diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-12-15 19:32:38 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-12-15 19:32:38 +0100 |
commit | 6b8e2555ef013b579cda57025b17d662e0f1fe1f (patch) | |
tree | 5a83c673af26c9976acd5a5dfa20e09e06898047 /nixpkgs/nixos/doc | |
parent | 66ca7a150b5c051f0728f13134e6265cc46f370c (diff) | |
parent | 02357adddd0889782362d999628de9d309d202dc (diff) | |
download | nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar.gz nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar.bz2 nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar.lz nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar.xz nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.tar.zst nixlib-6b8e2555ef013b579cda57025b17d662e0f1fe1f.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Diffstat (limited to 'nixpkgs/nixos/doc')
11 files changed, 216 insertions, 41 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/nixos-state.section.md b/nixpkgs/nixos/doc/manual/administration/nixos-state.section.md new file mode 100644 index 000000000000..9819d613198c --- /dev/null +++ b/nixpkgs/nixos/doc/manual/administration/nixos-state.section.md @@ -0,0 +1,28 @@ +# NixOS {#sec-nixos-state} + +## `/nix` {#sec-state-nix} + +NixOS needs the entirety of `/nix` to be persistent, as it includes: +- `/nix/store`, which contains all the system's executables, libraries, and supporting data; +- `/nix/var/nix`, which contains: + - the Nix daemon's database; + - roots whose transitive closure is preserved when garbage-collecting the Nix store; + - system-wide and per-user profiles. + +## `/boot` {#sec-state-boot} + +`/boot` should also be persistent, as it contains: +- the kernel and initrd which the bootloader loads, +- the bootloader's configuration, including the kernel's command-line which + determines the store path to use as system environment. + + +## Users and groups {#sec-state-users} + +- `/var/lib/nixos` should persist: it holds state needed to generate stable + uids and gids for declaratively-managed users and groups, etc. +- `users.mutableUsers` should be false, *or* the following files under `/etc` + should all persist: + - {manpage}`passwd(5)` and {manpage}`group(5)`, + - {manpage}`shadow(5)` and {manpage}`gshadow(5)`, + - {manpage}`subuid(5)` and {manpage}`subgid(5)`. diff --git a/nixpkgs/nixos/doc/manual/administration/running.md b/nixpkgs/nixos/doc/manual/administration/running.md index 48e8c7c6668b..83412d9b7af5 100644 --- a/nixpkgs/nixos/doc/manual/administration/running.md +++ b/nixpkgs/nixos/doc/manual/administration/running.md @@ -8,6 +8,7 @@ rebooting.chapter.md user-sessions.chapter.md control-groups.chapter.md logging.chapter.md +system-state.chapter.md cleaning-store.chapter.md containers.chapter.md troubleshooting.chapter.md diff --git a/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md b/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md new file mode 100644 index 000000000000..6840cc390257 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md @@ -0,0 +1,17 @@ +# Necessary system state {#ch-system-state} + +Normally — on systems with a persistent `rootfs` — system services can persist state to +the filesystem without administrator intervention. + +However, it is possible and not-uncommon to create [impermanent systems], whose +`rootfs` is either a `tmpfs` or reset during boot. While NixOS itself supports +this kind of configuration, special care needs to be taken. + +[impermanent systems]: https://nixos.wiki/wiki/Impermanence + + +```{=include=} sections +nixos-state.section.md +systemd-state.section.md +zfs-state.section.md +``` diff --git a/nixpkgs/nixos/doc/manual/administration/systemd-state.section.md b/nixpkgs/nixos/doc/manual/administration/systemd-state.section.md new file mode 100644 index 000000000000..84f074871a65 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/administration/systemd-state.section.md @@ -0,0 +1,52 @@ +# systemd {#sec-systemd-state} + +## `machine-id(5)` {#sec-machine-id} + +`systemd` uses per-machine identifier — {manpage}`machine-id(5)` — which must be +unique and persistent; otherwise, the system journal may fail to list earlier +boots, etc. + +`systemd` generates a random `machine-id(5)` during boot if it does not already exist, +and persists it in `/etc/machine-id`. As such, it suffices to make that file persistent. + +Alternatively, it is possible to generate a random `machine-id(5)`; while the +specification allows for *any* hex-encoded 128b value, systemd itself uses +[UUIDv4], *i.e.* random UUIDs, and it is thus preferable to do so as well, in +case some software assumes `machine-id(5)` to be a UUIDv4. Those can be +generated with `uuidgen -r | tr -d -` (`tr` being used to remove the dashes). + +Such a `machine-id(5)` can be set by writing it to `/etc/machine-id` or through +the kernel's command-line, though NixOS' systemd maintainers [discourage] the +latter approach. + +[UUIDv4]: https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_(random) +[discourage]: https://github.com/NixOS/nixpkgs/pull/268995 + + +## `/var/lib/systemd` {#sec-var-systemd} + +Moreover, `systemd` expects its state directory — `/var/lib/systemd` — to persist, for: +- {manpage}`systemd-random-seed(8)`, which loads a 256b “seed” into the kernel's RNG + at boot time, and saves a fresh one during shutdown; +- {manpage}`systemd.timer(5)` with `Persistent=yes`, which are then run after boot if + the timer would have triggered during the time the system was shut down; +- {manpage}`systemd-coredump(8)` to store core dumps there by default; + (see {manpage}`coredump.conf(5)`) +- {manpage}`systemd-timesyncd(8)`; +- {manpage}`systemd-backlight(8)` and {manpage}`systemd-rfkill(8)` persist hardware-related + state; +- possibly other things, this list is not meant to be exhaustive. + +In any case, making `/var/lib/systemd` persistent is recommended. + + +## `/var/log/journal/{machine-id}` {#sec-var-journal} + +Lastly, {manpage}`systemd-journald(8)` writes the system's journal in binary +form to `/var/log/journal/{machine-id}`; if (locally) persisting the entire log +is desired, it is recommended to make all of `/var/log/journal` persistent. + +If not, one can set `Storage=volatile` in {manpage}`journald.conf(5)` +([`services.journald.storage = "volatile";`](#opt-services.journald.storage)), +which disables journal persistence and causes it to be written to +`/run/log/journal`. diff --git a/nixpkgs/nixos/doc/manual/administration/zfs-state.section.md b/nixpkgs/nixos/doc/manual/administration/zfs-state.section.md new file mode 100644 index 000000000000..11ad5badea7e --- /dev/null +++ b/nixpkgs/nixos/doc/manual/administration/zfs-state.section.md @@ -0,0 +1,16 @@ +# ZFS {#sec-zfs-state} + +When using ZFS, `/etc/zfs/zpool.cache` should be persistent (or a symlink to a persistent +location) as it is the default value for the `cachefile` [property](man:zpoolprops(7)). + +This cachefile is used on system startup to discover ZFS pools, so ZFS pools +holding the `rootfs` and/or early-boot datasets such as `/nix` can be set to +`cachefile=none`. + +In principle, if there are no other pools attached to the system, `zpool.cache` +does not need to be persisted; it is however *strongly recommended* to persist +it, in case additional pools are added later on, temporarily or permanently: + +While mishandling the cachefile does not lead to data loss by itself, it may +cause zpools not to be imported during boot, and services may then write to a +location where a dataset was expected to be mounted. diff --git a/nixpkgs/nixos/doc/manual/development/option-types.section.md b/nixpkgs/nixos/doc/manual/development/option-types.section.md index 2ad3d6c4f949..f9c7ac80018e 100644 --- a/nixpkgs/nixos/doc/manual/development/option-types.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-types.section.md @@ -13,6 +13,13 @@ merging is handled. `types.bool` : A boolean, its values can be `true` or `false`. + All definitions must have the same value, after priorities. An error is thrown in case of a conflict. + +`types.boolByOr` + +: A boolean, its values can be `true` or `false`. + The result is `true` if _any_ of multiple definitions is `true`. + In other words, definitions are merged with the logical _OR_ operator. `types.path` diff --git a/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md b/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md index 12abf90b718f..9e56b15a880f 100644 --- a/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md @@ -55,6 +55,14 @@ which causes the new configuration (and previous ones created using This can be useful to separate test configurations from "stable" configurations. +A repl, or read-eval-print loop, is also available. You can inspect your configuration and use the Nix language with + +```ShellSession +# nixos-rebuild repl +``` + +Your configuration is loaded into the `config` variable. Use tab for autocompletion, use the `:r` command to reload the configuration files. See `:?` or [`nix repl` in the Nix manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-repl.html) to learn more. + Finally, you can do ```ShellSession diff --git a/nixpkgs/nixos/doc/manual/release-notes/release-notes.md b/nixpkgs/nixos/doc/manual/release-notes/release-notes.md index 3f926fb21a5c..0514a1b0044a 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/release-notes.md +++ b/nixpkgs/nixos/doc/manual/release-notes/release-notes.md @@ -3,6 +3,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. ```{=include=} sections +rl-2405.section.md rl-2311.section.md rl-2305.section.md rl-2211.section.md diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md index 400eb1062d9a..8edf4fd35e4f 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md @@ -100,7 +100,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [opensnitch](https://github.com/evilsocket/opensnitch), an application firewall. Available as [services.opensnitch](#opt-services.opensnitch.enable). - [snapraid](https://www.snapraid.it/), a backup program for disk arrays. - Available as [snapraid](#opt-snapraid.enable). + Available as [snapraid](#opt-services.snapraid.enable). - [Hockeypuck](https://github.com/hockeypuck/hockeypuck), a OpenPGP Key Server. Available as [services.hockeypuck](#opt-services.hockeypuck.enable). diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md index e693067561a4..1aef1828908f 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md @@ -20,7 +20,7 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 - [Breaking Changes](#sec-release-23.11-nixos-breaking-changes) - [New Services](#sec-release-23.11-nixos-new-services) - [Other Notable Changes](#sec-release-23.11-nixos-notable-changes) -- [Nixpkgs Library Changes](#sec-release-23.11-nixpkgs-lib) +- [Nixpkgs Library](#sec-release-23.11-nixpkgs-lib) - [Breaking Changes](#sec-release-23.11-lib-breaking) - [Additions and Improvements](#sec-release-23.11-lib-additions-improvements) - [Deprecations](#sec-release-23.11-lib-deprecations) @@ -1313,18 +1313,26 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 - When using [split parity files](https://www.snapraid.it/manual#7.1) in `snapraid`, the snapraid-sync systemd service will no longer fail to run. +- `wpa_supplicant`'s configuration file cannot be read by non-root users, and + secrets (such as Pre-Shared Keys) can safely be passed via + `networking.wireless.environmentFile`. + + The configuration file could previously be read, when `userControlled.enable` (non-default), + by users who are in both `wheel` and `userControlled.group` (defaults to `wheel`) + + ## Nixpkgs Library {#sec-release-23.11-nixpkgs-lib} ### Breaking Changes {#sec-release-23.11-lib-breaking} -- [`lib.lists.foldl'`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.foldl-prime) +- [`lib.lists.foldl'`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.foldl-prime) now always evaluates the initial accumulator argument first. If you depend on the lazier behavior, consider using - [`lib.lists.foldl`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.foldl) + [`lib.lists.foldl`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.foldl) or [`builtins.foldl'`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-foldl') instead. -- [`lib.attrsets.foldlAttrs`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.foldlAttrs) +- [`lib.attrsets.foldlAttrs`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.attrsets.foldlAttrs) now always evaluates the initial accumulator argument first. - Now that the internal NixOS transition to Markdown documentation is complete, `lib.options.literalDocBook` has been removed after deprecation in 22.11. @@ -1332,7 +1340,7 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 ### Additions and Improvements {#sec-release-23.11-lib-additions-improvements} -- [`lib.fileset`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-fileset): +- [`lib.fileset`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-fileset): A new sub-library to select local files to use for sources, designed to be easy and safe to use. @@ -1341,7 +1349,7 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 post](https://www.tweag.io/blog/2023-11-28-file-sets/) or [the tutorial](https://nix.dev/tutorials/file-sets). -- [`lib.gvariant`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-gvariant): +- [`lib.gvariant`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-gvariant): A partial and basic implementation of GVariant formatted strings. See [GVariant Format Strings](https://docs.gtk.org/glib/gvariant-format-strings.html) for details. @@ -1351,58 +1359,58 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 change in backwards incompatible ways without prior notice. ::: -- [`lib.asserts`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-asserts): +- [`lib.asserts`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-asserts): New function: - [`assertEachOneOf`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.asserts.assertEachOneOf). -- [`lib.attrsets`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-attrsets): + [`assertEachOneOf`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.asserts.assertEachOneOf). +- [`lib.attrsets`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-attrsets): New function: - [`attrsToList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.attrsToList). -- [`lib.customisation`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-customisation): + [`attrsToList`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.attrsets.attrsToList). +- [`lib.customisation`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-customisation): New function: - [`makeScopeWithSplicing'`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.customisation.makeScopeWithSplicing-prime). -- [`lib.fixedPoints`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-fixedPoints): + [`makeScopeWithSplicing'`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.customisation.makeScopeWithSplicing-prime). +- [`lib.fixedPoints`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-fixedPoints): Documentation improvements for - [`lib.fixedPoints.fix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fixedPoints.fix). + [`lib.fixedPoints.fix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.fixedPoints.fix). - `lib.generators`: New functions: - [`mkDconfKeyValue`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.generators.mkDconfKeyValue), - [`toDconfINI`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.generators.toDconfINI). + [`mkDconfKeyValue`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.generators.mkDconfKeyValue), + [`toDconfINI`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.generators.toDconfINI). `lib.generators.toKeyValue` now supports the `indent` attribute in its first argument. -- [`lib.lists`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-lists): +- [`lib.lists`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-lists): New functions: - [`findFirstIndex`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.findFirstIndex), - [`hasPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.hasPrefix), - [`removePrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.removePrefix), - [`commonPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.commonPrefix), - [`allUnique`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.allUnique). + [`findFirstIndex`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.findFirstIndex), + [`hasPrefix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.hasPrefix), + [`removePrefix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.removePrefix), + [`commonPrefix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.commonPrefix), + [`allUnique`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.allUnique). Documentation improvements for - [`lib.lists.foldl'`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.foldl-prime). -- [`lib.meta`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-meta): + [`lib.lists.foldl'`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.foldl-prime). +- [`lib.meta`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-meta): Documentation of functions now gets rendered -- [`lib.path`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-path): +- [`lib.path`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-path): New functions: - [`hasPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.hasPrefix), - [`removePrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.removePrefix), - [`splitRoot`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.splitRoot), - [`subpath.components`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.subpath.components). -- [`lib.strings`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-strings): + [`hasPrefix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.path.hasPrefix), + [`removePrefix`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.path.removePrefix), + [`splitRoot`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.path.splitRoot), + [`subpath.components`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.path.subpath.components). +- [`lib.strings`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-strings): New functions: - [`replicate`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.strings.replicate), - [`cmakeOptionType`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.strings.cmakeOptionType), - [`cmakeBool`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.strings.cmakeBool), - [`cmakeFeature`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.strings.cmakeFeature). -- [`lib.trivial`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-trivial): + [`replicate`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.strings.replicate), + [`cmakeOptionType`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.strings.cmakeOptionType), + [`cmakeBool`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.strings.cmakeBool), + [`cmakeFeature`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.strings.cmakeFeature). +- [`lib.trivial`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-trivial): New function: - [`mirrorFunctionArgs`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.trivial.mirrorFunctionArgs). + [`mirrorFunctionArgs`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.trivial.mirrorFunctionArgs). - `lib.systems`: New function: - [`equals`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.systems.equals). -- [`lib.options`](https://nixos.org/manual/nixpkgs/unstable#sec-functions-library-options): + [`equals`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.systems.equals). +- [`lib.options`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-options): Improved documentation for - [`mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption). + [`mkPackageOption`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.options.mkPackageOption). - [`mkPackageOption`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.options.mkPackageOption). + [`mkPackageOption`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.options.mkPackageOption). now also supports the `pkgsText` attribute. Module system: diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md index 9191a204a7a1..f792194da224 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md @@ -10,6 +10,10 @@ In addition to numerous new and upgraded packages, this release has the followin - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. +- NixOS now installs a stub ELF loader that prints an informative error message when users attempt to run binaries not made for NixOS. + - This can be disabled through the `environment.stub-ld.enable` option. + - If you use `programs.nix-ld.enable`, no changes are needed. The stub will be disabled automatically. + ## New Services {#sec-release-24.05-new-services} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -27,9 +31,26 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> +- The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS. + - `mkosi` was updated to v19. Parts of the user interface have changed. Consult the [release notes](https://github.com/systemd/mkosi/releases/tag/v19) for a list of changes. +- The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows: + - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**) + - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud28` will be installed by default. + - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default. + - Please note that an upgrade from v26 (or older) to v28 directly is not possible. Please upgrade to `nextcloud27` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud27;`](options.html#opt-services.nextcloud.package). + +- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively. + Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts. + +- `networking.iproute2.enable` now does not set `environment.etc."iproute2/rt_tables".text`. + + Setting `environment.etc."iproute2/{CONFIG_FILE_NAME}".text` will override the whole configuration file instead of appending it to the upstream configuration file. + + `CONFIG_FILE_NAME` includes `bpf_pinning`, `ematch_map`, `group`, `nl_protos`, `rt_dsfield`, `rt_protos`, `rt_realms`, `rt_scopes`, and `rt_tables`. + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -38,20 +59,36 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release. +- `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list. + For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``; + - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles. The `nimPackages` and `nim2Packages` sets have been removed. See https://nixos.org/manual/nixpkgs/unstable#nim for more information. +- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. + - The Yama LSM is now enabled by default in the kernel, which prevents ptracing non-child processes. This means you will not be able to attach gdb to an existing process, but will need to start that process from gdb (so it is a child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0. +- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or + `globalRedirect` can now have redirect codes other than 301 through + `redirectCode`. + +- [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. + - Gitea 1.21 upgrade has several breaking changes, including: - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. - The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399). +- The `btrbk` module now automatically selects and provides required compression + program depending on the configured `stream_compress` option. Since this + replaces the need for the `extraPackages` option, this option will be + deprecated in future releases. + - QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS). The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform. |