pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / from_md / release-notes / rl-2211.section.xml
at 23.05-pre 70 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.11"> 2 <title>Release 22.11 (“Raccoon”, 2022.11/??)</title> 3 <para> 4 Support is planned until the end of June 2023, handing over to 5 23.05. 6 </para> 7 <section xml:id="sec-release-22.11-highlights"> 8 <title>Highlights</title> 9 <para> 10 In addition to numerous new and upgraded packages, this release 11 has the following highlights: 12 </para> 13 <itemizedlist> 14 <listitem> 15 <para> 16 GNOME has been upgraded to 43. Please take a look at their 17 <link xlink:href="https://release.gnome.org/43/">Release 18 Notes</link> for details. 19 </para> 20 </listitem> 21 <listitem> 22 <para> 23 During cross-compilation, tests are now executed if the test 24 suite can be executed by the build platform. This is the case 25 when doing “native” cross-compilation where the build and host 26 platforms are largely the same, but the nixpkgs’ cross 27 compilation infrastructure is used, e.g. 28 <literal>pkgsStatic</literal> and <literal>pkgsLLVM</literal>. 29 Another possibility is that the build platform is a superset 30 of the host platform, e.g. when cross-compiling from 31 <literal>x86_64-unknown-linux</literal> to 32 <literal>i686-unknown-linux</literal>. The predicate gating 33 test suite execution is the newly added 34 <literal>canExecute</literal> predicate: You can e.g. check if 35 <literal>stdenv.buildPlatform</literal> can execute binaries 36 built for <literal>stdenv.hostPlatform</literal> (i.e. 37 produced by <literal>stdenv.cc</literal>) by evaluating 38 <literal>stdenv.buildPlatform.canExecute stdenv.hostPlatform</literal>. 39 </para> 40 </listitem> 41 <listitem> 42 <para> 43 The <literal>nixpkgs.hostPlatform</literal> and 44 <literal>nixpkgs.buildPlatform</literal> options have been 45 added. These cover and override the 46 <literal>nixpkgs.{system,localSystem,crossSystem}</literal> 47 options. 48 </para> 49 <itemizedlist spacing="compact"> 50 <listitem> 51 <para> 52 <literal>hostPlatform</literal> is the platform or 53 <quote><literal>system</literal></quote> string of the 54 NixOS system described by the configuration. 55 </para> 56 </listitem> 57 <listitem> 58 <para> 59 <literal>buildPlatform</literal> is the platform that is 60 responsible for building the NixOS configuration. It 61 defaults to the <literal>hostPlatform</literal>, for a 62 non-cross build configuration. To cross compile, set 63 <literal>buildPlatform</literal> to a different value. 64 </para> 65 </listitem> 66 </itemizedlist> 67 <para> 68 The new options convey the same information, but with fewer 69 options, and following the Nixpkgs terminology. 70 </para> 71 <para> 72 The existing options 73 <literal>nixpkgs.{system,localSystem,crossSystem}</literal> 74 have not been formally deprecated, to allow for evaluation of 75 the change and to allow for a transition period so that in 76 time the ecosystem can switch without breaking compatibility 77 with any supported NixOS release. 78 </para> 79 </listitem> 80 <listitem> 81 <para> 82 <literal>emacs</literal> enables native compilation which 83 means: 84 </para> 85 <itemizedlist spacing="compact"> 86 <listitem> 87 <para> 88 emacs packages from nixpkgs, builtin or not, will do 89 native compilation ahead of time so you can enjoy the 90 benefit of native compilation without compiling them on 91 you machine; 92 </para> 93 </listitem> 94 <listitem> 95 <para> 96 emacs packages from somewhere else, e.g. 97 <literal>package-install</literal>, will do asynchronously 98 deferred native compilation. If you do not want this, 99 maybe to avoid CPU consumption for compilation, you can 100 use 101 <literal>(setq native-comp-deferred-compilation nil)</literal> 102 to disable it while still enjoy the benefit of native 103 compilation for packages from nixpkgs. 104 </para> 105 </listitem> 106 </itemizedlist> 107 </listitem> 108 <listitem> 109 <para> 110 <literal>nixos-generate-config</literal> now generates 111 configurations that can be built in pure mode. This is 112 achieved by setting the new 113 <literal>nixpkgs.hostPlatform</literal> option. 114 </para> 115 <para> 116 You may have to unset the <literal>system</literal> parameter 117 in <literal>lib.nixosSystem</literal>, or similarly remove 118 definitions of the 119 <literal>nixpkgs.{system,localSystem,crossSystem}</literal> 120 options. 121 </para> 122 <para> 123 Alternatively, you can remove the 124 <literal>hostPlatform</literal> line and use NixOS like you 125 would in NixOS 22.05 and earlier. 126 </para> 127 </listitem> 128 <listitem> 129 <para> 130 PHP now defaults to PHP 8.1, updated from 8.0. 131 </para> 132 </listitem> 133 <listitem> 134 <para> 135 PHP is now built <literal>NTS</literal> (Non-Thread Safe) 136 style by default, for Apache and <literal>mod_php</literal> 137 usage we still enable <literal>ZTS</literal> (Zend Thread 138 Safe). This has been a common practice for a long time in 139 other distributions. 140 </para> 141 </listitem> 142 <listitem> 143 <para> 144 PHP 8.2.0 RC 6 is available. 145 </para> 146 </listitem> 147 <listitem> 148 <para> 149 <literal>protonup</literal> has been aliased to and replaced 150 by <literal>protonup-ng</literal> due to upstream not 151 maintaining it. 152 </para> 153 </listitem> 154 <listitem> 155 <para> 156 Perl has been updated to 5.36, and its core module 157 <literal>HTTP::Tiny</literal> was patched to verify SSL/TLS 158 certificates by default. 159 </para> 160 </listitem> 161 <listitem> 162 <para> 163 Improved performances of 164 <literal>lib.closePropagation</literal> which was previously 165 quadratic. This is used in e.g. 166 <literal>ghcWithPackages</literal>. Please see backward 167 incompatibilities notes below. 168 </para> 169 </listitem> 170 <listitem> 171 <para> 172 Cinnamon has been updated to 5.4. While at it, the cinnamon 173 module now defaults to blueman as bluetooth manager and 174 slick-greeter as lightdm greeter to match upstream. 175 </para> 176 </listitem> 177 <listitem> 178 <para> 179 OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. 180 </para> 181 </listitem> 182 <listitem> 183 <para> 184 An image configuration and generator has been added for Linode 185 images, largely based on the present GCE configuration and 186 image. 187 </para> 188 </listitem> 189 <listitem> 190 <para> 191 <literal>hardware.nvidia</literal> has a new option 192 <literal>open</literal> that can be used to opt in the 193 opensource version of NVIDIA kernel driver. Note that the 194 driver’s support for GeForce and Workstation GPUs is still 195 alpha quality, see 196 <link xlink:href="https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/">NVIDIA 197 Releases Open-Source GPU Kernel Modules</link> for the 198 official announcement. 199 </para> 200 </listitem> 201 </itemizedlist> 202 </section> 203 <section xml:id="sec-release-22.11-new-services"> 204 <title>New Services</title> 205 <itemizedlist> 206 <listitem> 207 <para> 208 <link xlink:href="https://github.com/jollheef/appvm">appvm</link>, 209 Nix based app VMs. Available as 210 <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>. 211 </para> 212 </listitem> 213 <listitem> 214 <para> 215 <link xlink:href="https://github.com/maxbrunet/automatic-timezoned">automatic-timezoned</link>. 216 a Linux daemon to automatically update the system timezone 217 based on location. Available as 218 <link linkend="opt-services.automatic-timezoned.enable">services.automatic-timezoned</link>. 219 </para> 220 </listitem> 221 <listitem> 222 <para> 223 [xray] (https://github.com/XTLS/Xray-core), a fully compatible 224 v2ray-core replacement. Features XTLS, which when enabled on 225 server and client, brings UDP FullCone NAT to proxy setups. 226 Available as 227 <link xlink:href="options.html#opt-services.xray.enable">services.xray</link>. 228 </para> 229 </listitem> 230 <listitem> 231 <para> 232 <link xlink:href="https://github.com/mozilla-services/syncstorage-rs">syncstorage-rs</link>, 233 a self-hostable sync server for Firefox. Available as 234 <link xlink:href="options.html#opt-services.firefox-syncserver.enable">services.firefox-syncserver</link>. 235 </para> 236 </listitem> 237 <listitem> 238 <para> 239 <link xlink:href="https://dragonflydb.io/">dragonflydb</link>, 240 a modern replacement for Redis and Memcached. Available as 241 <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>. 242 </para> 243 </listitem> 244 <listitem> 245 <para> 246 <link xlink:href="https://komga.org/">Komga</link>, a free and 247 open source comics/mangas media server. Available as 248 <link linkend="opt-services.komga.enable">services.komga</link>. 249 </para> 250 </listitem> 251 <listitem> 252 <para> 253 <link xlink:href="https://tandoor.dev">Tandoor Recipes</link>, 254 a self-hosted multi-tenant recipe collection. Available as 255 <link xlink:href="options.html#opt-services.tandoor-recipes.enable">services.tandoor-recipes</link>. 256 </para> 257 </listitem> 258 <listitem> 259 <para> 260 <link xlink:href="https://hbase.apache.org/">HBase 261 cluster</link>, a distributed, scalable, big data store. 262 Available as 263 <link xlink:href="options.html#opt-services.hadoop.hbase.enable">services.hadoop.hbase</link>. 264 </para> 265 </listitem> 266 <listitem> 267 <para> 268 <link xlink:href="https://github.com/edneville/please">Please</link>, 269 a Sudo clone written in Rust. Available as 270 <link linkend="opt-security.please.enable">security.please</link> 271 </para> 272 </listitem> 273 <listitem> 274 <para> 275 <link xlink:href="https://github.com/messagebird/sachet/">Sachet</link>, 276 an SMS alerting tool for the Prometheus Alertmanager. 277 Available as 278 <link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>. 279 </para> 280 </listitem> 281 <listitem> 282 <para> 283 <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>, 284 a hardware True Random Number Generator dongle. Available as 285 <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>. 286 </para> 287 </listitem> 288 <listitem> 289 <para> 290 <link xlink:href="https://github.com/prymitive/kthxbye">kthxbye</link>, 291 an alert acknowledgement management daemon for Prometheus 292 Alertmanager. Available as 293 <link xlink:href="options.html#opt-services.kthxbye.enable">services.kthxbye</link> 294 </para> 295 </listitem> 296 <listitem> 297 <para> 298 <link xlink:href="https://github.com/jtroo/kanata">kanata</link>, 299 a tool to improve keyboard comfort and usability with advanced 300 customization. Available as 301 <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>. 302 </para> 303 </listitem> 304 <listitem> 305 <para> 306 <link xlink:href="https://github.com/prymitive/karma">karma</link>, 307 an alert dashboard for Prometheus Alertmanager. Available as 308 <link xlink:href="options.html#opt-services.karma.enable">services.karma</link> 309 </para> 310 </listitem> 311 <listitem> 312 <para> 313 <link xlink:href="https://languagetool.org/">languagetool</link>, 314 a multilingual grammar, style, and spell checker. Available as 315 <link xlink:href="options.html#opt-services.languagetool.enable">services.languagetool</link>. 316 </para> 317 </listitem> 318 <listitem> 319 <para> 320 <link xlink:href="https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master">OpenRGB</link>, 321 a FOSS tool for controlling RGB lighting. Available as 322 <link xlink:href="options.html#opt-services-hardware-openrgb-enable">services.hardware.openrgb.enable</link>. 323 </para> 324 </listitem> 325 <listitem> 326 <para> 327 <link xlink:href="https://www.getoutline.com/">Outline</link>, 328 a wiki and knowledge base similar to Notion. Available as 329 <link linkend="opt-services.outline.enable">services.outline</link>. 330 </para> 331 </listitem> 332 <listitem> 333 <para> 334 <link xlink:href="https://ntfy.sh">ntfy.sh</link>, a push 335 notification service. Available as 336 <link linkend="opt-services.ntfy-sh.enable">services.ntfy-sh</link> 337 </para> 338 </listitem> 339 <listitem> 340 <para> 341 <link xlink:href="https://git.sr.ht/~migadu/alps">alps</link>, 342 a simple and extensible webmail. Available as 343 <link linkend="opt-services.alps.enable">services.alps</link>. 344 </para> 345 </listitem> 346 <listitem> 347 <para> 348 <link xlink:href="https://github.com/skeeto/endlessh">endlessh</link>, 349 an SSH tarpit. Available as 350 <link linkend="opt-services.endlessh.enable">services.endlessh</link>. 351 </para> 352 </listitem> 353 <listitem> 354 <para> 355 <link xlink:href="https://github.com/shizunge/endlessh-go">endlessh-go</link>, 356 an SSH tarpit that exposes Prometheus metrics. Available as 357 <link linkend="opt-services.endlessh-go.enable">services.endlessh-go</link>. 358 </para> 359 </listitem> 360 <listitem> 361 <para> 362 <link xlink:href="https://garagehq.deuxfleurs.fr/">Garage</link>, 363 a simple object storage server for geodistributed deployments, 364 alternative to MinIO. Available as 365 <link linkend="opt-services.garage.enable">services.garage</link>. 366 </para> 367 </listitem> 368 <listitem> 369 <para> 370 <link xlink:href="https://netbird.io">netbird</link>, a zero 371 configuration VPN. Available as 372 <link xlink:href="options.html#opt-services.netbird.enable">services.netbird</link>. 373 </para> 374 </listitem> 375 <listitem> 376 <para> 377 <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>, 378 a daemon to add virtual proxy devices that mirror a physical 379 input device but persist even if the underlying hardware is 380 hot-plugged. Available as 381 <link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>. 382 </para> 383 </listitem> 384 <listitem> 385 <para> 386 <link xlink:href="https://schleuder.org/">schleuder</link>, a 387 mailing list manager with PGP support. Enable using 388 <link linkend="opt-services.schleuder.enable">services.schleuder</link>. 389 </para> 390 </listitem> 391 <listitem> 392 <para> 393 <link xlink:href="https://www.dolibarr.org/">Dolibarr</link>, 394 an enterprise resource planning and customer relationship 395 manager. Enable using 396 <link linkend="opt-services.dolibarr.enable">services.dolibarr</link>. 397 </para> 398 </listitem> 399 <listitem> 400 <para> 401 <link xlink:href="https://freshrss.org/">FreshRSS</link>, a 402 free, self-hostable RSS feed aggregator. Available as 403 <link linkend="opt-services.freshrss.enable">services.freshrss</link>. 404 </para> 405 </listitem> 406 <listitem> 407 <para> 408 <link xlink:href="https://www.expressvpn.com">expressvpn</link>, 409 the CLI client for ExpressVPN. Available as 410 <link linkend="opt-services.expressvpn.enable">services.expressvpn</link>. 411 </para> 412 </listitem> 413 <listitem> 414 <para> 415 <link xlink:href="https://troglobit.com/projects/merecat/">merecat</link>, 416 a small and easy HTTP server based on thttpd. Available as 417 <link linkend="opt-services.merecat.enable">services.merecat</link> 418 </para> 419 </listitem> 420 <listitem> 421 <para> 422 <link xlink:href="https://github.com/L11R/go-autoconfig">go-autoconfig</link>, 423 IMAP/SMTP autodiscover server. Available as 424 <link linkend="opt-services.go-autoconfig.enable">services.go-autoconfig</link>. 425 </para> 426 </listitem> 427 <listitem> 428 <para> 429 <link xlink:href="https://github.com/tmate-io/tmate-ssh-server">tmate-ssh-server</link>, 430 server side part of 431 <link xlink:href="https://tmate.io/">tmate</link>. Available 432 as 433 <link linkend="opt-services.tmate-ssh-server.enable">services.tmate-ssh-server</link>. 434 </para> 435 </listitem> 436 <listitem> 437 <para> 438 <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana 439 Tempo</link>, a distributed tracing store. Available as 440 <link linkend="opt-services.tempo.enable">services.tempo</link>. 441 </para> 442 </listitem> 443 <listitem> 444 <para> 445 <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>, 446 the authentication software for the German ID card. Available 447 as 448 <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>. 449 </para> 450 </listitem> 451 <listitem> 452 <para> 453 <link xlink:href="https://github.com/zalando/patroni">Patroni</link>, 454 a template for PostgreSQL HA with ZooKeeper, etcd or Consul. 455 Available as 456 <link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>. 457 </para> 458 </listitem> 459 <listitem> 460 <para> 461 <link xlink:href="https://github.com/prometheus-community/ipmi_exporter">Prometheus 462 IPMI exporter</link>, an IPMI exporter for Prometheus. 463 Available as 464 <link linkend="opt-services.prometheus.exporters.ipmi.enable">services.prometheus.exporters.ipmi</link>. 465 </para> 466 </listitem> 467 <listitem> 468 <para> 469 <link xlink:href="https://writefreely.org">WriteFreely</link>, 470 a simple blogging platform with ActivityPub support. Available 471 as 472 <link xlink:href="options.html#opt-services.writefreely.enable">services.writefreely</link>. 473 </para> 474 </listitem> 475 <listitem> 476 <para> 477 <link xlink:href="https://listmonk.app">Listmonk</link>, a 478 self-hosted newsletter manager. Enable using 479 <link xlink:href="options.html#opt-services.listmonk.enable">services.listmonk</link>. 480 </para> 481 </listitem> 482 <listitem> 483 <para> 484 <link xlink:href="https://uptime.kuma.pet/">Uptime 485 Kuma</link>, a fancy self-hosted monitoring tool. Available as 486 <link linkend="opt-services.uptime-kuma.enable">services.uptime-kuma</link>. 487 </para> 488 </listitem> 489 <listitem> 490 <para> 491 <link xlink:href="https://mepo.milesalan.com">Mepo</link>, a 492 fast, simple, hackable OSM map viewer for mobile and desktop 493 Linux. Available as 494 <link linkend="opt-programs.mepo.enable">programs.mepo.enable</link>. 495 </para> 496 </listitem> 497 </itemizedlist> 498 </section> 499 <section xml:id="sec-release-22.11-incompatibilities"> 500 <title>Backward Incompatibilities</title> 501 <itemizedlist> 502 <listitem> 503 <para> 504 Nixpkgs now requires Nix 2.3 or newer. 505 </para> 506 </listitem> 507 <listitem> 508 <para> 509 The <literal>isCompatible</literal> predicate checking CPU 510 compatibility is no longer exposed by the platform sets 511 generated using <literal>lib.systems.elaborate</literal>. In 512 most cases you will want to use the new 513 <literal>canExecute</literal> predicate instead which also 514 considers the kernel / syscall interface. It is briefly 515 described in the release’s 516 <link linkend="sec-release-22.11-highlights">highlights 517 section</link>. 518 <literal>lib.systems.parse.isCompatible</literal> still 519 exists, but has changed semantically: Architectures with 520 differing endianness modes are <emphasis>no longer considered 521 compatible</emphasis>. 522 </para> 523 </listitem> 524 <listitem> 525 <para> 526 <literal>ngrok</literal> has been upgraded from 2.3.40 to 527 3.0.4. Please see 528 <link xlink:href="https://ngrok.com/docs/guides/upgrade-v2-v3">the 529 upgrade guide</link> and 530 <link xlink:href="https://ngrok.com/docs/ngrok-agent/changelog">changelog</link>. 531 Notably, breaking changes are that the config file format has 532 changed and support for single hypen arguments was dropped. 533 </para> 534 </listitem> 535 <listitem> 536 <para> 537 <literal>i18n.supportedLocales</literal> is now by default 538 only generated with the locales set in 539 <literal>i18n.defaultLocale</literal> and 540 <literal>i18n.extraLocaleSettings</literal>. This got 541 partially copied over from the minimal profile and reduces the 542 final system size by up to 200MB. If you require all locales 543 installed set the option to 544 <literal>[ &quot;all&quot; ]</literal>. 545 </para> 546 </listitem> 547 <listitem> 548 <para> 549 Deprecated settings <literal>logrotate.paths</literal> and 550 <literal>logrotate.extraConfig</literal> have been removed. 551 Please convert any uses to 552 <link linkend="opt-services.logrotate.settings">services.logrotate.settings</link> 553 instead. 554 </para> 555 </listitem> 556 <listitem> 557 <para> 558 The <literal>isPowerPC</literal> predicate, found on 559 <literal>platform</literal> attrsets 560 (<literal>hostPlatform</literal>, 561 <literal>buildPlatform</literal>, 562 <literal>targetPlatform</literal>, etc) has been removed in 563 order to reduce confusion. The predicate was was defined such 564 that it matches only the 32-bit big-endian members of the 565 POWER/PowerPC family, despite having a name which would imply 566 a broader set of systems. If you were using this predicate, 567 you can replace <literal>foo.isPowerPC</literal> with 568 <literal>(with foo; isPower &amp;&amp; is32bit &amp;&amp; isBigEndian)</literal>. 569 </para> 570 </listitem> 571 <listitem> 572 <para> 573 The <literal>fetchgit</literal> fetcher now uses 574 <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone 575 mode</link> by default for sparse checkouts. 576 <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone 577 mode</link> can be enabled by passing 578 <literal>nonConeMode = true</literal>, but note that non-cone 579 mode is deprecated and this option may be removed alongside a 580 future Git update without notice. 581 </para> 582 </listitem> 583 <listitem> 584 <para> 585 The <literal>fetchgit</literal> fetcher supports sparse 586 checkouts via the <literal>sparseCheckout</literal> option. 587 This used to accept a multi-line string with 588 directories/patterns to check out, but now requires a list of 589 strings. 590 </para> 591 </listitem> 592 <listitem> 593 <para> 594 <literal>openssh</literal> was updated to version 9.1, 595 disabling the generation of DSA keys when using 596 <literal>ssh-keygen -A</literal> as they are insecure. Also, 597 <literal>SetEnv</literal> directives in 598 <literal>ssh_config</literal> and 599 <literal>sshd_config</literal> are now first-match-wins 600 </para> 601 </listitem> 602 <listitem> 603 <para> 604 <literal>bsp-layout</literal> no longer uses the command 605 <literal>cycle</literal> to switch to other window layouts, as 606 it got replaced by the commands <literal>previous</literal> 607 and <literal>next</literal>. 608 </para> 609 </listitem> 610 <listitem> 611 <para> 612 The Barco ClickShare driver/client package 613 <literal>pkgs.clickshare-csc1</literal> and the option 614 <literal>programs.clickshare-csc1.enable</literal> have been 615 removed, as it requires <literal>qt4</literal>, which reached 616 its end-of-life 2015 and will no longer be supported by 617 nixpkgs. 618 <link xlink:href="https://www.barco.com/de/support/knowledge-base/4380-can-i-use-linux-os-with-clickshare-base-units">According 619 to Barco</link> many of their base unit models can be used 620 with Google Chrome and the Google Cast extension. 621 </para> 622 </listitem> 623 <listitem> 624 <para> 625 <literal>services.hbase</literal> has been renamed to 626 <literal>services.hbase-standalone</literal>. For production 627 HBase clusters, use <literal>services.hadoop.hbase</literal> 628 instead. 629 </para> 630 </listitem> 631 <listitem> 632 <para> 633 The <literal>p4</literal> package now only includes the 634 open-source Perforce Helix Core command-line client and APIs. 635 It no longer installs the unfree Helix Core Server binaries 636 <literal>p4d</literal>, <literal>p4broker</literal>, and 637 <literal>p4p</literal>. To install the Helix Core Server 638 binaries, use the <literal>p4d</literal> package instead. 639 </para> 640 </listitem> 641 <listitem> 642 <para> 643 The <literal>openssl</literal>-extension for the PHP 644 interpreter used by Nextcloud is built against OpenSSL 1.1 if 645 <xref linkend="opt-system.stateVersion" /> is below 646 <literal>22.11</literal>. This is to make sure that people 647 using 648 <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side 649 encryption</link> don’t loose access to their files. 650 </para> 651 <para> 652 In any other case it’s safe to use OpenSSL 3 for PHP’s openssl 653 extension. This can be done by setting 654 <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" /> 655 to <literal>false</literal>. 656 </para> 657 </listitem> 658 <listitem> 659 <para> 660 The <literal>coq</literal> package and versioned variants 661 starting at <literal>coq_8_14</literal> no longer include 662 CoqIDE, which is now available through 663 <literal>coqPackages.coqide</literal>. It is still possible to 664 get CoqIDE as part of the <literal>coq</literal> package by 665 overriding the <literal>buildIde</literal> argument of the 666 derivation. 667 </para> 668 </listitem> 669 <listitem> 670 <para> 671 PHP 7.4 is no longer supported due to upstream not supporting 672 this version for the entire lifecycle of the 22.11 release. 673 </para> 674 </listitem> 675 <listitem> 676 <para> 677 The ipfs package and module were renamed to kubo. The kubo 678 module now uses an RFC42-style <literal>settings</literal> 679 option instead of <literal>extraConfig</literal> and the 680 <literal>gatewayAddress</literal>, 681 <literal>apiAddress</literal> and 682 <literal>swarmAddress</literal> options were renamed. Using 683 the old names will print a warning but still work. 684 </para> 685 </listitem> 686 <listitem> 687 <para> 688 <literal>pkgs.cosign</literal> does not provide the 689 <literal>cosigned</literal> binary anymore. The 690 <literal>sget</literal> binary has been moved into its own 691 package. 692 </para> 693 </listitem> 694 <listitem> 695 <para> 696 Emacs now uses the Lucid toolkit by default instead of GTK 697 because of stability and compatibility issues. Users who still 698 wish to remain using GTK can do so by using 699 <literal>emacs-gtk</literal>. 700 </para> 701 </listitem> 702 <listitem> 703 <para> 704 riak package removed along with 705 <literal>services.riak</literal> module, due to lack of 706 maintainer to update the package. 707 </para> 708 </listitem> 709 <listitem> 710 <para> 711 ppd files in <literal>pkgs.cups-drv-rastertosag-gdi</literal> 712 are now gzipped. If you refer to such a ppd file with its path 713 (e.g. via 714 <link xlink:href="options.html#opt-hardware.printers.ensurePrinters">hardware.printers.ensurePrinters</link>) 715 you will need to append <literal>.gz</literal> to the path. 716 </para> 717 </listitem> 718 <listitem> 719 <para> 720 xow package removed along with the 721 <literal>hardware.xow</literal> module, due to the project 722 being deprecated in favor of <literal>xone</literal>, which is 723 available via the <literal>hardware.xone</literal> module. 724 </para> 725 </listitem> 726 <listitem> 727 <para> 728 dd-agent package removed along with the 729 <literal>services.dd-agent</literal> module, due to the 730 project being deprecated in favor of 731 <literal>datadog-agent</literal>, which is available via the 732 <literal>services.datadog-agent</literal> module. 733 </para> 734 </listitem> 735 <listitem> 736 <para> 737 <literal>teleport</literal> has been upgraded to major version 738 10. Please see upstream 739 <link xlink:href="https://goteleport.com/docs/ver/10.0/management/operations/upgrading/">upgrade 740 instructions</link> and 741 <link xlink:href="https://goteleport.com/docs/ver/10.0/changelog/#1000">release 742 notes</link>. 743 </para> 744 </listitem> 745 <listitem> 746 <para> 747 <literal>lib.closePropagation</literal> now needs that all 748 gathered sets have an <literal>outPath</literal> attribute. 749 </para> 750 </listitem> 751 <listitem> 752 <para> 753 lemmy module option 754 <literal>services.lemmy.settings.database.createLocally</literal> 755 moved to 756 <literal>services.lemmy.database.createLocally</literal>. 757 </para> 758 </listitem> 759 <listitem> 760 <para> 761 virtlyst package and <literal>services.virtlyst</literal> 762 module removed, due to lack of maintainers. 763 </para> 764 </listitem> 765 <listitem> 766 <para> 767 The <literal>nix.checkConfig</literal> option now fully 768 disables the config check. The new 769 <literal>nix.checkAllErrors</literal> option behaves like 770 <literal>nix.checkConfig</literal> previously did. 771 </para> 772 </listitem> 773 <listitem> 774 <para> 775 <literal>generateOptparseApplicativeCompletions</literal> and 776 <literal>generateOptparseApplicativeCompletion</literal> from 777 <literal>haskell.lib.compose</literal> (and 778 <literal>haskell.lib</literal>) have been deprecated in favor 779 of <literal>generateOptparseApplicativeCompletions</literal> 780 (plural!) as provided by the haskell package sets (so 781 <literal>haskellPackages.generateOptparseApplicativeCompletions</literal> 782 etc.). The latter allows for cross-compilation (by 783 automatically disabling generation of completion in the cross 784 case). For it to work properly you need to make sure that the 785 function comes from the same context as the package you are 786 trying to override, i.e. always use the same package set as 787 your package is coming from or – even better – use 788 <literal>self.generateOptparseApplicativeCompletions</literal> 789 if you are overriding a haskell package set. The old functions 790 are retained for backwards compatibility, but yield are 791 warning. 792 </para> 793 </listitem> 794 <listitem> 795 <para> 796 The <literal>services.graphite.api</literal> and 797 <literal>services.graphite.beacon</literal> NixOS options, and 798 the <literal>python3.pkgs.graphite_api</literal>, 799 <literal>python3.pkgs.graphite_beacon</literal> and 800 <literal>python3.pkgs.influxgraph</literal> packages, have 801 been removed due to lack of upstream maintenance. 802 </para> 803 </listitem> 804 <listitem> 805 <para> 806 The <literal>trace</literal> binary from 807 <literal>perf-linux</literal> package has been removed, due to 808 being a duplicate of the <literal>perf</literal> binary. 809 </para> 810 </listitem> 811 <listitem> 812 <para> 813 The <literal>aws</literal> package has been removed due to 814 being abandoned by the upstream. It is recommended to use 815 <literal>awscli</literal> or <literal>awscli2</literal> 816 instead. 817 </para> 818 </listitem> 819 <listitem> 820 <para> 821 The 822 <link xlink:href="https://ce-programming.github.io/CEmu">CEmu 823 TI-84 Plus CE emulator</link> package has been renamed to 824 <literal>cemu-ti</literal>. The 825 <link xlink:href="https://cemu.info">Cemu Wii U 826 emulator</link> is now packaged as <literal>cemu</literal>. 827 </para> 828 </listitem> 829 <listitem> 830 <para> 831 <literal>systemd-networkd</literal> v250 deprecated, renamed, 832 and moved some sections and settings which leads to the 833 following breaking module changes: 834 </para> 835 <itemizedlist spacing="compact"> 836 <listitem> 837 <para> 838 <literal>systemd.network.networks.&lt;name&gt;.dhcpV6PrefixDelegationConfig</literal> 839 is renamed to 840 <literal>systemd.network.networks.&lt;name&gt;.dhcpPrefixDelegationConfig</literal>. 841 </para> 842 </listitem> 843 <listitem> 844 <para> 845 <literal>systemd.network.networks.&lt;name&gt;.dhcpV6Config</literal> 846 no longer accepts the 847 <literal>ForceDHCPv6PDOtherInformation=</literal> setting. 848 Please use the <literal>WithoutRA=</literal> and 849 <literal>UseDelegatedPrefix=</literal> settings in your 850 <literal>systemd.network.networks.&lt;name&gt;.dhcpV6Config</literal> 851 and the <literal>DHCPv6Client=</literal> setting in your 852 <literal>systemd.network.networks.&lt;name&gt;.ipv6AcceptRAConfig</literal> 853 to control when the DHCPv6 client is started and how the 854 delegated prefixes are handled by the DHCPv6 client. 855 </para> 856 </listitem> 857 <listitem> 858 <para> 859 <literal>systemd.network.networks.&lt;name&gt;.networkConfig</literal> 860 no longer accepts the <literal>IPv6Token=</literal> 861 setting. Use the <literal>Token=</literal> setting in your 862 <literal>systemd.network.networks.&lt;name&gt;.ipv6AcceptRAConfig</literal> 863 instead. The 864 <literal>systemd.network.networks.&lt;name&gt;.ipv6Prefixes.*.ipv6PrefixConfig</literal> 865 now also accepts the <literal>Token=</literal> setting. 866 </para> 867 </listitem> 868 </itemizedlist> 869 </listitem> 870 <listitem> 871 <para> 872 <literal>arangodb</literal> versions 3.3, 3.4, and 3.5 have 873 been removed because they are at EOL upstream. The default is 874 now 3.10.0. Support for aarch64-linux has been removed since 875 the target cannot be built reproducibly. By default 876 <literal>arangodb</literal> is now built for the 877 <literal>haswell</literal> architecture. If you wish to build 878 for a different architecture, you may override the 879 <literal>targetArchitecture</literal> argument with a value 880 from 881 <link xlink:href="https://github.com/arangodb/arangodb/blob/207ec6937e41a46e10aea34953879341f0606841/cmake/OptimizeForArchitecture.cmake#L594">this 882 list supported upstream</link>. Some architecture specific 883 optimizations are also conditionally enabled. You may alter 884 this behavior by overriding the 885 <literal>asmOptimizations</literal> parameter. You may also 886 add additional architecture support by adding more 887 <literal>-DHAS_XYZ</literal> flags to 888 <literal>cmakeFlags</literal> via 889 <literal>overrideAttrs</literal>. 890 </para> 891 </listitem> 892 <listitem> 893 <para> 894 The <literal>meta.mainProgram</literal> attribute of packages 895 in <literal>wineWowPackages</literal> now defaults to 896 <literal>&quot;wine64&quot;</literal>. 897 </para> 898 </listitem> 899 <listitem> 900 <para> 901 The <literal>paperless</literal> module now defaults 902 <literal>PAPERLESS_TIME_ZONE</literal> to your configured 903 system timezone. 904 </para> 905 </listitem> 906 <listitem> 907 <para> 908 The top-level <literal>termonad-with-packages</literal> alias 909 for <literal>termonad</literal> has been removed. 910 </para> 911 </listitem> 912 <listitem> 913 <para> 914 Linux 4.9 has been removed because it will reach its end of 915 life within the lifespan of 22.11. 916 </para> 917 </listitem> 918 <listitem> 919 <para> 920 (Neo)Vim can not be configured with 921 <literal>configure.pathogen</literal> anymore to reduce 922 maintainance burden. Use <literal>configure.packages</literal> 923 instead. 924 </para> 925 </listitem> 926 <listitem> 927 <para> 928 Neovim can not be configured with plug anymore (still works 929 for vim). 930 </para> 931 </listitem> 932 <listitem> 933 <para> 934 The <literal>adguardhome</literal> module no longer uses 935 <literal>host</literal> and <literal>port</literal> options, 936 use <literal>settings.bind_host</literal> and 937 <literal>settings.bind_port</literal> instead. 938 </para> 939 </listitem> 940 <listitem> 941 <para> 942 The default <literal>kops</literal> version is now 1.25.1 and 943 support for 1.22 and older has been dropped. 944 </para> 945 </listitem> 946 <listitem> 947 <para> 948 The <literal>zrepl</literal> package has been updated from 949 0.5.0 to 0.6.0. See the 950 <link xlink:href="https://zrepl.github.io/changelog.html">changelog</link> 951 for details. 952 </para> 953 </listitem> 954 <listitem> 955 <para> 956 <literal>k3s</literal> no longer supports docker as runtime 957 due to upstream dropping support. 958 </para> 959 </listitem> 960 <listitem> 961 <para> 962 <literal>cassandra_2_1</literal> and 963 <literal>cassandra_2_2</literal> have been removed. Please 964 update to <literal>cassandra_3_11</literal> or 965 <literal>cassandra_3_0</literal>. See the 966 <link xlink:href="https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt">changelog</link> 967 for more information about the upgrade process. 968 </para> 969 </listitem> 970 <listitem> 971 <para> 972 <literal>mysql57</literal> has been removed. Please update to 973 <literal>mysql80</literal> or <literal>mariadb</literal>. See 974 the 975 <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/">upgrade 976 guide</link> for more information. 977 </para> 978 </listitem> 979 <listitem> 980 <para> 981 Consequently, <literal>cqrlog</literal> and 982 <literal>amorok</literal> now use <literal>mariadb</literal> 983 instead of <literal>mysql57</literal> for their embedded 984 databases. Running <literal>mysql_upgrade</literal> may be 985 neccesary. 986 </para> 987 </listitem> 988 <listitem> 989 <para> 990 <literal>k3s</literal> supports <literal>clusterInit</literal> 991 option, and it is enabled by default, for servers. 992 </para> 993 </listitem> 994 <listitem> 995 <para> 996 <literal>percona-server56</literal> has been removed. Please 997 migrate to <literal>mysql</literal> or 998 <literal>mariadb</literal> if possible. 999 </para> 1000 </listitem> 1001 <listitem> 1002 <para> 1003 <literal>obs-studio</literal> hase been updated to version 28. 1004 If you have packaged custom plugins, check if they are 1005 compatible. <literal>obs-websocket</literal> has been 1006 integrated into <literal>obs-studio</literal>. 1007 </para> 1008 </listitem> 1009 <listitem> 1010 <para> 1011 <literal>signald</literal> has been bumped to 1012 <literal>0.23.0</literal>. For the upgrade, a migration 1013 process is necessary. It can be done by running a command like 1014 this before starting <literal>signald.service</literal>: 1015 </para> 1016 <programlisting> 1017signald -d /var/lib/signald/db \ 1018 --database sqlite:/var/lib/signald/db \ 1019 --migrate-data 1020</programlisting> 1021 <para> 1022 For further information, please read the upstream changelogs. 1023 </para> 1024 </listitem> 1025 <listitem> 1026 <para> 1027 <literal>stylua</literal> no longer accepts 1028 <literal>lua52Support</literal> and 1029 <literal>luauSupport</literal> overrides, use 1030 <literal>features</literal> instead, which defaults to 1031 <literal>[ &quot;lua54&quot; &quot;luau&quot; ]</literal>. 1032 </para> 1033 </listitem> 1034 <listitem> 1035 <para> 1036 <literal>ocamlPackages.ocaml_extlib</literal> has been renamed 1037 to <literal>ocamlPackages.extlib</literal>. 1038 </para> 1039 </listitem> 1040 <listitem> 1041 <para> 1042 <literal>pkgs.fetchNextcloudApp</literal> has been rewritten 1043 to circumvent impurities in e.g. tarballs from GitHub and to 1044 make it easier to apply patches. This means that your hashes 1045 are out-of-date and the (previously required) attributes 1046 <literal>name</literal> and <literal>version</literal> are no 1047 longer accepted. 1048 </para> 1049 </listitem> 1050 <listitem> 1051 <para> 1052 The Syncthing service now only allows absolute paths—starting 1053 with <literal>/</literal> or <literal>~/</literal>—for 1054 <literal>services.syncthing.folders.&lt;name&gt;.path</literal>. 1055 In a future release other paths will be allowed again and 1056 interpreted relative to 1057 <literal>services.syncthing.dataDir</literal>. 1058 </para> 1059 </listitem> 1060 <listitem> 1061 <para> 1062 <literal>services.github-runner</literal> and 1063 <literal>services.github-runners.&lt;name&gt;</literal> gained 1064 the option <literal>serviceOverrides</literal> which allows 1065 overriding the systemd <literal>serviceConfig</literal>. If 1066 you have been overriding the systemd service configuration 1067 (i.e., by defining 1068 <literal>systemd.services.github-runner.serviceConfig</literal>), 1069 you have to use the <literal>serviceOverrides</literal> option 1070 now. Example: 1071 </para> 1072 <programlisting> 1073services.github-runner.serviceOverrides.SupplementaryGroups = [ 1074 &quot;docker&quot; 1075]; 1076</programlisting> 1077 </listitem> 1078 </itemizedlist> 1079 </section> 1080 <section xml:id="sec-release-22.11-notable-changes"> 1081 <title>Other Notable Changes</title> 1082 <itemizedlist> 1083 <listitem> 1084 <para> 1085 <literal>firefox</literal>, <literal>thunderbird</literal> and 1086 <literal>librewolf</literal> come with enabled Wayland support 1087 by default. The <literal>firefox-wayland</literal>, 1088 <literal>firefox-esr-wayland</literal>, 1089 <literal>thunderbird-wayland</literal> and 1090 <literal>librewolf-wayland</literal> attributes are obsolete 1091 and have been aliased to their generic attribute. 1092 </para> 1093 </listitem> 1094 <listitem> 1095 <para> 1096 The <literal>xplr</literal> package has been updated from 1097 0.18.0 to 0.19.0, which brings some breaking changes. See the 1098 <link xlink:href="https://github.com/sayanarijit/xplr/releases/tag/v0.19.0">upstream 1099 release notes</link> for more details. 1100 </para> 1101 </listitem> 1102 <listitem> 1103 <para> 1104 Configuring multiple GitHub runners is now possible through 1105 <literal>services.github-runners.&lt;name&gt;</literal>. The 1106 option <literal>services.github-runner</literal> remains. 1107 </para> 1108 </listitem> 1109 <listitem> 1110 <para> 1111 <literal>github-runner</literal> gained support for ephemeral 1112 runners and registrations using a personal access token (PAT) 1113 instead of a registration token. See 1114 <literal>services.github-runner.ephemeral</literal> and 1115 <literal>services.github-runner.tokenFile</literal> for 1116 details. 1117 </para> 1118 </listitem> 1119 <listitem> 1120 <para> 1121 A new module was added for the Saleae Logic device family, 1122 providing the options 1123 <literal>hardware.saleae-logic.enable</literal> and 1124 <literal>hardware.saleae-logic.package</literal>. 1125 </para> 1126 </listitem> 1127 <listitem> 1128 <para> 1129 ZFS module will not allow hibernation by default, this is a 1130 safety measure to prevent data loss cases like the ones 1131 described at 1132 <link xlink:href="https://github.com/openzfs/zfs/issues/260">OpenZFS/260</link> 1133 and 1134 <link xlink:href="https://github.com/openzfs/zfs/issues/12842">OpenZFS/12842</link>. 1135 Use the <literal>boot.zfs.allowHibernation</literal> option to 1136 configure this behaviour. 1137 </para> 1138 </listitem> 1139 <listitem> 1140 <para> 1141 <literal>mastodon</literal> now automatically removes remote 1142 media attachments older than 30 days. This is configurable 1143 through <literal>services.mastodon.mediaAutoRemove</literal>. 1144 </para> 1145 </listitem> 1146 <listitem> 1147 <para> 1148 The Redis module now disables RDB persistence when 1149 <literal>services.redis.servers.&lt;name&gt;.save = []</literal> 1150 instead of using the Redis default. 1151 </para> 1152 </listitem> 1153 <listitem> 1154 <para> 1155 Neo4j was updated from version 3 to version 4. See this 1156 <link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration 1157 guide</link> on how to migrate your Neo4j instance. 1158 </para> 1159 </listitem> 1160 <listitem> 1161 <para> 1162 The <literal>networking.wireguard</literal> module now can set 1163 the mtu on interfaces and tag its packets with an fwmark. 1164 </para> 1165 </listitem> 1166 <listitem> 1167 <para> 1168 The option <literal>overrideStrategy</literal> was added to 1169 the different systemd unit options 1170 (<literal>systemd.services.&lt;name&gt;</literal>, 1171 <literal>systemd.sockets.&lt;name&gt;</literal>, …) to allow 1172 enforcing the creation of a dropin file, rather than the main 1173 unit file, by setting it to <literal>asDropin</literal>. This 1174 is useful in cases where the existence of the main unit file 1175 is not known to Nix at evaluation time, for example when the 1176 main unit file is provided by adding a package to 1177 <literal>systemd.packages</literal>. See the fix proposed in 1178 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/135557#issuecomment-1295392470">NixOS’s 1179 systemd abstraction doesn’t work with systemd template 1180 units</link> for an example. 1181 </para> 1182 </listitem> 1183 <listitem> 1184 <para> 1185 The <literal>polymc</literal> package has been removed due to 1186 a rogue maintainer. It has been replaced by 1187 <literal>prismlauncher</literal>, a fork by the rest of the 1188 maintainers. For more details, see 1189 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/196624">the 1190 pull request that made this change</link> and 1191 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/196460">this 1192 issue detailing the vulnerability</link>. Users with existing 1193 installations should rename 1194 <literal>~/.local/share/polymc</literal> to 1195 <literal>~/.local/share/PrismLauncher</literal>. The main 1196 config file’s path has also moved from 1197 <literal>~/.local/share/polymc/polymc.cfg</literal> to 1198 <literal>~/.local/share/PrismLauncher/prismlauncher.cfg</literal>. 1199 </para> 1200 </listitem> 1201 <listitem> 1202 <para> 1203 The <literal>bloat</literal> package has been updated from 1204 unstable-2022-03-31 to unstable-2022-10-25, which brings a 1205 breaking change. See 1206 <link xlink:href="https://git.freesoftwareextremist.com/bloat/commit/?id=887ed241d64ba5db3fd3d87194fb5595e5ad7d73">this 1207 upstream commit message</link> for details. 1208 </para> 1209 </listitem> 1210 <listitem> 1211 <para> 1212 The <literal>services.matrix-synapse</literal> systemd unit 1213 has been hardened. 1214 </para> 1215 </listitem> 1216 <listitem> 1217 <para> 1218 The module <literal>services.grafana</literal> was refactored 1219 to be compliant with 1220 <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 1221 0042</link>. To be precise, this means that the following 1222 things have changed: 1223 </para> 1224 <itemizedlist> 1225 <listitem> 1226 <para> 1227 The newly introduced option 1228 <xref linkend="opt-services.grafana.settings" /> is an 1229 attribute-set that will be converted into Grafana’s INI 1230 format. This means that the configuration from 1231 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/">Grafana’s 1232 configuration reference</link> can be directly written as 1233 attribute-set in Nix within this option. 1234 </para> 1235 </listitem> 1236 <listitem> 1237 <para> 1238 The option 1239 <literal>services.grafana.extraOptions</literal> has been 1240 removed. This option was an association of environment 1241 variables for Grafana. If you had an expression like 1242 </para> 1243 <programlisting language="bash"> 1244{ 1245 services.grafana.extraOptions.SECURITY_ADMIN_USER = &quot;foobar&quot;; 1246} 1247</programlisting> 1248 <para> 1249 your Grafana instance was running with 1250 <literal>GF_SECURITY_ADMIN_USER=foobar</literal> in its 1251 environment. 1252 </para> 1253 <para> 1254 For the migration, it is recommended to turn it into the 1255 INI format, i.e. to declare 1256 </para> 1257 <programlisting language="bash"> 1258{ 1259 services.grafana.settings.security.admin_user = &quot;foobar&quot;; 1260} 1261</programlisting> 1262 <para> 1263 instead. 1264 </para> 1265 <para> 1266 The keys in 1267 <literal>services.grafana.extraOptions</literal> have the 1268 format 1269 <literal>&lt;INI section name&gt;_&lt;Key Name&gt;</literal>. 1270 Further details are outlined in the 1271 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables">configuration 1272 reference</link>. 1273 </para> 1274 <para> 1275 Alternatively you can also set all your values from 1276 <literal>extraOptions</literal> to 1277 <literal>systemd.services.grafana.environment</literal>, 1278 make sure you don’t forget to add the 1279 <literal>GF_</literal> prefix though! 1280 </para> 1281 </listitem> 1282 <listitem> 1283 <para> 1284 Previously, the options 1285 <xref linkend="opt-services.grafana.provision.datasources" /> 1286 and 1287 <xref linkend="opt-services.grafana.provision.dashboards" /> 1288 expected lists of datasources or dashboards for the 1289 <link xlink:href="https://grafana.com/docs/grafana/latest/administration/provisioning/">declarative 1290 provisioning</link>. 1291 </para> 1292 <para> 1293 To declare lists of 1294 </para> 1295 <itemizedlist spacing="compact"> 1296 <listitem> 1297 <para> 1298 <emphasis role="strong">datasources</emphasis>, please 1299 rename your declarations to 1300 <xref linkend="opt-services.grafana.provision.datasources.settings.datasources" />. 1301 </para> 1302 </listitem> 1303 <listitem> 1304 <para> 1305 <emphasis role="strong">dashboards</emphasis>, please 1306 rename your declarations to 1307 <xref linkend="opt-services.grafana.provision.dashboards.settings.providers" />. 1308 </para> 1309 </listitem> 1310 </itemizedlist> 1311 <para> 1312 This change was made to support more features for that: 1313 </para> 1314 <itemizedlist> 1315 <listitem> 1316 <para> 1317 It’s possible to declare the 1318 <literal>apiVersion</literal> of your dashboards and 1319 datasources by 1320 <xref linkend="opt-services.grafana.provision.datasources.settings.apiVersion" /> 1321 (or 1322 <xref linkend="opt-services.grafana.provision.dashboards.settings.apiVersion" />). 1323 </para> 1324 </listitem> 1325 <listitem> 1326 <para> 1327 Instead of declaring datasources and dashboards in 1328 pure Nix, it’s also possible to specify configuration 1329 files (or directories) with YAML instead using 1330 <xref linkend="opt-services.grafana.provision.datasources.path" /> 1331 (or 1332 <xref linkend="opt-services.grafana.provision.dashboards.path" />. 1333 This is useful when having provisioning files from 1334 non-NixOS Grafana instances that you also want to 1335 deploy to NixOS. 1336 </para> 1337 <para> 1338 <emphasis role="strong">Note:</emphasis> secrets from 1339 these files will be leaked into the store unless you 1340 use a 1341 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider"><emphasis role="strong">file</emphasis>-provider 1342 or env-var</link> for secrets! 1343 </para> 1344 </listitem> 1345 <listitem> 1346 <para> 1347 <xref linkend="opt-services.grafana.provision.notifiers" /> 1348 is not affected by this change because this feature is 1349 deprecated by Grafana and will probably removed in 1350 Grafana 10. It’s recommended to use 1351 <literal>services.grafana.provision.alerting.contactPoints</literal> 1352 instead. 1353 </para> 1354 </listitem> 1355 </itemizedlist> 1356 </listitem> 1357 </itemizedlist> 1358 </listitem> 1359 <listitem> 1360 <para> 1361 The <literal>services.grafana.provision.alerting</literal> 1362 option was added. It includes suboptions for every 1363 alerting-related objects (with the exception of 1364 <literal>notifiers</literal>), which means it’s now possible 1365 to configure modern Grafana alerting declaratively. 1366 </para> 1367 </listitem> 1368 <listitem> 1369 <para> 1370 Matrix Synapse now requires entries in the 1371 <literal>state_group_edges</literal> table to be unique, in 1372 order to prevent accidentally introducing duplicate 1373 information (for example, because a database backup was 1374 restored multiple times). If your Synapse database already has 1375 duplicate rows in this table, this could fail with an error 1376 and require manual remediation. 1377 </para> 1378 </listitem> 1379 <listitem> 1380 <para> 1381 The <literal>diamond</literal> package has been update from 1382 0.8.36 to 2.0.15. See the 1383 <link xlink:href="https://github.com/bbuchfink/diamond/releases">upstream 1384 release notes</link> for more details. 1385 </para> 1386 </listitem> 1387 <listitem> 1388 <para> 1389 The <literal>guake</literal> package has been updated from 1390 3.6.3 to 3.9.0, see the 1391 <link xlink:href="https://github.com/Guake/guake/releases">changelog</link> 1392 for more details. 1393 </para> 1394 </listitem> 1395 <listitem> 1396 <para> 1397 <literal>dockerTools.buildImage</literal> deprecates the 1398 misunderstood <literal>contents</literal> parameter, in favor 1399 of <literal>copyToRoot</literal>. Use 1400 <literal>copyToRoot = buildEnv { ... };</literal> or similar 1401 if you intend to add packages to <literal>/bin</literal>. 1402 </para> 1403 </listitem> 1404 <listitem> 1405 <para> 1406 memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. 1407 It is now the upstream version from https://www.memtest.org/, 1408 as coreboot’s fork is no longer available. 1409 </para> 1410 </listitem> 1411 <listitem> 1412 <para> 1413 Option descriptions, examples, and defaults writting in 1414 DocBook are now deprecated. Using CommonMark is preferred and 1415 will become the default in a future release. 1416 </para> 1417 </listitem> 1418 <listitem> 1419 <para> 1420 The 1421 <literal>documentation.nixos.options.allowDocBook</literal> 1422 option was added to ease the transition to CommonMark option 1423 documentation. Setting this option to <literal>false</literal> 1424 causes an error for every option included in the manual that 1425 uses DocBook documentation; it defaults to 1426 <literal>true</literal> to preserve the previous behavior and 1427 will be removed once the transition to CommonMark is complete. 1428 </para> 1429 </listitem> 1430 <listitem> 1431 <para> 1432 The redis module now persists each instance’s configuration 1433 file in the state directory, in order to support some more 1434 advanced use cases like sentinel. 1435 </para> 1436 </listitem> 1437 <listitem> 1438 <para> 1439 The udisks2 service, available at 1440 <literal>services.udisks2.enable</literal>, is now disabled by 1441 default. It will automatically be enabled through services and 1442 desktop environments as needed. This also means that polkit 1443 will now actually be disabled by default. The default for 1444 <literal>security.polkit.enable</literal> was already flipped 1445 in the previous release, but udisks2 being enabled by default 1446 re-enabled it. 1447 </para> 1448 </listitem> 1449 <listitem> 1450 <para> 1451 Nextcloud has been updated to version 1452 <emphasis role="strong">25</emphasis>. Additionally the 1453 following things have changed for Nextcloud in NixOS: 1454 </para> 1455 <itemizedlist spacing="compact"> 1456 <listitem> 1457 <para> 1458 For Nextcloud <emphasis role="strong">&gt;=24</emphasis>, 1459 the default PHP version is 8.1. 1460 </para> 1461 </listitem> 1462 <listitem> 1463 <para> 1464 Nextcloud <emphasis role="strong">23</emphasis> has been 1465 removed since it will reach its 1466 <link xlink:href="https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule/d76576a12a626d53305d480a6065b57cab705d3d">end 1467 of life in December 2022</link>. 1468 </para> 1469 </listitem> 1470 <listitem> 1471 <para> 1472 For <literal>system.stateVersion</literal> being 1473 <emphasis role="strong">&gt;=22.11</emphasis>, Nextcloud 1474 25 will be installed by default. For older versions, 1475 Nextcloud 24 will be installed. 1476 </para> 1477 </listitem> 1478 <listitem> 1479 <para> 1480 Please ensure that you only upgrade on major release at a 1481 time! Nextcloud doesn’t support upgrades across multiple 1482 versions, i.e. an upgrade from 1483 <emphasis role="strong">23</emphasis> to 1484 <emphasis role="strong">25</emphasis> is only possible 1485 when upgrading to <emphasis role="strong">24</emphasis> 1486 first. 1487 </para> 1488 </listitem> 1489 </itemizedlist> 1490 </listitem> 1491 <listitem> 1492 <para> 1493 Add udev rules for the Teensy family of microcontrollers. 1494 </para> 1495 </listitem> 1496 <listitem> 1497 <para> 1498 The Qt QML disk cache is now disabled by default. This fixes a 1499 long-standing issue where updating Qt/KDE apps would sometimes 1500 cause them to crash or behave strangely without explanation. 1501 Those concerned about the small (~10%) performance hit to 1502 application startup can re-enable the cache (and expose 1503 themselves to gremlins) by setting the envrionment variable 1504 <literal>QML_FORCE_DISK_CACHE</literal> to 1505 <literal>1</literal> using e.g. the 1506 <literal>environment.sessionVariables</literal> NixOS option. 1507 </para> 1508 </listitem> 1509 <listitem> 1510 <para> 1511 systemd-oomd is enabled by default. Depending on which systemd 1512 units have <literal>ManagedOOMSwap=kill</literal> or 1513 <literal>ManagedOOMMemoryPressure=kill</literal>, systemd-oomd 1514 will SIGKILL all the processes under the appropriate 1515 descendant cgroups when the configured limits are exceeded. 1516 NixOS does currently not configure cgroups with oomd by 1517 default, this can be enabled using 1518 <link xlink:href="options.html#opt-systemd.oomd.enableRootSlice">systemd.oomd.enableRootSlice</link>, 1519 <link xlink:href="options.html#opt-systemd.oomd.enableSystemSlice">systemd.oomd.enableSystemSlice</link>, 1520 and 1521 <link xlink:href="options.html#opt-systemd.oomd.enableUserServices">systemd.oomd.enableUserServices</link>. 1522 </para> 1523 </listitem> 1524 <listitem> 1525 <para> 1526 The <literal>tt-rss</literal> service performs two database 1527 migrations when you first use its web UI after upgrade. 1528 Consider backing up its database before updating. 1529 </para> 1530 </listitem> 1531 <listitem> 1532 <para> 1533 The <literal>pass-secret-service</literal> package now 1534 includes systemd units from upstream, so adding it to the 1535 NixOS <literal>services.dbus.packages</literal> option will 1536 make it start automatically as a systemd user service when an 1537 application tries to talk to the libsecret D-Bus API. 1538 </para> 1539 </listitem> 1540 <listitem> 1541 <para> 1542 There is a new module for AMD SEV CPU functionality, which 1543 grants access to the hardware. 1544 </para> 1545 </listitem> 1546 <listitem> 1547 <para> 1548 The Wordpress module got support for installing language packs 1549 through 1550 <literal>services.wordpress.sites.&lt;site&gt;.languages</literal>. 1551 </para> 1552 </listitem> 1553 <listitem> 1554 <para> 1555 The default package for 1556 <literal>services.mullvad-vpn.package</literal> was changed to 1557 <literal>pkgs.mullvad</literal>, allowing cross-platform usage 1558 of Mullvad. <literal>pkgs.mullvad</literal> only contains the 1559 Mullvad CLI tool, so users who rely on the Mullvad GUI will 1560 want to change it back to <literal>pkgs.mullvad-vpn</literal>, 1561 or add <literal>pkgs.mullvad-vpn</literal> to their 1562 environment. 1563 </para> 1564 </listitem> 1565 <listitem> 1566 <para> 1567 PowerDNS has been updated from <literal>4.6.x</literal> to 1568 <literal>4.7.x</literal>. Please be sure to review the 1569 <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#to-4-7-0-or-master">Upgrade 1570 Notes</link> provided by upstream before upgrading. Worth 1571 specifically noting is that the new Catalog Zones feature 1572 comes with a mandatory schema change for the gsql database 1573 backends, which has to be manually applied. 1574 </para> 1575 </listitem> 1576 <listitem> 1577 <para> 1578 There is a new module for the <literal>thunar</literal> 1579 program (the Xfce file manager), which depends on the 1580 <literal>xfconf</literal> dbus service, and also has a dbus 1581 service and a systemd unit. The option 1582 <literal>services.xserver.desktopManager.xfce.thunarPlugins</literal> 1583 has been renamed to 1584 <literal>programs.thunar.plugins</literal>, and in a future 1585 release it may be removed. 1586 </para> 1587 </listitem> 1588 <listitem> 1589 <para> 1590 There is a new module for the <literal>xfconf</literal> 1591 program (the Xfce configuration storage system), which has a 1592 dbus service. 1593 </para> 1594 </listitem> 1595 <listitem> 1596 <para> 1597 The Mastodon package got upgraded from the major version 3 to 1598 4. See the 1599 <link xlink:href="https://github.com/mastodon/mastodon/releases/tag/v4.0.0">v4.0.0 1600 release notes</link> for a list of changes. On standard 1601 setups, no manual migration steps are required. Nevertheless, 1602 a database backup is recommended. 1603 </para> 1604 </listitem> 1605 <listitem> 1606 <para> 1607 The <literal>nomad</literal> package now defaults to 1.3, 1608 which no longer has a downgrade path to releases 1.2 or older. 1609 </para> 1610 </listitem> 1611 <listitem> 1612 <para> 1613 The <literal>nodePackages</literal> package set now defaults 1614 to the LTS release in the <literal>nodejs</literal> package 1615 again, instead of being pinned to 1616 <literal>nodejs-14_x</literal>. Several updates to node2nix 1617 have been made for compatibility with newer Node.js and npm 1618 versions and a new <literal>postRebuild</literal> hook has 1619 been added for packages to perform extra build steps before 1620 the npm install step prunes dev dependencies. 1621 </para> 1622 </listitem> 1623 <listitem> 1624 <para> 1625 <literal>boot.kernel.sysctl</literal> is defined as a 1626 freeformType and adds a custom merge option for 1627 <quote>net.core.rmem_max</quote> (taking the highest value 1628 defined to avoid conflicts between 2 services trying to set 1629 that value). 1630 </para> 1631 </listitem> 1632 <listitem> 1633 <para> 1634 The <literal>mame</literal> package does not ship with its 1635 tools anymore in the default output. They were moved to a 1636 separate <literal>tools</literal> output instead. For 1637 convenience, <literal>mame-tools</literal> package was added 1638 for those who want to use it. 1639 </para> 1640 </listitem> 1641 <listitem> 1642 <para> 1643 A NixOS module for Firefox has been added which allows 1644 preferences and 1645 <link xlink:href="https://github.com/mozilla/policy-templates/blob/master/README.md">policies</link> 1646 to be set. This also allows extensions to be installed via the 1647 <literal>ExtensionSettings</literal> policy. The new options 1648 are under <literal>programs.firefox</literal>. 1649 </para> 1650 </listitem> 1651 <listitem> 1652 <para> 1653 The option 1654 <literal>services.picom.experimentalBackends</literal> was 1655 removed since it is now the default and the option will cause 1656 <literal>picom</literal> to quit instead. 1657 </para> 1658 </listitem> 1659 </itemizedlist> 1660 </section> 1661</section>