chore(3p): Bump NixOS channels to 2020-12-28
Changes: * ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the ability to configure OpenLDAP directly and now forces users to use some kind of weird Nix->OLC mapping that is mostly undocumented. This moves the config we need to the new format in a way that may or may not work and does the other arbitrary dance steps that someone decided to impose on us. Note that this now throws lots of warnings, but I can't be bothered to fix them. * 3p: Random package removals accomodated * users/glittershark: Pin grfn's kernel to 5.9, because the CK patch is not yet updated for 5.10 * users/glittershark: Update vendor hash for pg-dump-upsert, I suspect this changed because of something in the Go build machinery in nixpkgs. The deleteVendor flag also has no effect anymore and has been removed. * users/glittershark: agda build is broken, commenting out development home-manager environment until it can be fixed * third_party/haskell_overlay: updating random needs upper boundarles of a few dependencies relaxed (curse them) * third_party/gerrit_plugins: for some cursed reason the fixed-output hash of the gerrit owners plugin fetchgit changed, updated. Same for the checks plugin. Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
parent
68c4730365
commit
88bf43878f
7 changed files with 31 additions and 27 deletions
|
@ -164,29 +164,28 @@ in {
|
|||
services.openldap = {
|
||||
enable = true;
|
||||
dataDir = "/var/lib/openldap";
|
||||
database = "mdb";
|
||||
suffix = "dc=tvl,dc=fyi";
|
||||
rootdn = "cn=admin,dc=tvl,dc=fyi";
|
||||
rootpw = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OfcgkOQ96VQ3aJj7NfA9vQ$oS6HQOkYl/bUYg4SejpltQYy7kvqx/RUxvoR4zo1vXU";
|
||||
|
||||
# ACL configuration
|
||||
extraDatabaseConfig = ''
|
||||
# Allow users to change their own password
|
||||
access to attrs=userPassword
|
||||
by self write
|
||||
by anonymous auth
|
||||
by users none
|
||||
settings.children = {
|
||||
"olcDatabase={1}mdb".attrs = {
|
||||
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||
olcDatabase = "{1}mdb";
|
||||
olcSuffix = "dc=tvl,dc=fyi";
|
||||
olcAccess = "to * by * read";
|
||||
};
|
||||
|
||||
# Allow default read access to other directory elements
|
||||
access to * by * read
|
||||
'';
|
||||
|
||||
extraConfig = ''
|
||||
moduleload pw-argon2
|
||||
'';
|
||||
"cn=module{0}".attrs = {
|
||||
objectClass = "olcModuleList";
|
||||
olcModuleLoad = "pw-argon2";
|
||||
};
|
||||
};
|
||||
|
||||
# Contents are immutable at runtime, and adding user accounts etc.
|
||||
# is done statically in the LDIF-formatted contents in this folder.
|
||||
declarativeContents = ''
|
||||
declarativeContents."dc=tvl,dc=fyi" = ''
|
||||
dn: dc=tvl,dc=fyi
|
||||
dc: tvl
|
||||
o: TVL LDAP server
|
||||
|
|
12
third_party/default.nix
vendored
12
third_party/default.nix
vendored
|
@ -5,11 +5,11 @@
|
|||
{ ... }:
|
||||
|
||||
let
|
||||
# Tracking nixos-unstable as of 2020-11-21.
|
||||
nixpkgsCommit = "a322b32e9d74fb476944ff6cfb55833dc69cfaaa";
|
||||
# Tracking nixos-unstable as of 2020-12-28.
|
||||
nixpkgsCommit = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
|
||||
nixpkgsSrc = fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs/archive/${nixpkgsCommit}.tar.gz";
|
||||
sha256 = "1r0mkiqxija75spnyksmh8x5j4smnrxv5f7768s81gsl570kls0l";
|
||||
sha256 = "17akl75x28rzq97gaad32flswdsp150nfsg7h909kda721zql71a";
|
||||
};
|
||||
nixpkgs = import nixpkgsSrc {
|
||||
config.allowUnfree = true;
|
||||
|
@ -21,11 +21,11 @@ let
|
|||
];
|
||||
};
|
||||
|
||||
# Tracking nixos-20.09 as of 2020-11-21.
|
||||
stableCommit = "58f9c4c7d3a42c912362ca68577162e38ea8edfb";
|
||||
# Tracking nixos-20.09 as of 2020-12-28.
|
||||
stableCommit = "0c81b9a4f170f734bd7e587a39e56470c59733e7";
|
||||
stableNixpkgsSrc = fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs/archive/${stableCommit}.tar.gz";
|
||||
sha256 = "1517dy07jf4zhzknqbgm617lgjxsn7a6k1vgq61c67f6h55qs5ij";
|
||||
sha256 = "1fl5ks6p78bamqanbk9xpy83jzzcdw2mdabrp59n33xv7jix1jzx";
|
||||
};
|
||||
stableNixpkgs = import stableNixpkgsSrc {};
|
||||
|
||||
|
|
4
third_party/gerrit_plugins/default.nix
vendored
4
third_party/gerrit_plugins/default.nix
vendored
|
@ -11,7 +11,7 @@ in
|
|||
src = pkgs.fetchgit {
|
||||
url = "https://gerrit.googlesource.com/plugins/owners";
|
||||
rev = "17817c9e319073c03513f9d5177b6142b8fd567b";
|
||||
sha256 = "sha256:0gz9kqi32qnmhxc4r5fyrywfj3pfifiirk8l49f30m9rzhd9yrmy";
|
||||
sha256 = "sha256:1p089shybp50svckcq51d0hfisjvbggndmvmhh8pvzvi6w8n9d89";
|
||||
deepClone = true;
|
||||
leaveDotGit = true;
|
||||
};
|
||||
|
@ -30,7 +30,7 @@ in
|
|||
src = pkgs.fetchgit {
|
||||
url = "https://gerrit.googlesource.com/plugins/checks";
|
||||
rev = "ab49a63f5c159bda42d9ad1bdb9286bede6c5de4";
|
||||
sha256 = "sha256:1czsvdz50r2c53vyz65if5ddm3i32zxi448irj94hc1bxmygdqbc";
|
||||
sha256 = "sha256:1gy67ixjk91mvraww4iw69q7n03w719r3lrzv5xp5glxrzaf1mpf";
|
||||
deepClone = true;
|
||||
leaveDotGit = true;
|
||||
};
|
||||
|
|
4
third_party/haskell_overlay/default.nix
vendored
4
third_party/haskell_overlay/default.nix
vendored
|
@ -50,6 +50,10 @@ self: super: with pkgs.haskell.lib; rec {
|
|||
sha256 = "06s3mmqbsfwv09j2s45qnd66nrxfp9280gnl9ng8yh128pfr7bjh";
|
||||
} {});
|
||||
|
||||
# random <1.2
|
||||
test-framework = doJailbreak super.test-framework;
|
||||
hashable = doJailbreak super.hashable;
|
||||
|
||||
random-source = overrideSrc super.random-source rec {
|
||||
src = pkgs.fetchzip {
|
||||
url = "mirror://hackage/random-source-${version}/random-source-${version}.tar.gz";
|
||||
|
|
3
third_party/nixpkgs-exposed.nix
vendored
3
third_party/nixpkgs-exposed.nix
vendored
|
@ -71,6 +71,7 @@
|
|||
lib
|
||||
libredirect
|
||||
linuxPackages
|
||||
linuxPackages_5_9
|
||||
luajit
|
||||
lutris
|
||||
makeFontsConf
|
||||
|
@ -158,7 +159,7 @@
|
|||
mercurial
|
||||
perl
|
||||
perlPackages
|
||||
utillinuxMinimal;
|
||||
;
|
||||
|
||||
haskellPackages = (nixpkgs.haskellPackages.override {
|
||||
overrides = (import ./haskell_overlay { pkgs = nixpkgs; });
|
||||
|
|
|
@ -21,7 +21,6 @@ let
|
|||
};
|
||||
|
||||
vendorSha256 = "1a5fx6mrv30cl46kswicd8lf5i5shn1fykchvbnbhdpgxhbz6qi4";
|
||||
deleteVendor = pkgs.stdenv.isLinux;
|
||||
};
|
||||
|
||||
in
|
||||
|
@ -32,7 +31,8 @@ with lib;
|
|||
imports = [
|
||||
./lib/zshFunctions.nix
|
||||
./development/kube.nix
|
||||
./development/agda.nix
|
||||
# TODO(grfn): agda build is broken in the nixpkgs checkout
|
||||
# ./development/agda.nix
|
||||
./development/rust.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest.extend (self: super: {
|
||||
boot.kernelPackages = pkgs.linuxPackages_5_9.extend (self: super: {
|
||||
kernel = super.kernel.override {
|
||||
ignoreConfigErrors = true;
|
||||
kernelPatches = super.kernel.kernelPatches ++ [{
|
||||
|
|
Loading…
Reference in a new issue