mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-11 20:25:32 +03:00
778 lines
32 KiB
XML
778 lines
32 KiB
XML
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-23.05">
|
||
<title>Release 23.05 (“Stoat”, 2023.05/??)</title>
|
||
<para>
|
||
Support is planned until the end of December 2023, handing over to
|
||
23.11.
|
||
</para>
|
||
<section xml:id="sec-release-23.05-highlights">
|
||
<title>Highlights</title>
|
||
<para>
|
||
In addition to numerous new and upgraded packages, this release
|
||
has the following highlights:
|
||
</para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
Cinnamon has been updated to 5.6, see
|
||
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204">the
|
||
pull request</link> for what is changed.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>nixos-rebuild</literal> now supports an extra
|
||
<literal>--specialisation</literal> option that can be used to
|
||
change specialisation for <literal>switch</literal> and
|
||
<literal>test</literal> commands.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
<section xml:id="sec-release-23.05-new-services">
|
||
<title>New Services</title>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://akkoma.social">Akkoma</link>, an
|
||
ActivityPub microblogging server. Available as
|
||
<link xlink:href="options.html#opt-services.akkoma.enable">services.akkoma</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/akinomyoga/ble.sh">blesh</link>,
|
||
a line editor written in pure bash. Available as
|
||
<link linkend="opt-programs.bash.blesh.enable">programs.bash.blesh</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/adnanh/webhook">webhook</link>,
|
||
a lightweight webhook server. Available as
|
||
<link linkend="opt-services.webhook.enable">services.webhook</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/alexivkin/CUPS-PDF-to-PDF">cups-pdf-to-pdf</link>,
|
||
a pdf-generating cups backend based on
|
||
<link xlink:href="https://www.cups-pdf.de/">cups-pdf</link>.
|
||
Available as
|
||
<link linkend="opt-services.printing.cups-pdf.enable">services.printing.cups-pdf</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://www.magicbug.co.uk/cloudlog/">Cloudlog</link>,
|
||
a web-based Amateur Radio logging application. Available as
|
||
<link linkend="opt-services.cloudlog.enable">services.cloudlog</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/junegunn/fzf">fzf</link>,
|
||
a command line fuzzyfinder. Available as
|
||
<link linkend="opt-programs.fzf.fuzzyCompletion">programs.fzf</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/hzeller/gmrender-resurrect">gmediarender</link>,
|
||
a simple, headless UPnP/DLNA renderer. Available as
|
||
<link xlink:href="options.html#opt-services.gmediarender.enable">services.gmediarender</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/StevenBlack/hosts">stevenblack-blocklist</link>,
|
||
A unified hosts file with base extensions for blocking
|
||
unwanted websites. Available as
|
||
<link xlink:href="options.html#opt-networking.stevenblack.enable">networking.stevenblack</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/slurdge/goeland">goeland</link>,
|
||
an alternative to rss2email written in golang with many
|
||
filters. Available as
|
||
<link linkend="opt-services.goeland.enable">services.goeland</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/ellie/atuin">atuin</link>,
|
||
a sync server for shell history. Available as
|
||
<link linkend="opt-services.atuin.enable">services.atuin</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://gitlab.com/kop316/mmsd">mmsd</link>,
|
||
a lower level daemon that transmits and recieves MMSes.
|
||
Available as
|
||
<link linkend="opt-services.mmsd.enable">services.mmsd</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://v2raya.org">v2rayA</link>, a Linux
|
||
web GUI client of Project V which supports V2Ray, Xray, SS,
|
||
SSR, Trojan and Pingtunnel. Available as
|
||
<link xlink:href="options.html#opt-services.v2raya.enable">services.v2raya</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://www.netfilter.org/projects/ulogd/index.html">ulogd</link>,
|
||
a userspace logging daemon for netfilter/iptables related
|
||
logging. Available as
|
||
<link xlink:href="options.html#opt-services.ulogd.enable">services.ulogd</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://photoprism.app/">photoprism</link>,
|
||
a AI-Powered Photos App for the Decentralized Web. Available
|
||
as
|
||
<link xlink:href="options.html#opt-services.photoprism.enable">services.photoprism</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/languitar/autosuspend">autosuspend</link>,
|
||
a python daemon that suspends a system if certain conditions
|
||
are met, or not met.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
<section xml:id="sec-release-23.05-incompatibilities">
|
||
<title>Backward Incompatibilities</title>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
<literal>carnix</literal> and <literal>cratesIO</literal> has
|
||
been removed due to being unmaintained, use alternatives such
|
||
as
|
||
<link xlink:href="https://github.com/nix-community/naersk">naersk</link>
|
||
and
|
||
<link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link>
|
||
instead.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>checkInputs</literal> have been renamed to
|
||
<literal>nativeCheckInputs</literal>, because they behave the
|
||
same as <literal>nativeBuildInputs</literal> when
|
||
<literal>doCheck</literal> is set.
|
||
<literal>checkInputs</literal> now denote a new type of
|
||
dependencies, added to <literal>buildInputs</literal> when
|
||
<literal>doCheck</literal> is set. As a rule of thumb,
|
||
<literal>nativeCheckInputs</literal> are tools on
|
||
<literal>$PATH</literal> used during the tests, and
|
||
<literal>checkInputs</literal> are libraries which are linked
|
||
to executables built as part of the tests. Similarly,
|
||
<literal>installCheckInputs</literal> are renamed to
|
||
<literal>nativeInstallCheckInputs</literal>, corresponding to
|
||
<literal>nativeBuildInputs</literal>, and
|
||
<literal>installCheckInputs</literal> are a new type of
|
||
dependencies added to <literal>buildInputs</literal> when
|
||
<literal>doInstallCheck</literal> is set. (Note that this
|
||
change will not cause breakage to derivations with
|
||
<literal>strictDeps</literal> unset, which are most packages
|
||
except python, rust and go packages).
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>borgbackup</literal> module now has an option for
|
||
inhibiting system sleep while backups are running, defaulting
|
||
to off (not inhibiting sleep), available as
|
||
<link linkend="opt-services.borgbackup.jobs._name_.inhibitsSleep"><literal>services.borgbackup.jobs.<name>.inhibitsSleep</literal></link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>podman</literal> now uses the
|
||
<literal>netavark</literal> network stack. Users will need to
|
||
delete all of their local containers, images, volumes, etc, by
|
||
running <literal>podman system reset --force</literal> once
|
||
before upgrading their systems.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>git-bug</literal> has been updated to at least
|
||
version 0.8.0, which includes backwards incompatible changes.
|
||
The <literal>git-bug-migration</literal> package can be used
|
||
to upgrade existing repositories.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The EC2 image module no longer fetches instance metadata in
|
||
stage-1. This results in a significantly smaller initramfs,
|
||
since network drivers no longer need to be included, and
|
||
faster boots, since metadata fetching can happen in parallel
|
||
with startup of other services. This breaks services which
|
||
rely on metadata being present by the time stage-2 is entered.
|
||
Anything which reads EC2 metadata from
|
||
<literal>/etc/ec2-metadata</literal> should now have an
|
||
<literal>after</literal> dependency on
|
||
<literal>fetch-ec2-metadata.service</literal>
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>minio</literal> removed support for its legacy
|
||
filesystem backend in
|
||
<link xlink:href="https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z">RELEASE.2022-10-29T06-21-33Z</link>.
|
||
This means if your storage was created with the old format,
|
||
minio will no longer start. Unfortunately minio doesn’t
|
||
provide a an automatic migration, they only provide
|
||
<link xlink:href="https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html">instructions
|
||
how to manually convert the node</link>. To facilitate this
|
||
migration we keep around the last version that still supports
|
||
the old filesystem backend as
|
||
<literal>minio_legacy_fs</literal>. Use it via
|
||
<literal>services.minio.package = minio_legacy_fs;</literal>
|
||
to export your data before switching to the new version. See
|
||
the corresponding
|
||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/199318">issue</link>
|
||
for more details.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.sourcehut.dispatch</literal> and the
|
||
corresponding package
|
||
(<literal>sourcehut.dispatchsrht</literal>) have been removed
|
||
due to
|
||
<link xlink:href="https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/">upstream
|
||
deprecation</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The
|
||
<link linkend="opt-services.snapserver.openFirewall">services.snapserver.openFirewall</link>
|
||
module option default value has been changed from
|
||
<literal>true</literal> to <literal>false</literal>. You will
|
||
need to explicitly set this option to <literal>true</literal>,
|
||
or configure your firewall.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The
|
||
<link linkend="opt-services.tmate-ssh-server.openFirewall">services.tmate-ssh-server.openFirewall</link>
|
||
module option default value has been changed from
|
||
<literal>true</literal> to <literal>false</literal>. You will
|
||
need to explicitly set this option to <literal>true</literal>,
|
||
or configure your firewall.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The
|
||
<link linkend="opt-services.unifi-video.openFirewall">services.unifi-video.openFirewall</link>
|
||
module option default value has been changed from
|
||
<literal>true</literal> to <literal>false</literal>. You will
|
||
need to explicitly set this option to <literal>true</literal>,
|
||
or configure your firewall.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
Kime has been updated from 2.5.6 to 3.0.2 and the
|
||
<literal>i18n.inputMethod.kime.config</literal> option has
|
||
been removed. Users should use
|
||
<literal>daemonModules</literal>,
|
||
<literal>iconColor</literal>, and
|
||
<literal>extraConfig</literal> options under
|
||
<literal>i18n.inputMethod.kime</literal> instead.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>tut</literal> has been updated from 1.0.34 to 2.0.0,
|
||
and now uses the TOML format for the configuration file
|
||
instead of INI. Additional information can be found
|
||
<link xlink:href="https://github.com/RasmusLindroth/tut/releases/tag/2.0.0">here</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>wordpress</literal> derivation no longer contains
|
||
any builtin plugins or themes. If you need them you have to
|
||
add them back to prevent your site from breaking. You can find
|
||
them in <literal>wordpressPackages.{plugins,themes}</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>llvmPackages_rocm.llvm</literal> will not contain
|
||
<literal>clang</literal> or <literal>compiler-rt</literal>.
|
||
<literal>llvmPackages_rocm.clang</literal> will not contain
|
||
<literal>llvm</literal>.
|
||
<literal>llvmPackages_rocm.clangNoCompilerRt</literal> has
|
||
been removed in favor of using
|
||
<literal>llvmPackages_rocm.clang-unwrapped</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The EC2 image module previously detected and automatically
|
||
mounted ext3-formatted instance store devices and partitions
|
||
in stage-1 (initramfs), storing <literal>/tmp</literal> on the
|
||
first discovered device. This behaviour, which only catered to
|
||
very specific use cases and could not be disabled, has been
|
||
removed. Users relying on this should provide their own
|
||
implementation, and probably use ext4 and perform the mount in
|
||
stage-2.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>teleport</literal> has been upgraded to major version
|
||
11. Please see upstream
|
||
<link xlink:href="https://goteleport.com/docs/setup/operations/upgrading/">upgrade
|
||
instructions</link> and
|
||
<link xlink:href="https://goteleport.com/docs/changelog/#1100">release
|
||
notes</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The EC2 image module previously detected and activated
|
||
swap-formatted instance store devices and partitions in
|
||
stage-1 (initramfs). This behaviour has been removed. Users
|
||
relying on this should provide their own implementation.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
Qt 5.12 and 5.14 have been removed, as the corresponding
|
||
branches have been EOL upstream for a long time. This affected
|
||
under 10 packages in nixpkgs, largely unmaintained upstream as
|
||
well, however, out-of-tree package expressions may need to be
|
||
updated manually.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The
|
||
<link linkend="opt-services.wordpress.sites._name_.plugins">services.wordpress.sites.<name>.plugins</link>
|
||
and
|
||
<link linkend="opt-services.wordpress.sites._name_.themes">services.wordpress.sites.<name>.themes</link>
|
||
options have been converted from sets to attribute sets to
|
||
allow for consumers to specify explicit install paths via
|
||
attribute name.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
In <literal>mastodon</literal> it is now necessary to specify
|
||
location of file with <literal>PostgreSQL</literal> database
|
||
password. In
|
||
<literal>services.mastodon.database.passwordFile</literal>
|
||
parameter default value
|
||
<literal>/var/lib/mastodon/secrets/db-password</literal> has
|
||
been changed to <literal>null</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>--target-host</literal> and
|
||
<literal>--build-host</literal> options of
|
||
<literal>nixos-rebuild</literal> no longer treat the
|
||
<literal>localhost</literal> value specially – to build
|
||
on/deploy to local machine, omit the relevant flag.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>nix.readOnlyStore</literal> option has been
|
||
renamed to <literal>boot.readOnlyNixStore</literal> to clarify
|
||
that it configures the NixOS boot process, not the Nix daemon.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
Deprecated <literal>xlibsWrapper</literal> transitional
|
||
package has been removed in favour of direct use of its
|
||
constitutents: <literal>xorg.libX11</literal>,
|
||
<literal>freetype</literal> and others.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
.NET 5.0 was removed due to being end-of-life, use a newer,
|
||
supported .NET version -
|
||
https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
<section xml:id="sec-release-23.05-notable-changes">
|
||
<title>Other Notable Changes</title>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
<literal>vim_configurable</literal> has been renamed to
|
||
<literal>vim-full</literal> to avoid confusion:
|
||
<literal>vim-full</literal>’s build-time features are
|
||
configurable, but both <literal>vim</literal> and
|
||
<literal>vim-full</literal> are
|
||
<emphasis>customizable</emphasis> (in the sense of user
|
||
configuration, like vimrc).
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The module for the application firewall
|
||
<literal>opensnitch</literal> got the ability to configure
|
||
rules. Available as
|
||
<link linkend="opt-services.opensnitch.rules">services.opensnitch.rules</link>
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The module <literal>usbmuxd</literal> now has the ability to
|
||
change the package used by the daemon. In case you’re
|
||
experiencing issues with <literal>usbmuxd</literal> you can
|
||
try an alternative program like <literal>usbmuxd2</literal>.
|
||
Available as
|
||
<link linkend="opt-services.usbmuxd.package">services.usbmuxd.package</link>
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
A few openssh options have been moved from extraConfig to the
|
||
new freeform option <literal>settings</literal> and renamed as
|
||
follow:
|
||
<literal>services.openssh.kbdInteractiveAuthentication</literal>
|
||
to
|
||
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
|
||
<literal>services.openssh.passwordAuthentication</literal> to
|
||
<literal>services.openssh.settings.PasswordAuthentication</literal>,
|
||
<literal>services.openssh.useDns</literal> to
|
||
<literal>services.openssh.settings.UseDns</literal>,
|
||
<literal>services.openssh.permitRootLogin</literal> to
|
||
<literal>services.openssh.settings.PermitRootLogin</literal>,
|
||
<literal>services.openssh.logLevel</literal> to
|
||
<literal>services.openssh.settings.LogLevel</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.mastodon</literal> gained a tootctl wrapped
|
||
named <literal>mastodon-tootctl</literal> similar to
|
||
<literal>nextcloud-occ</literal> which can be executed from
|
||
any user and switches to the configured mastodon user with
|
||
sudo and sources the environment variables.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
DocBook option documentation, which has been deprecated since
|
||
22.11, will now cause a warning when documentation is built.
|
||
Out-of-tree modules should migrate to using CommonMark
|
||
documentation as outlined in
|
||
<xref linkend="sec-option-declarations" /> to silence this
|
||
warning.
|
||
</para>
|
||
<para>
|
||
DocBook option documentation support will be removed in the
|
||
next release and CommonMark will become the default. DocBook
|
||
option documentation that has not been migrated until then
|
||
will no longer render properly or cause errors.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>dnsmasq</literal> service now takes configuration
|
||
via the <literal>services.dnsmasq.settings</literal> attribute
|
||
set. The option
|
||
<literal>services.dnsmasq.extraConfig</literal> will be
|
||
deprecated when NixOS 22.11 reaches end of life.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>dokuwiki</literal> service now takes
|
||
configuration via the
|
||
<literal>services.dokuwiki.sites.<name>.settings</literal>
|
||
attribute set, <literal>extraConfig</literal> is deprecated
|
||
and will be removed. The
|
||
<literal>{aclUse,superUser,disableActions}</literal>
|
||
attributes have been renamed, <literal>pluginsConfig</literal>
|
||
now also accepts an attribute set of booleans, passing plain
|
||
PHP is deprecated. Same applies to <literal>acl</literal>
|
||
which now also accepts structured settings.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>wordpress</literal> service now takes
|
||
configuration via the
|
||
<literal>services.wordpress.sites.<name>.settings</literal>
|
||
attribute set, <literal>extraConfig</literal> is still
|
||
available to append additional text to
|
||
<literal>wp-config.php</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
To reduce closure size in
|
||
<literal>nixos/modules/profiles/minimal.nix</literal> profile
|
||
disabled installation documentations and manuals. Also
|
||
disabled <literal>logrotate</literal> and
|
||
<literal>udisks2</literal> services.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The minimal ISO image now uses the
|
||
<literal>nixos/modules/profiles/minimal.nix</literal> profile.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>ghcWithPackages</literal> and
|
||
<literal>ghcWithHoogle</literal> wrappers will now also
|
||
symlink GHC’s and all included libraries’ documentation to
|
||
<literal>$out/share/doc</literal> for convenience. If
|
||
undesired, the old behavior can be restored by overriding the
|
||
builders with
|
||
<literal>{ installDocumentation = false; }</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>mastodon</literal> now supports connection to a
|
||
remote <literal>PostgreSQL</literal> database.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.peertube</literal> now requires you to
|
||
specify the secret file
|
||
<literal>secrets.secretsFile</literal>. It can be generated by
|
||
running <literal>openssl rand -hex 32</literal>. Before
|
||
upgrading, read the release notes for PeerTube:
|
||
</para>
|
||
<itemizedlist spacing="compact">
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0">Release
|
||
v5.0.0</link>
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
<para>
|
||
And backup your data.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.chronyd</literal> is now started with
|
||
additional systemd sandbox/hardening options for better
|
||
security.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.dhcpcd</literal> service now don’t solicit
|
||
or accept IPv6 Router Advertisements on interfaces that use
|
||
static IPv6 addresses.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The module <literal>services.headscale</literal> was
|
||
refactored to be compliant with
|
||
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
|
||
0042</link>. To be precise, this means that the following
|
||
things have changed:
|
||
</para>
|
||
<itemizedlist spacing="compact">
|
||
<listitem>
|
||
<para>
|
||
Most settings has been migrated under
|
||
<link linkend="opt-services.headscale.settings">services.headscale.settings</link>
|
||
which is an attribute-set that will be converted into
|
||
headscale’s YAML config format. This means that the
|
||
configuration from
|
||
<link xlink:href="https://github.com/juanfont/headscale/blob/main/config-example.yaml">headscale’s
|
||
example configuration</link> can be directly written as
|
||
attribute-set in Nix within this option.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>nixos/lib/make-disk-image.nix</literal> can now
|
||
mutate EFI variables, run user-provided EFI firmware or
|
||
variable templates. This is now extensively documented in the
|
||
NixOS manual.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.grafana</literal> listens only on localhost
|
||
by default again. This was changed to upstreams default of
|
||
<literal>0.0.0.0</literal> by accident in the freeform setting
|
||
conversion.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
A new <literal>virtualisation.rosetta</literal> module was
|
||
added to allow running <literal>x86_64</literal> binaries
|
||
through
|
||
<link xlink:href="https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment">Rosetta</link>
|
||
inside virtualised NixOS guests on Apple silicon. This feature
|
||
works by default with the
|
||
<link xlink:href="https://docs.getutm.app/">UTM</link>
|
||
virtualisation
|
||
<link xlink:href="https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm">package</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The new option <literal>users.motdFile</literal> allows
|
||
configuring a Message Of The Day that can be updated
|
||
dynamically.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>root</literal> package is now built with the
|
||
<literal>"-Dgnuinstall=ON"</literal> CMake flag,
|
||
making the output conform the <literal>bin</literal>
|
||
<literal>lib</literal> <literal>share</literal> layout. In
|
||
this layout, <literal>tutorials</literal> is under
|
||
<literal>share/doc/ROOT/</literal>; <literal>cmake</literal>,
|
||
<literal>font</literal>, <literal>icons</literal>,
|
||
<literal>js</literal> and <literal>macro</literal> under
|
||
<literal>share/root</literal>;
|
||
<literal>Makefile.comp</literal> and
|
||
<literal>Makefile.config</literal> under
|
||
<literal>etc/root</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
Enabling global redirect in
|
||
<literal>services.nginx.virtualHosts</literal> now allows one
|
||
to add exceptions with the <literal>locations</literal>
|
||
option.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
A new option <literal>recommendedBrotliSettings</literal> has
|
||
been added to <literal>services.nginx</literal>. Learn more
|
||
about compression in Brotli format
|
||
<link xlink:href="https://github.com/google/ngx_brotli/blob/master/README.md">here</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://garagehq.deuxfleurs.fr/">Garage</link>
|
||
version is based on
|
||
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>,
|
||
existing installations will keep using version 0.7. New
|
||
installations will use version 0.8. In order to upgrade a
|
||
Garage cluster, please follow
|
||
<link xlink:href="https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/">upstream
|
||
instructions</link> and force
|
||
<link xlink:href="options.html#opt-services.garage.package">services.garage.package</link>
|
||
or upgrade accordingly
|
||
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>hip</literal> has been separated into
|
||
<literal>hip</literal>, <literal>hip-common</literal> and
|
||
<literal>hipcc</literal>.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>services.nginx.recommendedProxySettings</literal> now
|
||
removes the <literal>Connection</literal> header preventing
|
||
clients from closing backend connections.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
Resilio sync secret keys can now be provided using a secrets
|
||
file at runtime, preventing these secrets from ending up in
|
||
the Nix store.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>firewall</literal> and <literal>nat</literal>
|
||
module now has a nftables based implementation. Enable
|
||
<literal>networking.nftables</literal> to use it.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>services.fwupd</literal> module now allows
|
||
arbitrary daemon settings to be configured in a structured
|
||
manner
|
||
(<link linkend="opt-services.fwupd.daemonSettings"><literal>services.fwupd.daemonSettings</literal></link>).
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The <literal>unifi-poller</literal> package and corresponding
|
||
NixOS module have been renamed to <literal>unpoller</literal>
|
||
to match upstream.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The new option
|
||
<literal>services.tailscale.useRoutingFeatures</literal>
|
||
controls various settings for using Tailscale features like
|
||
exit nodes and subnet routers. If you wish to use your machine
|
||
as an exit node, you can set this setting to
|
||
<literal>server</literal>, otherwise if you wish to use an
|
||
exit node you can set this setting to
|
||
<literal>client</literal>. The strict RPF warning has been
|
||
removed as the RPF will be loosened automatically based on the
|
||
value of this setting.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<link xlink:href="https://xastir.org/index.php/Main_Page">Xastir</link>
|
||
can now access AX.25 interfaces via the
|
||
<literal>libax25</literal> package.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
<literal>nixos-version</literal> now accepts
|
||
<literal>--configuration-revision</literal> to display more
|
||
information about the current generation revision
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
The option
|
||
<literal>services.nomad.extraSettingsPlugins</literal> has
|
||
been fixed to allow more than one plugin in the path.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
</section>
|