diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2211.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 1841 |
1 files changed, 0 insertions, 1841 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml deleted file mode 100644 index 2d7226caa5b56..0000000000000 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ /dev/null @@ -1,1841 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.11"> - <title>Release 22.11 (“Raccoon”, 2022.11/30)</title> - <para> - The NixOS release team is happy to announce a new version of NixOS - 22.11. NixOS is a Linux distribution, whose set of packages can also - be used on other Linux systems and macOS. - </para> - <para> - This release is supported until the end of June 2023, handing over - to NixOS 23.05. - </para> - <para> - To upgrade to the latest release follow the - <link linkend="sec-upgrading">upgrade chapter</link>. - </para> - <section xml:id="sec-release-22.11-highlights"> - <title>Highlights</title> - <para> - In addition to numerous new and upgraded packages, this release - includes the following highlights: - </para> - <itemizedlist> - <listitem> - <para> - Software that uses the <literal>crypt</literal> password - hashing API is now using the implementation provided by - <link xlink:href="https://github.com/besser82/libxcrypt"><literal>libxcrypt</literal></link> - instead of glibc’s, which enables support for more secure - algorithms. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Support for algorithms that <literal>libxcrypt</literal> - <link xlink:href="https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41">does - not consider strong</link> are - <emphasis role="strong">deprecated</emphasis> as of this - release, and will be removed in NixOS 23.05. - </para> - </listitem> - <listitem> - <para> - This includes system login passwords. Given this, we - <emphasis role="strong">strongly encourage</emphasis> all - users to update their system passwords, as you will be - unable to login if password hashes are not migrated by the - time their support is removed. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - When using - <literal>users.users.<name>.hashedPassword</literal> - to configure user passwords, run - <literal>mkpasswd</literal>, and use the yescrypt hash - that is provided as the new value. - </para> - </listitem> - <listitem> - <para> - On the other hand, for interactively configured user - passwords, simply re-set the passwords for all users - with <literal>passwd</literal>. - </para> - </listitem> - <listitem> - <para> - This release introduces warnings for the use of - deprecated hash algorithms for both methods of - configuring passwords. To make sure you migrated - correctly, run - <literal>nixos-rebuild switch</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The NixOS documentation is now generated from markdown. While - docbook is still part of the documentation build process, it’s - a big step towards the full migration. - </para> - </listitem> - <listitem> - <para> - <literal>aarch64-linux</literal> is now included in the - <literal>nixos-22.11</literal> and - <literal>nixos-22.11-small</literal> channels. This means that - when those channel update, both - <literal>x86_64-linux</literal> and - <literal>aarch64-linux</literal> will be available in the - binary cache. - </para> - </listitem> - <listitem> - <para> - <literal>aarch64-linux</literal> ISOs are now available on the - <link xlink:href="https://nixos.org/download.html">downloads - page</link>. - </para> - </listitem> - <listitem> - <para> - <literal>nsncd</literal> is now available as a replacement of - <literal>nscd</literal>. - </para> - <para> - <literal>nscd</literal> is responsible for resolving - hostnames, users and more in NixOS and has been a long - standing source of bugs, such as sporadic network freezes. - </para> - <para> - More context in this - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/135888">issue</link>. - </para> - <para> - Help us test the new implementation by setting - <literal>services.nscd.enableNsncd</literal> to - <literal>true</literal>. - </para> - <para> - We plan to use <literal>nsncd</literal> by default in NixOS - 23.05. - </para> - </listitem> - <listitem> - <para> - Linode cloud images are now supported by importing - <literal>${modulesPath}/virtualisation/linode-image.nix</literal> - and accessing <literal>system.build.linodeImage</literal> on - the output. - </para> - </listitem> - <listitem> - <para> - <literal>hardware.nvidia</literal> has a new option, - <literal>hardware.nvidia.open</literal>, that can be used to - enable the usage of NVIDIA’s open-source kernel driver. Note - that the driver’s support for GeForce and Workstation GPUs is - still alpha quality, see - <link xlink:href="https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/">the - release announcement</link> for more information. - </para> - </listitem> - <listitem> - <para> - The <literal>emacs</literal> package now makes use of native - compilation which means: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Emacs packages from Nixpkgs, builtin or not, will do - native compilation ahead of time so you can enjoy the - benefit of native compilation without compiling them on - you machine; - </para> - </listitem> - <listitem> - <para> - Emacs packages from somewhere else, e.g. - <literal>package-install</literal>, will perform - asynchronously deferred native compilation. If you do not - want this, maybe to avoid CPU consumption for compilation, - you can use - <literal>(setq native-comp-deferred-compilation nil)</literal> - to disable it while still benefiting from native - compilation for packages from Nixpkgs. - </para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-22.11-internal"> - <title>Internal changes</title> - <itemizedlist> - <listitem> - <para> - Haskell <literal>ghcWithPackages</literal> is now up to 15 - times faster to evaluate, thanks to changing - <literal>lib.closePropagation</literal> from a quadratic to - linear complexity. Please see backward incompatibilities notes - below. - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/194391">https://github.com/NixOS/nixpkgs/pull/194391</link> - </para> - </listitem> - <listitem> - <para> - For cross-compilation targets that can also run on the - building machine, we now run tests. This, for example, is the - case for the <literal>pkgsStatic</literal> and - <literal>pkgsLLVM</literal> package sets or i686 packages on - <literal>x86_64</literal> machines. - </para> - </listitem> - <listitem> - <para> - To simplify cross-compilation in NixOS, this release - introduces the <literal>nixpkgs.hostPlatform</literal> and - <literal>nixpkgs.buildPlatform</literal> options. These cover - and override the - <literal>nixpkgs.{system,localSystem,crossSystem}</literal> - options. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <literal>hostPlatform</literal> is the platform or - <quote><literal>system</literal></quote> string of the - NixOS system described by the configuration. - </para> - </listitem> - <listitem> - <para> - <literal>buildPlatform</literal> is the platform that is - responsible for building the NixOS configuration. It - defaults to the <literal>hostPlatform</literal>, for a - non-cross build configuration. To cross compile, set - <literal>buildPlatform</literal> to a different value. - </para> - </listitem> - </itemizedlist> - <para> - The new options convey the same information, but with fewer - options, and following the Nixpkgs terminology. - </para> - <para> - The existing options - <literal>nixpkgs.{system,localSystem,crossSystem}</literal> - have not been formally deprecated, to allow for evaluation of - the change and to allow for a transition period so that in - time the ecosystem can switch without breaking compatibility - with any supported NixOS release. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-22.11-version-updates"> - <title>Notable version updates</title> - <itemizedlist> - <listitem> - <para> - Nix has been upgraded from v2.8.1 to v2.11.0. For more - information, please see the release notes for - <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.9.html">2.9</link>, - <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.10.html">2.10</link> - and - <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.11.html">2.11</link>. - </para> - </listitem> - <listitem> - <para> - OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. - </para> - </listitem> - <listitem> - <para> - GNOME has been upgraded to version 43. Please see the - <link xlink:href="https://release.gnome.org/43/">release - notes</link> for details. - </para> - </listitem> - <listitem> - <para> - KDE Plasma has been upgraded from v5.24 to v5.26. Please see - the release notes for - <link xlink:href="https://kde.org/announcements/plasma/5/5.25.0/">v5.25</link> - and - <link xlink:href="https://kde.org/announcements/plasma/5/5.26.0/">v5.26</link> - for more details on the included changes. - </para> - </listitem> - <listitem> - <para> - Cinnamon has been updated to 5.4, and the Cinnamon module now - defaults to Blueman as the Bluetooth manager and slick-greeter - as the LightDM greeter, to match upstream. - </para> - </listitem> - <listitem> - <para> - PHP now defaults to PHP 8.1, updated from 8.0. - </para> - </listitem> - <listitem> - <para> - Perl has been updated to 5.36, and its core module - <literal>HTTP::Tiny</literal> was patched to verify SSL/TLS - certificates by default. - </para> - </listitem> - <listitem> - <para> - Python now defaults to 3.10, updated from 3.9. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-22.11-incompatibilities"> - <title>Backward Incompatibilities</title> - <itemizedlist> - <listitem> - <para> - Nixpkgs now requires Nix 2.3 or newer. - </para> - </listitem> - <listitem> - <para> - The <literal>isCompatible</literal> predicate checking CPU - compatibility is no longer exposed by the platform sets - generated using <literal>lib.systems.elaborate</literal>. In - most cases you will want to use the new - <literal>canExecute</literal> predicate instead which also - takes the kernel / syscall interface into account. - <literal>lib.systems.parse.isCompatible</literal> still - exists, but has changed semantically: Architectures with - differing endianness modes are <emphasis>no longer considered - compatible</emphasis>. - </para> - </listitem> - <listitem> - <para> - <literal>ngrok</literal> has been upgraded from 2.3.40 to - 3.0.4. Please see - <link xlink:href="https://ngrok.com/docs/guides/upgrade-v2-v3">the - upgrade guide</link> and - <link xlink:href="https://ngrok.com/docs/ngrok-agent/changelog">changelog</link>. - Notably, breaking changes are that the config file format has - changed and support for single hyphen arguments was dropped. - </para> - </listitem> - <listitem> - <para> - <literal>i18n.supportedLocales</literal> is now only generated - with the locales set in <literal>i18n.defaultLocale</literal> - and <literal>i18n.extraLocaleSettings</literal>. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - This reduces the final system closure size by up to 200MB. - </para> - </listitem> - <listitem> - <para> - If you require all locales installed, set the option to - <literal>[ "all" ]</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - Deprecated settings <literal>logrotate.paths</literal> and - <literal>logrotate.extraConfig</literal> have been removed. - Please convert any uses to - <link linkend="opt-services.logrotate.settings">services.logrotate.settings</link> - instead. - </para> - </listitem> - <listitem> - <para> - The <literal>isPowerPC</literal> predicate, found on - <literal>platform</literal> attrsets - (<literal>hostPlatform</literal>, - <literal>buildPlatform</literal>, - <literal>targetPlatform</literal>, etc) has been removed in - order to reduce confusion. The predicate was was defined such - that it matches only the 32-bit big-endian members of the - POWER/PowerPC family, despite having a name which would imply - a broader set of systems. If you were using this predicate, - you can replace <literal>foo.isPowerPC</literal> with - <literal>(with foo; isPower && is32bit && isBigEndian)</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>fetchgit</literal> fetcher now uses - <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone - mode</link> by default for sparse checkouts. - <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone - mode</link> can be enabled by passing - <literal>nonConeMode = true</literal>, but note that non-cone - mode is deprecated and this option may be removed alongside a - future Git update without notice. - </para> - </listitem> - <listitem> - <para> - The <literal>fetchgit</literal> fetcher supports sparse - checkouts via the <literal>sparseCheckout</literal> option. - This used to accept a multi-line string with - directories/patterns to check out, but now requires a list of - strings. - </para> - </listitem> - <listitem> - <para> - <literal>openssh</literal> was updated to version 9.1, - disabling the generation of DSA keys when using - <literal>ssh-keygen -A</literal> as they are insecure. Also, - <literal>SetEnv</literal> directives in - <literal>ssh_config</literal> and - <literal>sshd_config</literal> are now first-match-wins. - </para> - </listitem> - <listitem> - <para> - <literal>bsp-layout</literal> no longer uses the command - <literal>cycle</literal> to switch to other window layouts, as - it got replaced by the commands <literal>previous</literal> - and <literal>next</literal>. - </para> - </listitem> - <listitem> - <para> - The Barco ClickShare driver/client package - <literal>pkgs.clickshare-csc1</literal> and the option - <literal>programs.clickshare-csc1.enable</literal> have been - removed, as it requires <literal>qt4</literal>, which reached - its end-of-life 2015 and will no longer be supported by - nixpkgs. - <link xlink:href="https://www.barco.com/de/support/knowledge-base/4380-can-i-use-linux-os-with-clickshare-base-units">According - to Barco</link> many of their base unit models can be used - with Google Chrome and the Google Cast extension. - </para> - </listitem> - <listitem> - <para> - <literal>services.hbase</literal> has been renamed to - <literal>services.hbase-standalone</literal>. For production - HBase clusters, use <literal>services.hadoop.hbase</literal> - instead. - </para> - </listitem> - <listitem> - <para> - The <literal>p4</literal> package now only includes the - open-source Perforce Helix Core command-line client and APIs. - It no longer installs the unfree Helix Core Server binaries - <literal>p4d</literal>, <literal>p4broker</literal>, and - <literal>p4p</literal>. To install the Helix Core Server - binaries, use the <literal>p4d</literal> package instead. - </para> - </listitem> - <listitem> - <para> - The OpenSSL extension for the PHP interpreter used by - Nextcloud is built against OpenSSL 1.1 if - <xref linkend="opt-system.stateVersion" /> is below - <literal>22.11</literal>. This is to make sure that people - using - <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side - encryption</link> don’t lose access to their files. - </para> - <para> - In any other case, it’s safe to use OpenSSL 3 for PHP’s - OpenSSL extension. This can be done by setting - <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" /> - to <literal>false</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>coq</literal> package and versioned variants - starting at <literal>coq_8_14</literal> no longer include - CoqIDE, which is now available through - <literal>coqPackages.coqide</literal>. It is still possible to - get CoqIDE as part of the <literal>coq</literal> package by - overriding the <literal>buildIde</literal> argument of the - derivation. - </para> - </listitem> - <listitem> - <para> - PHP 7.4 is no longer supported due to upstream not supporting - this version for the entire lifecycle of the 22.11 release. - </para> - </listitem> - <listitem> - <para> - The ipfs package and module were renamed to kubo. The kubo - module now uses an RFC42-style <literal>settings</literal> - option instead of <literal>extraConfig</literal> and the - <literal>gatewayAddress</literal>, - <literal>apiAddress</literal> and - <literal>swarmAddress</literal> options were renamed. Using - the old names will print a warning but still work. - </para> - </listitem> - <listitem> - <para> - <literal>pkgs.cosign</literal> does not provide the - <literal>cosigned</literal> binary anymore. The - <literal>sget</literal> binary has been moved into its own - package. - </para> - </listitem> - <listitem> - <para> - Emacs now uses the Lucid toolkit by default instead of GTK - because of stability and compatibility issues. Users who still - wish to remain using GTK can do so by using - <literal>emacs-gtk</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>kanidm</literal> has been updated to 1.1.0-alpha.10 - and now requires a TLS certificate and key. It will always - start <literal>https</literal> and-–-if enabled-–-an LDAPS - server and no HTTP and LDAP server anymore. - </para> - </listitem> - <listitem> - <para> - riak package removed along with - <literal>services.riak</literal> module, due to lack of - maintainer to update the package. - </para> - </listitem> - <listitem> - <para> - ppd files in <literal>pkgs.cups-drv-rastertosag-gdi</literal> - are now gzipped. If you refer to such a ppd file with its path - (e.g. via - <link xlink:href="options.html#opt-hardware.printers.ensurePrinters">hardware.printers.ensurePrinters</link>) - you will need to append <literal>.gz</literal> to the path. - </para> - </listitem> - <listitem> - <para> - xow package removed along with the - <literal>hardware.xow</literal> module, due to the project - being deprecated in favor of <literal>xone</literal>, which is - available via the <literal>hardware.xone</literal> module. - </para> - </listitem> - <listitem> - <para> - dd-agent package removed along with the - <literal>services.dd-agent</literal> module, due to the - project being deprecated in favor of - <literal>datadog-agent</literal>, which is available via the - <literal>services.datadog-agent</literal> module. - </para> - </listitem> - <listitem> - <para> - <literal>teleport</literal> has been upgraded to major version - 10. Please see upstream - <link xlink:href="https://goteleport.com/docs/ver/10.0/management/operations/upgrading/">upgrade - instructions</link> and - <link xlink:href="https://goteleport.com/docs/ver/10.0/changelog/#1000">release - notes</link>. - </para> - </listitem> - <listitem> - <para> - <literal>lib.closePropagation</literal> now needs that all - gathered sets have an <literal>outPath</literal> attribute. - </para> - </listitem> - <listitem> - <para> - lemmy module option - <literal>services.lemmy.settings.database.createLocally</literal> - moved to - <literal>services.lemmy.database.createLocally</literal>. - </para> - </listitem> - <listitem> - <para> - virtlyst package and <literal>services.virtlyst</literal> - module removed, due to lack of maintainers. - </para> - </listitem> - <listitem> - <para> - The <literal>nix.checkConfig</literal> option now fully - disables the config check. The new - <literal>nix.checkAllErrors</literal> option behaves like - <literal>nix.checkConfig</literal> previously did. - </para> - </listitem> - <listitem> - <para> - <literal>generateOptparseApplicativeCompletions</literal> and - <literal>generateOptparseApplicativeCompletion</literal> from - <literal>haskell.lib.compose</literal> (and - <literal>haskell.lib</literal>) have been deprecated in favor - of <literal>generateOptparseApplicativeCompletions</literal> - (plural!) as provided by the haskell package sets (so - <literal>haskellPackages.generateOptparseApplicativeCompletions</literal> - etc.). The latter allows for cross-compilation (by - automatically disabling generation of completion in the cross - case). For it to work properly you need to make sure that the - function comes from the same context as the package you are - trying to override, i.e. always use the same package set as - your package is coming from or – even better – use - <literal>self.generateOptparseApplicativeCompletions</literal> - if you are overriding a haskell package set. The old functions - are retained for backwards compatibility, but yield are - warning. - </para> - </listitem> - <listitem> - <para> - The <literal>services.graphite.api</literal> and - <literal>services.graphite.beacon</literal> NixOS options, and - the <literal>python3.pkgs.graphite_api</literal>, - <literal>python3.pkgs.graphite_beacon</literal> and - <literal>python3.pkgs.influxgraph</literal> packages, have - been removed due to lack of upstream maintenance. - </para> - </listitem> - <listitem> - <para> - The <literal>trace</literal> binary from - <literal>perf-linux</literal> package has been removed, due to - being a duplicate of the <literal>perf</literal> binary. - </para> - </listitem> - <listitem> - <para> - The <literal>aws</literal> package has been removed due to - being abandoned by the upstream. It is recommended to use - <literal>awscli</literal> or <literal>awscli2</literal> - instead. - </para> - </listitem> - <listitem> - <para> - The - <link xlink:href="https://ce-programming.github.io/CEmu">CEmu - TI-84 Plus CE emulator</link> package has been renamed to - <literal>cemu-ti</literal>. The - <link xlink:href="https://cemu.info">Cemu Wii U - emulator</link> is now packaged as <literal>cemu</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>systemd-networkd</literal> v250 deprecated, renamed, - and moved some sections and settings which leads to the - following breaking module changes: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <literal>systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig</literal> - is renamed to - <literal>systemd.network.networks.<name>.dhcpPrefixDelegationConfig</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>systemd.network.networks.<name>.dhcpV6Config</literal> - no longer accepts the - <literal>ForceDHCPv6PDOtherInformation=</literal> setting. - Please use the <literal>WithoutRA=</literal> and - <literal>UseDelegatedPrefix=</literal> settings in your - <literal>systemd.network.networks.<name>.dhcpV6Config</literal> - and the <literal>DHCPv6Client=</literal> setting in your - <literal>systemd.network.networks.<name>.ipv6AcceptRAConfig</literal> - to control when the DHCPv6 client is started and how the - delegated prefixes are handled by the DHCPv6 client. - </para> - </listitem> - <listitem> - <para> - <literal>systemd.network.networks.<name>.networkConfig</literal> - no longer accepts the <literal>IPv6Token=</literal> - setting. Use the <literal>Token=</literal> setting in your - <literal>systemd.network.networks.<name>.ipv6AcceptRAConfig</literal> - instead. The - <literal>systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig</literal> - now also accepts the <literal>Token=</literal> setting. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <literal>arangodb</literal> versions 3.3, 3.4, and 3.5 have - been removed because they are at EOL upstream. The default is - now 3.10.0. Support for aarch64-linux has been removed since - the target cannot be built reproducibly. By default - <literal>arangodb</literal> is now built for the - <literal>haswell</literal> architecture. If you wish to build - for a different architecture, you may override the - <literal>targetArchitecture</literal> argument with a value - from - <link xlink:href="https://github.com/arangodb/arangodb/blob/207ec6937e41a46e10aea34953879341f0606841/cmake/OptimizeForArchitecture.cmake#L594">this - list supported upstream</link>. Some architecture specific - optimizations are also conditionally enabled. You may alter - this behavior by overriding the - <literal>asmOptimizations</literal> parameter. You may also - add additional architecture support by adding more - <literal>-DHAS_XYZ</literal> flags to - <literal>cmakeFlags</literal> via - <literal>overrideAttrs</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>meta.mainProgram</literal> attribute of packages - in <literal>wineWowPackages</literal> now defaults to - <literal>"wine64"</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>paperless</literal> module now defaults - <literal>PAPERLESS_TIME_ZONE</literal> to your configured - system timezone. - </para> - </listitem> - <listitem> - <para> - The top-level <literal>termonad-with-packages</literal> alias - for <literal>termonad</literal> has been removed. - </para> - </listitem> - <listitem> - <para> - Linux 4.9 has been removed because it will reach its end of - life within the lifespan of 22.11. - </para> - </listitem> - <listitem> - <para> - (Neo)Vim can not be configured with - <literal>configure.pathogen</literal> anymore to reduce - maintainance burden. Use <literal>configure.packages</literal> - instead. - </para> - </listitem> - <listitem> - <para> - Neovim can not be configured with plug anymore (still works - for vim). - </para> - </listitem> - <listitem> - <para> - The <literal>adguardhome</literal> module no longer uses - <literal>host</literal> and <literal>port</literal> options, - use <literal>settings.bind_host</literal> and - <literal>settings.bind_port</literal> instead. - </para> - </listitem> - <listitem> - <para> - The default <literal>kops</literal> version is now 1.25.1 and - support for 1.22 and older has been dropped. - </para> - </listitem> - <listitem> - <para> - The <literal>zrepl</literal> package has been updated from - 0.5.0 to 0.6.0. See the - <link xlink:href="https://zrepl.github.io/changelog.html">changelog</link> - for details. - </para> - </listitem> - <listitem> - <para> - <literal>k3s</literal> no longer supports Docker as runtime - due to upstream dropping support. - </para> - </listitem> - <listitem> - <para> - <literal>cassandra_2_1</literal> and - <literal>cassandra_2_2</literal> have been removed. Please - update to <literal>cassandra_3_11</literal> or - <literal>cassandra_3_0</literal>. See the - <link xlink:href="https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt">changelog</link> - for more information about the upgrade process. - </para> - </listitem> - <listitem> - <para> - <literal>mysql57</literal> has been removed. Please update to - <literal>mysql80</literal> or <literal>mariadb</literal>. See - the - <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/">upgrade - guide</link> for more information. - </para> - </listitem> - <listitem> - <para> - Consequently, <literal>cqrlog</literal> and - <literal>amorok</literal> now use <literal>mariadb</literal> - instead of <literal>mysql57</literal> for their embedded - databases. Running <literal>mysql_upgrade</literal> may be - neccesary. - </para> - </listitem> - <listitem> - <para> - <literal>k3s</literal> supports <literal>clusterInit</literal> - option, and it is enabled by default, for servers. - </para> - </listitem> - <listitem> - <para> - <literal>percona-server56</literal> has been removed. Please - migrate to <literal>mysql</literal> or - <literal>mariadb</literal> if possible. - </para> - </listitem> - <listitem> - <para> - <literal>obs-studio</literal> hase been updated to version 28. - If you have packaged custom plugins, check if they are - compatible. <literal>obs-websocket</literal> has been - integrated into <literal>obs-studio</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>signald</literal> has been bumped to - <literal>0.23.0</literal>. For the upgrade, a migration - process is necessary. It can be done by running a command like - this before starting <literal>signald.service</literal>: - </para> - <programlisting> -signald -d /var/lib/signald/db \ - --database sqlite:/var/lib/signald/db \ - --migrate-data -</programlisting> - <para> - For further information, please read the upstream changelogs. - </para> - </listitem> - <listitem> - <para> - <literal>stylua</literal> no longer accepts - <literal>lua52Support</literal> and - <literal>luauSupport</literal> overrides. Use - <literal>features</literal> instead, which defaults to - <literal>[ "lua54" "luau" ]</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>ocamlPackages.ocaml_extlib</literal> has been renamed - to <literal>ocamlPackages.extlib</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>pkgs.fetchNextcloudApp</literal> has been rewritten - to circumvent impurities in e.g. tarballs from GitHub and to - make it easier to apply patches. This means that your hashes - are out-of-date and the (previously required) attributes - <literal>name</literal> and <literal>version</literal> are no - longer accepted. - </para> - </listitem> - <listitem> - <para> - The Syncthing service now only allows absolute paths—starting - with <literal>/</literal> or <literal>~/</literal>—for - <literal>services.syncthing.folders.<name>.path</literal>. - In a future release other paths will be allowed again and - interpreted relative to - <literal>services.syncthing.dataDir</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>services.github-runner</literal> and - <literal>services.github-runners.<name></literal> gained - the option <literal>serviceOverrides</literal> which allows - overriding the systemd <literal>serviceConfig</literal>. If - you have been overriding the systemd service configuration - (i.e., by defining - <literal>systemd.services.github-runner.serviceConfig</literal>), - you have to use the <literal>serviceOverrides</literal> option - now. Example: - </para> - <programlisting> -services.github-runner.serviceOverrides.SupplementaryGroups = [ - "docker" -]; -</programlisting> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-22.11-notable-changes"> - <title>Other Notable Changes</title> - <itemizedlist> - <listitem> - <para> - PHP is now built in <literal>NTS</literal> (Non-Thread Safe) - mode by default. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - For Apache and <literal>mod_php</literal> usage, we enable - <literal>ZTS</literal> (Zend Thread Safe) mode. This has - been a common practice for a long time in other - distributions. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <literal>firefox</literal>, <literal>thunderbird</literal> and - <literal>librewolf</literal> now come with Wayland support by - default. The <literal>firefox-wayland</literal>, - <literal>firefox-esr-wayland</literal>, - <literal>thunderbird-wayland</literal> and - <literal>librewolf-wayland</literal> attributes are obsolete - and have been aliased to their generic attribute. - </para> - </listitem> - <listitem> - <para> - The <literal>xplr</literal> package has been updated from - 0.18.0 to 0.19.0, which brings some breaking changes. See the - <link xlink:href="https://github.com/sayanarijit/xplr/releases/tag/v0.19.0">upstream - release notes</link> for more details. - </para> - </listitem> - <listitem> - <para> - Configuring multiple GitHub runners is now possible through - <literal>services.github-runners.<name></literal>. The - options under <literal>services.github-runner</literal> - remain, to configure a single runner. - </para> - </listitem> - <listitem> - <para> - <literal>github-runner</literal> gained support for ephemeral - runners and registrations using a personal access token (PAT) - instead of a registration token. See - <literal>services.github-runner.ephemeral</literal> and - <literal>services.github-runner.tokenFile</literal> for - details. - </para> - </listitem> - <listitem> - <para> - A new module was added to provide hardware support for the - Saleae Logic device family, providing the options - <literal>hardware.saleae-logic.enable</literal> and - <literal>hardware.saleae-logic.package</literal>. - </para> - </listitem> - <listitem> - <para> - ZFS module will no longer allow hibernation by default. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - This is a safety measure to prevent data loss cases like - the ones described at - <link xlink:href="https://github.com/openzfs/zfs/issues/260">OpenZFS/260</link> - and - <link xlink:href="https://github.com/openzfs/zfs/issues/12842">OpenZFS/12842</link>. - </para> - </listitem> - <listitem> - <para> - Use the <literal>boot.zfs.allowHibernation</literal> - option to configure this behaviour. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - Mastodon now automatically removes remote media attachments - older than 30 days. This is configurable through - <literal>services.mastodon.mediaAutoRemove</literal>. - </para> - </listitem> - <listitem> - <para> - The Redis module now disables RDB persistence when - <literal>services.redis.servers.<name>.save = []</literal> - instead of using the Redis default. - </para> - </listitem> - <listitem> - <para> - Neo4j was updated from version 3 to version 4. See upstream’s - <link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration - guide</link> for information on how to migrate your instance. - </para> - </listitem> - <listitem> - <para> - The <literal>networking.wireguard</literal> module now can set - the mtu on interfaces and tag its packets with an fwmark. - </para> - </listitem> - <listitem> - <para> - The option <literal>overrideStrategy</literal> was added to - the different systemd unit options - (<literal>systemd.services.<name></literal>, - <literal>systemd.sockets.<name></literal>, …) to allow - enforcing the creation of a dropin file, rather than the main - unit file, by setting it to <literal>asDropin</literal>. This - is useful in cases where the existence of the main unit file - is not known to Nix at evaluation time, for example when the - main unit file is provided by adding a package to - <literal>systemd.packages</literal>. See the fix proposed in - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/135557#issuecomment-1295392470">NixOS’s - systemd abstraction doesn’t work with systemd template - units</link> for an example. - </para> - </listitem> - <listitem> - <para> - The <literal>polymc</literal> package has been removed due to - a rogue maintainer. It has been replaced by - <literal>prismlauncher</literal>, a fork by the rest of the - maintainers. For more details, see - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/196624">the - PR that made this change</link> and - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/196460">the - issue detailing the vulnerability</link>. Users with existing - installations should rename - <literal>~/.local/share/polymc</literal> to - <literal>~/.local/share/PrismLauncher</literal>. The main - config file’s path has also moved from - <literal>~/.local/share/polymc/polymc.cfg</literal> to - <literal>~/.local/share/PrismLauncher/prismlauncher.cfg</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>bloat</literal> package has been updated from - unstable-2022-03-31 to unstable-2022-10-25, which brings a - breaking change. See - <link xlink:href="https://git.freesoftwareextremist.com/bloat/commit/?id=887ed241d64ba5db3fd3d87194fb5595e5ad7d73">this - upstream commit message</link> for details. - </para> - </listitem> - <listitem> - <para> - Synapse’s systemd unit has been hardened. - </para> - </listitem> - <listitem> - <para> - The module <literal>services.grafana</literal> was refactored - to be compliant with - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link>. To be precise, this means that the following - things have changed: - </para> - <itemizedlist> - <listitem> - <para> - The newly introduced option - <xref linkend="opt-services.grafana.settings" /> is an - attribute-set that will be converted into Grafana’s INI - format. This means that the configuration from - <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/">Grafana’s - configuration reference</link> can be directly written as - attribute-set in Nix within this option. - </para> - </listitem> - <listitem> - <para> - The option - <literal>services.grafana.extraOptions</literal> has been - removed. This option was an association of environment - variables for Grafana. If you had an expression like - </para> - <programlisting language="nix"> -{ - services.grafana.extraOptions.SECURITY_ADMIN_USER = "foobar"; -} -</programlisting> - <para> - your Grafana instance was running with - <literal>GF_SECURITY_ADMIN_USER=foobar</literal> in its - environment. - </para> - <para> - For the migration, it is recommended to turn it into the - INI format, i.e. to declare - </para> - <programlisting language="nix"> -{ - services.grafana.settings.security.admin_user = "foobar"; -} -</programlisting> - <para> - instead. - </para> - <para> - The keys in - <literal>services.grafana.extraOptions</literal> have the - format - <literal><INI section name>_<Key Name></literal>. - Further details are outlined in the - <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables">configuration - reference</link>. - </para> - <para> - Alternatively you can also set all your values from - <literal>extraOptions</literal> to - <literal>systemd.services.grafana.environment</literal>, - make sure you don’t forget to add the - <literal>GF_</literal> prefix though! - </para> - </listitem> - <listitem> - <para> - Previously, the options - <link linkend="opt-services.grafana.provision.datasources">services.grafana.provision.datasources</link> - and - <link linkend="opt-services.grafana.provision.dashboards">services.grafana.provision.dashboards</link> - expected lists of datasources or dashboards for the - <link xlink:href="https://grafana.com/docs/grafana/latest/administration/provisioning/">declarative - provisioning</link>. - </para> - <para> - To declare lists of - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <emphasis role="strong">datasources</emphasis>, please - rename your declarations to - <link linkend="opt-services.grafana.provision.datasources.settings.datasources">services.grafana.provision.datasources.settings.datasources</link>. - </para> - </listitem> - <listitem> - <para> - <emphasis role="strong">dashboards</emphasis>, please - rename your declarations to - <link linkend="opt-services.grafana.provision.dashboards.settings.providers">services.grafana.provision.dashboards.settings.providers</link>. - </para> - </listitem> - </itemizedlist> - <para> - This change was made to support more features for that: - </para> - <itemizedlist> - <listitem> - <para> - It’s possible to declare the - <literal>apiVersion</literal> of your dashboards and - datasources by - <link linkend="opt-services.grafana.provision.datasources.settings.apiVersion">services.grafana.provision.datasources.settings.apiVersion</link> - (or - <link linkend="opt-services.grafana.provision.dashboards.settings.apiVersion">services.grafana.provision.dashboards.settings.apiVersion</link>). - </para> - </listitem> - <listitem> - <para> - Instead of declaring datasources and dashboards in - pure Nix, it’s also possible to specify configuration - files (or directories) with YAML instead using - <link linkend="opt-services.grafana.provision.datasources.path">services.grafana.provision.datasources.path</link> - (or - <link linkend="opt-services.grafana.provision.dashboards.path">services.grafana.provision.dashboards.path</link>. - This is useful when having provisioning files from - non-NixOS Grafana instances that you also want to - deploy to NixOS. - </para> - <para> - <emphasis role="strong">Note:</emphasis> secrets from - these files will be leaked into the store unless you - use a - <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider"><emphasis role="strong">file</emphasis>-provider - or env-var</link> for secrets! - </para> - </listitem> - <listitem> - <para> - <link linkend="opt-services.grafana.provision.notifiers">services.grafana.provision.notifiers</link> - is not affected by this change because this feature is - deprecated by Grafana and will probably be removed in - Grafana 10. It’s recommended to use - <literal>services.grafana.provision.alerting.contactPoints</literal> - instead. - </para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>services.grafana.provision.alerting</literal> - option was added. It includes suboptions for every - alerting-related objects (with the exception of - <literal>notifiers</literal>), which means it’s now possible - to configure modern Grafana alerting declaratively. - </para> - </listitem> - <listitem> - <para> - Synapse now requires entries in the - <literal>state_group_edges</literal> table to be unique, in - order to prevent accidentally introducing duplicate - information (for example, because a database backup was - restored multiple times). If your Synapse database already has - duplicate rows in this table, this could fail with an error - and require manual remediation. - </para> - </listitem> - <listitem> - <para> - The <literal>diamond</literal> package has been update from - 0.8.36 to 2.0.15. See the - <link xlink:href="https://github.com/bbuchfink/diamond/releases">upstream - release notes</link> for more details. - </para> - </listitem> - <listitem> - <para> - The <literal>guake</literal> package has been updated from - 3.6.3 to 3.9.0, see the - <link xlink:href="https://github.com/Guake/guake/releases">changelog</link> - for more details. - </para> - </listitem> - <listitem> - <para> - The <literal>netlify-cli</literal> package has been updated - from 6.13.2 to 12.2.4, see the - <link xlink:href="https://github.com/netlify/cli/releases">changelog</link> - for more details. - </para> - </listitem> - <listitem> - <para> - <literal>dockerTools.buildImage</literal>’s - <literal>contents</literal> parameter has been deprecated in - favor of <literal>copyToRoot</literal>. Use - <literal>copyToRoot = buildEnv { ... };</literal> or similar - if you intend to add packages to <literal>/bin</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>proxmox.qemuConf.bios</literal> option was added, - it corresponds to <literal>Hardware->BIOS</literal> field - in Proxmox web interface. Use - <literal>"ovmf"</literal> value to build UEFI image, - default value remains <literal>"bios"</literal>. New - option <literal>proxmox.partitionTableType</literal> defaults - to either <literal>"legacy"</literal> or - <literal>"efi"</literal>, depending on the - <literal>bios</literal> value. Setting - <literal>partitionTableType</literal> to - <literal>"hybrid"</literal> results in an image, - which supports both methods - (<literal>"bios"</literal> and - <literal>"ovmf"</literal>), thereby remaining - bootable after change to Proxmox - <literal>Hardware->BIOS</literal> field. - </para> - </listitem> - <listitem> - <para> - memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. - It is now the upstream version from https://www.memtest.org/, - as coreboot’s fork is no longer available. - </para> - </listitem> - <listitem> - <para> - Option descriptions, examples, and defaults writing in DocBook - are now deprecated. Using CommonMark is preferred and will - become the default in a future release. - </para> - </listitem> - <listitem> - <para> - The - <literal>documentation.nixos.options.allowDocBook</literal> - option was added to ease the transition to CommonMark option - documentation. Setting this option to <literal>false</literal> - causes an error for every option included in the manual that - uses DocBook documentation; it defaults to - <literal>true</literal> to preserve the previous behavior and - will be removed once the transition to CommonMark is complete. - </para> - </listitem> - <listitem> - <para> - The Redis module now persists each instance’s configuration - file in the state directory, in order to support some more - advanced use cases like Sentinel. - </para> - </listitem> - <listitem> - <para> - <literal>protonup</literal> has been aliased to and replaced - by <literal>protonup-ng</literal> due to upstream not - maintaining it. - </para> - </listitem> - <listitem> - <para> - The udisks2 service, available at - <literal>services.udisks2.enable</literal>, is now disabled by - default. It will automatically be enabled through services and - desktop environments as needed. This also means that polkit - will now actually be disabled by default. The default for - <literal>security.polkit.enable</literal> was already flipped - in the previous release, but udisks2 being enabled by default - re-enabled it. - </para> - </listitem> - <listitem> - <para> - Nextcloud has been updated to version - <emphasis role="strong">25</emphasis>. Additionally the - following things have changed for Nextcloud in NixOS: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - For Nextcloud <emphasis role="strong">>=24</emphasis>, - the default PHP version is 8.1. - </para> - </listitem> - <listitem> - <para> - Nextcloud <emphasis role="strong">23</emphasis> has been - removed since it will reach its - <link xlink:href="https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule/d76576a12a626d53305d480a6065b57cab705d3d">end - of life in December 2022</link>. - </para> - </listitem> - <listitem> - <para> - If <literal>system.stateVersion</literal> is - <emphasis role="strong">>=22.11</emphasis>, Nextcloud - 25 will be installed by default. For older versions, - Nextcloud 24 will be installed. - </para> - </listitem> - <listitem> - <para> - Please ensure that you only upgrade one major release at a - time! Nextcloud doesn’t support upgrades across multiple - versions, i.e. an upgrade from - <emphasis role="strong">23</emphasis> to - <emphasis role="strong">25</emphasis> is only possible - when upgrading to <emphasis role="strong">24</emphasis> - first. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - systemd-oomd is enabled by default. Depending on which systemd - units have <literal>ManagedOOMSwap=kill</literal> or - <literal>ManagedOOMMemoryPressure=kill</literal>, systemd-oomd - will SIGKILL all the processes under the appropriate - descendant cgroups when the configured limits are exceeded. - NixOS does currently not configure cgroups with oomd by - default, this can be enabled using - <link xlink:href="options.html#opt-systemd.oomd.enableRootSlice">systemd.oomd.enableRootSlice</link>, - <link xlink:href="options.html#opt-systemd.oomd.enableSystemSlice">systemd.oomd.enableSystemSlice</link>, - and - <link xlink:href="options.html#opt-systemd.oomd.enableUserServices">systemd.oomd.enableUserServices</link>. - </para> - </listitem> - <listitem> - <para> - The <literal>tt-rss</literal> service performs two database - migrations when you first use its web UI after upgrade. - Consider backing up its database before updating. - </para> - </listitem> - <listitem> - <para> - The <literal>pass-secret-service</literal> package now - includes systemd units from upstream, so adding it to the - NixOS <literal>services.dbus.packages</literal> option will - make it start automatically as a systemd user service when an - application tries to talk to the libsecret D-Bus API. - </para> - </listitem> - <listitem> - <para> - The Wordpress module now has support for installing language - packs through a new option, - <literal>services.wordpress.sites.<site>.languages</literal>. - </para> - </listitem> - <listitem> - <para> - The default package for - <literal>services.mullvad-vpn.package</literal> was changed to - <literal>pkgs.mullvad</literal>, allowing cross-platform usage - of Mullvad. <literal>pkgs.mullvad</literal> only contains the - Mullvad CLI tool, so users who rely on the Mullvad GUI will - want to change it back to <literal>pkgs.mullvad-vpn</literal>, - or add <literal>pkgs.mullvad-vpn</literal> to their - environment. - </para> - </listitem> - <listitem> - <para> - PowerDNS has been updated from v4.6.2 to v4.7.2. Please be - sure to review the - <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#to-4-7-0-or-master">Upgrade - Notes</link> provided by upstream before upgrading. Worth - specifically noting is that the new Catalog Zones feature - comes with a mandatory schema change for the GSQL database - backends, which has to be manually applied. - </para> - </listitem> - <listitem> - <para> - There is a new module for the <literal>thunar</literal> - program (the Xfce file manager), which depends on the - <literal>xfconf</literal> dbus service, and also has a dbus - service and a systemd unit. The option - <literal>services.xserver.desktopManager.xfce.thunarPlugins</literal> - has been renamed to - <literal>programs.thunar.plugins</literal>, and may be removed - in a future release. - </para> - </listitem> - <listitem> - <para> - There is a new module for <literal>xfconf</literal> (the Xfce - configuration storage system), which has a dbus service. - </para> - </listitem> - <listitem> - <para> - The Mastodon package has been upgraded to v4.0.0. See the - <link xlink:href="https://github.com/mastodon/mastodon/releases/tag/v4.0.0">v4.0.0 - release notes</link> for a list of changes. On standard - setups, no manual migration steps are required. Nevertheless, - a database backup is recommended. - </para> - </listitem> - <listitem> - <para> - The <literal>nomad</literal> package now defaults to v1.3, - which no longer has a downgrade path to v1.2 or older. - </para> - </listitem> - <listitem> - <para> - The <literal>nodePackages</literal> package set now defaults - to the LTS release in the <literal>nodejs</literal> package - again, instead of being pinned to - <literal>nodejs-14_x</literal>. Several updates to node2nix - have been made for compatibility with newer Node.js and npm - versions and a new <literal>postRebuild</literal> hook has - been added for packages to perform extra build steps before - the npm install step prunes dev dependencies. - </para> - </listitem> - <listitem> - <para> - <literal>boot.kernel.sysctl</literal> is defined as a - freeformType and adds a custom merge option for - <literal>net.core.rmem_max</literal> (taking the highest value - defined to avoid conflicts between 2 services trying to set - that value). - </para> - </listitem> - <listitem> - <para> - The <literal>mame</literal> package does not ship with its - tools anymore in the default output. They were moved to a - separate <literal>tools</literal> output instead. For - convenience, <literal>mame-tools</literal> package was added - for those who want to use it. - </para> - </listitem> - <listitem> - <para> - A NixOS module for Firefox has been added which allows - preferences and - <link xlink:href="https://github.com/mozilla/policy-templates/blob/master/README.md">policies</link> - to be set. This also allows extensions to be installed via the - <literal>ExtensionSettings</literal> policy. The new options - are under <literal>programs.firefox</literal>. - </para> - </listitem> - <listitem> - <para> - The option - <literal>services.picom.experimentalBackends</literal> was - removed since it is now the default and the option will cause - <literal>picom</literal> to quit instead. - </para> - </listitem> - <listitem> - <para> - <literal>haskellPackages.callHackage</literal> is not always - invalidated if <literal>all-cabal-hashes</literal> changes, - leading to less rebuilds of haskell dependencies. - </para> - </listitem> - <listitem> - <para> - <literal>haskellPackages.callHackage</literal> and - <literal>haskellPackages.callCabal2nix</literal> (and related - functions) no longer keep a reference to the - <literal>cabal2nix</literal> call used to generate them. As a - result, they will be garbage collected more often. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-22.11-new-services"> - <title>New Services</title> - <itemizedlist> - <listitem> - <para> - <link xlink:href="https://git.sr.ht/~migadu/alps">alps</link>, - a simple and extensible webmail. Available as - <link linkend="opt-services.alps.enable">services.alps</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/jollheef/appvm">appvm</link>, - Nix based app VMs. Available as - <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>, - the authentication software for the German ID card. Available - as - <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/maxbrunet/automatic-timezoned">automatic-timezoned</link>. - a Linux daemon to automatically update the system timezone - based on location. Available as - <link linkend="opt-services.automatic-timezoned.enable">services.automatic-timezoned</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.dolibarr.org/">Dolibarr</link>, - an enterprise resource planning and customer relationship - manager. Enable using - <link linkend="opt-services.dolibarr.enable">services.dolibarr</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://dragonflydb.io/">dragonflydb</link>, - a modern replacement for Redis and Memcached. Available as - <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/shizunge/endlessh-go">endlessh-go</link>, - an SSH tarpit that exposes Prometheus metrics. Available as - <link linkend="opt-services.endlessh-go.enable">services.endlessh-go</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/skeeto/endlessh">endlessh</link>, - an SSH tarpit. Available as - <link linkend="opt-services.endlessh.enable">services.endlessh</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://evcc.io">EVCC</link> is an EV charge - controller with PV integration. It supports a multitude of - chargers, meters, vehicle APIs and more and ties that together - with a well-tested backend and a lightweight web frontend. - Available as - <link linkend="opt-services.evcc.enable">services.evcc</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.expressvpn.com">expressvpn</link>, - the CLI client for ExpressVPN. Available as - <link linkend="opt-services.expressvpn.enable">services.expressvpn</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://freshrss.org/">FreshRSS</link>, a - free, self-hostable RSS feed aggregator. Available as - <link linkend="opt-services.freshrss.enable">services.freshrss</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://garagehq.deuxfleurs.fr/">Garage</link>, - a simple object storage server for geodistributed deployments, - alternative to MinIO. Available as - <link linkend="opt-services.garage.enable">services.garage</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/L11R/go-autoconfig">go-autoconfig</link>, - IMAP/SMTP autodiscover server. Available as - <link linkend="opt-services.go-autoconfig.enable">services.go-autoconfig</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana - Tempo</link>, a distributed tracing store. Available as - <link linkend="opt-services.tempo.enable">services.tempo</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://hbase.apache.org/">HBase - cluster</link>, a distributed, scalable, big data store. - Available as - <link xlink:href="options.html#opt-services.hadoop.hbase.enable">services.hadoop.hbase</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>, - a hardware True Random Number Generator dongle. Available as - <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/jtroo/kanata">kanata</link>, - a tool to improve keyboard comfort and usability with advanced - customization. Available as - <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/prymitive/karma">karma</link>, - an alert dashboard for Prometheus Alertmanager. Available as - <link xlink:href="options.html#opt-services.karma.enable">services.karma</link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://komga.org/">Komga</link>, a free and - open source comics/mangas media server. Available as - <link linkend="opt-services.komga.enable">services.komga</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/prymitive/kthxbye">kthxbye</link>, - an alert acknowledgement management daemon for Prometheus - Alertmanager. Available as - <link xlink:href="options.html#opt-services.kthxbye.enable">services.kthxbye</link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://languagetool.org/">languagetool</link>, - a multilingual grammar, style, and spell checker. Available as - <link xlink:href="options.html#opt-services.languagetool.enable">services.languagetool</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://listmonk.app">Listmonk</link>, a - self-hosted newsletter manager. Enable using - <link xlink:href="options.html#opt-services.listmonk.enable">services.listmonk</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://mepo.milesalan.com">Mepo</link>, a - fast, simple, hackable OSM map viewer for mobile and desktop - Linux. Available as - <link linkend="opt-programs.mepo.enable">programs.mepo.enable</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://troglobit.com/projects/merecat/">merecat</link>, - a small and easy HTTP server based on thttpd. Available as - <link linkend="opt-services.merecat.enable">services.merecat</link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://netbird.io">netbird</link>, a zero - configuration VPN. Available as - <link xlink:href="options.html#opt-services.netbird.enable">services.netbird</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://ntfy.sh">ntfy.sh</link>, a push - notification service. Available as - <link linkend="opt-services.ntfy-sh.enable">services.ntfy-sh</link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master">OpenRGB</link>, - a FOSS tool for controlling RGB lighting. Available as - <link xlink:href="options.html#opt-services.hardware.openrgb.enable">services.hardware.openrgb.enable</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.getoutline.com/">Outline</link>, - a wiki and knowledge base similar to Notion. Available as - <link linkend="opt-services.outline.enable">services.outline</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/zalando/patroni">Patroni</link>, - a template for PostgreSQL HA with ZooKeeper, etcd or Consul. - Available as - <link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>, - a daemon to add virtual proxy devices that mirror a physical - input device but persist even if the underlying hardware is - hot-plugged. Available as - <link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/edneville/please">Please</link>, - a Sudo clone written in Rust. Available as - <link linkend="opt-security.please.enable">security.please</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/prometheus-community/ipmi_exporter">Prometheus - IPMI exporter</link>, an IPMI exporter for Prometheus. - Available as - <link linkend="opt-services.prometheus.exporters.ipmi.enable">services.prometheus.exporters.ipmi</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/messagebird/sachet/">Sachet</link>, - an SMS alerting tool for the Prometheus Alertmanager. - Available as - <link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://schleuder.org/">schleuder</link>, a - mailing list manager with PGP support. Enable using - <link linkend="opt-services.schleuder.enable">services.schleuder</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/mozilla-services/syncstorage-rs">syncstorage-rs</link>, - a self-hostable sync server for Firefox. Available as - <link xlink:href="options.html#opt-services.firefox-syncserver.enable">services.firefox-syncserver</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://tandoor.dev">Tandoor Recipes</link>, - a self-hosted multi-tenant recipe collection. Available as - <link xlink:href="options.html#opt-services.tandoor-recipes.enable">services.tandoor-recipes</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="http://www.litech.org/tayga/">TAYGA</link>, - an out-of-kernel stateless NAT64 implementation. Available as - <link linkend="opt-services.tayga.enable">services.tayga</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/tmate-io/tmate-ssh-server">tmate-ssh-server</link>, - server side part of - <link xlink:href="https://tmate.io/">tmate</link>. Available - as - <link linkend="opt-services.tmate-ssh-server.enable">services.tmate-ssh-server</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://uptime.kuma.pet/">Uptime - Kuma</link>, a fancy self-hosted monitoring tool. Available as - <link linkend="opt-services.uptime-kuma.enable">services.uptime-kuma</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://writefreely.org">WriteFreely</link>, - a simple blogging platform with ActivityPub support. Available - as - <link xlink:href="options.html#opt-services.writefreely.enable">services.writefreely</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://github.com/XTLS/Xray-core">xray</link>, - a fully compatible v2ray-core replacement. Features XTLS, - which when enabled on server and client, brings UDP FullCone - NAT to proxy setups. Available as - <link xlink:href="options.html#opt-services.xray.enable">services.xray</link>. - </para> - </listitem> - </itemizedlist> - </section> -</section> |