movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-17 06:59:46 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

2092 lines
79 KiB
XML
Raw Normal View History

nixos/doc: Synchronize the Markdown generator with Nixpkgs Switch to CommonMark with our extensions.
2021-06-18 00:07:00 +02:00
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11">
[21.11] update README.md [21.11] update upgrading [21.11] update release date run generation
2021-11-29 03:27:50 -05:00
<title>Release 21.11 (“Porcupine”, 2021/11/30)</title>
nixos/doc: add 21.11 release notes stub
2021-05-08 20:22:32 -07:00
<itemizedlist spacing="compact">
<listitem>
<para>
nixos/doc: update EOL of 21.11
2021-07-18 15:52:29 +02:00
Support is planned until the end of June 2022, handing over to
nixos/doc: add 21.11 release notes stub
2021-05-08 20:22:32 -07:00
22.05.
</para>
</listitem>
</itemizedlist>
nixos/doc: Synchronize the Markdown generator with Nixpkgs Switch to CommonMark with our extensions.
2021-06-18 00:07:00 +02:00
<section xml:id="sec-release-21.11-highlights">
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
<title>Highlights</title>
nixos/doc/manual/release-notes/rl-2111: move highlights introduction
2021-12-02 18:45:04 +01:00
<para>
In addition to numerous new and upgraded packages, this release
has the following highlights:
</para>
nixos/rl-notes/21.11: add python3 default bump entry
2021-06-29 11:00:51 -07:00
<itemizedlist>
nixos/doc/manual/release-notes/rl-2111: Nix 2.4
2021-11-01 23:58:59 -07:00
<listitem>
<para>
Nix has been updated to version 2.4, reference its
<link xlink:href="https://discourse.nixos.org/t/nix-2-4-released/15822">release
notes</link> for more information on what has changed. The
previous version of Nix, 2.3.16, remains available for the
time being in the <literal>nix_2_3</literal> package.
</para>
</listitem>
docs/release-notes: mention iptables switch
2020-04-28 16:36:13 +03:00
<listitem>
<para>
nixos/doc: improve release notes for iptables-nft and systemd with nftables backend This change probably wasn't documented sufficiently in the release notes, neither the fact systemd stopped using iptables on its own in case of nf_tables support. Fixes #156041.
2022-02-22 23:14:17 +01:00
<literal>iptables</literal> is now using
<literal>nf_tables</literal> under the hood, by using
<literal>iptables-nft</literal>, similar to
<link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link>
and
<link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>.
This means, <literal>ip[6]tables</literal>,
<literal>arptables</literal> and <literal>ebtables</literal>
commands will actually show rules from some specific tables in
nixos/doc: update rl-2111 w.r.t. iptables-nft migration Follow-up on https://github.com/NixOS/nixpkgs/pull/161426. Explain why having legacy iptables rules installed can lead to confusing firewall behaviour, and provide some guidance on how to fix this.
2022-03-09 15:29:35 +01:00
the <literal>nf_tables</literal> kernel subsystem. In case
youre migrating from an older release without rebooting,
there might be cases where you end up with iptable rules
configured both in the legacy <literal>iptables</literal>
kernel backend, as well as in the <literal>nf_tables</literal>
backend. This can lead to confusing firewall behaviour. An
<literal>iptables-save</literal> after switching will complain
about <quote>iptables-legacy tables present</quote>. Its
probably best to reboot after the upgrade, or manually
removing all legacy iptables rules (via the
<literal>iptables-legacy</literal> package).
nixos/doc: improve release notes for iptables-nft and systemd with nftables backend This change probably wasn't documented sufficiently in the release notes, neither the fact systemd stopped using iptables on its own in case of nf_tables support. Fixes #156041.
2022-02-22 23:14:17 +01:00
</para>
</listitem>
<listitem>
<para>
systemd got an <literal>nftables</literal> backend, and
configures (networkd) rules in their own
<literal>io.systemd.*</literal> tables. Check
<literal>nft list ruleset</literal> to see these rules, not
<literal>iptables-save</literal> (which only shows
<literal>iptables</literal>-created rules.
docs/release-notes: mention iptables switch
2020-04-28 16:36:13 +03:00
</para>
</listitem>
php: Drop PHP 7.3 support PHP 7.3 won't be supported by upstream for the entire life cycle of the 21.11 release. Also drop the pcre' alias since it isn't needed anymore since we don't need different pcre versions anymore.
2021-06-03 15:06:06 +02:00
<listitem>
<para>
php: Upgrade from PHP 7.4 to 8.0 as default PHP
2021-06-03 15:35:16 +02:00
PHP now defaults to PHP 8.0, updated from 7.4.
php: Drop PHP 7.3 support PHP 7.3 won't be supported by upstream for the entire life cycle of the 21.11 release. Also drop the pcre' alias since it isn't needed anymore since we don't need different pcre versions anymore.
2021-06-03 15:06:06 +02:00
</para>
</listitem>
kops: default to 1.21.0, drop 1.18 (#129472)
2021-07-10 14:44:00 -05:00
<listitem>
<para>
[21.11] update README.md [21.11] update upgrading [21.11] update release date run generation
2021-11-29 03:27:50 -05:00
kops now defaults to 1.21.1, which uses containerd as the
kops: default to 1.21.0, drop 1.18 (#129472)
2021-07-10 14:44:00 -05:00
default runtime.
</para>
</listitem>
nixos/rl-notes/21.11: add python3 default bump entry
2021-06-29 11:00:51 -07:00
<listitem>
<para>
<literal>python3</literal> now defaults to Python 3.9, updated
from Python 3.8.
</para>
</listitem>
nixos/postgresql: use postgres 13 for 21.11 (#131018) Co-authored-by: Kim Lindberger <kim.lindberger@gmail.com>
2021-07-24 19:12:08 +02:00
<listitem>
<para>
PostgreSQL now defaults to major version 13.
</para>
</listitem>
nixos/spark: release notes
2021-09-17 20:53:40 +05:30
<listitem>
<para>
spark now defaults to spark 3, updated from 2. A
<link xlink:href="https://spark.apache.org/docs/latest/core-migration-guide.html#upgrading-from-core-24-to-30">migration
guide</link> is available.
</para>
</listitem>
nixos/hadoop: release notes
2021-11-03 22:59:17 +05:30
<listitem>
<para>
Improvements have been made to the Hadoop module and package:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
HDFS and YARN now support production-ready highly
available deployments with automatic failover.
</para>
</listitem>
<listitem>
<para>
Hadoop now defaults to Hadoop 3, updated from 2.
</para>
</listitem>
<listitem>
<para>
JournalNode, ZKFS and HTTPFS services have been added.
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/release-notes: Document dry activation scripts
2021-09-09 22:32:55 +02:00
<listitem>
<para>
[21.11] update README.md [21.11] update upgrading [21.11] update release date run generation
2021-11-29 03:27:50 -05:00
Activation scripts can now, optionally, be run during a
<literal>nixos-rebuild dry-activate</literal> and can detect
the dry activation by reading
<literal>$NIXOS_ACTION</literal>. This allows activation
scripts to output what they would change if the activation was
really run. The users/modules activation script supports this
and outputs some of is actions.
nixos/release-notes: Document dry activation scripts
2021-09-09 22:32:55 +02:00
</para>
</listitem>
nixos/release-notes: render missing docbook
2021-10-15 23:24:33 +02:00
<listitem>
<para>
KDE Plasma now finally works on Wayland.
</para>
</listitem>
rl-2111: add bash default upgrade to version 5
2021-09-12 09:47:38 +09:00
<listitem>
<para>
bash now defaults to major version 5.
</para>
</listitem>
systemd: 247.6 -> 249.4 This updates systemd to version v249.4 from version v247.6. Besides the many new features that can be found in the upstream repository they also introduced a bunch of cleanup which ended up requiring a few more patches on our side. a) 0022-core-Handle-lookup-paths-being-symlinks.patch: The way symlinked units were handled was changed in such that the last name of a unit file within one of the unit directories (/run/systemd/system, /etc/systemd/system, ...) is used as the name for the unit. Unfortunately that code didn't take into account that the unit directories themselves could already be symlinks and thus caused all our units to be recognized slightly different. There is an upstream PR for this new patch: https://github.com/systemd/systemd/pull/20479 b) The way the APIVFS is setup has been changed in such a way that we now always have /run. This required a few changes to the confinement tests which did assert that they didn't exist. Instead of adding another patch we can just adopt the upstream behavior. An empty /run doesn't seem harmful. As part of this work I refactored the confinement test just a little bit to allow better debugging of test failures. Previously it would just fail at some point and it wasn't obvious which of the many commands failed or what the unexpected string was. This should now be more obvious. c) Again related to the confinement tests the way a file was tested for being accessible was optimized. Previously systemd would in some situations open a file twice during that check. This was reduced to one operation but required the procfs to be mounted in a units namespace. An upstream bug was filed and fixed. We are now carrying the essential patch to fix that issue until it is backported to a new release (likely only version 250). The good part about this story is that upstream systemd now has a test case that looks very similar to one of our confinement tests. Hopefully that will lead to less friction in the long run. https://github.com/systemd/systemd/issues/20514 https://github.com/systemd/systemd/pull/20515 d) Previously we could grep for dlopen( somewhat reliably but now upstream started using a wrapper around dlopen that is most of the time used with linebreaks. This makes using grep not ergonomic anymore. With this bump we are grepping for anything that looks like a dynamic library name (in contrast to a dlopen(3) call) and replace those instead. That seems more robust. Time will tell if this holds. I tried using coccinelle to patch all those call sites using its tooling but unfornately it does stumble upon the _cleanup_ annotations that are very common in the systemd code. e) We now have some machinery for libbpf support in our systemd build. That being said it doesn't actually work as generating some skeletons doesn't work just yet. It fails with the below error message and is disabled by default (in both minimal and the regular build). > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h > libbpf: elf: socket_bind_bpf is not a valid eBPF object file > Error: failed to open BPF object file: BPF object format invalid > Traceback (most recent call last): > File "/build/source/tools/build-bpf-skel.py", line 128, in <module> > bpf_build(args) > File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build > gen_bpf_skeleton(bpftool_exec=args.bpftool_exec, > File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton > skel = subprocess.check_output(bpftool_args, universal_newlines=True) > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output > return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run > raise CalledProcessError(retcode, process.args, > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255. > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut) > ninja: build stopped: subcommand failed. f) We do now have support for TPM2 based disk encryption in our systemd build. The actual bits and pieces to make use of that are missing but there are various ongoing efforts in that direction. There is also the story about systemd in our initrd to enable this being used for root volumes. None of this will yet work out of the box but we can start improving on that front. g) FIDO2 support was added systemd and consequently we can now use that. Just with TPM2 there hasn't been any integration work with NixOS and instead this just adds that capability to work on that. Co-Authored-By: Jörg Thalheim <joerg@thalheim.io>
2021-08-30 15:10:54 +02:00
<listitem>
<para>
Systemd was updated to version 249 (from 247).
</para>
</listitem>
nixos/rl-2111: mention pantheon 6 upgrade and touchegg module
2021-09-18 19:35:16 +08:00
<listitem>
<para>
Pantheon desktop has been updated to version 6. Due to changes
of screen locker, if locking doesnt work for you, please try
<literal>gsettings set org.gnome.desktop.lockdown disable-lock-screen false</literal>.
</para>
</listitem>
kubernetes-helm: 3.6.3 -> 3.7.0
2021-09-23 11:12:44 -05:00
<listitem>
<para>
<literal>kubernetes-helm</literal> now defaults to 3.7.0,
which introduced some breaking changes to the experimental OCI
manifest format. See
<link xlink:href="https://github.com/helm/community/blob/main/hips/hip-0006.md">HIP
helmfile: 0.140.1 -> 0.141.0
2021-10-12 13:13:55 -05:00
6</link> for more details. <literal>helmfile</literal> also
defaults to 0.141.0, which is the minimum compatible version.
kubernetes-helm: 3.6.3 -> 3.7.0
2021-09-23 11:12:44 -05:00
</para>
</listitem>
nixos/release-notes: Mention GNOME 41
2021-10-07 06:18:51 +02:00
<listitem>
<para>
GNOME has been upgraded to 41. Please take a look at their
<link xlink:href="https://help.gnome.org/misc/release-notes/41.0/">Release
Notes</link> for details.
</para>
</listitem>
release-notes: add LXD support
2021-10-19 16:33:05 +02:00
<listitem>
<para>
LXD support was greatly improved:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
building LXD images from configurations is now directly
possible with just nixpkgs
</para>
</listitem>
<listitem>
<para>
hydra is now building nixOS LXD images that can be used
standalone with full nixos-rebuild support
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/changelog: Mention OpenSSH upgrade
2021-11-09 10:58:04 +01:00
<listitem>
<para>
OpenSSH was updated to version 8.8p1
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
This breaks connections to old SSH daemons as ssh-rsa host
keys and ssh-rsa public keys that were signed with SHA-1
are disabled by default now
</para>
</listitem>
<listitem>
<para>
These can be re-enabled, see the
<link xlink:href="https://www.openssh.com/txt/release-8.8">OpenSSH
changelog</link> for details
</para>
</listitem>
</itemizedlist>
</listitem>
kratos: 0.7.6-alpha.1 -> 0.8.0-alpha.3
2021-11-23 15:59:35 +01:00
<listitem>
<para>
ORY Kratos was updated to version 0.8.0-alpha.3
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
This release requires you to run SQL migrations. Please,
as always, create a backup of your database first!
</para>
</listitem>
<listitem>
<para>
The SDKs are now generated with tag v0alpha2 to reflect
that some signatures have changed in a breaking fashion.
Please update your imports from v0alpha1 to v0alpha2.
</para>
</listitem>
<listitem>
<para>
The SMTPS scheme used in courier config URL with
cleartext/StartTLS/TLS SMTP connection types is now only
supporting implicit TLS. For StartTLS and cleartext SMTP,
please use the SMTP scheme instead.
</para>
</listitem>
<listitem>
<para>
for more details, see
<link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1">Release
Notes</link>.
</para>
</listitem>
</itemizedlist>
</listitem>
php: Drop PHP 7.3 support PHP 7.3 won't be supported by upstream for the entire life cycle of the 21.11 release. Also drop the pcre' alias since it isn't needed anymore since we don't need different pcre versions anymore.
2021-06-03 15:06:06 +02:00
</itemizedlist>
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
</section>
nixos/doc: Synchronize the Markdown generator with Nixpkgs Switch to CommonMark with our extensions.
2021-06-18 00:07:00 +02:00
<section xml:id="sec-release-21.11-new-services">
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
<title>New Services</title>
nixos/doc: add sourcehut to release notes
2021-06-07 11:20:13 -04:00
<itemizedlist>
nixos/btrbk: add release notes
2021-06-19 12:00:00 +00:00
<listitem>
<para>
<link xlink:href="https://digint.ch/btrbk/index.html">btrbk</link>,
a backup tool for btrfs subvolumes, taking advantage of btrfs
specific capabilities to create atomic snapshots and transfer
them incrementally to your backup locations. Available as
<link xlink:href="options.html#opt-services.brtbk.instances">services.btrbk</link>.
</para>
</listitem>
nixos/clipcat: add user service module
2021-07-20 21:37:49 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/xrelkd/clipcat/">clipcat</link>,
an X11 clipboard manager written in Rust. Available at
dex-oidc: add module
2021-09-20 01:43:54 +02:00
<link xlink:href="options.html#opt-services.clipcat.enable">services.clipcat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/dexidp/dex">dex</link>,
an OpenID Connect (OIDC) identity and OAuth 2.0 provider.
Available at
<link xlink:href="options.html#opt-services.dex.enable">services.dex</link>.
nixos/clipcat: add user service module
2021-07-20 21:37:49 +02:00
</para>
</listitem>
nixos/geoipupdate: Replace the old `geoip-updater` module Our old bespoke GeoIP updater doesn't seem to be working anymore. Instead of trying to fix it, replace it with the official updater from MaxMind.
2021-04-28 16:56:06 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/maxmind/geoipupdate">geoipupdate</link>,
a GeoIP database updater from MaxMind. Available as
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
</para>
</listitem>
nixos/doc: add release note entry for kea module
2021-07-14 01:11:18 +02:00
<listitem>
nixos/doc: add jibri to release notes
2021-10-25 12:56:14 -04:00
<para>
<link xlink:href="https://github.com/jitsi/jibri">Jibri</link>,
a service for recording or streaming a Jitsi Meet conference.
Available as
<link xlink:href="options.html#opt-services.jibri.enable">services.jibri</link>.
</para>
</listitem>
nixos/doc: add release note entry for kea module
2021-07-14 01:11:18 +02:00
<listitem>
<para>
<link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs
2nd generation DHCP and DDNS server suite. Available at
nixos/doc/manual/release-notes/rl-2111: fix multiple option links
2021-12-02 18:57:18 +01:00
<link xlink:href="options.html#opt-services.kea.dhcp4">services.kea</link>.
nixos/doc: add release note entry for kea module
2021-07-14 01:11:18 +02:00
</para>
</listitem>
nixos/doc: add sourcehut to release notes
2021-06-07 11:20:13 -04:00
<listitem>
<para>
nixos/owncast: release notes
2021-09-25 16:28:06 +02:00
<link xlink:href="https://owncast.online/">owncast</link>,
self-hosted video live streaming solution. Available at
nixos/doc/manual/release-notes/rl-2111: fix multiple option links
2021-12-02 18:57:18 +01:00
<link xlink:href="options.html#opt-services.owncast.enable">services.owncast</link>.
nixos/owncast: release notes
2021-09-25 16:28:06 +02:00
</para>
</listitem>
nixos/peertube:add release notes
2021-10-23 11:15:18 +03:00
<listitem>
<para>
<link xlink:href="https://joinpeertube.org/">PeerTube</link>,
developed by Framasoft, is the free and decentralized
alternative to video platforms. Available at
nixos/doc/manual/release-notes/rl-2111: fix multiple option links
2021-12-02 18:57:18 +01:00
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
nixos/peertube:add release notes
2021-10-23 11:15:18 +03:00
</para>
</listitem>
nixos/doc: add sourcehut to release notes
2021-06-07 11:20:13 -04:00
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a
collection of tools useful for software development. Available
as
<link xlink:href="options.html#opt-services.sourcehut.enable">services.sourcehut</link>.
</para>
</listitem>
nixos/ucarp: init
2021-06-13 22:00:09 +02:00
<listitem>
<para>
<link xlink:href="https://download.pureftpd.org/pub/ucarp/README">ucarp</link>,
an userspace implementation of the Common Address Redundancy
Protocol (CARP). Available as
<link xlink:href="options.html#opt-networking.ucarp.enable">networking.ucarp</link>.
</para>
</listitem>
flashrom: Install udev-rules file Add the udev-rules file from flashrom source to the out directory. The file contains rules for programmers used by flashrom. Members of the `flashrom` system group are allowed to access these devices. Also, add a module for installing flashrom and adding flashrom to udev packages. The module can be used by setting `programs.flashrom.enable` to `true`. Signed-off-by: Felix Singer <felixsinger@posteo.net>
2021-06-26 03:37:52 +02:00
<listitem>
<para>
Users of flashrom should migrate to
<link xlink:href="options.html#opt-programs.flashrom.enable">programs.flashrom.enable</link>
and add themselves to the <literal>flashrom</literal> group to
be able to access programmers supported by flashrom.
</para>
</listitem>
nixos/vikunja: init nixos/vikunka: Use RFC 0042 settings proposal (thanks to @aanderse)
2021-06-11 19:54:13 +02:00
<listitem>
<para>
<link xlink:href="https://vikunja.io">vikunja</link>, a to-do
list app. Available as
<link linkend="opt-services.vikunja.enable">services.vikunja</link>.
</para>
</listitem>
Opensnitch: Add module
2021-08-01 16:06:53 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/evilsocket/opensnitch">opensnitch</link>,
an application firewall. Available as
<link linkend="opt-services.opensnitch.enable">services.opensnitch</link>.
</para>
</listitem>
nixos/snapraid: init
2021-07-14 17:40:05 +01:00
<listitem>
<para>
<link xlink:href="https://www.snapraid.it/">snapraid</link>, a
backup program for disk arrays. Available as
<link linkend="opt-snapraid.enable">snapraid</link>.
</para>
</listitem>
nixos/hockeypuck: Add service for hockeypuck
2021-07-18 08:49:36 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
a OpenPGP Key Server. Available as
<link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
</para>
</listitem>
nixos/prometheus-buildkite-agent-exporter: init
2021-07-15 10:37:54 -07:00
<listitem>
<para>
<link xlink:href="https://github.com/buildkite/buildkite-agent-metrics">buildkite-agent-metrics</link>,
a command-line tool for collecting Buildkite agent metrics,
now has a Prometheus exporter available as
<link linkend="opt-services.prometheus.exporters.buildkite-agent.enable">services.prometheus.exporters.buildkite-agent</link>.
</para>
</listitem>
nixos/prometheus-influxdb-exporter: init
2021-07-26 15:52:56 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/prometheus/influxdb_exporter">influxdb-exporter</link>
a Prometheus exporter that exports metrics received on an
InfluxDB compatible endpoint is now available as
<link linkend="opt-services.prometheus.exporters.influxdb.enable">services.prometheus.exporters.influxdb</link>.
</para>
</listitem>
nixos/mx-puppet-discord: add module
2021-07-09 11:58:46 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/matrix-discord/mx-puppet-discord">mx-puppet-discord</link>,
a discord puppeting bridge for matrix. Available as
<link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>.
</para>
</listitem>
release notes: add meshcentral
2021-07-29 11:36:17 +02:00
<listitem>
<para>
<link xlink:href="https://www.meshcommander.com/meshcentral2/overview">MeshCentral</link>,
a remote administration service (<quote>TeamViewer but
self-hosted and with more features</quote>) is now available
with a package and a module:
<link linkend="opt-services.meshcentral.enable">services.meshcentral.enable</link>
</para>
</listitem>
nixos/moonraker: init
2021-07-20 19:21:03 -07:00
<listitem>
<para>
<link xlink:href="https://github.com/Arksine/moonraker">moonraker</link>,
an API web server for Klipper. Available as
<link linkend="opt-services.moonraker.enable">moonraker</link>.
</para>
</listitem>
nixos/influxdb2: init
2021-07-26 12:34:42 +08:00
<listitem>
<para>
<link xlink:href="https://github.com/influxdata/influxdb">influxdb2</link>,
a Scalable datastore for metrics, events, and real-time
analytics. Available as
<link linkend="opt-services.influxdb2.enable">services.influxdb2</link>.
</para>
</listitem>
isso: added NixOS module to configure `isso` in NixOS
2021-08-07 00:32:06 -06:00
<listitem>
<para>
<link xlink:href="https://posativ.org/isso/">isso</link>, a
commenting server similar to Disqus. Available as
<link linkend="opt-services.isso.enable">isso</link>
</para>
</listitem>
nixos/navidrome: init module and test Co-authored-by: aciceri <andrea.ciceri@autistici.org> Co-authored-by: nyanloutre <paul@nyanlout.re>
2020-12-05 19:11:21 +01:00
<listitem>
<para>
<link xlink:href="https://www.navidrome.org/">navidrome</link>,
a personal music streaming server with subsonic-compatible
api. Available as
<link linkend="opt-services.navidrome.enable">navidrome</link>.
</para>
</listitem>
nixos/fluidd: init fluidd service at 1.16.2
2021-08-21 22:51:01 +02:00
<listitem>
<para>
<link xlink:href="https://docs.fluidd.xyz/">fluidd</link>, a
Klipper web interface for managing 3d printers using
moonraker. Available as
<link linkend="opt-services.fluidd.enable">fluidd</link>.
</para>
</listitem>
nixos/sx: init
2021-08-22 13:44:29 -04:00
<listitem>
<para>
<link xlink:href="https://github.com/earnestly/sx">sx</link>,
a simple alternative to both xinit and startx for starting a
Xorg server. Available as
<link linkend="opt-services.xserver.displayManager.sx.enable">services.xserver.displayManager.sx</link>
</para>
</listitem>
release-notes: add postfixadmin module addition
2021-08-23 20:30:23 +02:00
<listitem>
<para>
<link xlink:href="https://postfixadmin.sourceforge.io/">postfixadmin</link>,
a web based virtual user administration interface for Postfix
mail servers. Available as
<link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
</para>
</listitem>
nixos/prowlarr: init
2021-10-10 08:53:03 -07:00
<listitem>
<para>
<link xlink:href="https://wiki.servarr.com/prowlarr">prowlarr</link>,
an indexer manager/proxy built on the popular arr .net/reactjs
base stack
<link linkend="opt-services.prowlarr.enable">services.prowlarr</link>.
</para>
</listitem>
nixos/soju: add 21.11 release notes entry
2021-06-04 16:30:27 +02:00
<listitem>
<para>
<link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
user-friendly IRC bouncer. Available as
<link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
</para>
</listitem>
release-notes: add nats service
2021-08-31 22:15:16 +02:00
<listitem>
<para>
<link xlink:href="https://nats.io/">nats</link>, a high
performance cloud and edge messaging system. Available as
<link linkend="opt-services.nats.enable">services.nats</link>.
</para>
</listitem>
nixos/git: init
2021-09-10 18:46:48 -04:00
<listitem>
<para>
<link xlink:href="https://git-scm.com">git</link>, a
distributed version control system. Available as
<link xlink:href="options.html#opt-programs.git.enable">programs.git</link>.
</para>
release-notes: add nats service
2021-08-31 22:15:16 +02:00
</listitem>
nixos/parsedmarc: Add manual entry and release note
2021-06-03 18:31:15 +02:00
<listitem>
<para>
<link xlink:href="https://domainaware.github.io/parsedmarc/">parsedmarc</link>,
a service which parses incoming
<link xlink:href="https://dmarc.org/">DMARC</link> reports and
stores or sends them to a downstream service for further
analysis. Documented in
<link linkend="module-services-parsedmarc">its manual
entry</link>.
</para>
</listitem>
nixos/spark: release notes
2021-09-17 20:53:40 +05:30
<listitem>
<para>
<link xlink:href="https://spark.apache.org/">spark</link>, a
unified analytics engine for large-scale data processing.
</para>
</listitem>
nixos/rl-2111: mention pantheon 6 upgrade and touchegg module
2021-09-18 19:35:16 +08:00
<listitem>
<para>
<link xlink:href="https://github.com/JoseExposito/touchegg">touchegg</link>,
a multi-touch gesture recognizer. Available as
<link linkend="opt-services.touchegg.enable">services.touchegg</link>.
</para>
</listitem>
nixos/pantheon-tweaks: init
2021-09-18 22:05:07 +08:00
<listitem>
<para>
<link xlink:href="https://github.com/pantheon-tweaks/pantheon-tweaks">pantheon-tweaks</link>,
an unofficial system settings panel for Pantheon. Available as
<link linkend="opt-programs.pantheon-tweaks.enable">programs.pantheon-tweaks</link>.
</para>
</listitem>
nixos/joycond: init NixOS should be able to support the Nintendo Switch Pro controller for steam and non-steam at the same time. Currently there are two mutually exclusive ways to support the Pro Controller: Steam and `hid-nintendo`. Unfortunately these don't work together, but there's a workaround in newer versions of `joycond` (described [here](https://wiki.archlinux.org/title/Gamepad#Using_hid-nintendo_pro_controller_with_Steam_Games_(with_joycond))). To use this workaround `hid-nintendo` and `joycond` need to be updated, and the systemd and udev configuration needs to be made available in NixOS.
2021-09-26 14:17:21 +10:00
<listitem>
<para>
<link xlink:href="https://github.com/DanielOgorchock/joycond">joycond</link>,
a service that uses <literal>hid-nintendo</literal> to provide
nintendo joycond pairing and better nintendo switch pro
controller support.
</para>
</listitem>
nixos/multipath: add multipath module The multipath-tools package had existed in Nixpkgs for some time but without a nixos module to configure/drive it. This module provides attributes to drive the majority of multipath configuration options and is being successfully used in stage-1 and stage-2 boot to mount /nix from a multipath-serviced iSCSI volume. Credit goes to @grahamc for early contributions to the module and authoring the NixOS module test.
2021-03-11 06:46:31 -05:00
<listitem>
<para>
<link xlink:href="https://github.com/opensvc/multipath-tools">multipath</link>,
the device mapper multipath (DM-MP) daemon. Available as
<link linkend="opt-services.multipath.enable">services.multipath</link>.
</para>
</listitem>
nixos/seafile: init service
2021-04-20 20:06:57 +02:00
<listitem>
<para>
<link xlink:href="https://www.seafile.com/en/home/">seafile</link>,
an open source file syncing &amp; sharing software. Available
as
<link xlink:href="options.html#opt-services.seafile.enable">services.seafile</link>.
</para>
</listitem>
nixos/rl-2111: add new service: rasdaemon
2021-10-08 10:37:10 +02:00
<listitem>
<para>
<link xlink:href="https://github.com/mchehab/rasdaemon">rasdaemon</link>,
a hardware error logging daemon. Available as
<link linkend="opt-hardware.rasdaemon.enable">hardware.rasdaemon</link>.
</para>
</listitem>
code-server: ✨ init code-server-module
2021-08-24 22:45:13 +02:00
<listitem>
<para>
<literal>code-server</literal>-module now available
</para>
</listitem>
nixos/xmrig: init
2021-11-06 15:04:14 -03:00
<listitem>
<para>
<link xlink:href="https://github.com/xmrig/xmrig">xmrig</link>,
a high performance, open source, cross platform RandomX,
KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and
RandomX benchmark.
</para>
</listitem>
nixos/ananicy: init
2021-11-07 01:27:41 +02:00
<listitem>
<para>
Auto nice daemons
<link xlink:href="https://github.com/Nefelim4ag/Ananicy">ananicy</link>
and
<link xlink:href="https://gitlab.com/ananicy-cpp/ananicy-cpp/">ananicy-cpp</link>.
Available as
<link linkend="opt-services.ananicy.enable">services.ananicy</link>.
</para>
</listitem>
nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter
2021-12-05 03:08:01 +01:00
<listitem>
<para>
<link xlink:href="https://github.com/prometheus-community/smartctl_exporter">smartctl_exporter</link>,
a Prometheus exporter for
<link xlink:href="https://en.wikipedia.org/wiki/S.M.A.R.T.">S.M.A.R.T.</link>
data. Available as
<link xlink:href="options.html#opt-services.prometheus.exporters.smartctl.enable">services.prometheus.exporters.smartctl</link>.
</para>
</listitem>
nixos/fluidd: init fluidd service at 1.16.2
2021-08-21 22:51:01 +02:00
</itemizedlist>
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
</section>
nixos/doc: Synchronize the Markdown generator with Nixpkgs Switch to CommonMark with our extensions.
2021-06-18 00:07:00 +02:00
<section xml:id="sec-release-21.11-incompatibilities">
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
<title>Backward Incompatibilities</title>
nixos/geoipupdate: Replace the old `geoip-updater` module Our old bespoke GeoIP updater doesn't seem to be working anymore. Instead of trying to fix it, replace it with the official updater from MaxMind.
2021-04-28 16:56:06 +02:00
<itemizedlist>
nixosTest: Document stdout waiting behavior
2021-11-05 01:41:32 +01:00
<listitem>
<para>
The NixOS VM test framework,
<literal>pkgs.nixosTest</literal>/<literal>make-test-python.nix</literal>,
nixosTest: Add xclip as example of stdout blocker
2021-11-06 13:05:12 +01:00
now requires detaching commands such as
<literal>succeed(&quot;foo &amp;&quot;)</literal> and
<literal>succeed(&quot;foo | xclip -i&quot;)</literal> to
close stdout. This can be done with a redirect such as
nixosTest: Document stdout waiting behavior
2021-11-05 01:41:32 +01:00
<literal>succeed(&quot;foo &gt;&amp;2 &amp;&quot;)</literal>.
This breaking change was necessitated by a race condition
causing tests to fail or hang. It applies to all methods that
invoke commands on the nodes, including
<literal>execute</literal>, <literal>succeed</literal>,
<literal>fail</literal>,
<literal>wait_until_succeeds</literal>,
<literal>wait_until_fails</literal>.
</para>
</listitem>
nixos/networking: add the wakeonlan option
2021-10-01 18:08:39 -06:00
<listitem>
<para>
The <literal>services.wakeonlan</literal> option was removed,
and replaced with
<literal>networking.interfaces.&lt;name&gt;.wakeOnLan</literal>.
</para>
</listitem>
doc/release-notes: mention security.wrappers changes
2021-09-12 20:53:44 +02:00
<listitem>
<para>
The <literal>security.wrappers</literal> option now requires
to always specify an owner, group and whether the
setuid/setgid bit should be set. This is motivated by the fact
that before NixOS 21.11, specifying either setuid or setgid
but not owner/group resulted in wrappers owned by
nobody/nogroup, which is unsafe.
</para>
</listitem>
docs/release-notes: mention iptables switch
2020-04-28 16:36:13 +03:00
<listitem>
<para>
Since <literal>iptables</literal> now uses
<literal>nf_tables</literal> backend and
<literal>ipset</literal> doesnt support it, some applications
(ferm, shorewall, firehol) may have limited functionality.
</para>
</listitem>
paperless: remove package & module as it has been superseded by paperless-ng The paperless project has moved on to paperless-ng and the original paperless package in Nixpkgs has stopped working recently (due to version incompatibility with the providede Django package). Instead of investing more time into the old module we should migrate all users to the new module instead.
2021-06-03 15:59:17 +02:00
<listitem>
<para>
The <literal>paperless</literal> module and package have been
removed. All users should migrate to the successor
<literal>paperless-ng</literal> instead. The Paperless project
<link xlink:href="https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4">has
been archived</link> and advises all users to use
<literal>paperless-ng</literal> instead.
</para>
<para>
Users can use the <literal>services.paperless-ng</literal>
module as a replacement while noting the following
incompatibilities:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.paperless.ocrLanguages</literal> has no
replacement. Users should migrate to
<link xlink:href="options.html#opt-services.paperless-ng.extraConfig"><literal>services.paperless-ng.extraConfig</literal></link>
instead:
</para>
</listitem>
</itemizedlist>
<programlisting language="bash">
{
services.paperless-ng.extraConfig = {
# Provide languages as ISO 639-2 codes
# separated by a plus (+) sign.
# https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes
PAPERLESS_OCR_LANGUAGE = &quot;deu+eng+jpn&quot;; # German &amp; English &amp; Japanse
};
}
</programlisting>
<itemizedlist>
<listitem>
<para>
If you previously specified
<literal>PAPERLESS_CONSUME_MAIL_*</literal> settings in
<literal>services.paperless.extraConfig</literal> you
should remove those options now. You now
<emphasis>must</emphasis> define those settings in the
admin interface of paperless-ng.
</para>
</listitem>
<listitem>
<para>
Option <literal>services.paperless.manage</literal> no
longer exists. Use the script at
<literal>${services.paperless-ng.dataDir}/paperless-ng-manage</literal>
instead. Note that this script only exists after the
<literal>paperless-ng</literal> service has been started
at least once.
</para>
</listitem>
<listitem>
<para>
After switching to the new system configuration you should
run the Django management command to reindex your
documents and optionally create a user, if you dont have
one already.
</para>
<para>
To do so, enter the data directory (the value of
<literal>services.paperless-ng.dataDir</literal>,
<literal>/var/lib/paperless</literal> by default), switch
to the paperless user and execute the management command
like below:
</para>
<programlisting>
$ cd /var/lib/paperless
$ su paperless -s /bin/sh
$ ./paperless-ng-manage document_index reindex
# if not already done create a user account, paperless-ng requires a login
$ ./paperless-ng-manage createsuperuser
Username (leave blank to use 'paperless'): my-user-name
Email address: me@example.com
Password: **********
Password (again): **********
Superuser created successfully.
</programlisting>
</listitem>
</itemizedlist>
</listitem>
docs/release-notes: mention staticjinja
2021-05-24 14:17:51 +02:00
<listitem>
<para>
The <literal>staticjinja</literal> package has been upgraded
staticjinja: 4.1.0 -> 4.1.1
2021-11-04 15:27:22 +01:00
from 1.0.4 to 4.1.1
docs/release-notes: mention staticjinja
2021-05-24 14:17:51 +02:00
</para>
</listitem>
firefox: Added checks for new addon behaviour since v91
2021-08-22 22:17:44 +02:00
<listitem>
<para>
Firefox v91 does not support addons with invalid signature
anymore. Firefox ESR needs to be used for nix addon support.
</para>
</listitem>
erigon: 2021.05.02 -> 2021.08.01
2021-06-08 15:41:43 +02:00
<listitem>
<para>
The <literal>erigon</literal> ethereum node has moved to a new
database format in <literal>2021-05-04</literal>, and requires
a full resync
</para>
docs/release-notes: mention staticjinja
2021-05-24 14:17:51 +02:00
</listitem>
erigon: 2021.08.03 -> 2021.08.04
2021-08-24 10:22:39 +02:00
<listitem>
<para>
The <literal>erigon</literal> ethereum node has moved its
database location in <literal>2021-08-03</literal>, users
upgrading must manually move their chaindata (see
<link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release
notes</link>).
</para>
</listitem>
nixos: add release notes about users.users.name.group
2021-08-08 12:00:00 +00:00
<listitem>
<para>
<link xlink:href="options.html#opt-users.users._name_.group">users.users.&lt;name&gt;.group</link>
no longer defaults to <literal>nogroup</literal>, which was
insecure. Out-of-tree modules are likely to require
adaptation: instead of
</para>
<programlisting language="bash">
{
users.users.foo = {
isSystemUser = true;
};
}
</programlisting>
<para>
also create a group for your user:
</para>
<programlisting language="bash">
{
users.users.foo = {
isSystemUser = true;
group = &quot;foo&quot;;
};
users.groups.foo = {};
}
</programlisting>
</listitem>
nixos/geoipupdate: Replace the old `geoip-updater` module Our old bespoke GeoIP updater doesn't seem to be working anymore. Instead of trying to fix it, replace it with the official updater from MaxMind.
2021-04-28 16:56:06 +02:00
<listitem>
<para>
<literal>services.geoip-updater</literal> was broken and has
been replaced by
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
</para>
</listitem>
python3.pkgs.ihatemoney: add release notes
2021-10-24 12:00:00 +00:00
<listitem>
<para>
<literal>ihatemoney</literal> has been updated to version
5.1.1
(<link xlink:href="https://github.com/spiral-project/ihatemoney/blob/5.1.1/CHANGELOG.rst">release
notes</link>). If you serve ihatemoney by HTTP rather than
HTTPS, you must set
<link xlink:href="options.html#opt-services.ihatemoney.secureCookie">services.ihatemoney.secureCookie</link>
to <literal>false</literal>.
</para>
</listitem>
php: Drop PHP 7.3 support PHP 7.3 won't be supported by upstream for the entire life cycle of the 21.11 release. Also drop the pcre' alias since it isn't needed anymore since we don't need different pcre versions anymore.
2021-06-03 15:06:06 +02:00
<listitem>
<para>
PHP 7.3 is no longer supported due to upstream not supporting
this version for the entire lifecycle of the 21.11 release.
</para>
</listitem>
buildBazelPackage: set fetchConfigured default to true
2021-06-06 21:28:19 +00:00
<listitem>
<para>
Those making use of <literal>buildBazelPackage</literal> will
need to regenerate the fetch hashes (preferred), or set
<literal>fetchConfigured = false;</literal>.
</para>
</listitem>
release notes: Mention consul breaking changes
2021-06-25 02:27:03 +02:00
<listitem>
<para>
<literal>consul</literal> was upgraded to a new major release
with breaking changes, see
<link xlink:href="https://github.com/hashicorp/consul/releases/tag/v1.10.0">upstream
changelog</link>.
</para>
</listitem>
fsharp41: remove
2021-06-08 17:03:10 -03:00
<listitem>
<para>
fsharp41 has been removed in preference to use the latest
dotnet-sdk
</para>
</listitem>
nixos/dotnetPackages: remove packages F# packages have been removed for being unmaintaned.
2021-06-09 02:23:44 -03:00
<listitem>
<para>
The following F#-related packages have been removed for being
unmaintaned. Please use <literal>fetchNuGet</literal> for
specific packages.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
ExtCore
</para>
</listitem>
<listitem>
<para>
Fake
</para>
</listitem>
<listitem>
<para>
Fantomas
</para>
</listitem>
<listitem>
<para>
FsCheck
</para>
</listitem>
<listitem>
<para>
FsCheck262
</para>
</listitem>
<listitem>
<para>
FsCheckNunit
</para>
</listitem>
<listitem>
<para>
FSharpAutoComplete
</para>
</listitem>
<listitem>
<para>
FSharpCompilerCodeDom
</para>
</listitem>
<listitem>
<para>
FSharpCompilerService
</para>
</listitem>
<listitem>
<para>
FSharpCompilerTools
</para>
</listitem>
<listitem>
<para>
FSharpCore302
</para>
</listitem>
<listitem>
<para>
FSharpCore3125
</para>
</listitem>
<listitem>
<para>
FSharpCore4001
</para>
</listitem>
<listitem>
<para>
FSharpCore4117
</para>
</listitem>
<listitem>
<para>
FSharpData
</para>
</listitem>
<listitem>
<para>
FSharpData225
</para>
</listitem>
<listitem>
<para>
FSharpDataSQLProvider
</para>
</listitem>
<listitem>
<para>
FSharpFormatting
</para>
</listitem>
<listitem>
<para>
FsLexYacc
</para>
</listitem>
<listitem>
<para>
FsLexYacc706
</para>
</listitem>
<listitem>
<para>
FsLexYaccRuntime
</para>
</listitem>
<listitem>
<para>
FsPickler
</para>
</listitem>
<listitem>
<para>
FsUnit
</para>
</listitem>
<listitem>
<para>
Projekt
</para>
</listitem>
<listitem>
<para>
Suave
</para>
</listitem>
<listitem>
<para>
UnionArgParser
</para>
</listitem>
<listitem>
<para>
ExcelDnaRegistration
</para>
</listitem>
<listitem>
<para>
MathNetNumerics
</para>
</listitem>
</itemizedlist>
</listitem>
release-notes: mention x2goserver rename
2021-06-10 07:01:21 +02:00
<listitem>
<para>
<literal>programs.x2goserver</literal> is now
<literal>services.x2goserver</literal>
</para>
</listitem>
nixos/dotnetPackages: remove packages
2021-06-09 04:22:14 -03:00
<listitem>
<para>
The following dotnet-related packages have been removed for
being unmaintaned. Please use <literal>fetchNuGet</literal>
for specific packages.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Autofac
</para>
</listitem>
<listitem>
<para>
SystemValueTuple
</para>
</listitem>
<listitem>
<para>
MicrosoftDiaSymReader
</para>
</listitem>
<listitem>
<para>
MicrosoftDiaSymReaderPortablePdb
</para>
</listitem>
<listitem>
<para>
SystemCollectionsImmutable
</para>
</listitem>
<listitem>
<para>
SystemCollectionsImmutable131
</para>
</listitem>
<listitem>
<para>
SystemReflectionMetadata
</para>
</listitem>
<listitem>
<para>
NUnit350
</para>
</listitem>
<listitem>
<para>
Deedle
</para>
</listitem>
<listitem>
<para>
ExcelDna
</para>
</listitem>
<listitem>
<para>
GitVersionTree
</para>
</listitem>
<listitem>
<para>
NDeskOptions
</para>
</listitem>
</itemizedlist>
</listitem>
docs: nixos release notes (w/o 2105 - separate PR) docs: nixos release notes (revise code blocks) docs: nixos release notes (fix opt links outside of code blocks) docs: nixos release notes (fix opt links inside of code blocks) went fishing with: ```console rg -A1 \ --multiline \ --multiline-dotall \ '<programlisting>[^</programlisting>]+' \ | rg linkend ``` docs: nixos release notes (prettier) docs: nixos release notes (fix zonefile codeblocks) docs: nixos release notes (restore admonition from prettier destriction) docs: nixos release notes (recreate xml files) docs: nixos release notes (fix trnslation error md -> xml) admonition with a title seem not to work docs: nixos release notes (fix code block indentation) docs: nixos release notes (diff after converting with https://github.com/NixOS/nixpkgs/pull/127270) docs: nixos release notes (fix remaingin '???') Those where not catched i a previous iteration since they didn't satisfy the then presumed search regex `#opt-.*` doc: nixos release notes make docbook/md conversion consistent
2021-06-21 19:59:44 -05:00
</itemizedlist>
libwnck: make 3.36.0 default
2021-06-23 21:22:04 +03:00
<itemizedlist>
antlr: make 4.8 default
2021-06-20 13:23:37 +03:00
<listitem>
<para>
The <literal>antlr</literal> package now defaults to the 4.x
release instead of the old 2.7.7 version.
</para>
</listitem>
pulseeffects,easyeffects: 5.0.3 -> 6.0.0 New release, the main feature is updating to GTK4 and significant updates to the internal processing pipelines. Many dependencies no longer seem to be required, I have manually checked that mentioned plugins are still available.
2021-07-07 09:37:48 -04:00
<listitem>
<para>
The <literal>pulseeffects</literal> package updated to
<link xlink:href="https://github.com/wwmm/easyeffects/releases/tag/v6.0.0">version
4.x</link> and renamed to <literal>easyeffects</literal>.
</para>
</listitem>
libwnck: make 3.36.0 default
2021-06-23 21:22:04 +03:00
<listitem>
<para>
The <literal>libwnck</literal> package now defaults to the 3.x
release instead of the old 2.31.0 version.
</para>
</listitem>
vaultwarden: update to 1.22.1, rename from bitwarden_rs I tried to make this as non-breaking as possible, but it will still break things slightly for people expecting certain file names in the packages themselves.
2021-07-01 12:14:51 +03:00
<listitem>
<para>
The <literal>bitwarden_rs</literal> packages and modules were
renamed to <literal>vaultwarden</literal>
<link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
upstream</link>. More specifically,
</para>
<itemizedlist>
<listitem>
<para>
<literal>pkgs.bitwarden_rs</literal>,
<literal>pkgs.bitwarden_rs-sqlite</literal>,
<literal>pkgs.bitwarden_rs-mysql</literal> and
<literal>pkgs.bitwarden_rs-postgresql</literal> were
renamed to <literal>pkgs.vaultwarden</literal>,
<literal>pkgs.vaultwarden-sqlite</literal>,
<literal>pkgs.vaultwarden-mysql</literal> and
<literal>pkgs.vaultwarden-postgresql</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The <literal>bitwarden_rs</literal> executable was
also renamed to <literal>vaultwarden</literal> in all
packages.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> was renamed to
<literal>pkgs.vaultwarden-vault</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> is
preserved as an alias for backwards compatibility, but
may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The static files were moved from
<literal>/usr/share/bitwarden_rs</literal> to
<literal>/usr/share/vaultwarden</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>services.bitwarden_rs</literal> config module
was renamed to <literal>services.vaultwarden</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.bitwarden_rs</literal> is preserved
as an alias for backwards compatibility, but may be
removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>systemd.services.bitwarden_rs</literal>,
<literal>systemd.services.backup-bitwarden_rs</literal>
and <literal>systemd.timers.backup-bitwarden_rs</literal>
were renamed to
<literal>systemd.services.vaultwarden</literal>,
<literal>systemd.services.backup-vaultwarden</literal> and
<literal>systemd.timers.backup-vaultwarden</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>users.users.bitwarden_rs</literal> and
<literal>users.groups.bitwarden_rs</literal> were renamed
to <literal>users.users.vaultwarden</literal> and
<literal>users.groups.vaultwarden</literal>, respectively.
</para>
</listitem>
<listitem>
<para>
The data directory remains located at
<literal>/var/lib/bitwarden_rs</literal>, for backwards
compatibility.
</para>
</listitem>
</itemizedlist>
</listitem>
docs/release-notes: mention staticjinja
2021-05-24 14:17:51 +02:00
</itemizedlist>
nixos/icingaweb2: Add ipl and thirdparty libraries These are required since 2.9.0
2021-07-13 18:22:28 +02:00
<itemizedlist>
yggdrasil: 0.3.16 -> 0.4.0
2021-07-04 11:33:28 -04:00
<listitem>
<para>
<literal>yggdrasil</literal> was upgraded to a new major
release with breaking changes, see
<link xlink:href="https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0">upstream
changelog</link>.
</para>
</listitem>
nixos/icingaweb2: Add ipl and thirdparty libraries These are required since 2.9.0
2021-07-13 18:22:28 +02:00
<listitem>
<para>
<literal>icingaweb2</literal> was upgraded to a new release
which requires a manual database upgrade, see
<link xlink:href="https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0">upstream
changelog</link>.
</para>
</listitem>
isabelle: 2020 -> 2021
2021-07-18 23:49:43 +02:00
<listitem>
<para>
The <literal>isabelle</literal> package has been upgraded from
2020 to 2021
</para>
</listitem>
mingw-64: 6.0.0 -> 9.0.0
2021-07-20 22:21:36 +02:00
<listitem>
<para>
the <literal>mingw-64</literal> package has been upgraded from
6.0.0 to 9.0.0
</para>
</listitem>
Added release notes and broke date apart
2021-07-25 15:40:33 -04:00
<listitem>
<para>
<literal>tt-rss</literal> was upgraded to the commit on
Added more detail to changelog, updated permissions in directory, and changed restartTriggers
2021-07-28 20:53:38 -04:00
2021-06-21, which has breaking changes. If you use
<literal>services.tt-rss.extraConfig</literal> you should
migrate to the <literal>putenv</literal>-style configuration.
See
Added release notes and broke date apart
2021-07-25 15:40:33 -04:00
<link xlink:href="https://community.tt-rss.org/t/rip-config-php-hello-classes-config-php/4337">this
Added more detail to changelog, updated permissions in directory, and changed restartTriggers
2021-07-28 20:53:38 -04:00
Discourse post</link> in the tt-rss forums for more details.
Added release notes and broke date apart
2021-07-25 15:40:33 -04:00
</para>
</listitem>
vscode-extensions: uniform extension namingconvention
2021-07-27 10:07:51 -03:00
<listitem>
<para>
The following Visual Studio Code extensions were renamed to
keep the naming convention uniform.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>bbenoist.Nix</literal> -&gt;
<literal>bbenoist.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>CoenraadS.bracket-pair-colorizer</literal> -&gt;
<literal>coenraads.bracket-pair-colorizer</literal>
</para>
</listitem>
<listitem>
<para>
<literal>golang.Go</literal> -&gt;
<literal>golang.go</literal>
</para>
</listitem>
</itemizedlist>
</listitem>
{uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms
2021-07-22 07:39:18 +03:00
<listitem>
<para>
<literal>services.uptimed</literal> now uses
<literal>/var/lib/uptimed</literal> as its stateDirectory
instead of <literal>/var/spool/uptimed</literal>. Make sure to
move all files to the new directory.
</para>
</listitem>
release-notes: Add notice regarding dropped Emacs aliases
2021-08-03 12:52:17 -05:00
<listitem>
<para>
Deprecated package aliases in <literal>emacs.pkgs.*</literal>
have been removed. These aliases were remnants of the old
Emacs package infrastructure. We now use exact upstream names
wherever possible.
</para>
</listitem>
nixos/neovim: Fix neovim runtime path generation
2021-08-03 10:59:48 +02:00
<listitem>
<para>
<literal>programs.neovim.runtime</literal> switched to a
<literal>linkFarm</literal> internally, making it impossible
to use wildcards in the <literal>source</literal> argument.
</para>
</listitem>
changelog: re-add by accident deleted sections
2021-08-10 16:26:18 +02:00
<listitem>
<para>
The <literal>openrazer</literal> and
<literal>openrazer-daemon</literal> packages as well as the
<literal>hardware.openrazer</literal> module now require users
to be members of the <literal>openrazer</literal> group
instead of <literal>plugdev</literal>. With this change, users
no longer need be granted the entire set of
<literal>plugdev</literal> group permissions, which can
include permissions other than those required by
<literal>openrazer</literal>. This is desirable from a
security point of view. The setting
<link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
can be used to add users to the <literal>openrazer</literal>
group.
</para>
</listitem>
fontconfig service: drop dpi option Recommend to use services.xserver.dpi option instead. Mention in the documentation that it's a sledgehammer approach and monitor settings should be used instead. Also don't set DPI in fontconfig settings; fontconfig should use Xft settings by default so let's not override one value in multiple places. For example, user now can set DPI via ~/.Xresources properly.
2017-05-24 17:25:19 +03:00
<listitem>
<para>
The fontconfig services dpi option has been removed.
Fontconfig should use Xft settings by default so theres no
need to override one value in multiple places. The user can
set DPI via ~/.Xresources properly, or at the system level per
monitor, or as a last resort at the system level with
<literal>services.xserver.dpi</literal>.
</para>
</listitem>
changelog: re-add by accident deleted sections
2021-08-10 16:26:18 +02:00
<listitem>
<para>
The <literal>yambar</literal> package has been split into
<literal>yambar</literal> and
<literal>yambar-wayland</literal>, corresponding to the xorg
and wayland backend respectively. Please switch to
<literal>yambar-wayland</literal> if you are on wayland.
</para>
</listitem>
nixos/minio: add release notes
2021-08-09 23:08:03 +02:00
<listitem>
<para>
The <literal>services.minio</literal> module gained an
additional option <literal>consoleAddress</literal>, that
configures the address and port the web UI is listening, it
defaults to <literal>:9001</literal>. To be able to access the
web UI this port needs to be opened in the firewall.
</para>
</listitem>
varnishPackages: update default, because we dropped 6.3.x
2021-07-26 03:48:23 +02:00
<listitem>
<para>
The <literal>varnish</literal> package was upgraded from 6.3.x
varnish65*: drop because it is EOL upstream varnish66 could be introduced, but I don't think it's worth the effort
2021-09-15 22:48:24 +02:00
to 7.x. <literal>varnish60</literal> for the last LTS release
is also still available.
varnishPackages: update default, because we dropped 6.3.x
2021-07-26 03:48:23 +02:00
</para>
</listitem>
kubernetes: fix breakage introduced by upgrade to 1.22
2021-08-13 17:42:27 +01:00
<listitem>
<para>
The <literal>kubernetes</literal> package was upgraded to
1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal>
option was removed and HTTPS is always used.
</para>
</listitem>
linux: drop `*_latest_hardened`-attributes in favor of versioned attributes The problem behind this is that the hardened patchset[1]. Quite recently this led to a weird problem when Linux 5.12 was dropped (and thus had to be removed from `nixpkgs`), there were no patches for 5.13, so `linuxPackages_hardened_latest` had to be downgraded to 5.10 as base[2] which may be rather unintuitive and unexpected. To avoid these kind of "silent downgrades" in the future, it makes sense to drop the attribute entirely. If somebody wants to use a hardened kernel, it's better to explicitly pin it using the newly introduced versioned attributes, e.g. `linuxPackages_4_14_hardened`. [1] https://github.com/anthraxx/linux-hardened/ [2] https://github.com/NixOS/nixpkgs/pull/133587
2021-08-16 11:31:42 +02:00
<listitem>
<para>
The attribute <literal>linuxPackages_latest_hardened</literal>
was dropped because the hardened patches lag behind the
upstream kernel which made version bumps harder. If you want
to use a hardened kernel, please pin it explicitly with a
versioned attribute such as
<literal>linuxPackages_5_10_hardened</literal>.
</para>
</listitem>
nomad: default to nomad_1_1
2021-07-29 18:56:56 +02:00
<listitem>
<para>
The <literal>nomad</literal> package now defaults to a 1.1.x
release instead of 1.0.x
</para>
</listitem>
nixos/doc: add note about switching to exfatprogs
2021-07-01 00:11:47 +10:00
<listitem>
<para>
If <literal>exfat</literal> is included in
<literal>boot.supportedFilesystems</literal> and when using
kernel 5.7 or later, the <literal>exfatprogs</literal>
user-space utilities are used instead of
<literal>exfat</literal>.
</para>
</listitem>
todoman: 3.9.0 -> 4.0.0
2021-08-26 12:32:50 +05:30
<listitem>
<para>
The <literal>todoman</literal> package was upgraded from 3.9.0
to 4.0.0. This introduces breaking changes in the
<link xlink:href="https://todoman.readthedocs.io/en/stable/configure.html#configuration-file">configuration
file</link> format.
</para>
</listitem>
datadog-agent: Add release note entry.
2021-09-08 10:04:14 -07:00
<listitem>
<para>
The <literal>datadog-agent</literal>,
<literal>datadog-integrations-core</literal> and
<literal>datadog-process-agent</literal> packages were
upgraded from 6.11.2 to 7.30.2, git-2018-09-18 to 7.30.1 and
nixos/datadog-agent: Note breaking changes in release notes.
2021-09-09 08:25:29 -07:00
6.11.1 to 7.30.2, respectively. As a result
<literal>services.datadog-agent</literal> has had breaking
changes to the configuration file. For details, see the
datadog-agent: Add release note entry.
2021-09-08 10:04:14 -07:00
<link xlink:href="https://github.com/DataDog/datadog-agent/blob/main/CHANGELOG.rst">upstream
changelog</link>.
</para>
</listitem>
opencv2: don't build unfree libraries by default In opencv 2.x, unfree libraries are built by default. The package should therefore have been marked as unfree, but wasn't. I've disabled the non-free libraries by default, and added an option to enable them. There are three programs in Nixpkgs that depend on opencv2: mathematica, pfstools, and p2pvc. pfstools requires the non-free libraries if it's built with opencv support, so I've disabled opencv by default there and added an option to enable it. p2pvc links fine, so presumably doesn't need the non-free libraries. I can't test mathematica, so I'm just going to leave it alone.
2021-09-27 13:57:14 +00:00
<listitem>
<para>
<literal>opencv2</literal> no longer includes the non-free
libraries by default, and consequently
<literal>pfstools</literal> no longer includes OpenCV support
by default. Both packages now support an
<literal>enableUnfree</literal> option to re-enable this
functionality.
</para>
</listitem>
nixos/release-notes: render missing docbook
2021-10-15 23:24:33 +02:00
<listitem>
<para>
<literal>services.xserver.displayManager.defaultSession = &quot;plasma5&quot;</literal>
does not work anymore, instead use either
<literal>&quot;plasma&quot;</literal> for the Plasma X11
session or <literal>&quot;plasmawayland&quot;</literal> for
the Plasma Wayland sesison.
</para>
</listitem>
nixos/doc/manual/release_notes: add kernelParams notes Ran md-to-db.sh, and for some reason got these changes as well. I guess someone didn't update their manual :shrug:
2021-10-16 02:09:28 +03:00
<listitem>
<para>
<literal>boot.kernelParams</literal> now only accepts one
command line parameter per string. This change is aimed to
reduce common mistakes like <quote>param = 12</quote>, which
would be parsed as 3 parameters.
</para>
</listitem>
doc: Explain daemon(IO)NiceLevel removal in release note
2021-10-17 12:27:56 +02:00
<listitem>
<para>
<literal>nix.daemonNiceLevel</literal> and
<literal>nix.daemonIONiceLevel</literal> have been removed in
favour of the new options
<link xlink:href="options.html#opt-nix.daemonCPUSchedPolicy"><literal>nix.daemonCPUSchedPolicy</literal></link>,
<link xlink:href="options.html#opt-nix.daemonIOSchedClass"><literal>nix.daemonIOSchedClass</literal></link>
and
<link xlink:href="options.html#opt-nix.daemonIOSchedPriority"><literal>nix.daemonIOSchedPriority</literal></link>.
Please refer to the options documentation and the
<literal>sched(7)</literal> and
<literal>ioprio_set(2)</literal> man pages for guidance on how
to use them.
</para>
</listitem>
coursier: Rename binary to cs
2021-10-19 22:40:38 +02:00
<listitem>
<para>
The <literal>coursier</literal> packages binary was renamed
from <literal>coursier</literal> to <literal>cs</literal>.
Completions which havent worked for a while should now work
with the renamed binary. To keep using
<literal>coursier</literal>, you can create a shell alias.
</para>
</listitem>
nixos/mosquitto: rewrite the module mosquitto needs a lot of attention concerning its config because it doesn't parse it very well, often ignoring trailing parts of lines, duplicated config keys, or just looking back way further in the file to associated config keys with previously defined items than might be expected. this replaces the mosquitto module completely. we now have a hierarchical config that flattens out to the mosquitto format (hopefully) without introducing spooky action at a distance.
2021-05-21 19:23:01 +02:00
<listitem>
<para>
The <literal>services.mosquitto</literal> module has been
rewritten to support multiple listeners and per-listener
configuration. Module configurations from previous releases
will no longer work and must be updated.
</para>
</listitem>
fluidsynth_1: remove at 1.1.11 * FluidSynth 1.1.11 was kept around as a dependency of some packages that hadn't yet adjusted to API breakages. All of these packages now use FluidSynth 2.x, so fluidsynth_1 can be removed. It has been broken ever since glib was updated to 2.70 and was affected by an unpatched CVE. * Refactor expression a bit, use pname instead of name. * Add changelog entry in case someone was using this downstream (accidentally?). Fixes #141508. Fixes #124624.
2021-10-16 23:26:05 +02:00
<listitem>
<para>
The <literal>fluidsynth_1</literal> attribute has been
removed, as this legacy version is no longer needed in
nixpkgs. The actively maintained 2.x series is available as
<literal>fluidsynth</literal> unchanged.
</para>
</listitem>
nextcloud20: drop The version 20 of Nextcloud will be EOLed by the end of this month[1]. Since the recommended default (that didn't raise an eval-warning) on 21.05 was Nextcloud 21, this shouldn't affect too many people. In order to ensure that nobody does a (not working) upgrade across several major-versions of Nextcloud, I replaced the derivation of `nextcloud20` with a `throw` that provides instructions how to proceed. The only case that I consider "risky" is a setup upgraded from 21.05 (or older) with a `system.stateVersion` <21.11 and with `services.nextcloud.package` not explicitly declared in its config. To avoid that, I also left the `else-if` for `stateVersion < 21.03` which now sets `services.nextcloud.package` to `pkgs.nextcloud20` and thus leads to an eval-error. This condition can be removed as soon as 21.05 is EOL because then it's safe to assume that only 21.11. is used as stable release where no Nextcloud <=20 exists that can lead to such an issue. It can't be removed earlier because then every `system.stateVersion < 21.11` would lead to `nextcloud21` which is a problem if `nextcloud19` is still used. [1] https://docs.nextcloud.com/server/20/admin_manual/release_schedule.html
2021-10-25 01:26:08 +02:00
<listitem>
<para>
Nextcloud 20 (<literal>pkgs.nextcloud20</literal>) has been
dropped because it was EOLed by upstream in 2021-10.
</para>
</listitem>
rl-2111: Note the addition of virtualisation.useNixStoreImage... ...and rename of virtualisation.pathsInNixDB.
2021-10-28 12:23:25 +02:00
<listitem>
<para>
The <literal>virtualisation.pathsInNixDB</literal> option was
renamed
<link xlink:href="options.html#opt-virtualisation.additionalPaths"><literal>virtualisation.additionalPaths</literal></link>.
</para>
</listitem>
nixos/ddclient: replace password with passwordFile option
2021-10-29 19:08:14 +02:00
<listitem>
<para>
The <literal>services.ddclient.password</literal> option was
removed, and replaced with
<literal>services.ddclient.passwordFile</literal>.
</para>
</listitem>
gnat: 9 -> 11 Update the default GNAT version from 9 to 11, as GNAT >= 11 is required to compile the 22.* AdaCore libraries. To allow this, we need to pick a patch from ghdl's master fixing a compilation problem with GNAT 11.
2021-11-01 12:55:18 +01:00
<listitem>
<para>
The default GNAT version has been changed: The
<literal>gnat</literal> attribute now points to
<literal>gnat11</literal> instead of <literal>gnat9</literal>.
</para>
</listitem>
nixos/doc: add release notes about retroarch changes
2021-11-19 23:16:53 -03:00
<listitem>
<para>
<literal>retroArchCores</literal> has been removed. This means
that using <literal>nixpkgs.config.retroarch</literal> to
customize RetroArch cores is not supported anymore. Instead,
use package overrides, for example:
<literal>retroarch.override { cores = with libretro; [ citra snes9x ]; };</literal>.
Also, <literal>retroarchFull</literal> derivation is available
for those who want to have all RetroArch cores available.
</para>
</listitem>
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 Disable unprivileged access to BPF syscalls to prevent denial of service and privilege escalation via a) potential speculative execution side-channel-attacks on unmitigated hardware[0] or b) unvalidated memory access in ringbuffer helper functions[1]. Fixes: CVE-2021-4204, CVE-2022-23222 [0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf [1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-14 10:27:28 +01:00
<listitem>
<para>
The Linux kernel for security reasons now restricts access to
BPF syscalls via <literal>BPF_UNPRIV_DEFAULT_OFF=y</literal>.
Unprivileged access can be reenabled via the
<literal>kernel.unprivileged_bpf_disabled</literal> sysctl
knob.
</para>
</listitem>
add `/usr` neededForBoot entry to 21.11 release notes
2021-11-29 15:37:44 +07:00
<listitem>
<para>
<literal>/usr</literal> will always be included in the initial
ramdisk. See the
<literal>fileSystems.&lt;name&gt;.neededForBoot</literal>
option. If any files exist under <literal>/usr</literal>
(which is not typical for NixOS), they will be included in the
initial ramdisk, increasing its size to a possibly problematic
extent.
</para>
</listitem>
yggdrasil: 0.3.16 -> 0.4.0
2021-07-04 11:33:28 -04:00
</itemizedlist>
docs/release-notes: mention staticjinja
2021-05-24 14:17:51 +02:00
</section>
nixos/doc: Synchronize the Markdown generator with Nixpkgs Switch to CommonMark with our extensions.
2021-06-18 00:07:00 +02:00
<section xml:id="sec-release-21.11-notable-changes">
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
<title>Other Notable Changes</title>
sshd service: Default to INFO logLevel (upstream default). The previous justification for using "VERBOSE" is incorrect, because OpenSSH does use level INFO to log "which key was used to log in" for sccessful logins, see: https://github.com/openssh/openssh-portable/blob/6247812c76f70b2245f3c23f5074665b3d436cae/auth.c#L323-L328 Also update description to the wording of the sshd_config man page. `fail2ban` needs, sshd to be "VERBOSE" to work well, thus the `fail2ban` module sets it to "VERBOSE" if enabled. The docs are updated accordingly.
2020-10-11 17:27:49 +02:00
<itemizedlist>
nixos/rl-2111: mention changes to linux kernel infrastructure
2021-06-29 08:29:16 +02:00
<listitem>
<para>
The linux kernel package infrastructure was moved out of
<literal>all-packages.nix</literal>, and restructured. Linux
related functions and attributes now live under the
<literal>pkgs.linuxKernel</literal> attribute set. In
particular the versioned <literal>linuxPackages_*</literal>
package sets (such as <literal>linuxPackages_5_4</literal>)
and kernels from <literal>pkgs</literal> were moved there and
now live under <literal>pkgs.linuxKernel.packages.*</literal>.
The unversioned ones (such as
<literal>linuxPackages_latest</literal>) remain untouched.
</para>
</listitem>
nixos/docs: document new qemu-vm features
2021-09-15 02:21:53 +02:00
<listitem>
<para>
In NixOS virtual machines (QEMU), the
<literal>virtualisation</literal> module has been updated with
rl-2111: Note the addition of virtualisation.useNixStoreImage... ...and rename of virtualisation.pathsInNixDB.
2021-10-28 12:23:25 +02:00
new options:
nixos/docs: document new qemu-vm features
2021-09-15 02:21:53 +02:00
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
rl-2111: Note the addition of virtualisation.useNixStoreImage... ...and rename of virtualisation.pathsInNixDB.
2021-10-28 12:23:25 +02:00
<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>forwardPorts</literal></link>
to configure IPv4 port forwarding,
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>sharedDirectories</literal></link>
to set up shared host directories,
nixos/docs: document new qemu-vm features
2021-09-15 02:21:53 +02:00
</para>
</listitem>
<listitem>
<para>
rl-2111: Note the addition of virtualisation.useNixStoreImage... ...and rename of virtualisation.pathsInNixDB.
2021-10-28 12:23:25 +02:00
<link xlink:href="options.html#opt-virtualisation.resolution"><literal>resolution</literal></link>
to set the screen resolution,
nixos/docs: document new qemu-vm features
2021-09-15 02:21:53 +02:00
</para>
</listitem>
<listitem>
<para>
rl-2111: Note the addition of virtualisation.useNixStoreImage... ...and rename of virtualisation.pathsInNixDB.
2021-10-28 12:23:25 +02:00
<link xlink:href="options.html#opt-virtualisation.useNixStoreImage"><literal>useNixStoreImage</literal></link>
to use a disk image for the Nix store instead of 9P.
nixos/docs: document new qemu-vm features
2021-09-15 02:21:53 +02:00
</para>
</listitem>
</itemizedlist>
<para>
In addition, the default
<link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link>
parameter in 9P filesystems (including /nix/store and all
shared directories) has been increased to 16K for improved
performance.
</para>
</listitem>
sshd service: Default to INFO logLevel (upstream default). The previous justification for using "VERBOSE" is incorrect, because OpenSSH does use level INFO to log "which key was used to log in" for sccessful logins, see: https://github.com/openssh/openssh-portable/blob/6247812c76f70b2245f3c23f5074665b3d436cae/auth.c#L323-L328 Also update description to the wording of the sshd_config man page. `fail2ban` needs, sshd to be "VERBOSE" to work well, thus the `fail2ban` module sets it to "VERBOSE" if enabled. The docs are updated accordingly.
2020-10-11 17:27:49 +02:00
<listitem>
<para>
The setting
<link xlink:href="options.html#opt-services.openssh.logLevel"><literal>services.openssh.logLevel</literal></link>
<literal>&quot;VERBOSE&quot;</literal>
<literal>&quot;INFO&quot;</literal>. This brings NixOS in line
with upstream and other Linux distributions, and reduces log
spam on servers due to bruteforcing botnets.
</para>
<para>
However, if
<link xlink:href="options.html#opt-services.fail2ban.enable"><literal>services.fail2ban.enable</literal></link>
is <literal>true</literal>, the <literal>fail2ban</literal>
will override the verbosity to
<literal>&quot;VERBOSE&quot;</literal>, so that
<literal>fail2ban</literal> can observe the failed login
attempts from the SSH logs.
</para>
</listitem>
nixos/doc: new progress in xserver.extraLayouts
2021-09-17 02:12:13 +02:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-services.xserver.extraLayouts"><literal>services.xserver.extraLayouts</literal></link>
no longer cause additional rebuilds when a layout is added or
modified.
</para>
</listitem>
nixos/sway: Drop rxvt-unicode from the extraPackages default Upstream switched to Alacritty for the default configuration.
2021-06-23 17:16:56 +02:00
<listitem>
<para>
Sway: The terminal emulator <literal>rxvt-unicode</literal> is
no longer installed by default via
<literal>programs.sway.extraPackages</literal>. The current
default configuration uses <literal>alacritty</literal> (and
soon <literal>foot</literal>) so this is only an issue when
using a customized configuration and not installing
<literal>rxvt-unicode</literal> explicitly.
</para>
</listitem>
nixos/rl-notes/21.11: add python3 default bump entry
2021-06-29 11:00:51 -07:00
<listitem>
<para>
<literal>python3</literal> now defaults to Python 3.9. Python
3.9 introduces many deprecation warnings, please look at the
<link xlink:href="https://docs.python.org/3/whatsnew/3.9.html">Whats
New In Python 3.9 post</link> for more information.
</para>
</listitem>
nixos/manual: mention qtile bump
2021-08-20 11:12:02 -07:00
<listitem>
<para>
<literal>qtile</literal> hase been updated from
<quote>0.16.0</quote> to <quote>0.18.0</quote>, please check
<link xlink:href="https://github.com/qtile/qtile/blob/master/CHANGELOG">qtile
changelog</link> for changes.
</para>
</listitem>
claws-mail: 3.17.8 -> 4.0.0 With Claws Mail's latest double release of 3.18.0 and 4.0.0, the package will refer to the more "modern" GTK+ 3 release, major version four. The GTK+ 2 release, major version 3, is now available in the `claws-mail-gtk2` package. In other words, this commit bumps the GTK+ 2 version from 3.17.8 to 3.18.0, the previously unstable GTK+ 3 version 3.99.0 to 4.0.0 and changes the default to GTK+ 3.
2021-07-10 12:01:15 +02:00
<listitem>
<para>
The <literal>claws-mail</literal> package now references the
new GTK+ 3 release branch, major version 4. To use the GTK+ 2
releases, one can install the
<literal>claws-mail-gtk2</literal> package.
</para>
</listitem>
nixos/wordpress: nginx support
2020-04-06 09:25:07 +02:00
<listitem>
<para>
The wordpress module provides a new interface which allows to
use different webservers with the new option
<link xlink:href="options.html#opt-services.wordpress.webserver"><literal>services.wordpress.webserver</literal></link>.
nixos/wordpress: caddy support
2021-08-03 15:24:34 +02:00
Currently <literal>httpd</literal>, <literal>caddy</literal>
and <literal>nginx</literal> are supported. The definitions of
nixos/wordpress: nginx support
2020-04-06 09:25:07 +02:00
wordpress sites should now be set in
<link xlink:href="options.html#opt-services.wordpress.sites"><literal>services.wordpress.sites</literal></link>.
</para>
<para>
Sites definitions that use the old interface are automatically
migrated in the new option. This backward compatibility will
be removed in 22.05.
</para>
</listitem>
nixos/dokuwiki: Add support for Caddy web server
2021-08-03 14:50:21 +02:00
<listitem>
<para>
The dokuwiki module provides a new interface which allows to
use different webservers with the new option
<link xlink:href="options.html#opt-services.dokuwiki.webserver"><literal>services.dokuwiki.webserver</literal></link>.
Currently <literal>caddy</literal> and
<literal>nginx</literal> are supported. The definitions of
dokuwiki sites should now be set in
<link xlink:href="options.html#opt-services.dokuwiki.sites"><literal>services.dokuwiki.sites</literal></link>.
</para>
<para>
Sites definitions that use the old interface are automatically
migrated in the new option. This backward compatibility will
be removed in 22.05.
</para>
</listitem>
nixos/systemd: fix NSS database ordering - The order of NSS (host) modules has been brought in line with upstream recommendations: - The `myhostname` module is placed before the `resolve` (optional) and `dns` entries, but after `file` (to allow overriding via `/etc/hosts` / `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from hijacking `.localhost` domains) - The `mymachines` module, which provides hostname resolution for local containers (registered with `systemd-machined`) is placed to the front, to make sure its mappings are preferred over other resolvers. - If systemd-networkd is enabled, the `resolve` module is placed before `files` and `myhostname`, as it provides the same logic internally, with caching. - The `mdns(_minimal)` module has been updated to the new priorities. If you use your own NSS host modules, make sure to update your priorities according to these rules: - NSS modules which should be queried before `resolved` DNS resolution should use mkBefore. - NSS modules which should be queried after `resolved`, `files` and `myhostname`, but before `dns` should use the default priority - NSS modules which should come after `dns` should use mkAfter.
2021-07-17 19:41:45 +02:00
<listitem>
<para>
The order of NSS (host) modules has been brought in line with
upstream recommendations:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The <literal>myhostname</literal> module is placed before
the <literal>resolve</literal> (optional) and
<literal>dns</literal> entries, but after
<literal>file</literal> (to allow overriding via
<literal>/etc/hosts</literal> /
<literal>networking.extraHosts</literal>, and prevent ISPs
with catchall-DNS resolvers from hijacking
<literal>.localhost</literal> domains)
</para>
</listitem>
<listitem>
<para>
The <literal>mymachines</literal> module, which provides
hostname resolution for local containers (registered with
<literal>systemd-machined</literal>) is placed to the
front, to make sure its mappings are preferred over other
resolvers.
</para>
</listitem>
<listitem>
<para>
If systemd-networkd is enabled, the
<literal>resolve</literal> module is placed before
<literal>files</literal> and
<literal>myhostname</literal>, as it provides the same
logic internally, with caching.
</para>
</listitem>
<listitem>
<para>
The <literal>mdns(_minimal)</literal> module has been
updated to the new priorities.
</para>
</listitem>
</itemizedlist>
<para>
If you use your own NSS host modules, make sure to update your
priorities according to these rules:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
NSS modules which should be queried before
<literal>resolved</literal> DNS resolution should use
mkBefore.
</para>
</listitem>
<listitem>
<para>
NSS modules which should be queried after
<literal>resolved</literal>, <literal>files</literal> and
<literal>myhostname</literal>, but before
<literal>dns</literal> should use the default priority
</para>
</listitem>
<listitem>
<para>
NSS modules which should come after <literal>dns</literal>
should use mkAfter.
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/release-notes: document wpa_supplicant changes
2021-09-25 23:39:25 +02:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-networking.wireless.enable">networking.wireless</link>
module (based on wpa_supplicant) has been heavily reworked,
solving a number of issues and adding useful features:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The automatic discovery of wireless interfaces at boot has
been made reliable again (issues
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/101963">#101963</link>,
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/23196">#23196</link>).
</para>
</listitem>
<listitem>
<para>
WPA3 and Fast BSS Transition (802.11r) are now enabled by
default for all networks.
</para>
</listitem>
<listitem>
<para>
Secrets like pre-shared keys and passwords can now be
handled safely, meaning without including them in a
world-readable file
(<literal>wpa_supplicant.conf</literal> under /nix/store).
This is achieved by storing the secrets in a secured
<link xlink:href="options.html#opt-networking.wireless.environmentFile">environmentFile</link>
and referring to them though environment variables that
are expanded inside the configuration.
</para>
</listitem>
<listitem>
<para>
With multiple interfaces declared, independent
wpa_supplicant daemons are started, one for each interface
(the services are named
<literal>wpa_supplicant-wlan0</literal>,
<literal>wpa_supplicant-wlan1</literal>, etc.).
</para>
</listitem>
<listitem>
<para>
The generated <literal>wpa_supplicant.conf</literal> file
is now formatted for easier reading.
</para>
</listitem>
<listitem>
<para>
A new
<link xlink:href="options.html#opt-networking.wireless.scanOnLowSignal">scanOnLowSignal</link>
option has been added to facilitate fast roaming between
access points (enabled by default).
</para>
</listitem>
<listitem>
<para>
A new
<link xlink:href="options.html#opt-networking.wireless.networks._name_.authProtocols">networks.&lt;name&gt;.authProtocols</link>
option has been added to change the authentication
protocols used when connecting to a network.
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/iwd: add settings option
2021-05-20 07:59:34 +08:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link>
module has a new
<link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link>
option.
</para>
</listitem>
nixos/rl-2111: Document smokeping service updates
2021-11-01 15:57:30 +01:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-services.smokeping.host">services.smokeping.host</link>
option was added and defaulted to
<literal>localhost</literal>. Before,
<literal>smokeping</literal> listened to all interfaces by
default. NixOS defaults generally aim to provide
non-Internet-exposed defaults for databases and internal
monitoring tools, see e.g.
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/100192">#100192</link>.
Further, the systemd service for <literal>smokeping</literal>
got reworked defaults for increased operational stability, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/144127">PR
#144127</link> for details.
</para>
</listitem>
nixos/rl-notes/21.11: Add note about remaining syncoid permissions
2021-07-26 09:26:02 +02:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-services.syncoid.enable">services.syncoid.enable</link>
module now properly drops ZFS permissions after usage. Before
it delegated permissions to whole pools instead of datasets
and didnt clean up after execution. You can manually look
this up for your pools by running
<literal>zfs allow your-pool-name</literal> and use
<literal>zfs unallow syncoid your-pool-name</literal> to clean
this up.
</para>
</listitem>
nixos/rl-notes: Add mention of zfs.latestCompatibleLinuxPackges
2021-07-05 18:41:35 -07:00
<listitem>
<para>
Zfs: <literal>latestCompatibleLinuxPackages</literal> is now
exported on the zfs package. One can use
<literal>boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;</literal>
to always track the latest compatible kernel with a given
version of zfs.
</para>
</listitem>
changelog: re-add by accident deleted sections
2021-08-10 16:26:18 +02:00
<listitem>
<para>
Nginx will use the value of
<literal>sslTrustedCertificate</literal> if provided for a
virtual host, even if <literal>enableACME</literal> is set.
This is useful for providers not using the same certificate to
sign OCSP responses and server certificates.
</para>
</listitem>
lib.formats.yaml: use well known YAML format The way `(lib.formats.yaml {}).generate` generates YAML is compliant because on YAML 1.2 spec JSON is a subset of YAML but it bugs people's minds and can lead to problems with software that is not compatible with YAML 1.2. This commit also changes the test of the generation function. Data validation/typing remains the same. See #133802. Signed-off-by: lucasew <lucas59356@gmail.com>
2021-08-13 16:31:14 -03:00
<listitem>
<para>
<literal>lib.formats.yaml</literal>s
<literal>generate</literal> will not generate JSON anymore,
but instead use more of the YAML-specific syntax.
</para>
</listitem>
mariadb: 10.5.11 -> 10.6.3 new minor release https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/
2021-08-06 17:59:18 +02:00
<listitem>
<para>
MariaDB was upgraded from 10.5.x to 10.6.x. Please read the
<link xlink:href="https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/">upstream
release notes</link> for changes and upgrade instructions.
</para>
</listitem>
libmysqlclient: init 3.2 and default to it https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/
2021-08-06 18:22:48 +02:00
<listitem>
<para>
The MariaDB C client library, also known as libmysqlclient or
mariadb-connector-c, was upgraded from 3.1.x to 3.2.x. While
this should hopefully not have any impact, this upgrade comes
with some changes to default behavior, so you might want to
review the
<link xlink:href="https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/">upstream
release notes</link>.
</para>
</listitem>
nixos/gnome: enable platform integration for Qt Qt links against GTK to be able to use native GTK file chooser in GTK-oriented DEs. However, GTK expects a specific environment, which means the application needs to be wrapped to prevent crashes when file chooser is opened in some environments. This patch bypasses the need for wrapping Qt applications with GTK-related environment since the file chooser dialogue will now come from a separate process (instantiated by the XDG desktop portal via D-Bus). In the future, we could remove the GTK dependency from Qt to fix the crashes on non-{GNOME,Pantheon} environments. Then, users would be able to choose between non-native Qt dialogue or native one facilitated by XDG portals (e.g. through setting `QT_QPA_PLATFORMTHEME` to either `qgnomeplatform`, or `xdgdesktopportal`). One disadvantage is adding a Qt dependency to GNOME, even for people who might not use any Qt apps. But they can easily just add `qt5.enable = false;` to their NixOS configuration. The configuration is also presumably less battle tested than plain Qt with its first-party GTK integration. But it is backed by Fedora and used by Manjaro GNOME so it cannot be that bad. Lastly, I worry about ABI compatibility of the platform modules with apps installed from different Nixpkgs revision.
2021-08-29 02:28:38 +02:00
<listitem>
<para>
GNOME desktop environment now enables
<literal>QGnomePlatform</literal> as the Qt platform theme,
which should avoid crashes when opening file chooser dialogs
in Qt apps by using XDG desktop portal. Additionally, it will
make the apps fit better visually.
</para>
</listitem>
rofi: 1.6.1 -> 1.7.0 And add myself as a maintainer
2021-09-02 22:06:13 +02:00
<listitem>
<para>
<literal>rofi</literal> has been updated from
<quote>1.6.1</quote> to <quote>1.7.0</quote>, one important
thing is the removal of the old xresources based configuration
setup. Read more
<link xlink:href="https://github.com/davatorium/rofi/blob/cb12e6fc058f4a0f4f/Changelog#L1">in
rofis changelog</link>.
</para>
</listitem>
release-docs: add ipfs localdiscovery false change
2021-09-09 09:25:32 +09:00
<listitem>
<para>
ipfs now defaults to not listening on you local network. This
setting was change as server providers wont accept port
scanning on their private network. If you have several ipfs
instances running on a network you own, feel free to change
the setting <literal>ipfs.localDiscovery = true;</literal>.
localDiscovery enables different instances to discover each
other and share data.
</para>
</listitem>
lua: add LUA_PATH changes to release notes lua interpreters have been patched not to look into FHS folders anymore.
2021-09-12 02:07:19 +02:00
<listitem>
<para>
<literal>lua</literal> and <literal>luajit</literal>
interpreters have been patched to avoid looking into /usr/lib
directories, thus increasing the purity of the build.
</para>
</listitem>
nixos/xdg/mime: add config for associations between mimetypes and applications
2021-09-12 21:02:40 -04:00
<listitem>
<para>
Three new options,
<link linkend="opt-xdg.mime.addedAssociations">xdg.mime.addedAssociations</link>,
<link linkend="opt-xdg.mime.defaultApplications">xdg.mime.defaultApplications</link>,
and
<link linkend="opt-xdg.mime.removedAssociations">xdg.mime.removedAssociations</link>
have been added to the
<link linkend="opt-xdg.mime.enable">xdg.mime</link> module to
allow the configuration of
<literal>/etc/xdg/mimeapps.list</literal>.
</para>
</listitem>
kopia: 0.8.4 -> 0.9.0
2021-10-09 22:44:29 -04:00
<listitem>
<para>
Kopia was upgraded from 0.8.x to 0.9.x. Please read the
<link xlink:href="https://github.com/kopia/kopia/releases/tag/v0.9.0">upstream
release notes</link> for changes and upgrade instructions.
</para>
</listitem>
nixos/networking: add foo-over-udp endpoint support allows configuration of foo-over-udp decapsulation endpoints. sadly networkd seems to lack the features necessary to support local and peer address configuration, so those are only supported when using scripted configuration.
2021-08-11 11:02:47 +02:00
<listitem>
<para>
The <literal>systemd.network</literal> module has gained
support for the FooOverUDP link type.
</para>
</listitem>
<listitem>
<para>
The <literal>networking</literal> module has a new
<literal>networking.fooOverUDP</literal> option to configure
Foo-over-UDP encapsulations.
</para>
</listitem>
nixos/networking: support FOU encapsulation for sits
2021-08-11 12:48:43 +02:00
<listitem>
<para>
<literal>networking.sits</literal> now supports Foo-over-UDP
encapsulation.
</para>
</listitem>
nixos/doc/manual/release_notes: add virtualisation.libvirtd changes
2021-10-18 13:43:16 -03:00
<listitem>
<para>
The <literal>virtualisation.libvirtd</literal> module has been
refactored and updated with new options:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>virtualisation.libvirtd.qemu*</literal> options
(e.g.:
<literal>virtualisation.libvirtd.qemuRunAsRoot</literal>)
were moved to
<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu"><literal>virtualisation.libvirtd.qemu</literal></link>
submodule,
</para>
</listitem>
<listitem>
<para>
software TPM1/TPM2 support (e.g.: Windows 11 guests)
(<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.swtpm"><literal>virtualisation.libvirtd.qemu.swtpm</literal></link>),
</para>
</listitem>
<listitem>
<para>
custom OVMF package (e.g.:
<literal>pkgs.OVMFFull</literal> with HTTP, CSM and Secure
Boot support)
(<link xlink:href="options.html#opt-virtualisation.libvirtd.qemu.ovmf.package"><literal>virtualisation.libvirtd.qemu.ovmf.package</literal></link>).
</para>
</listitem>
</itemizedlist>
</listitem>
release-notes: Include note on Cawbird API key change follow up to #140412
2021-10-24 02:57:47 +02:00
<listitem>
<para>
The <literal>cawbird</literal> Twitter client now uses its own
API keys to count as different application than upstream
builds. This is done to evade application-level rate limiting.
While existing accounts continue to work, users may want to
remove and re-register their account in the client to enjoy a
better user experience and benefit from this change.
</para>
</listitem>
module/prometheus: optionally support reloading on config changes The new option `services.prometheus.enableReload` has been introduced which, when enabled, causes the prometheus systemd service to reload when its config file changes. More specifically the following property holds: switching to a configuration (`switch-to-configuration`) that changes the prometheus configuration only finishes successully when prometheus has finished loading the new configuration. `enableReload` is `false` by default in which case the old semantics of restarting the prometheus systemd service are in effect.
2021-10-27 14:18:00 +02:00
<listitem>
<para>
A new option
<literal>services.prometheus.enableReload</literal> has been
added which can be enabled to reload the prometheus service
when its config file changes instead of restarting.
</para>
</listitem>
nixos/prometheus: remove services.prometheus.environmentFile The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.
2021-11-07 14:45:40 +00:00
<listitem>
<para>
The option
<literal>services.prometheus.environmentFile</literal> has
been removed since it was causing
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/126083">issues</link>
nixos/prometheus: throw a helpful error when services.prometheus.environmentFile is defined
2021-11-07 19:04:24 +00:00
and Prometheus now has native support for secret files, i.e.
<literal>basic_auth.password_file</literal> and
<literal>authorization.credentials_file</literal>.
nixos/prometheus: remove services.prometheus.environmentFile The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.
2021-11-07 14:45:40 +00:00
</para>
</listitem>
dokuwiki: add release notes
2021-11-02 09:36:58 +09:00
<listitem>
<para>
Dokuwiki now supports caddy! However
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
the nginx option has been removed, in the new
configuration, please use the
<literal>dokuwiki.webserver = &quot;nginx&quot;</literal>
instead.
</para>
</listitem>
<listitem>
<para>
The <quote>${hostname}</quote> option has been deprecated,
please use
<literal>dokuwiki.sites = [ &quot;${hostname}&quot; ]</literal>
instead
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/unifi: refactor mountpoints Use service internal bind mounts instead of global ones. This also moves the logs to /var/log/unifi on the host and the run directory to /run/unifi. Closes #61424
2021-10-29 00:00:10 +02:00
<listitem>
<para>
The
<link xlink:href="options.html#opt-services.unifi.enable">services.unifi</link>
module has been reworked, solving a number of issues. This
leads to several user facing changes:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The <literal>services.unifi.dataDir</literal> option is
removed and the data is now always located under
<literal>/var/lib/unifi/data</literal>. This is done to
make better use of systemd state direcotiry and thus
making the service restart more reliable.
</para>
</listitem>
<listitem>
<para>
The unifi logs can now be found under:
<literal>/var/log/unifi</literal> instead of
<literal>/var/lib/unifi/logs</literal>.
</para>
</listitem>
<listitem>
<para>
The unifi run directory can now be found under:
<literal>/run/unifi</literal> instead of
<literal>/var/lib/unifi/run</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
nixos/pam: pam_mkhomedir umask to 0077 pam_mkhomedir should create homedirs with the same umask as the rest of the system. Currently it creates homedirs with go+rx which makes it readable for other non-privileged users.
2021-08-07 12:57:50 +02:00
<listitem>
<para>
<literal>security.pam.services.&lt;name&gt;.makeHomeDir</literal>
now uses <literal>umask=0077</literal> instead of
<literal>umask=0022</literal> when creating the home
directory.
</para>
</listitem>
loki: 2.3.0 -> 2.4.0
2021-11-06 20:12:33 -04:00
<listitem>
<para>
Loki has had another release. Some default values have been
changed for the configuration and some configuration options
have been renamed. For more details, please check
<link xlink:href="https://grafana.com/docs/loki/latest/upgrading/#240">the
upgrade guide</link>.
</para>
</listitem>
julia: -lts -> -stable
2021-11-09 18:41:10 +01:00
<listitem>
<para>
<literal>julia</literal> now refers to
<literal>julia-stable</literal> instead of
<literal>julia-lts</literal>. In practice this means it has
been upgraded from <literal>1.0.4</literal> to
<literal>1.5.4</literal>.
</para>
</listitem>
nixos/doc: add release notes about retroarch changes
2021-11-19 23:16:53 -03:00
<listitem>
<para>
RetroArch has been upgraded from version
<literal>1.8.5</literal> to <literal>1.9.13.2</literal>. Since
the previous release was quite old, if youre having issues
after the upgrade, please delete your
<literal>$XDG_CONFIG_HOME/retroarch/retroarch.cfg</literal>
file.
</para>
</listitem>
nixos/doc: Add note about big updates regarding hydrus to release notes
2021-11-28 04:08:57 +01:00
<listitem>
<para>
hydrus has been upgraded from version <literal>438</literal>
hydrus: 462 -> 463
2021-11-28 04:10:57 +01:00
to <literal>463</literal>. Since upgrading between releases
nixos/doc: Add note about big updates regarding hydrus to release notes
2021-11-28 04:08:57 +01:00
this old is advised against, be sure to have a backup of your
data before upgrading. For details, see
<link xlink:href="https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates">the
hydrus manual</link>.
</para>
</listitem>
OpenJDK: expose more versions Provide a way to access all JDK versions.
2021-10-28 20:46:09 +02:00
<listitem>
<para>
More jdk and jre versions are now exposed via
<literal>java-packages.compiler</literal>.
</para>
</listitem>
sshd service: Default to INFO logLevel (upstream default). The previous justification for using "VERBOSE" is incorrect, because OpenSSH does use level INFO to log "which key was used to log in" for sccessful logins, see: https://github.com/openssh/openssh-portable/blob/6247812c76f70b2245f3c23f5074665b3d436cae/auth.c#L323-L328 Also update description to the wording of the sshd_config man page. `fail2ban` needs, sshd to be "VERBOSE" to work well, thus the `fail2ban` module sets it to "VERBOSE" if enabled. The docs are updated accordingly.
2020-10-11 17:27:49 +02:00
</itemizedlist>
nixos/release-notes: Improve 21.11 stub
2021-06-02 11:52:02 -07:00
</section>
nixos/doc: add 21.11 release notes stub
2021-05-08 20:22:32 -07:00
</section>
Reference in a new issue Copy permalink