3f93ec5814
The nixos/caddy module is somewhat old by now and has undergone quite some refactors. This specific module option (originally named `ca`) used to make a bit more sense when Caddy did not have multiple ACME CAs as fallback (LE & ZeroSSL) by configured by default yet (ZeroSSL came with v2.3.0). I also rephrased the description slightly, to mention Caddy's automatic issuer fallback and a note which this option maps to in the Caddyfile, to provide a bit more context and a more up-to-date recommendation. Specifically that "fine-grained configuration" section comes from a time when this module did some custom tls/issuer config json merging with the templated Caddyfile using `jq`. The "The URL to the ACME CA's directory" section is a word-for-word copy from the official Caddy docs, which also include a link to LE's docs to the referenced staging endpoint. So I added that as well.
3.9 KiB
Release 23.11 (“Tapir”, 2023.11/??)
Highlights
- FoundationDB now defaults to major version 7.
New Services
-
Create the first release note entry in this section!
-
acme-dns, a limited DNS server to handle ACME DNS challenges easily and securely. Available as services.acme-dns.
-
river, A dynamic tiling wayland compositor. Available as programs.river.
-
sitespeed-io, a tool that can generate metrics (timings, diagnostics) for websites. Available as services.sitespeed-io.
Backward Incompatibilities
-
writeTextFilenow requiresexecutableto be boolean, values likenullor""will now fail to evaluate. -
The latest version of
cloneheronow stores custom content in~/.clonehero. See the migration instructions. Typically, these content files would exist along side the binary, but the previous build used a wrapper script that would store them in~/.config/unity3d/srylain Inc_/Clone Hero. -
python3.pkgs.fetchPypi(andpython3Packages.fetchPypi) has been deprecated in favor of top-levelfetchPypi. -
mariadbnow defaults tomariadb_1011instead ofmariadb_106, meaning the default version was upgraded from 10.6.x to 10.11.x. See the upgrade notes for potential issues. -
etcdhas been updated to 3.5, you will want to read the 3.3 to 3.4 and 3.4 to 3.5 upgrade guides -
himalayahas been updated to0.8.0, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the release note for more details. -
The services.caddy.acmeCA option now defaults to
nullinstead of"https://acme-v02.api.letsencrypt.org/directory", to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream. -
util-linuxis now supported on Darwin and is no longer an alias tounixtools. Use theunixtools.util-linuxpackage for access to the Apple variants of the utilities. -
fileSystems.<name>.autoFormatnow usessystemd-makefs, which does not accept formatting options. Therefore,fileSystems.<name>.formatOptionshas been removed. -
fileSystems.<name>.autoResizenow usessystemd-growfsto resize the file system online in stage 2. This means thatf2fsandext2can no longer be auto resized, whilexfsandbtrfsnow can be.
Other Notable Changes
-
The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];from your NixOS configuration. -
A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing
virtualisation.vlansis still supported for cases where the name of the network interface is irrelevant. -
services.nginxgained adefaultListenoption at server-level with support for PROXY protocol listeners, alsoproxyProtocolis now exposed inservices.nginx.virtualHosts.<name>.listenoption. It is now possible to run PROXY listeners and non-PROXY listeners at a server-level, see #213510 for more details.