nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md

Release 23.05 (“Stoat”, 2023.05/??)

Support is planned until the end of December 2023, handing over to 23.11.

Highlights

In addition to numerous new and upgraded packages, this release has the following highlights:

• Cinnamon has been updated to 5.6, see the pull request for what is changed.

New Services

• blesh, a line editor written in pure bash. Available as programs.bash.blesh.

• fzf, a command line fuzzyfinder. Available as programs.fzf.

• atuin, a sync server for shell history. Available as services.atuin.

• mmsd, a lower level daemon that transmits and recieves MMSes. Available as services.mmsd.

• v2rayA, a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as services.v2raya.

Backward Incompatibilities

• carnix and cratesIO has been removed due to being unmaintained, use alternatives such as naersk and crate2nix instead.

• borgbackup module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as services.borgbackup.jobs.<name>.inhibitsSleep.

• The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from /etc/ec2-metadata should now have an after dependency on fetch-ec2-metadata.service

• services.sourcehut.dispatch and the corresponding package (sourcehut.dispatchsrht) have been removed due to upstream deprecation.

• The services.snapserver.openFirewall module option default value has been changed from true to false. You will need to explicitly set this option to true, or configure your firewall.

• The services.tmate-ssh-server.openFirewall module option default value has been changed from true to false. You will need to explicitly set this option to true, or configure your firewall.

• The services.unifi-video.openFirewall module option default value has been changed from true to false. You will need to explicitly set this option to true, or configure your firewall.

• The Nginx module now validates the syntax of config files at build time. For more complex configurations (using include with out-of-store files notably) you may need to disable this check by setting services.nginx.validateConfig to false.

• The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing /tmp on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2.

• The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation.

• Qt 5.12 and 5.14 have been removed, as the corresponding branches have been EOL upstream for a long time. This affected under 10 packages in nixpkgs, largely unmaintained upstream as well, however, out-of-tree package expressions may need to be updated manually.

• In mastodon it is now necessary to specify location of file with PostgreSQL database password. In services.mastodon.database.passwordFile parameter default value /var/lib/mastodon/secrets/db-password has been changed to null.

• The nix.readOnlyStore option has been renamed to boot.readOnlyNixStore to clarify that it configures the NixOS boot process, not the Nix daemon.

Other Notable Changes

• vim_configurable has been renamed to vim-full to avoid confusion: vim-full's build-time features are configurable, but both vim and vim-full are customizable (in the sense of user configuration, like vimrc).

• The module for the application firewall opensnitch got the ability to configure rules. Available as services.opensnitch.rules

• The module usbmuxd now has the ability to change the package used by the daemon. In case you're experiencing issues with usbmuxd you can try an alternative program like usbmuxd2. Available as services.usbmuxd.package

• services.mastodon gained a tootctl wrapped named mastodon-tootctl similar to nextcloud-occ which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.

• The dnsmasq service now takes configuration via the services.dnsmasq.settings attribute set. The option services.dnsmasq.extraConfig will be deprecated when NixOS 22.11 reaches end of life.

• To reduce closure size in nixos/modules/profiles/minimal.nix profile disabled installation documentations and manuals. Also disabled logrotate and udisks2 services.

• The minimal ISO image now uses the nixos/modules/profiles/minimal.nix profile.

• mastodon now supports connection to a remote PostgreSQL database.

• A new virtualisation.rosetta module was added to allow running x86_64 binaries through Rosetta inside virtualised NixOS guests on Apple silicon. This feature works by default with the UTM virtualisation package.

• The new option users.motdFile allows configuring a Message Of The Day that can be updated dynamically.

• Enabling global redirect in services.nginx.virtualHosts now allows one to add exceptions with the locations option.

• Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.

• The services.fwupd module now allows arbitrary daemon settings to be configured in a structured manner (services.fwupd.daemonSettings).

• The unifi-poller package and corresponding NixOS module have been renamed to unpoller to match upstream.

• The new option services.tailscale.useRoutingFeatures controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to server, otherwise if you wish to use an exit node you can set this setting to client. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.