nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-04 19:24:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
d191eb270f
nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

2594 lines
104 KiB
XML
Raw Normal View History

nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
2021-11-22 22:21:27 +00:00
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05">
<title>Release 22.05 (“Quokka”, 2022.05/??)</title>
<para>
In addition to numerous new and upgraded packages, this release has
the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Support is planned until the end of December 2022, handing over
to 22.11.
</para>
</listitem>
</itemizedlist>
<section xml:id="sec-release-22.05-highlights">
<title>Highlights</title>
nixos/acme: Update release notes
2021-12-04 17:32:17 +00:00
<itemizedlist>
firefox: add profile-guided optimization Lo and behold, we're finally catching up with Mozillas very own firefox build in terms of speed. PGO is an optimization technique in which in a first step we create a build that supports instrumentation, meaning we can use it to create a profile of how the browser behaved during usage. Then in a second pass we create the final build that uses the acquired profiling data to optimize the browser for the workload it actually received during profiling. The downside is that with PGO we now need to build Firefox twice, which increases the build time from around 20 minutes to roughly 50 minutes. In the Speedometer 2.0 benchmark multiple tests could see a responsiveness improvemeant around 20-25%, which makes the increased build time well worth it. Sadly this benefit seems limited to x86_64-linux, builds on aarch64-linux get stuck during profiling and I haven't found out why. Finally, after a long time, we can say: Closes: #76484 Supersedes: #129503
2022-03-22 02:35:51 +00:00
<listitem>
<para>
The <literal>firefox</literal> browser on
<literal>x86_64-linux</literal> is now making use of
profile-guided optimization resulting in a much more
responsive browsing experience.
</para>
</listitem>
nixos/acme: Update release notes
2021-12-04 17:32:17 +00:00
<listitem>
<para>
<literal>security.acme.defaults</literal> has been added to
simplify configuring settings for many certificates at once.
This also opens up the the option to use DNS-01 validation
when using <literal>enableACME</literal> on web server virtual
hosts (e.g.
<literal>services.nginx.virtualHosts.*.enableACME</literal>).
</para>
</listitem>
doc/release-notes: Mention GNOME 42
2022-02-19 08:26:49 +00:00
<listitem>
<para>
GNOME has been upgraded to 42. Please take a look at their
<link xlink:href="https://release.gnome.org/42/">Release
Notes</link> for details. Notably, it replaces gedit with
GNOME Text Editor, GNOME Terminal with GNOME Console (formerly
Kings Cross), and GNOME Screenshot with a tool built into the
Shell.
</para>
</listitem>
rl-2205: Add entry for overlay-style mkDerivation overriding
2022-02-07 09:01:09 +00:00
<listitem>
<para>
<literal>stdenv.mkDerivation</literal> now supports a
self-referencing <literal>finalAttrs:</literal> parameter
containing the final <literal>mkDerivation</literal> arguments
including overrides. <literal>drv.overrideAttrs</literal> now
supports two parameters
<literal>finalAttrs: previousAttrs:</literal>. This allows
packaging configuration to be overridden in a consistent
manner by providing an alternative to
<literal>rec {}</literal> syntax.
</para>
<para>
Additionally, <literal>passthru</literal> can now reference
stdenv.mkDerivation: public -> finalPackage
2022-03-15 11:22:16 +00:00
<literal>finalAttrs.finalPackage</literal> containing the
final package, including attributes such as the output paths
and <literal>overrideAttrs</literal>.
rl-2205: Add entry for overlay-style mkDerivation overriding
2022-02-07 09:01:09 +00:00
</para>
<para>
New language integrations can be simplified by overriding a
<quote>prototype</quote> package containing the
language-specific logic. This removes the need for a extra
layer of overriding for the <quote>generic builder</quote>
arguments, thus removing a usability problem and source of
error.
</para>
</listitem>
php81: init at 8.1.1
2021-11-25 20:38:19 +00:00
<listitem>
<para>
PHP 8.1 is now available
</para>
</listitem>
mattermost: update release notes
2021-12-31 08:23:59 +00:00
<listitem>
<para>
nixos/mattermost: update release notes
2022-01-17 05:32:55 +00:00
Mattermost has been updated to extended support release 6.3,
as the previously packaged extended support release 5.37 is
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
its end of life</link>. Migrations may take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
and
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
upgrade notes</link>.
mattermost: update release notes
2021-12-31 08:23:59 +00:00
</para>
</listitem>
nixos/systemd: Add reloadTriggers to services
2022-01-29 22:01:24 +00:00
<listitem>
<para>
systemd services can now set
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>
instead of <literal>reloadIfChanged</literal> for a more
granular distinction between reloads and restarts.
</para>
</listitem>
systemd: 249.7 -> 250.3
2021-12-12 02:56:45 +00:00
<listitem>
<para>
Systemd has been upgraded to the version 250.
</para>
</listitem>
nixos/doc/rl-2205: Add `postgresqlTestHook`
2022-04-16 15:33:47 +00:00
<listitem>
nixos/doc/manual: Remove trailing white space from 22.05 release notes This was an annoyance for me as I have editor hooks cleaning up trailing white space which lead to regenerating parts of the release notes unnecessarily.
2022-05-03 02:45:54 +00:00
<para>
Pulseaudio has been upgraded to version 15.0 and now
optionally
<link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters">supports
additional Bluetooth audio codecs</link> like aptX or LDAC,
with codec switching support being available in
<literal>pavucontrol</literal>. This feature is disabled by
default but can be enabled by using
<literal>hardware.pulseaudio.package = pkgs.pulseaudioFull;</literal>.
Existing 3rd party modules that provided similar
functionality, like <literal>pulseaudio-modules-bt</literal>
or <literal>pulseaudio-hsphfpd</literal> are deprecated and
have been removed.
</para>
doc/release-notes: highlight pulseaudio upgrade with new bluetooth codecs
2022-04-20 22:10:29 +00:00
</listitem>
<listitem>
nixos/doc/rl-2205: Add `postgresqlTestHook`
2022-04-16 15:33:47 +00:00
<para>
The new
<link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link>
runs a PostgreSQL server for the duration of package checks.
</para>
</listitem>
kops: 1.22.2 -> 1.22.4
2022-02-22 17:31:35 +00:00
<listitem>
<para>
<link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link>
defaults to 1.22.4, which will enable
<link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance
Metadata Service Version 2</link> and require tokens on new
clusters with Kubernetes 1.22. This will increase security by
default, but may break some types of workloads. See the
<link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">release
notes</link> for details.
</para>
</listitem>
rl-2205.section.xml: Regenerate
2022-03-09 14:07:48 +00:00
<listitem>
<para>
Module authors can use
<literal>mkRenamedOptionModuleWith</literal> to automate the
deprecation cycle without annoying out-of-tree module authors
and their users.
</para>
</listitem>
nixos/doc/rl-22.05: note default GHC update
2022-03-24 12:39:46 +00:00
<listitem>
<para>
The default GHC version has been updated from 8.10.7 to 9.0.2.
<literal>pkgs.haskellPackages</literal> and
<literal>pkgs.ghc</literal> will now use this version by
default.
</para>
</listitem>
nixos/release-notes: add calamares installer to highlights
2022-04-11 19:43:26 +00:00
<listitem>
<para>
The GNOME and Plasma installation CDs now use
<literal>pkgs.calamares</literal> and
<literal>pkgs.calamares-nixos-extensions</literal> to allow
users to easily install and set up NixOS with a GUI.
</para>
</listitem>
php81: init at 8.1.1
2021-11-25 20:38:19 +00:00
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
2021-11-22 22:21:27 +00:00
</section>
<section xml:id="sec-release-22.05-new-services">
<title>New Services</title>
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879) * elk7: 7.11.1 -> 7.16.1 * nixosTests.elk: Improve reliability and compatibility with ELK 7.x - Use comparisons in jq instead of grepping - Match for `.hits.total.value` if version >= 7, otherwise it always passes - Make curl fail if requests fails * nixos/filebeat: Add initial module and test Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. This module can be used instead of journalbeat if used with `filebeat7` and configured with the `journald` input. * python3Packages.parsedmarc.tests: Fix breakage - Don't use the deprecated elasticsearch7-oss package - Improve jq query robustness and add tracing * rl-2205: Note the addition of the filebeat service * elk6: 6.8.3 -> 6.8.21 The latest version includes a fix for CVE-2021-44228. * nixos/journalbeat: Add a loose dependency on elasticsearch Avoid unnecssary back-off when elasticsearch is running on the same host.
2021-12-16 15:20:52 +00:00
<itemizedlist>
nixos/aesmd: add module Co-authored-by: Alex Zero <joseph@marsden.space>
2021-11-25 13:37:51 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
the Intel SGX Architectural Enclave Service Manager. Available
as
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
</para>
</listitem>
docker-rootless service: init
2021-12-14 22:07:58 +00:00
<listitem>
<para>
<link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless
Docker</link>, a <literal>systemd --user</literal> Docker
service which runs without root permissions. Available as
<link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>.
</para>
</listitem>
nixos/matrix-conduit: init
2021-09-02 09:55:51 +00:00
<listitem>
<para>
<link xlink:href="https://conduit.rs/">matrix-conduit</link>,
a simple, fast and reliable chat server powered by matrix.
Available as
<link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
</para>
</listitem>
nixos/release-notes: add programs.nethoscope
2021-09-30 21:23:01 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>,
listen to your network traffic. Available as
<link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>.
</para>
nixos/matrix-conduit: init
2021-09-02 09:55:51 +00:00
</listitem>
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879) * elk7: 7.11.1 -> 7.16.1 * nixosTests.elk: Improve reliability and compatibility with ELK 7.x - Use comparisons in jq instead of grepping - Match for `.hits.total.value` if version >= 7, otherwise it always passes - Make curl fail if requests fails * nixos/filebeat: Add initial module and test Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. This module can be used instead of journalbeat if used with `filebeat7` and configured with the `journald` input. * python3Packages.parsedmarc.tests: Fix breakage - Don't use the deprecated elasticsearch7-oss package - Improve jq query robustness and add tracing * rl-2205: Note the addition of the filebeat service * elk6: 6.8.3 -> 6.8.21 The latest version includes a fix for CVE-2021-44228. * nixos/journalbeat: Add a loose dependency on elasticsearch Avoid unnecssary back-off when elasticsearch is running on the same host.
2021-12-16 15:20:52 +00:00
<listitem>
<para>
<link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
a lightweight shipper for forwarding and centralizing log
data. Available as
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
nixos/apfs: init Add the final missing pieces for full APFS support.
2021-02-09 23:37:24 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>,
a kernel module for mounting the Apple File System (APFS).
</para>
</listitem>
nixos/frr: add to release notes
2021-12-30 02:21:52 +00:00
<listitem>
<para>
<link xlink:href="https://frrouting.org/">FRRouting</link>, a
popular suite of Internet routing protocol daemons (BGP, BFD,
rl-2205: fix typo in frrrouting announcement
2022-03-28 14:57:47 +00:00
OSPF, IS-IS, VRRP and others). Available as
nixos/release-notes: fix typos in 22.05 section.
2022-02-24 16:10:58 +00:00
<link linkend="opt-services.frr.babel.enable">services.frr</link>
nixos/frr: add to release notes
2021-12-30 02:21:52 +00:00
</para>
</listitem>
nixos/heisenbridge: Init
2021-10-24 16:41:24 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>,
a bouncer-style Matrix IRC bridge. Available as
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
nixos/snowflake-proxy: init This commit introduces snowflake-proxy [1], a system to circumvent internet censorship. [1] https://snowflake.torproject.org/
2022-03-03 18:02:27 +00:00
<listitem>
<para>
<link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>,
a system to defeat internet censorship. Available as
<link xlink:href="options.html#opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>.
</para>
</listitem>
nixos/ergochat: init
2022-01-12 20:40:43 +00:00
<listitem>
<para>
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
IRC with IRCv3 features. Available as
<link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>.
</para>
</listitem>
nixos/doc: Add Snipe-IT to 22.05 release notes
2022-02-08 10:45:36 +00:00
<listitem>
<para>
<link xlink:href="https://snipeitapp.com">Snipe-IT</link>, a
free open source IT asset/license management system. Available
as
<link xlink:href="options.html#opt-services.snipe-it.enable">services.snipe-it</link>.
</para>
</listitem>
powerdns-admin: fix and add module - Add the migrations directory to the package - Add postgres support to the package - Add a service for powerdns-admin Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2021-12-17 09:33:40 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
a web interface for the PowerDNS server. Available at
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
release-notes: mention pgadmin
2022-02-26 13:18:25 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>,
an admin interface for the PostgreSQL database. Available at
<link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>.
</para>
</listitem>
nixos/input-remapper: add release note
2022-02-10 16:55:23 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>,
an easy to use tool to change the mapping of your input device
buttons. Available at
<link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>.
</para>
</listitem>
nixos/invoiceplane: init module and package at 1.5.11 (#146909)
2022-01-20 13:45:35 +00:00
<listitem>
<para>
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
web application for managing and creating invoices. Available
at
<link xlink:href="options.html#opt-services.invoiceplane.enable">services.invoiceplane</link>.
</para>
</listitem>
nixos/maddy: Better description, user and group handling
2021-12-29 11:49:14 +00:00
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
nixos/k40-whisperer: module init
2022-02-24 14:15:36 +00:00
<listitem>
<para>
<link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>,
a program to control cheap Chinese laser cutters. Available as
<link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>.
Users must add themselves to the <literal>k40</literal> group
to be able to access the device.
</para>
</listitem>
mozillavpn: init at 2.7.1 Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-02-14 22:53:18 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/mozilla-mobile/mozilla-vpn-client">mozillavpn</link>,
the client for the
<link xlink:href="https://vpn.mozilla.org/">Mozilla VPN</link>
service. Available as
<link xlink:href="options.html#opt-services.mozillavpn">services.mozillavpn</link>.
</para>
</listitem>
mtr-exporter: init at 0.1.0 (3ce854a5) This is a useful utility for monitoring network performance over time using a combination of MTR and Prometheus. Also adding a service definition. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-08 10:52:36 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>,
a Prometheus exporter for mtr metrics. Available as
<link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>.
</para>
</listitem>
nixos/tetrd: init
2022-01-01 23:43:37 +00:00
<listitem>
nixos/prometheus-pve-exporter: init at 2.2.2
2022-03-02 18:29:33 +00:00
<para>
<link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>,
a tool that exposes information from the Proxmox VE API for
use by Prometheus. Available as
<link xlink:href="options.html#opt-services.prometheus.exporters.pve">services.prometheus.exporters.pve</link>.
</para>
</listitem>
netbox: init module
2022-03-05 18:25:21 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/netbox-community/netbox">netbox</link>,
infrastructure resource modeling (IRM) tool. Available as
<link xlink:href="options.html#opt-services.netbox.enable">services.netbox</link>.
</para>
</listitem>
nixos/tetrd: init
2022-01-01 23:43:37 +00:00
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
nixos/uptermd: init
2021-02-08 22:37:10 +00:00
<listitem>
<para>
<link xlink:href="https://upterm.dev">uptermd</link>, an
open-source solution for sharing terminal sessions instantly
over the public internet via secure tunnels. Available at
<link linkend="opt-services.uptermd.enable">services.uptermd</link>.
</para>
</listitem>
nixos/agate: init
2022-02-07 16:03:44 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/mbrubeck/agate">agate</link>,
a very simple server for the Gemini hypertext protocol.
Available as
<link xlink:href="options.html#opt-services.agate.enable">services.agate</link>.
</para>
</listitem>
nixos/archisteamfarm: init
2021-12-03 21:38:26 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
a C# application with primary purpose of idling Steam cards
from multiple accounts simultaneously. Available as
<link xlink:href="options.html#opt-services.archisteamfarm.enable">services.archisteamfarm</link>.
</para>
</listitem>
nixos/teleport: add release notes
2022-01-10 12:50:04 +00:00
<listitem>
<para>
<link xlink:href="https://goteleport.com">teleport</link>,
allows engineers and security professionals to unify access
for SSH servers, Kubernetes clusters, web applications, and
databases across all environments. Available at
<link linkend="opt-services.teleport.enable">services.teleport</link>.
</para>
</listitem>
baget service: init
2020-05-13 17:29:47 +00:00
<listitem>
<para>
<link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>,
a lightweight NuGet and symbol server. Available at
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
nixos/doc: add moosefs module to release notes
2021-10-07 20:04:41 +00:00
<listitem>
<para>
<link xlink:href="https://moosefs.com">moosefs</link>, fault
tolerant petabyte distributed file system. Available as
nixos/release-notes: fix typos in 22.05 section.
2022-02-24 16:10:58 +00:00
<link linkend="opt-services.moosefs.client.enable">moosefs</link>.
nixos/doc: add moosefs module to release notes
2021-10-07 20:04:41 +00:00
</para>
baget service: init
2020-05-13 17:29:47 +00:00
</listitem>
prosody-filer service: init Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
2022-01-08 10:36:29 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
a server for handling XMPP HTTP Upload requests. Available at
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
nixos/systembus-notify: add support for system services notifying users
2021-07-12 07:34:26 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>,
allow system level notifications to reach the users. Available
as
<link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>.
Please keep in mind that this service should only be enabled
on machines with fully trusted users, as any local user is
able to DoS user sessions by spamming notifications.
</para>
</listitem>
ethercalc: init at latest master (b19627)
2022-01-16 18:58:00 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>,
an online collaborative spreadsheet. Available as
<link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>.
</para>
</listitem>
nbd: add programs.nbd, services.nbd, and test Changes: nbd: Update nixos/modules/services/networking/nbd.nix Co-authored-by: pennae <82953136+pennae@users.noreply.github.com> nbd: Update nixos/modules/services/networking/nbd.nix Co-authored-by: pennae <82953136+pennae@users.noreply.github.com> nbd: Update nixos/tests/nbd.nix Co-authored-by: pennae <82953136+pennae@users.noreply.github.com> nbd: generalize options in nbd service nbd: harden service nbd: Update nixos/modules/services/networking/nbd.nix Co-authored-by: pennae <82953136+pennae@users.noreply.github.com> nbd: Update nixos/modules/services/networking/nbd.nix Co-authored-by: pennae <82953136+pennae@users.noreply.github.com> nbd: refactor code a bit and BindPaths automatically
2022-03-06 13:49:57 +00:00
<listitem>
<para>
<link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a
Network Block Device server. Available as
<link xlink:href="options.html#opt-services.nbd.server.enable">services.nbd</link>.
</para>
</listitem>
nix-ld: mention in changelog
2022-03-21 10:11:54 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/Mic92/nix-ld">nix-ld</link>,
Run unpatched dynamic binaries on NixOS. Available as
<link xlink:href="options.html#opt-programs.nix-ld.enable">programs.nix-ld</link>.
</para>
</listitem>
Add timetagger to release notes Why the f*** would anyone ever add generated stuff to a git repository, where the sources for the generated stuff AND the scripts to generate them are in the repository? Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2021-12-30 08:43:06 +00:00
<listitem>
<para>
<link xlink:href="https://timetagger.app">timetagger</link>,
an open source time-tracker with an intuitive user experience
and powerful reporting.
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
</para>
</listitem>
nixos/rstudio-server: add to 22.05 release notes
2022-01-10 23:16:28 +00:00
<listitem>
<para>
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
a browser-based version of the RStudio IDE for the R
programming language. Available as
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
nixos/headscale: Add headscale service module
2022-01-27 20:15:38 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/juanfont/headscale">headscale</link>,
an Open Source implementation of the
<link xlink:href="https://tailscale.io">Tailscale</link>
Control Server. Available as
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
</para>
</listitem>
nixos/create_ap: add module
2022-04-13 17:20:37 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/lakinduakash/linux-wifi-hotspot">create_ap</link>,
a module for creating wifi hotspots using the program
linux-wifi-hotspot. Available as
<link xlink:href="options.html#opt-services.create_ap.enable">services.create_ap</link>.
</para>
</listitem>
nixos/blocky: init
2022-02-10 22:44:18 +00:00
<listitem>
<para>
<link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
fast and lightweight DNS proxy as ad-blocker for local network
with many features.
</para>
</listitem>
nixos/tests/pacemaker: init
2022-03-08 01:46:26 +00:00
<listitem>
<para>
<link xlink:href="https://clusterlabs.org/pacemaker/">pacemaker</link>
cluster resource manager
</para>
</listitem>
nixos/nifi: add release notes
2022-04-10 12:55:20 +00:00
<listitem>
<para>
<link xlink:href="https://nifi.apache.org">nifi</link>, an
easy to use, powerful, and reliable system to process and
distribute data. Available as
<link xlink:href="options.html#opt-services.nifi.enable">services.nifi</link>.
</para>
</listitem>
nixos/kanidm: fix release notes
2022-05-05 17:18:41 +00:00
<listitem>
<para>
<link xlink:href="https://kanidm.github.io/kanidm/stable/">kanidm</link>,
an identity management server written in Rust.
</para>
</listitem>
nixos/aesmd: add module Co-authored-by: Alex Zero <joseph@marsden.space>
2021-11-25 13:37:51 +00:00
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
2021-11-22 22:21:27 +00:00
</section>
<section xml:id="sec-release-22.05-incompatibilities">
<title>Backward Incompatibilities</title>
emacsPackages.orgPackages: deprecated org elpa is deprecated and moved into gnu elpa and nongnu elpa. link: nix-community/emacs-overlay#191
2021-12-02 02:27:29 +00:00
<itemizedlist>
ghc: make sure top level exposed GHC is always host->target See the added comment in all-packages.nix for a more detailed explanation. This makes the top-level GHC different from haskellPackages.ghc (which is build->host and used for building the package set), but more consistent with gcc, gnat etc. Specifically, pkgsCross.${platform}.buildPackages.ghc will now be a cross-compiler instead of a native build->build compiler. Since this change has a slight chance of being disruptive, add a note to the changelog.
2021-11-24 14:52:25 +00:00
<listitem>
<para>
<literal>pkgs.ghc</literal> now refers to
<literal>pkgs.targetPackages.haskellPackages.ghc</literal>.
This <emphasis>only</emphasis> makes a difference if you are
cross-compiling and will ensure that
<literal>pkgs.ghc</literal> always runs on the host platform
and compiles for the target platform (similar to
<literal>pkgs.gcc</literal> for example).
<literal>haskellPackages.ghc</literal> still behaves as
before, running on the build platform and compiling for the
host platform (similar to <literal>stdenv.cc</literal>). This
means you dont have to adjust your derivations if you use
<literal>haskellPackages.callPackage</literal>, but when using
<literal>pkgs.callPackage</literal> and taking
<literal>ghc</literal> as an input, you should now use
<literal>buildPackages.ghc</literal> instead to ensure cross
compilation keeps working (or switch to
<literal>haskellPackages.callPackage</literal>).
</para>
</listitem>
haskellPackages.ghcWithPackages: throw on old override interface Adding a fake override function via passthru will at least give users of the old override interface a more helpful error message. Additionally we also document the changes in the changelog.
2022-01-27 08:42:51 +00:00
<listitem>
<para>
<literal>pkgs.ghc.withPackages</literal> as well as
<literal>haskellPackages.ghcWithPackages</literal> etc. now
needs be overridden directly, as opposed to overriding the
result of calling it. Additionally, the
<literal>withLLVM</literal> parameter has been renamed to
<literal>useLLVM</literal>. So instead of
<literal>(ghc.withPackages (p: [])).override { withLLVM = true; }</literal>,
one needs to use
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
</para>
</listitem>
rl-2205: mention changes to the xmonad haskell module
2022-05-19 16:11:39 +00:00
<listitem>
<para>
The update of the haskell package set brings with it a new
version of the <literal>xmonad</literal> module, which will
break your configuration if you use <literal>launch</literal>
as entrypoint. The example code the corresponding nixos module
was adjusted, you way want to have a look at it.
</para>
</listitem>
nixos/home-assistant: convert to rfc42 style settings After this change users with non-declarative configs need to set `services.home-assistant.config` to an `null`, or their `configuration.yaml` will be overwritten. The reason for this is that with rfc42 style defaults the config attribute set will never be empty by default.
2022-01-30 01:41:15 +00:00
<listitem>
<para>
The <literal>home-assistant</literal> module now requires
users that dont want their configuration to be managed
declaratively to set
<literal>services.home-assistant.config = null;</literal>.
This is required due to the way default settings are handled
with the new settings style.
</para>
<para>
Additionally the default list of
<literal>extraComponents</literal> now includes the minimal
dependencies to successfully complete the
<link xlink:href="https://www.home-assistant.io/getting-started/onboarding/">onboarding</link>
procedure.
</para>
</listitem>
emacsPackages.orgPackages: deprecated org elpa is deprecated and moved into gnu elpa and nongnu elpa. link: nix-community/emacs-overlay#191
2021-12-02 02:27:29 +00:00
<listitem>
<para>
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
because org elpa is deprecated. The packages in the top level
of <literal>pkgs.emacsPackages</literal>, such as org and
org-contrib, refer to the ones in
<literal>pkgs.emacsPackages.elpaPackages</literal> and
<literal>pkgs.emacsPackages.nongnuPackages</literal> where the
new versions will release.
</para>
</listitem>
release-notes: Add release note about nixos containers directory moves
2020-05-08 14:34:06 +00:00
<listitem>
<para>
The configuration and state directories used by
<literal>nixos-containers</literal> have been moved from
<literal>/etc/containers</literal> and
<literal>/var/lib/containers</literal> to
<literal>/etc/nixos-containers</literal> and
<literal>/var/lib/nixos-containers</literal>.
</para>
<para>
If you are changing <literal>system.stateVersion</literal> to
<literal>&quot;22.05&quot;</literal> manually on an existing
system you are responsible for migrating these directories
yourself.
</para>
<para>
This is to improve compatibility with
<literal>libcontainer</literal> based software such as Podman
and Skopeo which assumes they have ownership over
<literal>/etc/containers</literal>.
</para>
</listitem>
nixos/virtualisation.oci-containers: Use podman as the default backend This has a number of benefits such as that applying service limits will actually work since there isn't a layer of indirection (the Docker daemon) between the systemd service and the container runtime.
2022-04-27 16:51:50 +00:00
<listitem>
<para>
For new installations
<literal>virtualisation.oci-containers.backend</literal> is
now set to <literal>podman</literal> by default. If you still
want to use Docker on systems where
<literal>system.stateVersion</literal> is set to to
<literal>&quot;22.05&quot;</literal> set
<literal>virtualisation.oci-containers.backend = &quot;docker&quot;;</literal>.Old
systems with older <literal>stateVersion</literal>s stay with
<quote>docker</quote>.
</para>
</listitem>
nixos/klogd: remove This module only has an effect for ancient kernel versions we don't support.
2022-03-30 18:53:36 +00:00
<listitem>
<para>
<literal>security.klogd</literal> was removed. Logging of
kernel messages is handled by systemd since Linux 3.5.
</para>
</listitem>
doc/release-notes: add ssmtp removal notice and alternative GitHub: closes https://github.com/NixOS/nixpkgs/issues/105710
2022-04-03 16:36:40 +00:00
<listitem>
<para>
<literal>pkgs.ssmtp</literal> has been dropped due to the
program being unmaintained. <literal>pkgs.msmtp</literal> can
be used instead as a substitute <literal>sendmail</literal>
implementation. The corresponding options
<literal>services.ssmtp.*</literal> have been removed as well.
<literal>programs.msmtp.*</literal> can be used instead for an
equivalent setup. For example:
</para>
<programlisting language="bash">
{
# Original ssmtp configuration:
services.ssmtp = {
enable = true;
useTLS = true;
useSTARTTLS = true;
hostName = &quot;smtp.example:587&quot;;
authUser = &quot;someone&quot;;
authPassFile = &quot;/secrets/password.txt&quot;;
};
# Equivalent msmtp configuration:
programs.msmtp = {
enable = true;
accounts.default = {
tls = true;
tls_starttls = true;
auth = true;
host = &quot;smtp.example&quot;;
port = 587;
user = &quot;someone&quot;;
passwordeval = &quot;cat /secrets/password.txt&quot;;
};
};
}
</programlisting>
</listitem>
nixos/kubernetes: remove dashboard
2021-12-14 01:03:48 +00:00
<listitem>
<para>
<literal>services.kubernetes.addons.dashboard</literal> was
removed due to it being an outdated version.
</para>
</listitem>
nixos/kubernetes: Update deprecated scheduler opts --port and --address have both been deprecated and are nonfunctional starting with kubernetes 1.23. Use --secure-port and --bind-address instead. This means that users can no longer rely on the insecure port for anything, so update the release notes accordingly.
2022-02-15 07:21:09 +00:00
<listitem>
<para>
<literal>services.kubernetes.scheduler.{port,address}</literal>
now set <literal>--secure-port</literal> and
<literal>--bind-address</literal> instead of
<literal>--port</literal> and <literal>--address</literal>,
since the former have been deprecated and are no longer
functional in kubernetes&gt;=1.23. Ensure that you are not
relying on the insecure behaviour before upgrading.
</para>
</listitem>
doc/release-notes: mention pdns-recursor options changes
2022-04-13 21:20:39 +00:00
<listitem>
<para>
In the PowerDNS Recursor module
(<literal>services.pdns-recursor</literal>), default values of
several IP address-related NixOS options have been updated to
match the default upstream behavior. In particular, Recursor
by default will:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
listen on (and allows connections from) both IPv4 and IPv6
addresses
(<literal>services.pdns-recursor.dns.address</literal>,
<literal>services.pdns-recursor.dns.allowFrom</literal>);
</para>
</listitem>
<listitem>
<para>
allow only local connections to the REST API server
(<literal>services.pdns-recursor.api.allowFrom</literal>).
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/release-notes: document ncdns incompatible changes
2022-04-14 19:30:00 +00:00
<listitem>
<para>
In the ncdns module, the default value of
<literal>services.ncdns.address</literal> has been changed to
the IPv6 loopback address (<literal>::1</literal>).
</para>
</listitem>
openssh: 8.8p1 -> 8.9p1
2022-02-23 19:26:44 +00:00
<listitem>
<para>
<literal>openssh</literal> has been update to 8.9p1, changing
the FIDO security key middleware interface.
</para>
</listitem>
git: only hardcode path to ssh binary on full build Requirement for #146702
2022-03-29 23:14:27 +00:00
<listitem>
<para>
<literal>git</literal> no longer hardcodes the path to
openssh ssh binary to reduce the amount of rebuilds. If you
are using git with ssh remotes and do not have a ssh binary in
your enviroment consider adding <literal>openssh</literal> to
it or switching to <literal>gitFull</literal>.
</para>
</listitem>
nixos/k3s: use the systemd driver for docker + unified cgroups This is necessary for it to work at all. The single-node-docker test will fail without this change. Also add a release note for it.
2022-03-05 08:43:47 +00:00
<listitem>
<para>
<literal>services.k3s.enable</literal> no longer implies
<literal>systemd.enableUnifiedCgroupHierarchy = false</literal>,
and will default to the <quote>systemd</quote> cgroup driver
when using <literal>services.k3s.docker = true</literal>. This
change may require a reboot to take effect, and k3s may not be
able to run if the boot cgroup hierarchy does not match its
configuration. The previous behavior may be retained by
explicitly setting
<literal>systemd.enableUnifiedCgroupHierarchy = false</literal>
in your configuration.
</para>
nixos/kubernetes: Update deprecated scheduler opts --port and --address have both been deprecated and are nonfunctional starting with kubernetes 1.23. Use --secure-port and --bind-address instead. This means that users can no longer rely on the insecure port for anything, so update the release notes accordingly.
2022-02-15 07:21:09 +00:00
</listitem>
nixos/fonts: Document removal of ancient bitmap fonts from default config
2022-03-13 22:43:32 +00:00
<listitem>
<para>
<literal>fonts.fonts</literal> no longer includes ancient
bitmap fonts when both
<literal>config.services.xserver.enable</literal> and
<literal>config.nixpkgs.config.allowUnfree</literal> are
enabled. If you still want these fonts, use:
</para>
<programlisting language="bash">
{
fonts.fonts = [
pkgs.xorg.fontbhlucidatypewriter100dpi
pkgs.xorg.fontbhlucidatypewriter75dpi
pkgs.xorg.fontbh100dpi
];
}
</programlisting>
</listitem>
nixos/prometheus: Remove upstream-deprecated alertManagerTimeout When started, Prometheus prints: > The flag --alertmanager.timeout has no effect and will be removed in > the future. See also https://github.com/prometheus/prometheus/commit/2316062d4ed661e63c5b5079724ca334b560f28d
2022-03-04 14:11:17 +00:00
<listitem>
<para>
<literal>services.prometheus.alertManagerTimeout</literal> has
been removed as it has been deprecated upstream and has no
effect.
</para>
</listitem>
docs/release-notes: document dhcpd hardening
2022-01-20 14:50:19 +00:00
<listitem>
<para>
The DHCP server (<literal>services.dhcpd4</literal>,
<literal>services.dhcpd6</literal>) has been hardened. The
service is now using the systemds
<literal>DynamicUser</literal> mechanism to run as an
unprivileged dynamically-allocated user with limited
capabilities. The dhcpd state files are now always stored in
<literal>/var/lib/dhcpd{4,6}</literal> and the
<literal>services.dhcpd4.stateDir</literal> and
<literal>service.dhcpd6.stateDir</literal> options have been
removed. If you were depending on root privileges or
set{uid,gid,cap} binaries in dhcpd shell hooks, you may give
dhcpd more capabilities with e.g.
<literal>systemd.services.dhcpd6.serviceConfig.AmbientCapabilities</literal>.
</para>
</listitem>
mailpile, nixos/mailpile: drop Still actively developed and yet stuck on python2. Also marked as vulnerable and their issue tracker contains yet another security issue reported in 2021/10 that the upstream hasn't acknowledged yet. Mind blown. Closes: #135543, #97274, #97275
2022-01-12 01:27:51 +00:00
<listitem>
<para>
The <literal>mailpile</literal> email webclient
(<literal>services.mailpile</literal>) has been removed due to
its reliance on python2.
</para>
</listitem>
nixos/ipfs: improve how the commandline flags are generated Use `utils.escapeSystemdExecArgs` instead of relying on the exact way in which `toString` formats a list. In https://github.com/NixOS/nixpkgs/pull/156706#discussion_r795867283 a suggestion was made and then implemented to replace `toString` with `concatStringsSep " "`. @pennae then suggested to use `utils.escapeSystemdExecArgs` instead in https://github.com/NixOS/nixpkgs/pull/164846#issuecomment-1073001848.
2022-03-06 15:57:57 +00:00
<listitem>
<para>
<literal>services.ipfs.extraFlags</literal> is now escaped
with <literal>utils.escapeSystemdExecArgs</literal>. If you
rely on systemd interpolating <literal>extraFlags</literal> in
the service <literal>ExecStart</literal>, this will no longer
work.
</para>
</listitem>
hbase: add release notes
2022-04-15 07:23:59 +00:00
<listitem>
<para>
<literal>hbase</literal> version 0.98.24 has been removed. The
package now defaults to version 2.4.11. Versions 1.7.1 and
3.0.0-alpha-2 are also available.
</para>
</listitem>
nixos/paperless-ng: rename to `paperless`, use `paperless-ngx` package Use this opportunity to rename `paperless-(ng)-server` to `paperless-scheduler`. This follows the naming scheme in the paperless repo and docs.
2022-04-12 15:48:53 +00:00
<listitem>
<para>
<literal>services.paperless-ng</literal> was renamed to
<literal>services.paperless</literal>. Accordingly, the
<literal>paperless-ng-manage</literal> script (located in
<literal>dataDir</literal>) was renamed to
<literal>paperless-manage</literal>.
<literal>services.paperless</literal> now uses
<literal>paperless-ngx</literal>.
</para>
</listitem>
nixos/doc/2205: explain matrix-synapse rfc42 migration
2022-02-08 15:11:53 +00:00
<listitem>
<para>
The <literal>matrix-synapse</literal> service
(<literal>services.matrix-synapse</literal>) has been
converted to use the <literal>settings</literal> option
defined in RFC42. This means that options that are part of
your <literal>homeserver.yaml</literal> configuration, and
that were specified at the top-level of the module
(<literal>services.matrix-synapse</literal>) now need to be
moved into
<literal>services.matrix-synapse.settings</literal>. And while
not all options you may use are defined in there, they are
still supported, because you can set arbitrary values in this
freeform type.
</para>
matrix-synapse: fix release notes and doc for #158605 changes
2022-03-12 15:33:46 +00:00
<para>
The <literal>listeners.*.bind_address</literal> option was
renamed to <literal>bind_addresses</literal> in order to match
the upstream <literal>homeserver.yaml</literal> option name.
It is now also a list of strings instead of a string.
</para>
nixos/doc/2205: explain matrix-synapse rfc42 migration
2022-02-08 15:11:53 +00:00
<para>
An example to make the required migration clearer:
</para>
<para>
Before:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
registration_shared_secret = &quot;xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut&quot;;
macaroon_secret_key = &quot;xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
bind_address = &quot;&quot;;
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
}
</programlisting>
<para>
After:
</para>
<programlisting language="bash">
{
services.matrix-synapse = {
enable = true;
# this attribute set holds all values that go into your homeserver.yaml configuration
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
# possible values.
settings = {
server_name = &quot;example.com&quot;;
public_baseurl = &quot;https://example.com:8448&quot;;
enable_registration = false;
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
tls_certificate_path = &quot;/var/lib/acme/example.com/fullchain.pem&quot;;
listeners = [ {
port = 8448;
matrix-synapse: fix release notes and doc for #158605 changes
2022-03-12 15:33:46 +00:00
bind_addresses = [
nixos/doc/2205: explain matrix-synapse rfc42 migration
2022-02-08 15:11:53 +00:00
&quot;::&quot;
&quot;0.0.0.0&quot;
];
type = &quot;http&quot;;
tls = true;
resources = [ {
names = [ &quot;client&quot; ];
compress = true;
} {
names = [ &quot;federation&quot; ];
compress = false;
} ];
} ];
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
];
};
}
</programlisting>
<para>
The secrets in your original config should be migrated into a
YAML file that is included via
<literal>extraConfigFiles</literal>.
</para>
<para>
Additionally a few option defaults have been synced up with
upstream default values, for example the
<literal>max_upload_size</literal> grew from
matrix-synapse: fix release notes and doc for #158605 changes
2022-03-12 15:33:46 +00:00
<literal>10M</literal> to <literal>50M</literal>. For the same
reason, the default <literal>media_store_path</literal> was
changed from <literal>${dataDir}/media</literal> to
<literal>${dataDir}/media_store</literal> if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Files will need to be manually moved
to the new location if the <literal>stateVersion</literal> is
updated.
nixos/doc/2205: explain matrix-synapse rfc42 migration
2022-02-08 15:11:53 +00:00
</para>
matrix-synapse: 1.57.0 -> 1.58.0 Closes #169534
2022-05-03 11:37:59 +00:00
<para>
As of Synapse 1.58.0, the old groups/communities feature has
been disabled by default. It will be completely removed with
Synapse 1.61.0.
</para>
nixos/doc/2205: explain matrix-synapse rfc42 migration
2022-02-08 15:11:53 +00:00
</listitem>
keycloak: Switch to the new Quarkus version of Keycloak With version 17 of Keycloak, the Wildfly based distribution was deprecated in favor of the one based on Quarkus. The difference in configuration is massive and to accommodate it, both the package and module had to be rewritten.
2022-04-05 16:59:05 +00:00
<listitem>
<para>
The Keycloak package (<literal>pkgs.keycloak</literal>) has
been switched from the Wildfly version, which will soon be
deprecated, to the Quarkus based version. The Keycloak service
(<literal>services.keycloak</literal>) has been updated to
accommodate the change and now differs from the previous
version in a few ways:
</para>
<itemizedlist>
<listitem>
<para>
<literal>services.keycloak.extraConfig</literal> has been
removed in favor of the new
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
<link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link>
option. The available options correspond directly to
parameters in <literal>conf/keycloak.conf</literal>. Some
of the most important parameters are documented as
suboptions, the rest can be found in the
<link xlink:href="https://www.keycloak.org/server/all-config">All
configuration section of the Keycloak Server Installation
and Configuration Guide</link>. While the new
configuration is much simpler and cleaner than the old
JBoss CLI one, this unfortunately mean that theres no
straightforward way to convert an old configuration to the
new format and some settings may not even be available
anymore.
</para>
</listitem>
<listitem>
<para>
<literal>services.keycloak.frontendUrl</literal> was
removed and the frontend URL is now configured through the
<literal>hostname</literal> family of settings in
<link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link>
instead. See the
<link xlink:href="https://www.keycloak.org/server/hostname">Hostname
section of the Keycloak Server Installation and
Configuration Guide</link> for more details. Additionally,
<literal>/auth</literal> was removed from the default
context path and needs to be added back in
<link linkend="opt-services.keycloak.settings.http-relative-path"><literal>services.keycloak.settings.http-relative-path</literal></link>
if you want to keep compatibility with your current
clients.
</para>
</listitem>
<listitem>
<para>
<literal>services.keycloak.bindAddress</literal>,
<literal>services.keycloak.forceBackendUrlToFrontendUrl</literal>,
<literal>services.keycloak.httpPort</literal> and
<literal>services.keycloak.httpsPort</literal> have been
removed in favor of their equivalent options in
<link linkend="opt-services.keycloak.settings"><literal>services.keycloak.settings</literal></link>.
<literal>httpPort</literal> and
<literal>httpsPort</literal> have additionally had their
types changed from <literal>str</literal> to
<literal>port</literal>.
</para>
<para>
The new names are as follows:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>bindAddress</literal>:
<link linkend="opt-services.keycloak.settings.http-host"><literal>services.keycloak.settings.http-host</literal></link>
</para>
</listitem>
<listitem>
<para>
<literal>forceBackendUrlToFrontendUrl</literal>:
<link linkend="opt-services.keycloak.settings.hostname-strict-backchannel"><literal>services.keycloak.settings.hostname-strict-backchannel</literal></link>
</para>
</listitem>
<listitem>
<para>
<literal>httpPort</literal>:
<link linkend="opt-services.keycloak.settings.http-port"><literal>services.keycloak.settings.http-port</literal></link>
</para>
</listitem>
<listitem>
<para>
<literal>httpsPort</literal>:
<link linkend="opt-services.keycloak.settings.https-port"><literal>services.keycloak.settings.https-port</literal></link>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<para>
For example, when using a reverse proxy the migration could
look like this:
</para>
<para>
Before:
</para>
<programlisting language="bash">
services.keycloak = {
enable = true;
httpPort = &quot;8080&quot;;
frontendUrl = &quot;https://keycloak.example.com/auth&quot;;
database.passwordFile = &quot;/run/keys/db_password&quot;;
extraConfig = {
&quot;subsystem=undertow&quot;.&quot;server=default-server&quot;.&quot;http-listener=default&quot;.proxy-address-forwarding = true;
};
};
</programlisting>
<para>
After:
</para>
<programlisting language="bash">
services.keycloak = {
enable = true;
settings = {
http-port = 8080;
hostname = &quot;keycloak.example.com&quot;;
http-relative-path = &quot;/auth&quot;;
proxy = &quot;edge&quot;;
};
database.passwordFile = &quot;/run/keys/db_password&quot;;
};
</programlisting>
</listitem>
nixos/moinmoin, nixos/tests/moinmoin, python2Packages.moinmoin: remove Stuck on python2 and the NixOS test has been failing for 6 months.
2021-12-31 23:34:46 +00:00
<listitem>
<para>
The MoinMoin wiki engine
(<literal>services.moinmoin</literal>) has been removed,
because Python 2 is being retired from nixpkgs.
</para>
</listitem>
nixos/hadoop: add release notes
2022-03-08 19:04:07 +00:00
<listitem>
<para>
Services in the <literal>hadoop</literal> module previously
set <literal>openFirewall</literal> to true by default. This
has now been changed to false. Node definitions for multi-node
clusters would need <literal>openFirewall = true;</literal> to
be added to to hadoop services when upgrading from NixOS
21.11.
</para>
</listitem>
<listitem>
<para>
<literal>services.hadoop.yarn.nodemanager</literal> now uses
cgroup-based CPU limit enforcement by default. Additionally,
the option <literal>useCGroups</literal> was added to
nodemanagers as an easy way to switch back to the old
behavior.
</para>
</listitem>
doc: add release notes for a wafHook change
2021-11-29 07:08:43 +00:00
<listitem>
<para>
The <literal>wafHook</literal> hook now honors
<literal>NIX_BUILD_CORES</literal> when
<literal>enableParallelBuilding</literal> is not set
explicitly. Packages can restore the old behaviour by setting
<literal>enableParallelBuilding=false</literal>.
</para>
</listitem>
claws-mail: remove claws-mail-gtk2 version The GTK+ 2 version of Claws Mail, major version number three, relies on Python 2, which is end-of-life and might be dropped in the nixpkgs. In favour of #148779, this older branch of Claws Mail was removed.
2021-12-05 21:58:46 +00:00
<listitem>
<para>
<literal>pkgs.claws-mail-gtk2</literal>, representing Claws
Mails older release version three, was removed in order to
get rid of Python 2. Please switch to
<literal>claws-mail</literal>, which is Claws Mails latest
release based on GTK+3 and Python 3.
</para>
</listitem>
writers.PyPy{2,3}: init
2021-12-11 13:02:38 +00:00
<listitem>
<para>
The <literal>writers.writePython2</literal> and corresponding
<literal>writers.writePython2Bin</literal> convenience
functions to create executable Python 2 scripts in the store
were removed in preparation of removal of the Python 2
interpreter. Scripts have to be converted to Python 3 for use
with <literal>writers.writePython3</literal> or
<literal>writers.writePyPy2</literal> needs to be used.
</para>
</listitem>
gnome-passwordsafe: rename to gnome-secrets, 5.0->6.1
2022-01-19 13:55:04 +00:00
<listitem>
<para>
nixos/doc/2205: add note for `go_1_17` `vendorSha256`
2022-02-07 11:01:38 +00:00
<literal>buildGoModule</literal> was updated to use
<literal>go_1_17</literal>, third party derivations that
specify &gt;= go 1.17 in the main <literal>go.mod</literal>
will need to regenerate their <literal>vendorSha256</literal>
hash.
</para>
</listitem>
gnome-passwordsafe: rename to gnome-secrets, 5.0->6.1
2022-01-19 13:55:04 +00:00
<listitem>
<para>
The <literal>gnome-passwordsafe</literal> package updated to
<link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version
6.x</link> and renamed to <literal>gnome-secrets</literal>.
</para>
</listitem>
nixos/gnome: Remove realtime scheduling option It is now accomplished using rtkit rather than setcap wrapper: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060 Replace the option with `security.rtkit.enable`. Closes: https://github.com/NixOS/nixpkgs/issues/90201 Closes: https://github.com/NixOS/nixpkgs/issues/86730
2022-02-19 06:03:02 +00:00
<listitem>
<para>
<literal>services.gnome.experimental-features.realtime-scheduling</literal>
option has been removed, as GNOME Shell now
<link xlink:href="https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060">uses
rtkit</link>. Use
<literal>security.rtkit.enable = true;</literal> instead. As
before, you will need to have it enabled using GSettings.
</para>
</listitem>
nixos/gnome: change telepathy service from default true to default false
2022-03-27 05:49:40 +00:00
<listitem>
<para>
<literal>services.telepathy</literal> will no longer be
enabled by default for GNOME desktops, one should enable it in
their configs if using Empathy or Polari.
</para>
</listitem>
nixos/docker: add daemonConfig option Adds the virtualisation.docker.daemonConfig option that allows changing Docker daemon settings as done in daemon.conf.
2021-10-13 17:47:37 +00:00
<listitem>
<para>
If you previously used
<literal>/etc/docker/daemon.json</literal>, you need to
incorporate the changes into the new option
rename daemonConfig -> daemon.settings
2021-12-19 13:16:58 +00:00
<literal>virtualisation.docker.daemon.settings</literal>.
nixos/docker: add daemonConfig option Adds the virtualisation.docker.daemonConfig option that allows changing Docker daemon settings as done in daemon.conf.
2021-10-13 17:47:37 +00:00
</para>
</listitem>
nixos/ntopng: update user and redis configuration New ntopng version supports running as specified user. Create a separate user for ntopng with a separate Redis instance. Separate instance is only used for new `system.stateVersion`s to avoid breaking existing setups. To configure that we add two new options, `redis.address` and `redis.createInstance`. They can also be used to specify your own Redis address.
2022-02-12 12:45:57 +00:00
<listitem>
<para>
Ntopng (<literal>services.ntopng</literal>) is updated to
5.2.1 and uses a separate Redis instance if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Existing setups shouldnt be
affected.
</para>
</listitem>
nixos/wordpress: Drop old deprecated interface (#152674)
2022-01-23 14:17:01 +00:00
<listitem>
<para>
The backward compatibility in
<literal>services.wordpress</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.wordpress.sites</literal> instead.
</para>
</listitem>
nixos/dokuwiki: Drop deprecated old interface (#152676)
2022-01-15 17:38:20 +00:00
<listitem>
<para>
The backward compatibility in
<literal>services.dokuwiki</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.dokuwiki.sites</literal> instead.
</para>
</listitem>
opensmtpd-extras: drop python2 option related to https://github.com/NixOS/nixpkgs/issues/148779
2022-01-04 07:57:05 +00:00
<listitem>
<para>
opensmtpd-extras is no longer build with python2 scripting
support due to python2 deprecation in nixpkgs
</para>
</listitem>
nixos/miniflux: no cleartext password in the store
2022-01-02 12:00:00 +00:00
<listitem>
<para>
<literal>services.miniflux.adminCredentialFiles</literal> is
now required, instead of defaulting to
<literal>admin</literal> and <literal>password</literal>.
</para>
</listitem>
nixos/taskserver: do not open firewall port implicitly This adds an option `services.taskserver.openFirewall` to allow the user to choose whether or not the firewall port should be opened for the service. This is no longer the case by default. See also https://github.com/NixOS/nixpkgs/issues/19504.
2022-02-11 01:30:44 +00:00
<listitem>
<para>
The <literal>taskserver</literal> module no longer implicitly
opens ports in the firewall configuration. This is now
controlled through the option
<literal>services.taskserver.openFirewall</literal>.
</para>
</listitem>
nixos/rl-2205: mention autorestic update
2021-12-25 12:18:09 +00:00
<listitem>
<para>
The <literal>autorestic</literal> package has been upgraded
from 1.3.0 to 1.5.0 which introduces breaking changes in
config file, check
<link xlink:href="https://autorestic.vercel.app/migration/1.4_1.5">their
migration guide</link> for more details.
</para>
</listitem>
teleport: 8.1.3 -> 9.1.2
2022-04-25 16:06:27 +00:00
<listitem>
<para>
<literal>teleport</literal> has been upgraded to major version
9. Please see upstream
<link xlink:href="https://goteleport.com/docs/setup/operations/upgrading/">upgrade
instructions</link> and
<link xlink:href="https://goteleport.com/docs/changelog/#900">release
notes</link>.
</para>
</listitem>
nixos/doc/rl-2205: Add note about reduced closure of python3.pkgs.matplotlib
2021-12-19 02:13:29 +00:00
<listitem>
<para>
For <literal>pkgs.python3.pkgs.ipython</literal>, its direct
dependency
<literal>pkgs.python3.pkgs.matplotlib-inline</literal> (which
is really an adapter to integrate matplotlib in ipython if it
is installed) does not depend on
<literal>pkgs.python3.pkgs.matplotlib</literal> anymore. This
is closer to a non-Nix install of ipython. This has the added
benefit to reduce the closure size of
<literal>ipython</literal> from ~400MB to ~160MB (including
~100MB for python itself).
</para>
</listitem>
nixos/doc: document documentation.man changes in 22.05 rel notes
2021-11-22 22:25:22 +00:00
<listitem>
<para>
<literal>documentation.man</literal> has been refactored to
support choosing a man implementation other than GNUs
<literal>man-db</literal>. For this,
<literal>documentation.man.manualPages</literal> has been
renamed to
<literal>documentation.man.man-db.manualPages</literal>. If
you want to use the new alternative man implementation
<literal>mandoc</literal>, add
<literal>documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }</literal>
to your configuration.
</para>
</listitem>
users-groups service: add autoSubUidGidRange option Previously we allocated subuids automatically for all normal users. Make this explicitly configurable, so that one can use this for system users too (or explicitly disable for normal users). Also don't allocate automatically by default if a user already has ranges specified statically.
2022-01-05 10:20:47 +00:00
<listitem>
<para>
Normal users (with <literal>isNormalUser = true</literal>)
which have non-empty <literal>subUidRanges</literal> or
<literal>subGidRanges</literal> set no longer have additional
implicit ranges allocated. To enable automatic allocation back
set <literal>autoSubUidGidRange = true</literal>.
</para>
</listitem>
Idris2: Refactor default.nix We take the idris2 projects version of the derivation. Originally, Idris2 did not maintain their own nix derivation, so we created our own. Now they maintain their own derivation, so we should try to keep ours as close to theirs. This change comes with the following differences: * support files are in its own output, instead of packaged with idris2 - This makes it necessary to provide --package for contrib and network !!! This is a breaking change !!! * IDIRS2_PREFIX is set to ~/.idris2 instead of pointing to nix-store - This makes --install work as expected for the user * Properly set IDRIS2_PACKAGE_PATH * non-linux platform uses chez-racket instead of chez
2022-01-08 21:12:04 +00:00
<listitem>
<para>
<literal>idris2</literal> now requires
<literal>--package</literal> when using packages
<literal>contrib</literal> and <literal>network</literal>,
while previously these idris2 packages were automatically
loaded.
</para>
</listitem>
iputils: 20210722 -> 20211215 The tools "tftpd" and "traceroute6" were removed. See [0] for more details. [0]: https://github.com/iputils/iputils/releases/tag/20211215
2021-12-19 11:01:43 +00:00
<listitem>
<para>
The iputils package, which is installed by default, no longer
provides the legacy tools <literal>tftpd</literal> and
<literal>traceroute6</literal>. More tools
(<literal>ninfod</literal>, <literal>rarpd</literal>, and
<literal>rdisc</literal>) are going to be removed in the next
release. See
<link xlink:href="https://github.com/iputils/iputils/releases/tag/20211215">upstreams
release notes</link> for more details and available
replacements.
</para>
</listitem>
nixos/thelounge: private -> public Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
2021-07-07 16:45:21 +00:00
<listitem>
<para>
<literal>services.thelounge.private</literal> was removed in
favor of <literal>services.thelounge.public</literal>, to
follow with upstream changes.
</para>
</listitem>
docbookrx: drop
2022-01-12 12:04:44 +00:00
<listitem>
<para>
<literal>pkgs.docbookrx</literal> was removed since its
unmaintained
</para>
</listitem>
_7zz: correct license (#163999) * _7zz: correct license and remove p7zip dependency The code under Compress/Rar* is licensed under a specific unRAR license Also Compress/LzfseDecoder.cpp is covered by BSD3 The unRAR code is removed from the `.tar.xz` since the license posits you agree or remove the code from your hard drive This adds some complexity to updating 7zz so there is also an update script Meta has been updated and tweaked Source is now downloaded from sourceforge in the `.tar.xz` version to avoid depending on p7zip * _7zz: add notice of the license updates and optional unRAR licenced code
2022-03-18 04:47:19 +00:00
<listitem>
<para>
<literal>pkgs._7zz</literal> is now correctly licensed as
LGPL3+ and BSD3 with optional unfree unRAR licensed code
</para>
</listitem>
vimUtils.makeCustomizable: rewrite to include more things The current wrapper only includes vim, gvim and the man pages (optionally). This rewrite distinguishes two scenarios, which I expect cover the majority of use cases: - standalone mode, when `name != "vim"`, means the user already has a vim in scope and only wants to add a customized version with a different name. In this case we only include wrappers for `/bin/*vim`. - non-standalone mode, when `name == "vim"`, means the user expects a normal vim package that uses the specified configuration. In this case we include everything in the original derivation, with wrappers for all the executables that accept a vimrc.
2022-03-19 08:41:32 +00:00
<listitem>
<para>
The <literal>vim.customize</literal> function produced by
<literal>vimUtils.makeCustomizable</literal> now has a
slightly different interface:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The wrapper now includes everything in the given Vim
derivation if <literal>name</literal> is
<literal>&quot;vim&quot;</literal> (the default). This
makes the <literal>wrapManual</literal> argument obsolete,
but this behavior can be overriden by setting the
<literal>standalone</literal> argument.
</para>
</listitem>
<listitem>
<para>
All the executables present in the given derivation (or,
in <literal>standalone</literal> mode, only the
<literal>*vim</literal> ones) are wrapped. This makes the
<literal>wrapGui</literal> argument obsolete.
</para>
</listitem>
<listitem>
<para>
The <literal>vimExecutableName</literal> and
<literal>gvimExecutableName</literal> arguments were
replaced by a single <literal>executableName</literal>
argument in which the shell variable
<literal>$exe</literal> can be used to refer to the
wrapped executables name.
</para>
</listitem>
</itemizedlist>
<para>
See the comments in
<literal>pkgs/applications/editors/vim/plugins/vim-utils.nix</literal>
for more details.
</para>
<para>
<literal>vimUtils.vimWithRC</literal> was removed. You should
instead use <literal>customize</literal> on a Vim derivation,
which now accepts <literal>vimrcFile</literal> and
<literal>gvimrcFile</literal> arguments.
</para>
</listitem>
tilp2: drop While tilp2's libglade dependency is optional, it still has a hard dependency on it via gfm
2022-01-16 00:54:22 +00:00
<listitem>
<para>
<literal>tilp2</literal> was removed together with its module
</para>
</listitem>
Remove F-PROT package and service module (EoL) (#160372)
2022-03-02 19:51:47 +00:00
<listitem>
<para>
The F-PROT antivirus (<literal>fprot</literal> package) and
its service module were removed because it reached
<link xlink:href="https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam">end-of-life</link>.
</para>
</listitem>
bird1: drop package + modules reason: no longer maintained upstream.
2022-02-21 08:21:12 +00:00
<listitem>
<para>
<literal>bird1</literal> and its modules
<literal>services.bird</literal> as well as
<literal>services.bird6</literal> have been removed. Upgrade
to <literal>services.bird2</literal>.
</para>
</listitem>
multimc: document replacement
2022-01-11 01:34:44 +00:00
<listitem>
nixos/networkd: Add routes from interfaces to [Route] section of .network file Closes https://github.com/NixOS/nixpkgs/pull/93635.
2021-11-03 23:19:54 +00:00
<para>
The options
<literal>networking.interfaces.&lt;name&gt;.ipv4.routes</literal>
and
<literal>networking.interfaces.&lt;name&gt;.ipv6.routes</literal>
are no longer ignored when using networkd instead of the
default scripted network backend by setting
<literal>networking.useNetworkd</literal> to
<literal>true</literal>.
</para>
</listitem>
miller: 5.10.3 -> 6.2.0
2022-03-13 20:35:50 +00:00
<listitem>
<para>
The <literal>miller</literal> package has been upgraded from
5.10.3 to
<link xlink:href="https://github.com/johnkerl/miller/releases/tag/v6.2.0">6.2.0</link>.
See
<link xlink:href="https://miller.readthedocs.io/en/latest/new-in-miller-6">Whats
new in Miller 6</link>.
</para>
</listitem>
multimc: document replacement
2022-01-11 01:34:44 +00:00
<listitem>
<para>
MultiMC has been replaced with the fork PolyMC due to upstream
developers being hostile to 3rd party package maintainers.
PolyMC removes all MultiMC branding and is aimed at providing
proper 3rd party packages like the one contained in Nixpkgs.
This change affects the data folder where game instances and
other save and configuration files are stored. Users with
existing installations should rename
<literal>~/.local/share/multimc</literal> to
<literal>~/.local/share/polymc</literal>. The main config
files path has also moved from
<literal>~/.local/share/multimc/multimc.cfg</literal> to
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
nixos: Switch to default systemd-nspawn behaviour
2022-02-17 21:07:05 +00:00
<listitem>
<para>
<literal>systemd-nspawn@.service</literal> settings have been
reverted to the default systemd behaviour. User namespaces are
now activated by default. If you want to keep running nspawn
containers without user namespaces you need to set
<literal>systemd.nspawn.&lt;name&gt;.execConfig.PrivateUsers = false</literal>
</para>
</listitem>
nixos/systemd: Properly shut down the system
2022-04-15 10:23:02 +00:00
<listitem>
<para>
<literal>systemd-shutdown</literal> is now properly linked on
shutdown to unmount all filesystems and device mapper devices
cleanly. This can be disabled using
nixos: Fix up systemd shutdown ramfs
2022-04-24 18:47:28 +00:00
<literal>systemd.shutdownRamfs.enable</literal>.
nixos/systemd: Properly shut down the system
2022-04-15 10:23:02 +00:00
</para>
</listitem>
nixos/tor: fix services.tor.client.enable = false not working If `services.tor.client.enable` is set to false (the default), the `SOCKSPort` option is not added to the torrc file but since Tor defaults to listening on port 9050 when the option is not specified, the tor client is not actually disabled. To fix this, simply set `SOCKSPort` to 0, which disables the client. Use `mkForce` to prevent potentially two different `SOCKSPort` options in the torrc file, with one of them being 0 as this would cause Tor to fail to start. When `services.tor.client.enable` is set to false, this should always be disabled.
2022-03-05 12:25:02 +00:00
<listitem>
<para>
The Tor SOCKS proxy is now actually disabled if
<literal>services.tor.client.enable</literal> is set to
<literal>false</literal> (the default). If you are using this
functionality but didnt change the setting or set it to
<literal>false</literal>, you now need to set it to
<literal>true</literal>.
</para>
</listitem>
nixos/github-runner: systemd service hardening
2022-03-06 23:46:23 +00:00
<listitem>
<para>
<literal>services.github-runner</literal> has been hardened.
Notably address families and system calls have been
restricted, which may adversely affect some kinds of testing,
e.g. using <literal>AF_BLUETOOTH</literal> to test bluetooth
devices.
</para>
</listitem>
terraform.withPlugins: clean and remove 0.12 support (#155477) Now that the terraform 0.12 compatibility is not needed anymore, the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations can be simplified. Instead of building a bunch of bin wrappers on instantiation, the providers are now stored in `$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` and then a simple `buildEnv` can be used to merge them. This breaks back-compat so it's not possible to mix-and-match with previous versions of nixpkgs. In exchange, it now becomes possible to use the providers from [nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin) directly.
2022-01-24 11:53:05 +00:00
<listitem>
<para>
The terraform 0.12 compatibility has been removed and the
<literal>terraform.withPlugins</literal> and
<literal>terraform-providers.mkProvider</literal>
implementations simplified. Providers now need to be stored
under
<literal>$out/libexec/terraform-providers/&lt;registry&gt;/&lt;owner&gt;/&lt;name&gt;/&lt;version&gt;/&lt;os&gt;_&lt;arch&gt;/terraform-provider-&lt;name&gt;_v&lt;version&gt;</literal>
(which mkProvider does).
</para>
<para>
This breaks back-compat so its not possible to mix-and-match
with previous versions of nixpkgs. In exchange, it now becomes
possible to use the providers from
<link xlink:href="https://github.com/numtide/nixpkgs-terraform-providers-bin">nixpkgs-terraform-providers-bin</link>
directly.
</para>
</listitem>
dendrite: 0.5.1 -> 0.6.5
2022-03-05 16:41:31 +00:00
<listitem>
<para>
The <literal>dendrite</literal> package has been upgraded from
0.5.1 to
<link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.5">0.6.5</link>.
Instances configured with split sqlite databases, which has
been the default in NixOS, require merging of the federation
sender and signing key databases. See upstream
<link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.0">release
notes</link> on version 0.6.0 for details on database changes.
</para>
</listitem>
opentelemetry-collector-contrib: init at 0.43.0
2022-01-28 12:52:58 +00:00
<listitem>
<para>
The existing <literal>pkgs.opentelemetry-collector</literal>
has been moved to
<literal>pkgs.opentelemetry-collector-contrib</literal> to
match the actual source being the <quote>contrib</quote>
edition. <literal>pkgs.opentelemetry-collector</literal> is
now the actual core release of opentelemetry-collector. If you
use the community contributions you should change the package
you refer to. If you dont need them update your commands from
<literal>otelcontribcol</literal> to
<literal>otelcorecol</literal> and enjoy a 7x smaller binary.
</para>
</listitem>
nixos/zookeeper: Take the same JRE we build zookeeper with
2022-04-19 10:49:44 +00:00
<listitem>
<para>
<literal>services.zookeeper</literal> has a new option
<literal>jre</literal> for specifying the JRE to start
nixos/zookeeper: Update doc with suggested description
2022-04-26 10:32:32 +00:00
zookeeper with. It defaults to the JRE that
<literal>pkgs.zookeeper</literal> was wrapped with, instead of
<literal>pkgs.jre</literal>. This changes the JRE to
<literal>pkgs.jdk11_headless</literal> by default.
nixos/zookeeper: Take the same JRE we build zookeeper with
2022-04-19 10:49:44 +00:00
</para>
</listitem>
release-notes: mention pgadmin
2022-02-26 13:18:25 +00:00
<listitem>
<para>
<literal>pkgs.pgadmin</literal> now refers to
pgadmin3: drop The package version is 6y old and was last maintained in 2017. By now we have pgadmin4 packaged so there is no reason to keep this around.
2022-03-30 21:42:05 +00:00
<literal>pkgs.pgadmin4</literal>. <literal>pgadmin3</literal>
has been removed.
release-notes: mention pgadmin
2022-02-26 13:18:25 +00:00
</para>
</listitem>
minetest: add aliases and release notes for v4 deprecation
2022-04-03 16:32:14 +00:00
<listitem>
<para>
<literal>pkgs.minetestclient_4</literal> and
<literal>pkgs.minetestserver_4</literal> have been removed, as
the last 4.x release was in 2018.
<literal>pkgs.minetestclient</literal> (equivalent to
<literal>pkgs.minetest</literal> ) and
<literal>pkgs.minetestserver</literal> can be used instead.
</para>
</listitem>
noto-fonts-cjk: add missing serif font Fixes #99940
2021-11-13 15:45:50 +00:00
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
have different release schedules. To maintain compatibility
with prior releases of Nixpkgs,
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesnt
include serif fonts.
</para>
</listitem>
nixos/rl-2205: add entries for EPGStation v2
2022-02-13 15:49:15 +00:00
<listitem>
<para>
<literal>pkgs.epgstation</literal> has been upgraded from v1
to v2, resulting in incompatible changes in the database
scheme and configuration format.
</para>
</listitem>
<listitem>
<para>
Some top-level settings under
nixos/rl-2205: fix invalid link
2022-02-27 06:31:43 +00:00
<link linkend="opt-services.epgstation.enable">services.epgstation</link>
nixos/rl-2205: add entries for EPGStation v2
2022-02-13 15:49:15 +00:00
is now deprecated because it was redudant due to the same
options being present in
<link linkend="opt-services.epgstation.settings">services.epgstation.settings</link>.
</para>
</listitem>
<listitem>
<para>
nixos/rl-2205: fix invalid link
2022-02-27 06:31:43 +00:00
The option <literal>services.epgstation.basicAuth</literal>
nixos/rl-2205: add entries for EPGStation v2
2022-02-13 15:49:15 +00:00
was removed because basic authentication support was dropped
by upstream.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-services.epgstation.database.passwordFile">services.epgstation.database.passwordFile</link>
no longer has a default value. Make sure to set this option
explicitly before upgrading. Change the database password if
necessary.
</para>
</listitem>
<listitem>
<para>
The
<link linkend="opt-services.epgstation.settings">services.epgstation.settings</link>
option now expects options for <literal>config.yml</literal>
in EPGStation v2.
</para>
</listitem>
<listitem>
<para>
Existing data for the
<link linkend="opt-services.epgstation.enable">services.epgstation</link>
module would have to be backed up prior to the upgrade. To
back up exising data to
<literal>/tmp/epgstation.bak</literal>, run
<literal>sudo -u epgstation epgstation run backup /tmp/epgstation.bak</literal>.
To import that data after to the upgrade, run
<literal>sudo -u epgstation epgstation run v1migrate /tmp/epgstation.bak</literal>
</para>
</listitem>
nixos/switch-to-configuration: Rework activation script restarts This removes `/run/nixos/activation-reload-list` (which we will need in the future when reworking the reload logic) and makes `/run/nixos/activation-restart-list` honor `restartIfChanged` and `reloadIfChanged`. This way activation scripts don't have to bother with choosing between reloading and restarting.
2021-12-15 15:16:58 +00:00
<listitem>
<para>
nixos/switch-to-configuration: Proper unit file parser This replaces the naive K=V unit parser with a proper INI parser from a library and adds proper support for override files. Also adds a bunch of comments about parsing, I hope this makes it easier to understand and maintain in the future. There are multiple reasons to do so, the first one is just general correctness with is nice imo. But to get to more serious reasons (I didn't put in all that effort for nothing) is that this is the first step torwards more clever restart/reload handling. By using a library like Data::Compare a future PR could replace the current way of fingerprinting units (which is to compare store paths) by comparing the hashes. This is more precise because units won't get restarted because the order of the options change, comments are added, some dependency of writeText changes, .... Also this allows us to add a feature like `X-Reload-Triggers` so the unit can either be reloaded when these change or restarted when everything else changes, giving module authors the ability to have their services reloaded without having to fear that updates are not applied because the service doesn't get restarted. Another reason why this feature is nice is that now that the unit files are parsed correctly (and values are just extracted from one section), potential future rewrites can just rely on some INI library without having to implement their own weird parser that is compatible with this script. This also comes with a new subroutine to handle systemd booleans because I thought the current way of handling it was just ugly. This also allows overriding values this script reads in an override file. Apart from making this script more compatible with the world around it, this also fixes two issues I saw bugging exactly 0 (zero) people. First is that this script now supports multiple override files, also ones that are not called override.conf and the second one is that `1` and `on` are treated as bools by systemd but were previously not parsed as such by switch-to-configuration.
2022-01-05 11:59:47 +00:00
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
nixos/systemd: Add reloadTriggers to services
2022-01-29 22:01:24 +00:00
<itemizedlist spacing="compact">
<listitem>
<para>
Preferring to reload instead of restarting can still
be achieved using
<literal>/run/nixos/activation-reload-list</literal>.
</para>
</listitem>
</itemizedlist>
nixos/switch-to-configuration: Proper unit file parser This replaces the naive K=V unit parser with a proper INI parser from a library and adds proper support for override files. Also adds a bunch of comments about parsing, I hope this makes it easier to understand and maintain in the future. There are multiple reasons to do so, the first one is just general correctness with is nice imo. But to get to more serious reasons (I didn't put in all that effort for nothing) is that this is the first step torwards more clever restart/reload handling. By using a library like Data::Compare a future PR could replace the current way of fingerprinting units (which is to compare store paths) by comparing the hashes. This is more precise because units won't get restarted because the order of the options change, comments are added, some dependency of writeText changes, .... Also this allows us to add a feature like `X-Reload-Triggers` so the unit can either be reloaded when these change or restarted when everything else changes, giving module authors the ability to have their services reloaded without having to fear that updates are not applied because the service doesn't get restarted. Another reason why this feature is nice is that now that the unit files are parsed correctly (and values are just extracted from one section), potential future rewrites can just rely on some INI library without having to implement their own weird parser that is compatible with this script. This also comes with a new subroutine to handle systemd booleans because I thought the current way of handling it was just ugly. This also allows overriding values this script reads in an override file. Apart from making this script more compatible with the world around it, this also fixes two issues I saw bugging exactly 0 (zero) people. First is that this script now supports multiple override files, also ones that are not called override.conf and the second one is that `1` and `on` are treated as bools by systemd but were previously not parsed as such by switch-to-configuration.
2022-01-05 11:59:47 +00:00
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that dont use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
nixos/switch-to-configuration: Rework activation script restarts This removes `/run/nixos/activation-reload-list` (which we will need in the future when reworking the reload logic) and makes `/run/nixos/activation-restart-list` honor `restartIfChanged` and `reloadIfChanged`. This way activation scripts don't have to bother with choosing between reloading and restarting.
2021-12-15 15:16:58 +00:00
</listitem>
nixos/bookstack: Clear the cache more reliably When upgrading bookstack, if something in the cache conflicts with the new installation, the artisan commands might fail. To solve this, make the cache lifetime bound to the setup service. This also removes the `cacheDir` option, since the path is now handled automatically by systemd.
2022-01-11 12:19:51 +00:00
<listitem>
<para>
The <literal>services.bookstack.cacheDir</literal> option has
been removed, since the cache directory is now handled by
systemd.
</para>
</listitem>
nixos/bookstack: Add option config to replace extraConfig The `extraConfig` parameter only handles text - it doesn't support arbitrary secrets and, with the way it's processed in the setup script, it's very easy to accidentally unescape the echoed string and run shell commands / feed garbage to bash. To fix this, implement a new option, `config`, which instead takes a typed attribute set, generates the `.env` file in nix and does arbitrary secret replacement. This option is then used to provide the configuration for all other options which change the `.env` file.
2022-01-11 12:51:52 +00:00
<listitem>
<para>
The <literal>services.bookstack.extraConfig</literal> option
has been replaced by
<literal>services.bookstack.config</literal> which implements
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
lib/asserts: use throw to display message for assertMsg `assert` has the annoying property that it dumps a lot of code at the user without the built in capability to display a nicer message. We have worked around this using `assertMsg` which would *additionally* display a nice message. We can do even better: By using `throw` we can make evaluation fail before assert draws its conclusions and prevent it from displaying the code making up the assert condition, so we get the nicer message of `throw` and the syntactical convenience of `assert`. Before: nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; } trace: Deterministic builds require stripping bytecode. error: assertion (((lib).assertMsg (reproducibleBuild -> stripBytecode)) "Deterministic builds require stripping bytecode.") failed at /home/lukas/src/nix/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:45:1 After: nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; } error: Deterministic builds require stripping bytecode.
2022-01-17 18:12:54 +00:00
<listitem>
<para>
<literal>lib.assertMsg</literal> and
<literal>lib.assertOneOf</literal> no longer return
<literal>false</literal> if the passed condition is
<literal>false</literal>, <literal>throw</literal>ing the
given error message instead (which makes the resulting error
message less cluttered). This will not impact the behaviour of
code using these functions as intended, namely as top-level
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
vpnc: don't produce non-free binaries by default As explained in vpnc's Makefile, a vpnc with OpenSSL support is non-redistributable. The option to enable OpenSSL support, which is disabled by default, is even called OPENSSL_GPL_VIOLATION — something that was conveniently hidden by the strange way the option was set in the previous version of this package.
2021-11-03 20:56:15 +00:00
<listitem>
<para>
The <literal>vpnc</literal> package has been changed to use
GnuTLS instead of OpenSSL by default for licensing reasons.
</para>
</listitem>
vimPlugins.onedark-nvim: etc `vimPlugins.onedark-nvim` now refers to navarasu/onedark.nvim (formerly refers to olimorris/onedarkpro.nvim).
2022-01-11 13:20:54 +00:00
<listitem>
<para>
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
<link xlink:href="https://github.com/navarasu/onedark.nvim">navarasu/onedark.nvim</link>
(formerly refers to
<link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>).
</para>
</listitem>
nixos/pipewire: default to wireplumber
2022-02-12 13:09:44 +00:00
<listitem>
<para>
<literal>services.pipewire.enable</literal> will default to
enabling the WirePlumber session manager instead of
pipewire-media-session. pipewire-media-session is deprecated
by upstream and not recommended, but can still be manually
enabled by setting
<literal>services.pipewire.media-session.enable</literal> to
<literal>true</literal> and
<literal>services.pipewire.wireplumber.enable</literal> to
<literal>false</literal>.
</para>
</listitem>
nixos/doc: add release note for makeDesktopItem changes
2022-02-23 07:26:30 +00:00
<listitem>
<para>
<literal>pkgs.makeDesktopItem</literal> has been refactored to
provide a more idiomatic API. Specifically:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
All valid options as of FDO Desktop Entry specification
version 1.4 can now be passed in as explicit arguments
</para>
</listitem>
<listitem>
<para>
<literal>exec</literal> can now be null, for entries that
are not of type Application
</para>
</listitem>
<listitem>
<para>
<literal>mimeType</literal> argument is renamed to
<literal>mimeTypes</literal> for consistency
</para>
</listitem>
<listitem>
<para>
<literal>mimeTypes</literal>,
<literal>categories</literal>,
<literal>implements</literal>,
<literal>keywords</literal>, <literal>onlyShowIn</literal>
and <literal>notShowIn</literal> take lists of strings
instead of one string with semicolon separators
</para>
</listitem>
<listitem>
<para>
<literal>extraDesktopEntries</literal> renamed to
<literal>extraConfig</literal> for consistency
</para>
</listitem>
<listitem>
<para>
Actions should now be provided as an attrset
<literal>actions</literal>, the <literal>Actions</literal>
line will be autogenerated.
</para>
</listitem>
<listitem>
<para>
<literal>extraEntries</literal> is removed.
</para>
</listitem>
<listitem>
<para>
Additional validation is added both at eval time and at
build time.
</para>
</listitem>
</itemizedlist>
<para>
See the <literal>vscode</literal> package for a more detailed
example.
</para>
</listitem>
resholve: add release note for API reorg
2022-04-08 15:19:46 +00:00
<listitem>
<para>
Existing <literal>resholve*</literal> functions have been
renamed and nested under <literal>pkgs.resholve</literal>.
Update uses to:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>resholvePackage</literal> -&gt;
<literal>resholve.mkDerivation</literal>
</para>
</listitem>
<listitem>
<para>
<literal>resholveScript</literal> -&gt;
<literal>resholve.writeScript</literal>
</para>
</listitem>
<listitem>
<para>
<literal>resholveScriptBin</literal> -&gt;
<literal>resholve.writeScriptBin</literal>
</para>
</listitem>
</itemizedlist>
</listitem>
doc/release-notes: document cosmoc removal
2022-03-29 12:38:18 +00:00
<listitem>
<para>
<literal>pkgs.cosmopolitan</literal> no longer provides the
<literal>cosmoc</literal> command. It has been moved to
<literal>pkgs.cosmoc</literal>.
</para>
</listitem>
nixos/doc: add note about the recent graalvmXX-ce changes
2022-04-15 19:34:09 +00:00
<listitem>
<para>
<literal>pkgs.graalvmXX-ce</literal> packages no longer
provide support for Python/Ruby/WASM, instead focusing only in
Java and Native Image Support. If you need to add support
back, please see the
<literal>pkgs.graalvmCEPackages.mkGraal</literal> function to
create your own customized version of GraalVM with support for
what you need.
</para>
</listitem>
ghc: make sure top level exposed GHC is always host->target See the added comment in all-packages.nix for a more detailed explanation. This makes the top-level GHC different from haskellPackages.ghc (which is build->host and used for building the package set), but more consistent with gcc, gnat etc. Specifically, pkgsCross.${platform}.buildPackages.ghc will now be a cross-compiler instead of a native build->build compiler. Since this change has a slight chance of being disruptive, add a note to the changelog.
2021-11-24 14:52:25 +00:00
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
2021-11-22 22:21:27 +00:00
</section>
<section xml:id="sec-release-22.05-notable-changes">
<title>Other Notable Changes</title>
writers.PyPy{2,3}: init
2021-12-11 13:02:38 +00:00
<itemizedlist>
nixos/redis: enable multiple instances of redis-server
2021-08-23 17:57:49 +00:00
<listitem>
<para>
The option
<link linkend="opt-services.redis.servers">services.redis.servers</link>
was added to support per-application
<literal>redis-server</literal> which is more secure since
Redis databases are only mere key prefixes without any
configuration or ACL of their own. Backward-compatibility is
preserved by mapping old
<literal>services.redis.settings</literal> to
<literal>services.redis.servers.&quot;&quot;.settings</literal>,
but you are strongly encouraged to name each
<literal>redis-server</literal> instance after the application
using it, instead of keeping that nameless one. Except for the
nameless
<literal>services.redis.servers.&quot;&quot;</literal> still
accessible at <literal>127.0.0.1:6379</literal>, and to the
members of the Unix group <literal>redis</literal> through the
Unix socket <literal>/run/redis/redis.sock</literal>, all
other <literal>services.redis.servers.${serverName}</literal>
are only accessible by default to the members of the Unix
group <literal>redis-${serverName}</literal> through the Unix
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
</para>
</listitem>
nixos: Add release note about vmVariant
2021-12-17 13:39:58 +00:00
<listitem>
<para>
The option
<link linkend="opt-virtualisation.vmVariant">virtualisation.vmVariant</link>
was added to allow users to make changes to the
<literal>nixos-rebuild build-vm</literal> configuration that
do not apply to their normal system.
</para>
<para>
The <literal>config.system.build.vm</literal> attribute now
always exists and defaults to the value from
<literal>vmVariant</literal>. Configurations that import the
<literal>virtualisation/qemu-vm.nix</literal> module
themselves will override this value, such that
<literal>vmVariant</literal> is not used.
</para>
<para>
Similarly
<link linkend="opt-virtualisation.vmVariantWithBootLoader">virtualisation.vmVariantWithBootloader</link>
was added.
</para>
</listitem>
nixos/nix-daemon: use structural settings The `nix.*` options, apart from options for setting up the daemon itself, currently provide a lot of setting mappings for the Nix daemon configuration. The scope of the mapping yields convience, but the line where an option is considered essential is blurry. For instance, the `extra-sandbox-paths` mapping is provided without its primary consumer, and the corresponding `sandbox-paths` option is also not mapped. The current system increases the maintenance burden as maintainers have to closely follow upstream changes. In this case, there are two state versions of Nix which have to be maintained collectively, with different options avaliable. This commit aims to following the standard outlined in RFC 42[1] to implement a structural setting pattern. The Nix configuration is encoded at its core as key-value pairs which maps nicely to attribute sets, making it feasible to express in the Nix language itself. Some existing options are kept such as `buildMachines` and `registry` which present a simplified interface to managing the respective settings. The interface is exposed as `nix.settings`. Legacy configurations are mapped to their corresponding options under `nix.settings` for backwards compatibility. Various options settings in other nixos modules and relevant tests have been updated to use structural setting for consistency. The generation and validation of the configration file has been modified to use `writeTextFile` instead of `runCommand` for clarity. Note that validation is now mandatory as strict checking of options has been pushed down to the derivation level due to freeformType consuming unmatched options. Furthermore, validation can not occur when cross-compiling due to current limitations. A new option `publicHostKey` was added to the `buildMachines` submodule corresponding to the base64 encoded public host key settings exposed in the builder syntax. The build machine generation was subsequently rewritten to use `concatStringsSep` for better performance by grouping concatenations. [1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
2021-11-19 22:36:26 +00:00
<listitem>
<para>
The configuration portion of the <literal>nix-daemon</literal>
module has been reworked and exposed as
<link xlink:href="options.html#opt-nix-settings">nix.settings</link>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Legacy options have been mapped to the corresponding
options under under
<link xlink:href="options.html#opt-nix.settings">nix.settings</link>
rl-2205.section.xml: Regenerate
2022-03-09 14:07:48 +00:00
and will be deprecated when NixOS 21.11 reaches end of
life.
nixos/nix-daemon: use structural settings The `nix.*` options, apart from options for setting up the daemon itself, currently provide a lot of setting mappings for the Nix daemon configuration. The scope of the mapping yields convience, but the line where an option is considered essential is blurry. For instance, the `extra-sandbox-paths` mapping is provided without its primary consumer, and the corresponding `sandbox-paths` option is also not mapped. The current system increases the maintenance burden as maintainers have to closely follow upstream changes. In this case, there are two state versions of Nix which have to be maintained collectively, with different options avaliable. This commit aims to following the standard outlined in RFC 42[1] to implement a structural setting pattern. The Nix configuration is encoded at its core as key-value pairs which maps nicely to attribute sets, making it feasible to express in the Nix language itself. Some existing options are kept such as `buildMachines` and `registry` which present a simplified interface to managing the respective settings. The interface is exposed as `nix.settings`. Legacy configurations are mapped to their corresponding options under `nix.settings` for backwards compatibility. Various options settings in other nixos modules and relevant tests have been updated to use structural setting for consistency. The generation and validation of the configration file has been modified to use `writeTextFile` instead of `runCommand` for clarity. Note that validation is now mandatory as strict checking of options has been pushed down to the derivation level due to freeformType consuming unmatched options. Furthermore, validation can not occur when cross-compiling due to current limitations. A new option `publicHostKey` was added to the `buildMachines` submodule corresponding to the base64 encoded public host key settings exposed in the builder syntax. The build machine generation was subsequently rewritten to use `concatStringsSep` for better performance by grouping concatenations. [1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
2021-11-19 22:36:26 +00:00
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-nix.buildMachines.publicHostKey">nix.buildMachines.publicHostKey</link>
has been added.
</para>
</listitem>
</itemizedlist>
</listitem>
writers.PyPy{2,3}: init
2021-12-11 13:02:38 +00:00
<listitem>
<para>
The
<literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal>
and corresponding
<literal>writers.writePyPy2Bin</literal>/<literal>writers.writePyPy3Bin</literal>
convenience functions to create executable Python 2/3 scripts
using the PyPy interpreter were added.
</para>
</listitem>
nixos/hadoop: add release notes
2022-03-08 19:04:07 +00:00
<listitem>
<para>
Some improvements have been made to the
<literal>hadoop</literal> module:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
A <literal>gatewayRole</literal> option has been added,
for deploying hadoop cluster configuration files to a node
that does not have any active services
</para>
</listitem>
<listitem>
<para>
Support for older versions of hadoop have been added to
the module
</para>
</listitem>
<listitem>
<para>
Overriding and extending site XML files has been made
easier
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/auto-upgrade: add persistent option
2020-12-30 11:00:25 +00:00
<listitem>
<para>
The auto-upgrade service now accepts persistent (default:
true) parameter. By default auto-upgrade will now run
immediately if it would have been triggered at least once
during the time when the timer was inactive.
</para>
</listitem>
nixos/mastodon: use redis.servers
2022-02-19 16:02:48 +00:00
<listitem>
<para>
Mastodon now uses <literal>services.redis.servers</literal> to
start a new redis server, instead of using a global redis
server. This improves compatibility with other services that
use redis.
</para>
<para>
Note that this will recreate the redis database, although
according to the
<link xlink:href="https://docs.joinmastodon.org/admin/backups/">Mastodon
docs</link>, this is almost harmless:
</para>
<blockquote>
<para>
Losing the Redis database is almost harmless: The only
irrecoverable data will be the contents of the Sidekiq
queues and scheduled retries of previously failed jobs. The
home and list feeds are stored in Redis, but can be
regenerated with tootctl.
</para>
</blockquote>
<para>
If you do want to save the redis database, you can use the
following commands:
</para>
<programlisting language="bash">
redis-cli save
cp /var/lib/redis/dump.rdb &quot;/var/lib/redis-mastodon/dump.rdb&quot;
</programlisting>
</listitem>
wayland: enable ozone via $NIXOS_OZONE_WL Chrome, Chromium, VSCode, Slack, Signal, Discord, element-desktop, schildichat. For the latter two, the feature flag useWayland was removed and a wrapper script was provided.
2021-11-27 00:54:14 +00:00
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = &quot;1&quot;</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
nixos/networkd: add `wait-online` options
2022-03-28 20:56:49 +00:00
<listitem>
<para>
A new option group
<literal>systemd.network.wait-online</literal> was added, with
options to configure
<literal>systemd-networkd-wait-online.service</literal>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>anyInterface</literal> allows specifying that the
network should be considered online when <emphasis>at
least one</emphasis> interface is online (useful on
laptops)
</para>
</listitem>
<listitem>
<para>
<literal>timeout</literal> defines how long to wait for
the network to come online
</para>
</listitem>
<listitem>
<para>
<literal>extraArgs</literal> for everything else
</para>
</listitem>
</itemizedlist>
</listitem>
infuxdb2: add package split to 22.05 release notes.
2021-12-16 20:14:37 +00:00
<listitem>
<para>
The <literal>influxdb2</literal> package was split into
<literal>influxdb2-server</literal> and
<literal>influxdb2-cli</literal>, matching the split that took
place upstream. A combined <literal>influxdb2</literal>
package is still provided in this release for backwards
compatibilty, but will be removed at a later date.
</para>
</listitem>
unifi: unifi6 -> unifi7
2022-03-18 07:35:25 +00:00
<listitem>
<para>
The <literal>unifi</literal> package was switched from
<literal>unifi6</literal> to <literal>unifi7</literal>. Direct
downgrades from Unifi 7 to Unifi 6 are not possible and
require restoring from a backup made by Unifi 6.
</para>
</listitem>
nixos/zsh-autosuggestions: ZSH_AUTOSUGGEST_STRATEGY array zsh-autosuggestions supports having fallback strategies expressed through the ZSH_AUTOSUGGEST_STRATEGY array. For example, `ZSH_AUTOSUGGEST_STRATEGY=(history completion)`. We should also support this.
2022-03-07 16:29:00 +00:00
<listitem>
<para>
<literal>programs.zsh.autosuggestions.strategy</literal> now
takes a list of strings instead of a string.
</para>
</listitem>
asterisk: update all packages
2022-04-05 16:46:14 +00:00
<listitem>
<para>
The <literal>asterisk</literal> and
<literal>asterisk-stable</literal> packages were switched from
<literal>asterisk_18</literal> to the newly-packaged
<literal>asterisk_19</literal>. Asterisk 13 and 17 have been
removed as they have reached their end of life.
</para>
</listitem>
nixos/unifi: add deprecation warning for openPorts modules are discouraged from opening ports in the firewall unless explicitly told to do so. add a deprecation notice for this in unifi.
2021-12-11 13:42:06 +00:00
<listitem>
<para>
The <literal>services.unifi.openPorts</literal> option default
value of <literal>true</literal> is now deprecated and will be
changed to <literal>false</literal> in 22.11. Configurations
using this default will print a warning when rebuilt.
</para>
</listitem>
nixos/unifi-video: add deprecation warning for openFirewall
2022-03-28 16:20:53 +00:00
<listitem>
<para>
The <literal>services.unifi-video.openPorts</literal> option
default value of <literal>true</literal> is now deprecated and
will be changed to <literal>false</literal> in 22.11.
Configurations using this default will print a warning when
rebuilt.
</para>
</listitem>
nixos/acme: Update release notes
2021-12-04 17:32:17 +00:00
<listitem>
<para>
<literal>security.acme</literal> certificates will now
correctly check for CA revokation before reaching their
minimum age.
</para>
</listitem>
<listitem>
<para>
Removing domains from
<literal>security.acme.certs._name_.extraDomainNames</literal>
will now correctly remove those domains during rebuild/renew.
</para>
</listitem>
mariadb: mention multiple release support in release notes
2021-12-09 17:22:05 +00:00
<listitem>
<para>
MariaDB is now offered in several versions, not just the
newest one. So if you have a need for running MariaDB 10.4 for
example, you can now just set
<literal>services.mysql.package = pkgs.mariadb_104;</literal>.
In general, it is recommended to run the newest version, to
get the newest features, while sticking with an LTS version
will most likely provide a more stable experience. Sometimes
software is also incompatible with the newest version of
MariaDB.
</para>
</listitem>
nixos/ssh: Add enableAskPassword Previously, this was only implicitly enabled if xserver.enable = true. However, Wayland-based desktops do not require this, and so configuring SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies that by adding a new option that defaults to the old conditional.
2021-12-11 16:13:50 +00:00
<listitem>
<para>
The option
nixos/doc: Fix typo in release notes Broken in f10aea24347a7246a020aa6498ba857de463fd5d.
2022-01-03 03:37:47 +00:00
<link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link>
nixos/ssh: Add enableAskPassword Previously, this was only implicitly enabled if xserver.enable = true. However, Wayland-based desktops do not require this, and so configuring SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies that by adding a new option that defaults to the old conditional.
2021-12-11 16:13:50 +00:00
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
nixos/ssh: add release notes for extraHostNames option
2022-01-19 16:21:11 +00:00
<listitem>
<para>
<link linkend="opt-programs.ssh.knownHosts">programs.ssh.knownHosts</link>
has gained an <literal>extraHostNames</literal> option to
nixos/ssh: undeprecate knownHosts.«name».hostNames hostNames being deprecated makes configuring hosts with multiple keys a pain. including the attr name of the entry in the host name list is a nice convenience though, so we'll retain it and clarify the documentation on how the actual host name list for an entry is put together.
2022-03-19 00:36:59 +00:00
augment <literal>hostNames</literal>. It is now possible to
use the attribute name of a <literal>knownHosts</literal>
entry as the primary host name and specify secondary host
names using <literal>extraHostNames</literal> without having
to duplicate the primary host name.
nixos/ssh: add release notes for extraHostNames option
2022-01-19 16:21:11 +00:00
</para>
</listitem>
nixos/stubby: reduce to a settings-style configuration Extract the example configuration from the package to provide a working example. Remove pkgs.stubby from `environment.systemPackages`.
2021-05-28 20:01:25 +00:00
<listitem>
<para>
The <literal>services.stubby</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
nixos/desktop-manager/none: add option to run XDG autostart files `fcitx5` and `service.earlyoom` rely on use XDG autostart files to start. But for X session with only window manager and no desktop manager (`none` is used), no one can start them. This options is added to run these autostart files for sessions without desktop manager to make other services just work.
2021-06-18 13:10:26 +00:00
<listitem>
<para>
The option
<link linkend="opt-services.xserver.desktopManager.runXdgAutostartIfNone">services.xserver.desktopManager.runXdgAutostartIfNone</link>
was added in order to automatically run XDG autostart files
for sessions without a desktop manager. This replaces helpers
like the <literal>dex</literal> package.
</para>
</listitem>
nixos/fcitx5: remove systemd service via XDG autostart files
2021-06-18 13:15:47 +00:00
<listitem>
<para>
When setting
<link linkend="opt-i18n.inputMethod.enabled">i18n.inputMethod.enabled</link>
to <literal>fcitx5</literal>, it no longer creates
nixos/doc: fix typos
2022-04-17 22:18:54 +00:00
corresponding systemd user services. It now relies on XDG
nixos/fcitx5: remove systemd service via XDG autostart files
2021-06-18 13:15:47 +00:00
autostart files to start and work properly in your desktop
nixos/doc: fix typos
2022-04-17 22:18:54 +00:00
sessions. If you are using only a window manager without a
nixos/fcitx5: remove systemd service via XDG autostart files
2021-06-18 13:15:47 +00:00
desktop manager, you need to enable
<literal>services.xserver.desktopManager.runXdgAutostartIfNone</literal>
or using the <literal>dex</literal> package to make
<literal>fcitx5</literal> work.
</para>
</listitem>
nixos/envoy: init
2021-08-28 02:28:27 +00:00
<listitem>
<para>
A new module was added for the Envoy reverse proxy, providing
the options <literal>services.envoy.enable</literal> and
<literal>services.envoy.settings</literal>.
</para>
</listitem>
nixos/duplicati: Add dataDir to service Other services such as minecraft-server and plex allow configuration of the dataDir option, allowing the files stored by each service to be in a custom location. Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2021-12-24 22:04:39 +00:00
<listitem>
<para>
The option <literal>services.duplicati.dataDir</literal> has
been added to allow changing the location of duplicatis
files.
</para>
</listitem>
nixos/modprobe: add boot.initrd.extraModprobeConfig option This option behaves exactly like `boot.extraModprobeConfig`, except that it also includes the generated modprobe.d file in the initrd. Many years ago, someone tried to include the normal modprobe.d/nixos.conf file generated by `boot.extraModprobeConfig` in the initrd: 0aa2c1dc46779a3df6c4e02d3fae39b0de297be8. This file contains a reference to a directory with firmware files inside. Including firmware in the initrd made it too big, so the commit was reverted again in 4a4c051a95b6b8da3a13d7955087e915e6dd4bf7. The `boot.extraModprobeConfig` option not changing the initrd caused me much confusion because I tried to set the maximum cache size for ZFS and it didn't work. Closes https://github.com/NixOS/nixpkgs/issues/25456.
2021-11-07 19:49:45 +00:00
<listitem>
<para>
nixos/doc/rl-22.05: add changelog entry for modprobe changes Add a changelog entry for the changes in 3dc6fab5c9362db2cf079ffa15f2b62b05001747.
2022-03-17 09:17:51 +00:00
The options <literal>boot.extraModprobeConfig</literal> and
<literal>boot.blacklistedKernelModules</literal> now also take
effect in the initrd by copying the file
<literal>/etc/modprobe.d/nixos.conf</literal> into the initrd.
nixos/modprobe: add boot.initrd.extraModprobeConfig option This option behaves exactly like `boot.extraModprobeConfig`, except that it also includes the generated modprobe.d file in the initrd. Many years ago, someone tried to include the normal modprobe.d/nixos.conf file generated by `boot.extraModprobeConfig` in the initrd: 0aa2c1dc46779a3df6c4e02d3fae39b0de297be8. This file contains a reference to a directory with firmware files inside. Including firmware in the initrd made it too big, so the commit was reverted again in 4a4c051a95b6b8da3a13d7955087e915e6dd4bf7. The `boot.extraModprobeConfig` option not changing the initrd caused me much confusion because I tried to set the maximum cache size for ZFS and it didn't work. Closes https://github.com/NixOS/nixpkgs/issues/25456.
2021-11-07 19:49:45 +00:00
</para>
</listitem>
nixos/nixos-generate-config: move dhcpConfig from configuration.nix to hardware-configuration.nix
2021-11-20 02:00:46 +00:00
<listitem>
<para>
<literal>nixos-generate-config</literal> now puts the dhcp
configuration in <literal>hardware-configuration.nix</literal>
instead of <literal>configuration.nix</literal>.
</para>
</listitem>
kratos: 0.8.0-alpha.3 -> 0.8.3-alpha.1.pre.0
2022-03-15 13:17:44 +00:00
<listitem>
<para>
kratos: upgrade 0.8.3-alpha.1.pre.0 -> 0.9.0-alpha.3
2022-04-19 08:53:00 +00:00
ORY Kratos was updated to version 0.9.0-alpha.3, which
kratos: 0.8.0-alpha.3 -> 0.8.3-alpha.1.pre.0
2022-03-15 13:17:44 +00:00
introduces some breaking changes:
</para>
<itemizedlist spacing="compact">
kratos: upgrade 0.8.3-alpha.1.pre.0 -> 0.9.0-alpha.3
2022-04-19 08:53:00 +00:00
<listitem>
<para>
All endpoints at the Admin API are now exposed at
<literal>/admin/</literal>. For example, endpoint
<literal>https://kratos:4434/identities</literal> is now
exposed at
<literal>https://kratos:4434/admin/identities</literal>
</para>
</listitem>
<listitem>
<para>
Configuration key
<literal>selfservice.whitelisted_return_urls</literal> has
been renamed to <literal>allowed_return_urls</literal>
</para>
</listitem>
<listitem>
<para>
The <literal>password_identifier</literal> form field of
the password login strategy has been renamed to
<literal>identifier</literal> to make compatibility with
passwordless flows possible.
</para>
</listitem>
<listitem>
<para>
Instead of having a global
<literal>default_schema_url</literal> which developers
used to update their schema, you now need to define the
<literal>default_schema_id</literal> which must reference
schema ID in your config.
</para>
</listitem>
<listitem>
<para>
Calling <literal>/self-service/recovery</literal> without
flow ID or with an invalid flow ID while authenticated
will now respond with an error instead of redirecting to
the default page.
</para>
</listitem>
kratos: 0.8.0-alpha.3 -> 0.8.3-alpha.1.pre.0
2022-03-15 13:17:44 +00:00
<listitem>
<para>
If you are relying on the SQLite images, update your
Docker Pull commands as follows:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>docker pull oryd/kratos:{version}</literal>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Additionally, all passwords now have to be at least 8
characters long.
</para>
</listitem>
<listitem>
<para>
For more details, see:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.1-alpha.1">Release
Notes for v0.8.1-alpha-1</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.2-alpha.1">Release
Notes for v0.8.2-alpha-1</link>
</para>
</listitem>
kratos: upgrade 0.8.3-alpha.1.pre.0 -> 0.9.0-alpha.3
2022-04-19 08:53:00 +00:00
<listitem>
<para>
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.9.0-alpha.1">Release
Notes for v0.9.0-alpha-1</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.9.0-alpha.3">Release
Notes for v0.9.0-alpha-3</link>
</para>
</listitem>
kratos: 0.8.0-alpha.3 -> 0.8.3-alpha.1.pre.0
2022-03-15 13:17:44 +00:00
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
fetchFromSourcehut: allow recursive fetching
2021-12-04 16:01:49 +00:00
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
repositories recursively using <literal>fetchgit</literal> or
<literal>fetchhg</literal> if the argument
<literal>fetchSubmodules</literal> is set to
<literal>true</literal>.
</para>
</listitem>
nixos/openconnect: add module
2022-03-26 21:54:02 +00:00
<listitem>
<para>
A module for declarative configuration of openconnect VPN
profiles was added under
<literal>networking.openconnect</literal>.
</para>
</listitem>
element-desktop: make keytar optional
2022-02-11 13:26:07 +00:00
<listitem>
<para>
The <literal>element-desktop</literal> package now has an
<literal>useKeytar</literal> option (defaults to
<literal>true</literal>), which allows disabling
<literal>keytar</literal> and in turn
<literal>libsecret</literal> usage (which binds to native
credential managers / keychain libraries).
</para>
</listitem>
nixos/thelounge: add plugins option
2022-01-09 03:05:05 +00:00
<listitem>
<para>
The option <literal>services.thelounge.plugins</literal> has
been added to allow installing plugins for The Lounge. Plugins
can be found in
<literal>pkgs.theLoungePlugins.plugins</literal> and
<literal>pkgs.theLoungePlugins.themes</literal>.
</para>
</listitem>
firmwareLinuxNonfree -> linux-firmware This renames our `firmwareLinuxNonfree` package to `linux-firmware`. There is prior art for this in multiple other distros[1][2][3]. Besides making the package more discoverable by those searching for the usual name, this also brings it in-line with the `kebab-case` we normally see in `nixpkgs` pnames, and removes the `Nonfree` information from the name, which I consider redundant given it's present in `meta.license`. The corresponding alias has been added, so this shouldn't break anything. [1]: https://archlinux.org/packages/core/any/linux-firmware/ [2]: https://src.fedoraproject.org/rpms/linux-firmware [3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-09 16:36:20 +00:00
<listitem>
<para>
nixos/doc/rl-22.05: mention nvidia va-api additions
2022-03-03 18:22:08 +00:00
The option
<literal>services.xserver.videoDriver = [ &quot;nvidia&quot; ];</literal>
will now also install
<link xlink:href="https://github.com/elFarto/nvidia-vaapi-driver">nvidia
VA-API drivers</link> by default.
</para>
</listitem>
firmwareLinuxNonfree -> linux-firmware This renames our `firmwareLinuxNonfree` package to `linux-firmware`. There is prior art for this in multiple other distros[1][2][3]. Besides making the package more discoverable by those searching for the usual name, this also brings it in-line with the `kebab-case` we normally see in `nixpkgs` pnames, and removes the `Nonfree` information from the name, which I consider redundant given it's present in `meta.license`. The corresponding alias has been added, so this shouldn't break anything. [1]: https://archlinux.org/packages/core/any/linux-firmware/ [2]: https://src.fedoraproject.org/rpms/linux-firmware [3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-09 16:36:20 +00:00
<listitem>
<para>
The <literal>firmwareLinuxNonfree</literal> package has been
renamed to <literal>linux-firmware</literal>.
</para>
nixos/mbpfan: convert to structural settings
2022-01-04 13:59:34 +00:00
</listitem>
nixos/modules/misc/wordlist: init Addresses #16545. Allows for user defined environment variables that hold paths to wordlists. This is to allow for easy access to wordlists for users and scripts, (in other distributions a convenient wordlist is typically found in /usr/share/dict/words or similar). The default wordlist is the one found in scowl, for no other reason than that's the one that was mentioned in the linked issue. It is possible to specify multiple environment variables as well. This is for users who need multiple wordlists (such as multilingual users).
2022-02-03 19:48:10 +00:00
<listitem>
<para>
It is now possible to specify wordlists to include as handy to
access environment variables using the
<literal>config.environment.wordlist</literal> configuration
options.
</para>
</listitem>
nixos/mbpfan: convert to structural settings
2022-01-04 13:59:34 +00:00
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> configuration.
</para>
firmwareLinuxNonfree -> linux-firmware This renames our `firmwareLinuxNonfree` package to `linux-firmware`. There is prior art for this in multiple other distros[1][2][3]. Besides making the package more discoverable by those searching for the usual name, this also brings it in-line with the `kebab-case` we normally see in `nixpkgs` pnames, and removes the `Nonfree` information from the name, which I consider redundant given it's present in `meta.license`. The corresponding alias has been added, so this shouldn't break anything. [1]: https://archlinux.org/packages/core/any/linux-firmware/ [2]: https://src.fedoraproject.org/rpms/linux-firmware [3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-09 16:36:20 +00:00
</listitem>
nixos/modules/programs/spacefm: remove gksu dependency
2022-01-16 13:18:32 +00:00
<listitem>
<para>
The default value for
<literal>programs.spacefm.settings.graphical_su</literal> got
unset. It previously pointed to <literal>gksu</literal> which
has been removed.
</para>
</listitem>
nixos/starship: init
2021-12-23 22:22:39 +00:00
<listitem>
<para>
A new module was added for the
<link xlink:href="https://starship.rs/">Starship</link> shell
prompt, providing the options
<literal>programs.starship.enable</literal> and
<literal>programs.starship.settings</literal>.
</para>
</listitem>
dino: mention update in release notes
2022-02-17 17:14:52 +00:00
<listitem>
<para>
The <link xlink:href="https://dino.im">Dino</link> XMPP client
was updated to 0.3, adding support for audio and video calls.
</para>
</listitem>
nixos/mattermost: update release notes
2022-01-17 05:32:55 +00:00
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
logrotate: default to enable if any rule is active
2022-02-11 08:13:38 +00:00
<listitem>
<para>
nixos/logrotate: convert to freeform using freeform is the new standard way of using modules and should replace extraConfig. In particular, this will allow us to place a condition on mails
2022-02-28 21:54:12 +00:00
<link linkend="opt-services.logrotate.enable">services.logrotate.enable</link>
now defaults to true if any rotate path has been defined, and
some paths have been added by default.
</para>
</listitem>
<listitem>
<para>
The logrotate module also has been updated to freeform syntax:
<link linkend="opt-services.logrotate.paths">services.logrotate.paths</link>
and
<link linkend="opt-services.logrotate.extraConfig">services.logrotate.extraConfig</link>
will work, but issue deprecation warnings and
<link linkend="opt-services.logrotate.settings">services.logrotate.settings</link>
should now be used instead.
logrotate: default to enable if any rule is active
2022-02-11 08:13:38 +00:00
</para>
</listitem>
nixos/pam: add support for pam-ussh pam-ussh allows authorizing using an SSH certificate stored in your SSH agent, in a similar manner to pam-ssh-agent-auth, but for certificates rather than raw public keys.
2022-03-13 17:20:23 +00:00
<listitem>
<para>
<literal>security.pam.ussh</literal> has been added, which
allows authorizing PAM sessions based on SSH
<emphasis>certificates</emphasis> held within an SSH agent,
using
<link xlink:href="https://github.com/uber/pam-ussh">pam-ussh</link>.
</para>
</listitem>
ionide.ionide-fsharp: 5.11.0 -> 6.0.1 (#168874) * ionide.ionide-fsharp: 5.11.0 -> 6.0.0 * doc/release-notes: document .NET 6 requirement for Ionide * ionide: 6.0.0 -> 6.0.1
2022-04-20 23:54:39 +00:00
<listitem>
<para>
The <literal>vscode-extensions.ionide.ionide-fsharp</literal>
package has been updated to 6.0.0 and now requires .NET 6.0.
</para>
</listitem>
phpPackages.box: 2.7.5 -> 3.16.0 The source has been moved to the new upstream since Box2 is abandonned.
2022-05-12 09:42:27 +00:00
<listitem>
<para>
The <literal>phpPackages.box</literal> package has been
updated from 2.7.5 to 3.16.0. See the
<link xlink:href="https://github.com/box-project/box/blob/master/UPGRADE.md#from-27-to-30">upgrade
guide</link> for more details.
</para>
</listitem>
zrepl: 0.4.0 -> 0.5.0
2022-01-10 17:06:11 +00:00
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
0.4.0 to 0.5:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The RPC protocol version was bumped; all zrepl daemons in
a setup must be updated and restarted before replication
can resume.
</para>
</listitem>
<listitem>
<para>
A bug involving encrypt-on-receive has been fixed. Read
the
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
documentation</link> and check the output of
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
on the receiver.
</para>
</listitem>
</itemizedlist>
</listitem>
polybar: 3.5.7 -> 3.6.2 Co-authored-by: Alexander Foremny <aforemny@posteo.de>
2022-03-03 00:35:07 +00:00
<listitem>
<para>
The <literal>polybar</literal> package has been updated from
3.5.7 to 3.6.2. See
<link xlink:href="https://github.com/polybar/polybar/releases/tag/3.6.0">the
changelog</link> for more details.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Breaking changes include changes to escaping rules in
configuration values, changes in behavior when
encountering invalid tag names, and changes to
inter-process-messaging (IPC).
</para>
</listitem>
zrepl: 0.4.0 -> 0.5.0
2022-01-10 17:06:11 +00:00
</itemizedlist>
</listitem>
openssh: add release-notes entry for services.openssh.{challengeResponseAuthentication -> kbdInteractiveAuthentication}
2022-01-15 13:51:59 +00:00
<listitem>
<para>
Renamed option
<literal>services.openssh.challengeResponseAuthentication</literal>
to
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a
warning.
</para>
</listitem>
nixos/autorandr: refactor The autorandr module now provides options to set hooks declaratively It also provides options to set profiles declaratively.
2022-01-25 09:43:45 +00:00
<listitem>
<para>
<literal>services.autorandr</literal> now allows for adding
hooks and profiles declaratively.
</para>
</listitem>
pomerium: note changes in packaging in 22.05 release notes
2022-03-11 14:07:12 +00:00
<listitem>
<para>
The <literal>pomerium-cli</literal> command has been moved out
of the <literal>pomerium</literal> package into the
<literal>pomerium-cli</literal> package, following upstreams
repository split. If you are using the
<literal>pomerium-cli</literal> command, you should now
install the <literal>pomerium-cli</literal> package.
</para>
</listitem>
modemmanager: 1.18.2 -> 1.18.4 Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. The user must, under their own responsibility, enable the automatic FCC unlock as shipped by ModemManager.
2022-01-17 20:42:34 +00:00
<listitem>
<para>
The option
nixos/release-notes: fix typos in 22.05 section.
2022-02-24 16:10:58 +00:00
<link linkend="opt-networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link>
modemmanager: 1.18.2 -> 1.18.4 Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. The user must, under their own responsibility, enable the automatic FCC unlock as shipped by ModemManager.
2022-01-17 20:42:34 +00:00
was added to support FCC unlock procedures. Since release
1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. See
<link xlink:href="https://modemmanager.org/docs/modemmanager/fcc-unlock/">the
docs</link> for more details.
</para>
</listitem>
nixos/programs/tmux: specify wanted plugins Currently it's rather difficult to install tmux plugins. The process involves two steps: 1. Specify the correct `pkg.tmuxPlugins` package in `environment.systemPackages` 2. Adding to the configuration file to instantiate the plugin. This commit allows the user to specify a list of plugins under `programs.tmux.plugins`. Update nixos/modules/programs/tmux.nix Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-09-18 15:04:11 +00:00
<listitem>
<para>
<literal>programs.tmux</literal> has a new option
<literal>plugins</literal> that accepts a list of packages
from the <literal>tmuxPlugins</literal> group. The specified
packages are added to the system and loaded by
<literal>tmux</literal>.
</para>
</listitem>
nixos/polkit: don't enable by default SUID wrappers really shouldn't be enabled by default, unless a consumer relies on them. So in my opinion this falls upon the desktop environments if needed or a user to explicltly enable this if wanted. Most desktop environments and services like CUPS already enable polkit by default, that should really be sufficient.
2022-01-26 14:04:03 +00:00
<listitem>
<para>
The polkit service, available at
<literal>security.polkit.enable</literal>, is now disabled by
default. It will automatically be enabled through services and
desktop environments as needed.
</para>
</listitem>
mercury: 20.06.1 -> 22.01.1
2022-05-09 04:52:20 +00:00
<listitem>
<para>
<literal>mercury</literal> was updated to 22.01.1, which has
some breaking changes
(<link xlink:href="https://dl.mercurylang.org/release/release-notes-22.01.html">Mercury
22.01 news</link>).
</para>
</listitem>
xfsprogs: 5.14.2 -> 5.15.0
2022-04-07 13:39:53 +00:00
<listitem>
<para>
xfsprogs was update to version 5.15, which enables inobtcount
and bigtime by default on filesystem creation. Support for
these features was added in kernel 5.10 and deemed stable in
kernel 5.15. If you want to be able to mount XFS filesystems
created with this release of xfsprogs on kernel releases older
than 5.10, you need to format them with
<literal>mkfs.xfs -m bigtime=0 -m inobtcount=0</literal>.
</para>
nixos/polkit: don't enable by default SUID wrappers really shouldn't be enabled by default, unless a consumer relies on them. So in my opinion this falls upon the desktop environments if needed or a user to explicltly enable this if wanted. Most desktop environments and services like CUPS already enable polkit by default, that should really be sufficient.
2022-01-26 14:04:03 +00:00
</listitem>
xfce4-screensaver: init at 4.16.0 A simple screen saver and locker for the Xfce desktop environment.
2021-11-19 10:11:08 +00:00
<listitem>
<para>
<literal>services.xserver.desktopManager.xfce</literal> now
includes Xfces screen locker,
nixos/xfce: option to disable xfce4-screensaver Signed-off-by: lucasew <lucas59356@gmail.com>
2022-04-10 23:38:57 +00:00
<literal>xfce4-screensaver</literal> that is enabled by
default. You can disable it by setting
<literal>false</literal> to
<link linkend="opt-services.xserver.desktopManager.xfce.enableScreensaver">services.xserver.desktopManager.xfce.enableScreensaver</link>.
xfce4-screensaver: init at 4.16.0 A simple screen saver and locker for the Xfce desktop environment.
2021-11-19 10:11:08 +00:00
</para>
</listitem>
spark: update release notes for 22.05
2022-03-10 04:48:06 +00:00
<listitem>
<para>
The <literal>hadoop</literal> package has added support for
<literal>aarch64-linux</literal> and
<literal>aarch64-darwin</literal> as of 3.3.1
(<link xlink:href="https://github.com/NixOS/nixpkgs/pull/158613">#158613</link>).
</para>
</listitem>
<listitem>
<para>
The <literal>R</literal> package now builds again on
<literal>aarch64-darwin</literal>
(<link xlink:href="https://github.com/NixOS/nixpkgs/pull/158992">#158992</link>).
</para>
</listitem>
nss: add esr and latest change release-notes entry
2022-04-03 15:13:36 +00:00
<listitem>
<para>
The <literal>nss</literal> package was split into
<literal>nss_esr</literal> and <literal>nss_latest</literal>,
with <literal>nss</literal> being an alias for
<literal>nss_esr</literal>. This was done to ease maintenance
of <literal>nss</literal> and dependent high-profile packages
like <literal>firefox</literal>.
</para>
</listitem>
nixos/nextcloud: Support create database locally
2021-12-15 14:56:19 +00:00
<listitem>
<para>
The Nextcloud module now supports to create a Mysql database
automatically with
<literal>services.nextcloud.database.createLocally</literal>
enabled.
</para>
</listitem>
nixos/nextcloud: Add option for max-age HSTS directive * Add an option services.nextcloud.nginx.hstsMaxAge for setting the max-age directive of the Strict-Transport-Security HTTP header. * Make the Strict-Transport-Security HTTP header in the Nginx virtualhost block dependant upon the option services.nextcloud.https instead of services.nextcloud.nginx.recommendedHttpHeaders, as this header makes no sense when not using HTTPS. (Closes #169465)
2022-05-13 20:12:36 +00:00
<listitem>
<para>
The Nextcloud module now allows setting the value of the
<literal>max-age</literal> directive of the
<literal>Strict-Transport-Security</literal> HTTP header,
which is now controlled by the
<literal>services.nextcloud.https</literal> option, rather
than <literal>services.nginx.recommendedHttpHeaders</literal>.
</para>
</listitem>
spark: update release notes for 22.05
2022-03-10 04:48:06 +00:00
<listitem>
<para>
The <literal>spark3</literal> package has been updated from
3.1.2 to 3.2.1
(<link xlink:href="https://github.com/NixOS/nixpkgs/pull/160075">#160075</link>):
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Testing has been enabled for
<literal>aarch64-linux</literal> in addition to
<literal>x86_64-linux</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>spark3</literal> package is now usable on
<literal>aarch64-darwin</literal> as a result of
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/158613">#158613</link>
and
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/158992">#158992</link>.
</para>
</listitem>
</itemizedlist>
</listitem>
nixos: init programs/nncp module The NNCP utilities read a configuration at "/etc/nncp.hjson" by default. Add a NixOS module for generating this configuration.
2022-02-26 16:53:26 +00:00
<listitem>
<para>
The <literal>programs.nncp</literal> options were added for
generating host-global NNCP configuration.
</para>
</listitem>
nixos/snapserver: don't open ports by default
2022-01-04 07:44:10 +00:00
<listitem>
<para>
The option <literal>services.snapserver.openFirewall</literal>
will no longer default to <literal>true</literal> starting
with NixOS 22.11. Enable it explicitly if you need to control
Snapserver remotely or connect streamig clients from other
hosts.
</para>
</listitem>
nixos/doc: add release-note entry for networking.useDHCP change
2022-04-29 21:45:26 +00:00
<listitem>
<para>
The option
<link xlink:href="options.html#opt-networking.useDHCP">networking.useDHCP</link>
isnt deprecated anymore. When using
<link xlink:href="options.html#opt-networking.useNetworkd"><literal>systemd-networkd</literal></link>,
a generic <literal>.network</literal>-unit is added which
enables DHCP for each interface matching
<literal>en*</literal>, <literal>eth*</literal> or
<literal>wl*</literal> with priority 99 (which means that it
doesnt have any effect if such an interface is matched by a
<literal>.network-</literal>unit with a lower priority). In
case of scripted networking, no behavior was changed.
</para>
</listitem>
nixos/redis: enable multiple instances of redis-server
2021-08-23 17:57:49 +00:00
</itemizedlist>
nixos/doc: check in converted docbook for 22.05 release notes This was forgotten in 2768bc07f78a18aa26f869f39e37e87fd15544a6 and should hopefully avoid an all too confusing rebase / merge conflict later.
2021-11-22 22:21:27 +00:00
</section>
</section>
Reference in New Issue Copy Permalink