nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md

Release 23.11 (“Tapir”, 2023.11/??)

Highlights

• FoundationDB now defaults to major version 7.

New Services

• Create the first release note entry in this section!

• acme-dns, a limited DNS server to handle ACME DNS challenges easily and securely. Available as services.acme-dns.

• river, A dynamic tiling wayland compositor. Available as programs.river.

• GoToSocial, an ActivityPub social network server, written in Golang. Available as services.gotosocial.

• sitespeed-io, a tool that can generate metrics (timings, diagnostics) for websites. Available as services.sitespeed-io.

Backward Incompatibilities

• writeTextFile now requires executable to be boolean, values like null or "" will now fail to evaluate.

• The latest version of clonehero now stores custom content in ~/.clonehero. See the migration instructions. Typically, these content files would exist along side the binary, but the previous build used a wrapper script that would store them in ~/.config/unity3d/srylain Inc_/Clone Hero.

• python3.pkgs.fetchPypi (and python3Packages.fetchPypi) has been deprecated in favor of top-level fetchPypi.

• mariadb now defaults to mariadb_1011 instead of mariadb_106, meaning the default version was upgraded from 10.6.x to 10.11.x. See the upgrade notes for potential issues.

• etcd has been updated to 3.5, you will want to read the 3.3 to 3.4 and 3.4 to 3.5 upgrade guides

• himalaya has been updated to 0.8.0, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the release note for more details.

• The services.caddy.acmeCA option now defaults to null instead of "https://acme-v02.api.letsencrypt.org/directory", to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream.

• php80 is no longer supported due to upstream not supporting this version anymore.

• util-linux is now supported on Darwin and is no longer an alias to unixtools. Use the unixtools.util-linux package for access to the Apple variants of the utilities.

• The vlock program from the kbd package has been moved into its own package output and should now be referenced explicitly as kbd.vlock or replaced with an alternative such as the standalone vlock package or physlock.

• fileSystems.<name>.autoFormat now uses systemd-makefs, which does not accept formatting options. Therefore, fileSystems.<name>.formatOptions has been removed.

• fileSystems.<name>.autoResize now uses systemd-growfs to resize the file system online in stage 2. This means that f2fs and ext2 can no longer be auto resized, while xfs and btrfs now can be.

• services.lemmy.settings.federation was removed in 0.17.0 and no longer has any effect. To enable federation, the hostname must be set in the configuration file and then federation must be enabled in the admin web UI. See the release notes for more details.

• The following packages in haskellPackages have now a separate bin output: cabal-fmt, calligraphy, eventlog2html, ghc-debug-brick, hindent, nixfmt, releaser. This means you need to replace e.g. "${pkgs.haskellPackages.nixfmt}/bin/nixfmt" with "${lib.getBin pkgs.haskellPackages.nixfmt}/bin/nixfmt" or "${lib.getExe pkgs.haskellPackages.nixfmt}". The binaries also won’t be in scope if you rely on them being installed e.g. via ghcWithPackages. environment.packages picks the bin output automatically, so for normal installation no intervention is required. Also, toplevel attributes like pkgs.nixfmt are not impacted negatively by this change.

Other Notable Changes

• The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; from your NixOS configuration.

• fontconfig now defaults to using greyscale antialiasing instead of subpixel antialiasing because of a recommendation from one of the downstreams. You can change this value by configuring accordingly.

• The latest available version of Nextcloud is v27 (available as pkgs.nextcloud27). The installation logic is as follows:

  • If services.nextcloud.package is specified explicitly, this package will be installed (recommended)
  • If system.stateVersion is >=23.11, pkgs.nextcloud27 will be installed by default.
  • If system.stateVersion is >=23.05, pkgs.nextcloud26 will be installed by default.
  • Please note that an upgrade from v25 (or older) to v27 directly is not possible. Please upgrade to nextcloud26 (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring services.nextcloud.package = pkgs.nextcloud26;.

• A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing virtualisation.vlans is still supported for cases where the name of the network interface is irrelevant.

• DocBook option documentation is no longer supported, all module documentation now uses markdown.

• services.nginx gained a defaultListen option at server-level with support for PROXY protocol listeners, also proxyProtocol is now exposed in services.nginx.virtualHosts.<name>.listen option. It is now possible to run PROXY listeners and non-PROXY listeners at a server-level, see #213510 for more details.

Nixpkgs internals

• The qemu-vm.nix module by default now identifies block devices via persistent names available in /dev/disk/by-*. Because the rootDevice is identfied by its filesystem label, it needs to be formatted before the VM is started. The functionality of automatically formatting the rootDevice in the initrd is removed from the QEMU module. However, for tests that depend on this functionality, a test utility for the scripted initrd is added (nixos/tests/common/auto-format-root-device.nix). To use this in a NixOS test, import the module, e.g. imports = [ ./common/auto-format-root-device.nix ]; When you use the systemd initrd, you can automatically format the root device by setting virtualisation.fileSystems."/".autoFormat = true;.