users/glittershark/system/home/modules/development.nix index cb69b808d2..cf7301cc60 100644 --- a/users/glittershark/system/home/modules/development.nix +++ b/users/glittershark/system/home/modules/development.nix @@ -21,7 +21,6 @@ let }; vendorSha256 = "1a5fx6mrv30cl46kswicd8lf5i5shn1fykchvbnbhdpgxhbz6qi4"; - deleteVendor = pkgs.stdenv.isLinux; }; in @@ -32,7 +31,8 @@ with lib; imports = [ ./lib/zshFunctions.nix ./development/kube.nix - ./development/agda.nix + # TODO(grfn): agda build is broken in the nixpkgs checkout + # ./development/agda.nix ./development/rust.nix ]; diff --git a/users/glittershark/system/system/modules/kernel.nix b/users/glittershark/system/system/modules/kernel.nix index dcde951b61..7051231f3f 100644 --- a/users/glittershark/system/system/modules/kernel.nix +++ b/users/glittershark/system/system/modules/kernel.nix @@ -24,7 +24,7 @@ let }; in { - boot.kernelPackages = pkgs.linuxPackages_latest.extend (self: super: { + boot.kernelPackages = pkgs.linuxPackages_5_9.extend (self: super: { kernel = super.kernel.override { ignoreConfigErrors = true; kernelPatches = super.kernel.kernelPatches ++ [{ |