wstunnel: 9.6.2 -> 9.7.0
6.5 KiB
Release 24.11 (“Vicuña”, 2024.11/??)
Highlights
-
Convenience options for
amdgpu
, open source driver for Radeon cards, is now available underhardware.amdgpu
. -
AMDVLK, AMD's open source Vulkan driver, is now available to be configured as
hardware.amdgpu.amdvlk
option. This also allows configuring runtime settings of AMDVLK and enabling experimental features.
New Services
-
Open-WebUI, a user-friendly WebUI for LLMs. Available as services.open-webui service.
-
Quickwit, sub-second search & analytics engine on cloud storage. Available as services.quickwit.
-
Flood, a beautiful WebUI for various torrent clients. Available as services.flood.
-
Renovate, a dependency updating tool for various git forges and language ecosystems. Available as services.renovate.
Backward Incompatibilities
-
androidenv.androidPkgs_9_0
has been removed, and replaced withandroidenv.androidPkgs
for a more complete Android SDK including support for Android 9 and later. -
wstunnel
has had a major version upgrade that entailed rewriting the program in Rust. The module was updated to accommodate for breaking changes. Breaking changes to the module API were minimised as much as possible, but some were nonetheless inevitable due to changes in the upstream CLI. Certain options were moved from separate CLI arguments into the forward specifications, and those options were also removed from the module's API, please consult the wstunnel man page for more detail. Also be aware that if you have set additional options inservices.wstunnel.{clients,servers}.<name>.extraArgs
, that those might have been removed or modified upstream. -
nginx
package no longer includesgd
andgeoip
dependencies. For enabling it, overridenginx
package with the optionalswithImageFilter
andwithGeoIP
. -
openssh
andopenssh_hpn
are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can use the newopensshWithKerberos
andopenssh_hpnWithKerberos
flavors (e.g.programs.ssh.package = pkgs.openssh_gssapi
). -
nvimpager
was updated to version 0.13.0, which changes the order of user and nvimpager settings: user commands in-c
and--cmd
now override the respective default settings because they are executed later. -
services.forgejo.mailerPasswordFile
has been deprecated by the drop-in replacementservices.forgejo.secrets.mailer.PASSWD
, which is part of the new free-formservices.forgejo.secrets
option.services.forgejo.secrets
is a small wrapper over systemd'sLoadCredential=
. It has the same structure (sections/keys) asservices.forgejo.settings
but takes file paths that will be read before service startup instead of some plaintext value. -
services.ddclient.use
has been deprecated:ddclient
now supports separate IPv4 and IPv6 configuration. Useservices.ddclient.usev4
andservices.ddclient.usev6
instead. -
vaultwarden
lost the capability to bind to privileged ports. If you rely on this behavior, override the systemd unit to allowCAP_NET_BIND_SERVICE
in your local configuration. -
The Invoiceplane module now only accepts the structured
settings
option.extraConfig
is now removed. -
Legacy package
stalwart-mail_0_6
was dropped, please note the manual upgrade process before changing the package topkgs.stalwart-mail
inservices.stalwart-mail.package
. -
haskell.lib.compose.justStaticExecutables
now disallows references to GHC in the output by default, to alert users to closure size issues caused by #164630. See "Packaging Helpers" in the Haskell section of the Nixpkgs manual for information on working aroundoutput '...' is not allowed to refer to the following paths
errors caused by this change. -
The
stalwart-mail
module now uses RocksDB as the default storage backend forstateVersion
≥ 24.11. (It was previously using SQLite for structured data and the filesystem for blobs). -
zx
was updated to v8, which introduces several breaking changes. See the v8 changelog for more information. -
The
portunus
package and service do not support weak password hashes anymore. If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing. Then, follow the instructions on the upstream release notes to upgrade all existing user accounts to strong password hashes. If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration:services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; }; services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
-
The
tracy
package no longer works on X11, since it's moved to Wayland support, which is the intended default behavior by Tracy maintainers. X11 users have to switch to the new packagetracy-x11
.
Other Notable Changes
-
hareHook
has been added as the language framework for Hare. From now on, it, not thehare
package, should be added tonativeBuildInputs
when building Hare programs. -
To facilitate dependency injection, the
imgui
package now builds a static archive using vcpkg' CMake rules. The derivation now installs "impl" headers selectively instead of by a wildcard. Useimgui.src
if you just want to access the unpacked sources.