Support is planned until the end of June 2023, handing over to 23.05.

In addition to numerous new and upgraded packages, this release has the following highlights: During cross-compilation, tests are now executed if the test suite can be executed by the build platform. This is the case when doing “native” cross-compilation where the build and host platforms are largely the same, but the nixpkgs’ cross compilation infrastructure is used, e.g. pkgsStatic and pkgsLLVM. Another possibility is that the build platform is a superset of the host platform, e.g. when cross-compiling from x86_64-unknown-linux to i686-unknown-linux. The predicate gating test suite execution is the newly added canExecute predicate: You can e.g. check if stdenv.buildPlatform can execute binaries built for stdenv.hostPlatform (i.e. produced by stdenv.cc) by evaluating stdenv.buildPlatform.canExecute stdenv.hostPlatform. The nixpkgs.hostPlatform and nixpkgs.buildPlatform options have been added. These cover and override the nixpkgs.{system,localSystem,crossSystem} options. hostPlatform is the platform or system string of the NixOS system described by the configuration. buildPlatform is the platform that is responsible for building the NixOS configuration. It defaults to the hostPlatform, for a non-cross build configuration. To cross compile, set buildPlatform to a different value. The new options convey the same information, but with fewer options, and following the Nixpkgs terminology. The existing options nixpkgs.{system,localSystem,crossSystem} have not been formally deprecated, to allow for evaluation of the change and to allow for a transition period so that in time the ecosystem can switch without breaking compatibility with any supported NixOS release. nixos-generate-config now generates configurations that can be built in pure mode. This is achieved by setting the new nixpkgs.hostPlatform option. You may have to unset the system parameter in lib.nixosSystem, or similarly remove definitions of the nixpkgs.{system,localSystem,crossSystem} options. Alternatively, you can remove the hostPlatform line and use NixOS like you would in NixOS 22.05 and earlier. PHP now defaults to PHP 8.1, updated from 8.0. Cinnamon has been updated to 5.4. hardware.nvidia has a new option open that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver’s support for GeForce and Workstation GPUs is still alpha quality, see NVIDIA Releases Open-Source GPU Kernel Modules for the official announcement.

appvm, Nix based app VMs. Available as virtualisation.appvm. syncstorage-rs, a self-hostable sync server for Firefox. Available as services.firefox-syncserver. dragonflydb, a modern replacement for Redis and Memcached. Available as services.dragonflydb. HBase cluster, a distributed, scalable, big data store. Available as services.hadoop.hbase. infnoise, a hardware True Random Number Generator dongle. Available as services.infnoise. kanata, a tool to improve keyboard comfort and usability with advanced customization. Available as services.kanata. persistent-evdev, a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as services.persistent-evdev. schleuder, a mailing list manager with PGP support. Enable using services.schleuder. expressvpn, the CLI client for ExpressVPN. Available as services.expressvpn. Grafana Tempo, a distributed tracing store. Available as services.tempo.

The isCompatible predicate checking CPU compatibility is no longer exposed by the platform sets generated using lib.systems.elaborate. In most cases you will want to use the new canExecute predicate instead which also considers the kernel / syscall interface. It is briefly described in the release’s highlights section. lib.systems.parse.isCompatible still exists, but has changed semantically: Architectures with differing endianness modes are no longer considered compatible. ngrok has been upgraded from 2.3.40 to 3.0.4. Please see the upgrade guide and changelog. Notably, breaking changes are that the config file format has changed and support for single hypen arguments was dropped. i18n.supportedLocales is now by default only generated with the locales set in i18n.defaultLocale and i18n.extraLocaleSettings. This got partially copied over from the minimal profile and reduces the final system size by up to 200MB. If you require all locales installed set the option to [ "all" ]. The isPowerPC predicate, found on platform attrsets (hostPlatform, buildPlatform, targetPlatform, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace foo.isPowerPC with (with foo; isPower && is32bit && isBigEndian). bsp-layout no longer uses the command cycle to switch to other window layouts, as it got replaced by the commands previous and next. The Barco ClickShare driver/client package pkgs.clickshare-csc1 and the option programs.clickshare-csc1.enable have been removed, as it requires qt4, which reached its end-of-life 2015 and will no longer be supported by nixpkgs. According to Barco many of their base unit models can be used with Google Chrome and the Google Cast extension. services.hbase has been renamed to services.hbase-standalone. For production HBase clusters, use services.hadoop.hbase instead. PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release. pkgs.cosign does not provide the cosigned binary anymore. riak package removed along with services.riak module, due to lack of maintainer to update the package. xow package removed along with the hardware.xow module, due to the project being deprecated in favor of xone, which is available via the hardware.xone module. virtlyst package and services.virtlyst module removed, due to lack of maintainers. The services.graphite.api and services.graphite.beacon NixOS options, and the python3.pkgs.graphite_api, python3.pkgs.graphite_beacon and python3.pkgs.influxgraph packages, have been removed due to lack of upstream maintenance. The meta.mainProgram attribute of packages in wineWowPackages now defaults to "wine64". (Neo)Vim can not be configured with configure.pathogen anymore to reduce maintainance burden. Use configure.packages instead. k3s no longer supports docker as runtime due to upstream dropping support.

The xplr package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the upstream release notes for more details. A new module was added for the Saleae Logic device family, providing the options hardware.saleae-logic.enable and hardware.saleae-logic.package. The Redis module now disables RDB persistence when services.redis.servers.<name>.save = [] instead of using the Redis default. Neo4j was updated from version 3 to version 4. See this migration guide on how to migrate your Neo4j instance. Matrix Synapse now requires entries in the state_group_edges table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. dockerTools.buildImage deprecates the misunderstood contents parameter, in favor of copyToRoot. Use copyToRoot = buildEnv { ... }; or similar if you intend to add packages to /bin. memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot’s fork is no longer available. The udisks2 service, available at services.udisks2.enable, is now disabled by default. It will automatically be enabled through services and desktop environments as needed. This also means that polkit will now actually be disabled by default. The default for security.polkit.enable was already flipped in the previous release, but udisks2 being enabled by default re-enabled it. Add udev rules for the Teensy family of microcontrollers. The pass-secret-service package now includes systemd units from upstream, so adding it to the NixOS services.dbus.packages option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API. There is a new module for AMD SEV CPU functionality, which grants access to the hardware. There is a new module for the thunar program (the Xfce file manager), which depends on the xfconf dbus service, and also has a dbus service and a systemd unit. The option services.xserver.desktopManager.xfce.thunarPlugins has been renamed to programs.thunar.plugins, and in a future release it may be removed. There is a new module for the xfconf program (the Xfce configuration storage system), which has a dbus service.