nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md

Release 21.11 (“?”, 2021.11/??)

In addition to numerous new and upgraded packages, this release has the following highlights:

• Support is planned until the end of June 2022, handing over to 22.05.

Highlights

• PHP now defaults to PHP 8.0, updated from 7.4.

• kOps now defaults to 1.21.0, which uses containerd as the default runtime.

• python3 now defaults to Python 3.9, updated from Python 3.8.

• PostgreSQL now defaults to major version 13.

New Services

• btrbk, a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as services.btrbk.

• clipcat, an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#o pt-services.clipcat.enable).

• geoipupdate, a GeoIP database updater from MaxMind. Available as services.geoipupdate.

• Kea, ISCs 2nd generation DHCP and DDNS server suite. Available at services.kea.

• sourcehut, a collection of tools useful for software development. Available as services.sourcehut.

• ucarp, an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as networking.ucarp.

• Users of flashrom should migrate to programs.flashrom.enable and add themselves to the flashrom group to be able to access programmers supported by flashrom.

• vikunja, a to-do list app. Available as services.vikunja.

• snapraid, a backup program for disk arrays. Available as snapraid.

• Hockeypuck, a OpenPGP Key Server. Available as services.hockeypuck.

• buildkite-agent-metrics, a command-line tool for collecting Buildkite agent metrics, now has a Prometheus exporter available as services.prometheus.exporters.buildkite-agent.

• influxdb-exporter a Prometheus exporter that exports metrics received on an InfluxDB compatible endpoint is now available as services.prometheus.exporters.influxdb.

• mx-puppet-discord, a discord puppeting bridge for matrix. Available as services.mx-puppet-discord.

• MeshCentral, a remote administration service ("TeamViewer but self-hosted and with more features") is now available with a package and a module: services.meshcentral.enable

• moonraker, an API web server for Klipper. Available as moonraker.

• influxdb2, a Scalable datastore for metrics, events, and real-time analytics. Available as services.influxdb2.

• isso, a commenting server similar to Disqus. Available as isso

• navidrome, a personal music streaming server with subsonic-compatible api. Available as navidrome.

• fluidd, a Klipper web interface for managing 3d printers using moonraker. Available as fluidd.

• sx, a simple alternative to both xinit and startx for starting a Xorg server. Available as services.xserver.displayManager.sx

Backward Incompatibilities

• The paperless module and package have been removed. All users should migrate to the successor paperless-ng instead. The Paperless project has been archived and advises all users to use paperless-ng instead.

  Users can use the services.paperless-ng module as a replacement while noting the following incompatibilities:

  • services.paperless.ocrLanguages has no replacement. Users should migrate to services.paperless-ng.extraConfig instead:

  {
    services.paperless-ng.extraConfig = {
      # Provide languages as ISO 639-2 codes
      # separated by a plus (+) sign.
      # https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes
      PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse
    };
  }
  

  • If you previously specified PAPERLESS_CONSUME_MAIL_* settings in services.paperless.extraConfig you should remove those options now. You now must define those settings in the admin interface of paperless-ng.

  • Option services.paperless.manage no longer exists. Use the script at ${services.paperless-ng.dataDir}/paperless-ng-manage instead. Note that this script only exists after the paperless-ng service has been started at least once.

  • After switching to the new system configuration you should run the Django management command to reindex your documents and optionally create a user, if you don't have one already.

    To do so, enter the data directory (the value of services.paperless-ng.dataDir, /var/lib/paperless by default), switch to the paperless user and execute the management command like below:

    $ cd /var/lib/paperless
    $ su paperless -s /bin/sh
    $ ./paperless-ng-manage document_index reindex
    # if not already done create a user account, paperless-ng requires a login
    $ ./paperless-ng-manage createsuperuser
    Username (leave blank to use 'paperless'): my-user-name
    Email address: me@example.com
    Password: **********
    Password (again): **********
    Superuser created successfully.
    

• The staticjinja package has been upgraded from 1.0.4 to 4.1.0

• The erigon ethereum node has moved to a new database format in 2021-05-04, and requires a full resync

• services.geoip-updater was broken and has been replaced by services.geoipupdate.

• PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release.

• Those making use of buildBazelPackage will need to regenerate the fetch hashes (preferred), or set fetchConfigured = false;.

• consul was upgraded to a new major release with breaking changes, see upstream changelog.

• fsharp41 has been removed in preference to use the latest dotnet-sdk

• The following F#-related packages have been removed for being unmaintaned. Please use fetchNuGet for specific packages.

  • ExtCore
  • Fake
  • Fantomas
  • FsCheck
  • FsCheck262
  • FsCheckNunit
  • FSharpAutoComplete
  • FSharpCompilerCodeDom
  • FSharpCompilerService
  • FSharpCompilerTools
  • FSharpCore302
  • FSharpCore3125
  • FSharpCore4001
  • FSharpCore4117
  • FSharpData
  • FSharpData225
  • FSharpDataSQLProvider
  • FSharpFormatting
  • FsLexYacc
  • FsLexYacc706
  • FsLexYaccRuntime
  • FsPickler
  • FsUnit
  • Projekt
  • Suave
  • UnionArgParser
  • ExcelDnaRegistration
  • MathNetNumerics

• programs.x2goserver is now services.x2goserver

• The following dotnet-related packages have been removed for being unmaintaned. Please use fetchNuGet for specific packages.

  • Autofac
  • SystemValueTuple
  • MicrosoftDiaSymReader
  • MicrosoftDiaSymReaderPortablePdb
  • SystemCollectionsImmutable
  • SystemCollectionsImmutable131
  • SystemReflectionMetadata
  • NUnit350
  • Deedle
  • ExcelDna
  • GitVersionTree
  • NDeskOptions

• The antlr package now defaults to the 4.x release instead of the old 2.7.7 version.

• The pulseeffects package updated to version 4.x and renamed to easyeffects.

• The libwnck package now defaults to the 3.x release instead of the old 2.31.0 version.

• The bitwarden_rs packages and modules were renamed to vaultwarden following upstream. More specifically,

  • pkgs.bitwarden_rs, pkgs.bitwarden_rs-sqlite, pkgs.bitwarden_rs-mysql and pkgs.bitwarden_rs-postgresql were renamed to pkgs.vaultwarden, pkgs.vaultwarden-sqlite, pkgs.vaultwarden-mysql and pkgs.vaultwarden-postgresql, respectively.

    • Old names are preserved as aliases for backwards compatibility, but may be removed in the future.
    • The bitwarden_rs executable was also renamed to vaultwarden in all packages.

  • pkgs.bitwarden_rs-vault was renamed to pkgs.vaultwarden-vault.

    • pkgs.bitwarden_rs-vault is preserved as an alias for backwards compatibility, but may be removed in the future.
    • The static files were moved from /usr/share/bitwarden_rs to /usr/share/vaultwarden.

  • The services.bitwarden_rs config module was renamed to services.vaultwarden.

    • services.bitwarden_rs is preserved as an alias for backwards compatibility, but may be removed in the future.

  • systemd.services.bitwarden_rs, systemd.services.backup-bitwarden_rs and systemd.timers.backup-bitwarden_rs were renamed to systemd.services.vaultwarden, systemd.services.backup-vaultwarden and systemd.timers.backup-vaultwarden, respectively.

    • Old names are preserved as aliases for backwards compatibility, but may be removed in the future.

  • users.users.bitwarden_rs and users.groups.bitwarden_rs were renamed to users.users.vaultwarden and users.groups.vaultwarden, respectively.

  • The data directory remains located at /var/lib/bitwarden_rs, for backwards compatibility.

• yggdrasil was upgraded to a new major release with breaking changes, see upstream changelog.

• icingaweb2 was upgraded to a new release which requires a manual database upgrade, see upstream changelog.

• The isabelle package has been upgraded from 2020 to 2021

• the mingw-64 package has been upgraded from 6.0.0 to 9.0.0

• tt-rss was upgraded to the commit on 2021-06-21, which has breaking changes. If you use services.tt-rss.extraConfig you should migrate to the putenv-style configuration. See this Discourse post in the tt-rss forums for more details.

• The following Visual Studio Code extensions were renamed to keep the naming convention uniform.

  • bbenoist.Nix -> bbenoist.nix
  • CoenraadS.bracket-pair-colorizer -> coenraads.bracket-pair-colorizer
  • golang.Go -> golang.go

• services.uptimed now uses /var/lib/uptimed as its stateDirectory instead of /var/spool/uptimed. Make sure to move all files to the new directory.

• Deprecated package aliases in emacs.pkgs.* have been removed. These aliases were remnants of the old Emacs package infrastructure. We now use exact upstream names wherever possible.

• programs.neovim.runtime switched to a linkFarm internally, making it impossible to use wildcards in the source argument.

• The openrazer and openrazer-daemon packages as well as the hardware.openrazer module now require users to be members of the openrazer group instead of plugdev. With this change, users no longer need be granted the entire set of plugdev group permissions, which can include permissions other than those required by openrazer. This is desirable from a security point of view. The setting harware.openrazer.users can be used to add users to the openrazer group.

• The fontconfig service's dpi option has been removed. Fontconfig should use Xft settings by default so there's no need to override one value in multiple places. The user can set DPI via ~/.Xresources properly, or at the system level per monitor, or as a last resort at the system level with services.xserver.dpi.

• The yambar package has been split into yambar and yambar-wayland, corresponding to the xorg and wayland backend respectively. Please switch to yambar-wayland if you are on wayland.

• The services.minio module gained an additional option consoleAddress, that configures the address and port the web UI is listening, it defaults to :9001. To be able to access the web UI this port needs to be opened in the firewall.

• The varnish package was upgraded from 6.3.x to 6.5.x. varnish60 for the last LTS release is also still available.

• The kubernetes package was upgraded to 1.22. The kubernetes.apiserver.kubeletHttps option was removed and HTTPS is always used.

• The attribute linuxPackages_latest_hardened was dropped because the hardened patches lag behind the upstream kernel which made version bumps harder. If you want to use a hardened kernel, please pin it explicitly with a versioned attribute such as linuxPackages_5_10_hardened.

• The nomad package now defaults to a 1.1.x release instead of 1.0.x

Other Notable Changes

• The setting services.openssh.logLevel "VERBOSE" "INFO". This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

  However, if services.fail2ban.enable is true, the fail2ban will override the verbosity to "VERBOSE", so that fail2ban can observe the failed login attempts from the SSH logs.

• Sway: The terminal emulator rxvt-unicode is no longer installed by default via programs.sway.extraPackages. The current default configuration uses alacritty (and soon foot) so this is only an issue when using a customized configuration and not installing rxvt-unicode explicitly.

• python3 now defaults to Python 3.9. Python 3.9 introduces many deprecation warnings, please look at the What's New In Python 3.9 post for more information.

• qtile hase been updated from '0.16.0' to '0.18.0', please check qtile changelog for changes.

• The claws-mail package now references the new GTK+ 3 release branch, major version 4. To use the GTK+ 2 releases, one can install the claws-mail-gtk2 package.

• The wordpress module provides a new interface which allows to use different webservers with the new option services.wordpress.webserver. Currently httpd and nginx are supported. The definitions of wordpress sites should now be set in services.wordpress.sites.

  Sites definitions that use the old interface are automatically migrated in the new option. This backward compatibility will be removed in 22.05.

• The order of NSS (host) modules has been brought in line with upstream recommendations:

  • The myhostname module is placed before the resolve (optional) and dns entries, but after file (to allow overriding via /etc/hosts / networking.extraHosts, and prevent ISPs with catchall-DNS resolvers from hijacking .localhost domains)
  • The mymachines module, which provides hostname resolution for local containers (registered with systemd-machined) is placed to the front, to make sure its mappings are preferred over other resolvers.
  • If systemd-networkd is enabled, the resolve module is placed before files and myhostname, as it provides the same logic internally, with caching.
  • The mdns(_minimal) module has been updated to the new priorities.

  If you use your own NSS host modules, make sure to update your priorities according to these rules:

  • NSS modules which should be queried before resolved DNS resolution should use mkBefore.
  • NSS modules which should be queried after resolved, files and myhostname, but before dns should use the default priority
  • NSS modules which should come after dns should use mkAfter.

• The networking.wireless.iwd module has a new networking.wireless.iwd.settings option.

• The services.syncoid.enable module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running zfs allow your-pool-name and use zfs unallow syncoid your-pool-name to clean this up.

• Zfs: latestCompatibleLinuxPackages is now exported on the zfs package. One can use boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; to always track the latest compatible kernel with a given version of zfs.

• Nginx will use the value of sslTrustedCertificate if provided for a virtual host, even if enableACME is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates.