pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11">
2 <title>Release 21.11 (“Porcupine”, 2021/11/30)</title>
3 <itemizedlist spacing="compact">
4 <listitem>
5 <para>
6 Support is planned until the end of June 2022, handing over to
7 22.05.
8 </para>
9 </listitem>
10 </itemizedlist>
11 <section xml:id="sec-release-21.11-highlights">
12 <title>Highlights</title>
13 <para>
14 In addition to numerous new and upgraded packages, this release
15 has the following highlights:
16 </para>
17 <itemizedlist>
18 <listitem>
19 <para>
20 Nix has been updated to version 2.4, reference its
21 <link xlink:href="https://discourse.nixos.org/t/nix-2-4-released/15822">release
22 notes</link> for more information on what has changed. The
23 previous version of Nix, 2.3.16, remains available for the
24 time being in the <literal>nix_2_3</literal> package.
25 </para>
26 </listitem>
27 <listitem>
28 <para>
29 <literal>iptables</literal> is now using
30 <literal>nf_tables</literal> under the hood, by using
31 <literal>iptables-nft</literal>, similar to
32 <link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link>
33 and
34 <link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>.
35 This means, <literal>ip[6]tables</literal>,
36 <literal>arptables</literal> and <literal>ebtables</literal>
37 commands will actually show rules from some specific tables in
38 the <literal>nf_tables</literal> kernel subsystem. In case
39 you’re migrating from an older release without rebooting,
40 there might be cases where you end up with iptable rules
41 configured both in the legacy <literal>iptables</literal>
42 kernel backend, as well as in the <literal>nf_tables</literal>
43 backend. This can lead to confusing firewall behaviour. An
44 <literal>iptables-save</literal> after switching will complain
45 about <quote>iptables-legacy tables present</quote>. It’s
46 probably best to reboot after the upgrade, or manually
47 removing all legacy iptables rules (via the
48 <literal>iptables-legacy</literal> package).
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 systemd got an <literal>nftables</literal> backend, and
54 configures (networkd) rules in their own
55 <literal>io.systemd.*</literal> tables. Check
56 <literal>nft list ruleset</literal> to see these rules, not
57 <literal>iptables-save</literal> (which only shows
58 <literal>iptables</literal>-created rules.
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 PHP now defaults to PHP 8.0, updated from 7.4.
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 kops now defaults to 1.21.1, which uses containerd as the
69 default runtime.
70 </para>
71 </listitem>
72 <listitem>
73 <para>
74 <literal>python3</literal> now defaults to Python 3.9, updated
75 from Python 3.8.
76 </para>
77 </listitem>
78 <listitem>
79 <para>
80 PostgreSQL now defaults to major version 13.
81 </para>
82 </listitem>
83 <listitem>
84 <para>
85 spark now defaults to spark 3, updated from 2. A
86 <link xlink:href="https://spark.apache.org/docs/latest/core-migration-guide.html#upgrading-from-core-24-to-30">migration
87 guide</link> is available.
88 </para>
89 </listitem>
90 <listitem>
91 <para>
92 Improvements have been made to the Hadoop module and package:
93 </para>
94 <itemizedlist spacing="compact">
95 <listitem>
96 <para>
97 HDFS and YARN now support production-ready highly
98 available deployments with automatic failover.
99 </para>
100 </listitem>
101 <listitem>
102 <para>
103 Hadoop now defaults to Hadoop 3, updated from 2.
104 </para>
105 </listitem>
106 <listitem>
107 <para>
108 JournalNode, ZKFS and HTTPFS services have been added.
109 </para>
110 </listitem>
111 </itemizedlist>
112 </listitem>
113 <listitem>
114 <para>
115 Activation scripts can now, optionally, be run during a
116 <literal>nixos-rebuild dry-activate</literal> and can detect
117 the dry activation by reading
118 <literal>$NIXOS_ACTION</literal>. This allows activation
119 scripts to output what they would change if the activation was
120 really run. The users/modules activation script supports this
121 and outputs some of is actions.
122 </para>
123 </listitem>
124 <listitem>
125 <para>
126 KDE Plasma now finally works on Wayland.
127 </para>
128 </listitem>
129 <listitem>
130 <para>
131 bash now defaults to major version 5.
132 </para>
133 </listitem>
134 <listitem>
135 <para>
136 Systemd was updated to version 249 (from 247).
137 </para>
138 </listitem>
139 <listitem>
140 <para>
141 Pantheon desktop has been updated to version 6. Due to changes
142 of screen locker, if locking doesn’t work for you, please try
143 <literal>gsettings set org.gnome.desktop.lockdown disable-lock-screen false</literal>.
144 </para>
145 </listitem>
146 <listitem>
147 <para>
148 <literal>kubernetes-helm</literal> now defaults to 3.7.0,
149 which introduced some breaking changes to the experimental OCI
150 manifest format. See
151 <link xlink:href="https://github.com/helm/community/blob/main/hips/hip-0006.md">HIP
152 6</link> for more details. <literal>helmfile</literal> also
153 defaults to 0.141.0, which is the minimum compatible version.
154 </para>
155 </listitem>
156 <listitem>
157 <para>
158 GNOME has been upgraded to 41. Please take a look at their
159 <link xlink:href="https://help.gnome.org/misc/release-notes/41.0/">Release
160 Notes</link> for details.
161 </para>
162 </listitem>
163 <listitem>
164 <para>
165 LXD support was greatly improved:
166 </para>
167 <itemizedlist spacing="compact">
168 <listitem>
169 <para>
170 building LXD images from configurations is now directly
171 possible with just nixpkgs
172 </para>
173 </listitem>
174 <listitem>
175 <para>
176 hydra is now building nixOS LXD images that can be used
177 standalone with full nixos-rebuild support
178 </para>
179 </listitem>
180 </itemizedlist>
181 </listitem>
182 <listitem>
183 <para>
184 OpenSSH was updated to version 8.8p1
185 </para>
186 <itemizedlist spacing="compact">
187 <listitem>
188 <para>
189 This breaks connections to old SSH daemons as ssh-rsa host
190 keys and ssh-rsa public keys that were signed with SHA-1
191 are disabled by default now
192 </para>
193 </listitem>
194 <listitem>
195 <para>
196 These can be re-enabled, see the
197 <link xlink:href="https://www.openssh.com/txt/release-8.8">OpenSSH
198 changelog</link> for details
199 </para>
200 </listitem>
201 </itemizedlist>
202 </listitem>
203 <listitem>
204 <para>
205 ORY Kratos was updated to version 0.8.0-alpha.3
206 </para>
207 <itemizedlist spacing="compact">
208 <listitem>
209 <para>
210 This release requires you to run SQL migrations. Please,
211 as always, create a backup of your database first!
212 </para>
213 </listitem>
214 <listitem>
215 <para>
216 The SDKs are now generated with tag v0alpha2 to reflect
217 that some signatures have changed in a breaking fashion.
218 Please update your imports from v0alpha1 to v0alpha2.
219 </para>
220 </listitem>
221 <listitem>
222 <para>
223 The SMTPS scheme used in courier config URL with
224 cleartext/StartTLS/TLS SMTP connection types is now only
225 supporting implicit TLS. For StartTLS and cleartext SMTP,
226 please use the SMTP scheme instead.
227 </para>
228 </listitem>
229 <listitem>
230 <para>
231 for more details, see
232 <link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1">Release
233 Notes</link>.
234 </para>
235 </listitem>
236 </itemizedlist>
237 </listitem>
238 </itemizedlist>
239 </section>
240 <section xml:id="sec-release-21.11-new-services">
241 <title>New Services</title>
242 <itemizedlist>
243 <listitem>
244 <para>
245 <link xlink:href="https://digint.ch/btrbk/index.html">btrbk</link>,
246 a backup tool for btrfs subvolumes, taking advantage of btrfs
247 specific capabilities to create atomic snapshots and transfer
248 them incrementally to your backup locations. Available as
249 <link xlink:href="options.html#opt-services.brtbk.instances">services.btrbk</link>.
250 </para>
251 </listitem>
252 <listitem>
253 <para>
254 <link xlink:href="https://github.com/xrelkd/clipcat/">clipcat</link>,
255 an X11 clipboard manager written in Rust. Available at
256 <link xlink:href="options.html#opt-services.clipcat.enable">services.clipcat</link>.
257 </para>
258 </listitem>
259 <listitem>
260 <para>
261 <link xlink:href="https://github.com/dexidp/dex">dex</link>,
262 an OpenID Connect (OIDC) identity and OAuth 2.0 provider.
263 Available at
264 <link xlink:href="options.html#opt-services.dex.enable">services.dex</link>.
265 </para>
266 </listitem>
267 <listitem>
268 <para>
269 <link xlink:href="https://github.com/maxmind/geoipupdate">geoipupdate</link>,
270 a GeoIP database updater from MaxMind. Available as
271 <link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
272 </para>
273 </listitem>
274 <listitem>
275 <para>
276 <link xlink:href="https://github.com/jitsi/jibri">Jibri</link>,
277 a service for recording or streaming a Jitsi Meet conference.
278 Available as
279 <link xlink:href="options.html#opt-services.jibri.enable">services.jibri</link>.
280 </para>
281 </listitem>
282 <listitem>
283 <para>
284 <link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs
285 2nd generation DHCP and DDNS server suite. Available at
286 <link xlink:href="options.html#opt-services.kea.dhcp4">services.kea</link>.
287 </para>
288 </listitem>
289 <listitem>
290 <para>
291 <link xlink:href="https://owncast.online/">owncast</link>,
292 self-hosted video live streaming solution. Available at
293 <link xlink:href="options.html#opt-services.owncast.enable">services.owncast</link>.
294 </para>
295 </listitem>
296 <listitem>
297 <para>
298 <link xlink:href="https://joinpeertube.org/">PeerTube</link>,
299 developed by Framasoft, is the free and decentralized
300 alternative to video platforms. Available at
301 <link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
302 </para>
303 </listitem>
304 <listitem>
305 <para>
306 <link xlink:href="https://sr.ht">sourcehut</link>, a
307 collection of tools useful for software development. Available
308 as
309 <link xlink:href="options.html#opt-services.sourcehut.enable">services.sourcehut</link>.
310 </para>
311 </listitem>
312 <listitem>
313 <para>
314 <link xlink:href="https://download.pureftpd.org/pub/ucarp/README">ucarp</link>,
315 an userspace implementation of the Common Address Redundancy
316 Protocol (CARP). Available as
317 <link xlink:href="options.html#opt-networking.ucarp.enable">networking.ucarp</link>.
318 </para>
319 </listitem>
320 <listitem>
321 <para>
322 Users of flashrom should migrate to
323 <link xlink:href="options.html#opt-programs.flashrom.enable">programs.flashrom.enable</link>
324 and add themselves to the <literal>flashrom</literal> group to
325 be able to access programmers supported by flashrom.
326 </para>
327 </listitem>
328 <listitem>
329 <para>
330 <link xlink:href="https://vikunja.io">vikunja</link>, a to-do
331 list app. Available as
332 <link linkend="opt-services.vikunja.enable">services.vikunja</link>.
333 </para>
334 </listitem>
335 <listitem>
336 <para>
337 <link xlink:href="https://github.com/evilsocket/opensnitch">opensnitch</link>,
338 an application firewall. Available as
339 <link linkend="opt-services.opensnitch.enable">services.opensnitch</link>.
340 </para>
341 </listitem>
342 <listitem>
343 <para>
344 <link xlink:href="https://www.snapraid.it/">snapraid</link>, a
345 backup program for disk arrays. Available as
346 <link linkend="opt-snapraid.enable">snapraid</link>.
347 </para>
348 </listitem>
349 <listitem>
350 <para>
351 <link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
352 a OpenPGP Key Server. Available as
353 <link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
354 </para>
355 </listitem>
356 <listitem>
357 <para>
358 <link xlink:href="https://github.com/buildkite/buildkite-agent-metrics">buildkite-agent-metrics</link>,
359 a command-line tool for collecting Buildkite agent metrics,
360 now has a Prometheus exporter available as
361 <link linkend="opt-services.prometheus.exporters.buildkite-agent.enable">services.prometheus.exporters.buildkite-agent</link>.
362 </para>
363 </listitem>
364 <listitem>
365 <para>
366 <link xlink:href="https://github.com/prometheus/influxdb_exporter">influxdb-exporter</link>
367 a Prometheus exporter that exports metrics received on an
368 InfluxDB compatible endpoint is now available as
369 <link linkend="opt-services.prometheus.exporters.influxdb.enable">services.prometheus.exporters.influxdb</link>.
370 </para>
371 </listitem>
372 <listitem>
373 <para>
374 <link xlink:href="https://github.com/matrix-discord/mx-puppet-discord">mx-puppet-discord</link>,
375 a discord puppeting bridge for matrix. Available as
376 <link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>.
377 </para>
378 </listitem>
379 <listitem>
380 <para>
381 <link xlink:href="https://www.meshcommander.com/meshcentral2/overview">MeshCentral</link>,
382 a remote administration service (<quote>TeamViewer but
383 self-hosted and with more features</quote>) is now available
384 with a package and a module:
385 <link linkend="opt-services.meshcentral.enable">services.meshcentral.enable</link>
386 </para>
387 </listitem>
388 <listitem>
389 <para>
390 <link xlink:href="https://github.com/Arksine/moonraker">moonraker</link>,
391 an API web server for Klipper. Available as
392 <link linkend="opt-services.moonraker.enable">moonraker</link>.
393 </para>
394 </listitem>
395 <listitem>
396 <para>
397 <link xlink:href="https://github.com/influxdata/influxdb">influxdb2</link>,
398 a Scalable datastore for metrics, events, and real-time
399 analytics. Available as
400 <link linkend="opt-services.influxdb2.enable">services.influxdb2</link>.
401 </para>
402 </listitem>
403 <listitem>
404 <para>
405 <link xlink:href="https://posativ.org/isso/">isso</link>, a
406 commenting server similar to Disqus. Available as
407 <link linkend="opt-services.isso.enable">isso</link>
408 </para>
409 </listitem>
410 <listitem>
411 <para>
412 <link xlink:href="https://www.navidrome.org/">navidrome</link>,
413 a personal music streaming server with subsonic-compatible
414 api. Available as
415 <link linkend="opt-services.navidrome.enable">navidrome</link>.
416 </para>
417 </listitem>
418 <listitem>
419 <para>
420 <link xlink:href="https://docs.fluidd.xyz/">fluidd</link>, a
421 Klipper web interface for managing 3d printers using
422 moonraker. Available as
423 <link linkend="opt-services.fluidd.enable">fluidd</link>.
424 </para>
425 </listitem>
426 <listitem>
427 <para>
428 <link xlink:href="https://github.com/earnestly/sx">sx</link>,
429 a simple alternative to both xinit and startx for starting a
430 Xorg server. Available as
431 <link linkend="opt-services.xserver.displayManager.sx.enable">services.xserver.displayManager.sx</link>
432 </para>
433 </listitem>
434 <listitem>
435 <para>
436 <link xlink:href="https://postfixadmin.sourceforge.io/">postfixadmin</link>,
437 a web based virtual user administration interface for Postfix
438 mail servers. Available as
439 <link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
440 </para>
441 </listitem>
442 <listitem>
443 <para>
444 <link xlink:href="https://wiki.servarr.com/prowlarr">prowlarr</link>,
445 an indexer manager/proxy built on the popular arr .net/reactjs
446 base stack
447 <link linkend="opt-services.prowlarr.enable">services.prowlarr</link>.
448 </para>
449 </listitem>
450 <listitem>
451 <para>
452 <link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
453 user-friendly IRC bouncer. Available as
454 <link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
455 </para>
456 </listitem>
457 <listitem>
458 <para>
459 <link xlink:href="https://nats.io/">nats</link>, a high
460 performance cloud and edge messaging system. Available as
461 <link linkend="opt-services.nats.enable">services.nats</link>.
462 </para>
463 </listitem>
464 <listitem>
465 <para>
466 <link xlink:href="https://git-scm.com">git</link>, a
467 distributed version control system. Available as
468 <link xlink:href="options.html#opt-programs.git.enable">programs.git</link>.
469 </para>
470 </listitem>
471 <listitem>
472 <para>
473 <link xlink:href="https://domainaware.github.io/parsedmarc/">parsedmarc</link>,
474 a service which parses incoming
475 <link xlink:href="https://dmarc.org/">DMARC</link> reports and
476 stores or sends them to a downstream service for further
477 analysis. Documented in
478 <link linkend="module-services-parsedmarc">its manual
479 entry</link>.
480 </para>
481 </listitem>
482 <listitem>
483 <para>
484 <link xlink:href="https://spark.apache.org/">spark</link>, a
485 unified analytics engine for large-scale data processing.
486 </para>
487 </listitem>
488 <listitem>
489 <para>
490 <link xlink:href="https://github.com/JoseExposito/touchegg">touchegg</link>,
491 a multi-touch gesture recognizer. Available as
492 <link linkend="opt-services.touchegg.enable">services.touchegg</link>.
493 </para>
494 </listitem>
495 <listitem>
496 <para>
497 <link xlink:href="https://github.com/pantheon-tweaks/pantheon-tweaks">pantheon-tweaks</link>,
498 an unofficial system settings panel for Pantheon. Available as
499 <link linkend="opt-programs.pantheon-tweaks.enable">programs.pantheon-tweaks</link>.
500 </para>
501 </listitem>
502 <listitem>
503 <para>
504 <link xlink:href="https://github.com/DanielOgorchock/joycond">joycond</link>,
505 a service that uses <literal>hid-nintendo</literal> to provide
506 nintendo joycond pairing and better nintendo switch pro
507 controller support.
508 </para>
509 </listitem>
510 <listitem>
511 <para>
512 <link xlink:href="https://github.com/opensvc/multipath-tools">multipath</link>,
513 the device mapper multipath (DM-MP) daemon. Available as
514 <link linkend="opt-services.multipath.enable">services.multipath</link>.
515 </para>
516 </listitem>
517 <listitem>
518 <para>
519 <link xlink:href="https://www.seafile.com/en/home/">seafile</link>,
520 an open source file syncing & sharing software. Available
521 as
522 <link xlink:href="options.html#opt-services.seafile.enable">services.seafile</link>.
523 </para>
524 </listitem>
525 <listitem>
526 <para>
527 <link xlink:href="https://github.com/mchehab/rasdaemon">rasdaemon</link>,
528 a hardware error logging daemon. Available as
529 <link linkend="opt-hardware.rasdaemon.enable">hardware.rasdaemon</link>.
530 </para>
531 </listitem>
532 <listitem>
533 <para>
534 <literal>code-server</literal>-module now available
535 </para>
536 </listitem>
537 <listitem>
538 <para>
539 <link xlink:href="https://github.com/xmrig/xmrig">xmrig</link>,
540 a high performance, open source, cross platform RandomX,
541 KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and
542 RandomX benchmark.
543 </para>
544 </listitem>
545 <listitem>
546 <para>
547 Auto nice daemons
548 <link xlink:href="https://github.com/Nefelim4ag/Ananicy">ananicy</link>
549 and
550 <link xlink:href="https://gitlab.com/ananicy-cpp/ananicy-cpp/">ananicy-cpp</link>.
551 Available as
552 <link linkend="opt-services.ananicy.enable">services.ananicy</link>.
553 </para>
554 </listitem>
555 <listitem>
556 <para>
557 <link xlink:href="https://github.com/prometheus-community/smartctl_exporter">smartctl_exporter</link>,
558 a Prometheus exporter for
559 <link xlink:href="https://en.wikipedia.org/wiki/S.M.A.R.T.">S.M.A.R.T.</link>
560 data. Available as
561 <link xlink:href="options.html#opt-services.prometheus.exporters.smartctl.enable">services.prometheus.exporters.smartctl</link>.
562 </para>
563 </listitem>
564 </itemizedlist>
565 </section>
566 <section xml:id="sec-release-21.11-incompatibilities">
567 <title>Backward Incompatibilities</title>
568 <itemizedlist>
569 <listitem>
570 <para>
571 The NixOS VM test framework,
572 <literal>pkgs.nixosTest</literal>/<literal>make-test-python.nix</literal>
573 (<literal>pkgs.testers.nixosTest</literal> since 22.05), now
574 requires detaching commands such as
575 <literal>succeed("foo &")</literal> and
576 <literal>succeed("foo | xclip -i")</literal> to
577 close stdout. This can be done with a redirect such as
578 <literal>succeed("foo >&2 &")</literal>.
579 This breaking change was necessitated by a race condition
580 causing tests to fail or hang. It applies to all methods that
581 invoke commands on the nodes, including
582 <literal>execute</literal>, <literal>succeed</literal>,
583 <literal>fail</literal>,
584 <literal>wait_until_succeeds</literal>,
585 <literal>wait_until_fails</literal>.
586 </para>
587 </listitem>
588 <listitem>
589 <para>
590 The <literal>services.wakeonlan</literal> option was removed,
591 and replaced with
592 <literal>networking.interfaces.<name>.wakeOnLan</literal>.
593 </para>
594 </listitem>
595 <listitem>
596 <para>
597 The <literal>security.wrappers</literal> option now requires
598 to always specify an owner, group and whether the
599 setuid/setgid bit should be set. This is motivated by the fact
600 that before NixOS 21.11, specifying either setuid or setgid
601 but not owner/group resulted in wrappers owned by
602 nobody/nogroup, which is unsafe.
603 </para>
604 </listitem>
605 <listitem>
606 <para>
607 Since <literal>iptables</literal> now uses
608 <literal>nf_tables</literal> backend and
609 <literal>ipset</literal> doesn’t support it, some applications
610 (ferm, shorewall, firehol) may have limited functionality.
611 </para>
612 </listitem>
613 <listitem>
614 <para>
615 The <literal>paperless</literal> module and package have been
616 removed. All users should migrate to the successor
617 <literal>paperless-ng</literal> instead. The Paperless project
618 <link xlink:href="https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4">has
619 been archived</link> and advises all users to use
620 <literal>paperless-ng</literal> instead.
621 </para>
622 <para>
623 Users can use the <literal>services.paperless-ng</literal>
624 module as a replacement while noting the following
625 incompatibilities:
626 </para>
627 <itemizedlist spacing="compact">
628 <listitem>
629 <para>
630 <literal>services.paperless.ocrLanguages</literal> has no
631 replacement. Users should migrate to
632 <link xlink:href="options.html#opt-services.paperless-ng.extraConfig"><literal>services.paperless-ng.extraConfig</literal></link>
633 instead:
634 </para>
635 </listitem>
636 </itemizedlist>
637 <programlisting language="bash">
638{
639 services.paperless-ng.extraConfig = {
640 # Provide languages as ISO 639-2 codes
641 # separated by a plus (+) sign.
642 # https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes
643 PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse
644 };
645}
646</programlisting>
647 <itemizedlist>
648 <listitem>
649 <para>
650 If you previously specified
651 <literal>PAPERLESS_CONSUME_MAIL_*</literal> settings in
652 <literal>services.paperless.extraConfig</literal> you
653 should remove those options now. You now
654 <emphasis>must</emphasis> define those settings in the
655 admin interface of paperless-ng.
656 </para>
657 </listitem>
658 <listitem>
659 <para>
660 Option <literal>services.paperless.manage</literal> no
661 longer exists. Use the script at
662 <literal>${services.paperless-ng.dataDir}/paperless-ng-manage</literal>
663 instead. Note that this script only exists after the
664 <literal>paperless-ng</literal> service has been started
665 at least once.
666 </para>
667 </listitem>
668 <listitem>
669 <para>
670 After switching to the new system configuration you should
671 run the Django management command to reindex your
672 documents and optionally create a user, if you don’t have
673 one already.
674 </para>
675 <para>
676 To do so, enter the data directory (the value of
677 <literal>services.paperless-ng.dataDir</literal>,
678 <literal>/var/lib/paperless</literal> by default), switch
679 to the paperless user and execute the management command
680 like below:
681 </para>
682 <programlisting>
683$ cd /var/lib/paperless
684$ su paperless -s /bin/sh
685$ ./paperless-ng-manage document_index reindex
686# if not already done create a user account, paperless-ng requires a login
687$ ./paperless-ng-manage createsuperuser
688Username (leave blank to use 'paperless'): my-user-name
689Email address: me@example.com
690Password: **********
691Password (again): **********
692Superuser created successfully.
693</programlisting>
694 </listitem>
695 </itemizedlist>
696 </listitem>
697 <listitem>
698 <para>
699 The <literal>staticjinja</literal> package has been upgraded
700 from 1.0.4 to 4.1.1
701 </para>
702 </listitem>
703 <listitem>
704 <para>
705 Firefox v91 does not support addons with invalid signature
706 anymore. Firefox ESR needs to be used for nix addon support.
707 </para>
708 </listitem>
709 <listitem>
710 <para>
711 The <literal>erigon</literal> ethereum node has moved to a new
712 database format in <literal>2021-05-04</literal>, and requires
713 a full resync
714 </para>
715 </listitem>
716 <listitem>
717 <para>
718 The <literal>erigon</literal> ethereum node has moved it’s
719 database location in <literal>2021-08-03</literal>, users
720 upgrading must manually move their chaindata (see
721 <link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release
722 notes</link>).
723 </para>
724 </listitem>
725 <listitem>
726 <para>
727 <link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link>
728 no longer defaults to <literal>nogroup</literal>, which was
729 insecure. Out-of-tree modules are likely to require
730 adaptation: instead of
731 </para>
732 <programlisting language="bash">
733{
734 users.users.foo = {
735 isSystemUser = true;
736 };
737}
738</programlisting>
739 <para>
740 also create a group for your user:
741 </para>
742 <programlisting language="bash">
743{
744 users.users.foo = {
745 isSystemUser = true;
746 group = "foo";
747 };
748 users.groups.foo = {};
749}
750</programlisting>
751 </listitem>
752 <listitem>
753 <para>
754 <literal>services.geoip-updater</literal> was broken and has
755 been replaced by
756 <link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
757 </para>
758 </listitem>
759 <listitem>
760 <para>
761 <literal>ihatemoney</literal> has been updated to version
762 5.1.1
763 (<link xlink:href="https://github.com/spiral-project/ihatemoney/blob/5.1.1/CHANGELOG.rst">release
764 notes</link>). If you serve ihatemoney by HTTP rather than
765 HTTPS, you must set
766 <link xlink:href="options.html#opt-services.ihatemoney.secureCookie">services.ihatemoney.secureCookie</link>
767 to <literal>false</literal>.
768 </para>
769 </listitem>
770 <listitem>
771 <para>
772 PHP 7.3 is no longer supported due to upstream not supporting
773 this version for the entire lifecycle of the 21.11 release.
774 </para>
775 </listitem>
776 <listitem>
777 <para>
778 Those making use of <literal>buildBazelPackage</literal> will
779 need to regenerate the fetch hashes (preferred), or set
780 <literal>fetchConfigured = false;</literal>.
781 </para>
782 </listitem>
783 <listitem>
784 <para>
785 <literal>consul</literal> was upgraded to a new major release
786 with breaking changes, see
787 <link xlink:href="https://github.com/hashicorp/consul/releases/tag/v1.10.0">upstream
788 changelog</link>.
789 </para>
790 </listitem>
791 <listitem>
792 <para>
793 fsharp41 has been removed in preference to use the latest
794 dotnet-sdk
795 </para>
796 </listitem>
797 <listitem>
798 <para>
799 The following F#-related packages have been removed for being
800 unmaintaned. Please use <literal>fetchNuGet</literal> for
801 specific packages.
802 </para>
803 <itemizedlist spacing="compact">
804 <listitem>
805 <para>
806 ExtCore
807 </para>
808 </listitem>
809 <listitem>
810 <para>
811 Fake
812 </para>
813 </listitem>
814 <listitem>
815 <para>
816 Fantomas
817 </para>
818 </listitem>
819 <listitem>
820 <para>
821 FsCheck
822 </para>
823 </listitem>
824 <listitem>
825 <para>
826 FsCheck262
827 </para>
828 </listitem>
829 <listitem>
830 <para>
831 FsCheckNunit
832 </para>
833 </listitem>
834 <listitem>
835 <para>
836 FSharpAutoComplete
837 </para>
838 </listitem>
839 <listitem>
840 <para>
841 FSharpCompilerCodeDom
842 </para>
843 </listitem>
844 <listitem>
845 <para>
846 FSharpCompilerService
847 </para>
848 </listitem>
849 <listitem>
850 <para>
851 FSharpCompilerTools
852 </para>
853 </listitem>
854 <listitem>
855 <para>
856 FSharpCore302
857 </para>
858 </listitem>
859 <listitem>
860 <para>
861 FSharpCore3125
862 </para>
863 </listitem>
864 <listitem>
865 <para>
866 FSharpCore4001
867 </para>
868 </listitem>
869 <listitem>
870 <para>
871 FSharpCore4117
872 </para>
873 </listitem>
874 <listitem>
875 <para>
876 FSharpData
877 </para>
878 </listitem>
879 <listitem>
880 <para>
881 FSharpData225
882 </para>
883 </listitem>
884 <listitem>
885 <para>
886 FSharpDataSQLProvider
887 </para>
888 </listitem>
889 <listitem>
890 <para>
891 FSharpFormatting
892 </para>
893 </listitem>
894 <listitem>
895 <para>
896 FsLexYacc
897 </para>
898 </listitem>
899 <listitem>
900 <para>
901 FsLexYacc706
902 </para>
903 </listitem>
904 <listitem>
905 <para>
906 FsLexYaccRuntime
907 </para>
908 </listitem>
909 <listitem>
910 <para>
911 FsPickler
912 </para>
913 </listitem>
914 <listitem>
915 <para>
916 FsUnit
917 </para>
918 </listitem>
919 <listitem>
920 <para>
921 Projekt
922 </para>
923 </listitem>
924 <listitem>
925 <para>
926 Suave
927 </para>
928 </listitem>
929 <listitem>
930 <para>
931 UnionArgParser
932 </para>
933 </listitem>
934 <listitem>
935 <para>
936 ExcelDnaRegistration
937 </para>
938 </listitem>
939 <listitem>
940 <para>
941 MathNetNumerics
942 </para>
943 </listitem>
944 </itemizedlist>
945 </listitem>
946 <listitem>
947 <para>
948 <literal>programs.x2goserver</literal> is now
949 <literal>services.x2goserver</literal>
950 </para>
951 </listitem>
952 <listitem>
953 <para>
954 The following dotnet-related packages have been removed for
955 being unmaintaned. Please use <literal>fetchNuGet</literal>
956 for specific packages.
957 </para>
958 <itemizedlist spacing="compact">
959 <listitem>
960 <para>
961 Autofac
962 </para>
963 </listitem>
964 <listitem>
965 <para>
966 SystemValueTuple
967 </para>
968 </listitem>
969 <listitem>
970 <para>
971 MicrosoftDiaSymReader
972 </para>
973 </listitem>
974 <listitem>
975 <para>
976 MicrosoftDiaSymReaderPortablePdb
977 </para>
978 </listitem>
979 <listitem>
980 <para>
981 SystemCollectionsImmutable
982 </para>
983 </listitem>
984 <listitem>
985 <para>
986 SystemCollectionsImmutable131
987 </para>
988 </listitem>
989 <listitem>
990 <para>
991 SystemReflectionMetadata
992 </para>
993 </listitem>
994 <listitem>
995 <para>
996 NUnit350
997 </para>
998 </listitem>
999 <listitem>
1000 <para>
1001 Deedle
1002 </para>
1003 </listitem>
1004 <listitem>
1005 <para>
1006 ExcelDna
1007 </para>
1008 </listitem>
1009 <listitem>
1010 <para>
1011 GitVersionTree
1012 </para>
1013 </listitem>
1014 <listitem>
1015 <para>
1016 NDeskOptions
1017 </para>
1018 </listitem>
1019 </itemizedlist>
1020 </listitem>
1021 </itemizedlist>
1022 <itemizedlist>
1023 <listitem>
1024 <para>
1025 The <literal>antlr</literal> package now defaults to the 4.x
1026 release instead of the old 2.7.7 version.
1027 </para>
1028 </listitem>
1029 <listitem>
1030 <para>
1031 The <literal>pulseeffects</literal> package updated to
1032 <link xlink:href="https://github.com/wwmm/easyeffects/releases/tag/v6.0.0">version
1033 4.x</link> and renamed to <literal>easyeffects</literal>.
1034 </para>
1035 </listitem>
1036 <listitem>
1037 <para>
1038 The <literal>libwnck</literal> package now defaults to the 3.x
1039 release instead of the old 2.31.0 version.
1040 </para>
1041 </listitem>
1042 <listitem>
1043 <para>
1044 The <literal>bitwarden_rs</literal> packages and modules were
1045 renamed to <literal>vaultwarden</literal>
1046 <link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
1047 upstream</link>. More specifically,
1048 </para>
1049 <itemizedlist>
1050 <listitem>
1051 <para>
1052 <literal>pkgs.bitwarden_rs</literal>,
1053 <literal>pkgs.bitwarden_rs-sqlite</literal>,
1054 <literal>pkgs.bitwarden_rs-mysql</literal> and
1055 <literal>pkgs.bitwarden_rs-postgresql</literal> were
1056 renamed to <literal>pkgs.vaultwarden</literal>,
1057 <literal>pkgs.vaultwarden-sqlite</literal>,
1058 <literal>pkgs.vaultwarden-mysql</literal> and
1059 <literal>pkgs.vaultwarden-postgresql</literal>,
1060 respectively.
1061 </para>
1062 <itemizedlist spacing="compact">
1063 <listitem>
1064 <para>
1065 Old names are preserved as aliases for backwards
1066 compatibility, but may be removed in the future.
1067 </para>
1068 </listitem>
1069 <listitem>
1070 <para>
1071 The <literal>bitwarden_rs</literal> executable was
1072 also renamed to <literal>vaultwarden</literal> in all
1073 packages.
1074 </para>
1075 </listitem>
1076 </itemizedlist>
1077 </listitem>
1078 <listitem>
1079 <para>
1080 <literal>pkgs.bitwarden_rs-vault</literal> was renamed to
1081 <literal>pkgs.vaultwarden-vault</literal>.
1082 </para>
1083 <itemizedlist spacing="compact">
1084 <listitem>
1085 <para>
1086 <literal>pkgs.bitwarden_rs-vault</literal> is
1087 preserved as an alias for backwards compatibility, but
1088 may be removed in the future.
1089 </para>
1090 </listitem>
1091 <listitem>
1092 <para>
1093 The static files were moved from
1094 <literal>/usr/share/bitwarden_rs</literal> to
1095 <literal>/usr/share/vaultwarden</literal>.
1096 </para>
1097 </listitem>
1098 </itemizedlist>
1099 </listitem>
1100 <listitem>
1101 <para>
1102 The <literal>services.bitwarden_rs</literal> config module
1103 was renamed to <literal>services.vaultwarden</literal>.
1104 </para>
1105 <itemizedlist spacing="compact">
1106 <listitem>
1107 <para>
1108 <literal>services.bitwarden_rs</literal> is preserved
1109 as an alias for backwards compatibility, but may be
1110 removed in the future.
1111 </para>
1112 </listitem>
1113 </itemizedlist>
1114 </listitem>
1115 <listitem>
1116 <para>
1117 <literal>systemd.services.bitwarden_rs</literal>,
1118 <literal>systemd.services.backup-bitwarden_rs</literal>
1119 and <literal>systemd.timers.backup-bitwarden_rs</literal>
1120 were renamed to
1121 <literal>systemd.services.vaultwarden</literal>,
1122 <literal>systemd.services.backup-vaultwarden</literal> and
1123 <literal>systemd.timers.backup-vaultwarden</literal>,
1124 respectively.
1125 </para>
1126 <itemizedlist spacing="compact">
1127 <listitem>
1128 <para>
1129 Old names are preserved as aliases for backwards
1130 compatibility, but may be removed in the future.
1131 </para>
1132 </listitem>
1133 </itemizedlist>
1134 </listitem>
1135 <listitem>
1136 <para>
1137 <literal>users.users.bitwarden_rs</literal> and
1138 <literal>users.groups.bitwarden_rs</literal> were renamed
1139 to <literal>users.users.vaultwarden</literal> and
1140 <literal>users.groups.vaultwarden</literal>, respectively.
1141 </para>
1142 </listitem>
1143 <listitem>
1144 <para>
1145 The data directory remains located at
1146 <literal>/var/lib/bitwarden_rs</literal>, for backwards
1147 compatibility.
1148 </para>
1149 </listitem>
1150 </itemizedlist>
1151 </listitem>
1152 </itemizedlist>
1153 <itemizedlist>
1154 <listitem>
1155 <para>
1156 <literal>yggdrasil</literal> was upgraded to a new major
1157 release with breaking changes, see
1158 <link xlink:href="https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0">upstream
1159 changelog</link>.
1160 </para>
1161 </listitem>
1162 <listitem>
1163 <para>
1164 <literal>icingaweb2</literal> was upgraded to a new release
1165 which requires a manual database upgrade, see
1166 <link xlink:href="https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0">upstream
1167 changelog</link>.
1168 </para>
1169 </listitem>
1170 <listitem>
1171 <para>
1172 The <literal>isabelle</literal> package has been upgraded from
1173 2020 to 2021
1174 </para>
1175 </listitem>
1176 <listitem>
1177 <para>
1178 the <literal>mingw-64</literal> package has been upgraded from
1179 6.0.0 to 9.0.0
1180 </para>
1181 </listitem>
1182 <listitem>
1183 <para>
1184 <literal>tt-rss</literal> was upgraded to the commit on
1185 2021-06-21, which has breaking changes. If you use
1186 <literal>services.tt-rss.extraConfig</literal> you should
1187 migrate to the <literal>putenv</literal>-style configuration.
1188 See
1189 <link xlink:href="https://community.tt-rss.org/t/rip-config-php-hello-classes-config-php/4337">this
1190 Discourse post</link> in the tt-rss forums for more details.
1191 </para>
1192 </listitem>
1193 <listitem>
1194 <para>
1195 The following Visual Studio Code extensions were renamed to
1196 keep the naming convention uniform.
1197 </para>
1198 <itemizedlist spacing="compact">
1199 <listitem>
1200 <para>
1201 <literal>bbenoist.Nix</literal> ->
1202 <literal>bbenoist.nix</literal>
1203 </para>
1204 </listitem>
1205 <listitem>
1206 <para>
1207 <literal>CoenraadS.bracket-pair-colorizer</literal> ->
1208 <literal>coenraads.bracket-pair-colorizer</literal>
1209 </para>
1210 </listitem>
1211 <listitem>
1212 <para>
1213 <literal>golang.Go</literal> ->
1214 <literal>golang.go</literal>
1215 </para>
1216 </listitem>
1217 </itemizedlist>
1218 </listitem>
1219 <listitem>
1220 <para>
1221 <literal>services.uptimed</literal> now uses
1222 <literal>/var/lib/uptimed</literal> as its stateDirectory
1223 instead of <literal>/var/spool/uptimed</literal>. Make sure to
1224 move all files to the new directory.
1225 </para>
1226 </listitem>
1227 <listitem>
1228 <para>
1229 Deprecated package aliases in <literal>emacs.pkgs.*</literal>
1230 have been removed. These aliases were remnants of the old
1231 Emacs package infrastructure. We now use exact upstream names
1232 wherever possible.
1233 </para>
1234 </listitem>
1235 <listitem>
1236 <para>
1237 <literal>programs.neovim.runtime</literal> switched to a
1238 <literal>linkFarm</literal> internally, making it impossible
1239 to use wildcards in the <literal>source</literal> argument.
1240 </para>
1241 </listitem>
1242 <listitem>
1243 <para>
1244 The <literal>openrazer</literal> and
1245 <literal>openrazer-daemon</literal> packages as well as the
1246 <literal>hardware.openrazer</literal> module now require users
1247 to be members of the <literal>openrazer</literal> group
1248 instead of <literal>plugdev</literal>. With this change, users
1249 no longer need be granted the entire set of
1250 <literal>plugdev</literal> group permissions, which can
1251 include permissions other than those required by
1252 <literal>openrazer</literal>. This is desirable from a
1253 security point of view. The setting
1254 <link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
1255 can be used to add users to the <literal>openrazer</literal>
1256 group.
1257 </para>
1258 </listitem>
1259 <listitem>
1260 <para>
1261 The fontconfig service’s dpi option has been removed.
1262 Fontconfig should use Xft settings by default so there’s no
1263 need to override one value in multiple places. The user can
1264 set DPI via ~/.Xresources properly, or at the system level per
1265 monitor, or as a last resort at the system level with
1266 <literal>services.xserver.dpi</literal>.
1267 </para>
1268 </listitem>
1269 <listitem>
1270 <para>
1271 The <literal>yambar</literal> package has been split into
1272 <literal>yambar</literal> and
1273 <literal>yambar-wayland</literal>, corresponding to the xorg
1274 and wayland backend respectively. Please switch to
1275 <literal>yambar-wayland</literal> if you are on wayland.
1276 </para>
1277 </listitem>
1278 <listitem>
1279 <para>
1280 The <literal>services.minio</literal> module gained an
1281 additional option <literal>consoleAddress</literal>, that
1282 configures the address and port the web UI is listening, it
1283 defaults to <literal>:9001</literal>. To be able to access the
1284 web UI this port needs to be opened in the firewall.
1285 </para>
1286 </listitem>
1287 <listitem>
1288 <para>
1289 The <literal>varnish</literal> package was upgraded from 6.3.x
1290 to 7.x. <literal>varnish60</literal> for the last LTS release
1291 is also still available.
1292 </para>
1293 </listitem>
1294 <listitem>
1295 <para>
1296 The <literal>kubernetes</literal> package was upgraded to
1297 1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal>
1298 option was removed and HTTPS is always used.
1299 </para>
1300 </listitem>
1301 <listitem>
1302 <para>
1303 The attribute <literal>linuxPackages_latest_hardened</literal>
1304 was dropped because the hardened patches lag behind the
1305 upstream kernel which made version bumps harder. If you want
1306 to use a hardened kernel, please pin it explicitly with a
1307 versioned attribute such as
1308 <literal>linuxPackages_5_10_hardened</literal>.
1309 </para>
1310 </listitem>
1311 <listitem>
1312 <para>
1313 The <literal>nomad</literal> package now defaults to a 1.1.x
1314 release instead of 1.0.x
1315 </para>
1316 </listitem>
1317 <listitem>
1318 <para>
1319 If <literal>exfat</literal> is included in
1320 <literal>boot.supportedFilesystems</literal> and when using
1321 kernel 5.7 or later, the <literal>exfatprogs</literal>
1322 user-space utilities are used instead of
1323 <literal>exfat</literal>.
1324 </para>
1325 </listitem>
1326 <listitem>
1327 <para>
1328 The <literal>todoman</literal> package was upgraded from 3.9.0
1329 to 4.0.0. This introduces breaking changes in the
1330 <link xlink:href="https://todoman.readthedocs.io/en/stable/configure.html#configuration-file">configuration
1331 file</link> format.
1332 </para>
1333 </listitem>
1334 <listitem>
1335 <para>
1336 The <literal>datadog-agent</literal>,
1337 <literal>datadog-integrations-core</literal> and
1338 <literal>datadog-process-agent</literal> packages were
1339 upgraded from 6.11.2 to 7.30.2, git-2018-09-18 to 7.30.1 and
1340 6.11.1 to 7.30.2, respectively. As a result
1341 <literal>services.datadog-agent</literal> has had breaking
1342 changes to the configuration file. For details, see the
1343 <link xlink:href="https://github.com/DataDog/datadog-agent/blob/main/CHANGELOG.rst">upstream
1344 changelog</link>.
1345 </para>
1346 </listitem>
1347 <listitem>
1348 <para>
1349 <literal>opencv2</literal> no longer includes the non-free
1350 libraries by default, and consequently
1351 <literal>pfstools</literal> no longer includes OpenCV support
1352 by default. Both packages now support an
1353 <literal>enableUnfree</literal> option to re-enable this
1354 functionality.
1355 </para>
1356 </listitem>
1357 <listitem>
1358 <para>
1359 <literal>services.xserver.displayManager.defaultSession = "plasma5"</literal>
1360 does not work anymore, instead use either
1361 <literal>"plasma"</literal> for the Plasma X11
1362 session or <literal>"plasmawayland"</literal> for
1363 the Plasma Wayland sesison.
1364 </para>
1365 </listitem>
1366 <listitem>
1367 <para>
1368 <literal>boot.kernelParams</literal> now only accepts one
1369 command line parameter per string. This change is aimed to
1370 reduce common mistakes like <quote>param = 12</quote>, which
1371 would be parsed as 3 parameters.
1372 </para>
1373 </listitem>
1374 <listitem>
1375 <para>
1376 <literal>nix.daemonNiceLevel</literal> and
1377 <literal>nix.daemonIONiceLevel</literal> have been removed in
1378 favour of the new options
1379 <link xlink:href="options.html#opt-nix.daemonCPUSchedPolicy"><literal>nix.daemonCPUSchedPolicy</literal></link>,
1380 <link xlink:href="options.html#opt-nix.daemonIOSchedClass"><literal>nix.daemonIOSchedClass</literal></link>
1381 and
1382 <link xlink:href="options.html#opt-nix.daemonIOSchedPriority"><literal>nix.daemonIOSchedPriority</literal></link>.
1383 Please refer to the options documentation and the
1384 <literal>sched(7)</literal> and
1385 <literal>ioprio_set(2)</literal> man pages for guidance on how
1386 to use them.
1387 </para>
1388 </listitem>
1389 <listitem>
1390 <para>
1391 The <literal>coursier</literal> package’s binary was renamed
1392 from <literal>coursier</literal> to <literal>cs</literal>.
1393 Completions which haven’t worked for a while should now work
1394 with the renamed binary. To keep using
1395 <literal>coursier</literal>, you can create a shell alias.
1396 </para>
1397 </listitem>
1398 <listitem>
1399 <para>
1400 The <literal>services.mosquitto</literal> module has been
1401 rewritten to support multiple listeners and per-listener
1402 configuration. Module configurations from previous releases
1403 will no longer work and must be updated.
1404 </para>
1405 </listitem>
1406 <listitem>
1407 <para>
1408 The <literal>fluidsynth_1</literal> attribute has been
1409 removed, as this legacy version is no longer needed in
1410 nixpkgs. The actively maintained 2.x series is available as
1411 <literal>fluidsynth</literal> unchanged.
1412 </para>
1413 </listitem>
1414 <listitem>
1415 <para>
1416 Nextcloud 20 (<literal>pkgs.nextcloud20</literal>) has been
1417 dropped because it was EOLed by upstream in 2021-10.
1418 </para>
1419 </listitem>
1420 <listitem>
1421 <para>
1422 The <literal>virtualisation.pathsInNixDB</literal> option was
1423 renamed
1424 <link xlink:href="options.html#opt-virtualisation.additionalPaths"><literal>virtualisation.additionalPaths</literal></link>.
1425 </para>
1426 </listitem>
1427 <listitem>
1428 <para>
1429 The <literal>services.ddclient.password</literal> option was
1430 removed, and replaced with
1431 <literal>services.ddclient.passwordFile</literal>.
1432 </para>
1433 </listitem>
1434 <listitem>
1435 <para>
1436 The default GNAT version has been changed: The
1437 <literal>gnat</literal> attribute now points to
1438 <literal>gnat11</literal> instead of <literal>gnat9</literal>.
1439 </para>
1440 </listitem>
1441 <listitem>
1442 <para>
1443 <literal>retroArchCores</literal> has been removed. This means
1444 that using <literal>nixpkgs.config.retroarch</literal> to
1445 customize RetroArch cores is not supported anymore. Instead,
1446 use package overrides, for example:
1447 <literal>retroarch.override { cores = with libretro; [ citra snes9x ]; };</literal>.
1448 Also, <literal>retroarchFull</literal> derivation is available
1449 for those who want to have all RetroArch cores available.
1450 </para>
1451 </listitem>
1452 <listitem>
1453 <para>
1454 The Linux kernel for security reasons now restricts access to
1455 BPF syscalls via <literal>BPF_UNPRIV_DEFAULT_OFF=y</literal>.
1456 Unprivileged access can be reenabled via the
1457 <literal>kernel.unprivileged_bpf_disabled</literal> sysctl
1458 knob.
1459 </para>
1460 </listitem>
1461 <listitem>
1462 <para>
1463 <literal>/usr</literal> will always be included in the initial
1464 ramdisk. See the
1465 <literal>fileSystems.<name>.neededForBoot</literal>
1466 option. If any files exist under <literal>/usr</literal>
1467 (which is not typical for NixOS), they will be included in the
1468 initial ramdisk, increasing its size to a possibly problematic
1469 extent.
1470 </para>
1471 </listitem>
1472 <listitem>
1473 <para>
1474 <literal>pkgs.haskell-language-server</literal> will now by
1475 default be linked dynamically to improve TemplateHaskell
1476 compatibility. To mitigate the increased closure size it will
1477 now by default only support our current default ghc (at the
1478 moment 9.0.2). Add other ghc versions via e.g.
1479 <literal>pkgs.haskell-language-server.override { supportedGhcVersions = [ "90" "92" ]; }</literal>.
1480 </para>
1481 </listitem>
1482 </itemizedlist>
1483 </section>
1484 <section xml:id="sec-release-21.11-notable-changes">
1485 <title>Other Notable Changes</title>
1486 <itemizedlist>
1487 <listitem>
1488 <para>
1489 The linux kernel package infrastructure was moved out of
1490 <literal>all-packages.nix</literal>, and restructured. Linux
1491 related functions and attributes now live under the
1492 <literal>pkgs.linuxKernel</literal> attribute set. In
1493 particular the versioned <literal>linuxPackages_*</literal>
1494 package sets (such as <literal>linuxPackages_5_4</literal>)
1495 and kernels from <literal>pkgs</literal> were moved there and
1496 now live under <literal>pkgs.linuxKernel.packages.*</literal>.
1497 The unversioned ones (such as
1498 <literal>linuxPackages_latest</literal>) remain untouched.
1499 </para>
1500 </listitem>
1501 <listitem>
1502 <para>
1503 In NixOS virtual machines (QEMU), the
1504 <literal>virtualisation</literal> module has been updated with
1505 new options:
1506 </para>
1507 <itemizedlist spacing="compact">
1508 <listitem>
1509 <para>
1510 <link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>forwardPorts</literal></link>
1511 to configure IPv4 port forwarding,
1512 </para>
1513 </listitem>
1514 <listitem>
1515 <para>
1516 <link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>sharedDirectories</literal></link>
1517 to set up shared host directories,
1518 </para>
1519 </listitem>
1520 <listitem>
1521 <para>
1522 <link xlink:href="options.html#opt-virtualisation.resolution"><literal>resolution</literal></link>
1523 to set the screen resolution,
1524 </para>
1525 </listitem>
1526 <listitem>
1527 <para>
1528 <link xlink:href="options.html#opt-virtualisation.useNixStoreImage"><literal>useNixStoreImage</literal></link>
1529 to use a disk image for the Nix store instead of 9P.
1530 </para>
1531 </listitem>
1532 </itemizedlist>
1533 <para>
1534 In addition, the default
1535 <link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link>
1536 parameter in 9P filesystems (including /nix/store and all
1537 shared directories) has been increased to 16K for improved
1538 performance.
1539 </para>
1540 </listitem>
1541 <listitem>
1542 <para>
1543 The setting
1544 <link xlink:href="options.html#opt-services.openssh.logLevel"><literal>services.openssh.logLevel</literal></link>
1545 <literal>"VERBOSE"</literal>
1546 <literal>"INFO"</literal>. This brings NixOS in line
1547 with upstream and other Linux distributions, and reduces log
1548 spam on servers due to bruteforcing botnets.
1549 </para>
1550 <para>
1551 However, if
1552 <link xlink:href="options.html#opt-services.fail2ban.enable"><literal>services.fail2ban.enable</literal></link>
1553 is <literal>true</literal>, the <literal>fail2ban</literal>
1554 will override the verbosity to
1555 <literal>"VERBOSE"</literal>, so that
1556 <literal>fail2ban</literal> can observe the failed login
1557 attempts from the SSH logs.
1558 </para>
1559 </listitem>
1560 <listitem>
1561 <para>
1562 The
1563 <link xlink:href="options.html#opt-services.xserver.extraLayouts"><literal>services.xserver.extraLayouts</literal></link>
1564 no longer cause additional rebuilds when a layout is added or
1565 modified.
1566 </para>
1567 </listitem>
1568 <listitem>
1569 <para>
1570 Sway: The terminal emulator <literal>rxvt-unicode</literal> is
1571 no longer installed by default via
1572 <literal>programs.sway.extraPackages</literal>. The current
1573 default configuration uses <literal>alacritty</literal> (and
1574 soon <literal>foot</literal>) so this is only an issue when
1575 using a customized configuration and not installing
1576 <literal>rxvt-unicode</literal> explicitly.
1577 </para>
1578 </listitem>
1579 <listitem>
1580 <para>
1581 <literal>python3</literal> now defaults to Python 3.9. Python
1582 3.9 introduces many deprecation warnings, please look at the
1583 <link xlink:href="https://docs.python.org/3/whatsnew/3.9.html">What’s
1584 New In Python 3.9 post</link> for more information.
1585 </para>
1586 </listitem>
1587 <listitem>
1588 <para>
1589 <literal>qtile</literal> hase been updated from
1590 <quote>0.16.0</quote> to <quote>0.18.0</quote>, please check
1591 <link xlink:href="https://github.com/qtile/qtile/blob/master/CHANGELOG">qtile
1592 changelog</link> for changes.
1593 </para>
1594 </listitem>
1595 <listitem>
1596 <para>
1597 The <literal>claws-mail</literal> package now references the
1598 new GTK+ 3 release branch, major version 4. To use the GTK+ 2
1599 releases, one can install the
1600 <literal>claws-mail-gtk2</literal> package.
1601 </para>
1602 </listitem>
1603 <listitem>
1604 <para>
1605 The wordpress module provides a new interface which allows to
1606 use different webservers with the new option
1607 <link xlink:href="options.html#opt-services.wordpress.webserver"><literal>services.wordpress.webserver</literal></link>.
1608 Currently <literal>httpd</literal>, <literal>caddy</literal>
1609 and <literal>nginx</literal> are supported. The definitions of
1610 wordpress sites should now be set in
1611 <link xlink:href="options.html#opt-services.wordpress.sites"><literal>services.wordpress.sites</literal></link>.
1612 </para>
1613 <para>
1614 Sites definitions that use the old interface are automatically
1615 migrated in the new option. This backward compatibility will
1616 be removed in 22.05.
1617 </para>
1618 </listitem>
1619 <listitem>
1620 <para>
1621 The dokuwiki module provides a new interface which allows to
1622 use different webservers with the new option
1623 <link xlink:href="options.html#opt-services.dokuwiki.webserver"><literal>services.dokuwiki.webserver</literal></link>.
1624 Currently <literal>caddy</literal> and
1625 <literal>nginx</literal> are supported. The definitions of
1626 dokuwiki sites should now be set in
1627 <link xlink:href="options.html#opt-services.dokuwiki.sites"><literal>services.dokuwiki.sites</literal></link>.
1628 </para>
1629 <para>
1630 Sites definitions that use the old interface are automatically
1631 migrated in the new option. This backward compatibility will
1632 be removed in 22.05.
1633 </para>
1634 </listitem>
1635 <listitem>
1636 <para>
1637 The order of NSS (host) modules has been brought in line with
1638 upstream recommendations:
1639 </para>
1640 <itemizedlist spacing="compact">
1641 <listitem>
1642 <para>
1643 The <literal>myhostname</literal> module is placed before
1644 the <literal>resolve</literal> (optional) and
1645 <literal>dns</literal> entries, but after
1646 <literal>file</literal> (to allow overriding via
1647 <literal>/etc/hosts</literal> /
1648 <literal>networking.extraHosts</literal>, and prevent ISPs
1649 with catchall-DNS resolvers from hijacking
1650 <literal>.localhost</literal> domains)
1651 </para>
1652 </listitem>
1653 <listitem>
1654 <para>
1655 The <literal>mymachines</literal> module, which provides
1656 hostname resolution for local containers (registered with
1657 <literal>systemd-machined</literal>) is placed to the
1658 front, to make sure its mappings are preferred over other
1659 resolvers.
1660 </para>
1661 </listitem>
1662 <listitem>
1663 <para>
1664 If systemd-networkd is enabled, the
1665 <literal>resolve</literal> module is placed before
1666 <literal>files</literal> and
1667 <literal>myhostname</literal>, as it provides the same
1668 logic internally, with caching.
1669 </para>
1670 </listitem>
1671 <listitem>
1672 <para>
1673 The <literal>mdns(_minimal)</literal> module has been
1674 updated to the new priorities.
1675 </para>
1676 </listitem>
1677 </itemizedlist>
1678 <para>
1679 If you use your own NSS host modules, make sure to update your
1680 priorities according to these rules:
1681 </para>
1682 <itemizedlist spacing="compact">
1683 <listitem>
1684 <para>
1685 NSS modules which should be queried before
1686 <literal>resolved</literal> DNS resolution should use
1687 mkBefore.
1688 </para>
1689 </listitem>
1690 <listitem>
1691 <para>
1692 NSS modules which should be queried after
1693 <literal>resolved</literal>, <literal>files</literal> and
1694 <literal>myhostname</literal>, but before
1695 <literal>dns</literal> should use the default priority
1696 </para>
1697 </listitem>
1698 <listitem>
1699 <para>
1700 NSS modules which should come after <literal>dns</literal>
1701 should use mkAfter.
1702 </para>
1703 </listitem>
1704 </itemizedlist>
1705 </listitem>
1706 <listitem>
1707 <para>
1708 The
1709 <link xlink:href="options.html#opt-networking.wireless.enable">networking.wireless</link>
1710 module (based on wpa_supplicant) has been heavily reworked,
1711 solving a number of issues and adding useful features:
1712 </para>
1713 <itemizedlist spacing="compact">
1714 <listitem>
1715 <para>
1716 The automatic discovery of wireless interfaces at boot has
1717 been made reliable again (issues
1718 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/101963">#101963</link>,
1719 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/23196">#23196</link>).
1720 </para>
1721 </listitem>
1722 <listitem>
1723 <para>
1724 WPA3 and Fast BSS Transition (802.11r) are now enabled by
1725 default for all networks.
1726 </para>
1727 </listitem>
1728 <listitem>
1729 <para>
1730 Secrets like pre-shared keys and passwords can now be
1731 handled safely, meaning without including them in a
1732 world-readable file
1733 (<literal>wpa_supplicant.conf</literal> under /nix/store).
1734 This is achieved by storing the secrets in a secured
1735 <link xlink:href="options.html#opt-networking.wireless.environmentFile">environmentFile</link>
1736 and referring to them though environment variables that
1737 are expanded inside the configuration.
1738 </para>
1739 </listitem>
1740 <listitem>
1741 <para>
1742 With multiple interfaces declared, independent
1743 wpa_supplicant daemons are started, one for each interface
1744 (the services are named
1745 <literal>wpa_supplicant-wlan0</literal>,
1746 <literal>wpa_supplicant-wlan1</literal>, etc.).
1747 </para>
1748 </listitem>
1749 <listitem>
1750 <para>
1751 The generated <literal>wpa_supplicant.conf</literal> file
1752 is now formatted for easier reading.
1753 </para>
1754 </listitem>
1755 <listitem>
1756 <para>
1757 A new
1758 <link xlink:href="options.html#opt-networking.wireless.scanOnLowSignal">scanOnLowSignal</link>
1759 option has been added to facilitate fast roaming between
1760 access points (enabled by default).
1761 </para>
1762 </listitem>
1763 <listitem>
1764 <para>
1765 A new
1766 <link xlink:href="options.html#opt-networking.wireless.networks._name_.authProtocols">networks.<name>.authProtocols</link>
1767 option has been added to change the authentication
1768 protocols used when connecting to a network.
1769 </para>
1770 </listitem>
1771 </itemizedlist>
1772 </listitem>
1773 <listitem>
1774 <para>
1775 The
1776 <link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link>
1777 module has a new
1778 <link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link>
1779 option.
1780 </para>
1781 </listitem>
1782 <listitem>
1783 <para>
1784 The
1785 <link xlink:href="options.html#opt-services.smokeping.host">services.smokeping.host</link>
1786 option was added and defaulted to
1787 <literal>localhost</literal>. Before,
1788 <literal>smokeping</literal> listened to all interfaces by
1789 default. NixOS defaults generally aim to provide
1790 non-Internet-exposed defaults for databases and internal
1791 monitoring tools, see e.g.
1792 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/100192">#100192</link>.
1793 Further, the systemd service for <literal>smokeping</literal>
1794 got reworked defaults for increased operational stability, see
1795 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/144127">PR
1796 #144127</link> for details.
1797 </para>
1798 </listitem>
1799 <listitem>
1800 <para>
1801 The
1802 <link xlink:href="options.html#opt-services.syncoid.enable">services.syncoid.enable</link>
1803 module now properly drops ZFS permissions after usage. Before
1804 it delegated permissions to whole pools instead of datasets
1805 and didn’t clean up after execution. You can manually look
1806 this up for your pools by running
1807 <literal>zfs allow your-pool-name</literal> and use
1808 <literal>zfs unallow syncoid your-pool-name</literal> to clean
1809 this up.
1810 </para>
1811 </listitem>
1812 <listitem>
1813 <para>
1814 Zfs: <literal>latestCompatibleLinuxPackages</literal> is now
1815 exported on the zfs package. One can use
1816 <literal>boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;</literal>
1817 to always track the latest compatible kernel with a given
1818 version of zfs.
1819 </para>
1820 </listitem>
1821 <listitem>
1822 <para>
1823 Nginx will use the value of
1824 <literal>sslTrustedCertificate</literal> if provided for a
1825 virtual host, even if <literal>enableACME</literal> is set.
1826 This is useful for providers not using the same certificate to
1827 sign OCSP responses and server certificates.
1828 </para>
1829 </listitem>
1830 <listitem>
1831 <para>
1832 <literal>lib.formats.yaml</literal>’s
1833 <literal>generate</literal> will not generate JSON anymore,
1834 but instead use more of the YAML-specific syntax.
1835 </para>
1836 </listitem>
1837 <listitem>
1838 <para>
1839 MariaDB was upgraded from 10.5.x to 10.6.x. Please read the
1840 <link xlink:href="https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/">upstream
1841 release notes</link> for changes and upgrade instructions.
1842 </para>
1843 </listitem>
1844 <listitem>
1845 <para>
1846 The MariaDB C client library, also known as libmysqlclient or
1847 mariadb-connector-c, was upgraded from 3.1.x to 3.2.x. While
1848 this should hopefully not have any impact, this upgrade comes
1849 with some changes to default behavior, so you might want to
1850 review the
1851 <link xlink:href="https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/">upstream
1852 release notes</link>.
1853 </para>
1854 </listitem>
1855 <listitem>
1856 <para>
1857 GNOME desktop environment now enables
1858 <literal>QGnomePlatform</literal> as the Qt platform theme,
1859 which should avoid crashes when opening file chooser dialogs
1860 in Qt apps by using XDG desktop portal. Additionally, it will
1861 make the apps fit better visually.
1862 </para>
1863 </listitem>
1864 <listitem>
1865 <para>
1866 <literal>rofi</literal> has been updated from
1867 <quote>1.6.1</quote> to <quote>1.7.0</quote>, one important
1868 thing is the removal of the old xresources based configuration
1869 setup. Read more
1870 <link xlink:href="https://github.com/davatorium/rofi/blob/cb12e6fc058f4a0f4f/Changelog#L1">in
1871 rofi’s changelog</link>.
1872 </para>
1873 </listitem>
1874 <listitem>
1875 <para>
1876 ipfs now defaults to not listening on you local network. This
1877 setting was change as server providers won’t accept port
1878 scanning on their private network. If you have several ipfs
1879 instances running on a network you own, feel free to change
1880 the setting <literal>ipfs.localDiscovery = true;</literal>.
1881 localDiscovery enables different instances to discover each
1882 other and share data.
1883 </para>
1884 </listitem>
1885 <listitem>
1886 <para>
1887 <literal>lua</literal> and <literal>luajit</literal>
1888 interpreters have been patched to avoid looking into /usr/lib
1889 directories, thus increasing the purity of the build.
1890 </para>
1891 </listitem>
1892 <listitem>
1893 <para>
1894 Three new options,
1895 <link linkend="opt-xdg.mime.addedAssociations">xdg.mime.addedAssociations</link>,
1896 <link linkend="opt-xdg.mime.defaultApplications">xdg.mime.defaultApplications</link>,
1897 and
1898 <link linkend="opt-xdg.mime.removedAssociations">xdg.mime.removedAssociations</link>
1899 have been added to the
1900 <link linkend="opt-xdg.mime.enable">xdg.mime</link> module to
1901 allow the configuration of
1902 <literal>/etc/xdg/mimeapps.list</literal>.
1903 </para>
1904 </listitem>
1905 <listitem>
1906 <para>
1907 Kopia was upgraded from 0.8.x to 0.9.x. Please read the
1908 <link xlink:href="https://github.com/kopia/kopia/releases/tag/v0.9.0">upstream
1909 release notes</link> for changes and upgrade instructions.
1910 </para>
1911 </listitem>
1912 <listitem>
1913 <para>
1914 The <literal>systemd.network</literal> module has gained
1915 support for the FooOverUDP link type.
1916 </para>
1917 </listitem>
1918 <listitem>
1919 <para>
1920 The <literal>networking</literal> module has a new
1921 <literal>networking.fooOverUDP</literal> option to configure
1922 Foo-over-UDP encapsulations.
1923 </para>
1924 </listitem>
1925 <listitem>
1926 <para>
1927 <literal>networking.sits</literal> now supports Foo-over-UDP
1928 encapsulation.
1929 </para>
1930 </listitem>
1931 <listitem>
1932 <para>
1933 The <literal>virtualisation.libvirtd</literal> module has been
1934 refactored and updated with new options:
1935 </para>
1936 <itemizedlist spacing="compact">
1937 <listitem>
1938 <para>
1939 <literal>virtualisation.libvirtd.qemu*</literal> options
1940 (e.g.:
1941 <literal>virtualisation.libvirtd.qemuRunAsRoot</literal>)
1942 were moved to
1943 <link xlink:href="options.html#opt-virtualisation.libvirtd.qemu"><literal>virtualisation.libvirtd.qemu</literal></link>
1944 submodule,
1945 </para>
1946 </listitem>
1947 <listitem>
1948 <para>
1949 software TPM1/TPM2 support (e.g.: Windows 11 guests)
1950 (<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.swtpm"><literal>virtualisation.libvirtd.qemu.swtpm</literal></link>),
1951 </para>
1952 </listitem>
1953 <listitem>
1954 <para>
1955 custom OVMF package (e.g.:
1956 <literal>pkgs.OVMFFull</literal> with HTTP, CSM and Secure
1957 Boot support)
1958 (<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.ovmf.package"><literal>virtualisation.libvirtd.qemu.ovmf.package</literal></link>).
1959 </para>
1960 </listitem>
1961 </itemizedlist>
1962 </listitem>
1963 <listitem>
1964 <para>
1965 The <literal>cawbird</literal> Twitter client now uses its own
1966 API keys to count as different application than upstream
1967 builds. This is done to evade application-level rate limiting.
1968 While existing accounts continue to work, users may want to
1969 remove and re-register their account in the client to enjoy a
1970 better user experience and benefit from this change.
1971 </para>
1972 </listitem>
1973 <listitem>
1974 <para>
1975 A new option
1976 <literal>services.prometheus.enableReload</literal> has been
1977 added which can be enabled to reload the prometheus service
1978 when its config file changes instead of restarting.
1979 </para>
1980 </listitem>
1981 <listitem>
1982 <para>
1983 The option
1984 <literal>services.prometheus.environmentFile</literal> has
1985 been removed since it was causing
1986 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/126083">issues</link>
1987 and Prometheus now has native support for secret files, i.e.
1988 <literal>basic_auth.password_file</literal> and
1989 <literal>authorization.credentials_file</literal>.
1990 </para>
1991 </listitem>
1992 <listitem>
1993 <para>
1994 Dokuwiki now supports caddy! However
1995 </para>
1996 <itemizedlist spacing="compact">
1997 <listitem>
1998 <para>
1999 the nginx option has been removed, in the new
2000 configuration, please use the
2001 <literal>dokuwiki.webserver = "nginx"</literal>
2002 instead.
2003 </para>
2004 </listitem>
2005 <listitem>
2006 <para>
2007 The <quote>${hostname}</quote> option has been deprecated,
2008 please use
2009 <literal>dokuwiki.sites = [ "${hostname}" ]</literal>
2010 instead
2011 </para>
2012 </listitem>
2013 </itemizedlist>
2014 </listitem>
2015 <listitem>
2016 <para>
2017 The
2018 <link xlink:href="options.html#opt-services.unifi.enable">services.unifi</link>
2019 module has been reworked, solving a number of issues. This
2020 leads to several user facing changes:
2021 </para>
2022 <itemizedlist spacing="compact">
2023 <listitem>
2024 <para>
2025 The <literal>services.unifi.dataDir</literal> option is
2026 removed and the data is now always located under
2027 <literal>/var/lib/unifi/data</literal>. This is done to
2028 make better use of systemd state direcotiry and thus
2029 making the service restart more reliable.
2030 </para>
2031 </listitem>
2032 <listitem>
2033 <para>
2034 The unifi logs can now be found under:
2035 <literal>/var/log/unifi</literal> instead of
2036 <literal>/var/lib/unifi/logs</literal>.
2037 </para>
2038 </listitem>
2039 <listitem>
2040 <para>
2041 The unifi run directory can now be found under:
2042 <literal>/run/unifi</literal> instead of
2043 <literal>/var/lib/unifi/run</literal>.
2044 </para>
2045 </listitem>
2046 </itemizedlist>
2047 </listitem>
2048 <listitem>
2049 <para>
2050 <literal>security.pam.services.<name>.makeHomeDir</literal>
2051 now uses <literal>umask=0077</literal> instead of
2052 <literal>umask=0022</literal> when creating the home
2053 directory.
2054 </para>
2055 </listitem>
2056 <listitem>
2057 <para>
2058 Loki has had another release. Some default values have been
2059 changed for the configuration and some configuration options
2060 have been renamed. For more details, please check
2061 <link xlink:href="https://grafana.com/docs/loki/latest/upgrading/#240">the
2062 upgrade guide</link>.
2063 </para>
2064 </listitem>
2065 <listitem>
2066 <para>
2067 <literal>julia</literal> now refers to
2068 <literal>julia-stable</literal> instead of
2069 <literal>julia-lts</literal>. In practice this means it has
2070 been upgraded from <literal>1.0.4</literal> to
2071 <literal>1.5.4</literal>.
2072 </para>
2073 </listitem>
2074 <listitem>
2075 <para>
2076 RetroArch has been upgraded from version
2077 <literal>1.8.5</literal> to <literal>1.9.13.2</literal>. Since
2078 the previous release was quite old, if you’re having issues
2079 after the upgrade, please delete your
2080 <literal>$XDG_CONFIG_HOME/retroarch/retroarch.cfg</literal>
2081 file.
2082 </para>
2083 </listitem>
2084 <listitem>
2085 <para>
2086 hydrus has been upgraded from version <literal>438</literal>
2087 to <literal>463</literal>. Since upgrading between releases
2088 this old is advised against, be sure to have a backup of your
2089 data before upgrading. For details, see
2090 <link xlink:href="https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates">the
2091 hydrus manual</link>.
2092 </para>
2093 </listitem>
2094 <listitem>
2095 <para>
2096 More jdk and jre versions are now exposed via
2097 <literal>java-packages.compiler</literal>.
2098 </para>
2099 </listitem>
2100 <listitem>
2101 <para>
2102 The sets <literal>haskell.packages</literal> and
2103 <literal>haskell.compiler</literal> now contain for every ghc
2104 version an attribute with the minor version dropped. E.g. for
2105 <literal>ghc8107</literal> there also now exists
2106 <literal>ghc810</literal>. Those attributes point to the same
2107 compilers and packagesets but have the advantage that e.g.
2108 <literal>ghc92</literal> stays stable when we update from
2109 <literal>ghc925</literal> to <literal>ghc926</literal>.
2110 </para>
2111 </listitem>
2112 </itemizedlist>
2113 </section>
2114</section>