My upgrade note of NixOS 21.05 Share postShare icon

Changes that I made when upgrading from 20.09 to 21.05

  1. isNormalUser/isSystemUser
  2. Make home folder world-readable
  3. Tor onion

This post details the changes I made to my NixOS’ configuration when upgrading from 20.09 to 21.05.

isNormalUser/isSystemUser

Either isNormalUser or isSystemUser must now be set. This mainly affects service user (user that is created solely to run a service).

  users = {
    users = {
      fooService = {
        home = "/var/www";
        createHome = true;
+        isSystemUser = true;
      };
    };
  };

Make home folder world-readable

I have a “/var/www“ folder which I use to serve this website. Previously, chmod +xr was persistent but now NixOS always set the permission of a user’s home folder to be chmod 700 every time nixos-rebuild is executed. As a workaround, I have to configure nix to execute chmod after nixos-rebuild and during boot.

system.activationScripts = {
   www-data.text =
   ''
     chmod +xr "/var/www"
   '';
};

Tor onion

Some settings have been renamed:

  1. hiddenServices → relay.onionServices
  2. map.*.toHostmap.*.target.addr
  3. extraConfig → settings
  services.tor = {
    enable = true;
    enableGeoIP = false;
-    hiddenServices = {
-      myOnion = {
-        version = 3;
-        map = [
-          {
-            port = "80";
-            toHost = "[::1]";
-            toPort = "8080";
-          }
-        ];
-      }
-    }
-    extraConfig =
-      ''
-        ClientUseIPv4 0
-        ClientUseIPv6 1
-        ClientPreferIPv6ORPort 1
-      '';
+    relay.onionServices = {
+      myOnion = {
+        version = 3;
+        map = [{
+          port = 80;
+          target = {
+            addr = "[::1]";
+            port = 8080;
+          };
+        }];
+      };
+    };
+    settings = {
+      ClientUseIPv4 = false;
+      ClientUseIPv6 = true;
+      ClientPreferIPv6ORPort = true;
+    };
  };