tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-11 18:23:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md
Sylvain Fankhauser 1f0ac736b4
nixos/caddy: add support for reload
2023-07-04 11:25:05 +02:00

11 KiB
Raw Blame History

Release 23.11 (“Tapir”, 2023.11/??)

Highlights

  • FoundationDB now defaults to major version 7.

New Services

Backward Incompatibilities

  • python3.pkgs.sequoia was removed in favor of python3.pkgs.pysequoia. The latter package is based on upstream's dedicated repository for sequoia's Python bindings, where the Python bindings from gitlab:sequoia-pgp/sequoia were removed long ago.

  • writeTextFile now requires executable to be boolean, values like null or "" will now fail to evaluate.

  • The latest version of clonehero now stores custom content in ~/.clonehero. See the migration instructions. Typically, these content files would exist along side the binary, but the previous build used a wrapper script that would store them in ~/.config/unity3d/srylain Inc_/Clone Hero.

  • python3.pkgs.fetchPypi (and python3Packages.fetchPypi) has been deprecated in favor of top-level fetchPypi.

  • mariadb now defaults to mariadb_1011 instead of mariadb_106, meaning the default version was upgraded from 10.6.x to 10.11.x. See the upgrade notes for potential issues.

  • getent has been moved from glibc's bin output to its own dedicated output, reducing closure size for many dependents. Dependents using the getent alias should not be affected; others should move from using glibc.bin or getBin glibc to getent (which also improves compatibility with non-glibc platforms).

  • etcd has been updated to 3.5, you will want to read the 3.3 to 3.4 and 3.4 to 3.5 upgrade guides

  • consul has been updated to 1.16.0. See the release note for more details. Once a new Consul version has started and upgraded its data directory, it generally cannot be downgraded to the previous version.

  • himalaya has been updated to 0.8.0, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the release note for more details.

  • The services.caddy.acmeCA option now defaults to null instead of "https://acme-v02.api.letsencrypt.org/directory", to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream.

  • php80 is no longer supported due to upstream not supporting this version anymore.

  • PHP now defaults to PHP 8.2, updated from 8.1.

  • util-linux is now supported on Darwin and is no longer an alias to unixtools. Use the unixtools.util-linux package for access to the Apple variants of the utilities.

  • The vlock program from the kbd package has been moved into its own package output and should now be referenced explicitly as kbd.vlock or replaced with an alternative such as the standalone vlock package or physlock.

  • fileSystems.<name>.autoFormat now uses systemd-makefs, which does not accept formatting options. Therefore, fileSystems.<name>.formatOptions has been removed.

  • fileSystems.<name>.autoResize now uses systemd-growfs to resize the file system online in stage 2. This means that f2fs and ext2 can no longer be auto resized, while xfs and btrfs now can be.

  • The services.vaultwarden.config option default value was changed to make Vaultwarden only listen on localhost, following the secure defaults for most NixOS services.

  • services.lemmy.settings.federation was removed in 0.17.0 and no longer has any effect. To enable federation, the hostname must be set in the configuration file and then federation must be enabled in the admin web UI. See the release notes for more details.

  • The following packages in haskellPackages have now a separate bin output: cabal-fmt, calligraphy, eventlog2html, ghc-debug-brick, hindent, nixfmt, releaser. This means you need to replace e.g. "${pkgs.haskellPackages.nixfmt}/bin/nixfmt" with "${lib.getBin pkgs.haskellPackages.nixfmt}/bin/nixfmt" or "${lib.getExe pkgs.haskellPackages.nixfmt}". The binaries also wont be in scope if you rely on them being installed e.g. via ghcWithPackages. environment.packages picks the bin output automatically, so for normal installation no intervention is required. Also, toplevel attributes like pkgs.nixfmt are not impacted negatively by this change.

  • spamassassin no longer supports the Hashcash module. The module needs to be removed from the loadplugin list if it was copied over from the default initPreConf option.

  • The Caddy module gained a new option named services.caddy.enableReload which is enabled by default. It allows reloading the service instead of restarting it, if only a config file has changed. This option must be disabled if you have turned off the Caddy admin API. If you keep this option enabled, you should consider setting grace_period to a non-infinite value to prevent Caddy from delaying the reload indefinitely.

Other Notable Changes

  • The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; from your NixOS configuration.

  • fontconfig now defaults to using greyscale antialiasing instead of subpixel antialiasing because of a recommendation from one of the downstreams. You can change this value by configuring accordingly.

  • The latest available version of Nextcloud is v27 (available as pkgs.nextcloud27). The installation logic is as follows:

  • New options were added to services.searx for better SearXNG support, including options for the built-in rate limiter and bot protection and automatically configuring a local redis server.

  • A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing virtualisation.vlans is still supported for cases where the name of the network interface is irrelevant.

  • DocBook option documentation is no longer supported, all module documentation now uses markdown.

  • services.fail2ban.jails can now be configured with attribute sets defining settings and filters instead of lines. The stringed options daemonConfig and extraSettings have respectively been replaced by daemonSettings and jails.DEFAULT.settings which use attribute sets.

  • services.nginx gained a defaultListen option at server-level with support for PROXY protocol listeners, also proxyProtocol is now exposed in services.nginx.virtualHosts.<name>.listen option. It is now possible to run PROXY listeners and non-PROXY listeners at a server-level, see #213510 for more details.

  • services.prometheus.exporters has a new exporter to monitor electrical power consumption based on PowercapRAPL sensor called Scaphandre, see #239803 for more details.

  • The module services.calibre-server has new options to configure the host, port, auth.enable, auth.mode and auth.userDb path, see #216497 for more details.

  • services.prometheus.exporters has a new exporter to monitor PHP-FPM processes, see #240394 for more details.

  • programs.gnupg.agent.pinentryFlavor is now set in /etc/gnupg/gpg-agent.conf, and will no longer take precedence over a pinentry-program set in ~/.gnupg/gpg-agent.conf.

Nixpkgs internals

  • The qemu-vm.nix module by default now identifies block devices via persistent names available in /dev/disk/by-*. Because the rootDevice is identfied by its filesystem label, it needs to be formatted before the VM is started. The functionality of automatically formatting the rootDevice in the initrd is removed from the QEMU module. However, for tests that depend on this functionality, a test utility for the scripted initrd is added (nixos/tests/common/auto-format-root-device.nix). To use this in a NixOS test, import the module, e.g. imports = [ ./common/auto-format-root-device.nix ]; When you use the systemd initrd, you can automatically format the root device by setting virtualisation.fileSystems."/".autoFormat = true;.