You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2092 lines
79 KiB
2092 lines
79 KiB
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11">
|
|
<title>Release 21.11 (“Porcupine”, 2021/11/30)</title>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Support is planned until the end of June 2022, handing over to
|
|
22.05.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<section xml:id="sec-release-21.11-highlights">
|
|
<title>Highlights</title>
|
|
<para>
|
|
In addition to numerous new and upgraded packages, this release
|
|
has the following highlights:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Nix has been updated to version 2.4, reference its
|
|
<link xlink:href="https://discourse.nixos.org/t/nix-2-4-released/15822">release
|
|
notes</link> for more information on what has changed. The
|
|
previous version of Nix, 2.3.16, remains available for the
|
|
time being in the <literal>nix_2_3</literal> package.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>iptables</literal> is now using
|
|
<literal>nf_tables</literal> under the hood, by using
|
|
<literal>iptables-nft</literal>, similar to
|
|
<link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link>
|
|
and
|
|
<link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>.
|
|
This means, <literal>ip[6]tables</literal>,
|
|
<literal>arptables</literal> and <literal>ebtables</literal>
|
|
commands will actually show rules from some specific tables in
|
|
the <literal>nf_tables</literal> kernel subsystem. In case
|
|
you’re migrating from an older release without rebooting,
|
|
there might be cases where you end up with iptable rules
|
|
configured both in the legacy <literal>iptables</literal>
|
|
kernel backend, as well as in the <literal>nf_tables</literal>
|
|
backend. This can lead to confusing firewall behaviour. An
|
|
<literal>iptables-save</literal> after switching will complain
|
|
about <quote>iptables-legacy tables present</quote>. It’s
|
|
probably best to reboot after the upgrade, or manually
|
|
removing all legacy iptables rules (via the
|
|
<literal>iptables-legacy</literal> package).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
systemd got an <literal>nftables</literal> backend, and
|
|
configures (networkd) rules in their own
|
|
<literal>io.systemd.*</literal> tables. Check
|
|
<literal>nft list ruleset</literal> to see these rules, not
|
|
<literal>iptables-save</literal> (which only shows
|
|
<literal>iptables</literal>-created rules.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
PHP now defaults to PHP 8.0, updated from 7.4.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
kops now defaults to 1.21.1, which uses containerd as the
|
|
default runtime.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>python3</literal> now defaults to Python 3.9, updated
|
|
from Python 3.8.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
PostgreSQL now defaults to major version 13.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
spark now defaults to spark 3, updated from 2. A
|
|
<link xlink:href="https://spark.apache.org/docs/latest/core-migration-guide.html#upgrading-from-core-24-to-30">migration
|
|
guide</link> is available.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Improvements have been made to the Hadoop module and package:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
HDFS and YARN now support production-ready highly
|
|
available deployments with automatic failover.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Hadoop now defaults to Hadoop 3, updated from 2.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
JournalNode, ZKFS and HTTPFS services have been added.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Activation scripts can now, optionally, be run during a
|
|
<literal>nixos-rebuild dry-activate</literal> and can detect
|
|
the dry activation by reading
|
|
<literal>$NIXOS_ACTION</literal>. This allows activation
|
|
scripts to output what they would change if the activation was
|
|
really run. The users/modules activation script supports this
|
|
and outputs some of is actions.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
KDE Plasma now finally works on Wayland.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
bash now defaults to major version 5.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Systemd was updated to version 249 (from 247).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Pantheon desktop has been updated to version 6. Due to changes
|
|
of screen locker, if locking doesn’t work for you, please try
|
|
<literal>gsettings set org.gnome.desktop.lockdown disable-lock-screen false</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>kubernetes-helm</literal> now defaults to 3.7.0,
|
|
which introduced some breaking changes to the experimental OCI
|
|
manifest format. See
|
|
<link xlink:href="https://github.com/helm/community/blob/main/hips/hip-0006.md">HIP
|
|
6</link> for more details. <literal>helmfile</literal> also
|
|
defaults to 0.141.0, which is the minimum compatible version.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
GNOME has been upgraded to 41. Please take a look at their
|
|
<link xlink:href="https://help.gnome.org/misc/release-notes/41.0/">Release
|
|
Notes</link> for details.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
LXD support was greatly improved:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
building LXD images from configurations is now directly
|
|
possible with just nixpkgs
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
hydra is now building nixOS LXD images that can be used
|
|
standalone with full nixos-rebuild support
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
OpenSSH was updated to version 8.8p1
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
This breaks connections to old SSH daemons as ssh-rsa host
|
|
keys and ssh-rsa public keys that were signed with SHA-1
|
|
are disabled by default now
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
These can be re-enabled, see the
|
|
<link xlink:href="https://www.openssh.com/txt/release-8.8">OpenSSH
|
|
changelog</link> for details
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
ORY Kratos was updated to version 0.8.0-alpha.3
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
This release requires you to run SQL migrations. Please,
|
|
as always, create a backup of your database first!
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The SDKs are now generated with tag v0alpha2 to reflect
|
|
that some signatures have changed in a breaking fashion.
|
|
Please update your imports from v0alpha1 to v0alpha2.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The SMTPS scheme used in courier config URL with
|
|
cleartext/StartTLS/TLS SMTP connection types is now only
|
|
supporting implicit TLS. For StartTLS and cleartext SMTP,
|
|
please use the SMTP scheme instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
for more details, see
|
|
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1">Release
|
|
Notes</link>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-21.11-new-services">
|
|
<title>New Services</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://digint.ch/btrbk/index.html">btrbk</link>,
|
|
a backup tool for btrfs subvolumes, taking advantage of btrfs
|
|
specific capabilities to create atomic snapshots and transfer
|
|
them incrementally to your backup locations. Available as
|
|
<link xlink:href="options.html#opt-services.brtbk.instances">services.btrbk</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/xrelkd/clipcat/">clipcat</link>,
|
|
an X11 clipboard manager written in Rust. Available at
|
|
<link xlink:href="options.html#opt-services.clipcat.enable">services.clipcat</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/dexidp/dex">dex</link>,
|
|
an OpenID Connect (OIDC) identity and OAuth 2.0 provider.
|
|
Available at
|
|
<link xlink:href="options.html#opt-services.dex.enable">services.dex</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/maxmind/geoipupdate">geoipupdate</link>,
|
|
a GeoIP database updater from MaxMind. Available as
|
|
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/jitsi/jibri">Jibri</link>,
|
|
a service for recording or streaming a Jitsi Meet conference.
|
|
Available as
|
|
<link xlink:href="options.html#opt-services.jibri.enable">services.jibri</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs
|
|
2nd generation DHCP and DDNS server suite. Available at
|
|
<link xlink:href="options.html#opt-services.kea.dhcp4">services.kea</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://owncast.online/">owncast</link>,
|
|
self-hosted video live streaming solution. Available at
|
|
<link xlink:href="options.html#opt-services.owncast.enable">services.owncast</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://joinpeertube.org/">PeerTube</link>,
|
|
developed by Framasoft, is the free and decentralized
|
|
alternative to video platforms. Available at
|
|
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://sr.ht">sourcehut</link>, a
|
|
collection of tools useful for software development. Available
|
|
as
|
|
<link xlink:href="options.html#opt-services.sourcehut.enable">services.sourcehut</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://download.pureftpd.org/pub/ucarp/README">ucarp</link>,
|
|
an userspace implementation of the Common Address Redundancy
|
|
Protocol (CARP). Available as
|
|
<link xlink:href="options.html#opt-networking.ucarp.enable">networking.ucarp</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Users of flashrom should migrate to
|
|
<link xlink:href="options.html#opt-programs.flashrom.enable">programs.flashrom.enable</link>
|
|
and add themselves to the <literal>flashrom</literal> group to
|
|
be able to access programmers supported by flashrom.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://vikunja.io">vikunja</link>, a to-do
|
|
list app. Available as
|
|
<link linkend="opt-services.vikunja.enable">services.vikunja</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/evilsocket/opensnitch">opensnitch</link>,
|
|
an application firewall. Available as
|
|
<link linkend="opt-services.opensnitch.enable">services.opensnitch</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://www.snapraid.it/">snapraid</link>, a
|
|
backup program for disk arrays. Available as
|
|
<link linkend="opt-snapraid.enable">snapraid</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
|
|
a OpenPGP Key Server. Available as
|
|
<link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/buildkite/buildkite-agent-metrics">buildkite-agent-metrics</link>,
|
|
a command-line tool for collecting Buildkite agent metrics,
|
|
now has a Prometheus exporter available as
|
|
<link linkend="opt-services.prometheus.exporters.buildkite-agent.enable">services.prometheus.exporters.buildkite-agent</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/prometheus/influxdb_exporter">influxdb-exporter</link>
|
|
a Prometheus exporter that exports metrics received on an
|
|
InfluxDB compatible endpoint is now available as
|
|
<link linkend="opt-services.prometheus.exporters.influxdb.enable">services.prometheus.exporters.influxdb</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/matrix-discord/mx-puppet-discord">mx-puppet-discord</link>,
|
|
a discord puppeting bridge for matrix. Available as
|
|
<link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://www.meshcommander.com/meshcentral2/overview">MeshCentral</link>,
|
|
a remote administration service (<quote>TeamViewer but
|
|
self-hosted and with more features</quote>) is now available
|
|
with a package and a module:
|
|
<link linkend="opt-services.meshcentral.enable">services.meshcentral.enable</link>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/Arksine/moonraker">moonraker</link>,
|
|
an API web server for Klipper. Available as
|
|
<link linkend="opt-services.moonraker.enable">moonraker</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/influxdata/influxdb">influxdb2</link>,
|
|
a Scalable datastore for metrics, events, and real-time
|
|
analytics. Available as
|
|
<link linkend="opt-services.influxdb2.enable">services.influxdb2</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://posativ.org/isso/">isso</link>, a
|
|
commenting server similar to Disqus. Available as
|
|
<link linkend="opt-services.isso.enable">isso</link>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://www.navidrome.org/">navidrome</link>,
|
|
a personal music streaming server with subsonic-compatible
|
|
api. Available as
|
|
<link linkend="opt-services.navidrome.enable">navidrome</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://docs.fluidd.xyz/">fluidd</link>, a
|
|
Klipper web interface for managing 3d printers using
|
|
moonraker. Available as
|
|
<link linkend="opt-services.fluidd.enable">fluidd</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/earnestly/sx">sx</link>,
|
|
a simple alternative to both xinit and startx for starting a
|
|
Xorg server. Available as
|
|
<link linkend="opt-services.xserver.displayManager.sx.enable">services.xserver.displayManager.sx</link>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://postfixadmin.sourceforge.io/">postfixadmin</link>,
|
|
a web based virtual user administration interface for Postfix
|
|
mail servers. Available as
|
|
<link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://wiki.servarr.com/prowlarr">prowlarr</link>,
|
|
an indexer manager/proxy built on the popular arr .net/reactjs
|
|
base stack
|
|
<link linkend="opt-services.prowlarr.enable">services.prowlarr</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
|
|
user-friendly IRC bouncer. Available as
|
|
<link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://nats.io/">nats</link>, a high
|
|
performance cloud and edge messaging system. Available as
|
|
<link linkend="opt-services.nats.enable">services.nats</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://git-scm.com">git</link>, a
|
|
distributed version control system. Available as
|
|
<link xlink:href="options.html#opt-programs.git.enable">programs.git</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://domainaware.github.io/parsedmarc/">parsedmarc</link>,
|
|
a service which parses incoming
|
|
<link xlink:href="https://dmarc.org/">DMARC</link> reports and
|
|
stores or sends them to a downstream service for further
|
|
analysis. Documented in
|
|
<link linkend="module-services-parsedmarc">its manual
|
|
entry</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://spark.apache.org/">spark</link>, a
|
|
unified analytics engine for large-scale data processing.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/JoseExposito/touchegg">touchegg</link>,
|
|
a multi-touch gesture recognizer. Available as
|
|
<link linkend="opt-services.touchegg.enable">services.touchegg</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/pantheon-tweaks/pantheon-tweaks">pantheon-tweaks</link>,
|
|
an unofficial system settings panel for Pantheon. Available as
|
|
<link linkend="opt-programs.pantheon-tweaks.enable">programs.pantheon-tweaks</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/DanielOgorchock/joycond">joycond</link>,
|
|
a service that uses <literal>hid-nintendo</literal> to provide
|
|
nintendo joycond pairing and better nintendo switch pro
|
|
controller support.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/opensvc/multipath-tools">multipath</link>,
|
|
the device mapper multipath (DM-MP) daemon. Available as
|
|
<link linkend="opt-services.multipath.enable">services.multipath</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://www.seafile.com/en/home/">seafile</link>,
|
|
an open source file syncing & sharing software. Available
|
|
as
|
|
<link xlink:href="options.html#opt-services.seafile.enable">services.seafile</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/mchehab/rasdaemon">rasdaemon</link>,
|
|
a hardware error logging daemon. Available as
|
|
<link linkend="opt-hardware.rasdaemon.enable">hardware.rasdaemon</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>code-server</literal>-module now available
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/xmrig/xmrig">xmrig</link>,
|
|
a high performance, open source, cross platform RandomX,
|
|
KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and
|
|
RandomX benchmark.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Auto nice daemons
|
|
<link xlink:href="https://github.com/Nefelim4ag/Ananicy">ananicy</link>
|
|
and
|
|
<link xlink:href="https://gitlab.com/ananicy-cpp/ananicy-cpp/">ananicy-cpp</link>.
|
|
Available as
|
|
<link linkend="opt-services.ananicy.enable">services.ananicy</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="https://github.com/prometheus-community/smartctl_exporter">smartctl_exporter</link>,
|
|
a Prometheus exporter for
|
|
<link xlink:href="https://en.wikipedia.org/wiki/S.M.A.R.T.">S.M.A.R.T.</link>
|
|
data. Available as
|
|
<link xlink:href="options.html#opt-services.prometheus.exporters.smartctl.enable">services.prometheus.exporters.smartctl</link>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-21.11-incompatibilities">
|
|
<title>Backward Incompatibilities</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The NixOS VM test framework,
|
|
<literal>pkgs.nixosTest</literal>/<literal>make-test-python.nix</literal>
|
|
(<literal>pkgs.testers.nixosTest</literal> since 22.05), now
|
|
requires detaching commands such as
|
|
<literal>succeed("foo &")</literal> and
|
|
<literal>succeed("foo | xclip -i")</literal> to
|
|
close stdout. This can be done with a redirect such as
|
|
<literal>succeed("foo >&2 &")</literal>.
|
|
This breaking change was necessitated by a race condition
|
|
causing tests to fail or hang. It applies to all methods that
|
|
invoke commands on the nodes, including
|
|
<literal>execute</literal>, <literal>succeed</literal>,
|
|
<literal>fail</literal>,
|
|
<literal>wait_until_succeeds</literal>,
|
|
<literal>wait_until_fails</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.wakeonlan</literal> option was removed,
|
|
and replaced with
|
|
<literal>networking.interfaces.<name>.wakeOnLan</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>security.wrappers</literal> option now requires
|
|
to always specify an owner, group and whether the
|
|
setuid/setgid bit should be set. This is motivated by the fact
|
|
that before NixOS 21.11, specifying either setuid or setgid
|
|
but not owner/group resulted in wrappers owned by
|
|
nobody/nogroup, which is unsafe.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Since <literal>iptables</literal> now uses
|
|
<literal>nf_tables</literal> backend and
|
|
<literal>ipset</literal> doesn’t support it, some applications
|
|
(ferm, shorewall, firehol) may have limited functionality.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>paperless</literal> module and package have been
|
|
removed. All users should migrate to the successor
|
|
<literal>paperless-ng</literal> instead. The Paperless project
|
|
<link xlink:href="https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4">has
|
|
been archived</link> and advises all users to use
|
|
<literal>paperless-ng</literal> instead.
|
|
</para>
|
|
<para>
|
|
Users can use the <literal>services.paperless-ng</literal>
|
|
module as a replacement while noting the following
|
|
incompatibilities:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<literal>services.paperless.ocrLanguages</literal> has no
|
|
replacement. Users should migrate to
|
|
<link xlink:href="options.html#opt-services.paperless-ng.extraConfig"><literal>services.paperless-ng.extraConfig</literal></link>
|
|
instead:
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<programlisting language="bash">
|
|
{
|
|
services.paperless-ng.extraConfig = {
|
|
# Provide languages as ISO 639-2 codes
|
|
# separated by a plus (+) sign.
|
|
# https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes
|
|
PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse
|
|
};
|
|
}
|
|
</programlisting>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
If you previously specified
|
|
<literal>PAPERLESS_CONSUME_MAIL_*</literal> settings in
|
|
<literal>services.paperless.extraConfig</literal> you
|
|
should remove those options now. You now
|
|
<emphasis>must</emphasis> define those settings in the
|
|
admin interface of paperless-ng.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Option <literal>services.paperless.manage</literal> no
|
|
longer exists. Use the script at
|
|
<literal>${services.paperless-ng.dataDir}/paperless-ng-manage</literal>
|
|
instead. Note that this script only exists after the
|
|
<literal>paperless-ng</literal> service has been started
|
|
at least once.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
After switching to the new system configuration you should
|
|
run the Django management command to reindex your
|
|
documents and optionally create a user, if you don’t have
|
|
one already.
|
|
</para>
|
|
<para>
|
|
To do so, enter the data directory (the value of
|
|
<literal>services.paperless-ng.dataDir</literal>,
|
|
<literal>/var/lib/paperless</literal> by default), switch
|
|
to the paperless user and execute the management command
|
|
like below:
|
|
</para>
|
|
<programlisting>
|
|
$ cd /var/lib/paperless
|
|
$ su paperless -s /bin/sh
|
|
$ ./paperless-ng-manage document_index reindex
|
|
# if not already done create a user account, paperless-ng requires a login
|
|
$ ./paperless-ng-manage createsuperuser
|
|
Username (leave blank to use 'paperless'): my-user-name
|
|
Email address: me@example.com
|
|
Password: **********
|
|
Password (again): **********
|
|
Superuser created successfully.
|
|
</programlisting>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>staticjinja</literal> package has been upgraded
|
|
from 1.0.4 to 4.1.1
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Firefox v91 does not support addons with invalid signature
|
|
anymore. Firefox ESR needs to be used for nix addon support.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>erigon</literal> ethereum node has moved to a new
|
|
database format in <literal>2021-05-04</literal>, and requires
|
|
a full resync
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>erigon</literal> ethereum node has moved it’s
|
|
database location in <literal>2021-08-03</literal>, users
|
|
upgrading must manually move their chaindata (see
|
|
<link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release
|
|
notes</link>).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link>
|
|
no longer defaults to <literal>nogroup</literal>, which was
|
|
insecure. Out-of-tree modules are likely to require
|
|
adaptation: instead of
|
|
</para>
|
|
<programlisting language="bash">
|
|
{
|
|
users.users.foo = {
|
|
isSystemUser = true;
|
|
};
|
|
}
|
|
</programlisting>
|
|
<para>
|
|
also create a group for your user:
|
|
</para>
|
|
<programlisting language="bash">
|
|
{
|
|
users.users.foo = {
|
|
isSystemUser = true;
|
|
group = "foo";
|
|
};
|
|
users.groups.foo = {};
|
|
}
|
|
</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.geoip-updater</literal> was broken and has
|
|
been replaced by
|
|
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>ihatemoney</literal> has been updated to version
|
|
5.1.1
|
|
(<link xlink:href="https://github.com/spiral-project/ihatemoney/blob/5.1.1/CHANGELOG.rst">release
|
|
notes</link>). If you serve ihatemoney by HTTP rather than
|
|
HTTPS, you must set
|
|
<link xlink:href="options.html#opt-services.ihatemoney.secureCookie">services.ihatemoney.secureCookie</link>
|
|
to <literal>false</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
PHP 7.3 is no longer supported due to upstream not supporting
|
|
this version for the entire lifecycle of the 21.11 release.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Those making use of <literal>buildBazelPackage</literal> will
|
|
need to regenerate the fetch hashes (preferred), or set
|
|
<literal>fetchConfigured = false;</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>consul</literal> was upgraded to a new major release
|
|
with breaking changes, see
|
|
<link xlink:href="https://github.com/hashicorp/consul/releases/tag/v1.10.0">upstream
|
|
changelog</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
fsharp41 has been removed in preference to use the latest
|
|
dotnet-sdk
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The following F#-related packages have been removed for being
|
|
unmaintaned. Please use <literal>fetchNuGet</literal> for
|
|
specific packages.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
ExtCore
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Fake
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Fantomas
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsCheck
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsCheck262
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsCheckNunit
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpAutoComplete
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCompilerCodeDom
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCompilerService
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCompilerTools
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCore302
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCore3125
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCore4001
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpCore4117
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpData
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpData225
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpDataSQLProvider
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FSharpFormatting
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsLexYacc
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsLexYacc706
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsLexYaccRuntime
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsPickler
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FsUnit
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Projekt
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Suave
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
UnionArgParser
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
ExcelDnaRegistration
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
MathNetNumerics
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>programs.x2goserver</literal> is now
|
|
<literal>services.x2goserver</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The following dotnet-related packages have been removed for
|
|
being unmaintaned. Please use <literal>fetchNuGet</literal>
|
|
for specific packages.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Autofac
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SystemValueTuple
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
MicrosoftDiaSymReader
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
MicrosoftDiaSymReaderPortablePdb
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SystemCollectionsImmutable
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SystemCollectionsImmutable131
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SystemReflectionMetadata
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NUnit350
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Deedle
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
ExcelDna
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
GitVersionTree
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NDeskOptions
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <literal>antlr</literal> package now defaults to the 4.x
|
|
release instead of the old 2.7.7 version.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>pulseeffects</literal> package updated to
|
|
<link xlink:href="https://github.com/wwmm/easyeffects/releases/tag/v6.0.0">version
|
|
4.x</link> and renamed to <literal>easyeffects</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>libwnck</literal> package now defaults to the 3.x
|
|
release instead of the old 2.31.0 version.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>bitwarden_rs</literal> packages and modules were
|
|
renamed to <literal>vaultwarden</literal>
|
|
<link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
|
|
upstream</link>. More specifically,
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>pkgs.bitwarden_rs</literal>,
|
|
<literal>pkgs.bitwarden_rs-sqlite</literal>,
|
|
<literal>pkgs.bitwarden_rs-mysql</literal> and
|
|
<literal>pkgs.bitwarden_rs-postgresql</literal> were
|
|
renamed to <literal>pkgs.vaultwarden</literal>,
|
|
<literal>pkgs.vaultwarden-sqlite</literal>,
|
|
<literal>pkgs.vaultwarden-mysql</literal> and
|
|
<literal>pkgs.vaultwarden-postgresql</literal>,
|
|
respectively.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Old names are preserved as aliases for backwards
|
|
compatibility, but may be removed in the future.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>bitwarden_rs</literal> executable was
|
|
also renamed to <literal>vaultwarden</literal> in all
|
|
packages.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>pkgs.bitwarden_rs-vault</literal> was renamed to
|
|
<literal>pkgs.vaultwarden-vault</literal>.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<literal>pkgs.bitwarden_rs-vault</literal> is
|
|
preserved as an alias for backwards compatibility, but
|
|
may be removed in the future.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The static files were moved from
|
|
<literal>/usr/share/bitwarden_rs</literal> to
|
|
<literal>/usr/share/vaultwarden</literal>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.bitwarden_rs</literal> config module
|
|
was renamed to <literal>services.vaultwarden</literal>.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<literal>services.bitwarden_rs</literal> is preserved
|
|
as an alias for backwards compatibility, but may be
|
|
removed in the future.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>systemd.services.bitwarden_rs</literal>,
|
|
<literal>systemd.services.backup-bitwarden_rs</literal>
|
|
and <literal>systemd.timers.backup-bitwarden_rs</literal>
|
|
were renamed to
|
|
<literal>systemd.services.vaultwarden</literal>,
|
|
<literal>systemd.services.backup-vaultwarden</literal> and
|
|
<literal>systemd.timers.backup-vaultwarden</literal>,
|
|
respectively.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Old names are preserved as aliases for backwards
|
|
compatibility, but may be removed in the future.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>users.users.bitwarden_rs</literal> and
|
|
<literal>users.groups.bitwarden_rs</literal> were renamed
|
|
to <literal>users.users.vaultwarden</literal> and
|
|
<literal>users.groups.vaultwarden</literal>, respectively.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The data directory remains located at
|
|
<literal>/var/lib/bitwarden_rs</literal>, for backwards
|
|
compatibility.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>yggdrasil</literal> was upgraded to a new major
|
|
release with breaking changes, see
|
|
<link xlink:href="https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0">upstream
|
|
changelog</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>icingaweb2</literal> was upgraded to a new release
|
|
which requires a manual database upgrade, see
|
|
<link xlink:href="https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0">upstream
|
|
changelog</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>isabelle</literal> package has been upgraded from
|
|
2020 to 2021
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
the <literal>mingw-64</literal> package has been upgraded from
|
|
6.0.0 to 9.0.0
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>tt-rss</literal> was upgraded to the commit on
|
|
2021-06-21, which has breaking changes. If you use
|
|
<literal>services.tt-rss.extraConfig</literal> you should
|
|
migrate to the <literal>putenv</literal>-style configuration.
|
|
See
|
|
<link xlink:href="https://community.tt-rss.org/t/rip-config-php-hello-classes-config-php/4337">this
|
|
Discourse post</link> in the tt-rss forums for more details.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The following Visual Studio Code extensions were renamed to
|
|
keep the naming convention uniform.
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<literal>bbenoist.Nix</literal> ->
|
|
<literal>bbenoist.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>CoenraadS.bracket-pair-colorizer</literal> ->
|
|
<literal>coenraads.bracket-pair-colorizer</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>golang.Go</literal> ->
|
|
<literal>golang.go</literal>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.uptimed</literal> now uses
|
|
<literal>/var/lib/uptimed</literal> as its stateDirectory
|
|
instead of <literal>/var/spool/uptimed</literal>. Make sure to
|
|
move all files to the new directory.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Deprecated package aliases in <literal>emacs.pkgs.*</literal>
|
|
have been removed. These aliases were remnants of the old
|
|
Emacs package infrastructure. We now use exact upstream names
|
|
wherever possible.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>programs.neovim.runtime</literal> switched to a
|
|
<literal>linkFarm</literal> internally, making it impossible
|
|
to use wildcards in the <literal>source</literal> argument.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>openrazer</literal> and
|
|
<literal>openrazer-daemon</literal> packages as well as the
|
|
<literal>hardware.openrazer</literal> module now require users
|
|
to be members of the <literal>openrazer</literal> group
|
|
instead of <literal>plugdev</literal>. With this change, users
|
|
no longer need be granted the entire set of
|
|
<literal>plugdev</literal> group permissions, which can
|
|
include permissions other than those required by
|
|
<literal>openrazer</literal>. This is desirable from a
|
|
security point of view. The setting
|
|
<link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
|
|
can be used to add users to the <literal>openrazer</literal>
|
|
group.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The fontconfig service’s dpi option has been removed.
|
|
Fontconfig should use Xft settings by default so there’s no
|
|
need to override one value in multiple places. The user can
|
|
set DPI via ~/.Xresources properly, or at the system level per
|
|
monitor, or as a last resort at the system level with
|
|
<literal>services.xserver.dpi</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>yambar</literal> package has been split into
|
|
<literal>yambar</literal> and
|
|
<literal>yambar-wayland</literal>, corresponding to the xorg
|
|
and wayland backend respectively. Please switch to
|
|
<literal>yambar-wayland</literal> if you are on wayland.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.minio</literal> module gained an
|
|
additional option <literal>consoleAddress</literal>, that
|
|
configures the address and port the web UI is listening, it
|
|
defaults to <literal>:9001</literal>. To be able to access the
|
|
web UI this port needs to be opened in the firewall.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>varnish</literal> package was upgraded from 6.3.x
|
|
to 7.x. <literal>varnish60</literal> for the last LTS release
|
|
is also still available.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>kubernetes</literal> package was upgraded to
|
|
1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal>
|
|
option was removed and HTTPS is always used.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The attribute <literal>linuxPackages_latest_hardened</literal>
|
|
was dropped because the hardened patches lag behind the
|
|
upstream kernel which made version bumps harder. If you want
|
|
to use a hardened kernel, please pin it explicitly with a
|
|
versioned attribute such as
|
|
<literal>linuxPackages_5_10_hardened</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>nomad</literal> package now defaults to a 1.1.x
|
|
release instead of 1.0.x
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If <literal>exfat</literal> is included in
|
|
<literal>boot.supportedFilesystems</literal> and when using
|
|
kernel 5.7 or later, the <literal>exfatprogs</literal>
|
|
user-space utilities are used instead of
|
|
<literal>exfat</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>todoman</literal> package was upgraded from 3.9.0
|
|
to 4.0.0. This introduces breaking changes in the
|
|
<link xlink:href="https://todoman.readthedocs.io/en/stable/configure.html#configuration-file">configuration
|
|
file</link> format.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>datadog-agent</literal>,
|
|
<literal>datadog-integrations-core</literal> and
|
|
<literal>datadog-process-agent</literal> packages were
|
|
upgraded from 6.11.2 to 7.30.2, git-2018-09-18 to 7.30.1 and
|
|
6.11.1 to 7.30.2, respectively. As a result
|
|
<literal>services.datadog-agent</literal> has had breaking
|
|
changes to the configuration file. For details, see the
|
|
<link xlink:href="https://github.com/DataDog/datadog-agent/blob/main/CHANGELOG.rst">upstream
|
|
changelog</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>opencv2</literal> no longer includes the non-free
|
|
libraries by default, and consequently
|
|
<literal>pfstools</literal> no longer includes OpenCV support
|
|
by default. Both packages now support an
|
|
<literal>enableUnfree</literal> option to re-enable this
|
|
functionality.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.xserver.displayManager.defaultSession = "plasma5"</literal>
|
|
does not work anymore, instead use either
|
|
<literal>"plasma"</literal> for the Plasma X11
|
|
session or <literal>"plasmawayland"</literal> for
|
|
the Plasma Wayland sesison.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>boot.kernelParams</literal> now only accepts one
|
|
command line parameter per string. This change is aimed to
|
|
reduce common mistakes like <quote>param = 12</quote>, which
|
|
would be parsed as 3 parameters.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>nix.daemonNiceLevel</literal> and
|
|
<literal>nix.daemonIONiceLevel</literal> have been removed in
|
|
favour of the new options
|
|
<link xlink:href="options.html#opt-nix.daemonCPUSchedPolicy"><literal>nix.daemonCPUSchedPolicy</literal></link>,
|
|
<link xlink:href="options.html#opt-nix.daemonIOSchedClass"><literal>nix.daemonIOSchedClass</literal></link>
|
|
and
|
|
<link xlink:href="options.html#opt-nix.daemonIOSchedPriority"><literal>nix.daemonIOSchedPriority</literal></link>.
|
|
Please refer to the options documentation and the
|
|
<literal>sched(7)</literal> and
|
|
<literal>ioprio_set(2)</literal> man pages for guidance on how
|
|
to use them.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>coursier</literal> package’s binary was renamed
|
|
from <literal>coursier</literal> to <literal>cs</literal>.
|
|
Completions which haven’t worked for a while should now work
|
|
with the renamed binary. To keep using
|
|
<literal>coursier</literal>, you can create a shell alias.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.mosquitto</literal> module has been
|
|
rewritten to support multiple listeners and per-listener
|
|
configuration. Module configurations from previous releases
|
|
will no longer work and must be updated.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>fluidsynth_1</literal> attribute has been
|
|
removed, as this legacy version is no longer needed in
|
|
nixpkgs. The actively maintained 2.x series is available as
|
|
<literal>fluidsynth</literal> unchanged.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Nextcloud 20 (<literal>pkgs.nextcloud20</literal>) has been
|
|
dropped because it was EOLed by upstream in 2021-10.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>virtualisation.pathsInNixDB</literal> option was
|
|
renamed
|
|
<link xlink:href="options.html#opt-virtualisation.additionalPaths"><literal>virtualisation.additionalPaths</literal></link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.ddclient.password</literal> option was
|
|
removed, and replaced with
|
|
<literal>services.ddclient.passwordFile</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The default GNAT version has been changed: The
|
|
<literal>gnat</literal> attribute now points to
|
|
<literal>gnat11</literal> instead of <literal>gnat9</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>retroArchCores</literal> has been removed. This means
|
|
that using <literal>nixpkgs.config.retroarch</literal> to
|
|
customize RetroArch cores is not supported anymore. Instead,
|
|
use package overrides, for example:
|
|
<literal>retroarch.override { cores = with libretro; [ citra snes9x ]; };</literal>.
|
|
Also, <literal>retroarchFull</literal> derivation is available
|
|
for those who want to have all RetroArch cores available.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The Linux kernel for security reasons now restricts access to
|
|
BPF syscalls via <literal>BPF_UNPRIV_DEFAULT_OFF=y</literal>.
|
|
Unprivileged access can be reenabled via the
|
|
<literal>kernel.unprivileged_bpf_disabled</literal> sysctl
|
|
knob.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>/usr</literal> will always be included in the initial
|
|
ramdisk. See the
|
|
<literal>fileSystems.<name>.neededForBoot</literal>
|
|
option. If any files exist under <literal>/usr</literal>
|
|
(which is not typical for NixOS), they will be included in the
|
|
initial ramdisk, increasing its size to a possibly problematic
|
|
extent.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-21.11-notable-changes">
|
|
<title>Other Notable Changes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The linux kernel package infrastructure was moved out of
|
|
<literal>all-packages.nix</literal>, and restructured. Linux
|
|
related functions and attributes now live under the
|
|
<literal>pkgs.linuxKernel</literal> attribute set. In
|
|
particular the versioned <literal>linuxPackages_*</literal>
|
|
package sets (such as <literal>linuxPackages_5_4</literal>)
|
|
and kernels from <literal>pkgs</literal> were moved there and
|
|
now live under <literal>pkgs.linuxKernel.packages.*</literal>.
|
|
The unversioned ones (such as
|
|
<literal>linuxPackages_latest</literal>) remain untouched.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
In NixOS virtual machines (QEMU), the
|
|
<literal>virtualisation</literal> module has been updated with
|
|
new options:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>forwardPorts</literal></link>
|
|
to configure IPv4 port forwarding,
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>sharedDirectories</literal></link>
|
|
to set up shared host directories,
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="options.html#opt-virtualisation.resolution"><literal>resolution</literal></link>
|
|
to set the screen resolution,
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<link xlink:href="options.html#opt-virtualisation.useNixStoreImage"><literal>useNixStoreImage</literal></link>
|
|
to use a disk image for the Nix store instead of 9P.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
In addition, the default
|
|
<link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link>
|
|
parameter in 9P filesystems (including /nix/store and all
|
|
shared directories) has been increased to 16K for improved
|
|
performance.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The setting
|
|
<link xlink:href="options.html#opt-services.openssh.logLevel"><literal>services.openssh.logLevel</literal></link>
|
|
<literal>"VERBOSE"</literal>
|
|
<literal>"INFO"</literal>. This brings NixOS in line
|
|
with upstream and other Linux distributions, and reduces log
|
|
spam on servers due to bruteforcing botnets.
|
|
</para>
|
|
<para>
|
|
However, if
|
|
<link xlink:href="options.html#opt-services.fail2ban.enable"><literal>services.fail2ban.enable</literal></link>
|
|
is <literal>true</literal>, the <literal>fail2ban</literal>
|
|
will override the verbosity to
|
|
<literal>"VERBOSE"</literal>, so that
|
|
<literal>fail2ban</literal> can observe the failed login
|
|
attempts from the SSH logs.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-services.xserver.extraLayouts"><literal>services.xserver.extraLayouts</literal></link>
|
|
no longer cause additional rebuilds when a layout is added or
|
|
modified.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Sway: The terminal emulator <literal>rxvt-unicode</literal> is
|
|
no longer installed by default via
|
|
<literal>programs.sway.extraPackages</literal>. The current
|
|
default configuration uses <literal>alacritty</literal> (and
|
|
soon <literal>foot</literal>) so this is only an issue when
|
|
using a customized configuration and not installing
|
|
<literal>rxvt-unicode</literal> explicitly.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>python3</literal> now defaults to Python 3.9. Python
|
|
3.9 introduces many deprecation warnings, please look at the
|
|
<link xlink:href="https://docs.python.org/3/whatsnew/3.9.html">What’s
|
|
New In Python 3.9 post</link> for more information.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>qtile</literal> hase been updated from
|
|
<quote>0.16.0</quote> to <quote>0.18.0</quote>, please check
|
|
<link xlink:href="https://github.com/qtile/qtile/blob/master/CHANGELOG">qtile
|
|
changelog</link> for changes.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>claws-mail</literal> package now references the
|
|
new GTK+ 3 release branch, major version 4. To use the GTK+ 2
|
|
releases, one can install the
|
|
<literal>claws-mail-gtk2</literal> package.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The wordpress module provides a new interface which allows to
|
|
use different webservers with the new option
|
|
<link xlink:href="options.html#opt-services.wordpress.webserver"><literal>services.wordpress.webserver</literal></link>.
|
|
Currently <literal>httpd</literal>, <literal>caddy</literal>
|
|
and <literal>nginx</literal> are supported. The definitions of
|
|
wordpress sites should now be set in
|
|
<link xlink:href="options.html#opt-services.wordpress.sites"><literal>services.wordpress.sites</literal></link>.
|
|
</para>
|
|
<para>
|
|
Sites definitions that use the old interface are automatically
|
|
migrated in the new option. This backward compatibility will
|
|
be removed in 22.05.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The dokuwiki module provides a new interface which allows to
|
|
use different webservers with the new option
|
|
<link xlink:href="options.html#opt-services.dokuwiki.webserver"><literal>services.dokuwiki.webserver</literal></link>.
|
|
Currently <literal>caddy</literal> and
|
|
<literal>nginx</literal> are supported. The definitions of
|
|
dokuwiki sites should now be set in
|
|
<link xlink:href="options.html#opt-services.dokuwiki.sites"><literal>services.dokuwiki.sites</literal></link>.
|
|
</para>
|
|
<para>
|
|
Sites definitions that use the old interface are automatically
|
|
migrated in the new option. This backward compatibility will
|
|
be removed in 22.05.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The order of NSS (host) modules has been brought in line with
|
|
upstream recommendations:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
The <literal>myhostname</literal> module is placed before
|
|
the <literal>resolve</literal> (optional) and
|
|
<literal>dns</literal> entries, but after
|
|
<literal>file</literal> (to allow overriding via
|
|
<literal>/etc/hosts</literal> /
|
|
<literal>networking.extraHosts</literal>, and prevent ISPs
|
|
with catchall-DNS resolvers from hijacking
|
|
<literal>.localhost</literal> domains)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>mymachines</literal> module, which provides
|
|
hostname resolution for local containers (registered with
|
|
<literal>systemd-machined</literal>) is placed to the
|
|
front, to make sure its mappings are preferred over other
|
|
resolvers.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If systemd-networkd is enabled, the
|
|
<literal>resolve</literal> module is placed before
|
|
<literal>files</literal> and
|
|
<literal>myhostname</literal>, as it provides the same
|
|
logic internally, with caching.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>mdns(_minimal)</literal> module has been
|
|
updated to the new priorities.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
If you use your own NSS host modules, make sure to update your
|
|
priorities according to these rules:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
NSS modules which should be queried before
|
|
<literal>resolved</literal> DNS resolution should use
|
|
mkBefore.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NSS modules which should be queried after
|
|
<literal>resolved</literal>, <literal>files</literal> and
|
|
<literal>myhostname</literal>, but before
|
|
<literal>dns</literal> should use the default priority
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NSS modules which should come after <literal>dns</literal>
|
|
should use mkAfter.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-networking.wireless.enable">networking.wireless</link>
|
|
module (based on wpa_supplicant) has been heavily reworked,
|
|
solving a number of issues and adding useful features:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
The automatic discovery of wireless interfaces at boot has
|
|
been made reliable again (issues
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/101963">#101963</link>,
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/23196">#23196</link>).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
WPA3 and Fast BSS Transition (802.11r) are now enabled by
|
|
default for all networks.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Secrets like pre-shared keys and passwords can now be
|
|
handled safely, meaning without including them in a
|
|
world-readable file
|
|
(<literal>wpa_supplicant.conf</literal> under /nix/store).
|
|
This is achieved by storing the secrets in a secured
|
|
<link xlink:href="options.html#opt-networking.wireless.environmentFile">environmentFile</link>
|
|
and referring to them though environment variables that
|
|
are expanded inside the configuration.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
With multiple interfaces declared, independent
|
|
wpa_supplicant daemons are started, one for each interface
|
|
(the services are named
|
|
<literal>wpa_supplicant-wlan0</literal>,
|
|
<literal>wpa_supplicant-wlan1</literal>, etc.).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The generated <literal>wpa_supplicant.conf</literal> file
|
|
is now formatted for easier reading.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A new
|
|
<link xlink:href="options.html#opt-networking.wireless.scanOnLowSignal">scanOnLowSignal</link>
|
|
option has been added to facilitate fast roaming between
|
|
access points (enabled by default).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A new
|
|
<link xlink:href="options.html#opt-networking.wireless.networks._name_.authProtocols">networks.<name>.authProtocols</link>
|
|
option has been added to change the authentication
|
|
protocols used when connecting to a network.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link>
|
|
module has a new
|
|
<link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link>
|
|
option.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-services.smokeping.host">services.smokeping.host</link>
|
|
option was added and defaulted to
|
|
<literal>localhost</literal>. Before,
|
|
<literal>smokeping</literal> listened to all interfaces by
|
|
default. NixOS defaults generally aim to provide
|
|
non-Internet-exposed defaults for databases and internal
|
|
monitoring tools, see e.g.
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/100192">#100192</link>.
|
|
Further, the systemd service for <literal>smokeping</literal>
|
|
got reworked defaults for increased operational stability, see
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/144127">PR
|
|
#144127</link> for details.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-services.syncoid.enable">services.syncoid.enable</link>
|
|
module now properly drops ZFS permissions after usage. Before
|
|
it delegated permissions to whole pools instead of datasets
|
|
and didn’t clean up after execution. You can manually look
|
|
this up for your pools by running
|
|
<literal>zfs allow your-pool-name</literal> and use
|
|
<literal>zfs unallow syncoid your-pool-name</literal> to clean
|
|
this up.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Zfs: <literal>latestCompatibleLinuxPackages</literal> is now
|
|
exported on the zfs package. One can use
|
|
<literal>boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;</literal>
|
|
to always track the latest compatible kernel with a given
|
|
version of zfs.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Nginx will use the value of
|
|
<literal>sslTrustedCertificate</literal> if provided for a
|
|
virtual host, even if <literal>enableACME</literal> is set.
|
|
This is useful for providers not using the same certificate to
|
|
sign OCSP responses and server certificates.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.formats.yaml</literal>’s
|
|
<literal>generate</literal> will not generate JSON anymore,
|
|
but instead use more of the YAML-specific syntax.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
MariaDB was upgraded from 10.5.x to 10.6.x. Please read the
|
|
<link xlink:href="https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/">upstream
|
|
release notes</link> for changes and upgrade instructions.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The MariaDB C client library, also known as libmysqlclient or
|
|
mariadb-connector-c, was upgraded from 3.1.x to 3.2.x. While
|
|
this should hopefully not have any impact, this upgrade comes
|
|
with some changes to default behavior, so you might want to
|
|
review the
|
|
<link xlink:href="https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/">upstream
|
|
release notes</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
GNOME desktop environment now enables
|
|
<literal>QGnomePlatform</literal> as the Qt platform theme,
|
|
which should avoid crashes when opening file chooser dialogs
|
|
in Qt apps by using XDG desktop portal. Additionally, it will
|
|
make the apps fit better visually.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>rofi</literal> has been updated from
|
|
<quote>1.6.1</quote> to <quote>1.7.0</quote>, one important
|
|
thing is the removal of the old xresources based configuration
|
|
setup. Read more
|
|
<link xlink:href="https://github.com/davatorium/rofi/blob/cb12e6fc058f4a0f4f/Changelog#L1">in
|
|
rofi’s changelog</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
ipfs now defaults to not listening on you local network. This
|
|
setting was change as server providers won’t accept port
|
|
scanning on their private network. If you have several ipfs
|
|
instances running on a network you own, feel free to change
|
|
the setting <literal>ipfs.localDiscovery = true;</literal>.
|
|
localDiscovery enables different instances to discover each
|
|
other and share data.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lua</literal> and <literal>luajit</literal>
|
|
interpreters have been patched to avoid looking into /usr/lib
|
|
directories, thus increasing the purity of the build.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Three new options,
|
|
<link linkend="opt-xdg.mime.addedAssociations">xdg.mime.addedAssociations</link>,
|
|
<link linkend="opt-xdg.mime.defaultApplications">xdg.mime.defaultApplications</link>,
|
|
and
|
|
<link linkend="opt-xdg.mime.removedAssociations">xdg.mime.removedAssociations</link>
|
|
have been added to the
|
|
<link linkend="opt-xdg.mime.enable">xdg.mime</link> module to
|
|
allow the configuration of
|
|
<literal>/etc/xdg/mimeapps.list</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Kopia was upgraded from 0.8.x to 0.9.x. Please read the
|
|
<link xlink:href="https://github.com/kopia/kopia/releases/tag/v0.9.0">upstream
|
|
release notes</link> for changes and upgrade instructions.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>systemd.network</literal> module has gained
|
|
support for the FooOverUDP link type.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>networking</literal> module has a new
|
|
<literal>networking.fooOverUDP</literal> option to configure
|
|
Foo-over-UDP encapsulations.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>networking.sits</literal> now supports Foo-over-UDP
|
|
encapsulation.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>virtualisation.libvirtd</literal> module has been
|
|
refactored and updated with new options:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
<literal>virtualisation.libvirtd.qemu*</literal> options
|
|
(e.g.:
|
|
<literal>virtualisation.libvirtd.qemuRunAsRoot</literal>)
|
|
were moved to
|
|
<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu"><literal>virtualisation.libvirtd.qemu</literal></link>
|
|
submodule,
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
software TPM1/TPM2 support (e.g.: Windows 11 guests)
|
|
(<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.swtpm"><literal>virtualisation.libvirtd.qemu.swtpm</literal></link>),
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
custom OVMF package (e.g.:
|
|
<literal>pkgs.OVMFFull</literal> with HTTP, CSM and Secure
|
|
Boot support)
|
|
(<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.ovmf.package"><literal>virtualisation.libvirtd.qemu.ovmf.package</literal></link>).
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>cawbird</literal> Twitter client now uses its own
|
|
API keys to count as different application than upstream
|
|
builds. This is done to evade application-level rate limiting.
|
|
While existing accounts continue to work, users may want to
|
|
remove and re-register their account in the client to enjoy a
|
|
better user experience and benefit from this change.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A new option
|
|
<literal>services.prometheus.enableReload</literal> has been
|
|
added which can be enabled to reload the prometheus service
|
|
when its config file changes instead of restarting.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option
|
|
<literal>services.prometheus.environmentFile</literal> has
|
|
been removed since it was causing
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/126083">issues</link>
|
|
and Prometheus now has native support for secret files, i.e.
|
|
<literal>basic_auth.password_file</literal> and
|
|
<literal>authorization.credentials_file</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Dokuwiki now supports caddy! However
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
the nginx option has been removed, in the new
|
|
configuration, please use the
|
|
<literal>dokuwiki.webserver = "nginx"</literal>
|
|
instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <quote>${hostname}</quote> option has been deprecated,
|
|
please use
|
|
<literal>dokuwiki.sites = [ "${hostname}" ]</literal>
|
|
instead
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<link xlink:href="options.html#opt-services.unifi.enable">services.unifi</link>
|
|
module has been reworked, solving a number of issues. This
|
|
leads to several user facing changes:
|
|
</para>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.unifi.dataDir</literal> option is
|
|
removed and the data is now always located under
|
|
<literal>/var/lib/unifi/data</literal>. This is done to
|
|
make better use of systemd state direcotiry and thus
|
|
making the service restart more reliable.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The unifi logs can now be found under:
|
|
<literal>/var/log/unifi</literal> instead of
|
|
<literal>/var/lib/unifi/logs</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The unifi run directory can now be found under:
|
|
<literal>/run/unifi</literal> instead of
|
|
<literal>/var/lib/unifi/run</literal>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>security.pam.services.<name>.makeHomeDir</literal>
|
|
now uses <literal>umask=0077</literal> instead of
|
|
<literal>umask=0022</literal> when creating the home
|
|
directory.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Loki has had another release. Some default values have been
|
|
changed for the configuration and some configuration options
|
|
have been renamed. For more details, please check
|
|
<link xlink:href="https://grafana.com/docs/loki/latest/upgrading/#240">the
|
|
upgrade guide</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>julia</literal> now refers to
|
|
<literal>julia-stable</literal> instead of
|
|
<literal>julia-lts</literal>. In practice this means it has
|
|
been upgraded from <literal>1.0.4</literal> to
|
|
<literal>1.5.4</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
RetroArch has been upgraded from version
|
|
<literal>1.8.5</literal> to <literal>1.9.13.2</literal>. Since
|
|
the previous release was quite old, if you’re having issues
|
|
after the upgrade, please delete your
|
|
<literal>$XDG_CONFIG_HOME/retroarch/retroarch.cfg</literal>
|
|
file.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
hydrus has been upgraded from version <literal>438</literal>
|
|
to <literal>463</literal>. Since upgrading between releases
|
|
this old is advised against, be sure to have a backup of your
|
|
data before upgrading. For details, see
|
|
<link xlink:href="https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates">the
|
|
hydrus manual</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
More jdk and jre versions are now exposed via
|
|
<literal>java-packages.compiler</literal>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</section>
|
|
|