diff options
author | Robert Hensing <roberth@users.noreply.github.com> | 2022-06-03 14:22:13 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-03 14:22:13 +0200 |
commit | 793180cf557e9f5368466f62d6c54a8887895d3e (patch) | |
tree | 4316f53c3cceccb15e24358406f7b299cbb6cb77 /nixos/doc | |
parent | 2a750c302669a59a13d8a2a6fa038cbc6e6cb134 (diff) | |
parent | b92013d842d28cd3d53cdf168e4dd1042cdac4e7 (diff) |
Merge branch 'master' into 172325-nixostest-override-python-pkgs-additional-param
Diffstat (limited to 'nixos/doc')
10 files changed, 640 insertions, 356 deletions
diff --git a/nixos/doc/manual/development/option-types.section.md b/nixos/doc/manual/development/option-types.section.md index 00f1d85bdb615..d32d4fc50ad79 100644 --- a/nixos/doc/manual/development/option-types.section.md +++ b/nixos/doc/manual/development/option-types.section.md @@ -308,6 +308,10 @@ The option set can be defined directly ([Example: Directly defined submodule](#ex-submodule-direct)) or as reference ([Example: Submodule defined as a reference](#ex-submodule-reference)). +Note that even if your submodule’s options all have a default value, +you will still need to provide a default value (e.g. an empty attribute set) +if you want to allow users to leave it undefined. + ::: {#ex-submodule-direct .example} ::: {.title} **Example: Directly defined submodule** diff --git a/nixos/doc/manual/development/writing-nixos-tests.section.md b/nixos/doc/manual/development/writing-nixos-tests.section.md index fff8873e61d0d..f4f4056ad9889 100644 --- a/nixos/doc/manual/development/writing-nixos-tests.section.md +++ b/nixos/doc/manual/development/writing-nixos-tests.section.md @@ -332,6 +332,19 @@ repository): ''; ``` +Similarly, the type checking of test scripts can be disabled in the following +way: + +```nix +import ./make-test-python.nix { + skipTypeCheck = true; + nodes.machine = + { config, pkgs, ... }: + { configuration… + }; +} +``` + ## Failing tests early {#ssec-failing-tests-early} To fail tests early when certain invariables are no longer met (instead of waiting for the build to time out), the decorator `polling_condition` is provided. For example, if we are testing a program `foo` that should not quit after being started, we might write the following: diff --git a/nixos/doc/manual/from_md/development/option-types.section.xml b/nixos/doc/manual/from_md/development/option-types.section.xml index 4447292927021..c67e183581c2c 100644 --- a/nixos/doc/manual/from_md/development/option-types.section.xml +++ b/nixos/doc/manual/from_md/development/option-types.section.xml @@ -617,6 +617,12 @@ (<link linkend="ex-submodule-reference">Example: Submodule defined as a reference</link>). </para> + <para> + Note that even if your submodule’s options all have a default + value, you will still need to provide a default value (e.g. an + empty attribute set) if you want to allow users to leave it + undefined. + </para> <anchor xml:id="ex-submodule-direct" /> <para> <emphasis role="strong">Example: Directly defined diff --git a/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml b/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml index 36f5f00410fc3..46367bdd345d1 100644 --- a/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml +++ b/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml @@ -590,6 +590,19 @@ import ./make-test-python.nix { # fmt: on ''; </programlisting> + <para> + Similarly, the type checking of test scripts can be disabled in + the following way: + </para> + <programlisting language="bash"> +import ./make-test-python.nix { + skipTypeCheck = true; + nodes.machine = + { config, pkgs, ... }: + { configuration… + }; +} +</programlisting> </section> <section xml:id="ssec-failing-tests-early"> <title>Failing tests early</title> diff --git a/nixos/doc/manual/from_md/installation/upgrading.chapter.xml b/nixos/doc/manual/from_md/installation/upgrading.chapter.xml index e3b77d4c3650b..11fe1d317ccdd 100644 --- a/nixos/doc/manual/from_md/installation/upgrading.chapter.xml +++ b/nixos/doc/manual/from_md/installation/upgrading.chapter.xml @@ -12,7 +12,7 @@ <listitem> <para> <emphasis>Stable channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.11"><literal>nixos-21.11</literal></link>. + <link xlink:href="https://nixos.org/channels/nixos-22.05"><literal>nixos-22.05</literal></link>. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), @@ -33,7 +33,7 @@ <listitem> <para> <emphasis>Small channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.11-small"><literal>nixos-21.11-small</literal></link> + <link xlink:href="https://nixos.org/channels/nixos-22.05-small"><literal>nixos-22.05-small</literal></link> or <link xlink:href="https://nixos.org/channels/nixos-unstable-small"><literal>nixos-unstable-small</literal></link>. These are identical to the stable and unstable channels @@ -60,8 +60,8 @@ <para> When you first install NixOS, you’re automatically subscribed to the NixOS channel that corresponds to your installation source. For - instance, if you installed from a 21.11 ISO, you will be subscribed - to the <literal>nixos-21.11</literal> channel. To see which NixOS + instance, if you installed from a 22.05 ISO, you will be subscribed + to the <literal>nixos-22.05</literal> channel. To see which NixOS channel you’re subscribed to, run the following as root: </para> <programlisting> @@ -76,17 +76,17 @@ nixos https://nixos.org/channels/nixos-unstable </programlisting> <para> (Be sure to include the <literal>nixos</literal> parameter at the - end.) For instance, to use the NixOS 21.11 stable channel: + end.) For instance, to use the NixOS 22.05 stable channel: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos </programlisting> <para> If you have a server, you may want to use the <quote>small</quote> channel instead: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos </programlisting> <para> And if you want to live on the bleeding edge: @@ -146,7 +146,7 @@ system.autoUpgrade.allowReboot = true; also specify a channel explicitly, e.g. </para> <programlisting language="bash"> -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05; </programlisting> </section> </chapter> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index d46d5e0f0345b..5208671e4dab0 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -1,5 +1,5 @@ <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05"> - <title>Release 22.05 (“Quokka”, 2022.05/??)</title> + <title>Release 22.05 (“Quokka”, 2022.05/30)</title> <itemizedlist spacing="compact"> <listitem> <para> @@ -16,75 +16,30 @@ </para> <itemizedlist> <listitem> - <para> - The <literal>firefox</literal> browser on - <literal>x86_64-linux</literal> is now making use of - profile-guided optimization resulting in a much more - responsive browsing experience. - </para> +<literallayout>Nix has been updated from 2.3 to 2.8. This mainly brings experimental support for Flakes, but also marks the <literal>nix</literal> command as experimental which now has to be enabled via the configuration explicitly. For more information and instructions for upgrades, see the relase notes for <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html">nix-2.4</link>, +<link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html">nix-2.5</link>, <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html">nix-2.6</link>, <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html">nix-2.7</link> and <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.8.html">nix-2.8</link></literallayout> </listitem> <listitem> <para> - <literal>security.acme.defaults</literal> has been added to - simplify configuring settings for many certificates at once. - This also opens up the the option to use DNS-01 validation - when using <literal>enableACME</literal> on web server virtual - hosts (e.g. - <literal>services.nginx.virtualHosts.*.enableACME</literal>). + The <literal>firefox</literal> browser on + <literal>x86_64-linux</literal> now makes use of + profile-guided optimisation, resulting in a much more + responsive browsing experience. </para> </listitem> <listitem> <para> GNOME has been upgraded to 42. Please take a look at their <link xlink:href="https://release.gnome.org/42/">Release - Notes</link> for details. Notably, it replaces gedit with - GNOME Text Editor, GNOME Terminal with GNOME Console (formerly - King’s Cross), and GNOME Screenshot with a tool built into the - Shell. - </para> - </listitem> - <listitem> - <para> - <literal>stdenv.mkDerivation</literal> now supports a - self-referencing <literal>finalAttrs:</literal> parameter - containing the final <literal>mkDerivation</literal> arguments - including overrides. <literal>drv.overrideAttrs</literal> now - supports two parameters - <literal>finalAttrs: previousAttrs:</literal>. This allows - packaging configuration to be overridden in a consistent - manner by providing an alternative to - <literal>rec {}</literal> syntax. - </para> - <para> - Additionally, <literal>passthru</literal> can now reference - <literal>finalAttrs.finalPackage</literal> containing the - final package, including attributes such as the output paths - and <literal>overrideAttrs</literal>. - </para> - <para> - New language integrations can be simplified by overriding a - <quote>prototype</quote> package containing the - language-specific logic. This removes the need for a extra - layer of overriding for the <quote>generic builder</quote> - arguments, thus removing a usability problem and source of - error. + Notes</link> for details. In particular, it replaces gedit + with GNOME Text Editor, GNOME Terminal with GNOME Console + (formerly King’s Cross) and GNOME Screenshot by a tool + integrated into the Shell. </para> </listitem> <listitem> <para> - PHP 8.1 is now available - </para> - </listitem> - <listitem> - <para> - Mattermost has been updated to extended support release 6.3, - as the previously packaged extended support release 5.37 is - <link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching - its end of life</link>. Migrations may take a while, see the - <link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link> - and - <link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important - upgrade notes</link>. + PHP 8.1 is now available. </para> </listitem> <listitem> @@ -102,18 +57,17 @@ </listitem> <listitem> <para> - Pulseaudio has been upgraded to version 15.0 and now - optionally + Pulseaudio has been updated to version 15.0 and now optionally <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters">supports - additional Bluetooth audio codecs</link> like aptX or LDAC, - with codec switching support being available in + additional Bluetooth audio codecs</link> such as aptX or LDAC, + with codec switching available in <literal>pavucontrol</literal>. This feature is disabled by - default but can be enabled by using + default, but can be enabled with the option <literal>hardware.pulseaudio.package = pkgs.pulseaudioFull;</literal>. - Existing 3rd party modules that provided similar - functionality, like <literal>pulseaudio-modules-bt</literal> - or <literal>pulseaudio-hsphfpd</literal> are deprecated and - have been removed. + Existing third-party modules that offered similar functions, + such as <literal>pulseaudio-modules-bt</literal> or + <literal>pulseaudio-hsphfpd</literal>, are obsolete and have + been removed. </para> </listitem> <listitem> @@ -123,38 +77,6 @@ </listitem> <listitem> <para> - The new - <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> - runs a PostgreSQL server for the duration of package checks. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link> - defaults to 1.23.2, which will enable - <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance - Metadata Service Version 2</link> and require tokens on new - clusters with Kubernetes >= 1.22. This will increase - security by default, but may break some types of workloads. - The default behaviour for - <literal>spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS</literal> - has changed from <literal>true</literal> to - <literal>false</literal>. Cilium now has - <literal>disable-cnp-status-updates: true</literal> by - default. Set this to false if you rely on the - CiliumNetworkPolicy status fields. Support for Kubernetes - 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS - 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been - removed. See the - <link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">1.22 - release notes</link> and - <link xlink:href="https://kops.sigs.k8s.io/releases/1.23-notes/">1.23 - release notes</link> for more details, including other - significant changes. - </para> - </listitem> - <listitem> - <para> Module authors can use <literal>mkRenamedOptionModuleWith</literal> to automate the deprecation cycle without annoying out-of-tree module authors @@ -177,6 +99,16 @@ users to easily install and set up NixOS with a GUI. </para> </listitem> + <listitem> + <para> + <literal>security.acme.defaults</literal> has been added to + simplify the configuration of settings for many certificates + at once. This also opens up the option to use DNS-01 + validation when using <literal>enableACME</literal> web server + virtual hosts (e.g. + <literal>services.nginx.virtualHosts.*.enableACME</literal>). + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-new-services"> @@ -184,6 +116,16 @@ <itemizedlist> <listitem> <para> + <link xlink:href="https://1password.com/">1password</link>, + command-lines and graphic interface for 1Password. Available + as + <link linkend="opt-programs._1password.enable">programs._1password</link> + and + <link linkend="opt-programs._1password.enable">programs._1password-gui</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>, the Intel SGX Architectural Enclave Service Manager. Available as @@ -192,98 +134,148 @@ </listitem> <listitem> <para> - <link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless - Docker</link>, a <literal>systemd --user</literal> Docker - service which runs without root permissions. Available as - <link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>. + <link xlink:href="https://github.com/mbrubeck/agate">agate</link>, + a very simple server for the Gemini hypertext protocol. + Available as + <link linkend="opt-services.agate.enable">services.agate</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://conduit.rs/">matrix-conduit</link>, - a simple, fast and reliable chat server powered by matrix. - Available as - <link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>. + <link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>, + a kernel module for mounting the Apple File System (APFS). </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>, - listen to your network traffic. Available as - <link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>. + <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>, + a C# application with primary purpose of idling Steam cards + from multiple accounts simultaneously. Available as + <link linkend="opt-services.archisteamfarm.enable">services.archisteamfarm</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>, - a lightweight shipper for forwarding and centralizing log - data. Available as - <link linkend="opt-services.filebeat.enable">services.filebeat</link>. + <link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>, + a lightweight NuGet and symbol server. Available at + <link linkend="opt-services.baget.enable">services.baget</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>, - a kernel module for mounting the Apple File System (APFS). + <link xlink:href="https://github.com/xddxdd/bird-lg-go">bird-lg</link>, + a BGP looking glass for Bird Routing. Available as + <link linkend="opt-services.bird-lg.package">services.bird-lg</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://frrouting.org/">FRRouting</link>, a - popular suite of Internet routing protocol daemons (BGP, BFD, - OSPF, IS-IS, VRRP and others). Available as - <link linkend="opt-services.frr.babel.enable">services.frr</link> + <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>, + fast and lightweight DNS proxy as ad-blocker for local network + with many features. Available as + <link linkend="opt-services.blocky.enable">services.blocky</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>, - a bouncer-style Matrix IRC bridge. Available as - <link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>. + <link xlink:href="https://github.com/kissgyorgy/cloudflare-dyndns">cloudflare-dyndns</link>, + CloudFlare Dynamic DNS client. Available as + <link linkend="opt-services.cloudflare-dyndns.enable">services.cloudflare-dyndns</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>, - a system to defeat internet censorship. Available as - <link xlink:href="options.html#opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>. + <link xlink:href="https://corosync.github.io/corosync/">Corosync</link> + and + <link xlink:href="https://clusterlabs.org/pacemaker/">Pacemaker</link>, + A open-source high availability resource manager. Available as + <link linkend="opt-services.corosync.enable">services.corosync</link> + and + <link linkend="opt-services.pacemaker.enable">services.pacemaker</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/fleaz/r53-ddns">r53-ddns</link>, - a small tool to run your own DDNS service via AWS Route53. - Available as - <link xlink:href="options.html#opt-services.r53-ddns.enable">services.r53-ddns</link>. + <link xlink:href="https://github.com/lakinduakash/linux-wifi-hotspot">create_ap</link>, + a module for creating wifi hotspots using the program + linux-wifi-hotspot. Available as + <link linkend="opt-services.create_ap.enable">services.create_ap</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.envoyproxy.io/">Envoy</link>, a + high-performance reverse proxy. Available as + <link linkend="opt-services.envoy.enable">services.envoy</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://ergo.chat">ergochat</link>, a modern IRC with IRCv3 features. Available as - <link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>. + <link linkend="opt-services.ergochat.enable">services.ergochat</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://snipeitapp.com">Snipe-IT</link>, a - free open source IT asset/license management system. Available - as - <link xlink:href="options.html#opt-services.snipe-it.enable">services.snipe-it</link>. + <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>, + an online collaborative spreadsheet. Available as + <link linkend="opt-services.ethercalc.enable">services.ethercalc</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>, - a web interface for the PowerDNS server. Available at - <link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>. + <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>, + a lightweight shipper for forwarding and centralizing log + data. Available as + <link linkend="opt-services.filebeat.enable">services.filebeat</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, - an admin interface for the PostgreSQL database. Available at - <link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>. + <link xlink:href="https://frrouting.org/">FRRouting</link>, a + popular suite of Internet routing protocol daemons (BGP, BFD, + OSPF, IS-IS, VRRP and others). Available as + <link linkend="opt-services.frr.babel.enable">services.frr</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://grafana.com/oss/mimir/">Grafana + Mimir</link>, an open source, horizontally scalable, highly + available, multi-tenant, long-term storage for Prometheus. + Available as + <link linkend="opt-services.mimir.enable">services.mimir</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://hastebin.com/about.md">Haste</link>, + a pastebin written in node.js. Available as + <link linkend="opt-services.haste-server.enable">services.haste</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/juanfont/headscale">headscale</link>, + an Open Source implementation of the + <link xlink:href="https://tailscale.io">Tailscale</link> + Control Server. Available as + <link linkend="opt-services.headscale.enable">services.headscale</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>, + a bouncer-style Matrix IRC bridge. Available as + <link linkend="opt-services.heisenbridge.enable">services.heisenbridge</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/aarond10/https_dns_proxy">https-dns-proxy</link>, + DNS to DNS over HTTPS (DoH) proxy. Available as + <link linkend="opt-services.https-dns-proxy.enable">services.https-dns-proxy</link>. </para> </listitem> <listitem> @@ -291,7 +283,7 @@ <link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>, an easy to use tool to change the mapping of your input device buttons. Available at - <link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>. + <link linkend="opt-services.input-remapper.enable">services.input-remapper</link>. </para> </listitem> <listitem> @@ -299,109 +291,133 @@ <link xlink:href="https://invoiceplane.com">InvoicePlane</link>, web application for managing and creating invoices. Available at - <link xlink:href="options.html#opt-services.invoiceplane.enable">services.invoiceplane</link>. + <link linkend="opt-services.invoiceplane.sites._name_.enable">services.invoiceplane</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://maddy.email">maddy</link>, a - composable all-in-one mail server. Available as - <link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>. + <link xlink:href="https://userbase.kde.org/K3b">k3b</link>, + the KDE disk burning application. Available as + <link linkend="opt-programs.k3b.enable">programs.k3b</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>, a program to control cheap Chinese laser cutters. Available as - <link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>. + <link linkend="opt-programs.k40-whisperer.enable">programs.k40-whisperer.enable</link>. Users must add themselves to the <literal>k40</literal> group to be able to access the device. </para> </listitem> <listitem> <para> + <link xlink:href="https://kanidm.github.io/kanidm/stable/">kanidm</link>, + an identity management server written in Rust. Available as + <link linkend="opt-services.kanidm.enableServer">services.kanidm</link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://maddy.email/">Maddy</link>, a free + an open source mail server. Availabe as + <link linkend="opt-services.maddy.enable">services.maddy</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://conduit.rs/">matrix-conduit</link>, + a simple, fast and reliable chat server powered by matrix. + Available as + <link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://moosefs.com">Moosefs</link>, fault + tolerant petabyte distributed file system. Available as + <link linkend="opt-services.moosefs.master.enable">moosefs</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/mozilla-mobile/mozilla-vpn-client">mozillavpn</link>, the client for the <link xlink:href="https://vpn.mozilla.org/">Mozilla VPN</link> service. Available as - <link xlink:href="options.html#opt-services.mozillavpn">services.mozillavpn</link>. + <link linkend="opt-services.mozillavpn.enable">services.mozillavpn</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>, a Prometheus exporter for mtr metrics. Available as - <link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>. + <link linkend="opt-services.mtr-exporter.enable">services.mtr-exporter</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>, - a tool that exposes information from the Proxmox VE API for - use by Prometheus. Available as - <link xlink:href="options.html#opt-services.prometheus.exporters.pve">services.prometheus.exporters.pve</link>. + <link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a + Network Block Device server. Available as + <link linkend="opt-services.nbd.server.enable">services.nbd</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://github.com/netbox-community/netbox">netbox</link>, infrastructure resource modeling (IRM) tool. Available as - <link xlink:href="options.html#opt-services.netbox.enable">services.netbox</link>. + <link linkend="opt-services.netbox.enable">services.netbox</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://tetrd.app">tetrd</link>, share your - internet connection from your device to your PC and vice versa - through a USB cable. Available at - <link linkend="opt-services.tetrd.enable">services.tetrd</link>. + <link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>, + listen to your network traffic. Available as + <link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://upterm.dev">uptermd</link>, an - open-source solution for sharing terminal sessions instantly - over the public internet via secure tunnels. Available at - <link linkend="opt-services.uptermd.enable">services.uptermd</link>. + <link xlink:href="https://nifi.apache.org">nifi</link>, an + easy to use, powerful, and reliable system to process and + distribute data. Available as + <link linkend="opt-services.nifi.enable">services.nifi</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/mbrubeck/agate">agate</link>, - a very simple server for the Gemini hypertext protocol. - Available as - <link xlink:href="options.html#opt-services.agate.enable">services.agate</link>. + <link xlink:href="https://github.com/Mic92/nix-ld">nix-ld</link>, + Run unpatched dynamic binaries on NixOS. Available as + <link linkend="opt-programs.nix-ld.enable">programs.nix-ld</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>, - a C# application with primary purpose of idling Steam cards - from multiple accounts simultaneously. Available as - <link xlink:href="options.html#opt-services.archisteamfarm.enable">services.archisteamfarm</link>. + <link xlink:href="http://www.nncpgo.org">NNCP</link>, NNCP + (Node to Node copy) utilities and configuration, Available as + <link linkend="opt-programs.nncp.enable">programs.nncp</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://goteleport.com">teleport</link>, - allows engineers and security professionals to unify access - for SSH servers, Kubernetes clusters, web applications, and - databases across all environments. Available at - <link linkend="opt-services.teleport.enable">services.teleport</link>. + <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, + an admin interface for the PostgreSQL database. Available at + <link linkend="opt-services.pgadmin.enable">services.pgadmin</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>, - a lightweight NuGet and symbol server. Available at - <link linkend="opt-services.baget.enable">services.baget</link>. + <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>, + a web interface for the PowerDNS server. Available at + <link linkend="opt-services.powerdns-admin.enable">services.powerdns-admin</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://moosefs.com">moosefs</link>, fault - tolerant petabyte distributed file system. Available as - <link linkend="opt-services.moosefs.client.enable">moosefs</link>. + <link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>, + a tool that exposes information from the Proxmox VE API for + use by Prometheus. Available as + <link linkend="opt-services.prometheus.exporters.pve.enable">services.prometheus.exporters.pve</link>. </para> </listitem> <listitem> @@ -413,94 +429,145 @@ </listitem> <listitem> <para> - <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>, - allow system level notifications to reach the users. Available + <link xlink:href="https://public-inbox.org">Public + Inbox</link>, an <quote>archives first</quote> approach to + mailing lists. Available as + <link linkend="opt-services.public-inbox.enable">services.public-inbox</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/fleaz/r53-ddns">r53-ddns</link>, + a small tool to run your own DDNS service via AWS Route53. + Available as + <link linkend="opt-services.r53-ddns.enable">services.r53-ddns</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://ddvk.github.io/rmfakecloud/">rmfakecloud</link>, + a clone of the cloud sync the remarkable tablet. Available as + <link linkend="opt-services.rmfakecloud.enable">services.rmfakecloud</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless + Docker</link>, a <literal>systemd --user</literal> Docker + service which runs without root permissions. Available as + <link linkend="opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>, + a browser-based version of the RStudio IDE for the R + programming language. Available as + <link linkend="opt-services.rstudio-server.enable">services.rstudio-server</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/aler9/rtsp-simple-server">rtsp-simple-server</link>, + ready-to-use RTSP / RTMP / HLS server and proxy that allows to + read, publish and proxy video and audio streams. Available as + <link linkend="opt-services.rtsp-simple-server.enable">services.rtsp-simple-server</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://snipeitapp.com">Snipe-IT</link>, a + free open source IT asset/license management system. Available as - <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>. - Please keep in mind that this service should only be enabled - on machines with fully trusted users, as any local user is - able to DoS user sessions by spamming notifications. + <link linkend="opt-services.snipe-it.enable">services.snipe-it</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>, - an online collaborative spreadsheet. Available as - <link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>. + <link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>, + a system to defeat internet censorship. Available as + <link linkend="opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a - Network Block Device server. Available as - <link xlink:href="options.html#opt-services.nbd.server.enable">services.nbd</link>. + <link xlink:href="https://sslmate.com/">sslmate-agent</link>, + a daemon for managing SSL/TLS certificates on a server. + Available as + <link xlink:href="services.sslmate-agent.enable">services.sslmate-agent</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/Mic92/nix-ld">nix-ld</link>, - Run unpatched dynamic binaries on NixOS. Available as - <link xlink:href="options.html#opt-programs.nix-ld.enable">programs.nix-ld</link>. + <link xlink:href="https://starship.rs">starship</link>, a + minimal, blazing-fast, and infinitely customizable prompt for + any shell. Available at + <link linkend="opt-programs.starship.enable">programs.startship</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://timetagger.app">timetagger</link>, - an open source time-tracker with an intuitive user experience - and powerful reporting. - <link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>. + <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>, + allow system level notifications to reach the users. Available + as + <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>. + Please keep in mind that this service should only be enabled + on machines with fully trusted users, as any local user is + able to DoS user sessions by spamming notifications. </para> </listitem> <listitem> <para> - <link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>, - a browser-based version of the RStudio IDE for the R - programming language. Available as - <link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>. + <link xlink:href="https://goteleport.com">teleport</link>, + allows engineers and security professionals to unify access + for SSH servers, Kubernetes clusters, web applications, and + databases across all environments. Available at + <link linkend="opt-services.teleport.enable">services.teleport</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/juanfont/headscale">headscale</link>, - an Open Source implementation of the - <link xlink:href="https://tailscale.io">Tailscale</link> - Control Server. Available as - <link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link> + <link xlink:href="https://tetrd.app">tetrd</link>, share your + internet connection from your device to your PC and vice versa + through a USB cable. Available at + <link linkend="opt-services.tetrd.enable">services.tetrd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/lakinduakash/linux-wifi-hotspot">create_ap</link>, - a module for creating wifi hotspots using the program - linux-wifi-hotspot. Available as - <link xlink:href="options.html#opt-services.create_ap.enable">services.create_ap</link>. + <link xlink:href="https://upterm.dev">uptermd</link>, an + open-source solution for sharing terminal sessions instantly + over the public internet via secure tunnels. Available at + <link linkend="opt-services.uptermd.enable">services.uptermd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>, - fast and lightweight DNS proxy as ad-blocker for local network - with many features. + <link xlink:href="https://github.com/darrylb123/usbrelay">usbrelayd</link>, + an USB Relay MQTT daemon. Available as + <link linkend="opt-services.usbrelayd.enable">services.usbrelayd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://clusterlabs.org/pacemaker/">pacemaker</link> - cluster resource manager + <link xlink:href="https://github.com/miquels/webdav-server-rs">webdav-server-rs</link>, + Webdav server in rust. Available as + <link linkend="opt-services.webdav-server-rs.enable">services.webdav-server-rs</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://nifi.apache.org">nifi</link>, an - easy to use, powerful, and reliable system to process and - distribute data. Available as - <link xlink:href="options.html#opt-services.nifi.enable">services.nifi</link>. + <link xlink:href="https://github.com/gin66/wg_netmanager">wg-netmanager</link>, + the Wireguard network manager. Available as + <link linkend="opt-services.wg-netmanager.enable">services.wg-netmanager</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://kanidm.github.io/kanidm/stable/">kanidm</link>, - an identity management server written in Rust. + <link xlink:href="https://zammad.org/">Zammad</link>, a + web-based, open source user support/ticketing solution. + Available as + <link linkend="opt-services.zammad.enable">services.zammad</link>. </para> </listitem> </itemizedlist> @@ -548,7 +615,7 @@ version of the <literal>xmonad</literal> module, which will break your configuration if you use <literal>launch</literal> as entrypoint. The example code the corresponding nixos module - was adjusted, you way want to have a look at it. + was adjusted, you may want to have a look at it. </para> </listitem> <listitem> @@ -727,6 +794,13 @@ <literal>services.openldap.settings</literal>, which represents your <literal>cn=config</literal>. </para> + <para> + Additionally with 2.5 the argon2 module was included in the + standard distrubtion and renamed from + <literal>pw-argon2</literal> to <literal>argon2</literal>. + Remember to update your <literal>olcModuleLoad</literal> entry + in <literal>cn=config</literal>. + </para> </listitem> <listitem> <para> @@ -932,7 +1006,7 @@ }; extraConfigFiles = [ - /run/keys/matrix-synapse/secrets.yaml + "/run/keys/matrix-synapse/secrets.yaml" ]; }; } @@ -940,7 +1014,9 @@ <para> The secrets in your original config should be migrated into a YAML file that is included via - <literal>extraConfigFiles</literal>. + <literal>extraConfigFiles</literal>. The filename must be + quoted to prevent nix from copying it to the (world readable) + store. </para> <para> Additionally a few option defaults have been synced up with @@ -1913,6 +1989,43 @@ </listitem> <listitem> <para> + <link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link> + defaults to 1.23.2, which will enable + <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance + Metadata Service Version 2</link> and require tokens on new + clusters with Kubernetes >= 1.22. This will increase + security by default, but may break some types of workloads. + The default behaviour for + <literal>spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS</literal> + has changed from <literal>true</literal> to + <literal>false</literal>. Cilium now has + <literal>disable-cnp-status-updates: true</literal> by + default. Set this to false if you rely on the + CiliumNetworkPolicy status fields. Support for Kubernetes + 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS + 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been + removed. See the + <link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">1.22 + release notes</link> and + <link xlink:href="https://kops.sigs.k8s.io/releases/1.23-notes/">1.23 + release notes</link> for more details, including other + significant changes. + </para> + </listitem> + <listitem> + <para> + Mattermost has been upgraded to extended support version 6.3 + as the previously packaged extended support version 5.37 is + <link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching + end of life</link>. Migration may take some time, see the + <link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link> + and + <link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important + upgrade notes</link>. + </para> + </listitem> + <listitem> + <para> The <literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal> and corresponding @@ -1989,6 +2102,28 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" </listitem> <listitem> <para> + Peertube now uses services.redis.servers to start a new redis + server, instead of using a global redis server. This improves + compatibility with other services that use redis. + </para> + <para> + Redis database is used for storage only cache and job queue. + More information can be found here - + <link xlink:href="https://docs.joinpeertube.org/contribute-architecture">Peertube + architecture</link>. + </para> + <para> + If you do want to save the redis database, you can use the + following commands before upgrade OS: + </para> + <programlisting language="bash"> +redis-cli save +sudo mkdir /var/lib/redis-peertube +sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb +</programlisting> + </listitem> + <listitem> + <para> If you are using Wayland you can choose to use the Ozone Wayland support in Chrome and several Electron apps by setting the environment variable <literal>NIXOS_OZONE_WL=1</literal> @@ -2160,13 +2295,6 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" </listitem> <listitem> <para> - A new module was added for the Envoy reverse proxy, providing - the options <literal>services.envoy.enable</literal> and - <literal>services.envoy.settings</literal>. - </para> - </listitem> - <listitem> - <para> The option <literal>services.duplicati.dataDir</literal> has been added to allow changing the location of duplicati’s files. @@ -2362,15 +2490,6 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" </listitem> <listitem> <para> - A new module was added for the - <link xlink:href="https://starship.rs/">Starship</link> shell - prompt, providing the options - <literal>programs.starship.enable</literal> and - <literal>programs.starship.settings</literal>. - </para> - </listitem> - <listitem> - <para> The <link xlink:href="https://dino.im">Dino</link> XMPP client was updated to 0.3, adding support for audio and video calls. </para> @@ -2577,6 +2696,14 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" </listitem> <listitem> <para> + The default <literal>scribus</literal> version is now 1.5, + while version 1.4 is still available as + <literal>scribus_1_4</literal> + (<link xlink:href="https://github.com/NixOS/nixpkgs/pull/172700">#172700</link>). + </para> + </listitem> + <listitem> + <para> The Nextcloud module now supports to create a Mysql database automatically with <literal>services.nextcloud.database.createLocally</literal> @@ -2620,12 +2747,6 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" </listitem> <listitem> <para> - The <literal>programs.nncp</literal> options were added for - generating host-global NNCP configuration. - </para> - </listitem> - <listitem> - <para> The option <literal>services.snapserver.openFirewall</literal> will no longer default to <literal>true</literal> starting with NixOS 22.11. Enable it explicitly if you need to control @@ -2648,6 +2769,40 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" case of scripted networking, no behavior was changed. </para> </listitem> + <listitem> + <para> + The new + <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> + runs a PostgreSQL server for the duration of package checks. + </para> + </listitem> + <listitem> + <para> + <literal>stdenv.mkDerivation</literal> now supports a + self-referencing <literal>finalAttrs:</literal> parameter + containing the final <literal>mkDerivation</literal> arguments + including overrides. <literal>drv.overrideAttrs</literal> now + supports two parameters + <literal>finalAttrs: previousAttrs:</literal>. This allows + packaging configuration to be overridden in a consistent + manner by providing an alternative to + <literal>rec {}</literal> syntax. + </para> + <para> + Additionally, <literal>passthru</literal> can now reference + <literal>finalAttrs.finalPackage</literal> containing the + final package, including attributes such as the output paths + and <literal>overrideAttrs</literal>. + </para> + <para> + New language integrations can be simplified by overriding a + <quote>prototype</quote> package containing the + language-specific logic. This removes the need for a extra + layer of overriding for the <quote>generic builder</quote> + arguments, thus removing a usability problem and source of + error. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 79268b398e60f..b0a84de57e0b2 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -43,15 +43,16 @@ <itemizedlist spacing="compact"> <listitem> <para> - Please remove this line when you add the first item since - docbook requires the section to be non-empty + <link xlink:href="https://github.com/jollheef/appvm">appvm</link>, + Nix based app VMs. Available as + <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>. </para> </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.11-incompatibilities"> <title>Backward Incompatibilities</title> - <itemizedlist spacing="compact"> + <itemizedlist> <listitem> <para> The <literal>isCompatible</literal> predicate checking CPU @@ -69,6 +70,21 @@ compatible</emphasis>. </para> </listitem> + <listitem> + <para> + The <literal>isPowerPC</literal> predicate, found on + <literal>platform</literal> attrsets + (<literal>hostPlatform</literal>, + <literal>buildPlatform</literal>, + <literal>targetPlatform</literal>, etc) has been removed in + order to reduce confusion. The predicate was was defined such + that it matches only the 32-bit big-endian members of the + POWER/PowerPC family, despite having a name which would imply + a broader set of systems. If you were using this predicate, + you can replace <literal>foo.isPowerPC</literal> with + <literal>(with foo; isPower && is32bit && isBigEndian)</literal>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.11-notable-changes"> @@ -76,8 +92,21 @@ <itemizedlist spacing="compact"> <listitem> <para> - Please remove this line when you add the first item since - docbook requires the section to be non-empty + A new module was added for the Saleae Logic device family, + providing the options + <literal>hardware.saleae-logic.enable</literal> and + <literal>hardware.saleae-logic.package</literal>. + </para> + </listitem> + <listitem> + <para> + Matrix Synapse now requires entries in the + <literal>state_group_edges</literal> table to be unique, in + order to prevent accidentally introducing duplicate + information (for example, because a database backup was + restored multiple times). If your Synapse database already has + duplicate rows in this table, this could fail with an error + and require manual remediation. </para> </listitem> </itemizedlist> diff --git a/nixos/doc/manual/installation/upgrading.chapter.md b/nixos/doc/manual/installation/upgrading.chapter.md index faeefc4451dc9..2644979bc9db2 100644 --- a/nixos/doc/manual/installation/upgrading.chapter.md +++ b/nixos/doc/manual/installation/upgrading.chapter.md @@ -6,7 +6,7 @@ expressions and associated binaries. The NixOS channels are updated automatically from NixOS's Git repository after certain tests have passed and all packages have been built. These channels are: -- *Stable channels*, such as [`nixos-21.11`](https://nixos.org/channels/nixos-21.11). +- *Stable channels*, such as [`nixos-22.05`](https://nixos.org/channels/nixos-22.05). These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not @@ -19,7 +19,7 @@ passed and all packages have been built. These channels are: radical changes between channel updates. It's not recommended for production systems. -- *Small channels*, such as [`nixos-21.11-small`](https://nixos.org/channels/nixos-21.11-small) +- *Small channels*, such as [`nixos-22.05-small`](https://nixos.org/channels/nixos-22.05-small) or [`nixos-unstable-small`](https://nixos.org/channels/nixos-unstable-small). These are identical to the stable and unstable channels described above, except that they contain fewer binary packages. This means they get updated @@ -38,8 +38,8 @@ newest supported stable release. When you first install NixOS, you're automatically subscribed to the NixOS channel that corresponds to your installation source. For -instance, if you installed from a 21.11 ISO, you will be subscribed to -the `nixos-21.11` channel. To see which NixOS channel you're subscribed +instance, if you installed from a 22.05 ISO, you will be subscribed to +the `nixos-22.05` channel. To see which NixOS channel you're subscribed to, run the following as root: ```ShellSession @@ -54,16 +54,16 @@ To switch to a different NixOS channel, do ``` (Be sure to include the `nixos` parameter at the end.) For instance, to -use the NixOS 21.11 stable channel: +use the NixOS 22.05 stable channel: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos ``` If you have a server, you may want to use the "small" channel instead: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos ``` And if you want to live on the bleeding edge: @@ -114,5 +114,5 @@ the new generation contains a different kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. ```nix -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05; ``` diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index edb3758dd2f12..faf941f569966 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -1,4 +1,4 @@ -# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05} +# Release 22.05 (“Quokka”, 2022.05/30) {#sec-release-22.05} - Support is planned until the end of December 2022, handing over to 22.11. @@ -6,144 +6,170 @@ In addition to numerous new and upgraded packages, this release has the following highlights: -- The `firefox` browser on `x86_64-linux` is now making use of - profile-guided optimization resulting in a much more responsive - browsing experience. +- Nix has been updated from 2.3 to 2.8. This mainly brings experimental support + for Flakes, but also marks the `nix` command as experimental which now has to + be enabled via the configuration explicitly. For more information and + instructions for upgrades, see the + relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), + [nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html), + [nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html), + [nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and + [nix-2.8](https://nixos.org/manual/nix/stable/release-notes/rl-2.8.html) -- `security.acme.defaults` has been added to simplify configuring - settings for many certificates at once. This also opens up the - the option to use DNS-01 validation when using `enableACME` on - web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`). +- The `firefox` browser on `x86_64-linux` now makes use of profile-guided + optimisation, resulting in a much more responsive browsing experience. -- GNOME has been upgraded to 42. Please take a look at their [Release Notes](https://release.gnome.org/42/) for details. Notably, it replaces gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly King’s Cross), and GNOME Screenshot with a tool built into the Shell. +- GNOME has been upgraded to 42. Please take a look at their [Release + Notes](https://release.gnome.org/42/) for details. In particular, it replaces + gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly + King's Cross) and GNOME Screenshot by a tool integrated into the Shell. -- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter - containing the final `mkDerivation` arguments including overrides. - `drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`. - This allows packaging configuration to be overridden in a consistent manner by - providing an alternative to `rec {}` syntax. - - Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing - the final package, including attributes such as the output paths and - `overrideAttrs`. - - New language integrations can be simplified by overriding a "prototype" - package containing the language-specific logic. This removes the need for a - extra layer of overriding for the "generic builder" arguments, thus removing a - usability problem and source of error. - -- PHP 8.1 is now available - -- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html). - Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release) - and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html). +- PHP 8.1 is now available. - systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts. - Systemd has been upgraded to the version 250. -- Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. - Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed. +- Pulseaudio has been updated to version 15.0 and now optionally + [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) + such as aptX or LDAC, with codec switching available in `pavucontrol`. This + feature is disabled by default, but can be enabled with the option + `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. Existing third-party + modules that offered similar functions, such as `pulseaudio-modules-bt` or + `pulseaudio-hsphfpd`, are obsolete and have been removed. - PostgreSQL now defaults to major version 14. -- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. - -- [`kops`](https://kops.sigs.k8s.io) defaults to 1.23.2, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes >= 1.22. This will increase security by default, but may break some types of workloads. The default behaviour for `spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS` has changed from `true` to `false`. Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields. Support for Kubernetes 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been removed. See the [1.22 release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) and [1.23 release notes](https://kops.sigs.k8s.io/releases/1.23-notes/) for more details, including other significant changes. - - Module authors can use `mkRenamedOptionModuleWith` to automate the deprecation cycle without annoying out-of-tree module authors and their users. - The default GHC version has been updated from 8.10.7 to 9.0.2. `pkgs.haskellPackages` and `pkgs.ghc` will now use this version by default. - The GNOME and Plasma installation CDs now use `pkgs.calamares` and `pkgs.calamares-nixos-extensions` to allow users to easily install and set up NixOS with a GUI. +- `security.acme.defaults` has been added to simplify the configuration of + settings for many certificates at once. This also opens up the option to use + DNS-01 validation when using `enableACME` web server virtual hosts (e.g. + `services.nginx.virtualHosts.*.enableACME`). + ## New Services {#sec-release-22.05-new-services} +- [1password](https://1password.com/), command-lines and graphic interface for 1Password. Available as [programs._1password](#opt-programs._1password.enable) and [programs._1password-gui](#opt-programs._1password.enable). + - [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable). -- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable). +- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](#opt-services.agate.enable). -- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable). +- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS). -- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable). +- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](#opt-services.archisteamfarm.enable). + +- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable). + +- [bird-lg](https://github.com/xddxdd/bird-lg-go), a BGP looking glass for Bird Routing. Available as [services.bird-lg](#opt-services.bird-lg.package). + +- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. Available as [services.blocky](#opt-services.blocky.enable). + +- [cloudflare-dyndns](https://github.com/kissgyorgy/cloudflare-dyndns), CloudFlare Dynamic DNS client. Available as [services.cloudflare-dyndns](#opt-services.cloudflare-dyndns.enable). + +- [Corosync](https://corosync.github.io/corosync/) and [Pacemaker](https://clusterlabs.org/pacemaker/), A open-source high availability resource manager. Available as [services.corosync](#opt-services.corosync.enable) and [services.pacemaker](#opt-services.pacemaker.enable). + +- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](#opt-services.create_ap.enable). + +- [Envoy](https://www.envoyproxy.io/), a high-performance reverse proxy. Available as [services.envoy](#opt-services.envoy.enable). + +- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](#opt-services.ergochat.enable). + +- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative spreadsheet. Available as [services.ethercalc](#opt-services.ethercalc.enable). - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable). -- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS). +- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable). -- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable) +- [Grafana Mimir](https://grafana.com/oss/mimir/), an open source, horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus. Available as [services.mimir](#opt-services.mimir.enable). -- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable). +- [Haste](https://hastebin.com/about.md), a pastebin written in node.js. Available as [services.haste](#opt-services.haste-server.enable). -- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](options.html#opt-services.snowflake-proxy.enable). +- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](#opt-services.headscale.enable). -- [r53-ddns](https://github.com/fleaz/r53-ddns), a small tool to run your own DDNS service via AWS Route53. Available as [services.r53-ddns](options.html#opt-services.r53-ddns.enable). +- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](#opt-services.heisenbridge.enable). -- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable). +- [https-dns-proxy](https://github.com/aarond10/https_dns_proxy), DNS to DNS over HTTPS (DoH) proxy. Available as [services.https-dns-proxy](#opt-services.https-dns-proxy.enable). -- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](options.html#opt-services.snipe-it.enable). +- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](#opt-services.input-remapper.enable). -- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). +- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](#opt-services.invoiceplane.sites._name_.enable). -- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](options.html#opt-services.pgadmin.enable). +- [k3b](https://userbase.kde.org/K3b), the KDE disk burning application. Available as [programs.k3b](#opt-programs.k3b.enable). -- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable). +- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](#opt-programs.k40-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device. -- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable). +- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer) -- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). +- [Maddy](https://maddy.email/), a free an open source mail server. Availabe as [services.maddy](#opt-services.maddy.enable). -- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](options.html#opt-programs.k4-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device. +- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable). -- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](options.html#opt-services.mozillavpn). +- [Moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. Available as [moosefs](#opt-services.moosefs.master.enable). -- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](options.html#opt-services.mtr-exporter.enable). +- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](#opt-services.mozillavpn.enable). -- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](options.html#opt-services.prometheus.exporters.pve). +- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](#opt-services.mtr-exporter.enable). -- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](options.html#opt-services.netbox.enable). +- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](#opt-services.nbd.server.enable). -- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). +- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](#opt-services.netbox.enable). -- [uptermd](https://upterm.dev), an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Available at [services.uptermd](#opt-services.uptermd.enable). +- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable). -- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable). +- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](#opt-services.nifi.enable). -- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable). +- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](#opt-programs.nix-ld.enable). -- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable). +- [NNCP](http://www.nncpgo.org), NNCP (Node to Node copy) utilities and configuration, Available as [programs.nncp](#opt-programs.nncp.enable). -- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable). +- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](#opt-services.pgadmin.enable). -- [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. - Available as [moosefs](#opt-services.moosefs.client.enable). +- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](#opt-services.powerdns-admin.enable). + +- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](#opt-services.prometheus.exporters.pve.enable). - [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable). -- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications. +- [Public Inbox](https://public-inbox.org), an "archives first" approach to mailing lists. Available as [services.public-inbox](#opt-services.public-inbox.enable). + +- [r53-ddns](https://github.com/fleaz/r53-ddns), a small tool to run your own DDNS service via AWS Route53. Available as [services.r53-ddns](#opt-services.r53-ddns.enable). + +- [rmfakecloud](https://ddvk.github.io/rmfakecloud/), a clone of the cloud sync the remarkable tablet. Available as [services.rmfakecloud](#opt-services.rmfakecloud.enable). + +- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](#opt-virtualisation.docker.rootless.enable). + +- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable). -- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative - spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable). +- [rtsp-simple-server](https://github.com/aler9/rtsp-simple-server), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.rtsp-simple-server](#opt-services.rtsp-simple-server.enable). -- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](options.html#opt-services.nbd.server.enable). +- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable). -- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](options.html#opt-programs.nix-ld.enable). +- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](#opt-services.snowflake-proxy.enable). -- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable). +- [sslmate-agent](https://sslmate.com/), a daemon for managing SSL/TLS certificates on a server. Available as [services.sslmate-agent](services.sslmate-agent.enable). -- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable). +- [starship](https://starship.rs), a minimal, blazing-fast, and infinitely customizable prompt for any shell. Available at [programs.startship](#opt-programs.starship.enable). -- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable) +- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications. + +- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable). + +- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). -- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](options.html#opt-services.create_ap.enable). +- [uptermd](https://upterm.dev), an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Available at [services.uptermd](#opt-services.uptermd.enable). -- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. +- [usbrelayd](https://github.com/darrylb123/usbrelay), an USB Relay MQTT daemon. Available as [services.usbrelayd](#opt-services.usbrelayd.enable). -- [pacemaker](https://clusterlabs.org/pacemaker/) cluster resource manager +- [webdav-server-rs](https://github.com/miquels/webdav-server-rs), Webdav server in rust. Available as [services.webdav-server-rs](#opt-services.webdav-server-rs.enable). -- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable). +- [wg-netmanager](https://github.com/gin66/wg_netmanager), the Wireguard network manager. Available as [services.wg-netmanager](#opt-services.wg-netmanager.enable). -- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. +- [Zammad](https://zammad.org/), a web-based, open source user support/ticketing solution. Available as [services.zammad](#opt-services.zammad.enable). <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -169,7 +195,7 @@ In addition to numerous new and upgraded packages, this release has the followin - The update of the haskell package set brings with it a new version of the `xmonad` module, which will break your configuration if you use `launch` as entrypoint. The - example code the corresponding nixos module was adjusted, you way want to have a look at it. + example code the corresponding nixos module was adjusted, you may want to have a look at it. - The `home-assistant` module now requires users that don't want their configuration to be managed declaratively to set @@ -250,6 +276,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. + Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. + - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. @@ -368,13 +396,13 @@ In addition to numerous new and upgraded packages, this release has the followin }; extraConfigFiles = [ - /run/keys/matrix-synapse/secrets.yaml + "/run/keys/matrix-synapse/secrets.yaml" ]; }; } ``` - The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. + The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. The filename must be quoted to prevent nix from copying it to the (world readable) store. Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`. For the same reason, the default `media_store_path` was changed from `${dataDir}/media` to `${dataDir}/media_store` if `system.stateVersion` is at least `22.05`. Files will need to be manually moved to the new @@ -705,6 +733,13 @@ In addition to numerous new and upgraded packages, this release has the followin - The configuration portion of the `nix-daemon` module has been reworked and exposed as [nix.settings](options.html#opt-nix-settings): * Legacy options have been mapped to the corresponding options under under [nix.settings](options.html#opt-nix.settings) and will be deprecated when NixOS 21.11 reaches end of life. * [nix.buildMachines.publicHostKey](options.html#opt-nix.buildMachines.publicHostKey) has been added. + +- [`kops`](https://kops.sigs.k8s.io) defaults to 1.23.2, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes >= 1.22. This will increase security by default, but may break some types of workloads. The default behaviour for `spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS` has changed from `true` to `false`. Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields. Support for Kubernetes 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been removed. See the [1.22 release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) and [1.23 release notes](https://kops.sigs.k8s.io/releases/1.23-notes/) for more details, including other significant changes. + +- Mattermost has been upgraded to extended support version 6.3 as the previously + packaged extended support version 5.37 is [reaching end of life](https://docs.mattermost.com/upgrade/extended-support-release.html). + Migration may take some time, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release) + and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html). - The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added. @@ -730,6 +765,17 @@ In addition to numerous new and upgraded packages, this release has the followin redis-cli save cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb" ``` +- Peertube now uses services.redis.servers to start a new redis server, instead of using a global redis server. + This improves compatibility with other services that use redis. + + Redis database is used for storage only cache and job queue. More information can be found here - [Peertube architecture](https://docs.joinpeertube.org/contribute-architecture). + + If you do want to save the redis database, you can use the following commands before upgrade OS: + ```bash + redis-cli save + sudo mkdir /var/lib/redis-peertube + sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb + ``` - If you are using Wayland you can choose to use the Ozone Wayland support in Chrome and several Electron apps by setting the environment variable @@ -797,7 +843,6 @@ In addition to numerous new and upgraded packages, this release has the followin If you are using only a window manager without a desktop manager, you need to enable `services.xserver.desktopManager.runXdgAutostartIfNone` or using the `dex` package to make `fcitx5` work. -- A new module was added for the Envoy reverse proxy, providing the options `services.envoy.enable` and `services.envoy.settings`. - The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files. @@ -843,9 +888,6 @@ In addition to numerous new and upgraded packages, this release has the followin - The default value for `programs.spacefm.settings.graphical_su` got unset. It previously pointed to `gksu` which has been removed. -- A new module was added for the [Starship](https://starship.rs/) shell prompt, - providing the options `programs.starship.enable` and `programs.starship.settings`. - - The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls. - `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins. @@ -905,6 +947,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The `nss` package was split into `nss_esr` and `nss_latest`, with `nss` being an alias for `nss_esr`. This was done to ease maintenance of `nss` and dependent high-profile packages like `firefox`. +- The default `scribus` version is now 1.5, while version 1.4 is still available as `scribus_1_4` ([#172700](https://github.com/NixOS/nixpkgs/pull/172700)). + - The Nextcloud module now supports to create a Mysql database automatically with `services.nextcloud.database.createLocally` enabled. @@ -915,8 +959,6 @@ In addition to numerous new and upgraded packages, this release has the followin - Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`. - The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992). -- The `programs.nncp` options were added for generating host-global NNCP configuration. - - The option `services.snapserver.openFirewall` will no longer default to `true` starting with NixOS 22.11. Enable it explicitly if you need to control Snapserver remotely or connect streamig clients from other hosts. @@ -927,5 +969,22 @@ In addition to numerous new and upgraded packages, this release has the followin or `wl*` with priority 99 (which means that it doesn't have any effect if such an interface is matched by a `.network-`unit with a lower priority). In case of scripted networking, no behavior was changed. + +- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. + +- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter + containing the final `mkDerivation` arguments including overrides. + `drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`. + This allows packaging configuration to be overridden in a consistent manner by + providing an alternative to `rec {}` syntax. + + Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing + the final package, including attributes such as the output paths and + `overrideAttrs`. + + New language integrations can be simplified by overriding a "prototype" + package containing the language-specific logic. This removes the need for a + extra layer of overriding for the "generic builder" arguments, thus removing a + usability problem and source of error. <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 7d2eacce57fed..acad456a4fd3a 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -23,7 +23,7 @@ In addition to numerous new and upgraded packages, this release has the followin ## New Services {#sec-release-22.11-new-services} -- Please remove this line when you add the first item since docbook requires the section to be non-empty +- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable). <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -37,9 +37,14 @@ In addition to numerous new and upgraded packages, this release has the followin `lib.systems.parse.isCompatible` still exists, but has changed semantically: Architectures with differing endianness modes are *no longer considered compatible*. +- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`. + + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> ## Other Notable Changes {#sec-release-22.11-notable-changes} -- Please remove this line when you add the first item since docbook requires the section to be non-empty +* A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`. +* Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> |