diff options
Diffstat (limited to 'nixos/doc/manual')
9 files changed, 747 insertions, 331 deletions
diff --git a/nixos/doc/manual/development/option-types.section.md b/nixos/doc/manual/development/option-types.section.md index 00f1d85bdb615..d32d4fc50ad79 100644 --- a/nixos/doc/manual/development/option-types.section.md +++ b/nixos/doc/manual/development/option-types.section.md @@ -308,6 +308,10 @@ The option set can be defined directly ([Example: Directly defined submodule](#ex-submodule-direct)) or as reference ([Example: Submodule defined as a reference](#ex-submodule-reference)). +Note that even if your submodule’s options all have a default value, +you will still need to provide a default value (e.g. an empty attribute set) +if you want to allow users to leave it undefined. + ::: {#ex-submodule-direct .example} ::: {.title} **Example: Directly defined submodule** diff --git a/nixos/doc/manual/from_md/development/option-types.section.xml b/nixos/doc/manual/from_md/development/option-types.section.xml index 4447292927021..c67e183581c2c 100644 --- a/nixos/doc/manual/from_md/development/option-types.section.xml +++ b/nixos/doc/manual/from_md/development/option-types.section.xml @@ -617,6 +617,12 @@ (<link linkend="ex-submodule-reference">Example: Submodule defined as a reference</link>). </para> + <para> + Note that even if your submodule’s options all have a default + value, you will still need to provide a default value (e.g. an + empty attribute set) if you want to allow users to leave it + undefined. + </para> <anchor xml:id="ex-submodule-direct" /> <para> <emphasis role="strong">Example: Directly defined diff --git a/nixos/doc/manual/from_md/installation/upgrading.chapter.xml b/nixos/doc/manual/from_md/installation/upgrading.chapter.xml index e3b77d4c3650b..11fe1d317ccdd 100644 --- a/nixos/doc/manual/from_md/installation/upgrading.chapter.xml +++ b/nixos/doc/manual/from_md/installation/upgrading.chapter.xml @@ -12,7 +12,7 @@ <listitem> <para> <emphasis>Stable channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.11"><literal>nixos-21.11</literal></link>. + <link xlink:href="https://nixos.org/channels/nixos-22.05"><literal>nixos-22.05</literal></link>. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), @@ -33,7 +33,7 @@ <listitem> <para> <emphasis>Small channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.11-small"><literal>nixos-21.11-small</literal></link> + <link xlink:href="https://nixos.org/channels/nixos-22.05-small"><literal>nixos-22.05-small</literal></link> or <link xlink:href="https://nixos.org/channels/nixos-unstable-small"><literal>nixos-unstable-small</literal></link>. These are identical to the stable and unstable channels @@ -60,8 +60,8 @@ <para> When you first install NixOS, you’re automatically subscribed to the NixOS channel that corresponds to your installation source. For - instance, if you installed from a 21.11 ISO, you will be subscribed - to the <literal>nixos-21.11</literal> channel. To see which NixOS + instance, if you installed from a 22.05 ISO, you will be subscribed + to the <literal>nixos-22.05</literal> channel. To see which NixOS channel you’re subscribed to, run the following as root: </para> <programlisting> @@ -76,17 +76,17 @@ nixos https://nixos.org/channels/nixos-unstable </programlisting> <para> (Be sure to include the <literal>nixos</literal> parameter at the - end.) For instance, to use the NixOS 21.11 stable channel: + end.) For instance, to use the NixOS 22.05 stable channel: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos </programlisting> <para> If you have a server, you may want to use the <quote>small</quote> channel instead: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos </programlisting> <para> And if you want to live on the bleeding edge: @@ -146,7 +146,7 @@ system.autoUpgrade.allowReboot = true; also specify a channel explicitly, e.g. </para> <programlisting language="bash"> -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05; </programlisting> </section> </chapter> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 40b4672062524..5208671e4dab0 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -1,9 +1,5 @@ <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05"> - <title>Release 22.05 (“Quokka”, 2022.05/??)</title> - <para> - In addition to numerous new and upgraded packages, this release has - the following highlights: - </para> + <title>Release 22.05 (“Quokka”, 2022.05/30)</title> <itemizedlist spacing="compact"> <listitem> <para> @@ -14,77 +10,36 @@ </itemizedlist> <section xml:id="sec-release-22.05-highlights"> <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> <itemizedlist> <listitem> - <para> - The <literal>firefox</literal> browser on - <literal>x86_64-linux</literal> is now making use of - profile-guided optimization resulting in a much more - responsive browsing experience. - </para> +<literallayout>Nix has been updated from 2.3 to 2.8. This mainly brings experimental support for Flakes, but also marks the <literal>nix</literal> command as experimental which now has to be enabled via the configuration explicitly. For more information and instructions for upgrades, see the relase notes for <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html">nix-2.4</link>, +<link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html">nix-2.5</link>, <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html">nix-2.6</link>, <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html">nix-2.7</link> and <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.8.html">nix-2.8</link></literallayout> </listitem> <listitem> <para> - <literal>security.acme.defaults</literal> has been added to - simplify configuring settings for many certificates at once. - This also opens up the the option to use DNS-01 validation - when using <literal>enableACME</literal> on web server virtual - hosts (e.g. - <literal>services.nginx.virtualHosts.*.enableACME</literal>). + The <literal>firefox</literal> browser on + <literal>x86_64-linux</literal> now makes use of + profile-guided optimisation, resulting in a much more + responsive browsing experience. </para> </listitem> <listitem> <para> GNOME has been upgraded to 42. Please take a look at their <link xlink:href="https://release.gnome.org/42/">Release - Notes</link> for details. Notably, it replaces gedit with - GNOME Text Editor, GNOME Terminal with GNOME Console (formerly - King’s Cross), and GNOME Screenshot with a tool built into the - Shell. - </para> - </listitem> - <listitem> - <para> - <literal>stdenv.mkDerivation</literal> now supports a - self-referencing <literal>finalAttrs:</literal> parameter - containing the final <literal>mkDerivation</literal> arguments - including overrides. <literal>drv.overrideAttrs</literal> now - supports two parameters - <literal>finalAttrs: previousAttrs:</literal>. This allows - packaging configuration to be overridden in a consistent - manner by providing an alternative to - <literal>rec {}</literal> syntax. - </para> - <para> - Additionally, <literal>passthru</literal> can now reference - <literal>finalAttrs.finalPackage</literal> containing the - final package, including attributes such as the output paths - and <literal>overrideAttrs</literal>. - </para> - <para> - New language integrations can be simplified by overriding a - <quote>prototype</quote> package containing the - language-specific logic. This removes the need for a extra - layer of overriding for the <quote>generic builder</quote> - arguments, thus removing a usability problem and source of - error. - </para> - </listitem> - <listitem> - <para> - PHP 8.1 is now available + Notes</link> for details. In particular, it replaces gedit + with GNOME Text Editor, GNOME Terminal with GNOME Console + (formerly King’s Cross) and GNOME Screenshot by a tool + integrated into the Shell. </para> </listitem> <listitem> <para> - Mattermost has been updated to extended support release 6.3, - as the previously packaged extended support release 5.37 is - <link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching - its end of life</link>. Migrations may take a while, see the - <link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link> - and - <link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important - upgrade notes</link>. + PHP 8.1 is now available. </para> </listitem> <listitem> @@ -102,37 +57,22 @@ </listitem> <listitem> <para> - Pulseaudio has been upgraded to version 15.0 and now - optionally + Pulseaudio has been updated to version 15.0 and now optionally <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters">supports - additional Bluetooth audio codecs</link> like aptX or LDAC, - with codec switching support being available in + additional Bluetooth audio codecs</link> such as aptX or LDAC, + with codec switching available in <literal>pavucontrol</literal>. This feature is disabled by - default but can be enabled by using + default, but can be enabled with the option <literal>hardware.pulseaudio.package = pkgs.pulseaudioFull;</literal>. - Existing 3rd party modules that provided similar - functionality, like <literal>pulseaudio-modules-bt</literal> - or <literal>pulseaudio-hsphfpd</literal> are deprecated and - have been removed. - </para> - </listitem> - <listitem> - <para> - The new - <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> - runs a PostgreSQL server for the duration of package checks. + Existing third-party modules that offered similar functions, + such as <literal>pulseaudio-modules-bt</literal> or + <literal>pulseaudio-hsphfpd</literal>, are obsolete and have + been removed. </para> </listitem> <listitem> <para> - <link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link> - defaults to 1.22.4, which will enable - <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance - Metadata Service Version 2</link> and require tokens on new - clusters with Kubernetes 1.22. This will increase security by - default, but may break some types of workloads. See the - <link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">release - notes</link> for details. + PostgreSQL now defaults to major version 14. </para> </listitem> <listitem> @@ -159,6 +99,16 @@ users to easily install and set up NixOS with a GUI. </para> </listitem> + <listitem> + <para> + <literal>security.acme.defaults</literal> has been added to + simplify the configuration of settings for many certificates + at once. This also opens up the option to use DNS-01 + validation when using <literal>enableACME</literal> web server + virtual hosts (e.g. + <literal>services.nginx.virtualHosts.*.enableACME</literal>). + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-new-services"> @@ -166,6 +116,16 @@ <itemizedlist> <listitem> <para> + <link xlink:href="https://1password.com/">1password</link>, + command-lines and graphic interface for 1Password. Available + as + <link linkend="opt-programs._1password.enable">programs._1password</link> + and + <link linkend="opt-programs._1password.enable">programs._1password-gui</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>, the Intel SGX Architectural Enclave Service Manager. Available as @@ -174,90 +134,148 @@ </listitem> <listitem> <para> - <link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless - Docker</link>, a <literal>systemd --user</literal> Docker - service which runs without root permissions. Available as - <link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>. + <link xlink:href="https://github.com/mbrubeck/agate">agate</link>, + a very simple server for the Gemini hypertext protocol. + Available as + <link linkend="opt-services.agate.enable">services.agate</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://conduit.rs/">matrix-conduit</link>, - a simple, fast and reliable chat server powered by matrix. - Available as - <link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>. + <link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>, + a kernel module for mounting the Apple File System (APFS). </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>, - listen to your network traffic. Available as - <link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>. + <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>, + a C# application with primary purpose of idling Steam cards + from multiple accounts simultaneously. Available as + <link linkend="opt-services.archisteamfarm.enable">services.archisteamfarm</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>, - a lightweight shipper for forwarding and centralizing log - data. Available as - <link linkend="opt-services.filebeat.enable">services.filebeat</link>. + <link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>, + a lightweight NuGet and symbol server. Available at + <link linkend="opt-services.baget.enable">services.baget</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>, - a kernel module for mounting the Apple File System (APFS). + <link xlink:href="https://github.com/xddxdd/bird-lg-go">bird-lg</link>, + a BGP looking glass for Bird Routing. Available as + <link linkend="opt-services.bird-lg.package">services.bird-lg</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://frrouting.org/">FRRouting</link>, a - popular suite of Internet routing protocol daemons (BGP, BFD, - OSPF, IS-IS, VRRP and others). Available as - <link linkend="opt-services.frr.babel.enable">services.frr</link> + <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>, + fast and lightweight DNS proxy as ad-blocker for local network + with many features. Available as + <link linkend="opt-services.blocky.enable">services.blocky</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>, - a bouncer-style Matrix IRC bridge. Available as - <link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>. + <link xlink:href="https://github.com/kissgyorgy/cloudflare-dyndns">cloudflare-dyndns</link>, + CloudFlare Dynamic DNS client. Available as + <link linkend="opt-services.cloudflare-dyndns.enable">services.cloudflare-dyndns</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>, - a system to defeat internet censorship. Available as - <link xlink:href="options.html#opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>. + <link xlink:href="https://corosync.github.io/corosync/">Corosync</link> + and + <link xlink:href="https://clusterlabs.org/pacemaker/">Pacemaker</link>, + A open-source high availability resource manager. Available as + <link linkend="opt-services.corosync.enable">services.corosync</link> + and + <link linkend="opt-services.pacemaker.enable">services.pacemaker</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/lakinduakash/linux-wifi-hotspot">create_ap</link>, + a module for creating wifi hotspots using the program + linux-wifi-hotspot. Available as + <link linkend="opt-services.create_ap.enable">services.create_ap</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.envoyproxy.io/">Envoy</link>, a + high-performance reverse proxy. Available as + <link linkend="opt-services.envoy.enable">services.envoy</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://ergo.chat">ergochat</link>, a modern IRC with IRCv3 features. Available as - <link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>. + <link linkend="opt-services.ergochat.enable">services.ergochat</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://snipeitapp.com">Snipe-IT</link>, a - free open source IT asset/license management system. Available - as - <link xlink:href="options.html#opt-services.snipe-it.enable">services.snipe-it</link>. + <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>, + an online collaborative spreadsheet. Available as + <link linkend="opt-services.ethercalc.enable">services.ethercalc</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>, - a web interface for the PowerDNS server. Available at - <link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>. + <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>, + a lightweight shipper for forwarding and centralizing log + data. Available as + <link linkend="opt-services.filebeat.enable">services.filebeat</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, - an admin interface for the PostgreSQL database. Available at - <link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>. + <link xlink:href="https://frrouting.org/">FRRouting</link>, a + popular suite of Internet routing protocol daemons (BGP, BFD, + OSPF, IS-IS, VRRP and others). Available as + <link linkend="opt-services.frr.babel.enable">services.frr</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://grafana.com/oss/mimir/">Grafana + Mimir</link>, an open source, horizontally scalable, highly + available, multi-tenant, long-term storage for Prometheus. + Available as + <link linkend="opt-services.mimir.enable">services.mimir</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://hastebin.com/about.md">Haste</link>, + a pastebin written in node.js. Available as + <link linkend="opt-services.haste-server.enable">services.haste</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/juanfont/headscale">headscale</link>, + an Open Source implementation of the + <link xlink:href="https://tailscale.io">Tailscale</link> + Control Server. Available as + <link linkend="opt-services.headscale.enable">services.headscale</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>, + a bouncer-style Matrix IRC bridge. Available as + <link linkend="opt-services.heisenbridge.enable">services.heisenbridge</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/aarond10/https_dns_proxy">https-dns-proxy</link>, + DNS to DNS over HTTPS (DoH) proxy. Available as + <link linkend="opt-services.https-dns-proxy.enable">services.https-dns-proxy</link>. </para> </listitem> <listitem> @@ -265,7 +283,7 @@ <link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>, an easy to use tool to change the mapping of your input device buttons. Available at - <link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>. + <link linkend="opt-services.input-remapper.enable">services.input-remapper</link>. </para> </listitem> <listitem> @@ -273,109 +291,133 @@ <link xlink:href="https://invoiceplane.com">InvoicePlane</link>, web application for managing and creating invoices. Available at - <link xlink:href="options.html#opt-services.invoiceplane.enable">services.invoiceplane</link>. + <link linkend="opt-services.invoiceplane.sites._name_.enable">services.invoiceplane</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://maddy.email">maddy</link>, a - composable all-in-one mail server. Available as - <link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>. + <link xlink:href="https://userbase.kde.org/K3b">k3b</link>, + the KDE disk burning application. Available as + <link linkend="opt-programs.k3b.enable">programs.k3b</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>, a program to control cheap Chinese laser cutters. Available as - <link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>. + <link linkend="opt-programs.k40-whisperer.enable">programs.k40-whisperer.enable</link>. Users must add themselves to the <literal>k40</literal> group to be able to access the device. </para> </listitem> <listitem> <para> + <link xlink:href="https://kanidm.github.io/kanidm/stable/">kanidm</link>, + an identity management server written in Rust. Available as + <link linkend="opt-services.kanidm.enableServer">services.kanidm</link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://maddy.email/">Maddy</link>, a free + an open source mail server. Availabe as + <link linkend="opt-services.maddy.enable">services.maddy</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://conduit.rs/">matrix-conduit</link>, + a simple, fast and reliable chat server powered by matrix. + Available as + <link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://moosefs.com">Moosefs</link>, fault + tolerant petabyte distributed file system. Available as + <link linkend="opt-services.moosefs.master.enable">moosefs</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/mozilla-mobile/mozilla-vpn-client">mozillavpn</link>, the client for the <link xlink:href="https://vpn.mozilla.org/">Mozilla VPN</link> service. Available as - <link xlink:href="options.html#opt-services.mozillavpn">services.mozillavpn</link>. + <link linkend="opt-services.mozillavpn.enable">services.mozillavpn</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>, a Prometheus exporter for mtr metrics. Available as - <link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>. + <link linkend="opt-services.mtr-exporter.enable">services.mtr-exporter</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>, - a tool that exposes information from the Proxmox VE API for - use by Prometheus. Available as - <link xlink:href="options.html#opt-services.prometheus.exporters.pve">services.prometheus.exporters.pve</link>. + <link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a + Network Block Device server. Available as + <link linkend="opt-services.nbd.server.enable">services.nbd</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://github.com/netbox-community/netbox">netbox</link>, infrastructure resource modeling (IRM) tool. Available as - <link xlink:href="options.html#opt-services.netbox.enable">services.netbox</link>. + <link linkend="opt-services.netbox.enable">services.netbox</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://tetrd.app">tetrd</link>, share your - internet connection from your device to your PC and vice versa - through a USB cable. Available at - <link linkend="opt-services.tetrd.enable">services.tetrd</link>. + <link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>, + listen to your network traffic. Available as + <link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://upterm.dev">uptermd</link>, an - open-source solution for sharing terminal sessions instantly - over the public internet via secure tunnels. Available at - <link linkend="opt-services.uptermd.enable">services.uptermd</link>. + <link xlink:href="https://nifi.apache.org">nifi</link>, an + easy to use, powerful, and reliable system to process and + distribute data. Available as + <link linkend="opt-services.nifi.enable">services.nifi</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/mbrubeck/agate">agate</link>, - a very simple server for the Gemini hypertext protocol. - Available as - <link xlink:href="options.html#opt-services.agate.enable">services.agate</link>. + <link xlink:href="https://github.com/Mic92/nix-ld">nix-ld</link>, + Run unpatched dynamic binaries on NixOS. Available as + <link linkend="opt-programs.nix-ld.enable">programs.nix-ld</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>, - a C# application with primary purpose of idling Steam cards - from multiple accounts simultaneously. Available as - <link xlink:href="options.html#opt-services.archisteamfarm.enable">services.archisteamfarm</link>. + <link xlink:href="http://www.nncpgo.org">NNCP</link>, NNCP + (Node to Node copy) utilities and configuration, Available as + <link linkend="opt-programs.nncp.enable">programs.nncp</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://goteleport.com">teleport</link>, - allows engineers and security professionals to unify access - for SSH servers, Kubernetes clusters, web applications, and - databases across all environments. Available at - <link linkend="opt-services.teleport.enable">services.teleport</link>. + <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, + an admin interface for the PostgreSQL database. Available at + <link linkend="opt-services.pgadmin.enable">services.pgadmin</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>, - a lightweight NuGet and symbol server. Available at - <link linkend="opt-services.baget.enable">services.baget</link>. + <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>, + a web interface for the PowerDNS server. Available at + <link linkend="opt-services.powerdns-admin.enable">services.powerdns-admin</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://moosefs.com">moosefs</link>, fault - tolerant petabyte distributed file system. Available as - <link linkend="opt-services.moosefs.client.enable">moosefs</link>. + <link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>, + a tool that exposes information from the Proxmox VE API for + use by Prometheus. Available as + <link linkend="opt-services.prometheus.exporters.pve.enable">services.prometheus.exporters.pve</link>. </para> </listitem> <listitem> @@ -387,94 +429,145 @@ </listitem> <listitem> <para> - <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>, - allow system level notifications to reach the users. Available + <link xlink:href="https://public-inbox.org">Public + Inbox</link>, an <quote>archives first</quote> approach to + mailing lists. Available as + <link linkend="opt-services.public-inbox.enable">services.public-inbox</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/fleaz/r53-ddns">r53-ddns</link>, + a small tool to run your own DDNS service via AWS Route53. + Available as + <link linkend="opt-services.r53-ddns.enable">services.r53-ddns</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://ddvk.github.io/rmfakecloud/">rmfakecloud</link>, + a clone of the cloud sync the remarkable tablet. Available as + <link linkend="opt-services.rmfakecloud.enable">services.rmfakecloud</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless + Docker</link>, a <literal>systemd --user</literal> Docker + service which runs without root permissions. Available as + <link linkend="opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>, + a browser-based version of the RStudio IDE for the R + programming language. Available as + <link linkend="opt-services.rstudio-server.enable">services.rstudio-server</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/aler9/rtsp-simple-server">rtsp-simple-server</link>, + ready-to-use RTSP / RTMP / HLS server and proxy that allows to + read, publish and proxy video and audio streams. Available as + <link linkend="opt-services.rtsp-simple-server.enable">services.rtsp-simple-server</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://snipeitapp.com">Snipe-IT</link>, a + free open source IT asset/license management system. Available as - <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>. - Please keep in mind that this service should only be enabled - on machines with fully trusted users, as any local user is - able to DoS user sessions by spamming notifications. + <link linkend="opt-services.snipe-it.enable">services.snipe-it</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>, - an online collaborative spreadsheet. Available as - <link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>. + <link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>, + a system to defeat internet censorship. Available as + <link linkend="opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a - Network Block Device server. Available as - <link xlink:href="options.html#opt-services.nbd.server.enable">services.nbd</link>. + <link xlink:href="https://sslmate.com/">sslmate-agent</link>, + a daemon for managing SSL/TLS certificates on a server. + Available as + <link xlink:href="services.sslmate-agent.enable">services.sslmate-agent</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/Mic92/nix-ld">nix-ld</link>, - Run unpatched dynamic binaries on NixOS. Available as - <link xlink:href="options.html#opt-programs.nix-ld.enable">programs.nix-ld</link>. + <link xlink:href="https://starship.rs">starship</link>, a + minimal, blazing-fast, and infinitely customizable prompt for + any shell. Available at + <link linkend="opt-programs.starship.enable">programs.startship</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://timetagger.app">timetagger</link>, - an open source time-tracker with an intuitive user experience - and powerful reporting. - <link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>. + <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>, + allow system level notifications to reach the users. Available + as + <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>. + Please keep in mind that this service should only be enabled + on machines with fully trusted users, as any local user is + able to DoS user sessions by spamming notifications. </para> </listitem> <listitem> <para> - <link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>, - a browser-based version of the RStudio IDE for the R - programming language. Available as - <link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>. + <link xlink:href="https://goteleport.com">teleport</link>, + allows engineers and security professionals to unify access + for SSH servers, Kubernetes clusters, web applications, and + databases across all environments. Available at + <link linkend="opt-services.teleport.enable">services.teleport</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/juanfont/headscale">headscale</link>, - an Open Source implementation of the - <link xlink:href="https://tailscale.io">Tailscale</link> - Control Server. Available as - <link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link> + <link xlink:href="https://tetrd.app">tetrd</link>, share your + internet connection from your device to your PC and vice versa + through a USB cable. Available at + <link linkend="opt-services.tetrd.enable">services.tetrd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/lakinduakash/linux-wifi-hotspot">create_ap</link>, - a module for creating wifi hotspots using the program - linux-wifi-hotspot. Available as - <link xlink:href="options.html#opt-services.create_ap.enable">services.create_ap</link>. + <link xlink:href="https://upterm.dev">uptermd</link>, an + open-source solution for sharing terminal sessions instantly + over the public internet via secure tunnels. Available at + <link linkend="opt-services.uptermd.enable">services.uptermd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>, - fast and lightweight DNS proxy as ad-blocker for local network - with many features. + <link xlink:href="https://github.com/darrylb123/usbrelay">usbrelayd</link>, + an USB Relay MQTT daemon. Available as + <link linkend="opt-services.usbrelayd.enable">services.usbrelayd</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://clusterlabs.org/pacemaker/">pacemaker</link> - cluster resource manager + <link xlink:href="https://github.com/miquels/webdav-server-rs">webdav-server-rs</link>, + Webdav server in rust. Available as + <link linkend="opt-services.webdav-server-rs.enable">services.webdav-server-rs</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://nifi.apache.org">nifi</link>, an - easy to use, powerful, and reliable system to process and - distribute data. Available as - <link xlink:href="options.html#opt-services.nifi.enable">services.nifi</link>. + <link xlink:href="https://github.com/gin66/wg_netmanager">wg-netmanager</link>, + the Wireguard network manager. Available as + <link linkend="opt-services.wg-netmanager.enable">services.wg-netmanager</link>. </para> </listitem> <listitem> <para> - <link xlink:href="https://kanidm.github.io/kanidm/stable/">kanidm</link>, - an identity management server written in Rust. + <link xlink:href="https://zammad.org/">Zammad</link>, a + web-based, open source user support/ticketing solution. + Available as + <link linkend="opt-services.zammad.enable">services.zammad</link>. </para> </listitem> </itemizedlist> @@ -522,7 +615,7 @@ version of the <literal>xmonad</literal> module, which will break your configuration if you use <literal>launch</literal> as entrypoint. The example code the corresponding nixos module - was adjusted, you way want to have a look at it. + was adjusted, you may want to have a look at it. </para> </listitem> <listitem> @@ -577,6 +670,15 @@ </listitem> <listitem> <para> + <literal>lib.systems.supported</literal> has been removed, as + it was overengineered for determining the systems to support + in the nixpkgs flake. The list of systems exposed by the + nixpkgs flake can now be accessed as + <literal>lib.systems.flakeExposed</literal>. + </para> + </listitem> + <listitem> + <para> For new installations <literal>virtualisation.oci-containers.backend</literal> is now set to <literal>podman</literal> by default. If you still @@ -683,6 +785,25 @@ </listitem> <listitem> <para> + <literal>openldap</literal> (and therefore the slapd LDAP + server) were updated to version 2.6.2. The project introduced + backwards-incompatible changes, namely the removal of the bdb, + hdb, ndb, and shell backends in slapd. Therefore before + updating, dump your database <literal>slapcat -n 1</literal> + in LDIF format, and reimport it after updating your + <literal>services.openldap.settings</literal>, which + represents your <literal>cn=config</literal>. + </para> + <para> + Additionally with 2.5 the argon2 module was included in the + standard distrubtion and renamed from + <literal>pw-argon2</literal> to <literal>argon2</literal>. + Remember to update your <literal>olcModuleLoad</literal> entry + in <literal>cn=config</literal>. + </para> + </listitem> + <listitem> + <para> <literal>openssh</literal> has been update to 8.9p1, changing the FIDO security key middleware interface. </para> @@ -885,7 +1006,7 @@ }; extraConfigFiles = [ - /run/keys/matrix-synapse/secrets.yaml + "/run/keys/matrix-synapse/secrets.yaml" ]; }; } @@ -893,7 +1014,9 @@ <para> The secrets in your original config should be migrated into a YAML file that is included via - <literal>extraConfigFiles</literal>. + <literal>extraConfigFiles</literal>. The filename must be + quoted to prevent nix from copying it to the (world readable) + store. </para> <para> Additionally a few option defaults have been synced up with @@ -1647,6 +1770,19 @@ </listitem> <listitem> <para> + The default version of <literal>nextcloud</literal> is + <emphasis role="strong">nextcloud24</emphasis>. Please note + that it’s <emphasis role="strong">not</emphasis> possible to + upgrade <literal>nextcloud</literal> across multiple major + versions! This means it’s e.g. not possible to upgrade from + <literal>nextcloud22</literal> to + <literal>nextcloud24</literal> in a single deploy and most + <literal>21.11</literal> users will have to upgrade to + <literal>nextcloud23</literal> first. + </para> + </listitem> + <listitem> + <para> <literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to <link xlink:href="https://github.com/navarasu/onedark.nvim">navarasu/onedark.nvim</link> (formerly refers to @@ -1853,6 +1989,43 @@ </listitem> <listitem> <para> + <link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link> + defaults to 1.23.2, which will enable + <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance + Metadata Service Version 2</link> and require tokens on new + clusters with Kubernetes >= 1.22. This will increase + security by default, but may break some types of workloads. + The default behaviour for + <literal>spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS</literal> + has changed from <literal>true</literal> to + <literal>false</literal>. Cilium now has + <literal>disable-cnp-status-updates: true</literal> by + default. Set this to false if you rely on the + CiliumNetworkPolicy status fields. Support for Kubernetes + 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS + 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been + removed. See the + <link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">1.22 + release notes</link> and + <link xlink:href="https://kops.sigs.k8s.io/releases/1.23-notes/">1.23 + release notes</link> for more details, including other + significant changes. + </para> + </listitem> + <listitem> + <para> + Mattermost has been upgraded to extended support version 6.3 + as the previously packaged extended support version 5.37 is + <link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching + end of life</link>. Migration may take some time, see the + <link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link> + and + <link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important + upgrade notes</link>. + </para> + </listitem> + <listitem> + <para> The <literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal> and corresponding @@ -2122,13 +2295,6 @@ sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb </listitem> <listitem> <para> - A new module was added for the Envoy reverse proxy, providing - the options <literal>services.envoy.enable</literal> and - <literal>services.envoy.settings</literal>. - </para> - </listitem> - <listitem> - <para> The option <literal>services.duplicati.dataDir</literal> has been added to allow changing the location of duplicati’s files. @@ -2324,15 +2490,6 @@ sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb </listitem> <listitem> <para> - A new module was added for the - <link xlink:href="https://starship.rs/">Starship</link> shell - prompt, providing the options - <literal>programs.starship.enable</literal> and - <literal>programs.starship.settings</literal>. - </para> - </listitem> - <listitem> - <para> The <link xlink:href="https://dino.im">Dino</link> XMPP client was updated to 0.3, adding support for audio and video calls. </para> @@ -2539,6 +2696,14 @@ sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb </listitem> <listitem> <para> + The default <literal>scribus</literal> version is now 1.5, + while version 1.4 is still available as + <literal>scribus_1_4</literal> + (<link xlink:href="https://github.com/NixOS/nixpkgs/pull/172700">#172700</link>). + </para> + </listitem> + <listitem> + <para> The Nextcloud module now supports to create a Mysql database automatically with <literal>services.nextcloud.database.createLocally</literal> @@ -2582,12 +2747,6 @@ sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb </listitem> <listitem> <para> - The <literal>programs.nncp</literal> options were added for - generating host-global NNCP configuration. - </para> - </listitem> - <listitem> - <para> The option <literal>services.snapserver.openFirewall</literal> will no longer default to <literal>true</literal> starting with NixOS 22.11. Enable it explicitly if you need to control @@ -2610,6 +2769,40 @@ sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb case of scripted networking, no behavior was changed. </para> </listitem> + <listitem> + <para> + The new + <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> + runs a PostgreSQL server for the duration of package checks. + </para> + </listitem> + <listitem> + <para> + <literal>stdenv.mkDerivation</literal> now supports a + self-referencing <literal>finalAttrs:</literal> parameter + containing the final <literal>mkDerivation</literal> arguments + including overrides. <literal>drv.overrideAttrs</literal> now + supports two parameters + <literal>finalAttrs: previousAttrs:</literal>. This allows + packaging configuration to be overridden in a consistent + manner by providing an alternative to + <literal>rec {}</literal> syntax. + </para> + <para> + Additionally, <literal>passthru</literal> can now reference + <literal>finalAttrs.finalPackage</literal> containing the + final package, including attributes such as the output paths + and <literal>overrideAttrs</literal>. + </para> + <para> + New language integrations can be simplified by overriding a + <quote>prototype</quote> package containing the + language-specific logic. This removes the need for a extra + layer of overriding for the <quote>generic builder</quote> + arguments, thus removing a usability problem and source of + error. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml new file mode 100644 index 0000000000000..55c20427cfdef --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -0,0 +1,103 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.11"> + <title>Release 22.11 (“Raccoon”, 2022.11/??)</title> + <para> + Support is planned until the end of June 2023, handing over to + 23.05. + </para> + <section xml:id="sec-release-22.11-highlights"> + <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> + <itemizedlist> + <listitem> + <para> + During cross-compilation, tests are now executed if the test + suite can be executed by the build platform. This is the case + when doing “native” cross-compilation where the build and host + platforms are largely the same, but the nixpkgs’ cross + compilation infrastructure is used, e.g. + <literal>pkgsStatic</literal> and <literal>pkgsLLVM</literal>. + Another possibility is that the build platform is a superset + of the host platform, e.g. when cross-compiling from + <literal>x86_64-unknown-linux</literal> to + <literal>i686-unknown-linux</literal>. The predicate gating + test suite execution is the newly added + <literal>canExecute</literal> predicate: You can e.g. check if + <literal>stdenv.buildPlatform</literal> can execute binaries + built for <literal>stdenv.hostPlatform</literal> (i.e. + produced by <literal>stdenv.cc</literal>) by evaluating + <literal>stdenv.buildPlatform.canExecute stdenv.hostPlatform</literal>. + </para> + </listitem> + <listitem> + <para> + PHP now defaults to PHP 8.1, updated from 8.0. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.11-new-services"> + <title>New Services</title> + <itemizedlist spacing="compact"> + <listitem> + <para> + <link xlink:href="https://github.com/jollheef/appvm">appvm</link>, + Nix based app VMs. Available as + <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.11-incompatibilities"> + <title>Backward Incompatibilities</title> + <itemizedlist> + <listitem> + <para> + The <literal>isCompatible</literal> predicate checking CPU + compatibility is no longer exposed by the platform sets + generated using <literal>lib.systems.elaborate</literal>. In + most cases you will want to use the new + <literal>canExecute</literal> predicate instead which also + considers the kernel / syscall interface. It is briefly + described in the release’s + <link linkend="sec-release-22.11-highlights">highlights + section</link>. + <literal>lib.systems.parse.isCompatible</literal> still + exists, but has changed semantically: Architectures with + differing endianness modes are <emphasis>no longer considered + compatible</emphasis>. + </para> + </listitem> + <listitem> + <para> + The <literal>isPowerPC</literal> predicate, found on + <literal>platform</literal> attrsets + (<literal>hostPlatform</literal>, + <literal>buildPlatform</literal>, + <literal>targetPlatform</literal>, etc) has been removed in + order to reduce confusion. The predicate was was defined such + that it matches only the 32-bit big-endian members of the + POWER/PowerPC family, despite having a name which would imply + a broader set of systems. If you were using this predicate, + you can replace <literal>foo.isPowerPC</literal> with + <literal>(with foo; isPower && is32bit && isBigEndian)</literal>. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.11-notable-changes"> + <title>Other Notable Changes</title> + <itemizedlist spacing="compact"> + <listitem> + <para> + A new module was added for the Saleae Logic device family, + providing the options + <literal>hardware.saleae-logic.enable</literal> and + <literal>hardware.saleae-logic.package</literal>. + </para> + </listitem> + </itemizedlist> + </section> +</section> diff --git a/nixos/doc/manual/installation/upgrading.chapter.md b/nixos/doc/manual/installation/upgrading.chapter.md index faeefc4451dc9..2644979bc9db2 100644 --- a/nixos/doc/manual/installation/upgrading.chapter.md +++ b/nixos/doc/manual/installation/upgrading.chapter.md @@ -6,7 +6,7 @@ expressions and associated binaries. The NixOS channels are updated automatically from NixOS's Git repository after certain tests have passed and all packages have been built. These channels are: -- *Stable channels*, such as [`nixos-21.11`](https://nixos.org/channels/nixos-21.11). +- *Stable channels*, such as [`nixos-22.05`](https://nixos.org/channels/nixos-22.05). These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not @@ -19,7 +19,7 @@ passed and all packages have been built. These channels are: radical changes between channel updates. It's not recommended for production systems. -- *Small channels*, such as [`nixos-21.11-small`](https://nixos.org/channels/nixos-21.11-small) +- *Small channels*, such as [`nixos-22.05-small`](https://nixos.org/channels/nixos-22.05-small) or [`nixos-unstable-small`](https://nixos.org/channels/nixos-unstable-small). These are identical to the stable and unstable channels described above, except that they contain fewer binary packages. This means they get updated @@ -38,8 +38,8 @@ newest supported stable release. When you first install NixOS, you're automatically subscribed to the NixOS channel that corresponds to your installation source. For -instance, if you installed from a 21.11 ISO, you will be subscribed to -the `nixos-21.11` channel. To see which NixOS channel you're subscribed +instance, if you installed from a 22.05 ISO, you will be subscribed to +the `nixos-22.05` channel. To see which NixOS channel you're subscribed to, run the following as root: ```ShellSession @@ -54,16 +54,16 @@ To switch to a different NixOS channel, do ``` (Be sure to include the `nixos` parameter at the end.) For instance, to -use the NixOS 21.11 stable channel: +use the NixOS 22.05 stable channel: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos ``` If you have a server, you may want to use the "small" channel instead: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos +# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos ``` And if you want to live on the bleeding edge: @@ -114,5 +114,5 @@ the new generation contains a different kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. ```nix -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05; ``` diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 216fea6777571..ee5009faf6f46 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -8,6 +8,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. </para> + <xi:include href="../from_md/release-notes/rl-2211.section.xml" /> <xi:include href="../from_md/release-notes/rl-2205.section.xml" /> <xi:include href="../from_md/release-notes/rl-2111.section.xml" /> <xi:include href="../from_md/release-notes/rl-2105.section.xml" /> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 1d292cb737d4a..faf941f569966 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -1,53 +1,44 @@ -# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05} - -In addition to numerous new and upgraded packages, this release has the following highlights: +# Release 22.05 (“Quokka”, 2022.05/30) {#sec-release-22.05} - Support is planned until the end of December 2022, handing over to 22.11. ## Highlights {#sec-release-22.05-highlights} -- The `firefox` browser on `x86_64-linux` is now making use of - profile-guided optimization resulting in a much more responsive - browsing experience. +In addition to numerous new and upgraded packages, this release has the following highlights: -- `security.acme.defaults` has been added to simplify configuring - settings for many certificates at once. This also opens up the - the option to use DNS-01 validation when using `enableACME` on - web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`). +- Nix has been updated from 2.3 to 2.8. This mainly brings experimental support + for Flakes, but also marks the `nix` command as experimental which now has to + be enabled via the configuration explicitly. For more information and + instructions for upgrades, see the + relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html), + [nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html), + [nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html), + [nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and + [nix-2.8](https://nixos.org/manual/nix/stable/release-notes/rl-2.8.html) -- GNOME has been upgraded to 42. Please take a look at their [Release Notes](https://release.gnome.org/42/) for details. Notably, it replaces gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly King’s Cross), and GNOME Screenshot with a tool built into the Shell. +- The `firefox` browser on `x86_64-linux` now makes use of profile-guided + optimisation, resulting in a much more responsive browsing experience. -- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter - containing the final `mkDerivation` arguments including overrides. - `drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`. - This allows packaging configuration to be overridden in a consistent manner by - providing an alternative to `rec {}` syntax. +- GNOME has been upgraded to 42. Please take a look at their [Release + Notes](https://release.gnome.org/42/) for details. In particular, it replaces + gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly + King's Cross) and GNOME Screenshot by a tool integrated into the Shell. - Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing - the final package, including attributes such as the output paths and - `overrideAttrs`. - - New language integrations can be simplified by overriding a "prototype" - package containing the language-specific logic. This removes the need for a - extra layer of overriding for the "generic builder" arguments, thus removing a - usability problem and source of error. - -- PHP 8.1 is now available - -- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html). - Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release) - and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html). +- PHP 8.1 is now available. - systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts. - Systemd has been upgraded to the version 250. -- Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. - Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed. - -- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. +- Pulseaudio has been updated to version 15.0 and now optionally + [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) + such as aptX or LDAC, with codec switching available in `pavucontrol`. This + feature is disabled by default, but can be enabled with the option + `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. Existing third-party + modules that offered similar functions, such as `pulseaudio-modules-bt` or + `pulseaudio-hsphfpd`, are obsolete and have been removed. -- [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details. +- PostgreSQL now defaults to major version 14. - Module authors can use `mkRenamedOptionModuleWith` to automate the deprecation cycle without annoying out-of-tree module authors and their users. @@ -55,91 +46,130 @@ In addition to numerous new and upgraded packages, this release has the followin - The GNOME and Plasma installation CDs now use `pkgs.calamares` and `pkgs.calamares-nixos-extensions` to allow users to easily install and set up NixOS with a GUI. +- `security.acme.defaults` has been added to simplify the configuration of + settings for many certificates at once. This also opens up the option to use + DNS-01 validation when using `enableACME` web server virtual hosts (e.g. + `services.nginx.virtualHosts.*.enableACME`). + ## New Services {#sec-release-22.05-new-services} +- [1password](https://1password.com/), command-lines and graphic interface for 1Password. Available as [programs._1password](#opt-programs._1password.enable) and [programs._1password-gui](#opt-programs._1password.enable). + - [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable). -- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable). +- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](#opt-services.agate.enable). -- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable). +- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS). -- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable). +- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](#opt-services.archisteamfarm.enable). + +- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable). + +- [bird-lg](https://github.com/xddxdd/bird-lg-go), a BGP looking glass for Bird Routing. Available as [services.bird-lg](#opt-services.bird-lg.package). + +- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. Available as [services.blocky](#opt-services.blocky.enable). + +- [cloudflare-dyndns](https://github.com/kissgyorgy/cloudflare-dyndns), CloudFlare Dynamic DNS client. Available as [services.cloudflare-dyndns](#opt-services.cloudflare-dyndns.enable). + +- [Corosync](https://corosync.github.io/corosync/) and [Pacemaker](https://clusterlabs.org/pacemaker/), A open-source high availability resource manager. Available as [services.corosync](#opt-services.corosync.enable) and [services.pacemaker](#opt-services.pacemaker.enable). + +- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](#opt-services.create_ap.enable). + +- [Envoy](https://www.envoyproxy.io/), a high-performance reverse proxy. Available as [services.envoy](#opt-services.envoy.enable). + +- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](#opt-services.ergochat.enable). + +- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative spreadsheet. Available as [services.ethercalc](#opt-services.ethercalc.enable). - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable). -- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS). +- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable). -- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable) +- [Grafana Mimir](https://grafana.com/oss/mimir/), an open source, horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus. Available as [services.mimir](#opt-services.mimir.enable). -- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable). +- [Haste](https://hastebin.com/about.md), a pastebin written in node.js. Available as [services.haste](#opt-services.haste-server.enable). -- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](options.html#opt-services.snowflake-proxy.enable). +- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](#opt-services.headscale.enable). -- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable). +- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](#opt-services.heisenbridge.enable). -- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](options.html#opt-services.snipe-it.enable). +- [https-dns-proxy](https://github.com/aarond10/https_dns_proxy), DNS to DNS over HTTPS (DoH) proxy. Available as [services.https-dns-proxy](#opt-services.https-dns-proxy.enable). -- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). +- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](#opt-services.input-remapper.enable). -- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](options.html#opt-services.pgadmin.enable). +- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](#opt-services.invoiceplane.sites._name_.enable). -- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable). +- [k3b](https://userbase.kde.org/K3b), the KDE disk burning application. Available as [programs.k3b](#opt-programs.k3b.enable). -- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable). +- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](#opt-programs.k40-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device. -- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). +- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer) -- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](options.html#opt-programs.k4-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device. +- [Maddy](https://maddy.email/), a free an open source mail server. Availabe as [services.maddy](#opt-services.maddy.enable). -- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](options.html#opt-services.mozillavpn). +- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable). -- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](options.html#opt-services.mtr-exporter.enable). +- [Moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. Available as [moosefs](#opt-services.moosefs.master.enable). -- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](options.html#opt-services.prometheus.exporters.pve). +- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](#opt-services.mozillavpn.enable). -- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](options.html#opt-services.netbox.enable). +- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](#opt-services.mtr-exporter.enable). -- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). +- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](#opt-services.nbd.server.enable). -- [uptermd](https://upterm.dev), an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Available at [services.uptermd](#opt-services.uptermd.enable). +- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](#opt-services.netbox.enable). -- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable). +- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable). -- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable). +- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](#opt-services.nifi.enable). -- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable). +- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](#opt-programs.nix-ld.enable). -- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable). +- [NNCP](http://www.nncpgo.org), NNCP (Node to Node copy) utilities and configuration, Available as [programs.nncp](#opt-programs.nncp.enable). + +- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](#opt-services.pgadmin.enable). + +- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](#opt-services.powerdns-admin.enable). -- [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. - Available as [moosefs](#opt-services.moosefs.client.enable). +- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](#opt-services.prometheus.exporters.pve.enable). - [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable). -- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications. +- [Public Inbox](https://public-inbox.org), an "archives first" approach to mailing lists. Available as [services.public-inbox](#opt-services.public-inbox.enable). + +- [r53-ddns](https://github.com/fleaz/r53-ddns), a small tool to run your own DDNS service via AWS Route53. Available as [services.r53-ddns](#opt-services.r53-ddns.enable). -- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative - spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable). +- [rmfakecloud](https://ddvk.github.io/rmfakecloud/), a clone of the cloud sync the remarkable tablet. Available as [services.rmfakecloud](#opt-services.rmfakecloud.enable). -- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](options.html#opt-services.nbd.server.enable). +- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](#opt-virtualisation.docker.rootless.enable). -- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](options.html#opt-programs.nix-ld.enable). +- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable). -- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable). +- [rtsp-simple-server](https://github.com/aler9/rtsp-simple-server), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.rtsp-simple-server](#opt-services.rtsp-simple-server.enable). -- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable). +- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable). -- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable) +- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](#opt-services.snowflake-proxy.enable). -- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](options.html#opt-services.create_ap.enable). +- [sslmate-agent](https://sslmate.com/), a daemon for managing SSL/TLS certificates on a server. Available as [services.sslmate-agent](services.sslmate-agent.enable). -- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. +- [starship](https://starship.rs), a minimal, blazing-fast, and infinitely customizable prompt for any shell. Available at [programs.startship](#opt-programs.starship.enable). -- [pacemaker](https://clusterlabs.org/pacemaker/) cluster resource manager +- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications. -- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable). +- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable). + +- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). + +- [uptermd](https://upterm.dev), an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Available at [services.uptermd](#opt-services.uptermd.enable). -- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. +- [usbrelayd](https://github.com/darrylb123/usbrelay), an USB Relay MQTT daemon. Available as [services.usbrelayd](#opt-services.usbrelayd.enable). + +- [webdav-server-rs](https://github.com/miquels/webdav-server-rs), Webdav server in rust. Available as [services.webdav-server-rs](#opt-services.webdav-server-rs.enable). + +- [wg-netmanager](https://github.com/gin66/wg_netmanager), the Wireguard network manager. Available as [services.wg-netmanager](#opt-services.wg-netmanager.enable). + +- [Zammad](https://zammad.org/), a web-based, open source user support/ticketing solution. Available as [services.zammad](#opt-services.zammad.enable). <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -165,7 +195,7 @@ In addition to numerous new and upgraded packages, this release has the followin - The update of the haskell package set brings with it a new version of the `xmonad` module, which will break your configuration if you use `launch` as entrypoint. The - example code the corresponding nixos module was adjusted, you way want to have a look at it. + example code the corresponding nixos module was adjusted, you may want to have a look at it. - The `home-assistant` module now requires users that don't want their configuration to be managed declaratively to set @@ -191,6 +221,8 @@ In addition to numerous new and upgraded packages, this release has the followin This is to improve compatibility with `libcontainer` based software such as Podman and Skopeo which assumes they have ownership over `/etc/containers`. +- `lib.systems.supported` has been removed, as it was overengineered for determining the systems to support in the nixpkgs flake. The list of systems exposed by the nixpkgs flake can now be accessed as `lib.systems.flakeExposed`. + - For new installations `virtualisation.oci-containers.backend` is now set to `podman` by default. If you still want to use Docker on systems where `system.stateVersion` is set to to `"22.05"` set `virtualisation.oci-containers.backend = "docker";`.Old systems with older `stateVersion`s stay with "docker". @@ -242,6 +274,10 @@ In addition to numerous new and upgraded packages, this release has the followin - In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`). +- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. + + Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`. + - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. @@ -360,13 +396,13 @@ In addition to numerous new and upgraded packages, this release has the followin }; extraConfigFiles = [ - /run/keys/matrix-synapse/secrets.yaml + "/run/keys/matrix-synapse/secrets.yaml" ]; }; } ``` - The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. + The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. The filename must be quoted to prevent nix from copying it to the (world readable) store. Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`. For the same reason, the default `media_store_path` was changed from `${dataDir}/media` to `${dataDir}/media_store` if `system.stateVersion` is at least `22.05`. Files will need to be manually moved to the new @@ -632,6 +668,10 @@ In addition to numerous new and upgraded packages, this release has the followin - The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons. +- The default version of `nextcloud` is **nextcloud24**. Please note that it's **not** possible to upgrade + `nextcloud` across multiple major versions! This means it's e.g. not possible to upgrade from `nextcloud22` + to `nextcloud24` in a single deploy and most `21.11` users will have to upgrade to `nextcloud23` first. + - `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim) (formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)). @@ -693,6 +733,13 @@ In addition to numerous new and upgraded packages, this release has the followin - The configuration portion of the `nix-daemon` module has been reworked and exposed as [nix.settings](options.html#opt-nix-settings): * Legacy options have been mapped to the corresponding options under under [nix.settings](options.html#opt-nix.settings) and will be deprecated when NixOS 21.11 reaches end of life. * [nix.buildMachines.publicHostKey](options.html#opt-nix.buildMachines.publicHostKey) has been added. + +- [`kops`](https://kops.sigs.k8s.io) defaults to 1.23.2, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes >= 1.22. This will increase security by default, but may break some types of workloads. The default behaviour for `spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS` has changed from `true` to `false`. Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields. Support for Kubernetes 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been removed. See the [1.22 release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) and [1.23 release notes](https://kops.sigs.k8s.io/releases/1.23-notes/) for more details, including other significant changes. + +- Mattermost has been upgraded to extended support version 6.3 as the previously + packaged extended support version 5.37 is [reaching end of life](https://docs.mattermost.com/upgrade/extended-support-release.html). + Migration may take some time, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release) + and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html). - The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added. @@ -796,7 +843,6 @@ In addition to numerous new and upgraded packages, this release has the followin If you are using only a window manager without a desktop manager, you need to enable `services.xserver.desktopManager.runXdgAutostartIfNone` or using the `dex` package to make `fcitx5` work. -- A new module was added for the Envoy reverse proxy, providing the options `services.envoy.enable` and `services.envoy.settings`. - The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files. @@ -842,9 +888,6 @@ In addition to numerous new and upgraded packages, this release has the followin - The default value for `programs.spacefm.settings.graphical_su` got unset. It previously pointed to `gksu` which has been removed. -- A new module was added for the [Starship](https://starship.rs/) shell prompt, - providing the options `programs.starship.enable` and `programs.starship.settings`. - - The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls. - `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins. @@ -904,6 +947,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The `nss` package was split into `nss_esr` and `nss_latest`, with `nss` being an alias for `nss_esr`. This was done to ease maintenance of `nss` and dependent high-profile packages like `firefox`. +- The default `scribus` version is now 1.5, while version 1.4 is still available as `scribus_1_4` ([#172700](https://github.com/NixOS/nixpkgs/pull/172700)). + - The Nextcloud module now supports to create a Mysql database automatically with `services.nextcloud.database.createLocally` enabled. @@ -914,8 +959,6 @@ In addition to numerous new and upgraded packages, this release has the followin - Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`. - The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992). -- The `programs.nncp` options were added for generating host-global NNCP configuration. - - The option `services.snapserver.openFirewall` will no longer default to `true` starting with NixOS 22.11. Enable it explicitly if you need to control Snapserver remotely or connect streamig clients from other hosts. @@ -926,5 +969,22 @@ In addition to numerous new and upgraded packages, this release has the followin or `wl*` with priority 99 (which means that it doesn't have any effect if such an interface is matched by a `.network-`unit with a lower priority). In case of scripted networking, no behavior was changed. + +- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. + +- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter + containing the final `mkDerivation` arguments including overrides. + `drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`. + This allows packaging configuration to be overridden in a consistent manner by + providing an alternative to `rec {}` syntax. + + Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing + the final package, including attributes such as the output paths and + `overrideAttrs`. + + New language integrations can be simplified by overriding a "prototype" + package containing the language-specific logic. This removes the need for a + extra layer of overriding for the "generic builder" arguments, thus removing a + usability problem and source of error. <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md new file mode 100644 index 0000000000000..97ecb725dfb5c --- /dev/null +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -0,0 +1,49 @@ +# Release 22.11 (“Raccoon”, 2022.11/??) {#sec-release-22.11} + +Support is planned until the end of June 2023, handing over to 23.05. + +## Highlights {#sec-release-22.11-highlights} + +In addition to numerous new and upgraded packages, this release has the following highlights: + +- During cross-compilation, tests are now executed if the test suite can be executed + by the build platform. This is the case when doing “native” cross-compilation + where the build and host platforms are largely the same, but the nixpkgs' cross + compilation infrastructure is used, e.g. `pkgsStatic` and `pkgsLLVM`. Another + possibility is that the build platform is a superset of the host platform, e.g. when + cross-compiling from `x86_64-unknown-linux` to `i686-unknown-linux`. + The predicate gating test suite execution is the newly added `canExecute` + predicate: You can e.g. check if `stdenv.buildPlatform` can execute binaries + built for `stdenv.hostPlatform` (i.e. produced by `stdenv.cc`) by evaluating + `stdenv.buildPlatform.canExecute stdenv.hostPlatform`. + +- PHP now defaults to PHP 8.1, updated from 8.0. + +<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> + +## New Services {#sec-release-22.11-new-services} + +- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable). + +<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> + +## Backward Incompatibilities {#sec-release-22.11-incompatibilities} + +- The `isCompatible` predicate checking CPU compatibility is no longer exposed + by the platform sets generated using `lib.systems.elaborate`. In most cases + you will want to use the new `canExecute` predicate instead which also + considers the kernel / syscall interface. It is briefly described in the + release's [highlights section](#sec-release-22.11-highlights). + `lib.systems.parse.isCompatible` still exists, but has changed semantically: + Architectures with differing endianness modes are *no longer considered compatible*. + +- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`. + + +<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> + +## Other Notable Changes {#sec-release-22.11-notable-changes} + +* A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`. + +<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> |