This is based on the respectve patch from NixPkgs, but with the parts pinning
mysql and postgresql executables removed. The our package definition on why.

diff --git a/src/akonadicontrol/agentmanager.cpp b/src/akonadicontrol/agentmanager.cpp
--- a/src/akonadicontrol/agentmanager.cpp
+++ b/src/akonadicontrol/agentmanager.cpp
@@ -61,7 +61,7 @@ public:
                 []() {
                     QCoreApplication::instance()->exit(255);
                 });
-        start(QStringLiteral("akonadiserver"), args, RestartOnCrash);
+        start(QLatin1String(NIX_OUT "/bin/akonadiserver"), args, RestartOnCrash);
     }
 
     ~StorageProcessControl() override
@@ -84,7 +84,7 @@ public:
                 []() {
                     qCCritical(AKONADICONTROL_LOG) << "Failed to start AgentServer!";
                 });
-        start(QStringLiteral("akonadi_agent_server"), args, RestartOnCrash);
+        start(QLatin1String(NIX_OUT "/bin/akonadi_agent_server"), args, RestartOnCrash);
     }
 
     ~AgentServerProcessControl() override
diff --git a/src/akonadicontrol/agentprocessinstance.cpp b/src/akonadicontrol/agentprocessinstance.cpp
--- a/src/akonadicontrol/agentprocessinstance.cpp
+++ b/src/akonadicontrol/agentprocessinstance.cpp
@@ -62,7 +62,7 @@ bool AgentProcessInstance::start(const AgentType &agentInfo)
     } else {
         Q_ASSERT(agentInfo.launchMethod == AgentType::Launcher);
         const QStringList arguments = QStringList() << executable << identifier();
-        const QString agentLauncherExec = Akonadi::StandardDirs::findExecutable(QStringLiteral("akonadi_agent_launcher"));
+        const QString agentLauncherExec = QLatin1String(NIX_OUT "/bin/akonadi_agent_launcher");
         mController->start(agentLauncherExec, arguments);
     }
     return true;
diff --git a/src/server/storage/dbconfigmysql.cpp b/src/server/storage/dbconfigmysql.cpp
--- a/src/server/storage/dbconfigmysql.cpp
+++ b/src/server/storage/dbconfigmysql.cpp
@@ -209,7 +209,7 @@ bool DbConfigMysql::startInternalServer()
 #endif
 
     // generate config file
-    const QString globalConfig = StandardDirs::locateResourceFile("config", QStringLiteral("mysql-global.conf"));
+    const QString globalConfig = QLatin1String(NIX_OUT "/etc/xdg/akonadi/mysql-global.conf");
     const QString localConfig  = StandardDirs::locateResourceFile("config", QStringLiteral("mysql-local.conf"));
     const QString actualConfig = StandardDirs::saveDir("data") + QLatin1String("/mysql.conf");
     if (globalConfig.isEmpty()) {
-authenticate.sh</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/guix-git-authenticate.sh?id=ec23b6ec0449526d7773c392505efb5729b2afd6'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2024-05-01 17:26:18 +0200'>2024-05-01</span></td><td class='logsubject'><a href='/guix/commit/tests/guix-git-authenticate.sh?id=7b4bf4ee888af10406da37934341a7a56186b258'>git authenticate: Record introduction and keyring in ‘.git/config’.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* guix/scripts/git/authenticate.scm (%default-options): Remove
‘keyring-reference’.
(config-value, configured-introduction, configured-keyring-reference)
(configured?, record-configuration, current-branch): New procedures.
(guix-git-authenticate)[missing-arguments]: New procedure.
Use ‘configured-introduction’ when zero arguments are given.
Use ‘configured-keyring-reference’ when ‘-k’ is not passed.  Add call to
‘record-configuration’.
* doc/guix.texi (Invoking guix git authenticate): Document it.

Change-Id: I66e111a83f50407b52da71662629947f83a78bbc


</td></tr>
<tr class='logheader'><td><span title='2023-04-21 16:16:38 +0200'>2023-04-21</span></td><td class='logsubject'><a href='/guix/commit/tests/guix-git-authenticate.sh?id=37dd69b44511dc73eb04bdebe8d82c9a0386338e'>tests: Fix checks for expected failures.</a></td><td>Eric Bavier</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Addresses &lt;https://issues.guix.gnu.org/62406&gt;.

With 'set -e', a return status inverted with '!' does not cause the shell to
exit immediately.  Instead use '&amp;&amp; false' to indicate an expected failure.

* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh,
tests/guix-daemon.sh, tests/guix-download.sh,
tests/guix-environment-container.sh, tests/guix-environment.sh,
tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh,
tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh,
tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh,
tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh,
tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with
'... &amp;&amp; false' or `test ! ...` as appropriate.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;


</td></tr>
<tr class='logheader'><td><span title='2022-02-14 11:23:08 +0100'>2022-02-14</span></td><td class='logsubject'><a href='/guix/commit/tests/guix-git-authenticate.sh?id=ca87601dd97dd9d356409827802eb0f8a3a535f0'>git-authenticate: Ensure the target is a descendant of the introductory commit.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.


</td></tr>

Age	Commit message (Collapse)	Author
2024-05-01	git authenticate: Record introduction and keyring in ‘.git/config’.	Ludovic Courtès
	* guix/scripts/git/authenticate.scm (%default-options): Remove ‘keyring-reference’. (config-value, configured-introduction, configured-keyring-reference) (configured?, record-configuration, current-branch): New procedures. (guix-git-authenticate)[missing-arguments]: New procedure. Use ‘configured-introduction’ when zero arguments are given. Use ‘configured-keyring-reference’ when ‘-k’ is not passed. Add call to ‘record-configuration’. * doc/guix.texi (Invoking guix git authenticate): Document it. Change-Id: I66e111a83f50407b52da71662629947f83a78bbc
2023-04-21	tests: Fix checks for expected failures.	Eric Bavier
	Addresses <https://issues.guix.gnu.org/62406>. With 'set -e', a return status inverted with '!' does not cause the shell to exit immediately. Instead use '&& false' to indicate an expected failure. * tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment-container.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh, tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with '... && false' or `test ! ...` as appropriate. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-02-14	git-authenticate: Ensure the target is a descendant of the introductory commit.	Ludovic Courtès
	Fixes a bug whereby authentication of a commit not descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence.