mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
Merge pull request #203777 from mweinelt/22.11/release-notes
[22.11] Release note backports
This commit is contained in:
commit
f0b3de143d
File diff suppressed because it is too large
Load diff
|
@ -1,27 +1,53 @@
|
||||||
# Release 22.11 (“Raccoon”, 2022.11/??) {#sec-release-22.11}
|
# Release 22.11 (“Raccoon”, 2022.11/??) {#sec-release-22.11}
|
||||||
|
|
||||||
Support is planned until the end of June 2023, handing over to 23.05.
|
The NixOS release team is happy to announce a new version of NixOS 22.11. NixOS is both a Linux distribution, and a set of packages usable on other Linux systems and macOS.
|
||||||
|
|
||||||
|
This release is supported until the end of June 2023, handing over to NixOS 23.05.
|
||||||
|
|
||||||
|
To upgrade to the latest release follow the [upgrade chapter](#sec-upgrading).
|
||||||
|
|
||||||
## Highlights {#sec-release-22.11-highlights}
|
## Highlights {#sec-release-22.11-highlights}
|
||||||
|
|
||||||
In addition to numerous new and upgraded packages, this release has the following highlights:
|
In addition to numerous new and upgraded packages, this release includes the following highlights:
|
||||||
|
|
||||||
- GNOME has been upgraded to 43. Please take a look at their [Release
|
- Software that uses the `crypt` password hashing API is now using the implementation provided by [`libxcrypt`](https://github.com/besser82/libxcrypt) instead of glibc's, which enables support for more secure algorithms.
|
||||||
Notes](https://release.gnome.org/43/) for details.
|
- Support for algorithms that `libxcrypt` [does not consider strong](https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41) are **deprecated** as of this release, and will be removed in NixOS 23.05.
|
||||||
|
- This includes system login passwords. Given this, we **strongly encourage** all users to update their system passwords, as you will be unable to login if password hashes are not migrated by the time their support is removed.
|
||||||
|
- When using `users.users.<name>.hashedPassword` to configure user passwords, run `mkpasswd`, and use the yescrypt hash that is provided as the new value.
|
||||||
|
- On the other hand, for interactively configured user passwords, simply re-set the passwords for all users with `passwd`.
|
||||||
|
- This release introduces warnings for the use of deprecated hash algorithms for both methods of configuring passwords. To make sure you migrated correctly, run `nixos-rebuild switch`.
|
||||||
|
|
||||||
- During cross-compilation, tests are now executed if the test suite can be executed
|
- The NixOS documentation is now generated from markdown. While docbook is still part of the documentation build process, it's a big step towards the full migration.
|
||||||
by the build platform. This is the case when doing “native” cross-compilation
|
|
||||||
where the build and host platforms are largely the same, but the nixpkgs' cross
|
|
||||||
compilation infrastructure is used, e.g. `pkgsStatic` and `pkgsLLVM`. Another
|
|
||||||
possibility is that the build platform is a superset of the host platform, e.g. when
|
|
||||||
cross-compiling from `x86_64-unknown-linux` to `i686-unknown-linux`.
|
|
||||||
The predicate gating test suite execution is the newly added `canExecute`
|
|
||||||
predicate: You can e.g. check if `stdenv.buildPlatform` can execute binaries
|
|
||||||
built for `stdenv.hostPlatform` (i.e. produced by `stdenv.cc`) by evaluating
|
|
||||||
`stdenv.buildPlatform.canExecute stdenv.hostPlatform`.
|
|
||||||
|
|
||||||
- The `nixpkgs.hostPlatform` and `nixpkgs.buildPlatform` options have been added.
|
- `aarch64-linux` is now included in the `nixos-22.11` and `nixos-22.11-small` channels. This means that when those channel update, both `x86_64-linux` and `aarch64-linux` will be available in the binary cache.
|
||||||
These cover and override the `nixpkgs.{system,localSystem,crossSystem}` options.
|
|
||||||
|
- `aarch64-linux` ISOs are now available on the [downloads page](https://nixos.org/download.html).
|
||||||
|
|
||||||
|
- `nsncd` is now available as a replacement of `nscd`.
|
||||||
|
|
||||||
|
`nscd` is responsible for resolving hostnames, users and more in NixOS and has been a long standing source of bugs, such as sporadic network freezes.
|
||||||
|
|
||||||
|
More context in this [issue](https://github.com/NixOS/nixpkgs/issues/135888).
|
||||||
|
|
||||||
|
Help us test the new implementation by setting `services.nscd.enableNsncd` to `true`.
|
||||||
|
|
||||||
|
We plan to use `nsncd` by default in NixOS 23.05.
|
||||||
|
|
||||||
|
- Linode cloud images are now supported by importing `${modulesPath}/virtualisation/linode-image.nix` and accessing `system.build.linodeImage` on the output.
|
||||||
|
|
||||||
|
- `hardware.nvidia` has a new option, `hardware.nvidia.open`, that can be used to enable the usage of NVIDIA's open-source kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [the release announcement](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for more information.
|
||||||
|
|
||||||
|
- The `emacs` package now makes use of native compilation which means:
|
||||||
|
- Emacs packages from Nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
|
||||||
|
- Emacs packages from somewhere else, e.g. `package-install`, will perform asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still benefiting from native compilation for packages from Nixpkgs.
|
||||||
|
|
||||||
|
## Internal changes {#sec-release-22.11-internal}
|
||||||
|
|
||||||
|
- Haskell `ghcWithPackages` is now up to 15 times faster to evaluate, thanks to changing `lib.closePropagation` from a quadratic to linear complexity. Please see backward incompatibilities notes below. <https://github.com/NixOS/nixpkgs/pull/194391>
|
||||||
|
|
||||||
|
- For cross-compilation targets that can also run on the building machine, we now run tests. This, for example, is the case for the `pkgsStatic` and `pkgsLLVM` package sets or i686 packages on `x86_64` machines.
|
||||||
|
|
||||||
|
- To simplify cross-compilation in NixOS, this release introduces the `nixpkgs.hostPlatform` and `nixpkgs.buildPlatform` options. These cover and override the `nixpkgs.{system,localSystem,crossSystem}` options.
|
||||||
|
|
||||||
- `hostPlatform` is the platform or "`system`" string of the NixOS system
|
- `hostPlatform` is the platform or "`system`" string of the NixOS system
|
||||||
described by the configuration.
|
described by the configuration.
|
||||||
|
@ -38,146 +64,24 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
for a transition period so that in time the ecosystem can switch without
|
for a transition period so that in time the ecosystem can switch without
|
||||||
breaking compatibility with any supported NixOS release.
|
breaking compatibility with any supported NixOS release.
|
||||||
|
|
||||||
- `nscd` functionality, necessary to provide non-glibc-builtin NSS
|
## Notable version updates {#sec-release-22.11-version-updates}
|
||||||
modules (such as `nss_systemd` or `nss_ldap`) can now be provided by
|
|
||||||
`nsncd`, by setting `services.nscd.enableNsncd` to `true`.
|
|
||||||
|
|
||||||
The `nscd` daemon provided by glibc, which is currently used by NixOS isn't
|
- Nix has been upgraded from v2.8.1 to v2.11.0. For more information, please see the release notes for [2.9](https://nixos.org/manual/nix/stable/release-notes/rl-2.9.html), [2.10](https://nixos.org/manual/nix/stable/release-notes/rl-2.10.html) and [2.11](https://nixos.org/manual/nix/stable/release-notes/rl-2.11.html).
|
||||||
very reliable. For example, it's [not fully possible to disable caching
|
|
||||||
functionality](https://github.com/NixOS/nixpkgs/issues/135888), causing
|
|
||||||
various issues and failed lookups.
|
|
||||||
|
|
||||||
In contrast to nscd's behavior of caching module responses on its own,
|
|
||||||
nsncd merely forwards requests to NSS modules, which might cache or not.
|
|
||||||
|
|
||||||
We plan to use `nsncd` by default in NixOS 23.05.
|
|
||||||
|
|
||||||
- `emacs` enables native compilation which means:
|
|
||||||
- emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
|
|
||||||
- emacs packages from somewhere else, e.g. `package-install`, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use `(setq native-comp-deferred-compilation nil)` to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.
|
|
||||||
|
|
||||||
- `nixos-generate-config` now generates configurations that can be built in pure
|
|
||||||
mode. This is achieved by setting the new `nixpkgs.hostPlatform` option.
|
|
||||||
|
|
||||||
You may have to unset the `system` parameter in `lib.nixosSystem`, or similarly
|
|
||||||
remove definitions of the `nixpkgs.{system,localSystem,crossSystem}` options.
|
|
||||||
|
|
||||||
Alternatively, you can remove the `hostPlatform` line and use NixOS like you
|
|
||||||
would in NixOS 22.05 and earlier.
|
|
||||||
|
|
||||||
- PHP now defaults to PHP 8.1, updated from 8.0.
|
|
||||||
|
|
||||||
- PHP is now built `NTS` (Non-Thread Safe) style by default, for Apache and
|
|
||||||
`mod_php` usage we still enable `ZTS` (Zend Thread Safe). This has been a
|
|
||||||
common practice for a long time in other distributions.
|
|
||||||
|
|
||||||
- PHP 8.2.0 RC 7 is available.
|
|
||||||
|
|
||||||
- `protonup` has been aliased to and replaced by `protonup-ng` due to upstream not maintaining it.
|
|
||||||
|
|
||||||
- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.
|
|
||||||
|
|
||||||
- Improved performances of `lib.closePropagation` which was previously quadratic. This is used in e.g. `ghcWithPackages`. Please see backward incompatibilities notes below.
|
|
||||||
|
|
||||||
- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
|
|
||||||
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
|
|
||||||
|
|
||||||
- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
|
- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
|
||||||
|
|
||||||
- An image configuration and generator has been added for Linode images, largely based on the present GCE configuration and image.
|
- GNOME has been upgraded to version 43. Please see the [release notes](https://release.gnome.org/43/) for details.
|
||||||
|
|
||||||
- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
|
- KDE Plasma has been upgraded from v5.24 to v5.26. Please see the release notes for [v5.25](https://kde.org/announcements/plasma/5/5.25.0/) and [v5.26](https://kde.org/announcements/plasma/5/5.26.0/) for more details on the included changes.
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
- Cinnamon has been updated to 5.4, and the Cinnamon module now defaults to
|
||||||
|
Blueman as the Bluetooth manager and slick-greeter as the LightDM greeter, to match upstream.
|
||||||
|
|
||||||
## New Services {#sec-release-22.11-new-services}
|
- PHP now defaults to PHP 8.1, updated from 8.0.
|
||||||
|
|
||||||
- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
|
- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.
|
||||||
|
|
||||||
- [automatic-timezoned](https://github.com/maxbrunet/automatic-timezoned). a Linux daemon to automatically update the system timezone based on location. Available as [services.automatic-timezoned](#opt-services.automatic-timezoned.enable).
|
- Python now defaults to 3.10, updated from 3.9.
|
||||||
|
|
||||||
- [xray] (https://github.com/XTLS/Xray-core), a fully compatible v2ray-core replacement. Features XTLS, which when enabled on server and client, brings UDP FullCone NAT to proxy setups. Available as [services.xray](options.html#opt-services.xray.enable).
|
|
||||||
|
|
||||||
- [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs), a self-hostable sync server for Firefox. Available as [services.firefox-syncserver](options.html#opt-services.firefox-syncserver.enable).
|
|
||||||
|
|
||||||
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
|
|
||||||
|
|
||||||
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
|
|
||||||
|
|
||||||
- [Tandoor Recipes](https://tandoor.dev), a self-hosted multi-tenant recipe collection. Available as [services.tandoor-recipes](options.html#opt-services.tandoor-recipes.enable).
|
|
||||||
|
|
||||||
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
|
|
||||||
|
|
||||||
- [Please](https://github.com/edneville/please), a Sudo clone written in Rust. Available as [security.please](#opt-security.please.enable)
|
|
||||||
|
|
||||||
- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).
|
|
||||||
|
|
||||||
- [EVCC](https://evcc.io) is an EV charge controller with PV integration. It supports a multitude of chargers, meters, vehicle APIs and more and ties that together with a well-tested backend and a lightweight web frontend. Available as [services.evcc](#opt-services.evcc.enable).
|
|
||||||
|
|
||||||
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
|
|
||||||
Available as [services.infnoise](options.html#opt-services.infnoise.enable).
|
|
||||||
|
|
||||||
- [kthxbye](https://github.com/prymitive/kthxbye), an alert acknowledgement management daemon for Prometheus Alertmanager. Available as [services.kthxbye](options.html#opt-services.kthxbye.enable)
|
|
||||||
|
|
||||||
- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
|
|
||||||
Available as [services.kanata](options.html#opt-services.kanata.enable).
|
|
||||||
|
|
||||||
- [karma](https://github.com/prymitive/karma), an alert dashboard for Prometheus Alertmanager. Available as [services.karma](options.html#opt-services.karma.enable)
|
|
||||||
|
|
||||||
- [languagetool](https://languagetool.org/), a multilingual grammar, style, and spell checker.
|
|
||||||
Available as [services.languagetool](options.html#opt-services.languagetool.enable).
|
|
||||||
|
|
||||||
- [OpenRGB](https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master), a FOSS tool for controlling RGB lighting. Available as [services.hardware.openrgb.enable](options.html#opt-services-hardware-openrgb-enable).
|
|
||||||
|
|
||||||
- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).
|
|
||||||
|
|
||||||
- [ntfy.sh](https://ntfy.sh), a push notification service. Available as [services.ntfy-sh](#opt-services.ntfy-sh.enable)
|
|
||||||
|
|
||||||
- [alps](https://git.sr.ht/~migadu/alps), a simple and extensible webmail. Available as [services.alps](#opt-services.alps.enable).
|
|
||||||
|
|
||||||
- [endlessh](https://github.com/skeeto/endlessh), an SSH tarpit. Available as [services.endlessh](#opt-services.endlessh.enable).
|
|
||||||
|
|
||||||
- [endlessh-go](https://github.com/shizunge/endlessh-go), an SSH tarpit that exposes Prometheus metrics. Available as [services.endlessh-go](#opt-services.endlessh-go.enable).
|
|
||||||
|
|
||||||
- [Garage](https://garagehq.deuxfleurs.fr/), a simple object storage server for geodistributed deployments, alternative to MinIO. Available as [services.garage](#opt-services.garage.enable).
|
|
||||||
|
|
||||||
- [netbird](https://netbird.io), a zero configuration VPN.
|
|
||||||
Available as [services.netbird](options.html#opt-services.netbird.enable).
|
|
||||||
|
|
||||||
- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
|
|
||||||
|
|
||||||
- [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
|
|
||||||
|
|
||||||
- [Dolibarr](https://www.dolibarr.org/), an enterprise resource planning and customer relationship manager. Enable using [services.dolibarr](#opt-services.dolibarr.enable).
|
|
||||||
|
|
||||||
- [FreshRSS](https://freshrss.org/), a free, self-hostable RSS feed aggregator. Available as [services.freshrss](#opt-services.freshrss.enable).
|
|
||||||
|
|
||||||
- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
|
|
||||||
|
|
||||||
- [merecat](https://troglobit.com/projects/merecat/), a small and easy HTTP server based on thttpd. Available as [services.merecat](#opt-services.merecat.enable)
|
|
||||||
|
|
||||||
- [go-autoconfig](https://github.com/L11R/go-autoconfig), IMAP/SMTP autodiscover server. Available as [services.go-autoconfig](#opt-services.go-autoconfig.enable).
|
|
||||||
|
|
||||||
- [tmate-ssh-server](https://github.com/tmate-io/tmate-ssh-server), server side part of [tmate](https://tmate.io/). Available as [services.tmate-ssh-server](#opt-services.tmate-ssh-server.enable).
|
|
||||||
|
|
||||||
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
|
|
||||||
|
|
||||||
- [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable).
|
|
||||||
|
|
||||||
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
|
|
||||||
Available as [services.patroni](options.html#opt-services.patroni.enable).
|
|
||||||
|
|
||||||
- [Prometheus IPMI exporter](https://github.com/prometheus-community/ipmi_exporter), an IPMI exporter for Prometheus. Available as [services.prometheus.exporters.ipmi](#opt-services.prometheus.exporters.ipmi.enable).
|
|
||||||
|
|
||||||
- [WriteFreely](https://writefreely.org), a simple blogging platform with ActivityPub support. Available as [services.writefreely](options.html#opt-services.writefreely.enable).
|
|
||||||
|
|
||||||
- [Listmonk](https://listmonk.app), a self-hosted newsletter manager. Enable using [services.listmonk](options.html#opt-services.listmonk.enable).
|
|
||||||
|
|
||||||
- [Uptime Kuma](https://uptime.kuma.pet/), a fancy self-hosted monitoring tool. Available as [services.uptime-kuma](#opt-services.uptime-kuma.enable).
|
|
||||||
|
|
||||||
- [Mepo](https://mepo.milesalan.com), a fast, simple, hackable OSM map viewer for mobile and desktop Linux. Available as [programs.mepo.enable](#opt-programs.mepo.enable).
|
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
|
||||||
|
|
||||||
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
|
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
|
||||||
|
|
||||||
|
@ -193,11 +97,11 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- `ngrok` has been upgraded from 2.3.40 to 3.0.4. Please see [the upgrade guide](https://ngrok.com/docs/guides/upgrade-v2-v3)
|
- `ngrok` has been upgraded from 2.3.40 to 3.0.4. Please see [the upgrade guide](https://ngrok.com/docs/guides/upgrade-v2-v3)
|
||||||
and [changelog](https://ngrok.com/docs/ngrok-agent/changelog). Notably, breaking changes are that the config file format has
|
and [changelog](https://ngrok.com/docs/ngrok-agent/changelog). Notably, breaking changes are that the config file format has
|
||||||
changed and support for single hypen arguments was dropped.
|
changed and support for single hyphen arguments was dropped.
|
||||||
|
|
||||||
- `i18n.supportedLocales` is now by default only generated with the locales set in `i18n.defaultLocale` and `i18n.extraLocaleSettings`.
|
- `i18n.supportedLocales` is now only generated with the locales set in `i18n.defaultLocale` and `i18n.extraLocaleSettings`.
|
||||||
This got partially copied over from the minimal profile and reduces the final system size by up to 200MB.
|
- This reduces the final system closure size by up to 200MB.
|
||||||
If you require all locales installed set the option to ``[ "all" ]``.
|
- If you require all locales installed, set the option to ``[ "all" ]``.
|
||||||
|
|
||||||
- Deprecated settings `logrotate.paths` and `logrotate.extraConfig` have
|
- Deprecated settings `logrotate.paths` and `logrotate.extraConfig` have
|
||||||
been removed. Please convert any uses to
|
been removed. Please convert any uses to
|
||||||
|
@ -209,7 +113,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `fetchgit` fetcher supports sparse checkouts via the `sparseCheckout` option. This used to accept a multi-line string with directories/patterns to check out, but now requires a list of strings.
|
- The `fetchgit` fetcher supports sparse checkouts via the `sparseCheckout` option. This used to accept a multi-line string with directories/patterns to check out, but now requires a list of strings.
|
||||||
|
|
||||||
- `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins
|
- `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins.
|
||||||
|
|
||||||
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
|
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
|
||||||
|
|
||||||
|
@ -222,11 +126,11 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.
|
- The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.
|
||||||
|
|
||||||
- The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if
|
- The OpenSSL extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if
|
||||||
[](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)
|
[](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)
|
||||||
don't lose access to their files.
|
don't lose access to their files.
|
||||||
|
|
||||||
In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting
|
In any other case, it's safe to use OpenSSL 3 for PHP's OpenSSL extension. This can be done by setting
|
||||||
[](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`.
|
[](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`.
|
||||||
|
|
||||||
- The `coq` package and versioned variants starting at `coq_8_14` no
|
- The `coq` package and versioned variants starting at `coq_8_14` no
|
||||||
|
@ -245,7 +149,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
- Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.
|
- Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.
|
||||||
Users who still wish to remain using GTK can do so by using `emacs-gtk`.
|
Users who still wish to remain using GTK can do so by using `emacs-gtk`.
|
||||||
|
|
||||||
- `kanidm` has been updated to 1.1.0-alpha.10 and now requires a tls certificate and key. It will always start an https and – if enabled – an ldaps server and no http and ldap server anymore.
|
- `kanidm` has been updated to 1.1.0-alpha.10 and now requires a TLS certificate and key. It will always start `https` and-–-if enabled-–-an LDAPS server and no HTTP and LDAP server anymore.
|
||||||
|
|
||||||
- riak package removed along with `services.riak` module, due to lack of maintainer to update the package.
|
- riak package removed along with `services.riak` module, due to lack of maintainer to update the package.
|
||||||
|
|
||||||
|
@ -266,8 +170,6 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `nix.checkConfig` option now fully disables the config check. The new `nix.checkAllErrors` option behaves like `nix.checkConfig` previously did.
|
- The `nix.checkConfig` option now fully disables the config check. The new `nix.checkAllErrors` option behaves like `nix.checkConfig` previously did.
|
||||||
|
|
||||||
- `nix.buildMachines` got a new submodule option `protocol`. An undocumented hack to set the protocol via `hostName` is no longer working and the `protocol` option should be used instead.
|
|
||||||
|
|
||||||
- `generateOptparseApplicativeCompletions` and `generateOptparseApplicativeCompletion` from `haskell.lib.compose`
|
- `generateOptparseApplicativeCompletions` and `generateOptparseApplicativeCompletion` from `haskell.lib.compose`
|
||||||
(and `haskell.lib`) have been deprecated in favor of `generateOptparseApplicativeCompletions` (plural!) as
|
(and `haskell.lib`) have been deprecated in favor of `generateOptparseApplicativeCompletions` (plural!) as
|
||||||
provided by the haskell package sets (so `haskellPackages.generateOptparseApplicativeCompletions` etc.).
|
provided by the haskell package sets (so `haskellPackages.generateOptparseApplicativeCompletions` etc.).
|
||||||
|
@ -314,7 +216,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `zrepl` package has been updated from 0.5.0 to 0.6.0. See the [changelog](https://zrepl.github.io/changelog.html) for details.
|
- The `zrepl` package has been updated from 0.5.0 to 0.6.0. See the [changelog](https://zrepl.github.io/changelog.html) for details.
|
||||||
|
|
||||||
- `k3s` no longer supports docker as runtime due to upstream dropping support.
|
- `k3s` no longer supports Docker as runtime due to upstream dropping support.
|
||||||
|
|
||||||
- `cassandra_2_1` and `cassandra_2_2` have been removed. Please update to `cassandra_3_11` or `cassandra_3_0`. See the [changelog](https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt) for more information about the upgrade process.
|
- `cassandra_2_1` and `cassandra_2_2` have been removed. Please update to `cassandra_3_11` or `cassandra_3_0`. See the [changelog](https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt) for more information about the upgrade process.
|
||||||
|
|
||||||
|
@ -338,7 +240,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
For further information, please read the upstream changelogs.
|
For further information, please read the upstream changelogs.
|
||||||
|
|
||||||
- `stylua` no longer accepts `lua52Support` and `luauSupport` overrides, use `features` instead, which defaults to `[ "lua54" "luau" ]`.
|
- `stylua` no longer accepts `lua52Support` and `luauSupport` overrides. Use `features` instead, which defaults to `[ "lua54" "luau" ]`.
|
||||||
|
|
||||||
- `ocamlPackages.ocaml_extlib` has been renamed to `ocamlPackages.extlib`.
|
- `ocamlPackages.ocaml_extlib` has been renamed to `ocamlPackages.extlib`.
|
||||||
|
|
||||||
|
@ -363,23 +265,29 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
## Other Notable Changes {#sec-release-22.11-notable-changes}
|
## Other Notable Changes {#sec-release-22.11-notable-changes}
|
||||||
|
|
||||||
- `firefox`, `thunderbird` and `librewolf` come with enabled Wayland support by default. The `firefox-wayland`, `firefox-esr-wayland`, `thunderbird-wayland` and `librewolf-wayland` attributes are obsolete and have been aliased to their generic attribute.
|
- PHP is now built in `NTS` (Non-Thread Safe) mode by default.
|
||||||
|
- For Apache and `mod_php` usage, we enable `ZTS` (Zend Thread Safe) mode. This has been a
|
||||||
|
common practice for a long time in other distributions.
|
||||||
|
|
||||||
|
- `firefox`, `thunderbird` and `librewolf` now come with Wayland support by default. The `firefox-wayland`, `firefox-esr-wayland`, `thunderbird-wayland` and `librewolf-wayland` attributes are obsolete and have been aliased to their generic attribute.
|
||||||
|
|
||||||
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
|
- The `xplr` package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the [upstream release notes](https://github.com/sayanarijit/xplr/releases/tag/v0.19.0) for more details.
|
||||||
|
|
||||||
- Configuring multiple GitHub runners is now possible through `services.github-runners.<name>`. The option `services.github-runner` remains.
|
- Configuring multiple GitHub runners is now possible through `services.github-runners.<name>`. The options under `services.github-runner` remain, to configure a single runner.
|
||||||
|
|
||||||
- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.
|
- `github-runner` gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. See `services.github-runner.ephemeral` and `services.github-runner.tokenFile` for details.
|
||||||
|
|
||||||
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
|
- A new module was added to provide hardware support for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
|
||||||
|
|
||||||
- ZFS module will not allow hibernation by default, this is a safety measure to prevent data loss cases like the ones described at [OpenZFS/260](https://github.com/openzfs/zfs/issues/260) and [OpenZFS/12842](https://github.com/openzfs/zfs/issues/12842). Use the `boot.zfs.allowHibernation` option to configure this behaviour.
|
- ZFS module will no longer allow hibernation by default.
|
||||||
|
- This is a safety measure to prevent data loss cases like the ones described at [OpenZFS/260](https://github.com/openzfs/zfs/issues/260) and [OpenZFS/12842](https://github.com/openzfs/zfs/issues/12842).
|
||||||
|
- Use the `boot.zfs.allowHibernation` option to configure this behaviour.
|
||||||
|
|
||||||
- `mastodon` now automatically removes remote media attachments older than 30 days. This is configurable through `services.mastodon.mediaAutoRemove`.
|
- Mastodon now automatically removes remote media attachments older than 30 days. This is configurable through `services.mastodon.mediaAutoRemove`.
|
||||||
|
|
||||||
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
|
- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
|
||||||
|
|
||||||
- Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance.
|
- Neo4j was updated from version 3 to version 4. See upstream's [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) for information on how to migrate your instance.
|
||||||
|
|
||||||
- The `networking.wireguard` module now can set the mtu on interfaces and tag its packets with an fwmark.
|
- The `networking.wireguard` module now can set the mtu on interfaces and tag its packets with an fwmark.
|
||||||
|
|
||||||
|
@ -389,9 +297,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `polymc` package has been removed due to a rogue maintainer. It has been
|
- The `polymc` package has been removed due to a rogue maintainer. It has been
|
||||||
replaced by `prismlauncher`, a fork by the rest of the maintainers. For more
|
replaced by `prismlauncher`, a fork by the rest of the maintainers. For more
|
||||||
details, see [the pull request that made this
|
details, see [the PR that made this change](https://github.com/NixOS/nixpkgs/pull/196624) and
|
||||||
change](https://github.com/NixOS/nixpkgs/pull/196624) and [this issue
|
[the issue detailing the vulnerability](https://github.com/NixOS/nixpkgs/issues/196460).
|
||||||
detailing the vulnerability](https://github.com/NixOS/nixpkgs/issues/196460).
|
|
||||||
Users with existing installations should rename `~/.local/share/polymc` to
|
Users with existing installations should rename `~/.local/share/polymc` to
|
||||||
`~/.local/share/PrismLauncher`. The main config file's path has also moved
|
`~/.local/share/PrismLauncher`. The main config file's path has also moved
|
||||||
from `~/.local/share/polymc/polymc.cfg` to
|
from `~/.local/share/polymc/polymc.cfg` to
|
||||||
|
@ -399,7 +306,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `bloat` package has been updated from unstable-2022-03-31 to unstable-2022-10-25, which brings a breaking change. See [this upstream commit message](https://git.freesoftwareextremist.com/bloat/commit/?id=887ed241d64ba5db3fd3d87194fb5595e5ad7d73) for details.
|
- The `bloat` package has been updated from unstable-2022-03-31 to unstable-2022-10-25, which brings a breaking change. See [this upstream commit message](https://git.freesoftwareextremist.com/bloat/commit/?id=887ed241d64ba5db3fd3d87194fb5595e5ad7d73) for details.
|
||||||
|
|
||||||
- The `services.matrix-synapse` systemd unit has been hardened.
|
- Synapse's systemd unit has been hardened.
|
||||||
|
|
||||||
- The module `services.grafana` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed:
|
- The module `services.grafana` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed:
|
||||||
- The newly introduced option [](#opt-services.grafana.settings) is an attribute-set that
|
- The newly introduced option [](#opt-services.grafana.settings) is an attribute-set that
|
||||||
|
@ -464,7 +371,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `services.grafana.provision.alerting` option was added. It includes suboptions for every alerting-related objects (with the exception of `notifiers`), which means it's now possible to configure modern Grafana alerting declaratively.
|
- The `services.grafana.provision.alerting` option was added. It includes suboptions for every alerting-related objects (with the exception of `notifiers`), which means it's now possible to configure modern Grafana alerting declaratively.
|
||||||
|
|
||||||
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
|
- Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
|
||||||
|
|
||||||
- The `diamond` package has been update from 0.8.36 to 2.0.15. See the [upstream release notes](https://github.com/bbuchfink/diamond/releases) for more details.
|
- The `diamond` package has been update from 0.8.36 to 2.0.15. See the [upstream release notes](https://github.com/bbuchfink/diamond/releases) for more details.
|
||||||
|
|
||||||
|
@ -472,16 +379,20 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `netlify-cli` package has been updated from 6.13.2 to 12.2.4, see the [changelog](https://github.com/netlify/cli/releases) for more details.
|
- The `netlify-cli` package has been updated from 6.13.2 to 12.2.4, see the [changelog](https://github.com/netlify/cli/releases) for more details.
|
||||||
|
|
||||||
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
|
- `dockerTools.buildImage`'s `contents` parameter has been deprecated in favor of `copyToRoot`.
|
||||||
Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`.
|
Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`.
|
||||||
|
|
||||||
|
- The `proxmox.qemuConf.bios` option was added, it corresponds to `Hardware->BIOS` field in Proxmox web interface. Use `"ovmf"` value to build UEFI image, default value remains `"bios"`. New option `proxmox.partitionTableType` defaults to either `"legacy"` or `"efi"`, depending on the `bios` value. Setting `partitionTableType` to `"hybrid"` results in an image, which supports both methods (`"bios"` and `"ovmf"`), thereby remaining bootable after change to Proxmox `Hardware->BIOS` field.
|
||||||
|
|
||||||
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
|
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
|
||||||
|
|
||||||
- Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
|
- Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
|
||||||
|
|
||||||
- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.
|
- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.
|
||||||
|
|
||||||
- The redis module now persists each instance's configuration file in the state directory, in order to support some more advanced use cases like sentinel.
|
- The Redis module now persists each instance's configuration file in the state directory, in order to support some more advanced use cases like Sentinel.
|
||||||
|
|
||||||
|
- `protonup` has been aliased to and replaced by `protonup-ng` due to upstream not maintaining it.
|
||||||
|
|
||||||
- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
|
- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
|
||||||
This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it.
|
This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it.
|
||||||
|
@ -490,22 +401,12 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
for Nextcloud in NixOS:
|
for Nextcloud in NixOS:
|
||||||
- For Nextcloud **>=24**, the default PHP version is 8.1.
|
- For Nextcloud **>=24**, the default PHP version is 8.1.
|
||||||
- Nextcloud **23** has been removed since it will reach its [end of life in December 2022](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule/d76576a12a626d53305d480a6065b57cab705d3d).
|
- Nextcloud **23** has been removed since it will reach its [end of life in December 2022](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule/d76576a12a626d53305d480a6065b57cab705d3d).
|
||||||
- For `system.stateVersion` being **>=22.11**, Nextcloud 25 will be installed by default. For older versions,
|
- If `system.stateVersion` is **>=22.11**, Nextcloud 25 will be installed by default. For older versions,
|
||||||
Nextcloud 24 will be installed.
|
Nextcloud 24 will be installed.
|
||||||
- Please ensure that you only upgrade on major release at a time! Nextcloud doesn't support
|
- Please ensure that you only upgrade one major release at a time! Nextcloud doesn't support
|
||||||
upgrades across multiple versions, i.e. an upgrade from **23** to **25** is only possible
|
upgrades across multiple versions, i.e. an upgrade from **23** to **25** is only possible
|
||||||
when upgrading to **24** first.
|
when upgrading to **24** first.
|
||||||
|
|
||||||
- Add udev rules for the Teensy family of microcontrollers.
|
|
||||||
|
|
||||||
- The Qt QML disk cache is now disabled by default. This fixes a
|
|
||||||
long-standing issue where updating Qt/KDE apps would sometimes cause
|
|
||||||
them to crash or behave strangely without explanation. Those concerned
|
|
||||||
about the small (~10%) performance hit to application startup can
|
|
||||||
re-enable the cache (and expose themselves to gremlins) by setting the
|
|
||||||
envrionment variable `QML_FORCE_DISK_CACHE` to `1` using e.g. the
|
|
||||||
`environment.sessionVariables` NixOS option.
|
|
||||||
|
|
||||||
- systemd-oomd is enabled by default. Depending on which systemd units have
|
- systemd-oomd is enabled by default. Depending on which systemd units have
|
||||||
`ManagedOOMSwap=kill` or `ManagedOOMMemoryPressure=kill`, systemd-oomd will
|
`ManagedOOMSwap=kill` or `ManagedOOMMemoryPressure=kill`, systemd-oomd will
|
||||||
SIGKILL all the processes under the appropriate descendant cgroups when the
|
SIGKILL all the processes under the appropriate descendant cgroups when the
|
||||||
|
@ -519,25 +420,23 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
|
- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
|
||||||
|
|
||||||
- There is a new module for AMD SEV CPU functionality, which grants access to the hardware.
|
- The Wordpress module now has support for installing language packs through a new option, `services.wordpress.sites.<site>.languages`.
|
||||||
|
|
||||||
- The Wordpress module got support for installing language packs through `services.wordpress.sites.<site>.languages`.
|
|
||||||
|
|
||||||
- The default package for `services.mullvad-vpn.package` was changed to `pkgs.mullvad`, allowing cross-platform usage of Mullvad. `pkgs.mullvad` only contains the Mullvad CLI tool, so users who rely on the Mullvad GUI will want to change it back to `pkgs.mullvad-vpn`, or add `pkgs.mullvad-vpn` to their environment.
|
- The default package for `services.mullvad-vpn.package` was changed to `pkgs.mullvad`, allowing cross-platform usage of Mullvad. `pkgs.mullvad` only contains the Mullvad CLI tool, so users who rely on the Mullvad GUI will want to change it back to `pkgs.mullvad-vpn`, or add `pkgs.mullvad-vpn` to their environment.
|
||||||
|
|
||||||
- PowerDNS has been updated from `4.6.x` to `4.7.x`. Please be sure to review the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-7-0-or-master) provided by upstream before upgrading. Worth specifically noting is that the new Catalog Zones feature comes with a mandatory schema change for the gsql database backends, which has to be manually applied.
|
- PowerDNS has been updated from v4.6.2 to v4.7.2. Please be sure to review the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-7-0-or-master) provided by upstream before upgrading. Worth specifically noting is that the new Catalog Zones feature comes with a mandatory schema change for the GSQL database backends, which has to be manually applied.
|
||||||
|
|
||||||
- There is a new module for the `thunar` program (the Xfce file manager), which depends on the `xfconf` dbus service, and also has a dbus service and a systemd unit. The option `services.xserver.desktopManager.xfce.thunarPlugins` has been renamed to `programs.thunar.plugins`, and in a future release it may be removed.
|
- There is a new module for the `thunar` program (the Xfce file manager), which depends on the `xfconf` dbus service, and also has a dbus service and a systemd unit. The option `services.xserver.desktopManager.xfce.thunarPlugins` has been renamed to `programs.thunar.plugins`, and may be removed in a future release.
|
||||||
|
|
||||||
- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
|
- There is a new module for `xfconf` (the Xfce configuration storage system), which has a dbus service.
|
||||||
|
|
||||||
- The Mastodon package got upgraded from the major version 3 to 4. See the [v4.0.0 release notes](https://github.com/mastodon/mastodon/releases/tag/v4.0.0) for a list of changes. On standard setups, no manual migration steps are required. Nevertheless, a database backup is recommended.
|
- The Mastodon package has been upgraded to v4.0.0. See the [v4.0.0 release notes](https://github.com/mastodon/mastodon/releases/tag/v4.0.0) for a list of changes. On standard setups, no manual migration steps are required. Nevertheless, a database backup is recommended.
|
||||||
|
|
||||||
- The `nomad` package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older.
|
- The `nomad` package now defaults to v1.3, which no longer has a downgrade path to v1.2 or older.
|
||||||
|
|
||||||
- The `nodePackages` package set now defaults to the LTS release in the `nodejs` package again, instead of being pinned to `nodejs-14_x`. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a new `postRebuild` hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies.
|
- The `nodePackages` package set now defaults to the LTS release in the `nodejs` package again, instead of being pinned to `nodejs-14_x`. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a new `postRebuild` hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies.
|
||||||
|
|
||||||
- `boot.kernel.sysctl` is defined as a freeformType and adds a custom merge option for "net.core.rmem_max" (taking the highest value defined to avoid conflicts between 2 services trying to set that value).
|
- `boot.kernel.sysctl` is defined as a freeformType and adds a custom merge option for `net.core.rmem_max` (taking the highest value defined to avoid conflicts between 2 services trying to set that value).
|
||||||
|
|
||||||
- The `mame` package does not ship with its tools anymore in the default output. They were moved to a separate `tools` output instead. For convenience, `mame-tools` package was added for those who want to use it.
|
- The `mame` package does not ship with its tools anymore in the default output. They were moved to a separate `tools` output instead. For convenience, `mame-tools` package was added for those who want to use it.
|
||||||
|
|
||||||
|
@ -550,3 +449,87 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
- `haskellPackages.callHackage` and `haskellPackages.callCabal2nix` (and related functions) no longer keep a reference to the `cabal2nix` call used to generate them. As a result, they will be garbage collected more often.
|
- `haskellPackages.callHackage` and `haskellPackages.callCabal2nix` (and related functions) no longer keep a reference to the `cabal2nix` call used to generate them. As a result, they will be garbage collected more often.
|
||||||
|
|
||||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
||||||
|
## New Services {#sec-release-22.11-new-services}
|
||||||
|
|
||||||
|
- [alps](https://git.sr.ht/~migadu/alps), a simple and extensible webmail. Available as [services.alps](#opt-services.alps.enable).
|
||||||
|
|
||||||
|
- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
|
||||||
|
|
||||||
|
- [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable).
|
||||||
|
|
||||||
|
- [automatic-timezoned](https://github.com/maxbrunet/automatic-timezoned). a Linux daemon to automatically update the system timezone based on location. Available as [services.automatic-timezoned](#opt-services.automatic-timezoned.enable).
|
||||||
|
|
||||||
|
- [Dolibarr](https://www.dolibarr.org/), an enterprise resource planning and customer relationship manager. Enable using [services.dolibarr](#opt-services.dolibarr.enable).
|
||||||
|
|
||||||
|
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
|
||||||
|
|
||||||
|
- [endlessh-go](https://github.com/shizunge/endlessh-go), an SSH tarpit that exposes Prometheus metrics. Available as [services.endlessh-go](#opt-services.endlessh-go.enable).
|
||||||
|
|
||||||
|
- [endlessh](https://github.com/skeeto/endlessh), an SSH tarpit. Available as [services.endlessh](#opt-services.endlessh.enable).
|
||||||
|
|
||||||
|
- [EVCC](https://evcc.io) is an EV charge controller with PV integration. It supports a multitude of chargers, meters, vehicle APIs and more and ties that together with a well-tested backend and a lightweight web frontend. Available as [services.evcc](#opt-services.evcc.enable).
|
||||||
|
|
||||||
|
- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
|
||||||
|
|
||||||
|
- [FreshRSS](https://freshrss.org/), a free, self-hostable RSS feed aggregator. Available as [services.freshrss](#opt-services.freshrss.enable).
|
||||||
|
|
||||||
|
- [Garage](https://garagehq.deuxfleurs.fr/), a simple object storage server for geodistributed deployments, alternative to MinIO. Available as [services.garage](#opt-services.garage.enable).
|
||||||
|
|
||||||
|
- [go-autoconfig](https://github.com/L11R/go-autoconfig), IMAP/SMTP autodiscover server. Available as [services.go-autoconfig](#opt-services.go-autoconfig.enable).
|
||||||
|
|
||||||
|
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
|
||||||
|
|
||||||
|
- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
|
||||||
|
|
||||||
|
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle. Available as [services.infnoise](options.html#opt-services.infnoise.enable).
|
||||||
|
|
||||||
|
- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization. Available as [services.kanata](options.html#opt-services.kanata.enable).
|
||||||
|
|
||||||
|
- [karma](https://github.com/prymitive/karma), an alert dashboard for Prometheus Alertmanager. Available as [services.karma](options.html#opt-services.karma.enable)
|
||||||
|
|
||||||
|
- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
|
||||||
|
|
||||||
|
- [kthxbye](https://github.com/prymitive/kthxbye), an alert acknowledgement management daemon for Prometheus Alertmanager. Available as [services.kthxbye](options.html#opt-services.kthxbye.enable)
|
||||||
|
|
||||||
|
- [languagetool](https://languagetool.org/), a multilingual grammar, style, and spell checker. Available as [services.languagetool](options.html#opt-services.languagetool.enable).
|
||||||
|
|
||||||
|
- [Listmonk](https://listmonk.app), a self-hosted newsletter manager. Enable using [services.listmonk](options.html#opt-services.listmonk.enable).
|
||||||
|
|
||||||
|
- [Mepo](https://mepo.milesalan.com), a fast, simple, hackable OSM map viewer for mobile and desktop Linux. Available as [programs.mepo.enable](#opt-programs.mepo.enable).
|
||||||
|
|
||||||
|
- [merecat](https://troglobit.com/projects/merecat/), a small and easy HTTP server based on thttpd. Available as [services.merecat](#opt-services.merecat.enable)
|
||||||
|
|
||||||
|
- [netbird](https://netbird.io), a zero configuration VPN. Available as [services.netbird](options.html#opt-services.netbird.enable).
|
||||||
|
|
||||||
|
- [ntfy.sh](https://ntfy.sh), a push notification service. Available as [services.ntfy-sh](#opt-services.ntfy-sh.enable)
|
||||||
|
|
||||||
|
- [OpenRGB](https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master), a FOSS tool for controlling RGB lighting. Available as [services.hardware.openrgb.enable](options.html#opt-services.hardware.openrgb.enable).
|
||||||
|
|
||||||
|
- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).
|
||||||
|
|
||||||
|
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul. Available as [services.patroni](options.html#opt-services.patroni.enable).
|
||||||
|
|
||||||
|
- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
|
||||||
|
|
||||||
|
- [Please](https://github.com/edneville/please), a Sudo clone written in Rust. Available as [security.please](#opt-security.please.enable).
|
||||||
|
|
||||||
|
- [Prometheus IPMI exporter](https://github.com/prometheus-community/ipmi_exporter), an IPMI exporter for Prometheus. Available as [services.prometheus.exporters.ipmi](#opt-services.prometheus.exporters.ipmi.enable).
|
||||||
|
|
||||||
|
- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).
|
||||||
|
|
||||||
|
- [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
|
||||||
|
|
||||||
|
- [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs), a self-hostable sync server for Firefox. Available as [services.firefox-syncserver](options.html#opt-services.firefox-syncserver.enable).
|
||||||
|
|
||||||
|
- [Tandoor Recipes](https://tandoor.dev), a self-hosted multi-tenant recipe collection. Available as [services.tandoor-recipes](options.html#opt-services.tandoor-recipes.enable).
|
||||||
|
|
||||||
|
- [tmate-ssh-server](https://github.com/tmate-io/tmate-ssh-server), server side part of [tmate](https://tmate.io/). Available as [services.tmate-ssh-server](#opt-services.tmate-ssh-server.enable).
|
||||||
|
|
||||||
|
- [Uptime Kuma](https://uptime.kuma.pet/), a fancy self-hosted monitoring tool. Available as [services.uptime-kuma](#opt-services.uptime-kuma.enable).
|
||||||
|
|
||||||
|
- [WriteFreely](https://writefreely.org), a simple blogging platform with ActivityPub support. Available as [services.writefreely](options.html#opt-services.writefreely.enable).
|
||||||
|
|
||||||
|
- [xray] (https://github.com/XTLS/Xray-core), a fully compatible v2ray-core replacement. Features XTLS, which when enabled on server and client, brings UDP FullCone NAT to proxy setups. Available as [services.xray](options.html#opt-services.xray.enable).
|
||||||
|
|
||||||
|
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||||
|
|
|
@ -53,6 +53,13 @@ with lib;
|
||||||
Guest memory in MB
|
Guest memory in MB
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
bios = mkOption {
|
||||||
|
type = types.enum [ "seabios" "ovmf" ];
|
||||||
|
default = "seabios";
|
||||||
|
description = ''
|
||||||
|
Select BIOS implementation (seabios = Legacy BIOS, ovmf = UEFI).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# optional configs
|
# optional configs
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
|
@ -99,6 +106,17 @@ with lib;
|
||||||
Additional options appended to qemu-server.conf
|
Additional options appended to qemu-server.conf
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
partitionTableType = mkOption {
|
||||||
|
type = types.enum [ "efi" "hybrid" "legacy" "legacy+gpt" ];
|
||||||
|
description = ''
|
||||||
|
Partition table type to use. See make-disk-image.nix partitionTableType for details.
|
||||||
|
Defaults to 'legacy' for 'proxmox.qemuConf.bios="seabios"' (default), other bios values defaults to 'efi'.
|
||||||
|
Use 'hybrid' to build grub-based hybrid bios+efi images.
|
||||||
|
'';
|
||||||
|
default = if config.proxmox.qemuConf.bios == "seabios" then "legacy" else "efi";
|
||||||
|
defaultText = lib.literalExpression ''if config.proxmox.qemuConf.bios == "seabios" then "legacy" else "efi"'';
|
||||||
|
example = "hybrid";
|
||||||
|
};
|
||||||
filenameSuffix = mkOption {
|
filenameSuffix = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = config.proxmox.qemuConf.name;
|
default = config.proxmox.qemuConf.name;
|
||||||
|
@ -122,9 +140,33 @@ with lib;
|
||||||
${lib.concatStrings (lib.mapAttrsToList cfgLine properties)}
|
${lib.concatStrings (lib.mapAttrsToList cfgLine properties)}
|
||||||
#qmdump#map:virtio0:drive-virtio0:local-lvm:raw:
|
#qmdump#map:virtio0:drive-virtio0:local-lvm:raw:
|
||||||
'';
|
'';
|
||||||
|
inherit (cfg) partitionTableType;
|
||||||
|
supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid";
|
||||||
|
supportBios = partitionTableType == "legacy" || partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
|
||||||
|
hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid";
|
||||||
|
hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
|
||||||
in {
|
in {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf";
|
||||||
|
message = "systemd-boot requires 'ovmf' bios";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf";
|
||||||
|
message = "'efi' disk partitioning requires 'ovmf' bios";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios";
|
||||||
|
message = "'legacy' disk partitioning requires 'seabios' bios";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios";
|
||||||
|
message = "'legacy+gpt' disk partitioning requires 'seabios' bios";
|
||||||
|
}
|
||||||
|
];
|
||||||
system.build.VMA = import ../../lib/make-disk-image.nix {
|
system.build.VMA = import ../../lib/make-disk-image.nix {
|
||||||
name = "proxmox-${cfg.filenameSuffix}";
|
name = "proxmox-${cfg.filenameSuffix}";
|
||||||
|
inherit partitionTableType;
|
||||||
postVM = let
|
postVM = let
|
||||||
# Build qemu with PVE's patch that adds support for the VMA format
|
# Build qemu with PVE's patch that adds support for the VMA format
|
||||||
vma = (pkgs.qemu_kvm.override {
|
vma = (pkgs.qemu_kvm.override {
|
||||||
|
@ -181,7 +223,18 @@ with lib;
|
||||||
boot = {
|
boot = {
|
||||||
growPartition = true;
|
growPartition = true;
|
||||||
kernelParams = [ "console=ttyS0" ];
|
kernelParams = [ "console=ttyS0" ];
|
||||||
loader.grub.device = lib.mkDefault "/dev/vda";
|
loader.grub = {
|
||||||
|
device = lib.mkDefault (if (hasNoFsPartition || supportBios) then
|
||||||
|
# Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"),
|
||||||
|
# which will be used the bootloader, do not set it as loader.grub.device.
|
||||||
|
# GRUB installation fails, unless the whole disk is selected.
|
||||||
|
"/dev/vda"
|
||||||
|
else
|
||||||
|
"nodev");
|
||||||
|
efiSupport = lib.mkDefault supportEfi;
|
||||||
|
efiInstallAsRemovable = lib.mkDefault supportEfi;
|
||||||
|
};
|
||||||
|
|
||||||
loader.timeout = 0;
|
loader.timeout = 0;
|
||||||
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
|
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
|
||||||
};
|
};
|
||||||
|
@ -191,6 +244,10 @@ with lib;
|
||||||
autoResize = true;
|
autoResize = true;
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
fileSystems."/boot" = lib.mkIf hasBootPartition {
|
||||||
|
device = "/dev/disk/by-label/ESP";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
services.qemuGuest.enable = lib.mkDefault true;
|
services.qemuGuest.enable = lib.mkDefault true;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue