diff options
Diffstat (limited to 'nixos/doc/manual')
8 files changed, 233 insertions, 58 deletions
diff --git a/nixos/doc/manual/configuration/gpu-accel.chapter.md b/nixos/doc/manual/configuration/gpu-accel.chapter.md index 3b98bdd97c681..8afa2807b7b60 100644 --- a/nixos/doc/manual/configuration/gpu-accel.chapter.md +++ b/nixos/doc/manual/configuration/gpu-accel.chapter.md @@ -30,7 +30,7 @@ $ export \ ``` The second mechanism is to add the OpenCL driver package to -[](#opt-hardware.opengl.extraPackages). +[](#opt-hardware.graphics.extraPackages). This links the ICD file under `/run/opengl-driver`, where it will be visible to the ICD loader. @@ -51,12 +51,12 @@ Platform Vendor Advanced Micro Devices, Inc. Modern AMD [Graphics Core Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are supported through the rocmPackages.clr.icd package. Adding this package to -[](#opt-hardware.opengl.extraPackages) +[](#opt-hardware.graphics.extraPackages) enables OpenCL support: ```nix { - hardware.opengl.extraPackages = [ + hardware.graphics.extraPackages = [ rocmPackages.clr.icd ]; } @@ -71,13 +71,13 @@ intel-compute-runtime package. The proprietary Intel OpenCL runtime, in the intel-ocl package, is an alternative for Gen7 GPUs. The intel-compute-runtime or intel-ocl package can be added to -[](#opt-hardware.opengl.extraPackages) +[](#opt-hardware.graphics.extraPackages) to enable OpenCL support. For example, for Gen8 and later GPUs, the following configuration can be used: ```nix { - hardware.opengl.extraPackages = [ + hardware.graphics.extraPackages = [ intel-compute-runtime ]; } @@ -90,8 +90,8 @@ compute API for GPUs. It is used directly by games or indirectly though compatibility layers like [DXVK](https://github.com/doitsujin/dxvk/wiki). -By default, if [](#opt-hardware.opengl.driSupport) -is enabled, mesa is installed and provides Vulkan for supported hardware. +By default, if [](#opt-hardware.graphics.enable) +is enabled, Mesa is installed and provides Vulkan for supported hardware. Similar to OpenCL, Vulkan drivers are loaded through the *Installable Client Driver* (ICD) mechanism. ICD files for Vulkan are JSON files that @@ -110,7 +110,7 @@ $ export \ ``` The second mechanism is to add the Vulkan driver package to -[](#opt-hardware.opengl.extraPackages). +[](#opt-hardware.graphics.extraPackages). This links the ICD file under `/run/opengl-driver`, where it will be visible to the ICD loader. @@ -140,18 +140,18 @@ Modern AMD [Graphics Core Next](https://en.wikipedia.org/wiki/Graphics_Core_Next) (GCN) GPUs are supported through either radv, which is part of mesa, or the amdvlk package. Adding the amdvlk package to -[](#opt-hardware.opengl.extraPackages) +[](#opt-hardware.graphics.extraPackages) makes amdvlk the default driver and hides radv and lavapipe from the device list. A specific driver can be forced as follows: ```nix { - hardware.opengl.extraPackages = [ + hardware.graphics.extraPackages = [ pkgs.amdvlk ]; # To enable Vulkan support for 32-bit applications, also add: - hardware.opengl.extraPackages32 = [ + hardware.graphics.extraPackages32 = [ pkgs.driversi686Linux.amdvlk ]; @@ -171,7 +171,7 @@ graphics hardware acceleration capabilities for video processing. VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search the opengl driver path, so drivers can be installed in -[](#opt-hardware.opengl.extraPackages). +[](#opt-hardware.graphics.extraPackages). VA-API can be tested using: @@ -185,7 +185,7 @@ Modern Intel GPUs use the iHD driver, which can be installed with: ```nix { - hardware.opengl.extraPackages = [ + hardware.graphics.extraPackages = [ intel-media-driver ]; } @@ -195,7 +195,7 @@ Older Intel GPUs use the i965 driver, which can be installed with: ```nix { - hardware.opengl.extraPackages = [ + hardware.graphics.extraPackages = [ intel-vaapi-driver ]; } diff --git a/nixos/doc/manual/configuration/x-windows.chapter.md b/nixos/doc/manual/configuration/x-windows.chapter.md index 31752330dd9a8..362ae5d7e5df1 100644 --- a/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixos/doc/manual/configuration/x-windows.chapter.md @@ -79,7 +79,7 @@ Wine, you should also set the following: ```nix { - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable32Bit = true; } ``` @@ -183,23 +183,6 @@ If you have an older card, you may have to use one of the legacy drivers: You may need to reboot after enabling this driver to prevent a clash with other kernel modules. -## Proprietary AMD drivers {#sec-x11--graphics-cards-amd} - -AMD provides a proprietary driver for its graphics cards that is not -enabled by default because it's not Free Software, is often broken in -nixpkgs and as of this writing doesn't offer more features or -performance. If you still want to use it anyway, you need to explicitly -set: - -```nix -{ - services.xserver.videoDrivers = [ "amdgpu-pro" ]; -} -``` - -You will need to reboot after enabling this driver to prevent a clash -with other kernel modules. - ## Touchpads {#sec-x11-touchpads} Support for Synaptics touchpads (found in many laptops such as the Dell diff --git a/nixos/doc/manual/development/bootspec.chapter.md b/nixos/doc/manual/development/bootspec.chapter.md index 96c12f24e7f1f..eb307c43088ed 100644 --- a/nixos/doc/manual/development/bootspec.chapter.md +++ b/nixos/doc/manual/development/bootspec.chapter.md @@ -1,17 +1,17 @@ -# Experimental feature: Bootspec {#sec-experimental-bootspec} +# Bootspec {#sec-bootspec} -Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support -and advanced boot workflows such as SecureBoot and potentially more. +Bootspec is a feature introduced in [RFC-0125](https://github.com/NixOS/rfcs/pull/125) in order to standardize bootloader support and advanced boot workflows such as SecureBoot and potentially more. +The reference implementation can be found [here](https://github.com/NixOS/nixpkgs/pull/172237). -You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged. +The creation of bootspec documents is enabled by default. -## Schema {#sec-experimental-bootspec-schema} +## Schema {#sec-bootspec-schema} The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications. You will find the current version [here](../../../modules/system/activation/bootspec.cue). -## Extensions mechanism {#sec-experimental-bootspec-extensions} +## Extensions mechanism {#sec-bootspec-extensions} Bootspec cannot account for all usecases. @@ -29,8 +29,9 @@ An example for SecureBoot is to get the Nix store path to `/etc/os-release` in o To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions. -## External bootloaders {#sec-experimental-bootspec-external-bootloaders} +## External bootloaders {#sec-bootspec-external-bootloaders} It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader. -Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts. +Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. +It will be necessary to reimplement or reuse existing parts. diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md index 4b8385d7e0d94..422dbf174ad56 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md @@ -44,7 +44,7 @@ As an alternative, you can proxy the guest shell to a local TCP server by first starting a TCP server in a terminal using the command: ```ShellSession -$ socat 'READLINE,PROMPT=$ ' tcp-listen:4444,reuseaddr` +$ socat 'READLINE,PROMPT=$ ' tcp-listen:4444,reuseaddr ``` In the terminal where the test driver is running, connect to this server by diff --git a/nixos/doc/manual/installation/upgrading.chapter.md b/nixos/doc/manual/installation/upgrading.chapter.md index 11fc65502f953..1a3fc10ec8005 100644 --- a/nixos/doc/manual/installation/upgrading.chapter.md +++ b/nixos/doc/manual/installation/upgrading.chapter.md @@ -6,7 +6,7 @@ expressions and associated binaries. The NixOS channels are updated automatically from NixOS's Git repository after certain tests have passed and all packages have been built. These channels are: -- *Stable channels*, such as [`nixos-23.11`](https://channels.nixos.org/nixos-23.11). +- *Stable channels*, such as [`nixos-24.05`](https://channels.nixos.org/nixos-24.05). These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not @@ -19,7 +19,7 @@ passed and all packages have been built. These channels are: radical changes between channel updates. It's not recommended for production systems. -- *Small channels*, such as [`nixos-23.11-small`](https://channels.nixos.org/nixos-23.11-small) +- *Small channels*, such as [`nixos-24.05-small`](https://channels.nixos.org/nixos-24.05-small) or [`nixos-unstable-small`](https://channels.nixos.org/nixos-unstable-small). These are identical to the stable and unstable channels described above, except that they contain fewer binary packages. This means they get updated @@ -38,8 +38,8 @@ supported stable release. When you first install NixOS, you're automatically subscribed to the NixOS channel that corresponds to your installation source. For -instance, if you installed from a 23.11 ISO, you will be subscribed to -the `nixos-23.11` channel. To see which NixOS channel you're subscribed +instance, if you installed from a 24.05 ISO, you will be subscribed to +the `nixos-24.05` channel. To see which NixOS channel you're subscribed to, run the following as root: ```ShellSession @@ -54,16 +54,16 @@ To switch to a different NixOS channel, do ``` (Be sure to include the `nixos` parameter at the end.) For instance, to -use the NixOS 23.11 stable channel: +use the NixOS 24.05 stable channel: ```ShellSession -# nix-channel --add https://channels.nixos.org/nixos-23.11 nixos +# nix-channel --add https://channels.nixos.org/nixos-24.05 nixos ``` If you have a server, you may want to use the "small" channel instead: ```ShellSession -# nix-channel --add https://channels.nixos.org/nixos-23.11-small nixos +# nix-channel --add https://channels.nixos.org/nixos-24.05-small nixos ``` And if you want to live on the bleeding edge: @@ -117,6 +117,6 @@ modules. You can also specify a channel explicitly, e.g. ```nix { - system.autoUpgrade.channel = "https://channels.nixos.org/nixos-23.11"; + system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05"; } ``` diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 3a2c70fb7a31b..dad45f12373e6 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -453,7 +453,7 @@ In addition to numerous new and upgraded packages, this release has the followin The new names are as follows: - `bindAddress`: [`services.keycloak.settings.http-host`](#opt-services.keycloak.settings.http-host) - - `forceBackendUrlToFrontendUrl`: [`services.keycloak.settings.hostname-strict-backchannel`](#opt-services.keycloak.settings.hostname-strict-backchannel) + - `forceBackendUrlToFrontendUrl`: `services.keycloak.settings.hostname-strict-backchannel` - `httpPort`: [`services.keycloak.settings.http-port`](#opt-services.keycloak.settings.http-port) - `httpsPort`: [`services.keycloak.settings.https-port`](#opt-services.keycloak.settings.https-port) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index caf8a4f261120..b1b18b35e9c28 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -1,4 +1,4 @@ -# Release 24.05 (“Uakari”, 2024.05/??) {#sec-release-24.05} +# Release 24.05 (“Uakari”, 2024.05/31) {#sec-release-24.05} Support is planned until the end of December 2024, handing over to 24.11. @@ -42,21 +42,27 @@ In addition to numerous new and upgraded packages, this release has the followin } ``` +- Cinnamon has been updated to 6.0. Please be aware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. + +- GNOME has been updated to 46 "Kathmandu". Refer to the [release notes](https://release.gnome.org/46/) for more details. Notably this release brings experimental VRR support, default GTK renderer changes and WebDAV support in Online Accounts. This release we have also stopped including the legacy and unsupported Adwaita-Dark theme by default. + - Lomiri (formerly known as Unity8) desktop mode, using Mir 2.x to function as a Wayland compositor, is now available and can be installed with `services.desktopManager.lomiri.enable = true`. Note that some core applications, services and indicators have yet to be packaged, and some functions may remain incomplete, but the base experience should be there. +- LXQt has been updated to 2.0, which is based on Qt 6 and features Wayland support for many applications. + - MATE has been updated to 1.28. - To properly support panel plugins built with Wayland (in-process) support, we are introducing the `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets. - Similarly, please use the `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions. - To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early an stage and introduces a new set of Wayfire closures. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM as the display manager. -- Plasma 6 is now available and can be installed with `services.xserver.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary. +- Plasma 6 is now available and can be installed with `services.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary. ## New Services {#sec-release-24.05-new-services} <!-- Please keep entries alphabetically sorted. --> - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable). -The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software. +The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the ankisyncd software. - [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable). @@ -201,6 +207,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [xdg-terminal-exec](https://github.com/Vladimir-csp/xdg-terminal-exec), the proposed Default Terminal Execution Specification. +- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`. + - [ydotool](https://github.com/ReimuNotMoe/ydotool), a generic command-line automation tool now has a module. Available as [programs.ydotool](#opt-programs.ydotool.enable). - [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable) @@ -423,7 +431,17 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. -- `security.pam.enableSSHAgentAuth` now requires `services.openssh.authorizedKeysFiles` to be non-empty, +- `security.acme.defaults.server` now has a default value instead of `null`. + This effectively uses the same server, the Let's Encrypt production server, + but makes the default explicit, instead of relying on the Lego default. + + A side effect of this is that the directory in which account data is stored + changes and the ACME module will request a new account and new certificates + for all domains. This may cause issues if you pin an `acccounturl` in a CAA + DNS record. To avoid this, you + may set `security.acme.defaults.server = null` to keep the old hashes. + +- `security.pam.sshAgentAuth.enable` now requires `services.openssh.authorizedKeysFiles` to be non-empty, which is the case when `services.openssh.enable` is true. Previously, `pam_ssh_agent_auth` silently failed to work. - `security.pam.enableSSHAgentAuth` was replaced by the `sshAgentAuth` attrset, and **only** @@ -619,8 +637,6 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - `castopod` has some migration actions to be taken in case of a S3 setup. Some new features may also need some manual migration actions. See [https://code.castopod.org/adaures/castopod/-/releases](https://code.castopod.org/adaures/castopod/-/releases) for more information. -- `cinnamon` has been updated to 6.0. Please be aware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. - - `documentation.man.mandoc` now, by default, uses `MANPATH` to set the directories where mandoc will search for manual pages. This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead. @@ -761,3 +777,51 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - Lisp modules: previously deprecated interface based on `common-lisp.sh` has now been removed. - The `systemd-confinement` module extension is now compatible with `DynamicUser=true` and thus `ProtectSystem=strict` too. + + +## Nixpkgs Library {#sec-release-24.05-nixpkgs-lib} + +### Additions and Improvements {#sec-release-24.05-lib-additions-improvements} + +New functions: +- [`lib.asserts.assertEachOneOf`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.asserts.assertEachOneOf): Check that each value is one of the allowed ones. +- [`lib.attrsets.longestValidPathPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.longestValidPathPrefix): The longest prefix of an attribute path that refers to an existing attribute in a nesting of attribute sets. +- [`lib.attrsets.mapCartesianProduct`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapCartesianProduct): Apply a function to the cartesian product of attribute set value combinations. +- [`lib.trivial.xor`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.trivial.xor): Boolean "exclusive or" +- [`lib.lists.ifilter0`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.ifilter0): Filter a list for elements that satisfy a predicate function. The predicate function is called with both the index and value for each element. +- [`lib.lists.sortOn`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.sortOn): Sort a list based on the default comparison of a derived property. +- [`lib.path.hasStorePathPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.hasStorePathPrefix): Whether a [path](https://nixos.org/manual/nix/stable/language/values.html#type-path) has a [store path](https://nixos.org/manual/nix/stable/store/store-path.html#store-path) as a prefix. +- [`lib.filesystem.packagesFromDirectoryRecursive`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.filesystem.packagesFromDirectoryRecursive): Transform a directory tree containing package files suitable for `callPackage` into a matching nested attribute set of derivations. +- [`lib.fileset.toList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fileset.toList): The list of file paths contained in a given file set. +- [`lib.fileset.maybeMissing`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fileset.maybeMissing): Create a file set from a path that may or may not exist. +- [`lib.derivations.optionalDrvAttr`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.derivations.optionalDrvAttr): Conditionally set a derivation attribute. +- [`lib.strings.makeIncludePath`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.strings.makeIncludePath): Construct an include search path (such as `C_INCLUDE_PATH`) containing the header files for a set of packages or paths. + +Improvements: +- [`lib.fixedPoints.extends`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fixedPoints.extends): Better documentation +- [`lib.customisation.makeScope`](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.customisation.makeScope): Better documentation +- [`lib.derivations.lazyDerivation`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.derivations.lazyDerivation): Now supports multiple outputs with an `outputs` argument +- [`lib.gvariant`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-gvariant): Better error message for integers and attribute set values +- [`lib.filesets.gitTracked`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fileset.gitTracked): Now works within store paths + +Misc: +- The [`lib/` directory](https://github.com/NixOS/nixpkgs/tree/release-24.05/lib) is a self-contained flake now, including a working [`lib.trivial.version`](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.trivial.version) (but note that fetching a subtree by itself is not supported in Nix yet) +- [Various minor performance improvements](https://github.com/NixOS/nixpkgs/issues?q=author%3Aadisbladis+label%3A%226.topic%3A+lib%22+created%3A%3C2024-05-31+) + +Module System: +- New types: + - [`types.attrTag`](https://nixos.org/manual/nixos/unstable/#sec-option-types-sums): A tagged union type + - `types.nonEmptyListOf`: A non-empty list +- Improved types: + - `types.uniq`/`unique` now check the wrapped type + +### Deprecations {#sec-release-24.05-lib-deprecations} + +- [`lib.options.mdDoc`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mdDoc) is obsolete and now emits a warning. The core ecosystem has completely migrated to markdown, so marking markdown as markdown is redundant. +- `lib.attrsets.zipWithNames` is now a deprecated alias of [`lib.attrsets.zipAttrsWithNames`](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.attrsets.zipAttrsWithNames) +- `lib.attrsets.cartesianProductOfSets` has been renamed to [`lib.attrsets.cartesianProduct`](https://nixos.org/manual/nixpkgs/unstable/#function-library-lib.attrsets.cartesianProduct) + +### Internal {#sec-release-24.05-lib-internal} +- `lib` now has [Readme for contributing](https://github.com/NixOS/nixpkgs/tree/master/lib#readme). +- Some function's documentation is now written using the [accepted doc comment syntax](https://github.com/NixOS/rfcs/pull/145). +- `odoo` has been updated from `16.0.20231024` to `17.0.20240507`. diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index e50ec83fa05ea..08e32ebe7d98d 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -4,29 +4,156 @@ ## Highlights {#sec-release-24.11-highlights} -- Create the first release note entry in this section! +- Convenience options for `amdgpu`, open source driver for Radeon cards, is now available under `hardware.amdgpu`. + +- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD's open source Vulkan driver, is now available to be configured as `hardware.amdgpu.amdvlk` option. + This also allows configuring runtime settings of AMDVLK and enabling experimental features. ## New Services {#sec-release-24.11-new-services} -- Create the first release note entry in this section! +- [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI + for LLMs. Available as [services.open-webui](#opt-services.open-webui.enable) + service. + +- [Quickwit](https://quickwit.io), sub-second search & analytics engine on cloud storage. Available as [services.quickwit](options.html#opt-services.quickwit). + +- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood). + +- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable). + +- [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable). ## Backward Incompatibilities {#sec-release-24.11-incompatibilities} +- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage: + - `transmission-gtk`: `~/.config/transmission` + - `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`) + +- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later. + +- `wstunnel` has had a major version upgrade that entailed rewriting the program in Rust. + The module was updated to accommodate for breaking changes. + Breaking changes to the module API were minimised as much as possible, + but some were nonetheless inevitable due to changes in the upstream CLI. + Certain options were moved from separate CLI arguments into the forward specifications, + and those options were also removed from the module's API, + please consult the wstunnel man page for more detail. + Also be aware that if you have set additional options in `services.wstunnel.{clients,servers}.<name>.extraArgs`, + that those might have been removed or modified upstream. + +- `clang-tools_<version>` packages have been moved into `llvmPackages_<version>` (i.e. `clang-tools_18` is now `llvmPackages_18.clang-tools`). + - For convenience, the top-level `clang-tools` attribute remains and is now bound to `llvmPackages.clang-tools`. + - Top-level `clang_tools_<version>` attributes are now aliases; these will be removed in a future release. + - `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`. +- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can + use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`). + +- `security.ipa.ipaHostname` now defaults to the value of `networking.fqdn` if + it is set, instead of the previous hardcoded default of + `${networking.hostName}.${security.ipa.domain}`. + - `nvimpager` was updated to version 0.13.0, which changes the order of user and nvimpager settings: user commands in `-c` and `--cmd` now override the respective default settings because they are executed later. +- `pkgs.nextcloud27` has been removed since it's EOL. + +- `services.forgejo.mailerPasswordFile` has been deprecated by the drop-in replacement `services.forgejo.secrets.mailer.PASSWD`, + which is part of the new free-form `services.forgejo.secrets` option. + `services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as + `services.forgejo.settings` but takes file paths that will be read before service startup instead of some plaintext value. + +- `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead. + +- `vaultwarden` lost the capability to bind to privileged ports. If you rely on + this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in + your local configuration. + +- The Invoiceplane module now only accepts the structured `settings` option. + `extraConfig` is now removed. + - Legacy package `stalwart-mail_0_6` was dropped, please note the [manual upgrade process](https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md) before changing the package to `pkgs.stalwart-mail` in [`services.stalwart-mail.package`](#opt-services.stalwart-mail.package). +- `androidndkPkgs` has been updated to `androidndkPkgs_26`. + +- Android NDK version 26 and SDK version 33 are now the default versions used for cross compilation to android. + +- `haskell.lib.compose.justStaticExecutables` now disallows references to GHC in the + output by default, to alert users to closure size issues caused by + [#164630](https://github.com/NixOS/nixpkgs/issues/164630). See ["Packaging + Helpers" in the Haskell section of the Nixpkgs + manual](https://nixos.org/manual/nixpkgs/unstable/#haskell-packaging-helpers) + for information on working around `output '...' is not allowed to refer to + the following paths` errors caused by this change. + +- The `stalwart-mail` service now runs under the `stalwart-mail` system user + instead of a dynamically created one via `DynamicUser`, to avoid automatic + ownership changes on its large file store each time the service was started. + This change requires to manually move the state directory from + `/var/lib/private/stalwart-mail` to `/var/lib/stalwart-mail` and to + change the ownership of the directory and its content to `stalwart-mail`. + +- The `stalwart-mail` module now uses RocksDB as the default storage backend + for `stateVersion` ≥ 24.11. (It was previously using SQLite for structured + data and the filesystem for blobs). + +- `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details. + +- `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will + ultimately remove it in GitLab 18.0, as outlined in the + [documentation](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes). + After upgrading to GitLab >= 17.0, it is possible to re-enable support for registration tokens in the UI until GitLab 18.0. + Refer to the manual on [using registration tokens after GitLab 17.0](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170). + GitLab administrators should migrate to the [new runner registration workflow](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170) + with *runner authentication tokens* until the release of GitLab 18.0. + +- `zx` was updated to v8, which introduces several breaking changes. + See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information. + +- The `portunus` package and service do not support weak password hashes anymore. + If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing. + Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes. + If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration: + ```nix + services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; }; + services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }; + ``` + +- The default value of `services.kubernetes.kubelet.hostname` is now lowercased. + Explicitly set `kubelet.hostname` to `networking.fqdnOrHostName` to get back + the old default behavior. + +- `keycloak` was updated to version 25, which introduces new hostname related options. + See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions. + +- The `tracy` package no longer works on X11, since it's moved to Wayland + support, which is the intended default behavior by Tracy maintainers. + X11 users have to switch to the new package `tracy-x11`. + +- The `services.prometheus.exporters.minio` option has been removed, as it's upstream implementation was broken and unmaintained. + Minio now has built-in [Prometheus metrics exposure](https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metrics-using-prometheus.html), which can be used instead. + ## Other Notable Changes {#sec-release-24.11-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> +- `hareHook` has been added as the language framework for Hare. From now on, it, + not the `hare` package, should be added to `nativeBuildInputs` when building + Hare programs. + +- [`lib.options.mkPackageOptionMD`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOptionMD) is now obsolete; use the identical [`lib.options.mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption) instead. + - To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules. The derivation now installs "impl" headers selectively instead of by a wildcard. Use `imgui.src` if you just want to access the unpacked sources. + +- Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) + in `gitlab-runner` 15.6 and is expected to be removed in `gitlab-runner` 18.0. Configuration of existing runners + should be changed to using *runner authentication tokens* by configuring + {option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile` instead of the former + {option}`services.gitlab-runner.services.<name>.registrationConfigFile` option. |