Release 22.11 (“Raccoon”, 2022.11/??)
Support is planned until the end of June 2023, handing over to
23.05.
Highlights
In addition to numerous new and upgraded packages, this release
has the following highlights:
GNOME has been upgraded to 43. Please take a look at their
Release
Notes for details.
During cross-compilation, tests are now executed if the test
suite can be executed by the build platform. This is the case
when doing “native” cross-compilation where the build and host
platforms are largely the same, but the nixpkgs’ cross
compilation infrastructure is used, e.g.
pkgsStatic and pkgsLLVM.
Another possibility is that the build platform is a superset
of the host platform, e.g. when cross-compiling from
x86_64-unknown-linux to
i686-unknown-linux. The predicate gating
test suite execution is the newly added
canExecute predicate: You can e.g. check if
stdenv.buildPlatform can execute binaries
built for stdenv.hostPlatform (i.e.
produced by stdenv.cc) by evaluating
stdenv.buildPlatform.canExecute stdenv.hostPlatform.
The nixpkgs.hostPlatform and
nixpkgs.buildPlatform options have been
added. These cover and override the
nixpkgs.{system,localSystem,crossSystem}
options.
hostPlatform is the platform or
system string of the
NixOS system described by the configuration.
buildPlatform is the platform that is
responsible for building the NixOS configuration. It
defaults to the hostPlatform, for a
non-cross build configuration. To cross compile, set
buildPlatform to a different value.
The new options convey the same information, but with fewer
options, and following the Nixpkgs terminology.
The existing options
nixpkgs.{system,localSystem,crossSystem}
have not been formally deprecated, to allow for evaluation of
the change and to allow for a transition period so that in
time the ecosystem can switch without breaking compatibility
with any supported NixOS release.
emacs enables native compilation which
means:
emacs packages from nixpkgs, builtin or not, will do
native compilation ahead of time so you can enjoy the
benefit of native compilation without compiling them on
you machine;
emacs packages from somewhere else, e.g.
package-install, will do asynchronously
deferred native compilation. If you do not want this,
maybe to avoid CPU consumption for compilation, you can
use
(setq native-comp-deferred-compilation nil)
to disable it while still enjoy the benefit of native
compilation for packages from nixpkgs.
nixos-generate-config now generates
configurations that can be built in pure mode. This is
achieved by setting the new
nixpkgs.hostPlatform option.
You may have to unset the system parameter
in lib.nixosSystem, or similarly remove
definitions of the
nixpkgs.{system,localSystem,crossSystem}
options.
Alternatively, you can remove the
hostPlatform line and use NixOS like you
would in NixOS 22.05 and earlier.
PHP now defaults to PHP 8.1, updated from 8.0.
Perl has been updated to 5.36, and its core module
HTTP::Tiny was patched to verify SSL/TLS
certificates by default.
Improved performances of
lib.closePropagation which was previously
quadratic. This is used in e.g.
ghcWithPackages. Please see backward
incompatibilities notes below.
Cinnamon has been updated to 5.4. While at it, the cinnamon
module now defaults to blueman as bluetooth manager and
slick-greeter as lightdm greeter to match upstream.
OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
An image configuration and generator has been added for Linode
images, largely based on the present GCE configuration and
image.
hardware.nvidia has a new option
open that can be used to opt in the
opensource version of NVIDIA kernel driver. Note that the
driver’s support for GeForce and Workstation GPUs is still
alpha quality, see
NVIDIA
Releases Open-Source GPU Kernel Modules for the
official announcement.
New Services
appvm,
Nix based app VMs. Available as
virtualisation.appvm.
syncstorage-rs,
a self-hostable sync server for Firefox. Available as
services.firefox-syncserver.
dragonflydb,
a modern replacement for Redis and Memcached. Available as
services.dragonflydb.
Komga, a free and
open source comics/mangas media server. Available as
services.komga.
Tandoor Recipes,
a self-hosted multi-tenant recipe collection. Available as
services.tandoor-recipes.
HBase
cluster, a distributed, scalable, big data store.
Available as
services.hadoop.hbase.
Please,
a Sudo clone written in Rust. Available as
security.please
Sachet,
an SMS alerting tool for the Prometheus Alertmanager.
Available as
services.prometheus.sachet.
infnoise,
a hardware True Random Number Generator dongle. Available as
services.infnoise.
kthxbye,
an alert acknowledgement management daemon for Prometheus
Alertmanager. Available as
services.kthxbye
kanata,
a tool to improve keyboard comfort and usability with advanced
customization. Available as
services.kanata.
karma,
an alert dashboard for Prometheus Alertmanager. Available as
services.karma
languagetool,
a multilingual grammar, style, and spell checker. Available as
services.languagetool.
OpenRGB,
a FOSS tool for controlling RGB lighting. Available as
services.hardware.openrgb.enable.
Outline,
a wiki and knowledge base similar to Notion. Available as
services.outline.
alps,
a simple and extensible webmail. Available as
services.alps.
endlessh-go,
an SSH tarpit that exposes Prometheus metrics. Available as
services.endlessh-go.
netbird, a zero
configuration VPN. Available as
services.netbird.
persistent-evdev,
a daemon to add virtual proxy devices that mirror a physical
input device but persist even if the underlying hardware is
hot-plugged. Available as
services.persistent-evdev.
schleuder, a
mailing list manager with PGP support. Enable using
services.schleuder.
Dolibarr,
an enterprise resource planning and customer relationship
manager. Enable using
services.dolibarr.
FreshRSS, a
free, self-hostable RSS feed aggregator. Available as
services.freshrss.
expressvpn,
the CLI client for ExpressVPN. Available as
services.expressvpn.
go-autoconfig,
IMAP/SMTP autodiscover server. Available as
services.go-autoconfig.
tmate-ssh-server,
server side part of
tmate. Available
as
services.tmate-ssh-server.
Grafana
Tempo, a distributed tracing store. Available as
services.tempo.
AusweisApp2,
the authentication software for the German ID card. Available
as
programs.ausweisapp.
Patroni,
a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as
services.patroni.
Prometheus
IPMI exporter, an IPMI exporter for Prometheus.
Available as
services.prometheus.exporters.ipmi.
WriteFreely,
a simple blogging platform with ActivityPub support. Available
as
services.writefreely.
Listmonk, a
self-hosted newsletter manager. Enable using
services.listmonk.
Backward Incompatibilities
Nixpkgs now requires Nix 2.3 or newer.
The isCompatible predicate checking CPU
compatibility is no longer exposed by the platform sets
generated using lib.systems.elaborate. In
most cases you will want to use the new
canExecute predicate instead which also
considers the kernel / syscall interface. It is briefly
described in the release’s
highlights
section.
lib.systems.parse.isCompatible still
exists, but has changed semantically: Architectures with
differing endianness modes are no longer considered
compatible.
ngrok has been upgraded from 2.3.40 to
3.0.4. Please see
the
upgrade guide and
changelog.
Notably, breaking changes are that the config file format has
changed and support for single hypen arguments was dropped.
i18n.supportedLocales is now by default
only generated with the locales set in
i18n.defaultLocale and
i18n.extraLocaleSettings. This got
partially copied over from the minimal profile and reduces the
final system size by up to 200MB. If you require all locales
installed set the option to
[ "all" ].
The isPowerPC predicate, found on
platform attrsets
(hostPlatform,
buildPlatform,
targetPlatform, etc) has been removed in
order to reduce confusion. The predicate was was defined such
that it matches only the 32-bit big-endian members of the
POWER/PowerPC family, despite having a name which would imply
a broader set of systems. If you were using this predicate,
you can replace foo.isPowerPC with
(with foo; isPower && is32bit && isBigEndian).
The fetchgit fetcher now uses
cone
mode by default for sparse checkouts.
Non-cone
mode can be enabled by passing
nonConeMode = true, but note that non-cone
mode is deprecated and this option may be removed alongside a
future Git update without notice.
openssh was updated to version 9.1,
disabling the generation of DSA keys when using
ssh-keygen -A as they are insecure. Also,
SetEnv directives in
ssh_config and
sshd_config are now first-match-wins
bsp-layout no longer uses the command
cycle to switch to other window layouts, as
it got replaced by the commands previous
and next.
The Barco ClickShare driver/client package
pkgs.clickshare-csc1 and the option
programs.clickshare-csc1.enable have been
removed, as it requires qt4, which reached
its end-of-life 2015 and will no longer be supported by
nixpkgs.
According
to Barco many of their base unit models can be used
with Google Chrome and the Google Cast extension.
services.hbase has been renamed to
services.hbase-standalone. For production
HBase clusters, use services.hadoop.hbase
instead.
The p4 package now only includes the
open-source Perforce Helix Core command-line client and APIs.
It no longer installs the unfree Helix Core Server binaries
p4d, p4broker, and
p4p. To install the Helix Core Server
binaries, use the p4d package instead.
The coq package and versioned variants
starting at coq_8_14 no longer include
CoqIDE, which is now available through
coqPackages.coqide. It is still possible to
get CoqIDE as part of the coq package by
overriding the buildIde argument of the
derivation.
PHP 7.4 is no longer supported due to upstream not supporting
this version for the entire lifecycle of the 22.11 release.
pkgs.cosign does not provide the
cosigned binary anymore. The
sget binary has been moved into its own
package.
Emacs now uses the Lucid toolkit by default instead of GTK
because of stability and compatibility issues. Users who still
wish to remain using GTK can do so by using
emacs-gtk.
riak package removed along with
services.riak module, due to lack of
maintainer to update the package.
xow package removed along with the
hardware.xow module, due to the project
being deprecated in favor of xone, which is
available via the hardware.xone module.
dd-agent package removed along with the
services.dd-agent module, due to the
project being deprecated in favor of
datadog-agent, which is available via the
services.datadog-agent module.
teleport has been upgraded to major version
10. Please see upstream
upgrade
instructions and
release
notes.
lib.closePropagation now needs that all
gathered sets have an outPath attribute.
lemmy module option
services.lemmy.settings.database.createLocally
moved to
services.lemmy.database.createLocally.
virtlyst package and services.virtlyst
module removed, due to lack of maintainers.
generateOptparseApplicativeCompletions and
generateOptparseApplicativeCompletion from
haskell.lib.compose (and
haskell.lib) have been deprecated in favor
of generateOptparseApplicativeCompletions
(plural!) as provided by the haskell package sets (so
haskellPackages.generateOptparseApplicativeCompletions
etc.). The latter allows for cross-compilation (by
automatically disabling generation of completion in the cross
case). For it to work properly you need to make sure that the
function comes from the same context as the package you are
trying to override, i.e. always use the same package set as
your package is coming from or – even better – use
self.generateOptparseApplicativeCompletions
if you are overriding a haskell package set. The old functions
are retained for backwards compatibility, but yield are
warning.
The services.graphite.api and
services.graphite.beacon NixOS options, and
the python3.pkgs.graphite_api,
python3.pkgs.graphite_beacon and
python3.pkgs.influxgraph packages, have
been removed due to lack of upstream maintenance.
The aws package has been removed due to
being abandoned by the upstream. It is recommended to use
awscli or awscli2
instead.
systemd-networkd v250 deprecated, renamed,
and moved some sections and settings which leads to the
following breaking module changes:
systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig
is renamed to
systemd.network.networks.<name>.dhcpPrefixDelegationConfig.
systemd.network.networks.<name>.dhcpV6Config
no longer accepts the
ForceDHCPv6PDOtherInformation= setting.
Please use the WithoutRA= and
UseDelegatedPrefix= settings in your
systemd.network.networks.<name>.dhcpV6Config
and the DHCPv6Client= setting in your
systemd.network.networks.<name>.ipv6AcceptRAConfig
to control when the DHCPv6 client is started and how the
delegated prefixes are handled by the DHCPv6 client.
systemd.network.networks.<name>.networkConfig
no longer accepts the IPv6Token=
setting. Use the Token= setting in your
systemd.network.networks.<name>.ipv6AcceptRAConfig
instead. The
systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig
now also accepts the Token= setting.
The meta.mainProgram attribute of packages
in wineWowPackages now defaults to
"wine64".
The paperless module now defaults
PAPERLESS_TIME_ZONE to your configured
system timezone.
The top-level termonad-with-packages alias
for termonad has been removed.
(Neo)Vim can not be configured with
configure.pathogen anymore to reduce
maintainance burden. Use configure.packages
instead.
Neovim can not be configured with plug anymore (still works
for vim).
The default kops version is now 1.25.1 and
support for 1.22 and older has been dropped.
k3s no longer supports docker as runtime
due to upstream dropping support.
k3s supports clusterInit
option, and it is enabled by default, for servers.
stylua no longer accepts
lua52Support and
luauSupport overrides, use
features instead, which defaults to
[ "lua54" "luau" ].
pkgs.fetchNextcloudApp has been rewritten
to circumvent impurities in e.g. tarballs from GitHub and to
make it easier to apply patches. This means that your hashes
are out-of-date and the (previously required) attributes
name and version are no
longer accepted.
Other Notable Changes
The xplr package has been updated from
0.18.0 to 0.19.0, which brings some breaking changes. See the
upstream
release notes for more details.
github-runner gained support for ephemeral
runners and registrations using a personal access token (PAT)
instead of a registration token. See
services.github-runner.ephemeral and
services.github-runner.tokenFile for
details.
A new module was added for the Saleae Logic device family,
providing the options
hardware.saleae-logic.enable and
hardware.saleae-logic.package.
The Redis module now disables RDB persistence when
services.redis.servers.<name>.save = []
instead of using the Redis default.
Neo4j was updated from version 3 to version 4. See this
migration
guide on how to migrate your Neo4j instance.
The networking.wireguard module now can set
the mtu on interfaces and tag its packets with an fwmark.
The services.matrix-synapse systemd unit
has been hardened.
Matrix Synapse now requires entries in the
state_group_edges table to be unique, in
order to prevent accidentally introducing duplicate
information (for example, because a database backup was
restored multiple times). If your Synapse database already has
duplicate rows in this table, this could fail with an error
and require manual remediation.
The diamond package has been update from
0.8.36 to 2.0.15. See the
upstream
release notes for more details.
The guake package has been updated from
3.6.3 to 3.9.0, see the
changelog
for more details.
dockerTools.buildImage deprecates the
misunderstood contents parameter, in favor
of copyToRoot. Use
copyToRoot = buildEnv { ... }; or similar
if you intend to add packages to /bin.
memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2.
It is now the upstream version from https://www.memtest.org/,
as coreboot’s fork is no longer available.
Option descriptions, examples, and defaults writting in
DocBook are now deprecated. Using CommonMark is preferred and
will become the default in a future release.
The
documentation.nixos.options.allowDocBook
option was added to ease the transition to CommonMark option
documentation. Setting this option to false
causes an error for every option included in the manual that
uses DocBook documentation; it defaults to
true to preserve the previous behavior and
will be removed once the transition to CommonMark is complete.
The udisks2 service, available at
services.udisks2.enable, is now disabled by
default. It will automatically be enabled through services and
desktop environments as needed. This also means that polkit
will now actually be disabled by default. The default for
security.polkit.enable was already flipped
in the previous release, but udisks2 being enabled by default
re-enabled it.
Add udev rules for the Teensy family of microcontrollers.
systemd-oomd is enabled by default. Depending on which systemd
units have ManagedOOMSwap=kill or
ManagedOOMMemoryPressure=kill, systemd-oomd
will SIGKILL all the processes under the appropriate
descendant cgroups when the configured limits are exceeded.
NixOS does currently not configure cgroups with oomd by
default, this can be enabled using
systemd.oomd.enableRootSlice,
systemd.oomd.enableSystemSlice,
and
systemd.oomd.enableUserServices.
The pass-secret-service package now
includes systemd units from upstream, so adding it to the
NixOS services.dbus.packages option will
make it start automatically as a systemd user service when an
application tries to talk to the libsecret D-Bus API.
There is a new module for AMD SEV CPU functionality, which
grants access to the hardware.
The Wordpress module got support for installing language packs
through
services.wordpress.sites.<site>.languages.
There is a new module for the thunar
program (the Xfce file manager), which depends on the
xfconf dbus service, and also has a dbus
service and a systemd unit. The option
services.xserver.desktopManager.xfce.thunarPlugins
has been renamed to
programs.thunar.plugins, and in a future
release it may be removed.
There is a new module for the xfconf
program (the Xfce configuration storage system), which has a
dbus service.
The nomad package now defaults to 1.3,
which no longer has a downgrade path to releases 1.2 or older.
The nodePackages package set now defaults
to the LTS release in the nodejs package
again, instead of being pinned to
nodejs-14_x. Several updates to node2nix
have been made for compatibility with newer Node.js and npm
versions and a new postRebuild hook has
been added for packages to perform extra build steps before
the npm install step prunes dev dependencies.