nixpkgs/nixos/doc/manual/release-notes/rl-2211.section.md

# Release 22.11 (“Raccoon”, 2022.11/??) {#sec-release-22.11}

Support is planned until the end of June 2023, handing over to 23.05.

## Highlights {#sec-release-22.11-highlights}

In addition to numerous new and upgraded packages, this release has the following highlights:

- GNOME has been upgraded to 43. Please take a look at their [Release
  Notes](https://release.gnome.org/43/) for details.

- During cross-compilation, tests are now executed if the test suite can be executed
  by the build platform. This is the case when doing “native” cross-compilation
  where the build and host platforms are largely the same, but the nixpkgs' cross
  compilation infrastructure is used, e.g. `pkgsStatic` and `pkgsLLVM`. Another
  possibility is that the build platform is a superset of the host platform, e.g. when
  cross-compiling from `x86_64-unknown-linux` to `i686-unknown-linux`.
  The predicate gating test suite execution is the newly added `canExecute`
  predicate: You can e.g. check if `stdenv.buildPlatform` can execute binaries
  built for `stdenv.hostPlatform` (i.e. produced by `stdenv.cc`) by evaluating
  `stdenv.buildPlatform.canExecute stdenv.hostPlatform`.

- The `nixpkgs.hostPlatform` and `nixpkgs.buildPlatform` options have been added.
  These cover and override the `nixpkgs.{system,localSystem,crossSystem}` options.

   - `hostPlatform` is the platform or "`system`" string of the NixOS system
     described by the configuration.
   - `buildPlatform` is the platform that is responsible for building the NixOS
     configuration. It defaults to the `hostPlatform`, for a non-cross
     build configuration. To cross compile, set `buildPlatform` to a different
     value.

  The new options convey the same information, but with fewer options, and
  following the Nixpkgs terminology.

  The existing options `nixpkgs.{system,localSystem,crossSystem}` have not
  been formally deprecated, to allow for evaluation of the change and to allow
  for a transition period so that in time the ecosystem can switch without
  breaking compatibility with any supported NixOS release.

- `emacs` enables native compilation which means:
  - emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
  - emacs packages from somewhere else, e.g. `package-install`, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.

- `nixos-generate-config` now generates configurations that can be built in pure
  mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.

  You may have to unset the `system` parameter in `lib.nixosSystem`, or similarly
  remove definitions of the `nixpkgs.{system,localSystem,crossSystem}` options.

  Alternatively, you can remove the `hostPlatform` line and use NixOS like you
  would in NixOS 22.05 and earlier.

- PHP now defaults to PHP 8.1, updated from 8.0.

- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.

- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
  blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.

- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.

- An image configuration and generator has been added for Linode images, largely based on the present GCE configuration and image.

- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

## New Services {#sec-release-22.11-new-services}

- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
- [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs), a self-hostable sync server for Firefox. Available as [services.firefox-syncserver](options.html#opt-services.firefox-syncserver.enable).

- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).

- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).

- [Tandoor Recipes](https://tandoor.dev), a self-hosted multi-tenant recipe collection. Available as [services.tandoor-recipes](options.html#opt-services.tandoor-recipes.enable).

- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).

- [Please](https://github.com/edneville/please), a Sudo clone written in Rust. Available as [security.please](#opt-security.please.enable)

- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).

- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
  Available as [services.infnoise](options.html#opt-services.infnoise.enable).

- [kthxbye](https://github.com/prymitive/kthxbye), an alert acknowledgement management daemon for Prometheus Alertmanager. Available as [services.kthxbye](options.html#opt-services.kthxbye.enable)

- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
  Available as [services.kanata](options.html#opt-services.kanata.enable).

- [languagetool](https://languagetool.org/), a multilingual grammar, style, and spell checker.
  Available as [services.languagetool](options.html#opt-services.languagetool.enable).

- [OpenRGB](https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master), a FOSS tool for controlling RGB lighting. Available as [services.hardware.openrgb.enable](options.html#opt-services-hardware-openrgb-enable).

- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).

- [alps](https://git.sr.ht/~migadu/alps), a simple and extensible webmail. Available as [services.alps](#opt-services.alps.enable).

- [endlessh-go](https://github.com/shizunge/endlessh-go), an SSH tarpit that exposes Prometheus metrics. Available as [services.endlessh-go](#opt-services.endlessh-go.enable).

- [netbird](https://netbird.io), a zero configuration VPN.
  Available as [services.netbird](options.html#opt-services.netbird.enable).

- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).

- [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).

- [Dolibarr](https://www.dolibarr.org/), an enterprise resource planning and customer relationship manager. Enable using [services.dolibarr](#opt-services.dolibarr.enable).

- [FreshRSS](https://freshrss.org/), a free, self-hostable RSS feed aggregator. Available as [services.freshrss](#opt-services.freshrss.enable).

- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).

- [go-autoconfig](https://github.com/L11R/go-autoconfig), IMAP/SMTP autodiscover server. Available as [services.go-autoconfig](#opt-services.go-autoconfig.enable).

- [tmate-ssh-server](https://github.com/tmate-io/tmate-ssh-server), server side part of [tmate](https://tmate.io/). Available as [services.tmate-ssh-server](#opt-services.tmate-ssh-server.enable).

- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).

- [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable).

- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as [services.patroni](options.html#opt-services.patroni.enable).

- [Prometheus IPMI exporter](https://github.com/prometheus-community/ipmi_exporter), an IPMI exporter for Prometheus. Available as [services.prometheus.exporters.ipmi](#opt-services.prometheus.exporters.ipmi.enable).

- [WriteFreely](https://writefreely.org), a simple blogging platform with ActivityPub support. Available as [services.writefreely](options.html#opt-services.writefreely.enable).

- [Listmonk](https://listmonk.app), a self-hosted newsletter manager. Enable using [services.listmonk](options.html#opt-services.listmonk.enable).

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

## Backward Incompatibilities {#sec-release-22.11-incompatibilities}

- Nixpkgs now requires Nix 2.3 or newer.

- The `isCompatible` predicate checking CPU compatibility is no longer exposed
  by the platform sets generated using `lib.systems.elaborate`. In most cases
  you will want to use the new `canExecute` predicate instead which also
  considers the kernel / syscall interface. It is briefly described in the
  release's [highlights section](#sec-release-22.11-highlights).
  `lib.systems.parse.isCompatible` still exists, but has changed semantically:
  Architectures with differing endianness modes are *no longer considered compatible*.

- `ngrok` has been upgraded from 2.3.40 to 3.0.4. Please see [the upgrade guide](https://ngrok.com/docs/guides/upgrade-v2-v3)
  and [changelog](https://ngrok.com/docs/ngrok-agent/changelog). Notably, breaking changes are that the config file format has
  changed and support for single hypen arguments was dropped.

- `i18n.supportedLocales` is now by default only generated with the locales set in `i18n.defaultLocale` and `i18n.extraLocaleSettings`.
  This got partially copied over from the minimal profile and reduces the final system size by up to 200MB.
  If you require all locales installed set the option to ``[ "all" ]``.

- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion.  The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems.  If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.

- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.

- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.

- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
  as it requires `qt4`, which reached its end-of-life 2015 and will no longer be supported by nixpkgs.
  [According to Barco](https://www.barco.com/de/support/knowledge-base/4380-can-i-use-linux-os-with-clickshare-base-units) many of their base unit models can be used with Google Chrome and the Google Cast extension.

- `services.hbase` has been renamed to `services.hbase-standalone`.
  For production HBase clusters, use `services.hadoop.hbase` instead.

- The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.

- The `coq` package and versioned variants starting at `coq_8_14` no
  longer include CoqIDE, which is now available through
  `coqPackages.coqide`. It is still possible to get CoqIDE as part of
  the `coq` package by overriding the `buildIde` argument of the
  derivation.

- PHP 7.4 is no longer supported due to upstream not supporting this
  version for the entire lifecycle of the 22.11 release.

- `pkgs.cosign` does not provide the `cosigned` binary anymore. The `sget` binary has been moved into its own package.

- Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.
  Users who still wish to remain using GTK can do so by using `emacs-gtk`.

- riak package removed along with `services.riak` module, due to lack of maintainer to update the package.

- xow package removed along with the `hardware.xow` module, due to the project being deprecated in favor of `xone`,  which is available via the `hardware.xone` module.

- dd-agent package removed along with the `services.dd-agent` module, due to the project being deprecated in favor of `datadog-agent`,  which is available via the `services.datadog-agent` module.

- `teleport` has been upgraded to major version 10. Please see upstream [upgrade instructions](https://goteleport.com/docs/ver/10.0/management/operations/upgrading/) and [release notes](https://goteleport.com/docs/ver/10.0/changelog/#1000).

- lemmy module option `services.lemmy.settings.database.createLocally`
  moved to `services.lemmy.database.createLocally`.

- virtlyst package and `services.virtlyst` module removed, due to lack of maintainers.

- The `services.graphite.api` and `services.graphite.beacon` NixOS options, and
  the `python3.pkgs.graphite_api`, `python3.pkgs.graphite_beacon` and
  `python3.pkgs.influxgraph` packages, have been removed due to lack of upstream
  maintenance.

- The `aws` package has been removed due to being abandoned by the upstream. It is recommended to use `awscli` or `awscli2` instead.

- `systemd-networkd` v250 deprecated, renamed, and moved some sections and settings which leads to the following breaking module changes:

   * `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` is renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`.
   * `systemd.network.networks.<name>.dhcpV6Config` no longer accepts the `ForceDHCPv6PDOtherInformation=` setting. Please use the `WithoutRA=` and `UseDelegatedPrefix=` settings in your `systemd.network.networks.<name>.dhcpV6Config` and the `DHCPv6Client=` setting in your `systemd.network.networks.<name>.ipv6AcceptRAConfig` to control when the DHCPv6 client is started and how the delegated prefixes are handled by the DHCPv6 client.
   * `systemd.network.networks.<name>.networkConfig` no longer accepts the `IPv6Token=` setting. Use the `Token=` setting in your `systemd.network.networks.<name>.ipv6AcceptRAConfig` instead. The `systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig` now also accepts the `Token=` setting.

- The `meta.mainProgram` attribute of packages in `wineWowPackages` now defaults to `"wine64"`.

- The `paperless` module now defaults `PAPERLESS_TIME_ZONE` to your configured system timezone.

- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
  Use `configure.packages` instead.
- Neovim can not be configured with plug anymore (still works for vim).

- The default `kops` version is now 1.25.1 and support for 1.22 and older has been dropped.

- `k3s` no longer supports docker as runtime due to upstream dropping support.

- `k3s` supports `clusterInit` option, and it is enabled by default, for servers.

- `stylua` no longer accepts `lua52Support` and `luauSupport` overrides, use `features` instead, which defaults to `[ "lua54" "luau" ]`.

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

## Other Notable Changes {#sec-release-22.11-notable-changes}

- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.

- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.

- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.

- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.

- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.

- The `networking.wireguard` module now can set the mtu on interfaces and tag its packets with an fwmark.

- The `services.matrix-synapse` systemd unit has been hardened.

- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.

- The `diamond` package has been update from 0.8.36 to 2.0.15. See the [upstream release notes](https://github.com/bbuchfink/diamond/releases) for more details.

- The `guake` package has been updated from 3.6.3 to 3.9.0, see the [changelog](https://github.com/Guake/guake/releases) for more details.

- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
  Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`.

- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.

- Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.

- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.

- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
  This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it.

- Add udev rules for the Teensy family of microcontrollers.

- systemd-oomd is enabled by default. Depending on which systemd units have
  `ManagedOOMSwap=kill` or `ManagedOOMMemoryPressure=kill`, systemd-oomd will
  SIGKILL all the processes under the appropriate descendant cgroups when the
  configured limits are exceeded. NixOS does currently not configure cgroups
  with oomd by default, this can be enabled using
  [systemd.oomd.enableRootSlice](options.html#opt-systemd.oomd.enableRootSlice),
  [systemd.oomd.enableSystemSlice](options.html#opt-systemd.oomd.enableSystemSlice),
  and [systemd.oomd.enableUserServices](options.html#opt-systemd.oomd.enableUserServices).

- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.

- There is a new module for AMD SEV CPU functionality, which grants access to the hardware.

- The Wordpress module got support for installing language packs through `services.wordpress.sites.<site>.languages`.

- There is a new module for the `thunar` program (the Xfce file manager), which depends on the `xfconf` dbus service, and also has a dbus service and a systemd unit. The option `services.xserver.desktopManager.xfce.thunarPlugins` has been renamed to `programs.thunar.plugins`, and in a future release it may be removed.

- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.

- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.

- The `nodePackages` package set now defaults to the LTS release in the `nodejs` package again, instead of being pinned to `nodejs-14_x`. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a new `postRebuild` hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies.

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->