chore(3p): Bump NixOS channels to 2020-12-28

Changes:

* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
  ability to configure OpenLDAP directly and now forces users to use
  some kind of weird Nix->OLC mapping that is mostly undocumented.

  This moves the config we need to the new format in a way that may or
  may not work and does the other arbitrary dance steps that someone
  decided to impose on us. Note that this now throws lots of warnings,
  but I can't be bothered to fix them.

* 3p: Random package removals accomodated

* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
  is not yet updated for 5.10

* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
  this changed because of something in the Go build machinery in
  nixpkgs. The deleteVendor flag also has no effect anymore and has been
  removed.

* users/glittershark: agda build is broken, commenting out development
  home-manager environment until it can be fixed

* third_party/haskell_overlay: updating random needs upper boundarles
  of a few dependencies relaxed (curse them)

* third_party/gerrit_plugins: for some cursed reason the fixed-output
  hash of the gerrit owners plugin fetchgit changed, updated.
  Same for the checks plugin.

Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
Vincent Ambo 2020-12-25 11:13:06 +01:00 committed by tazjin
parent 68c4730365
commit 88bf43878f
7 changed files with 31 additions and 27 deletions

View file

@ -164,29 +164,28 @@ in {
services.openldap = {
enable = true;
dataDir = "/var/lib/openldap";
database = "mdb";
suffix = "dc=tvl,dc=fyi";
rootdn = "cn=admin,dc=tvl,dc=fyi";
rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
# ACL configuration
extraDatabaseConfig = ''
# Allow users to change their own password
access to attrs=userPassword
by self write
by anonymous auth
by users none
settings.children = {
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcSuffix = "dc=tvl,dc=fyi";
olcAccess = "to * by * read";
};
# Allow default read access to other directory elements
access to * by * read
'';
extraConfig = ''
moduleload pw-argon2
'';
"cn=module{0}".attrs = {
objectClass = "olcModuleList";
olcModuleLoad = "pw-argon2";
};
};
# Contents are immutable at runtime, and adding user accounts etc.
# is done statically in the LDIF-formatted contents in this folder.
declarativeContents = ''
declarativeContents."dc=tvl,dc=fyi" = ''
dn: dc=tvl,dc=fyi
dc: tvl
o: TVL LDAP server

View file

@ -5,11 +5,11 @@
{ ... }:
let
# Tracking nixos-unstable as of 2020-11-21.
nixpkgsCommit = "a322b32e9d74fb476944ff6cfb55833dc69cfaaa";
# Tracking nixos-unstable as of 2020-12-28.
nixpkgsCommit = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
nixpkgsSrc = fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz";
sha256 = "1r0mkiqxija75spnyksmh8x5j4smnrxv5f7768s81gsl570kls0l";
sha256 = "17akl75x28rzq97gaad32flswdsp150nfsg7h909kda721zql71a";
};
nixpkgs = import nixpkgsSrc {
config.allowUnfree = true;
@ -21,11 +21,11 @@ let
];
};
# Tracking nixos-20.09 as of 2020-11-21.
stableCommit = "58f9c4c7d3a42c912362ca68577162e38ea8edfb";
# Tracking nixos-20.09 as of 2020-12-28.
stableCommit = "0c81b9a4f170f734bd7e587a39e56470c59733e7";
stableNixpkgsSrc = fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz";
sha256 = "1517dy07jf4zhzknqbgm617lgjxsn7a6k1vgq61c67f6h55qs5ij";
sha256 = "1fl5ks6p78bamqanbk9xpy83jzzcdw2mdabrp59n33xv7jix1jzx";
};
stableNixpkgs = import stableNixpkgsSrc {};

View file

@ -11,7 +11,7 @@ in
src = pkgs.fetchgit {
url = "https://gerrit.googlesource.com/plugins/owners";
rev = "17817c9e319073c03513f9d5177b6142b8fd567b";
sha256 = "sha256:0gz9kqi32qnmhxc4r5fyrywfj3pfifiirk8l49f30m9rzhd9yrmy";
sha256 = "sha256:1p089shybp50svckcq51d0hfisjvbggndmvmhh8pvzvi6w8n9d89";
deepClone = true;
leaveDotGit = true;
};
@ -30,7 +30,7 @@ in
src = pkgs.fetchgit {
url = "https://gerrit.googlesource.com/plugins/checks";
rev = "ab49a63f5c159bda42d9ad1bdb9286bede6c5de4";
sha256 = "sha256:1czsvdz50r2c53vyz65if5ddm3i32zxi448irj94hc1bxmygdqbc";
sha256 = "sha256:1gy67ixjk91mvraww4iw69q7n03w719r3lrzv5xp5glxrzaf1mpf";
deepClone = true;
leaveDotGit = true;
};

View file

@ -50,6 +50,10 @@ self: super: with pkgs.haskell.lib; rec {
sha256 = "06s3mmqbsfwv09j2s45qnd66nrxfp9280gnl9ng8yh128pfr7bjh";
} {});
# random <1.2
test-framework = doJailbreak super.test-framework;
hashable = doJailbreak super.hashable;
random-source = overrideSrc super.random-source rec {
src = pkgs.fetchzip {
url = "mirror://hackage/random-source-${version}/random-source-${version}.tar.gz";

View file

@ -71,6 +71,7 @@
lib
libredirect
linuxPackages
linuxPackages_5_9
luajit
lutris
makeFontsConf
@ -158,7 +159,7 @@
mercurial
perl
perlPackages
utillinuxMinimal;
;
haskellPackages = (nixpkgs.haskellPackages.override {
overrides = (import ./haskell_overlay { pkgs = nixpkgs; });

View file

@ -21,7 +21,6 @@ let
};
vendorSha256 = "1a5fx6mrv30cl46kswicd8lf5i5shn1fykchvbnbhdpgxhbz6qi4";
deleteVendor = pkgs.stdenv.isLinux;
};
in
@ -32,7 +31,8 @@ with lib;
imports = [
./lib/zshFunctions.nix
./development/kube.nix
./development/agda.nix
# TODO(grfn): agda build is broken in the nixpkgs checkout
# ./development/agda.nix
./development/rust.nix
];

View file

@ -24,7 +24,7 @@ let
};
in
{
boot.kernelPackages = pkgs.linuxPackages_latest.extend (self: super: {
boot.kernelPackages = pkgs.linuxPackages_5_9.extend (self: super: {
kernel = super.kernel.override {
ignoreConfigErrors = true;
kernelPatches = super.kernel.kernelPatches ++ [{