Release 23.05 (“Stoat”, 2023.05/??)
Support is planned until the end of December 2023, handing over to
23.11.
Highlights
In addition to numerous new and upgraded packages, this release
has the following highlights:
Cinnamon has been updated to 5.6, see
the
pull request for what is changed.
New Services
blesh,
a line editor written in pure bash. Available as
programs.bash.blesh.
fzf,
a command line fuzzyfinder. Available as
programs.fzf.
atuin,
a sync server for shell history. Available as
services.atuin.
mmsd,
a lower level daemon that transmits and recieves MMSes.
Available as
services.mmsd.
v2rayA, a Linux
web GUI client of Project V which supports V2Ray, Xray, SS,
SSR, Trojan and Pingtunnel. Available as
services.v2raya.
Backward Incompatibilitiescarnix and cratesIO has
been removed due to being unmaintained, use alternatives such
as
naersk
and
crate2nix
instead.
borgbackup module now has an option for
inhibiting system sleep while backups are running, defaulting
to off (not inhibiting sleep), available as
services.borgbackup.jobs.<name>.inhibitsSleep.
The EC2 image module no longer fetches instance metadata in
stage-1. This results in a significantly smaller initramfs,
since network drivers no longer need to be included, and
faster boots, since metadata fetching can happen in parallel
with startup of other services. This breaks services which
rely on metadata being present by the time stage-2 is entered.
Anything which reads EC2 metadata from
/etc/ec2-metadata should now have an
after dependency on
fetch-ec2-metadata.serviceminio removed support for its legacy
filesystem backend in
RELEASE.2022-10-29T06-21-33Z.
This means if your storage was created with the old format,
minio will no longer start. Unfortunately minio doesn’t
provide a an automatic migration, they only provide
instructions
how to manually convert the node. To facilitate this
migration we keep around the last version that still supports
the old filesystem backend as
minio_legacy_fs. Use it via
services.minio.package = minio_legacy_fs;
to export your data before switching to the new version. See
the corresponding
issue
for more details.
services.sourcehut.dispatch and the
corresponding package
(sourcehut.dispatchsrht) have been removed
due to
upstream
deprecation.
The
services.snapserver.openFirewall
module option default value has been changed from
true to false. You will
need to explicitly set this option to true,
or configure your firewall.
The
services.tmate-ssh-server.openFirewall
module option default value has been changed from
true to false. You will
need to explicitly set this option to true,
or configure your firewall.
The
services.unifi-video.openFirewall
module option default value has been changed from
true to false. You will
need to explicitly set this option to true,
or configure your firewall.
The Nginx module now validates the syntax of config files at
build time. For more complex configurations (using
include with out-of-store files notably)
you may need to disable this check by setting
services.nginx.validateConfig
to false.
The EC2 image module previously detected and automatically
mounted ext3-formatted instance store devices and partitions
in stage-1 (initramfs), storing /tmp on the
first discovered device. This behaviour, which only catered to
very specific use cases and could not be disabled, has been
removed. Users relying on this should provide their own
implementation, and probably use ext4 and perform the mount in
stage-2.
The EC2 image module previously detected and activated
swap-formatted instance store devices and partitions in
stage-1 (initramfs). This behaviour has been removed. Users
relying on this should provide their own implementation.
Qt 5.12 and 5.14 have been removed, as the corresponding
branches have been EOL upstream for a long time. This affected
under 10 packages in nixpkgs, largely unmaintained upstream as
well, however, out-of-tree package expressions may need to be
updated manually.
In mastodon it is now necessary to specify
location of file with PostgreSQL database
password. In
services.mastodon.database.passwordFile
parameter default value
/var/lib/mastodon/secrets/db-password has
been changed to null.
The nix.readOnlyStore option has been
renamed to boot.readOnlyNixStore to clarify
that it configures the NixOS boot process, not the Nix daemon.
Other Notable Changesvim_configurable has been renamed to
vim-full to avoid confusion:
vim-full’s build-time features are
configurable, but both vim and
vim-full are
customizable (in the sense of user
configuration, like vimrc).
The module for the application firewall
opensnitch got the ability to configure
rules. Available as
services.opensnitch.rules
The module usbmuxd now has the ability to
change the package used by the daemon. In case you’re
experiencing issues with usbmuxd you can
try an alternative program like usbmuxd2.
Available as
services.usbmuxd.package
services.mastodon gained a tootctl wrapped
named mastodon-tootctl similar to
nextcloud-occ which can be executed from
any user and switches to the configured mastodon user with
sudo and sources the environment variables.
The dnsmasq service now takes configuration
via the services.dnsmasq.settings attribute
set. The option
services.dnsmasq.extraConfig will be
deprecated when NixOS 22.11 reaches end of life.
To reduce closure size in
nixos/modules/profiles/minimal.nix profile
disabled installation documentations and manuals. Also
disabled logrotate and
udisks2 services.
The minimal ISO image now uses the
nixos/modules/profiles/minimal.nix profile.
mastodon now supports connection to a
remote PostgreSQL database.
services.peertube now requires you to
specify the secret file
secrets.secretsFile. It can be generated by
running openssl rand -hex 32. Before
upgrading, read the release notes for PeerTube:
Release
v5.0.0
And backup your data.
The module services.headscale was
refactored to be compliant with
RFC
0042. To be precise, this means that the following
things have changed:
Most settings has been migrated under
services.headscale.settings
which is an attribute-set that will be converted into
headscale’s YAML config format. This means that the
configuration from
headscale’s
example configuration can be directly written as
attribute-set in Nix within this option.
A new virtualisation.rosetta module was
added to allow running x86_64 binaries
through
Rosetta
inside virtualised NixOS guests on Apple silicon. This feature
works by default with the
UTM
virtualisation
package.
The new option users.motdFile allows
configuring a Message Of The Day that can be updated
dynamically.
Enabling global redirect in
services.nginx.virtualHosts now allows one
to add exceptions with the locations
option.
Resilio sync secret keys can now be provided using a secrets
file at runtime, preventing these secrets from ending up in
the Nix store.
The services.fwupd module now allows
arbitrary daemon settings to be configured in a structured
manner
(services.fwupd.daemonSettings).
The unifi-poller package and corresponding
NixOS module have been renamed to unpoller
to match upstream.
The new option
services.tailscale.useRoutingFeatures
controls various settings for using Tailscale features like
exit nodes and subnet routers. If you wish to use your machine
as an exit node, you can set this setting to
server, otherwise if you wish to use an
exit node you can set this setting to
client. The strict RPF warning has been
removed as the RPF will be loosened automatically based on the
value of this setting.