TLS support for remote backup

Help
1

I am trying to run a backup with Deja Dup. Storage location is Microsoft One Drive.
I installed the package pkgs.libressl but I am still getting an error from Deja Dup:

Could not log into Microsoft servers. TLS support is not available

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Sane Scanner
     hardware.sane.enable = true; 

  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Asia/Jerusalem";

  #local time
  time.hardwareClockInLocalTime = true;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the KDE Plasma Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  # Configure keymap in X11
  services.xserver = {
   xkb.layout = "us";
    xkb.variant = "";
  };

  # Enable CUPS to print documents.
  services.printing.enable = true;

#Brother printer
  services.printing.drivers = [
    pkgs.brlaser
    pkgs.brgenml1lpr
    pkgs.brgenml1cupswrapper
];

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  #NTFS
  boot.supportedFilesystems = [ "ntfs" ];

#Automount

  fileSystems."/run/media/shmuel/Timeshift" = {
       device = "/dev/disk/by-uuid/701FE3AE54D4CE16";
};

fileSystems."/run/media/shmuel/VM" = {
    device = "/dev/disk/by-uuid/f8c56958-b308-4a9c-a8e6-f2ba9a148860";
};

fileSystems."/run/media/shmuel/PersonalData" = {
    device = "/dev/disk/by-uuid/22EC446AEC4439F5";
};

#swap
    zramSwap.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.shmuel = {
    isNormalUser = true;
    description = "shmuel";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      firefox
      kate
    #  thunderbird
    ];
  };

#Shell
  users.users.shmuel.shell = pkgs.zsh;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

#Automatic updates
  system.autoUpgrade.enable  = true;
  system.autoUpgrade.allowReboot  = false;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
     pkgs.xfce.mousepad
     pkgs.deja-dup
     pkgs.ntfs3g
     pkgs.google-chrome
     pkgs.caffeine-ng
     pkgs.audacious
     pkgs.timeshift
     pkgs.gparted
     pkgs.conky
     pkgs.goldendict-ng
     pkgs.losslesscut-bin
     pkgs.vlc
     pkgs.smplayer
     pkgs.libreoffice
     pkgs.handbrake
     pkgs.media-downloader
     pkgs.inxi
     pkgs.kio-admin
     pkgs.konsave
     pkgs.simple-scan
     pkgs.git
     pkgs.vim
     pkgs.wget
     pkgs.curl
     pkgs.galculator
     pkgs.oh-my-zsh
    pkgs.neofetch
    pkgs.lolcat
    pkgs.zsh-autosuggestions
    pkgs.zoom-us
    pkgs.libressl
  ];

environment.plasma5.excludePackages = with pkgs.libsForQt5; [
  plasma-browser-integration
  oxygen
];

  virtualisation.virtualbox.host.enable = true;
  virtualisation.virtualbox.host.enableExtensionPack = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  #programs.zsh.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

 programs.zsh = {
   enable = true;
   autosuggestions.enable = true;
   shellInit = "neofetch|lolcat";
   
   shellAliases = {
    ll = "ls -l";
    fax = "brpcfax -o fax-number=025389272 /home/shmuel/Downloads/Fax/*";
    del = "rm /home/shmuel/Downloads/Fax/*";
    bild = "sudo nixos-rebuild switch && cp /etc/nixos/configuration.nix ~/Documents/config";
    up = "sudo nix-channel --update && sudo nixos-rebuild";
    config = "sudo nano /etc/nixos/configuration.nix";
  };
};
programs.zsh.ohMyZsh = {
  enable = true;
  plugins = [  ];
  theme = "agnoster";
};

# Prevent the new user dialog in zsh
system.userActivationScripts.zshrc = "touch .zshrc";
  
# List services that you want to enable:
      services.flatpak.enable = true;
      services.avahi.enable = true;

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?

}

# Set channel by running this command:
# sudo nix-channel --add https://channels.nixos.org/nixos-unstable
# sudo nix-channel --update
# sudo nixos-rebuild switch --upgrade

# Configure printer:
# ipp://192.168.150.170:631
# Brother MFC-L2710DW series, using brlaser v6
2

After posting, I uncommented this line in my config, and rebuilt. But I still get the same error.

3

I can’t really dig in right now but this smells like deja dup itself was not built with TLS support. I’d check it’s package def, build flags, make sure the package has whatever tls lib it wants, etc.

4

I will paste the build for deja dup, and for its backend, duplicity.
But I am not confident that I know enough to analyse these builds to see if they have what they need.

{ lib, stdenv
, fetchFromGitLab
, substituteAll
, meson
, ninja
, pkg-config
, vala
, gettext
, itstool
, desktop-file-utils
, glib
, gtk4
, coreutils
, libsoup_3
, libsecret
, libadwaita
, wrapGAppsHook4
, libgpg-error
, json-glib
, duplicity
}:

stdenv.mkDerivation (finalAttrs: {
  pname = "deja-dup";
  version = "45.2";

  src = fetchFromGitLab {
    domain = "gitlab.gnome.org";
    owner = "World";
    repo = "deja-dup";
    rev = finalAttrs.version;
    hash = "sha256-nscswpWX6UB1zuv6TXcT3YE1wkREJYDGQrEPryyUYUM=";
  };

  patches = [
    (substituteAll {
      src = ./fix-paths.patch;
      inherit coreutils;
    })
  ];

  nativeBuildInputs = [
    meson
    ninja
    pkg-config
    vala
    gettext
    itstool
    desktop-file-utils
    wrapGAppsHook4
  ];

  buildInputs = [
    libsoup_3
    glib
    gtk4
    libsecret
    libadwaita
    libgpg-error
    json-glib
  ];

  mesonFlags = [
    "-Dduplicity_command=${duplicity}/bin/duplicity"
  ];

  meta = with lib; {
    description = "A simple backup tool";
    longDescription = ''
      Déjà Dup is a simple backup tool. It hides the complexity \
      of backing up the Right Way (encrypted, off-site, and regular) \
      and uses duplicity as the backend.
    '';
    homepage = "https://wiki.gnome.org/Apps/DejaDup";
    license = licenses.gpl3Plus;
    maintainers = with maintainers; [ jtojnar ];
    platforms = platforms.linux;
    mainProgram = "deja-dup";
  };
})

{ lib
, stdenv
, fetchFromGitLab
, python3
, librsync
, ncftp
, gnupg
, gnutar
, par2cmdline
, util-linux
, rsync
, makeWrapper
, gettext
}:

python3.pkgs.buildPythonApplication rec {
  pname = "duplicity";
  version = "0.8.23";

  src = fetchFromGitLab {
    owner = "duplicity";
    repo = "duplicity";
    rev = "rel.${version}";
    sha256 = "0my015zc8751smjgbsysmca7hvdm96cjw5zilqn3zq971nmmrksb";
  };

  patches = [
    # We use the tar binary on all platforms.
    ./gnutar-in-test.patch

    # Our Python infrastructure runs test in installCheckPhase so we need
    # to make the testing code stop assuming it is run from the source directory.
    ./use-installed-scripts-in-test.patch
  ] ++ lib.optionals stdenv.isLinux [
    # Broken on Linux in Nix' build environment
    ./linux-disable-timezone-test.patch
  ];

  preConfigure = ''
    # fix version displayed by duplicity --version
    # see SourceCopy in setup.py
    ls
    for i in bin/*.1 duplicity/__init__.py; do
      substituteInPlace "$i" --replace '$version' "${version}"
    done
  '';

  nativeBuildInputs = [
    makeWrapper
    gettext
    python3.pkgs.wrapPython
    python3.pkgs.setuptools-scm
  ];

  buildInputs = [
    librsync
  ];

  pythonPath = with python3.pkgs; [
    b2sdk
    boto3
    cffi
    cryptography
    ecdsa
    idna
    pygobject3
    fasteners
    lockfile
    paramiko
    pyasn1
    pycrypto
    pydrive2
    future
  ];

  nativeCheckInputs = [
    gnupg # Add 'gpg' to PATH.
    gnutar # Add 'tar' to PATH.
    librsync # Add 'rdiff' to PATH.
    par2cmdline # Add 'par2' to PATH.
  ] ++ lib.optionals stdenv.isLinux [
    util-linux # Add 'setsid' to PATH.
  ] ++ (with python3.pkgs; [
    lockfile
    mock
    pexpect
    pytest
    pytest-runner
  ]);

  postInstall = ''
    wrapProgram $out/bin/duplicity \
      --prefix PATH : "${lib.makeBinPath [ gnupg ncftp rsync ]}"
  '';

  preCheck = ''
    wrapPythonProgramsIn "$PWD/testing/overrides/bin" "$pythonPath"

    # Add 'duplicity' to PATH for tests.
    # Normally, 'setup.py test' adds 'build/scripts-2.7/' to PATH before running
    # tests. However, 'build/scripts-2.7/duplicity' is not wrapped, so its
    # shebang is incorrect and it fails to run inside Nix' sandbox.
    # In combination with use-installed-scripts-in-test.patch, make 'setup.py
    # test' use the installed 'duplicity' instead.
    PATH="$out/bin:$PATH"

    # Don't run developer-only checks (pep8, etc.).
    export RUN_CODE_TESTS=0

    # check version string
    duplicity --version | grep ${version}
  '' + lib.optionalString stdenv.isDarwin ''
    # Work around the following error when running tests:
    # > Max open files of 256 is too low, should be >= 1024.
    # > Use 'ulimit -n 1024' or higher to correct.
    ulimit -n 1024
  '';

  # TODO: Fix test failures on macOS 10.13:
  #
  # > OSError: out of pty devices
  doCheck = !stdenv.isDarwin;

  meta = with lib; {
    description = "Encrypted bandwidth-efficient backup using the rsync algorithm";
    homepage = "https://duplicity.gitlab.io/duplicity-web/";
    license = licenses.gpl2Plus;
    maintainers = with maintainers; [ ];
  };
}