diff options
| author | pennae <github@quasiparticle.net> | 2023-02-08 11:08:25 +0100 |
|---|---|---|
| committer | pennae <github@quasiparticle.net> | 2023-02-10 06:40:15 +0100 |
| commit | d041641b1abc901191947cd9d7676cd803ccd00b (patch) | |
| tree | e13a6f2dca1c98b55bd17d6b2c9ac00a99de9364 /nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | |
| parent | 652a283e51d57ed294cb07774ebf7b95b1a7e59c (diff) | |
nixos/manual: remove md-to-db
with manual chapters no longer needing pandoc for their conversion to xml we can get rid of this source of confusion, and its huge cache of xml files.
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2305.section.xml')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 1036 |
1 files changed, 0 insertions, 1036 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml deleted file mode 100644 index b5220fbb99648..0000000000000 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ /dev/null @@ -1,1036 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-23.05"> - <title>Release 23.05 (“Stoat”, 2023.05/??)</title> - <para> - Support is planned until the end of December 2023, handing over to - 23.11. - </para> - <section xml:id="sec-release-23.05-highlights"> - <title>Highlights</title> - <para> - In addition to numerous new and upgraded packages, this release - has the following highlights: - </para> - <itemizedlist> - <listitem> - <para> - Cinnamon has been updated to 5.6, see - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204">the - pull request</link> for what is changed. - </para> - </listitem> - <listitem> - <para> - <literal>nixos-rebuild</literal> now supports an extra - <literal>--specialisation</literal> option that can be used to - change specialisation for <literal>switch</literal> and - <literal>test</literal> commands. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-23.05-new-services"> - <title>New Services</title> - <itemizedlist> - <listitem> - <para> - <link xlink:href="https://akkoma.social">Akkoma</link>, an - ActivityPub microblogging server. Available as - <link xlink:href="options.html#opt-services.akkoma.enable">services.akkoma</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/akinomyoga/ble.sh">blesh</link>, - a line editor written in pure bash. Available as - <link linkend="opt-programs.bash.blesh.enable">programs.bash.blesh</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/adnanh/webhook">webhook</link>, - a lightweight webhook server. Available as - <link linkend="opt-services.webhook.enable">services.webhook</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/alexivkin/CUPS-PDF-to-PDF">cups-pdf-to-pdf</link>, - a pdf-generating cups backend based on - <link xlink:href="https://www.cups-pdf.de/">cups-pdf</link>. - Available as - <link linkend="opt-services.printing.cups-pdf.enable">services.printing.cups-pdf</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.magicbug.co.uk/cloudlog/">Cloudlog</link>, - a web-based Amateur Radio logging application. Available as - <link linkend="opt-services.cloudlog.enable">services.cloudlog</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/junegunn/fzf">fzf</link>, - a command line fuzzyfinder. Available as - <link linkend="opt-programs.fzf.fuzzyCompletion">programs.fzf</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/hzeller/gmrender-resurrect">gmediarender</link>, - a simple, headless UPnP/DLNA renderer. Available as - <link xlink:href="options.html#opt-services.gmediarender.enable">services.gmediarender</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/StevenBlack/hosts">stevenblack-blocklist</link>, - A unified hosts file with base extensions for blocking - unwanted websites. Available as - <link xlink:href="options.html#opt-networking.stevenblack.enable">networking.stevenblack</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/slurdge/goeland">goeland</link>, - an alternative to rss2email written in golang with many - filters. Available as - <link linkend="opt-services.goeland.enable">services.goeland</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/ellie/atuin">atuin</link>, - a sync server for shell history. Available as - <link linkend="opt-services.atuin.enable">services.atuin</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://gitlab.com/kop316/mmsd">mmsd</link>, - a lower level daemon that transmits and recieves MMSes. - Available as - <link linkend="opt-services.mmsd.enable">services.mmsd</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://dm3mat.darc.de/qdmr/">QDMR</link>, a - GUI application and command line tool for programming DMR - radios - <link linkend="opt-programs.qdmr.enable">programs.qdmr</link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://v2raya.org">v2rayA</link>, a Linux - web GUI client of Project V which supports V2Ray, Xray, SS, - SSR, Trojan and Pingtunnel. Available as - <link xlink:href="options.html#opt-services.v2raya.enable">services.v2raya</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.netfilter.org/projects/ulogd/index.html">ulogd</link>, - a userspace logging daemon for netfilter/iptables related - logging. Available as - <link xlink:href="options.html#opt-services.ulogd.enable">services.ulogd</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://photoprism.app/">photoprism</link>, - a AI-Powered Photos App for the Decentralized Web. Available - as - <link xlink:href="options.html#opt-services.photoprism.enable">services.photoprism</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/languitar/autosuspend">autosuspend</link>, - a python daemon that suspends a system if certain conditions - are met, or not met. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/parvardegr/sharing">sharing</link>, - a command-line tool to share directories and files from the - CLI to iOS and Android devices without the need of an extra - client app. Available as - <link linkend="opt-programs.sharing.enable">programs.sharing</link>. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-23.05-incompatibilities"> - <title>Backward Incompatibilities</title> - <itemizedlist> - <listitem> - <para> - <literal>carnix</literal> and <literal>cratesIO</literal> has - been removed due to being unmaintained, use alternatives such - as - <link xlink:href="https://github.com/nix-community/naersk">naersk</link> - and - <link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link> - instead. - </para> - </listitem> - <listitem> - <para> - <literal>checkInputs</literal> have been renamed to - <literal>nativeCheckInputs</literal>, because they behave the - same as <literal>nativeBuildInputs</literal> when - <literal>doCheck</literal> is set. - <literal>checkInputs</literal> now denote a new type of - dependencies, added to <literal>buildInputs</literal> when - <literal>doCheck</literal> is set. As a rule of thumb, - <literal>nativeCheckInputs</literal> are tools on - <literal>$PATH</literal> used during the tests, and - <literal>checkInputs</literal> are libraries which are linked - to executables built as part of the tests. Similarly, - <literal>installCheckInputs</literal> are renamed to - <literal>nativeInstallCheckInputs</literal>, corresponding to - <literal>nativeBuildInputs</literal>, and - <literal>installCheckInputs</literal> are a new type of - dependencies added to <literal>buildInputs</literal> when - <literal>doInstallCheck</literal> is set. (Note that this - change will not cause breakage to derivations with - <literal>strictDeps</literal> unset, which are most packages - except python, rust, ocaml and go packages). - </para> - </listitem> - <listitem> - <para> - <literal>buildDunePackage</literal> now defaults to - <literal>strictDeps = true</literal> which means that any - library should go into <literal>buildInputs</literal> or - <literal>checkInputs</literal>. Any executable that is run on - the building machine should go into - <literal>nativeBuildInputs</literal> or - <literal>nativeCheckInputs</literal> respectively. Example of - executables are <literal>ocaml</literal>, - <literal>findlib</literal> and <literal>menhir</literal>. PPXs - are libraries which are built by dune and should therefore not - go into <literal>nativeBuildInputs</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>borgbackup</literal> module now has an option for - inhibiting system sleep while backups are running, defaulting - to off (not inhibiting sleep), available as - <link linkend="opt-services.borgbackup.jobs._name_.inhibitsSleep"><literal>services.borgbackup.jobs.<name>.inhibitsSleep</literal></link>. - </para> - </listitem> - <listitem> - <para> - <literal>podman</literal> now uses the - <literal>netavark</literal> network stack. Users will need to - delete all of their local containers, images, volumes, etc, by - running <literal>podman system reset --force</literal> once - before upgrading their systems. - </para> - </listitem> - <listitem> - <para> - <literal>git-bug</literal> has been updated to at least - version 0.8.0, which includes backwards incompatible changes. - The <literal>git-bug-migration</literal> package can be used - to upgrade existing repositories. - </para> - </listitem> - <listitem> - <para> - The <literal>services.kubo.settings</literal> option is now no - longer stateful. If you changed any of the options in - <literal>services.kubo.settings</literal> in the past and then - removed them from your NixOS configuration again, those - changes are still in your Kubo configuration file but will now - be reset to the default. If you’re unsure, you may want to - make a backup of your configuration file (probably - /var/lib/ipfs/config) and compare after the update. - </para> - </listitem> - <listitem> - <para> - The EC2 image module no longer fetches instance metadata in - stage-1. This results in a significantly smaller initramfs, - since network drivers no longer need to be included, and - faster boots, since metadata fetching can happen in parallel - with startup of other services. This breaks services which - rely on metadata being present by the time stage-2 is entered. - Anything which reads EC2 metadata from - <literal>/etc/ec2-metadata</literal> should now have an - <literal>after</literal> dependency on - <literal>fetch-ec2-metadata.service</literal> - </para> - </listitem> - <listitem> - <para> - <literal>minio</literal> removed support for its legacy - filesystem backend in - <link xlink:href="https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z">RELEASE.2022-10-29T06-21-33Z</link>. - This means if your storage was created with the old format, - minio will no longer start. Unfortunately minio doesn’t - provide a an automatic migration, they only provide - <link xlink:href="https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html">instructions - how to manually convert the node</link>. To facilitate this - migration we keep around the last version that still supports - the old filesystem backend as - <literal>minio_legacy_fs</literal>. Use it via - <literal>services.minio.package = minio_legacy_fs;</literal> - to export your data before switching to the new version. See - the corresponding - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/199318">issue</link> - for more details. - </para> - </listitem> - <listitem> - <para> - <literal>services.sourcehut.dispatch</literal> and the - corresponding package - (<literal>sourcehut.dispatchsrht</literal>) have been removed - due to - <link xlink:href="https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/">upstream - deprecation</link>. - </para> - </listitem> - <listitem> - <para> - The - <link linkend="opt-services.snapserver.openFirewall">services.snapserver.openFirewall</link> - module option default value has been changed from - <literal>true</literal> to <literal>false</literal>. You will - need to explicitly set this option to <literal>true</literal>, - or configure your firewall. - </para> - </listitem> - <listitem> - <para> - The - <link linkend="opt-services.tmate-ssh-server.openFirewall">services.tmate-ssh-server.openFirewall</link> - module option default value has been changed from - <literal>true</literal> to <literal>false</literal>. You will - need to explicitly set this option to <literal>true</literal>, - or configure your firewall. - </para> - </listitem> - <listitem> - <para> - The - <link linkend="opt-services.unifi-video.openFirewall">services.unifi-video.openFirewall</link> - module option default value has been changed from - <literal>true</literal> to <literal>false</literal>. You will - need to explicitly set this option to <literal>true</literal>, - or configure your firewall. - </para> - </listitem> - <listitem> - <para> - Kime has been updated from 2.5.6 to 3.0.2 and the - <literal>i18n.inputMethod.kime.config</literal> option has - been removed. Users should use - <literal>daemonModules</literal>, - <literal>iconColor</literal>, and - <literal>extraConfig</literal> options under - <literal>i18n.inputMethod.kime</literal> instead. - </para> - </listitem> - <listitem> - <para> - <literal>tut</literal> has been updated from 1.0.34 to 2.0.0, - and now uses the TOML format for the configuration file - instead of INI. Additional information can be found - <link xlink:href="https://github.com/RasmusLindroth/tut/releases/tag/2.0.0">here</link>. - </para> - </listitem> - <listitem> - <para> - The <literal>wordpress</literal> derivation no longer contains - any builtin plugins or themes. If you need them you have to - add them back to prevent your site from breaking. You can find - them in <literal>wordpressPackages.{plugins,themes}</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>llvmPackages_rocm.llvm</literal> will not contain - <literal>clang</literal> or <literal>compiler-rt</literal>. - <literal>llvmPackages_rocm.clang</literal> will not contain - <literal>llvm</literal>. - <literal>llvmPackages_rocm.clangNoCompilerRt</literal> has - been removed in favor of using - <literal>llvmPackages_rocm.clang-unwrapped</literal>. - </para> - </listitem> - <listitem> - <para> - The EC2 image module previously detected and automatically - mounted ext3-formatted instance store devices and partitions - in stage-1 (initramfs), storing <literal>/tmp</literal> on the - first discovered device. This behaviour, which only catered to - very specific use cases and could not be disabled, has been - removed. Users relying on this should provide their own - implementation, and probably use ext4 and perform the mount in - stage-2. - </para> - </listitem> - <listitem> - <para> - <literal>teleport</literal> has been upgraded to major version - 11. Please see upstream - <link xlink:href="https://goteleport.com/docs/setup/operations/upgrading/">upgrade - instructions</link> and - <link xlink:href="https://goteleport.com/docs/changelog/#1100">release - notes</link>. - </para> - </listitem> - <listitem> - <para> - The EC2 image module previously detected and activated - swap-formatted instance store devices and partitions in - stage-1 (initramfs). This behaviour has been removed. Users - relying on this should provide their own implementation. - </para> - </listitem> - <listitem> - <para> - Calling <literal>makeSetupHook</literal> without passing a - <literal>name</literal> argument is deprecated. - </para> - </listitem> - <listitem> - <para> - Qt 5.12 and 5.14 have been removed, as the corresponding - branches have been EOL upstream for a long time. This affected - under 10 packages in nixpkgs, largely unmaintained upstream as - well, however, out-of-tree package expressions may need to be - updated manually. - </para> - </listitem> - <listitem> - <para> - The - <link linkend="opt-services.wordpress.sites._name_.plugins">services.wordpress.sites.<name>.plugins</link> - and - <link linkend="opt-services.wordpress.sites._name_.themes">services.wordpress.sites.<name>.themes</link> - options have been converted from sets to attribute sets to - allow for consumers to specify explicit install paths via - attribute name. - </para> - </listitem> - <listitem> - <para> - Nebula now runs as a system user and group created for each - nebula network, using the <literal>CAP_NET_ADMIN</literal> - ambient capability on launch rather than starting as root. - Ensure that any files each Nebula instance needs to access are - owned by the correct user and group, by default - <literal>nebula-${networkName}</literal>. - </para> - </listitem> - <listitem> - <para> - In <literal>mastodon</literal> it is now necessary to specify - location of file with <literal>PostgreSQL</literal> database - password. In - <literal>services.mastodon.database.passwordFile</literal> - parameter default value - <literal>/var/lib/mastodon/secrets/db-password</literal> has - been changed to <literal>null</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>--target-host</literal> and - <literal>--build-host</literal> options of - <literal>nixos-rebuild</literal> no longer treat the - <literal>localhost</literal> value specially – to build - on/deploy to local machine, omit the relevant flag. - </para> - </listitem> - <listitem> - <para> - The <literal>nix.readOnlyStore</literal> option has been - renamed to <literal>boot.readOnlyNixStore</literal> to clarify - that it configures the NixOS boot process, not the Nix daemon. - </para> - </listitem> - <listitem> - <para> - Deprecated <literal>xlibsWrapper</literal> transitional - package has been removed in favour of direct use of its - constitutents: <literal>xorg.libX11</literal>, - <literal>freetype</literal> and others. - </para> - </listitem> - <listitem> - <para> - .NET 5.0 was removed due to being end-of-life, use a newer, - supported .NET version - - https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core - </para> - </listitem> - <listitem> - <para> - The iputils package, which is installed by default, no longer - provides the <literal>ninfod</literal>, - <literal>rarpd</literal> and <literal>rdisc</literal> tools. - See - <link xlink:href="https://github.com/iputils/iputils/releases/tag/20221126">upstream’s - release notes</link> for more details and available - replacements. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-23.05-notable-changes"> - <title>Other Notable Changes</title> - <itemizedlist> - <listitem> - <para> - <literal>vim_configurable</literal> has been renamed to - <literal>vim-full</literal> to avoid confusion: - <literal>vim-full</literal>’s build-time features are - configurable, but both <literal>vim</literal> and - <literal>vim-full</literal> are - <emphasis>customizable</emphasis> (in the sense of user - configuration, like vimrc). - </para> - </listitem> - <listitem> - <para> - The module for the application firewall - <literal>opensnitch</literal> got the ability to configure - rules. Available as - <link linkend="opt-services.opensnitch.rules">services.opensnitch.rules</link> - </para> - </listitem> - <listitem> - <para> - The module <literal>usbmuxd</literal> now has the ability to - change the package used by the daemon. In case you’re - experiencing issues with <literal>usbmuxd</literal> you can - try an alternative program like <literal>usbmuxd2</literal>. - Available as - <link linkend="opt-services.usbmuxd.package">services.usbmuxd.package</link> - </para> - </listitem> - <listitem> - <para> - A few openssh options have been moved from extraConfig to the - new freeform option <literal>settings</literal> and renamed as - follows: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <literal>services.openssh.forwardX11</literal> to - <literal>services.openssh.settings.X11Forwarding</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.kbdInteractiveAuthentication</literal> - -> - <literal>services.openssh.settings.KbdInteractiveAuthentication</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.passwordAuthentication</literal> - to - <literal>services.openssh.settings.PasswordAuthentication</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.useDns</literal> to - <literal>services.openssh.settings.UseDns</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.permitRootLogin</literal> to - <literal>services.openssh.settings.PermitRootLogin</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.logLevel</literal> to - <literal>services.openssh.settings.LogLevel</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.kexAlgorithms</literal> to - <literal>services.openssh.settings.KexAlgorithms</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.macs</literal> to - <literal>services.openssh.settings.Macs</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.ciphers</literal> to - <literal>services.openssh.settings.Ciphers</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.openssh.gatewayPorts</literal> to - <literal>services.openssh.settings.GatewayPorts</literal> - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <literal>services.mastodon</literal> gained a tootctl wrapped - named <literal>mastodon-tootctl</literal> similar to - <literal>nextcloud-occ</literal> which can be executed from - any user and switches to the configured mastodon user with - sudo and sources the environment variables. - </para> - </listitem> - <listitem> - <para> - DocBook option documentation, which has been deprecated since - 22.11, will now cause a warning when documentation is built. - Out-of-tree modules should migrate to using CommonMark - documentation as outlined in - <xref linkend="sec-option-declarations" /> to silence this - warning. - </para> - <para> - DocBook option documentation support will be removed in the - next release and CommonMark will become the default. DocBook - option documentation that has not been migrated until then - will no longer render properly or cause errors. - </para> - </listitem> - <listitem> - <para> - NixOS now defaults to using nsncd (a non-caching - reimplementation in Rust) as NSS lookup dispatcher, instead of - the buggy and deprecated glibc-provided nscd. If you need to - switch back, set - <literal>services.nscd.enableNsncd = false</literal>, but - please open an issue in nixpkgs so your issue can be fixed. - </para> - </listitem> - <listitem> - <para> - The <literal>dnsmasq</literal> service now takes configuration - via the <literal>services.dnsmasq.settings</literal> attribute - set. The option - <literal>services.dnsmasq.extraConfig</literal> will be - deprecated when NixOS 22.11 reaches end of life. - </para> - </listitem> - <listitem> - <para> - The <literal>dokuwiki</literal> service now takes - configuration via the - <literal>services.dokuwiki.sites.<name>.settings</literal> - attribute set, <literal>extraConfig</literal> is deprecated - and will be removed. The - <literal>{aclUse,superUser,disableActions}</literal> - attributes have been renamed, <literal>pluginsConfig</literal> - now also accepts an attribute set of booleans, passing plain - PHP is deprecated. Same applies to <literal>acl</literal> - which now also accepts structured settings. - </para> - </listitem> - <listitem> - <para> - The <literal>wordpress</literal> service now takes - configuration via the - <literal>services.wordpress.sites.<name>.settings</literal> - attribute set, <literal>extraConfig</literal> is still - available to append additional text to - <literal>wp-config.php</literal>. - </para> - </listitem> - <listitem> - <para> - To reduce closure size in - <literal>nixos/modules/profiles/minimal.nix</literal> profile - disabled installation documentations and manuals. Also - disabled <literal>logrotate</literal> and - <literal>udisks2</literal> services. - </para> - </listitem> - <listitem> - <para> - The minimal ISO image now uses the - <literal>nixos/modules/profiles/minimal.nix</literal> profile. - </para> - </listitem> - <listitem> - <para> - The <literal>ghcWithPackages</literal> and - <literal>ghcWithHoogle</literal> wrappers will now also - symlink GHC’s and all included libraries’ documentation to - <literal>$out/share/doc</literal> for convenience. If - undesired, the old behavior can be restored by overriding the - builders with - <literal>{ installDocumentation = false; }</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>mastodon</literal> now supports connection to a - remote <literal>PostgreSQL</literal> database. - </para> - </listitem> - <listitem> - <para> - <literal>services.peertube</literal> now requires you to - specify the secret file - <literal>secrets.secretsFile</literal>. It can be generated by - running <literal>openssl rand -hex 32</literal>. Before - upgrading, read the release notes for PeerTube: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <link xlink:href="https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0">Release - v5.0.0</link> - </para> - </listitem> - </itemizedlist> - <para> - And backup your data. - </para> - </listitem> - <listitem> - <para> - <literal>services.chronyd</literal> is now started with - additional systemd sandbox/hardening options for better - security. - </para> - </listitem> - <listitem> - <para> - <literal>services.dhcpcd</literal> service now don’t solicit - or accept IPv6 Router Advertisements on interfaces that use - static IPv6 addresses. - </para> - </listitem> - <listitem> - <para> - The module <literal>services.headscale</literal> was - refactored to be compliant with - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link>. To be precise, this means that the following - things have changed: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Most settings has been migrated under - <link linkend="opt-services.headscale.settings">services.headscale.settings</link> - which is an attribute-set that will be converted into - headscale’s YAML config format. This means that the - configuration from - <link xlink:href="https://github.com/juanfont/headscale/blob/main/config-example.yaml">headscale’s - example configuration</link> can be directly written as - attribute-set in Nix within this option. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <literal>nixos/lib/make-disk-image.nix</literal> can now - mutate EFI variables, run user-provided EFI firmware or - variable templates. This is now extensively documented in the - NixOS manual. - </para> - </listitem> - <listitem> - <para> - <literal>services.grafana</literal> listens only on localhost - by default again. This was changed to upstreams default of - <literal>0.0.0.0</literal> by accident in the freeform setting - conversion. - </para> - </listitem> - <listitem> - <para> - Grafana Tempo has been updated to version 2.0. See the - <link xlink:href="https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations">upstream - upgrade guide</link> for migration instructions. - </para> - </listitem> - <listitem> - <para> - A new <literal>virtualisation.rosetta</literal> module was - added to allow running <literal>x86_64</literal> binaries - through - <link xlink:href="https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment">Rosetta</link> - inside virtualised NixOS guests on Apple silicon. This feature - works by default with the - <link xlink:href="https://docs.getutm.app/">UTM</link> - virtualisation - <link xlink:href="https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm">package</link>. - </para> - </listitem> - <listitem> - <para> - The new option <literal>users.motdFile</literal> allows - configuring a Message Of The Day that can be updated - dynamically. - </para> - </listitem> - <listitem> - <para> - The <literal>root</literal> package is now built with the - <literal>"-Dgnuinstall=ON"</literal> CMake flag, - making the output conform the <literal>bin</literal> - <literal>lib</literal> <literal>share</literal> layout. In - this layout, <literal>tutorials</literal> is under - <literal>share/doc/ROOT/</literal>; <literal>cmake</literal>, - <literal>font</literal>, <literal>icons</literal>, - <literal>js</literal> and <literal>macro</literal> under - <literal>share/root</literal>; - <literal>Makefile.comp</literal> and - <literal>Makefile.config</literal> under - <literal>etc/root</literal>. - </para> - </listitem> - <listitem> - <para> - Enabling global redirect in - <literal>services.nginx.virtualHosts</literal> now allows one - to add exceptions with the <literal>locations</literal> - option. - </para> - </listitem> - <listitem> - <para> - A new option <literal>recommendedBrotliSettings</literal> has - been added to <literal>services.nginx</literal>. Learn more - about compression in Brotli format - <link xlink:href="https://github.com/google/ngx_brotli/blob/master/README.md">here</link>. - </para> - </listitem> - <listitem> - <para> - Updated recommended settings in - <literal>services.nginx.recommendedGzipSettings</literal>: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Enables gzip compression for only certain proxied - requests. - </para> - </listitem> - <listitem> - <para> - Allow checking and loading of precompressed files. - </para> - </listitem> - <listitem> - <para> - Updated gzip mime-types. - </para> - </listitem> - <listitem> - <para> - Increased the minimum length of a response that will be - gzipped. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <link xlink:href="https://garagehq.deuxfleurs.fr/">Garage</link> - version is based on - <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>, - existing installations will keep using version 0.7. New - installations will use version 0.8. In order to upgrade a - Garage cluster, please follow - <link xlink:href="https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/">upstream - instructions</link> and force - <link xlink:href="options.html#opt-services.garage.package">services.garage.package</link> - or upgrade accordingly - <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>. - </para> - </listitem> - <listitem> - <para> - Nebula now supports the - <literal>services.nebula.networks.<name>.isRelay</literal> - and - <literal>services.nebula.networks.<name>.relays</literal> - configuration options for setting up or allowing traffic - relaying. See the - <link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link> - for more details about relays. - </para> - </listitem> - <listitem> - <para> - <literal>hip</literal> has been separated into - <literal>hip</literal>, <literal>hip-common</literal> and - <literal>hipcc</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>services.nginx.recommendedProxySettings</literal> now - removes the <literal>Connection</literal> header preventing - clients from closing backend connections. - </para> - </listitem> - <listitem> - <para> - Resilio sync secret keys can now be provided using a secrets - file at runtime, preventing these secrets from ending up in - the Nix store. - </para> - </listitem> - <listitem> - <para> - The <literal>firewall</literal> and <literal>nat</literal> - module now has a nftables based implementation. Enable - <literal>networking.nftables</literal> to use it. - </para> - </listitem> - <listitem> - <para> - The <literal>services.fwupd</literal> module now allows - arbitrary daemon settings to be configured in a structured - manner - (<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>). - </para> - </listitem> - <listitem> - <para> - <literal>services.xserver.desktopManager.plasma5.phononBackend</literal> - now defaults to vlc according to - <link xlink:href="https://community.kde.org/Distributions/Packaging_Recommendations#Non-Plasma_packages">upstrean - recommendation</link> - </para> - </listitem> - <listitem> - <para> - The <literal>zramSwap</literal> is now implemented with - <literal>zram-generator</literal>, and the option - <literal>zramSwap.numDevices</literal> for using ZRAM devices - as general purpose ephemeral block devices has been removed. - </para> - </listitem> - <listitem> - <para> - As Singularity has renamed to - <link xlink:href="https://apptainer.org/news/community-announcement-20211130">Apptainer</link> - to distinguish from - <link xlink:href="https://sylabs.io/2021/05/singularity-community-edition">an - un-renamed fork by Sylabs Inc.</link>, there are now two - packages of Singularity/Apptainer: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <literal>apptainer</literal>: From - <literal>github.com/apptainer/apptainer</literal>, which - is the new repo after renaming. - </para> - </listitem> - <listitem> - <para> - <literal>singularity</literal>: From - <literal>github.com/sylabs/singularity</literal>, which is - the fork by Sylabs Inc.. - </para> - </listitem> - </itemizedlist> - <para> - <literal>programs.singularity</literal> got a new - <literal>package</literal> option to specify which package to - use. - </para> - <para> - <literal>singularity-tools.buildImage</literal> got a new - input argument <literal>singularity</literal> to specify which - package to use. - </para> - </listitem> - <listitem> - <para> - The new option - <literal>programs.singularity.enableFakeroot</literal>, if set - to <literal>true</literal>, provides - <literal>--fakeroot</literal> support for - <literal>apptainer</literal> and - <literal>singularity</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>unifi-poller</literal> package and corresponding - NixOS module have been renamed to <literal>unpoller</literal> - to match upstream. - </para> - </listitem> - <listitem> - <para> - The new option - <literal>services.tailscale.useRoutingFeatures</literal> - controls various settings for using Tailscale features like - exit nodes and subnet routers. If you wish to use your machine - as an exit node, you can set this setting to - <literal>server</literal>, otherwise if you wish to use an - exit node you can set this setting to - <literal>client</literal>. The strict RPF warning has been - removed as the RPF will be loosened automatically based on the - value of this setting. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://xastir.org/index.php/Main_Page">Xastir</link> - can now access AX.25 interfaces via the - <literal>libax25</literal> package. - </para> - </listitem> - <listitem> - <para> - <literal>tvbrowser-bin</literal> was removed, and now - <literal>tvbrowser</literal> is built from source. - </para> - </listitem> - <listitem> - <para> - <literal>nixos-version</literal> now accepts - <literal>--configuration-revision</literal> to display more - information about the current generation revision - </para> - </listitem> - <listitem> - <para> - The option - <literal>services.nomad.extraSettingsPlugins</literal> has - been fixed to allow more than one plugin in the path. - </para> - </listitem> - <listitem> - <para> - The option - <literal>services.prometheus.exporters.pihole.interval</literal> - does not exist anymore and has been removed. - </para> - </listitem> - </itemizedlist> - </section> -</section> |