chore(nixpkgs): Bump channels to 2021-05-25

* users/grfn/system/home/yeren: remove obsolete awscli2 overrides

* ops: make new isSystemUser || isNormalUser assertion happy

* users/grfn/system/system/mugwump: make buildkite agents system users

* users/tazjin/nixos/camden: set isSystemUser = true for git

* users/tazjin/emacs: Remove missing & broken packages

* third_party/openldap: remove, as the argon2 module is now enabled upstream

* third_party/gerrit_plugins: Pinned new unstable hashes

* third_party/nix, third_party/grpc: Disabled CI as these are broken

* third_party/overlays/emacs: Bumped version to stay in sync with channel

* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
  since libclang's default output no longer contains libclang.so

* users/grfn/system/home: Install julia-stable instead of julia (which
  aliases to julia-lts), as the latter depends on an insecure version of
  libgit

Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>

third_party/buzz/default.nix

@@ -27,5 +27,5 @@ depot.third_party.naersk.buildPackage {
     llvmPackages.libclang
   ];
 
-  LIBCLANG_PATH = "${pkgs.llvmPackages.libclang}/lib/libclang.so";
+  LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib/libclang.so";
 }

third_party/gerrit_plugins/default.nix

@@ -6,7 +6,7 @@ in depot.nix.utils.drvTargets {
   # https://gerrit.googlesource.com/plugins/owners
   owners = buildGerritBazelPlugin rec {
     name = "owners";
-    depsOutputHash = "sha256:0j7hn945l5y5pz109mrcx2hh2lb2gi5gf4wrrbypx43rmyhlz3s8";
+    depsOutputHash = "sha256:162hxk2qsix0x1aarhsaqi52q7j7mjpyk8af57w0a012i55ryqqa";
     src = pkgs.fetchgit {
       url = "https://gerrit.googlesource.com/plugins/owners";
       rev = "f3335231b98e14664fdd1b325486bb0824800ac3";
@@ -23,7 +23,7 @@ in depot.nix.utils.drvTargets {
   # https://gerrit.googlesource.com/plugins/checks
   checks = buildGerritBazelPlugin {
     name = "checks";
-    depsOutputHash = "sha256:01krrafg5df42z3r7y74g8lx859my4610cqx3a7d02laqq9yjqc6";
+    depsOutputHash = "sha256:1262xhl2z1pml6iimhnjm5l3gzddz0rjj6sjq53212dk2dxs5y1b";
     src = pkgs.fetchgit {
       url = "https://gerrit.googlesource.com/plugins/checks";
       rev = "990e936b1e050c4fe7ac3e590bdb5cfff0311232";

third_party/gerrit_plugins/oauth/default.nix

@@ -4,7 +4,7 @@ let
   inherit (import ../builder.nix args) buildGerritBazelPlugin;
 in buildGerritBazelPlugin rec {
   name = "oauth";
-  depsOutputHash = "sha256:1zl0gsia9p585dvpyiyb6fiqs3q9dg7qsxnwkn8ncqdnxlg21gl7";
+  depsOutputHash = "sha256:008xqrvy77x06y4dd74pd1vv8rzbp0jd2dw2sqcv9b5qhav7ilyw";
   src = pkgs.fetchgit {
     url = "https://gerrit.googlesource.com/plugins/oauth";
     rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c";

third_party/grpc/default.nix

@@ -9,4 +9,7 @@
     "-DCMAKE_CXX_STANDARD=17"
     "-DCMAKE_CXX_STANDARD_REQUIRED=ON"
   ];
-})
+}) // {
+  # TODO(b/132): Reenable when linker errors are fixed.
+  meta.ci = false;
+}

third_party/nix/default.nix

@@ -187,6 +187,9 @@ in lib.fix (self: pkgs.llvmPackages_11.libcxxStdenv.mkDerivation {
   # TODO(tazjin): integration test setup?
   # TODO(tazjin): docs generation?
 
+  # TODO(b/132): Reenable when linker errors are fixed.
+  meta.ci = false;
+
   passthru = {
     build-shell = self.overrideAttrs (up: rec {
       run_clang_tidy = pkgs.writeShellScriptBin "run-clang-tidy" ''

third_party/nixpkgs/default.nix

@@ -13,16 +13,16 @@ let
   # nixos-unstable, and the current stable channel of the latest NixOS
   # release.
 
-  # Tracking nixos-unstable as of 2021-04-09.
+  # Tracking nixos-unstable as of 2021-05-25.
   unstableHashes = {
-    commit = "9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2";
-    sha256 = "1r3ll77hyqn28d9i4cf3vqd9v48fmaa1j8ps8c4fm4f8gqf4kpl1";
+    commit = "900115a4f7fdd9189e7803ca781a65be663f2c89";
+    sha256 = "11551nawxjbgya8sq1p6ghkbws9qz9fbfq3wqawm3zh8ayr4l13j";
   };
 
-  # Tracking nixos-20.09 as of 2021-04-09.
+  # Tracking nixos-20.09 as of 2021-05-25.
   stableHashes = {
-    commit = "d6f63659a7021051a46035373ed50fbea7e4e924";
-    sha256 = "0vblhzg57sfzqpdm24lgs08vjv2204lzcp6hv4cbjd20rz0mxs4y";
+    commit = "ac60476ed94fd5424d9f3410c438825f793a8cbb";
+    sha256 = "1dlvpdsy5v09c7rj5f7xgakyj722yqr4415davjpcmrk4n5kw76v";
   };
 
   # import the nixos-unstable package set, or optionally use the

third_party/openldap/default.nix

@@ -1,27 +0,0 @@
-# OpenLDAP by default uses a simple shalted SHA1-hash for passwords,
-# which is less than ideal.
-#
-# It does however include a contrib module which adds support for the
-# Argon2 password hashing scheme. This overrides then OpenLDAP build
-# derivation to include this module.
-{ pkgs, ... }:
-
-pkgs.openldap.overrideAttrs(old: {
-  buildInputs = old.buildInputs ++ [ pkgs.libsodium ];
-
-  postBuild = ''
-    ${old.postBuild}
-    make $makeFlags -C contrib/slapd-modules/passwd/argon2
-  '';
-
-  # This is required because the Makefile for this module hardcodes
-  # /usr/bin/install, which is not a valid path - we want it to be
-  # looked up from $PATH because it is included in stdenv.
-  installFlags = old.installFlags ++ [ "INSTALL=install" ];
-
-  postInstall = ''
-    ${old.postInstall}
-    make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
-  '';
-
-})

third_party/overlays/emacs.nix

@@ -2,10 +2,10 @@
 { ... }:
 
 let
-  # from 2020-04-13
-  commit = "15ed1f372a83ec748ac824bdc5b573039c18b82f";
+  # from 2020-05-26
+  commit = "5df3462dda05d8e44669cf374776274e1bc47d0a";
   src = builtins.fetchTarball {
     url = "https://github.com/nix-community/emacs-overlay/archive/${commit}.tar.gz";
-    sha256 = "0m4vb7p29rgbpaavwn9jjid1zz48k1l9za5gy3d8nadqjn7x4dm1";
+    sha256 = "0ggmkg4shf9948wpwb0s40bjvwijvhv2wykrkayclvp419kbrfxq";
   };
 in import src