kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity
My personal project and infrastructure archive
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
357117 Commits
7 Branches
1 Tag
1.4 GiB
Tag: Branch: Tree: 5721945070
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5721945070'
${ noResults }
nomicon/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

1069 lines
44 KiB
Raw Normal View History Unescape

nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
3 years ago
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05">
<title>Release 22.05 (“Quokka”, 2022.05/??)</title>
<para>
In addition to numerous new and upgraded packages, this release has
the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Support is planned until the end of December 2022, handing over
to 22.11.
</para>
</listitem>
</itemizedlist>
<section xml:id="sec-release-22.05-highlights">
<title>Highlights</title>
nixos/acme: Update release notes
3 years ago
<itemizedlist>
<listitem>
<para>
<literal>security.acme.defaults</literal> has been added to
simplify configuring settings for many certificates at once.
This also opens up the the option to use DNS-01 validation
when using <literal>enableACME</literal> on web server virtual
hosts (e.g.
<literal>services.nginx.virtualHosts.*.enableACME</literal>).
</para>
</listitem>
php81: init at 8.1.1
3 years ago
<listitem>
<para>
PHP 8.1 is now available
</para>
</listitem>
mattermost: update release notes
2 years ago
<listitem>
<para>
nixos/mattermost: update release notes
2 years ago
Mattermost has been updated to extended support release 6.3,
as the previously packaged extended support release 5.37 is
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
its end of life</link>. Migrations may take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
and
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
upgrade notes</link>.
mattermost: update release notes
2 years ago
</para>
</listitem>
nixos/systemd: Add reloadTriggers to services
2 years ago
<listitem>
<para>
systemd services can now set
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>
instead of <literal>reloadIfChanged</literal> for a more
granular distinction between reloads and restarts.
</para>
</listitem>
php81: init at 8.1.1
3 years ago
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
3 years ago
</section>
<section xml:id="sec-release-22.05-new-services">
<title>New Services</title>
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879) * elk7: 7.11.1 -> 7.16.1 * nixosTests.elk: Improve reliability and compatibility with ELK 7.x - Use comparisons in jq instead of grepping - Match for `.hits.total.value` if version >= 7, otherwise it always passes - Make curl fail if requests fails * nixos/filebeat: Add initial module and test Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. This module can be used instead of journalbeat if used with `filebeat7` and configured with the `journald` input. * python3Packages.parsedmarc.tests: Fix breakage - Don't use the deprecated elasticsearch7-oss package - Improve jq query robustness and add tracing * rl-2205: Note the addition of the filebeat service * elk6: 6.8.3 -> 6.8.21 The latest version includes a fix for CVE-2021-44228. * nixos/journalbeat: Add a loose dependency on elasticsearch Avoid unnecssary back-off when elasticsearch is running on the same host.
2 years ago
<itemizedlist>
nixos/aesmd: add module Co-authored-by: Alex Zero <joseph@marsden.space>
3 years ago
<listitem>
<para>
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
the Intel SGX Architectural Enclave Service Manager. Available
as
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
</para>
</listitem>
docker-rootless service: init
2 years ago
<listitem>
<para>
<link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless
Docker</link>, a <literal>systemd --user</literal> Docker
service which runs without root permissions. Available as
<link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>.
</para>
</listitem>
nixos/matrix-conduit: init
3 years ago
<listitem>
<para>
<link xlink:href="https://conduit.rs/">matrix-conduit</link>,
a simple, fast and reliable chat server powered by matrix.
Available as
<link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
</para>
</listitem>
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879) * elk7: 7.11.1 -> 7.16.1 * nixosTests.elk: Improve reliability and compatibility with ELK 7.x - Use comparisons in jq instead of grepping - Match for `.hits.total.value` if version >= 7, otherwise it always passes - Make curl fail if requests fails * nixos/filebeat: Add initial module and test Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. This module can be used instead of journalbeat if used with `filebeat7` and configured with the `journald` input. * python3Packages.parsedmarc.tests: Fix breakage - Don't use the deprecated elasticsearch7-oss package - Improve jq query robustness and add tracing * rl-2205: Note the addition of the filebeat service * elk6: 6.8.3 -> 6.8.21 The latest version includes a fix for CVE-2021-44228. * nixos/journalbeat: Add a loose dependency on elasticsearch Avoid unnecssary back-off when elasticsearch is running on the same host.
2 years ago
<listitem>
<para>
<link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
a lightweight shipper for forwarding and centralizing log
data. Available as
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
nixos/apfs: init Add the final missing pieces for full APFS support.
3 years ago
<listitem>
<para>
<link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>,
a kernel module for mounting the Apple File System (APFS).
</para>
</listitem>
nixos/frr: add to release notes
2 years ago
<listitem>
<para>
<link xlink:href="https://frrouting.org/">FRRouting</link>, a
popular suite of Internet routing protocol daemons (BGP, BFD,
OSPF, IS-IS, VVRP and others). Available as
<link linkend="opt-services.ffr.babel.enable">services.frr</link>
</para>
</listitem>
nixos/heisenbridge: Init
3 years ago
<listitem>
<para>
<link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>,
a bouncer-style Matrix IRC bridge. Available as
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
nixos/ergochat: init
2 years ago
<listitem>
<para>
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
IRC with IRCv3 features. Available as
<link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>.
</para>
</listitem>
powerdns-admin: fix and add module - Add the migrations directory to the package - Add postgres support to the package - Add a service for powerdns-admin Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
a web interface for the PowerDNS server. Available at
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
nixos/input-remapper: add release note
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>,
an easy to use tool to change the mapping of your input device
buttons. Available at
<link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>.
</para>
</listitem>
nixos/invoiceplane: init module and package at 1.5.11 (#146909)
2 years ago
<listitem>
<para>
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
web application for managing and creating invoices. Available
at
<link xlink:href="options.html#opt-services.invoiceplane.enable">services.invoiceplane</link>.
</para>
</listitem>
nixos/maddy: Better description, user and group handling
2 years ago
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
nixos/k40-whisperer: module init
2 years ago
<listitem>
<para>
<link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>,
a program to control cheap Chinese laser cutters. Available as
<link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>.
Users must add themselves to the <literal>k40</literal> group
to be able to access the device.
</para>
</listitem>
mtr-exporter: init at 0.1.0 (3ce854a5) This is a useful utility for monitoring network performance over time using a combination of MTR and Prometheus. Also adding a service definition. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>,
a Prometheus exporter for mtr metrics. Available as
<link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>.
</para>
</listitem>
nixos/tetrd: init
2 years ago
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
nixos/agate: init
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/mbrubeck/agate">agate</link>,
a very simple server for the Gemini hypertext protocol.
Available as
<link xlink:href="options.html#opt-services.agate.enable">services.agate</link>.
</para>
</listitem>
nixos/archisteamfarm: init
3 years ago
<listitem>
<para>
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
a C# application with primary purpose of idling Steam cards
from multiple accounts simultaneously. Available as
<link xlink:href="options.html#opt-services.archisteamfarm.enable">services.archisteamfarm</link>.
</para>
</listitem>
nixos/teleport: add release notes
2 years ago
<listitem>
<para>
<link xlink:href="https://goteleport.com">teleport</link>,
allows engineers and security professionals to unify access
for SSH servers, Kubernetes clusters, web applications, and
databases across all environments. Available at
<link linkend="opt-services.teleport.enable">services.teleport</link>.
</para>
</listitem>
baget service: init
4 years ago
<listitem>
<para>
<link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>,
a lightweight NuGet and symbol server. Available at
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
nixos/doc: add moosefs module to release notes
3 years ago
<listitem>
<para>
<link xlink:href="https://moosefs.com">moosefs</link>, fault
tolerant petabyte distributed file system. Available as
<link linkend="opt-services.moosefs">moosefs</link>.
</para>
baget service: init
4 years ago
</listitem>
prosody-filer service: init Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
a server for handling XMPP HTTP Upload requests. Available at
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
ethercalc: init at latest master (b19627)
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>,
an online collaborative spreadsheet. Available as
<link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>.
</para>
</listitem>
Add timetagger to release notes Why the f*** would anyone ever add generated stuff to a git repository, where the sources for the generated stuff AND the scripts to generate them are in the repository? Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2 years ago
<listitem>
<para>
<link xlink:href="https://timetagger.app">timetagger</link>,
an open source time-tracker with an intuitive user experience
and powerful reporting.
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
</para>
</listitem>
nixos/rstudio-server: add to 22.05 release notes
2 years ago
<listitem>
<para>
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
a browser-based version of the RStudio IDE for the R
programming language. Available as
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
nixos/headscale: Add headscale service module
2 years ago
<listitem>
<para>
<link xlink:href="https://github.com/juanfont/headscale">headscale</link>,
an Open Source implementation of the
<link xlink:href="https://tailscale.io">Tailscale</link>
Control Server. Available as
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
</para>
</listitem>
nixos/blocky: init
2 years ago
<listitem>
<para>
<link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
fast and lightweight DNS proxy as ad-blocker for local network
with many features.
</para>
</listitem>
nixos/aesmd: add module Co-authored-by: Alex Zero <joseph@marsden.space>
3 years ago
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
3 years ago
</section>
<section xml:id="sec-release-22.05-incompatibilities">
<title>Backward Incompatibilities</title>
emacsPackages.orgPackages: deprecated org elpa is deprecated and moved into gnu elpa and nongnu elpa. link: nix-community/emacs-overlay#191
3 years ago
<itemizedlist>
ghc: make sure top level exposed GHC is always host->target See the added comment in all-packages.nix for a more detailed explanation. This makes the top-level GHC different from haskellPackages.ghc (which is build->host and used for building the package set), but more consistent with gcc, gnat etc. Specifically, pkgsCross.${platform}.buildPackages.ghc will now be a cross-compiler instead of a native build->build compiler. Since this change has a slight chance of being disruptive, add a note to the changelog.
3 years ago
<listitem>
<para>
<literal>pkgs.ghc</literal> now refers to
<literal>pkgs.targetPackages.haskellPackages.ghc</literal>.
This <emphasis>only</emphasis> makes a difference if you are
cross-compiling and will ensure that
<literal>pkgs.ghc</literal> always runs on the host platform
and compiles for the target platform (similar to
<literal>pkgs.gcc</literal> for example).
<literal>haskellPackages.ghc</literal> still behaves as
before, running on the build platform and compiling for the
host platform (similar to <literal>stdenv.cc</literal>). This
means you don’t have to adjust your derivations if you use
<literal>haskellPackages.callPackage</literal>, but when using
<literal>pkgs.callPackage</literal> and taking
<literal>ghc</literal> as an input, you should now use
<literal>buildPackages.ghc</literal> instead to ensure cross
compilation keeps working (or switch to
<literal>haskellPackages.callPackage</literal>).
</para>
</listitem>
haskellPackages.ghcWithPackages: throw on old override interface Adding a fake override function via passthru will at least give users of the old override interface a more helpful error message. Additionally we also document the changes in the changelog.
2 years ago
<listitem>
<para>
<literal>pkgs.ghc.withPackages</literal> as well as
<literal>haskellPackages.ghcWithPackages</literal> etc. now
needs be overridden directly, as opposed to overriding the
result of calling it. Additionally, the
<literal>withLLVM</literal> parameter has been renamed to
<literal>useLLVM</literal>. So instead of
<literal>(ghc.withPackages (p: [])).override { withLLVM = true; }</literal>,
one needs to use
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
</para>
</listitem>
nixos/home-assistant: convert to rfc42 style settings After this change users with non-declarative configs need to set `services.home-assistant.config` to an `null`, or their `configuration.yaml` will be overwritten. The reason for this is that with rfc42 style defaults the config attribute set will never be empty by default.
2 years ago
<listitem>
<para>
The <literal>home-assistant</literal> module now requires
users that don’t want their configuration to be managed
declaratively to set
<literal>services.home-assistant.config = null;</literal>.
This is required due to the way default settings are handled
with the new settings style.
</para>
<para>
Additionally the default list of
<literal>extraComponents</literal> now includes the minimal
dependencies to successfully complete the
<link xlink:href="https://www.home-assistant.io/getting-started/onboarding/">onboarding</link>
procedure.
</para>
</listitem>
emacsPackages.orgPackages: deprecated org elpa is deprecated and moved into gnu elpa and nongnu elpa. link: nix-community/emacs-overlay#191
3 years ago
<listitem>
<para>
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
because org elpa is deprecated. The packages in the top level
of <literal>pkgs.emacsPackages</literal>, such as org and
org-contrib, refer to the ones in
<literal>pkgs.emacsPackages.elpaPackages</literal> and
<literal>pkgs.emacsPackages.nongnuPackages</literal> where the
new versions will release.
</para>
</listitem>
nixos/kubernetes: remove dashboard
3 years ago
<listitem>
<para>
<literal>services.kubernetes.addons.dashboard</literal> was
removed due to it being an outdated version.
</para>
</listitem>
nixos/kubernetes: Update deprecated scheduler opts --port and --address have both been deprecated and are nonfunctional starting with kubernetes 1.23. Use --secure-port and --bind-address instead. This means that users can no longer rely on the insecure port for anything, so update the release notes accordingly.
2 years ago
<listitem>
<para>
<literal>services.kubernetes.scheduler.{port,address}</literal>
now set <literal>--secure-port</literal> and
<literal>--bind-address</literal> instead of
<literal>--port</literal> and <literal>--address</literal>,
since the former have been deprecated and are no longer
functional in kubernetes&gt;=1.23. Ensure that you are not
relying on the insecure behaviour before upgrading.
</para>
</listitem>
docs/release-notes: document dhcpd hardening
2 years ago
<listitem>
<para>
The DHCP server (<literal>services.dhcpd4</literal>,
<literal>services.dhcpd6</literal>) has been hardened. The
service is now using the systemd’s
<literal>DynamicUser</literal> mechanism to run as an
unprivileged dynamically-allocated user with limited
capabilities. The dhcpd state files are now always stored in
<literal>/var/lib/dhcpd{4,6}</literal> and the
<literal>services.dhcpd4.stateDir</literal> and
<literal>service.dhcpd6.stateDir</literal> options have been
removed. If you were depending on root privileges or
set{uid,gid,cap} binaries in dhcpd shell hooks, you may give
dhcpd more capabilities with e.g.
<literal>systemd.services.dhcpd6.serviceConfig.AmbientCapabilities</literal>.
</para>
</listitem>
mailpile, nixos/mailpile: drop Still actively developed and yet stuck on python2. Also marked as vulnerable and their issue tracker contains yet another security issue reported in 2021/10 that the upstream hasn't acknowledged yet. Mind blown. Closes: #135543, #97274, #97275
2 years ago
<listitem>
<para>
The <literal>mailpile</literal> email webclient
(<literal>services.mailpile</literal>) has been removed due to
its reliance on python2.
</para>
</listitem>
nixos/moinmoin, nixos/tests/moinmoin, python2Packages.moinmoin: remove Stuck on python2 and the NixOS test has been failing for 6 months.
2 years ago
<listitem>
<para>
The MoinMoin wiki engine
(<literal>services.moinmoin</literal>) has been removed,
because Python 2 is being retired from nixpkgs.
</para>
</listitem>
doc: add release notes for a wafHook change
3 years ago
<listitem>
<para>
The <literal>wafHook</literal> hook now honors
<literal>NIX_BUILD_CORES</literal> when
<literal>enableParallelBuilding</literal> is not set
explicitly. Packages can restore the old behaviour by setting
<literal>enableParallelBuilding=false</literal>.
</para>
</listitem>
claws-mail: remove claws-mail-gtk2 version The GTK+ 2 version of Claws Mail, major version number three, relies on Python 2, which is end-of-life and might be dropped in the nixpkgs. In favour of #148779, this older branch of Claws Mail was removed.
3 years ago
<listitem>
<para>
<literal>pkgs.claws-mail-gtk2</literal>, representing Claws
Mail’s older release version three, was removed in order to
get rid of Python 2. Please switch to
<literal>claws-mail</literal>, which is Claws Mail’s latest
release based on GTK+3 and Python 3.
</para>
</listitem>
writers.PyPy{2,3}: init
3 years ago
<listitem>
<para>
The <literal>writers.writePython2</literal> and corresponding
<literal>writers.writePython2Bin</literal> convenience
functions to create executable Python 2 scripts in the store
were removed in preparation of removal of the Python 2
interpreter. Scripts have to be converted to Python 3 for use
with <literal>writers.writePython3</literal> or
<literal>writers.writePyPy2</literal> needs to be used.
</para>
</listitem>
gnome-passwordsafe: rename to gnome-secrets, 5.0->6.1
2 years ago
<listitem>
<para>
nixos/doc/2205: add note for `go_1_17` `vendorSha256`
2 years ago
<literal>buildGoModule</literal> was updated to use
<literal>go_1_17</literal>, third party derivations that
specify &gt;= go 1.17 in the main <literal>go.mod</literal>
will need to regenerate their <literal>vendorSha256</literal>
hash.
</para>
</listitem>
gnome-passwordsafe: rename to gnome-secrets, 5.0->6.1
2 years ago
<listitem>
<para>
The <literal>gnome-passwordsafe</literal> package updated to
<link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version
6.x</link> and renamed to <literal>gnome-secrets</literal>.
</para>
</listitem>
nixos/docker: add daemonConfig option Adds the virtualisation.docker.daemonConfig option that allows changing Docker daemon settings as done in daemon.conf.
3 years ago
<listitem>
<para>
If you previously used
<literal>/etc/docker/daemon.json</literal>, you need to
incorporate the changes into the new option
rename daemonConfig -> daemon.settings
2 years ago
<literal>virtualisation.docker.daemon.settings</literal>.
nixos/docker: add daemonConfig option Adds the virtualisation.docker.daemonConfig option that allows changing Docker daemon settings as done in daemon.conf.
3 years ago
</para>
</listitem>
nixos/ntopng: update user and redis configuration New ntopng version supports running as specified user. Create a separate user for ntopng with a separate Redis instance. Separate instance is only used for new `system.stateVersion`s to avoid breaking existing setups. To configure that we add two new options, `redis.address` and `redis.createInstance`. They can also be used to specify your own Redis address.
2 years ago
<listitem>
<para>
Ntopng (<literal>services.ntopng</literal>) is updated to
5.2.1 and uses a separate Redis instance if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Existing setups shouldn’t be
affected.
</para>
</listitem>
nixos/wordpress: Drop old deprecated interface (#152674)
2 years ago
<listitem>
<para>
The backward compatibility in
<literal>services.wordpress</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.wordpress.sites</literal> instead.
</para>
</listitem>
nixos/dokuwiki: Drop deprecated old interface (#152676)
2 years ago
<listitem>
<para>
The backward compatibility in
<literal>services.dokuwiki</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.dokuwiki.sites</literal> instead.
</para>
</listitem>
opensmtpd-extras: drop python2 option related to https://github.com/NixOS/nixpkgs/issues/148779
2 years ago
<listitem>
<para>
opensmtpd-extras is no longer build with python2 scripting
support due to python2 deprecation in nixpkgs
</para>
</listitem>
nixos/miniflux: no cleartext password in the store
2 years ago
<listitem>
<para>
<literal>services.miniflux.adminCredentialFiles</literal> is
now required, instead of defaulting to
<literal>admin</literal> and <literal>password</literal>.
</para>
</listitem>
nixos/rl-2205: mention autorestic update
2 years ago
<listitem>
<para>
The <literal>autorestic</literal> package has been upgraded
from 1.3.0 to 1.5.0 which introduces breaking changes in
config file, check
<link xlink:href="https://autorestic.vercel.app/migration/1.4_1.5">their
migration guide</link> for more details.
</para>
</listitem>
nixos/doc/rl-2205: Add note about reduced closure of python3.pkgs.matplotlib
2 years ago
<listitem>
<para>
For <literal>pkgs.python3.pkgs.ipython</literal>, its direct
dependency
<literal>pkgs.python3.pkgs.matplotlib-inline</literal> (which
is really an adapter to integrate matplotlib in ipython if it
is installed) does not depend on
<literal>pkgs.python3.pkgs.matplotlib</literal> anymore. This
is closer to a non-Nix install of ipython. This has the added
benefit to reduce the closure size of
<literal>ipython</literal> from ~400MB to ~160MB (including
~100MB for python itself).
</para>
</listitem>
nixos/doc: document documentation.man changes in 22.05 rel notes
3 years ago
<listitem>
<para>
<literal>documentation.man</literal> has been refactored to
support choosing a man implementation other than GNU’s
<literal>man-db</literal>. For this,
<literal>documentation.man.manualPages</literal> has been
renamed to
<literal>documentation.man.man-db.manualPages</literal>. If
you want to use the new alternative man implementation
<literal>mandoc</literal>, add
<literal>documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }</literal>
to your configuration.
</para>
</listitem>
users-groups service: add autoSubUidGidRange option Previously we allocated subuids automatically for all normal users. Make this explicitly configurable, so that one can use this for system users too (or explicitly disable for normal users). Also don't allocate automatically by default if a user already has ranges specified statically.
2 years ago
<listitem>
<para>
Normal users (with <literal>isNormalUser = true</literal>)
which have non-empty <literal>subUidRanges</literal> or
<literal>subGidRanges</literal> set no longer have additional
implicit ranges allocated. To enable automatic allocation back
set <literal>autoSubUidGidRange = true</literal>.
</para>
</listitem>
Idris2: Refactor default.nix We take the idris2 projects version of the derivation. Originally, Idris2 did not maintain their own nix derivation, so we created our own. Now they maintain their own derivation, so we should try to keep ours as close to theirs. This change comes with the following differences: * support files are in its own output, instead of packaged with idris2 - This makes it necessary to provide --package for contrib and network !!! This is a breaking change !!! * IDIRS2_PREFIX is set to ~/.idris2 instead of pointing to nix-store - This makes --install work as expected for the user * Properly set IDRIS2_PACKAGE_PATH * non-linux platform uses chez-racket instead of chez
2 years ago
<listitem>
<para>
<literal>idris2</literal> now requires
<literal>--package</literal> when using packages
<literal>contrib</literal> and <literal>network</literal>,
while previously these idris2 packages were automatically
loaded.
</para>
</listitem>
iputils: 20210722 -> 20211215 The tools "tftpd" and "traceroute6" were removed. See [0] for more details. [0]: https://github.com/iputils/iputils/releases/tag/20211215
2 years ago
<listitem>
<para>
The iputils package, which is installed by default, no longer
provides the legacy tools <literal>tftpd</literal> and
<literal>traceroute6</literal>. More tools
(<literal>ninfod</literal>, <literal>rarpd</literal>, and
<literal>rdisc</literal>) are going to be removed in the next
release. See
<link xlink:href="https://github.com/iputils/iputils/releases/tag/20211215">upstream’s
release notes</link> for more details and available
replacements.
</para>
</listitem>
nixos/thelounge: private -> public Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
3 years ago
<listitem>
<para>
<literal>services.thelounge.private</literal> was removed in
favor of <literal>services.thelounge.public</literal>, to
follow with upstream changes.
</para>
</listitem>
docbookrx: drop
2 years ago
<listitem>
<para>
<literal>pkgs.docbookrx</literal> was removed since it’s
unmaintained
</para>
</listitem>
tilp2: drop While tilp2's libglade dependency is optional, it still has a hard dependency on it via gfm
2 years ago
<listitem>
<para>
<literal>tilp2</literal> was removed together with its module
</para>
</listitem>
multimc: document replacement
2 years ago
<listitem>
nixos/networkd: Add routes from interfaces to [Route] section of .network file Closes https://github.com/NixOS/nixpkgs/pull/93635.
3 years ago
<para>
The options
<literal>networking.interfaces.&lt;name&gt;.ipv4.routes</literal>
and
<literal>networking.interfaces.&lt;name&gt;.ipv6.routes</literal>
are no longer ignored when using networkd instead of the
default scripted network backend by setting
<literal>networking.useNetworkd</literal> to
<literal>true</literal>.
</para>
</listitem>
multimc: document replacement
2 years ago
<listitem>
<para>
MultiMC has been replaced with the fork PolyMC due to upstream
developers being hostile to 3rd party package maintainers.
PolyMC removes all MultiMC branding and is aimed at providing
proper 3rd party packages like the one contained in Nixpkgs.
This change affects the data folder where game instances and
other save and configuration files are stored. Users with
existing installations should rename
<literal>~/.local/share/multimc</literal> to
<literal>~/.local/share/polymc</literal>. The main config
file’s path has also moved from
<literal>~/.local/share/multimc/multimc.cfg</literal> to
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
nixos: Switch to default systemd-nspawn behaviour
2 years ago
<listitem>
<para>
<literal>systemd-nspawn@.service</literal> settings have been
reverted to the default systemd behaviour. User namespaces are
now activated by default. If you want to keep running nspawn
containers without user namespaces you need to set
<literal>systemd.nspawn.&lt;name&gt;.execConfig.PrivateUsers = false</literal>
</para>
</listitem>
terraform.withPlugins: clean and remove 0.12 support (#155477) Now that the terraform 0.12 compatibility is not needed anymore, the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations can be simplified. Instead of building a bunch of bin wrappers on instantiation, the providers are now stored in `$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` and then a simple `buildEnv` can be used to merge them. This breaks back-compat so it's not possible to mix-and-match with previous versions of nixpkgs. In exchange, it now becomes possible to use the providers from [nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin) directly.
2 years ago
<listitem>
<para>
The terraform 0.12 compatibility has been removed and the
<literal>terraform.withPlugins</literal> and
<literal>terraform-providers.mkProvider</literal>
implementations simplified. Providers now need to be stored
under
<literal>$out/libexec/terraform-providers/&lt;registry&gt;/&lt;owner&gt;/&lt;name&gt;/&lt;version&gt;/&lt;os&gt;_&lt;arch&gt;/terraform-provider-&lt;name&gt;_v&lt;version&gt;</literal>
(which mkProvider does).
</para>
<para>
This breaks back-compat so it’s not possible to mix-and-match
with previous versions of nixpkgs. In exchange, it now becomes
possible to use the providers from
<link xlink:href="https://github.com/numtide/nixpkgs-terraform-providers-bin">nixpkgs-terraform-providers-bin</link>
directly.
</para>
</listitem>
opentelemetry-collector-contrib: init at 0.43.0
2 years ago
<listitem>
<para>
The existing <literal>pkgs.opentelemetry-collector</literal>
has been moved to
<literal>pkgs.opentelemetry-collector-contrib</literal> to
match the actual source being the <quote>contrib</quote>
edition. <literal>pkgs.opentelemetry-collector</literal> is
now the actual core release of opentelemetry-collector. If you
use the community contributions you should change the package
you refer to. If you don’t need them update your commands from
<literal>otelcontribcol</literal> to
<literal>otelcorecol</literal> and enjoy a 7x smaller binary.
</para>
</listitem>
noto-fonts-cjk: add missing serif font Fixes #99940
3 years ago
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
have different release schedules. To maintain compatibility
with prior releases of Nixpkgs,
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesn’t
include serif fonts.
</para>
</listitem>
nixos/switch-to-configuration: Rework activation script restarts This removes `/run/nixos/activation-reload-list` (which we will need in the future when reworking the reload logic) and makes `/run/nixos/activation-restart-list` honor `restartIfChanged` and `reloadIfChanged`. This way activation scripts don't have to bother with choosing between reloading and restarting.
2 years ago
<listitem>
<para>
nixos/switch-to-configuration: Proper unit file parser This replaces the naive K=V unit parser with a proper INI parser from a library and adds proper support for override files. Also adds a bunch of comments about parsing, I hope this makes it easier to understand and maintain in the future. There are multiple reasons to do so, the first one is just general correctness with is nice imo. But to get to more serious reasons (I didn't put in all that effort for nothing) is that this is the first step torwards more clever restart/reload handling. By using a library like Data::Compare a future PR could replace the current way of fingerprinting units (which is to compare store paths) by comparing the hashes. This is more precise because units won't get restarted because the order of the options change, comments are added, some dependency of writeText changes, .... Also this allows us to add a feature like `X-Reload-Triggers` so the unit can either be reloaded when these change or restarted when everything else changes, giving module authors the ability to have their services reloaded without having to fear that updates are not applied because the service doesn't get restarted. Another reason why this feature is nice is that now that the unit files are parsed correctly (and values are just extracted from one section), potential future rewrites can just rely on some INI library without having to implement their own weird parser that is compatible with this script. This also comes with a new subroutine to handle systemd booleans because I thought the current way of handling it was just ugly. This also allows overriding values this script reads in an override file. Apart from making this script more compatible with the world around it, this also fixes two issues I saw bugging exactly 0 (zero) people. First is that this script now supports multiple override files, also ones that are not called override.conf and the second one is that `1` and `on` are treated as bools by systemd but were previously not parsed as such by switch-to-configuration.
2 years ago
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
nixos/systemd: Add reloadTriggers to services
2 years ago
<itemizedlist spacing="compact">
<listitem>
<para>
Preferring to reload instead of restarting can still
be achieved using
<literal>/run/nixos/activation-reload-list</literal>.
</para>
</listitem>
</itemizedlist>
nixos/switch-to-configuration: Proper unit file parser This replaces the naive K=V unit parser with a proper INI parser from a library and adds proper support for override files. Also adds a bunch of comments about parsing, I hope this makes it easier to understand and maintain in the future. There are multiple reasons to do so, the first one is just general correctness with is nice imo. But to get to more serious reasons (I didn't put in all that effort for nothing) is that this is the first step torwards more clever restart/reload handling. By using a library like Data::Compare a future PR could replace the current way of fingerprinting units (which is to compare store paths) by comparing the hashes. This is more precise because units won't get restarted because the order of the options change, comments are added, some dependency of writeText changes, .... Also this allows us to add a feature like `X-Reload-Triggers` so the unit can either be reloaded when these change or restarted when everything else changes, giving module authors the ability to have their services reloaded without having to fear that updates are not applied because the service doesn't get restarted. Another reason why this feature is nice is that now that the unit files are parsed correctly (and values are just extracted from one section), potential future rewrites can just rely on some INI library without having to implement their own weird parser that is compatible with this script. This also comes with a new subroutine to handle systemd booleans because I thought the current way of handling it was just ugly. This also allows overriding values this script reads in an override file. Apart from making this script more compatible with the world around it, this also fixes two issues I saw bugging exactly 0 (zero) people. First is that this script now supports multiple override files, also ones that are not called override.conf and the second one is that `1` and `on` are treated as bools by systemd but were previously not parsed as such by switch-to-configuration.
2 years ago
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that don’t use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
nixos/switch-to-configuration: Rework activation script restarts This removes `/run/nixos/activation-reload-list` (which we will need in the future when reworking the reload logic) and makes `/run/nixos/activation-restart-list` honor `restartIfChanged` and `reloadIfChanged`. This way activation scripts don't have to bother with choosing between reloading and restarting.
2 years ago
</listitem>
nixos/bookstack: Clear the cache more reliably When upgrading bookstack, if something in the cache conflicts with the new installation, the artisan commands might fail. To solve this, make the cache lifetime bound to the setup service. This also removes the `cacheDir` option, since the path is now handled automatically by systemd.
2 years ago
<listitem>
<para>
The <literal>services.bookstack.cacheDir</literal> option has
been removed, since the cache directory is now handled by
systemd.
</para>
</listitem>
nixos/bookstack: Add option config to replace extraConfig The `extraConfig` parameter only handles text - it doesn't support arbitrary secrets and, with the way it's processed in the setup script, it's very easy to accidentally unescape the echoed string and run shell commands / feed garbage to bash. To fix this, implement a new option, `config`, which instead takes a typed attribute set, generates the `.env` file in nix and does arbitrary secret replacement. This option is then used to provide the configuration for all other options which change the `.env` file.
2 years ago
<listitem>
<para>
The <literal>services.bookstack.extraConfig</literal> option
has been replaced by
<literal>services.bookstack.config</literal> which implements
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
lib/asserts: use throw to display message for assertMsg `assert` has the annoying property that it dumps a lot of code at the user without the built in capability to display a nicer message. We have worked around this using `assertMsg` which would *additionally* display a nice message. We can do even better: By using `throw` we can make evaluation fail before assert draws its conclusions and prevent it from displaying the code making up the assert condition, so we get the nicer message of `throw` and the syntactical convenience of `assert`. Before: nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; } trace: Deterministic builds require stripping bytecode. error: assertion (((lib).assertMsg (reproducibleBuild -> stripBytecode)) "Deterministic builds require stripping bytecode.") failed at /home/lukas/src/nix/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:45:1 After: nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; } error: Deterministic builds require stripping bytecode.
2 years ago
<listitem>
<para>
<literal>lib.assertMsg</literal> and
<literal>lib.assertOneOf</literal> no longer return
<literal>false</literal> if the passed condition is
<literal>false</literal>, <literal>throw</literal>ing the
given error message instead (which makes the resulting error
message less cluttered). This will not impact the behaviour of
code using these functions as intended, namely as top-level
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
vpnc: don't produce non-free binaries by default As explained in vpnc's Makefile, a vpnc with OpenSSL support is non-redistributable. The option to enable OpenSSL support, which is disabled by default, is even called OPENSSL_GPL_VIOLATION — something that was conveniently hidden by the strange way the option was set in the previous version of this package.
3 years ago
<listitem>
<para>
The <literal>vpnc</literal> package has been changed to use
GnuTLS instead of OpenSSL by default for licensing reasons.
</para>
</listitem>
vimPlugins.onedark-nvim: etc `vimPlugins.onedark-nvim` now refers to navarasu/onedark.nvim (formerly refers to olimorris/onedarkpro.nvim).
2 years ago
<listitem>
<para>
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
<link xlink:href="https://github.com/navarasu/onedark.nvim">navarasu/onedark.nvim</link>
(formerly refers to
<link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>).
</para>
</listitem>
nixos/pipewire: default to wireplumber
2 years ago
<listitem>
<para>
<literal>services.pipewire.enable</literal> will default to
enabling the WirePlumber session manager instead of
pipewire-media-session. pipewire-media-session is deprecated
by upstream and not recommended, but can still be manually
enabled by setting
<literal>services.pipewire.media-session.enable</literal> to
<literal>true</literal> and
<literal>services.pipewire.wireplumber.enable</literal> to
<literal>false</literal>.
</para>
</listitem>
ghc: make sure top level exposed GHC is always host->target See the added comment in all-packages.nix for a more detailed explanation. This makes the top-level GHC different from haskellPackages.ghc (which is build->host and used for building the package set), but more consistent with gcc, gnat etc. Specifically, pkgsCross.${platform}.buildPackages.ghc will now be a cross-compiler instead of a native build->build compiler. Since this change has a slight chance of being disruptive, add a note to the changelog.
3 years ago
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
3 years ago
</section>
<section xml:id="sec-release-22.05-notable-changes">
<title>Other Notable Changes</title>
writers.PyPy{2,3}: init
3 years ago
<itemizedlist>
nixos/redis: enable multiple instances of redis-server
3 years ago
<listitem>
<para>
The option
<link linkend="opt-services.redis.servers">services.redis.servers</link>
was added to support per-application
<literal>redis-server</literal> which is more secure since
Redis databases are only mere key prefixes without any
configuration or ACL of their own. Backward-compatibility is
preserved by mapping old
<literal>services.redis.settings</literal> to
<literal>services.redis.servers.&quot;&quot;.settings</literal>,
but you are strongly encouraged to name each
<literal>redis-server</literal> instance after the application
using it, instead of keeping that nameless one. Except for the
nameless
<literal>services.redis.servers.&quot;&quot;</literal> still
accessible at <literal>127.0.0.1:6379</literal>, and to the
members of the Unix group <literal>redis</literal> through the
Unix socket <literal>/run/redis/redis.sock</literal>, all
other <literal>services.redis.servers.${serverName}</literal>
are only accessible by default to the members of the Unix
group <literal>redis-${serverName}</literal> through the Unix
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
</para>
</listitem>
nixos: Add release note about vmVariant
2 years ago
<listitem>
<para>
The option
<link linkend="opt-virtualisation.vmVariant">virtualisation.vmVariant</link>
was added to allow users to make changes to the
<literal>nixos-rebuild build-vm</literal> configuration that
do not apply to their normal system.
</para>
<para>
The <literal>config.system.build.vm</literal> attribute now
always exists and defaults to the value from
<literal>vmVariant</literal>. Configurations that import the
<literal>virtualisation/qemu-vm.nix</literal> module
themselves will override this value, such that
<literal>vmVariant</literal> is not used.
</para>
<para>
Similarly
<link linkend="opt-virtualisation.vmVariantWithBootLoader">virtualisation.vmVariantWithBootloader</link>
was added.
</para>
</listitem>
nixos/nix-daemon: use structural settings The `nix.*` options, apart from options for setting up the daemon itself, currently provide a lot of setting mappings for the Nix daemon configuration. The scope of the mapping yields convience, but the line where an option is considered essential is blurry. For instance, the `extra-sandbox-paths` mapping is provided without its primary consumer, and the corresponding `sandbox-paths` option is also not mapped. The current system increases the maintenance burden as maintainers have to closely follow upstream changes. In this case, there are two state versions of Nix which have to be maintained collectively, with different options avaliable. This commit aims to following the standard outlined in RFC 42[1] to implement a structural setting pattern. The Nix configuration is encoded at its core as key-value pairs which maps nicely to attribute sets, making it feasible to express in the Nix language itself. Some existing options are kept such as `buildMachines` and `registry` which present a simplified interface to managing the respective settings. The interface is exposed as `nix.settings`. Legacy configurations are mapped to their corresponding options under `nix.settings` for backwards compatibility. Various options settings in other nixos modules and relevant tests have been updated to use structural setting for consistency. The generation and validation of the configration file has been modified to use `writeTextFile` instead of `runCommand` for clarity. Note that validation is now mandatory as strict checking of options has been pushed down to the derivation level due to freeformType consuming unmatched options. Furthermore, validation can not occur when cross-compiling due to current limitations. A new option `publicHostKey` was added to the `buildMachines` submodule corresponding to the base64 encoded public host key settings exposed in the builder syntax. The build machine generation was subsequently rewritten to use `concatStringsSep` for better performance by grouping concatenations. [1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
3 years ago
<listitem>
<para>
The configuration portion of the <literal>nix-daemon</literal>
module has been reworked and exposed as
<link xlink:href="options.html#opt-nix-settings">nix.settings</link>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Legacy options have been mapped to the corresponding
options under under
<link xlink:href="options.html#opt-nix.settings">nix.settings</link>
but may be deprecated in the future.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-nix.buildMachines.publicHostKey">nix.buildMachines.publicHostKey</link>
has been added.
</para>
</listitem>
</itemizedlist>
</listitem>
writers.PyPy{2,3}: init
3 years ago
<listitem>
<para>
The
<literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal>
and corresponding
<literal>writers.writePyPy2Bin</literal>/<literal>writers.writePyPy3Bin</literal>
convenience functions to create executable Python 2/3 scripts
using the PyPy interpreter were added.
</para>
</listitem>
wayland: enable ozone via $NIXOS_OZONE_WL Chrome, Chromium, VSCode, Slack, Signal, Discord, element-desktop, schildichat. For the latter two, the feature flag useWayland was removed and a wrapper script was provided.
3 years ago
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = &quot;1&quot;</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
infuxdb2: add package split to 22.05 release notes.
2 years ago
<listitem>
<para>
The <literal>influxdb2</literal> package was split into
<literal>influxdb2-server</literal> and
<literal>influxdb2-cli</literal>, matching the split that took
place upstream. A combined <literal>influxdb2</literal>
package is still provided in this release for backwards
compatibilty, but will be removed at a later date.
</para>
</listitem>
nixos/unifi: add deprecation warning for openPorts modules are discouraged from opening ports in the firewall unless explicitly told to do so. add a deprecation notice for this in unifi.
3 years ago
<listitem>
<para>
The <literal>services.unifi.openPorts</literal> option default
value of <literal>true</literal> is now deprecated and will be
changed to <literal>false</literal> in 22.11. Configurations
using this default will print a warning when rebuilt.
</para>
</listitem>
nixos/acme: Update release notes
3 years ago
<listitem>
<para>
<literal>security.acme</literal> certificates will now
correctly check for CA revokation before reaching their
minimum age.
</para>
</listitem>
<listitem>
<para>
Removing domains from
<literal>security.acme.certs._name_.extraDomainNames</literal>
will now correctly remove those domains during rebuild/renew.
</para>
</listitem>
mariadb: mention multiple release support in release notes
3 years ago
<listitem>
<para>
MariaDB is now offered in several versions, not just the
newest one. So if you have a need for running MariaDB 10.4 for
example, you can now just set
<literal>services.mysql.package = pkgs.mariadb_104;</literal>.
In general, it is recommended to run the newest version, to
get the newest features, while sticking with an LTS version
will most likely provide a more stable experience. Sometimes
software is also incompatible with the newest version of
MariaDB.
</para>
</listitem>
nixos/ssh: Add enableAskPassword Previously, this was only implicitly enabled if xserver.enable = true. However, Wayland-based desktops do not require this, and so configuring SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies that by adding a new option that defaults to the old conditional.
3 years ago
<listitem>
<para>
The option
nixos/doc: Fix typo in release notes Broken in f10aea24347a7246a020aa6498ba857de463fd5d.
2 years ago
<link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link>
nixos/ssh: Add enableAskPassword Previously, this was only implicitly enabled if xserver.enable = true. However, Wayland-based desktops do not require this, and so configuring SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies that by adding a new option that defaults to the old conditional.
3 years ago
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
nixos/ssh: add release notes for extraHostNames option
2 years ago
<listitem>
<para>
<link linkend="opt-programs.ssh.knownHosts">programs.ssh.knownHosts</link>
has gained an <literal>extraHostNames</literal> option to
replace <literal>hostNames</literal>.
<literal>hostNames</literal> is deprecated, but still
available for now.
</para>
</listitem>
nixos/stubby: reduce to a settings-style configuration Extract the example configuration from the package to provide a working example. Remove pkgs.stubby from `environment.systemPackages`.
3 years ago
<listitem>
<para>
The <literal>services.stubby</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
nixos/duplicati: Add dataDir to service Other services such as minecraft-server and plex allow configuration of the dataDir option, allowing the files stored by each service to be in a custom location. Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2 years ago
<listitem>
<para>
The option <literal>services.duplicati.dataDir</literal> has
been added to allow changing the location of duplicati’s
files.
</para>
</listitem>
nixos/modprobe: add boot.initrd.extraModprobeConfig option This option behaves exactly like `boot.extraModprobeConfig`, except that it also includes the generated modprobe.d file in the initrd. Many years ago, someone tried to include the normal modprobe.d/nixos.conf file generated by `boot.extraModprobeConfig` in the initrd: 0aa2c1dc46779a3df6c4e02d3fae39b0de297be8. This file contains a reference to a directory with firmware files inside. Including firmware in the initrd made it too big, so the commit was reverted again in 4a4c051a95b6b8da3a13d7955087e915e6dd4bf7. The `boot.extraModprobeConfig` option not changing the initrd caused me much confusion because I tried to set the maximum cache size for ZFS and it didn't work. Closes https://github.com/NixOS/nixpkgs/issues/25456.
3 years ago
<listitem>
<para>
A new option
<literal>boot.initrd.extraModprobeConfig</literal> has been
added which can be used to configure kernel modules that are
loaded in the initrd.
</para>
</listitem>
nixos/nixos-generate-config: move dhcpConfig from configuration.nix to hardware-configuration.nix
3 years ago
<listitem>
<para>
<literal>nixos-generate-config</literal> now puts the dhcp
configuration in <literal>hardware-configuration.nix</literal>
instead of <literal>configuration.nix</literal>.
</para>
</listitem>
fetchFromSourcehut: allow recursive fetching
3 years ago
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
repositories recursively using <literal>fetchgit</literal> or
<literal>fetchhg</literal> if the argument
<literal>fetchSubmodules</literal> is set to
<literal>true</literal>.
</para>
</listitem>
nixos/thelounge: add plugins option
2 years ago
<listitem>
<para>
The option <literal>services.thelounge.plugins</literal> has
been added to allow installing plugins for The Lounge. Plugins
can be found in
<literal>pkgs.theLoungePlugins.plugins</literal> and
<literal>pkgs.theLoungePlugins.themes</literal>.
</para>
</listitem>
firmwareLinuxNonfree -> linux-firmware This renames our `firmwareLinuxNonfree` package to `linux-firmware`. There is prior art for this in multiple other distros[1][2][3]. Besides making the package more discoverable by those searching for the usual name, this also brings it in-line with the `kebab-case` we normally see in `nixpkgs` pnames, and removes the `Nonfree` information from the name, which I consider redundant given it's present in `meta.license`. The corresponding alias has been added, so this shouldn't break anything. [1]: https://archlinux.org/packages/core/any/linux-firmware/ [2]: https://src.fedoraproject.org/rpms/linux-firmware [3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2 years ago
<listitem>
<para>
The <literal>firmwareLinuxNonfree</literal> package has been
renamed to <literal>linux-firmware</literal>.
</para>
nixos/mbpfan: convert to structural settings
2 years ago
</listitem>
nixos/modules/misc/wordlist: init Addresses #16545. Allows for user defined environment variables that hold paths to wordlists. This is to allow for easy access to wordlists for users and scripts, (in other distributions a convenient wordlist is typically found in /usr/share/dict/words or similar). The default wordlist is the one found in scowl, for no other reason than that's the one that was mentioned in the linked issue. It is possible to specify multiple environment variables as well. This is for users who need multiple wordlists (such as multilingual users).
2 years ago
<listitem>
<para>
It is now possible to specify wordlists to include as handy to
access environment variables using the
<literal>config.environment.wordlist</literal> configuration
options.
</para>
</listitem>
nixos/mbpfan: convert to structural settings
2 years ago
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> configuration.
</para>
firmwareLinuxNonfree -> linux-firmware This renames our `firmwareLinuxNonfree` package to `linux-firmware`. There is prior art for this in multiple other distros[1][2][3]. Besides making the package more discoverable by those searching for the usual name, this also brings it in-line with the `kebab-case` we normally see in `nixpkgs` pnames, and removes the `Nonfree` information from the name, which I consider redundant given it's present in `meta.license`. The corresponding alias has been added, so this shouldn't break anything. [1]: https://archlinux.org/packages/core/any/linux-firmware/ [2]: https://src.fedoraproject.org/rpms/linux-firmware [3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2 years ago
</listitem>
nixos/modules/programs/spacefm: remove gksu dependency
2 years ago
<listitem>
<para>
The default value for
<literal>programs.spacefm.settings.graphical_su</literal> got
unset. It previously pointed to <literal>gksu</literal> which
has been removed.
</para>
</listitem>
nixos/starship: init
2 years ago
<listitem>
<para>
A new module was added for the
<link xlink:href="https://starship.rs/">Starship</link> shell
prompt, providing the options
<literal>programs.starship.enable</literal> and
<literal>programs.starship.settings</literal>.
</para>
</listitem>
dino: mention update in release notes
2 years ago
<listitem>
<para>
The <link xlink:href="https://dino.im">Dino</link> XMPP client
was updated to 0.3, adding support for audio and video calls.
</para>
</listitem>
nixos/mattermost: update release notes
2 years ago
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
logrotate: default to enable if any rule is active
2 years ago
<listitem>
<para>
<literal>services.logrotate.enable</literal> now defaults to
true if any rotate path has been defined, and some paths have
been added by default.
</para>
</listitem>
zrepl: 0.4.0 -> 0.5.0
2 years ago
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
0.4.0 to 0.5:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The RPC protocol version was bumped; all zrepl daemons in
a setup must be updated and restarted before replication
can resume.
</para>
</listitem>
<listitem>
<para>
A bug involving encrypt-on-receive has been fixed. Read
the
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
documentation</link> and check the output of
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
on the receiver.
</para>
</listitem>
</itemizedlist>
</listitem>
openssh: add release-notes entry for services.openssh.{challengeResponseAuthentication -> kbdInteractiveAuthentication}
2 years ago
<listitem>
<para>
Renamed option
<literal>services.openssh.challengeResponseAuthentication</literal>
to
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a
warning.
</para>
</listitem>
modemmanager: 1.18.2 -> 1.18.4 Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. The user must, under their own responsibility, enable the automatic FCC unlock as shipped by ModemManager.
2 years ago
<listitem>
<para>
The option
<link linkend="opt-services.networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link>
was added to support FCC unlock procedures. Since release
1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. See
<link xlink:href="https://modemmanager.org/docs/modemmanager/fcc-unlock/">the
docs</link> for more details.
</para>
</listitem>
nixos/programs/tmux: specify wanted plugins Currently it's rather difficult to install tmux plugins. The process involves two steps: 1. Specify the correct `pkg.tmuxPlugins` package in `environment.systemPackages` 2. Adding to the configuration file to instantiate the plugin. This commit allows the user to specify a list of plugins under `programs.tmux.plugins`. Update nixos/modules/programs/tmux.nix Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
3 years ago
<listitem>
<para>
<literal>programs.tmux</literal> has a new option
<literal>plugins</literal> that accepts a list of packages
from the <literal>tmuxPlugins</literal> group. The specified
packages are added to the system and loaded by
<literal>tmux</literal>.
</para>
</listitem>
nixos/redis: enable multiple instances of redis-server
3 years ago
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
3 years ago
</section>
</section>