about summary refs log tree commit diff
path: root/nixos/doc/manual/release-notes/rl-2411.section.md
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2411.section.md')
-rw-r--r--nixos/doc/manual/release-notes/rl-2411.section.md237
1 files changed, 236 insertions, 1 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index f8730cfc29d6d..702d33d38899d 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -8,9 +8,31 @@
 
 - [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD's open source Vulkan driver, is now available to be configured as `hardware.amdgpu.amdvlk` option.
   This also allows configuring runtime settings of AMDVLK and enabling experimental features.
+- The `moonlight-qt` package ([Moonlight game streaming](https://moonlight-stream.org/)) now has HDR support on Linux systems.
+
+- PostgreSQL now defaults to major version 16.
+
+- `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/).
+  This release also deprecates some configuration keys, which are likely to be removed in future version 5.0, but they are still supported and expected to be working in the current version.
+
+- `compressDrv` can compress selected files in a derivation. `compressDrvWeb` compresses files for common web server usage (`.gz` with `zopfli`, `.br` with `brotli`).
+
+- `hardware.display` is a new module implementing workarounds for misbehaving monitors
+  through setting up custom EDID files and forcing kernel/framebuffer modes.
+
+- A new display-manager `services.displayManager.ly` was added.
+  It is a tui based replacement of sddm and lightdm for window manager users.
+  Users can use it by `services.displayManager.ly.enable` and config it by
+  `services.displayManager.ly.settings` to generate `/etc/ly/config.ini`
 
 ## New Services {#sec-release-24.11-new-services}
 
+- [TaskChampion Sync-Server](https://github.com/GothenburgBitFactory/taskchampion-sync-server), a [Taskwariror 3](https://taskwarrior.org/docs/upgrade-3/) sync server, replacing Taskwarrior 2's sync server named [`taskserver`](https://github.com/GothenburgBitFactory/taskserver).
+
+- [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr), proxy server to bypass Cloudflare protection. Available as [services.flaresolverr](#opt-services.flaresolverr.enable) service.
+
+- [Goatcounter](https://www.goatcounter.com/), Easy web analytics. No tracking of personal data. Available as [services.goatcounter](options.html#opt-services.goatcocunter.enable).
+
 - [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI
   for LLMs. Available as [services.open-webui](#opt-services.open-webui.enable)
   service.
@@ -19,12 +41,55 @@
 
 - [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood).
 
+- [QGroundControl], a ground station support and configuration manager for the PX4 and APM Flight Stacks. Available as [programs.qgroundcontrol](options.html#opt-programs.qgroundcontrol.enable).
+
+- [Eintopf](https://eintopf.info), community event and calendar web application. Available as [services.eintopf](options.html#opt-services.eintopf).
+
+- [Radicle](https://radicle.xyz), an open source, peer-to-peer code collaboration stack built on Git. Available as [services.radicle](#opt-services.radicle.enable).
+
+- [ddns-updater](https://github.com/qdm12/ddns-updater), a service to update DNS records periodically with WebUI for many DNS providers. Available as [services.ddns-updater](#opt-services.ddns-updater.enable).
+
+- [Immersed VR](https://immersed.com/), a closed-source coworking platform. Available as [programs.immersed-vr](#opt-programs.immersed-vr.enable).
+
+- [HomeBox](https://github.com/hay-kot/homebox/): the inventory and organization system built for the Home User. Available as [services.homebox](#opt-services.homebox.enable).
+
 - [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
 
+- [Music Assistant](https://music-assistant.io/), a music library manager for your offline and online music sources which can easily stream your favourite music to a wide range of supported players. Available as [services.music-assistant](#opt-services.music-assistant.enable).
+
+- [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
+
 - [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable).
 
+- [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable).
+
+- [Localsend](https://localsend.org/), an open source cross-platform alternative to AirDrop. Available as [programs.localsend](#opt-programs.localsend.enable).
+
+- [cryptpad](https://cryptpad.org/), a privacy-oriented collaborative platform (docs/drive/etc), has been added back. Available as [services.cryptpad](#opt-services.cryptpad.enable).
+
+- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable).
+
+- [Gotenberg](https://gotenberg.dev), an API server for converting files to PDFs that can be used alongside Paperless-ngx. Available as [services.gotenberg](options.html#opt-services.gotenberg).
+
 - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
 
+- [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).
+
+- [Apache Tika](https://github.com/apache/tika), a toolkit that detects and extracts metadata and text from over a thousand different file types. Available as [services.tika](option.html#opt-services.tika).
+
+- [Misskey](https://misskey-hub.net/en/), an interplanetary microblogging platform. Available as [services.misskey](options.html#opt-services.misskey).
+
+- [Improved File Manager](https://github.com/misterunknown/ifm), or IFM, a single-file web-based file manager.
+
+- [OpenGFW](https://github.com/apernet/OpenGFW), an implementation of the Great Firewall on Linux. Available as [services.opengfw](#opt-services.opengfw.enable).
+
+- [Rathole](https://github.com/rapiz1/rathole), a lightweight and high-performance reverse proxy for NAT traversal. Available as [services.rathole](#opt-services.rathole.enable).
+
+- [Proton Mail bridge](https://proton.me/mail/bridge), a desktop application that runs in the background, encrypting and decrypting messages as they enter and leave your computer. It lets you add your Proton Mail account to your favorite email client via IMAP/SMTP by creating a local email server on your computer.
+
+- [chromadb](https://www.trychroma.com/), an open-source AI application
+  database. Batteries included. Available as [services.chromadb](options.html#opt-services.chromadb.enable).
+
 ## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
 
 - `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:
@@ -53,6 +118,11 @@
 
 - `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
 
+- `systemd.enableUnifiedCgroupHierarchy` option has been removed.
+  In systemd 256 support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now considered obsolete and systemd by default will refuse to boot under it.
+  To forcibly reenable cgroup v1 support, you can `set boot.kernelParams = [ "systemd.unified_cgroup_hierachy=0" "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" ]`.
+  NixOS does not officially support this configuration and might cause your system to be unbootable in future versions. You are on your own.
+
 - `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can
   use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`).
 
@@ -60,16 +130,28 @@
   it is set, instead of the previous hardcoded default of
   `${networking.hostName}.${security.ipa.domain}`.
 
+- The `MSMTP_QUEUE` and `MSMTP_LOG` environment variables accepted by `msmtpq` have now been renamed to `MSMTPQ_Q` and `MSMTPQ_LOG` respectively.
+
 - The fcgiwrap module now allows multiple instances running as distinct users.
   The option `services.fgciwrap` now takes an attribute set of the
   configuration of each individual instance.
   This requires migrating any previous configuration keys from
-  `services.fcgiwrap.*` to `services.fcgiwrap.some-instance.*`.
+  `services.fcgiwrap.*` to `services.fcgiwrap.instances.some-instance.*`.
   The ownership and mode of the UNIX sockets created by this service are now
   configurable and private by default.
   Processes also now run as a dynamically allocated user by default instead of
   root.
 
+- `singularity-tools` have the `storeDir` argument removed from its override interface and use `builtins.storeDir` instead.
+
+- Two build helpers in `singularity-tools`, i.e., `mkLayer` and `shellScript`, are deprecated, as they are no longer involved in image-building. Maintainers will remove them in future releases.
+
+- The `budgie` and `budgiePlugins` scope have been removed and their packages
+  moved into the top level scope (i.e., `budgie.budgie-desktop` is now
+  `budgie-desktop`)
+
+- All Cinnamon and XApp packages have been moved to top-level (i.e., `cinnamon.nemo` is now `nemo`).
+
 - `services.cgit` now runs as the cgit user by default instead of root.
   This change requires granting access to the repositories to this user or
   setting the appropriate one through `services.cgit.some-instance.user`.
@@ -78,6 +160,24 @@
   nvimpager settings: user commands in `-c` and `--cmd` now override the
   respective default settings because they are executed later.
 
+- Kubernetes `featureGates` have changed from a `listOf str` to `attrsOf bool`.
+  This refactor makes it possible to also disable feature gates, without having
+  to use `extraOpts` flags.
+
+  A previous configuration may have looked like this:
+  ```nix
+  featureGates = [ "EphemeralContainers" ];
+  extraOpts = pkgs.lib.concatStringsSep " " (
+  [
+    ''--feature-gates="CSIMigration=false"''
+  });
+  ```
+
+  Using an AttrSet instead, the new configuration would be:
+  ```nix
+  featureGates = {EphemeralContainers = true; CSIMigration=false;};
+  ```
+
 - `pkgs.nextcloud27` has been removed since it's EOL.
 
 - `services.forgejo.mailerPasswordFile` has been deprecated by the drop-in replacement `services.forgejo.secrets.mailer.PASSWD`,
@@ -85,8 +185,18 @@
   `services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as
   `services.forgejo.settings` but takes file paths that will be read before service startup instead of some plaintext value.
 
+- `forgejo` and `forgejo-lts` no longer support the opt-in feature [PAM (Pluggable Authentication Module)](https://forgejo.org/docs/latest/user/authentication/#pam-pluggable-authentication-module).
+
 - `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead.
 
+- `services.pgbouncer` systemd service is configured with `Type=notify-reload` and allows reloading configuration without process restart. PgBouncer configuration options were moved to the free-form type option named [`services.pgbouncer.settings`](#opt-services.pgbouncer.settings) according to the NixOS RFC 0042.
+
+- `teleport` has been upgraded from major version 15 to major version 16.
+  Refer to upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/)
+  and [release notes for v16](https://goteleport.com/docs/changelog/#1600-061324).
+
+- `tests.overriding` has its `passthru.tests` restructured as an attribute set instead of a list, making individual tests accessible by their names.
+
 - `vaultwarden` lost the capability to bind to privileged ports. If you rely on
    this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in
    your local configuration.
@@ -94,11 +204,17 @@
 - The Invoiceplane module now only accepts the structured `settings` option.
   `extraConfig` is now removed.
 
+- The `ollama` services replaces its `sandbox` toggle with options to configure
+  a static `user` and `group`. The `writablePaths` option has been removed and
+  the models directory is now always exempt from sandboxing.
+
 - Legacy package `stalwart-mail_0_6` was dropped, please note the
   [manual upgrade process](https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md)
   before changing the package to `pkgs.stalwart-mail` in
   [`services.stalwart-mail.package`](#opt-services.stalwart-mail.package).
 
+- The `nomad_1_5` package was dropped, as [it has reached end-of-life upstream](https://support.hashicorp.com/hc/en-us/articles/360021185113-Support-Period-and-End-of-Life-EOL-Policy). Evaluating it will throw an error.
+
 - `androidndkPkgs` has been updated to `androidndkPkgs_26`.
 
 - Android NDK version 26 and SDK version 33 are now the default versions used for cross compilation to android.
@@ -107,6 +223,10 @@
   and `nodePackages.vscode-json-languageserver-bin` were dropped due to an unmaintained upstream.
   The `vscode-langservers-extracted` package is a maintained drop-in replacement.
 
+- `fetchNextcloudApp` has been rewritten to use `fetchurl` rather than
+  `fetchzip`. This invalidates all existing hashes but you can restore the old
+  behavior by passing it `unpack = true`.
+
 - `haskell.lib.compose.justStaticExecutables` now disallows references to GHC in the
   output by default, to alert users to closure size issues caused by
   [#164630](https://github.com/NixOS/nixpkgs/issues/164630). See ["Packaging
@@ -134,6 +254,8 @@
   services.shiori.environmentFile = "/path/to/env-file";
   ```
 
+- `/share/nano` is now only linked when `programs.nano.enable` is enabled.
+
 - `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details.
 
 - `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will
@@ -146,6 +268,12 @@
 
 - `gitlab` has been updated from 16.x to 17.x and requires at least `postgresql` 14.9, as stated in the [documentation](https://docs.gitlab.com/17.1/ee/install/requirements.html#postgresql-requirements). Check the [upgrade guide](#module-services-postgres-upgrading) in the NixOS manual on how to upgrade your PostgreSQL installation.
 
+- `gitaly` (part of `gitlab`) is now using the bundled `git` package instead of `pkgs.git` to maintain compatibility with GitLab.
+
+- `nixos/gitlab` no longer adds `pkgs.git` to `environment.systemPackages` by default.
+
+- The `replay-sorcery` package and module was removed as it unmaintained upstream. Consider using `gpu-screen-recorder` or `obs-studio` instead.
+
 - `zx` was updated to v8, which introduces several breaking changes.
   See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.
 
@@ -162,9 +290,15 @@
   Explicitly set `kubelet.hostname` to `networking.fqdnOrHostName` to get back
   the old default behavior.
 
+- Docker now defaults to 27.x, because version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).
+
 - `keycloak` was updated to version 25, which introduces new hostname related options.
   See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
 
+- `programs.vim.defaultEditor` now only works if `programs.vim.enable` is enabled.
+
+- `/share/vim-plugins` now only gets linked if `programs.vim.enable` is enabled
+
 - The `tracy` package no longer works on X11, since it's moved to Wayland
   support, which is the intended default behavior by Tracy maintainers.
   X11 users have to switch to the new package `tracy-x11`.
@@ -172,27 +306,128 @@
 - The `services.prometheus.exporters.minio` option has been removed, as it's upstream implementation was broken and unmaintained.
   Minio now has built-in [Prometheus metrics exposure](https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metrics-using-prometheus.html), which can be used instead.
 
+- The `services.patroni.raft` option has been removed, as Raft has been [deprecated by upstream since 3.0.0](https://github.com/patroni/patroni/blob/master/docs/releases.rst#version-300)
+
+- `services.roundcube.maxAttachmentSize` will multiply the value set with `1.37` to offset overhead introduced by the base64 encoding applied to attachments.
+
+- The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details.
+
+- The `services.mxisd` module has been removed as both [mxisd](https://github.com/kamax-matrix/mxisd) and [ma1sd](https://github.com/ma1uta/ma1sd) are not maintained any longer.
+  Consequently the package `pkgs.ma1sd` has also been removed.
+
+- `ffmpeg_5` has been removed. Please use the unversioned `ffmpeg`,
+  pin a newer version, or if necessary pin `ffmpeg_4` for compatibility.
+
+- The `xdg.portal.gtkUsePortal` option has been removed, as it had been deprecated for over 2 years. Using the `GTK_USE_PORTAL` environment variable in this manner is not intended nor encouraged by the GTK developers, but can still be done manually via `environment.sessionVariables`.
+
+- The `services.trust-dns` module has been renamed to `services.hickory-dns`.
+
 ## Other Notable Changes {#sec-release-24.11-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
+- The `zerocallusedregs` hardening flag is enabled by default on compilers that support it.
+
+- The `stackclashprotection` hardening flag has been added, though disabled by default.
+
+- The `pacret` hardening flag has been added, though disabled by default.
+
+- `cargoSha256` in `rustPlatform.buildRustPackage` has been deprecated in favor
+  of `cargoHash` which supports SRI hashes. See
+  [buildRustPackage: Compiling Rust applications with Cargo](https://nixos.org/manual/nixpkgs/unstable/#compiling-rust-applications-with-cargo)
+  for more information.
+
 - `hareHook` has been added as the language framework for Hare. From now on, it,
   not the `hare` package, should be added to `nativeBuildInputs` when building
   Hare programs.
 
 - [`lib.options.mkPackageOptionMD`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOptionMD) is now obsolete; use the identical [`lib.options.mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption) instead.
 
+- `lib.misc.mapAttrsFlatten` is now formally deprecated and will be removed in future releases; use the identical [`lib.attrsets.mapAttrsToList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapAttrsToList) instead.
+
+- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.
+
+- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.
+
 - To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
   The derivation now installs "impl" headers selectively instead of by a wildcard.
   Use `imgui.src` if you just want to access the unpacked sources.
 
+- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
+  unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.
+
+- The `i18n.inputMethod` module introduces two new properties:
+  `enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.
+
+- `security.pam.u2f` now follows RFC42.
+  All module options are now settable through the freeform `.settings`.
+
+- Gollum was upgraded to major version 6. Read their [migration notes](https://github.com/gollum/gollum/wiki/6.0-Release-Notes).
+
+- The hooks `yarnConfigHook` and `yarnBuildHook` were added. These should replace `yarn2nix.mkYarnPackage` and other `yarn2nix` related tools. The motivation to get rid of `yarn2nix` tools is the fact that they are too complex and hard to maintain, and they rely upon too much Nix evaluation which is problematic if import-from-derivation is not allowed (see more details at [#296856](https://github.com/NixOS/nixpkgs/issues/296856). The transition from `mkYarnPackage` to `yarn{Config,Build}Hook` is tracked at [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
+
 - Cinnamon has been updated to 6.2.
   - Following Mint 22 defaults, the Cinnamon module no longer ships geary and hexchat by default.
   - Nemo is now built with gtk-layer-shell support, note that for now it will be expected to see nemo-desktop
     listed as a regular entry in Cinnamon Wayland session's window list applet.
 
+- The `shadowstack` hardening flag has been added, though disabled by default.
+
+- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
+
 - Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872)
   in `gitlab-runner` 15.6 and is expected to be removed in `gitlab-runner` 18.0. Configuration of existing runners
   should be changed to using *runner authentication tokens* by configuring
   {option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile` instead of the former
   {option}`services.gitlab-runner.services.<name>.registrationConfigFile` option.
+
+- `iproute2` now has libbpf support.
+
+- `nix.channel.enable = false` no longer implies `nix.settings.nix-path = []`.
+  Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overriden by the `NIX_PATH` configuration variable.
+
+- Buildkite Agents are now each running in their own private `/tmp`.
+  To return to the old behaviour, set `systemd.services.buildkite-agent-${name}.serviceConfig.PrivateTmp = false;`.
+
+## Detailed migration information {#sec-release-24.11-migration}
+
+### `sound` options removal {#sec-release-24.11-migration-sound}
+
+The `sound` options have been largely removed, as they are unnecessary for most modern setups, and cause issues when enabled.
+
+If you set `sound.enable` in your configuration:
+  - If you are using Pulseaudio or PipeWire, simply remove that option
+  - If you are not using an external sound server, and want volumes to be persisted across shutdowns, set `hardware.alsa.enablePersistence = true` instead
+
+If you set `sound.enableOSSEmulation` in your configuration:
+  - Make sure it is still necessary, as very few applications actually use OSS
+  - If necessary, set `boot.kernelModules = [ "snd_pcm_oss" ]`
+
+If you set `sound.extraConfig` in your configuration:
+  - If you are using another sound server, like Pulseaudio, JACK or PipeWire, migrate your configuration to that
+  - If you are not using an external sound server, set `environment.etc."asound.conf".text = yourExtraConfig` instead
+
+If you set `sound.mediaKeys` in your configuration:
+  - Preferably switch to handling media keys in your desktop environment/compositor
+  - If you want to maintain the exact behavior of the option, use the following snippet
+
+```nix
+services.actkbd = let
+  volumeStep = "1%";
+in {
+  enable = true;
+  bindings = [
+    # "Mute" media key
+    { keys = [ 113 ]; events = [ "key" ];       command = "${alsa-utils}/bin/amixer -q set Master toggle"; }
+
+    # "Lower Volume" media key
+    { keys = [ 114 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}- unmute"; }
+
+    # "Raise Volume" media key
+    { keys = [ 115 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}+ unmute"; }
+
+    # "Mic Mute" media key
+    { keys = [ 190 ]; events = [ "key" ];       command = "${alsa-utils}/bin/amixer -q set Capture toggle"; }
+  ];
+};
+```
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-20 12:40:19 +0000