diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml')
-rw-r--r-- | nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml | 1567 |
1 files changed, 0 insertions, 1567 deletions
diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml deleted file mode 100644 index fb11b19229e2..000000000000 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml +++ /dev/null @@ -1,1567 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.05"> - <title>Release 21.05 (<quote>Okapi</quote>, 2021.05/31)</title> - <para> - Support is planned until the end of December 2021, handing over to - 21.11. - </para> - <section xml:id="sec-release-21.05-highlights"> - <title>Highlights</title> - <para> - In addition to numerous new and upgraded packages, this release - has the following highlights: - </para> - <itemizedlist> - <listitem> - <para> - Core version changes: - </para> - <itemizedlist> - <listitem> - <para> - gcc: 9.3.0 -> 10.3.0 - </para> - </listitem> - <listitem> - <para> - glibc: 2.30 -> 2.32 - </para> - </listitem> - <listitem> - <para> - default linux: 5.4 -> 5.10, all supported kernels - available - </para> - </listitem> - <listitem> - <para> - mesa: 20.1.7 -> 21.0.1 - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - Desktop Environments: - </para> - <itemizedlist> - <listitem> - <para> - GNOME: 3.36 -> 40, see its - <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release - notes</link> - </para> - </listitem> - <listitem> - <para> - Plasma5: 5.18.5 -> 5.21.3 - </para> - </listitem> - <listitem> - <para> - kdeApplications: 20.08.1 -> 20.12.3 - </para> - </listitem> - <listitem> - <para> - cinnamon: 4.6 -> 4.8.1 - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - Programming Languages and Frameworks: - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Python optimizations were disabled again. Builds with - optimizations enabled are not reproducible. Optimizations - can now be enabled with an option. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The linux_latest kernel was updated to the 5.13 series. It - currently is not officially supported for use with the zfs - filesystem. If you use zfs, you should use a different kernel - version (either the LTS kernel, or track a specific one). - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-21.05-new-services"> - <title>New Services</title> - <para> - The following new services were added since the last release: - </para> - <itemizedlist> - <listitem> - <para> - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> - 3.8 and 3.9 were - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> - packaged, along with a rewrite to the Nix expressions, - allowing users to override the features upstream supports - selecting to compile or not to. Additionally, the attribute - <literal>gnuradio</literal> (3.9), - <literal>gnuradio3_8</literal> and - <literal>gnuradio3_7</literal> now point to an externally - wrapped by default derivations, that allow you to also add - `extraPythonPackages` to the Python interpreter used by - GNURadio. Missing environmental variables needed for - operational GUI were also added - (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.keycloak.org/">Keycloak</link>, - an open source identity and access management server with - support for - <link xlink:href="https://openid.net/connect/">OpenID - Connect</link>, <link xlink:href="https://oauth.net/2/">OAUTH - 2.0</link> and - <link xlink:href="https://en.wikipedia.org/wiki/SAML_2.0">SAML - 2.0</link>. - </para> - <para> - See the <link linkend="module-services-keycloak">Keycloak - section of the NixOS manual</link> for more information. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.samba-wsdd.enable">services.samba-wsdd.enable</link> - Web Services Dynamic Discovery host daemon - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.discourse.org/">Discourse</link>, - a modern and open source discussion platform. - </para> - <para> - See the <link linkend="module-services-discourse">Discourse - section of the NixOS manual</link> for more information. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.nebula.networks">services.nebula.networks</link> - <link xlink:href="https://github.com/slackhq/nebula">Nebula - VPN</link> - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-21.05-incompatibilities"> - <title>Backward Incompatibilities</title> - <para> - When upgrading from a previous release, please be aware of the - following incompatible changes: - </para> - <itemizedlist> - <listitem> - <para> - GNOME desktop environment was upgraded to 40, see the release - notes for - <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> - and - <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. - The <literal>gnome3</literal> attribute set has been renamed - to <literal>gnome</literal> and so have been the NixOS - options. - </para> - </listitem> - <listitem> - <para> - If you are using <literal>services.udev.extraRules</literal> - to assign custom names to network interfaces, this may stop - working due to a change in the initialisation of dhcpcd and - systemd networkd. To avoid this, either move them to - <literal>services.udev.initrdRules</literal> or see the new - <link linkend="sec-custom-ifnames">Assigning custom - names</link> section of the NixOS manual for an example using - networkd links. - </para> - </listitem> - <listitem> - <para> - The <literal>security.hideProcessInformation</literal> module - has been removed. It was broken since the switch to - cgroups-v2. - </para> - </listitem> - <listitem> - <para> - The <literal>linuxPackages.ati_drivers_x11</literal> kernel - modules have been removed. The drivers only supported kernels - prior to 4.2, and thus have become obsolete. - </para> - </listitem> - <listitem> - <para> - The <literal>systemConfig</literal> kernel parameter is no - longer added to boot loader entries. It has been unused since - September 2010, but if do have a system generation from that - era, you will now be unable to boot into them. - </para> - </listitem> - <listitem> - <para> - <literal>systemd-journal2gelf</literal> no longer parses json - and expects the receiving system to handle it. How to achieve - this with Graylog is described in this - <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub - issue</link>. - </para> - </listitem> - <listitem> - <para> - If the <literal>services.dbus</literal> module is enabled, - then the user D-Bus session is now always socket activated. - The associated options - <literal>services.dbus.socketActivated</literal> and - <literal>services.xserver.startDbusSession</literal> have - therefore been removed and you will receive a warning if they - are present in your configuration. This change makes the user - D-Bus session available also for non-graphical logins. - </para> - </listitem> - <listitem> - <para> - The <literal>networking.wireless.iwd</literal> module now - installs the upstream-provided 80-iwd.link file, which sets - the NamePolicy= for all wlan devices to "keep - kernel", to avoid race conditions between iwd and - networkd. If you don't want this, you can set - <literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>rubyMinimal</literal> was removed due to being unused - and unusable. The default ruby interpreter includes JIT - support, which makes it reference it's compiler. Since JIT - support is probably needed by some Gems, it was decided to - enable this feature with all cc references by default, and - allow to build a Ruby derivation without references to cc, by - setting <literal>jitSupport = false;</literal> in an overlay. - See - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link> - for more info. - </para> - </listitem> - <listitem> - <para> - Setting - <literal>services.openssh.authorizedKeysFiles</literal> now - also affects which keys - <literal>security.pam.enableSSHAgentAuth</literal> will use. - WARNING: If you are using these options in combination do make - sure that any key paths you use are present in - <literal>services.openssh.authorizedKeysFiles</literal>! - </para> - </listitem> - <listitem> - <para> - The option <literal>fonts.enableFontDir</literal> has been - renamed to - <link xlink:href="options.html#opt-fonts.fontDir.enable">fonts.fontDir.enable</link>. - The path of font directory has also been changed to - <literal>/run/current-system/sw/share/X11/fonts</literal>, for - consistency with other X11 resources. - </para> - </listitem> - <listitem> - <para> - A number of options have been renamed in the kicad interface. - <literal>oceSupport</literal> has been renamed to - <literal>withOCE</literal>, <literal>withOCCT</literal> has - been renamed to <literal>withOCC</literal>, - <literal>ngspiceSupport</literal> has been renamed to - <literal>withNgspice</literal>, and - <literal>scriptingSupport</literal> has been renamed to - <literal>withScripting</literal>. Additionally, - <literal>kicad/base.nix</literal> no longer provides default - argument values since these are provided by - <literal>kicad/default.nix</literal>. - </para> - </listitem> - <listitem> - <para> - The socket for the <literal>pdns-recursor</literal> module was - moved from <literal>/var/lib/pdns-recursor</literal> to - <literal>/run/pdns-recursor</literal> to match upstream. - </para> - </listitem> - <listitem> - <para> - Paperwork was updated to version 2. The on-disk format - slightly changed, and it is not possible to downgrade from - Paperwork 2 back to Paperwork 1.3. Back your documents up - before upgrading. See - <link xlink:href="https://forum.openpaper.work/t/paperwork-2-0/112/5">this - thread</link> for more details. - </para> - </listitem> - <listitem> - <para> - PowerDNS has been updated from <literal>4.2.x</literal> to - <literal>4.3.x</literal>. Please be sure to review the - <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade - Notes</link> provided by upstream before upgrading. Worth - specifically noting is that the service now runs entirely as a - dedicated <literal>pdns</literal> user, instead of starting as - <literal>root</literal> and dropping privileges, as well as - the default <literal>socket-dir</literal> location changing - from <literal>/var/lib/powerdns</literal> to - <literal>/run/pdns</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>mediatomb</literal> service is now using by - default the new and maintained fork <literal>gerbera</literal> - package instead of the unmaintained - <literal>mediatomb</literal> package. If you want to keep the - old behavior, you must declare it with: - </para> - <programlisting language="bash"> -{ - services.mediatomb.package = pkgs.mediatomb; -} -</programlisting> - <para> - One new option <literal>openFirewall</literal> has been - introduced which defaults to false. If you relied on the - service declaration to add the firewall rules itself before, - you should now declare it with: - </para> - <programlisting language="bash"> -{ - services.mediatomb.openFirewall = true; -} -</programlisting> - </listitem> - <listitem> - <para> - xfsprogs was update from 4.19 to 5.11. It now enables reflink - support by default on filesystem creation. Support for - reflinks was added with an experimental status to kernel 4.9 - and deemed stable in kernel 4.16. If you want to be able to - mount XFS filesystems created with this release of xfsprogs on - kernel releases older than those, you need to format them with - <literal>mkfs.xfs -m reflink=0</literal>. - </para> - </listitem> - <listitem> - <para> - The uWSGI server is now built with POSIX capabilities. As a - consequence, root is no longer required in emperor mode and - the service defaults to running as the unprivileged - <literal>uwsgi</literal> user. Any additional capability can - be added via the new option - <link xlink:href="options.html#opt-services.uwsgi.capabilities">services.uwsgi.capabilities</link>. - The previous behaviour can be restored by setting: - </para> - <programlisting language="bash"> -{ - services.uwsgi.user = "root"; - services.uwsgi.group = "root"; - services.uwsgi.instance = - { - uid = "uwsgi"; - gid = "uwsgi"; - }; -} -</programlisting> - <para> - Another incompatibility from the previous release is that - vassals running under a different user or group need to use - <literal>immediate-{uid,gid}</literal> instead of the usual - <literal>uid,gid</literal> options. - </para> - </listitem> - <listitem> - <para> - btc1 has been abandoned upstream, and removed. - </para> - </listitem> - <listitem> - <para> - cpp_ethereum (aleth) has been abandoned upstream, and removed. - </para> - </listitem> - <listitem> - <para> - riak-cs package removed along with - <literal>services.riak-cs</literal> module. - </para> - </listitem> - <listitem> - <para> - stanchion package removed along with - <literal>services.stanchion</literal> module. - </para> - </listitem> - <listitem> - <para> - mutt has been updated to a new major version (2.x), which - comes with some backward incompatible changes that are - described in the - <link xlink:href="http://www.mutt.org/relnotes/2.0/">release - notes for Mutt 2.0</link>. - </para> - </listitem> - <listitem> - <para> - <literal>vim</literal> and <literal>neovim</literal> switched - to Python 3, dropping all Python 2 support. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>, - which is off by default, had a <literal>chmod</literal> race - condition fixed. As an aside, the parent directory's - permissions were widened, and the key files were made - owner-writable. This only affects newly created keys. However, - if the exact permissions are important for your setup, read - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link> - previously did nothing, but has been fixed. However its - default has been changed to <literal>false</literal> to - preserve the existing default behaviour. If you have this - explicitly set to <literal>true</literal>, please note that - your non-root pools will now be forcibly imported. - </para> - </listitem> - <listitem> - <para> - openafs now points to openafs_1_8, which is the new stable - release. OpenAFS 1.6 was removed. - </para> - </listitem> - <listitem> - <para> - The WireGuard module gained a new option - <literal>networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds</literal> - that implements refreshing the IP of DNS-based endpoints - periodically (which WireGuard itself - <link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot - do</link>). - </para> - </listitem> - <listitem> - <para> - MariaDB has been updated to 10.5. Before you upgrade, it would - be best to take a backup of your database and read - <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105"> - Incompatible Changes Between 10.4 and 10.5</link>. After the - upgrade you will need to run <literal>mysql_upgrade</literal>. - </para> - </listitem> - <listitem> - <para> - The TokuDB storage engine dropped in mariadb 10.5 and removed - in mariadb 10.6. It is recommended to switch to RocksDB. See - also - <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> - and - <link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: - Remove the TokuDB storage engine</link>. - </para> - </listitem> - <listitem> - <para> - The <literal>openldap</literal> module now has support for - OLC-style configuration, users of the - <literal>configDir</literal> option may wish to migrate. If - you continue to use <literal>configDir</literal>, ensure that - <literal>olcPidFile</literal> is set to - <literal>/run/slapd/slapd.pid</literal>. - </para> - <para> - As a result, <literal>extraConfig</literal> and - <literal>extraDatabaseConfig</literal> are removed. To help - with migration, you can convert your - <literal>slapd.conf</literal> file to OLC configuration with - the following script (find the location of this configuration - file by running <literal>systemctl status openldap</literal>, - it is the <literal>-f</literal> option. - </para> - <programlisting> -$ TMPDIR=$(mktemp -d) -$ slaptest -f /path/to/slapd.conf -F $TMPDIR -$ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' -</programlisting> - <para> - This will dump your current configuration in LDIF format, - which should be straightforward to convert into Nix settings. - This does not show your schema configuration, as this is - unnecessarily verbose for users of the default schemas and - <literal>slaptest</literal> is buggy with schemas directly in - the config file. - </para> - </listitem> - <listitem> - <para> - Amazon EC2 and OpenStack Compute (nova) images now re-fetch - instance meta data and user data from the instance metadata - service (IMDS) on each boot. For example: stopping an EC2 - instance, changing its user data, and restarting the instance - will now cause it to fetch and apply the new user data. - </para> - <warning> - <para> - Specifically, <literal>/etc/ec2-metadata</literal> is - re-populated on each boot. Some NixOS scripts that read from - this directory are guarded to only run if the files they - want to manipulate do not already exist, and so will not - re-apply their changes if the IMDS response changes. - Examples: <literal>root</literal>'s SSH key is only added if - <literal>/root/.ssh/authorized_keys</literal> does not - exist, and SSH host keys are only set from user data if they - do not exist in <literal>/etc/ssh</literal>. - </para> - </warning> - </listitem> - <listitem> - <para> - The <literal>rspamd</literal> services is now sandboxed. It is - run as a dynamic user instead of root, so secrets and other - files may have to be moved or their permissions may have to be - fixed. The sockets are now located in - <literal>/run/rspamd</literal> instead of - <literal>/run</literal>. - </para> - </listitem> - <listitem> - <para> - Enabling the Tor client no longer silently also enables and - configures Privoxy, and the - <literal>services.tor.client.privoxy.enable</literal> option - has been removed. To enable Privoxy, and to configure it to - use Tor's faster port, use the following configuration: - </para> - <programlisting language="bash"> -{ - opt-services.privoxy.enable = true; - opt-services.privoxy.enableTor = true; -} -</programlisting> - </listitem> - <listitem> - <para> - The <literal>services.tor</literal> module has a new - exhaustively typed - <link xlink:href="options.html#opt-services.tor.settings">services.tor.settings</link> - option following RFC 0042; backward compatibility with old - options has been preserved when aliasing was possible. The - corresponding systemd service has been hardened, but there is - a chance that the service still requires more permissions, so - please report any related trouble on the bugtracker. Onion - services v3 are now supported in - <link xlink:href="options.html#opt-services.tor.relay.onionServices">services.tor.relay.onionServices</link>. - A new - <link xlink:href="options.html#opt-services.tor.openFirewall">services.tor.openFirewall</link> - option as been introduced for allowing connections on all the - TCP ports configured. - </para> - </listitem> - <listitem> - <para> - The options - <literal>services.slurm.dbdserver.storagePass</literal> and - <literal>services.slurm.dbdserver.configFile</literal> have - been removed. Use - <literal>services.slurm.dbdserver.storagePassFile</literal> - instead to provide the database password. Extra config options - can be given via the option - <literal>services.slurm.dbdserver.extraConfig</literal>. The - actual configuration file is created on the fly on startup of - the service. This avoids that the password gets exposed in the - nix store. - </para> - </listitem> - <listitem> - <para> - The <literal>wafHook</literal> hook does not wrap Python - anymore. Packages depending on <literal>wafHook</literal> need - to include any Python into their - <literal>nativeBuildInputs</literal>. - </para> - </listitem> - <listitem> - <para> - Starting with version 1.7.0, the project formerly named - <literal>CodiMD</literal> is now named - <literal>HedgeDoc</literal>. New installations will no longer - use the old name for users, state directories and such, this - needs to be considered when moving state to a more recent - NixOS installation. Based on - <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>, - existing installations will continue to work. - </para> - </listitem> - <listitem> - <para> - The fish-foreign-env package has been replaced with - fishPlugins.foreign-env, in which the fish functions have been - relocated to the <literal>vendor_functions.d</literal> - directory to be loaded automatically. - </para> - </listitem> - <listitem> - <para> - The prometheus json exporter is now managed by the prometheus - community. Together with additional features some backwards - incompatibilities were introduced. Most importantly the - exporter no longer accepts a fixed command-line parameter to - specify the URL of the endpoint serving JSON. It now expects - this URL to be passed as an URL parameter, when scraping the - exporter's <literal>/probe</literal> endpoint. In the - prometheus scrape configuration the scrape target might look - like this: - </para> - <programlisting> -http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint -</programlisting> - <para> - Existing configuration for the exporter needs to be updated, - but can partially be re-used. Documentation is available in - the upstream repository and a small example for NixOS is - available in the corresponding NixOS test. - </para> - <para> - These changes also affect - <link xlink:href="options.html#opt-services.prometheus.exporters.rspamd.enable">services.prometheus.exporters.rspamd.enable</link>, - which is just a preconfigured instance of the json exporter. - </para> - <para> - For more information, take a look at the - <link xlink:href="https://github.com/prometheus-community/json_exporter"> - official documentation</link> of the json_exporter. - </para> - </listitem> - <listitem> - <para> - Androidenv was updated, removing the - <literal>includeDocs</literal> and - <literal>lldbVersions</literal> arguments. Docs only covered a - single version of the Android SDK, LLDB is now bundled with - the NDK, and both are no longer available to download from the - Android package repositories. Additionally, since the package - lists have been updated, some older versions of Android - packages may not be bundled. If you depend on older versions - of Android packages, we recommend overriding the repo. - </para> - <para> - Android packages are now loaded from a repo.json file created - by parsing Android repo XML files. The arguments - <literal>repoJson</literal> and <literal>repoXmls</literal> - have been added to allow overriding the built-in androidenv - repo.json with your own. Additionally, license files are now - written to allow compatibility with Gradle-based tools, and - the <literal>extraLicenses</literal> argument has been added - to accept more SDK licenses if your project requires it. See - the androidenv documentation for more details. - </para> - </listitem> - <listitem> - <para> - The attribute <literal>mpi</literal> is now consistently used - to provide a default, system-wide MPI implementation. The - default implementation is openmpi, which has been used before - by all derivations affects by this change. Note that all - packages that have used <literal>mpi ? null</literal> in the - input for optional MPI builds, have been changed to the - boolean input paramater <literal>useMpi</literal> to enable - building with MPI. Building all packages with - <literal>mpich</literal> instead of the default - <literal>openmpi</literal> can now be achived like this: - </para> - <programlisting language="bash"> -self: super: -{ - mpi = super.mpich; -} -</programlisting> - </listitem> - <listitem> - <para> - The Searx module has been updated with the ability to - configure the service declaratively and uWSGI integration. The - option <literal>services.searx.configFile</literal> has been - renamed to - <link xlink:href="options.html#opt-services.searx.settingsFile">services.searx.settingsFile</link> - for consistency with the new - <link xlink:href="options.html#opt-services.searx.settings">services.searx.settings</link>. - In addition, the <literal>searx</literal> uid and gid - reservations have been removed since they were not necessary: - the service is now running with a dynamically allocated uid. - </para> - </listitem> - <listitem> - <para> - The libinput module has been updated with the ability to - configure mouse and touchpad settings separately. The options - in <literal>services.xserver.libinput</literal> have been - renamed to - <literal>services.xserver.libinput.touchpad</literal>, while - there is a new - <literal>services.xserver.libinput.mouse</literal> for mouse - related configuration. - </para> - <para> - Since touchpad options no longer apply to all devices, you may - want to replicate your touchpad configuration in mouse - section. - </para> - </listitem> - <listitem> - <para> - ALSA OSS emulation - (<literal>sound.enableOSSEmulation</literal>) is now disabled - by default. - </para> - </listitem> - <listitem> - <para> - Thinkfan as been updated to <literal>1.2.x</literal>, which - comes with a new YAML based configuration format. For this - reason, several NixOS options of the thinkfan module have been - changed to non-backward compatible types. In addition, a new - <link xlink:href="options.html#opt-services.thinkfan.settings">services.thinkfan.settings</link> - option has been added. - </para> - <para> - Please read the - <link xlink:href="https://github.com/vmatare/thinkfan#readme"> - thinkfan documentation</link> before updating. - </para> - </listitem> - <listitem> - <para> - Adobe Flash Player support has been dropped from the tree. In - particular, the following packages no longer support it: - </para> - <itemizedlist> - <listitem> - <para> - chromium - </para> - </listitem> - <listitem> - <para> - firefox - </para> - </listitem> - <listitem> - <para> - qt48 - </para> - </listitem> - <listitem> - <para> - qt5.qtwebkit - </para> - </listitem> - </itemizedlist> - <para> - Additionally, packages flashplayer and hal-flash were removed - along with the <literal>services.flashpolicyd</literal> - module. - </para> - </listitem> - <listitem> - <para> - The <literal>security.rngd</literal> module has been removed. - It was disabled by default in 20.09 as it was functionally - redundant with krngd in the linux kernel. It is not necessary - for any device that the kernel recognises as an hardware RNG, - as it will automatically run the krngd task to periodically - collect random data from the device and mix it into the - kernel's RNG. - </para> - <para> - The default SMTP port for GitLab has been changed to - <literal>25</literal> from its previous default of - <literal>465</literal>. If you depended on this default, you - should now set the - <link xlink:href="options.html#opt-services.gitlab.smtp.port">services.gitlab.smtp.port</link> - option. - </para> - </listitem> - <listitem> - <para> - The default version of ImageMagick has been updated from 6 to - 7. You can use imagemagick6, imagemagick6_light, and - imagemagick6Big if you need the older version. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.xserver.videoDrivers">services.xserver.videoDrivers</link> - no longer uses the deprecated <literal>cirrus</literal> and - <literal>vesa</literal> device dependent X drivers by default. - It also enables both <literal>amdgpu</literal> and - <literal>nouveau</literal> drivers by default now. - </para> - </listitem> - <listitem> - <para> - The <literal>kindlegen</literal> package is gone, because it - is no longer supported or hosted by Amazon. Sadly, its - replacement, Kindle Previewer, has no Linux support. However, - there are other ways to generate MOBI files. See - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/96439">the - discussion</link> for more info. - </para> - </listitem> - <listitem> - <para> - The apacheKafka packages are now built with version-matched - JREs. Versions 2.6 and above, the ones that recommend it, use - jdk11, while versions below remain on jdk8. The NixOS service - has been adjusted to start the service using the same version - as the package, adjustable with the new - <link xlink:href="options.html#opt-services.apache-kafka.jre">services.apache-kafka.jre</link> - option. Furthermore, the default list of - <link xlink:href="options.html#opt-services.apache-kafka.jvmOptions">services.apache-kafka.jvmOptions</link> - have been removed. You should set your own according to the - <link xlink:href="https://kafka.apache.org/documentation/#java">upstream - documentation</link> for your Kafka version. - </para> - </listitem> - <listitem> - <para> - The kodi package has been modified to allow concise addon - management. Consider the following configuration from previous - releases of NixOS to install kodi, including the - kodiPackages.inputstream-adaptive and kodiPackages.vfs-sftp - addons: - </para> - <programlisting language="bash"> -{ - environment.systemPackages = [ - pkgs.kodi - ]; - - nixpkgs.config.kodi = { - enableInputStreamAdaptive = true; - enableVFSSFTP = true; - }; -} -</programlisting> - <para> - All Kodi <literal>config</literal> flags have been removed, - and as a result the above configuration should now be written - as: - </para> - <programlisting language="bash"> -{ - environment.systemPackages = [ - (pkgs.kodi.withPackages (p: with p; [ - inputstream-adaptive - vfs-sftp - ])) - ]; -} -</programlisting> - </listitem> - <listitem> - <para> - <literal>environment.defaultPackages</literal> now includes - the nano package. If pkgs.nano is not added to the list, make - sure another editor is installed and the - <literal>EDITOR</literal> environment variable is set to it. - Environment variables can be set using - <literal>environment.variables</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>services.minio.dataDir</literal> changed type to a - list of paths, required for specifiyng multiple data - directories for using with erasure coding. Currently, the - service doesn't enforce nor checks the correct number of paths - to correspond to minio requirements. - </para> - </listitem> - <listitem> - <para> - All CUDA toolkit versions prior to CUDA 10 have been removed. - </para> - </listitem> - <listitem> - <para> - The kbdKeymaps package was removed since dvp and neo are now - included in kbd. If you want to use the Programmer Dvorak - Keyboard Layout, you have to use - <literal>dvorak-programmer</literal> in - <literal>console.keyMap</literal> now instead of - <literal>dvp</literal>. In - <literal>services.xserver.xkbVariant</literal> it's still - <literal>dvp</literal>. - </para> - </listitem> - <listitem> - <para> - The babeld service is now being run as an unprivileged user. - To achieve that the module configures - <literal>skip-kernel-setup true</literal> and takes care of - setting forwarding and rp_filter sysctls by itself as well as - for each interface in - <literal>services.babeld.interfaces</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>services.zigbee2mqtt.config</literal> option has - been renamed to - <literal>services.zigbee2mqtt.settings</literal> and now - follows - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link>. - </para> - </listitem> - </itemizedlist> - <para> - The yadm dotfile manager has been updated from 2.x to 3.x, which - has new (XDG) default locations for some data/state files. Most - yadm commands will fail and print a legacy path warning (which - describes how to upgrade/migrate your repository). If you have - scripts, daemons, scheduled jobs, shell profiles, etc. that invoke - yadm, expect them to fail or misbehave until you perform this - migration and prepare accordingly. - </para> - <itemizedlist> - <listitem> - <para> - Instead of determining - <literal>services.radicale.package</literal> automatically - based on <literal>system.stateVersion</literal>, the latest - version is always used because old versions are not officially - supported. - </para> - <para> - Furthermore, Radicale's systemd unit was hardened which might - break some deployments. In particular, a non-default - <literal>filesystem_folder</literal> has to be added to - <literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal> - if the deprecated <literal>services.radicale.config</literal> - is used. - </para> - </listitem> - <listitem> - <para> - In the <literal>security.acme</literal> module, use of - <literal>--reuse-key</literal> parameter for Lego has been - removed. It was introduced for HKPK, but this security feature - is now deprecated. It is a better security practice to rotate - key pairs instead of always keeping the same. If you need to - keep this parameter, you can add it back using - <literal>extraLegoRenewFlags</literal> as an option for the - appropriate certificate. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-21.05-notable-changes"> - <title>Other Notable Changes</title> - <itemizedlist> - <listitem> - <para> - <literal>stdenv.lib</literal> has been deprecated and will - break eval in 21.11. Please use <literal>pkgs.lib</literal> - instead. See - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/108938">#108938</link> - for details. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> - has a <literal>pkgs</literal> attribute set, and there's a - <literal>gnuradio.callPackage</literal> function that extends - <literal>pkgs</literal> with a - <literal>mkDerivation</literal>, and a - <literal>mkDerivationWith</literal>, like Qt5. Now all - <literal>gnuradio.pkgs</literal> are defined with - <literal>gnuradio.callPackage</literal> and some packages that - depend on gnuradio are defined with this as well. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.privoxy.org/">Privoxy</link> has - been updated to version 3.0.32 (See - <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). - Compared to the previous release, Privoxy has gained support - for HTTPS inspection (still experimental), Brotli - decompression, several new filters and lots of bug fixes, - including security ones. In addition, the package is now built - with compression and external filters support, which were - previously disabled. - </para> - <para> - Regarding the NixOS module, new options for HTTPS inspection - have been added and - <literal>services.privoxy.extraConfig</literal> has been - replaced by the new - <link xlink:href="options.html#opt-services.privoxy.settings">services.privoxy.settings</link> - (See - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link> for the motivation). - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://kodi.tv/">Kodi</link> has been - updated to version 19.1 "Matrix". See the - <link xlink:href="https://kodi.tv/article/kodi-19-0-matrix-release">announcement</link> - for further details. - </para> - </listitem> - <listitem> - <para> - The <literal>services.packagekit.backend</literal> option has - been removed as it only supported a single setting which would - always be the default. Instead new - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link> compliant - <link xlink:href="options.html#opt-services.packagekit.settings">services.packagekit.settings</link> - and - <link xlink:href="options.html#opt-services.packagekit.vendorSettings">services.packagekit.vendorSettings</link> - options have been introduced. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://nginx.org">Nginx</link> has been - updated to stable version 1.20.0. Now nginx uses the zlib-ng - library by default. - </para> - </listitem> - <listitem> - <para> - KDE Gear (formerly KDE Applications) is upgraded to 21.04, see - its - <link xlink:href="https://kde.org/announcements/gear/21.04/">release - notes</link> for details. - </para> - <para> - The <literal>kdeApplications</literal> package set is now - <literal>kdeGear</literal>, in keeping with the new name. The - old name remains for compatibility, but it is deprecated. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://libreswan.org/">Libreswan</link> has - been updated to version 4.4. The package now includes example - configurations and manual pages by default. The NixOS module - has been changed to use the upstream systemd units and write - the configuration in the <literal>/etc/ipsec.d/ </literal> - directory. In addition, two new options have been added to - specify connection policies - (<link xlink:href="options.html#opt-services.libreswan.policies">services.libreswan.policies</link>) - and disable send/receive redirects - (<link xlink:href="options.html#opt-services.libreswan.disableRedirects">services.libreswan.disableRedirects</link>). - </para> - </listitem> - <listitem> - <para> - The Mailman NixOS module (<literal>services.mailman</literal>) - has a new option - <link xlink:href="options.html#opt-services.mailman.enablePostfix">services.mailman.enablePostfix</link>, - defaulting to true, that controls integration with Postfix. - </para> - <para> - If this option is disabled, default MTA config becomes not set - and you should set the options in - <literal>services.mailman.settings.mta</literal> according to - the desired configuration as described in - <link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman - documentation</link>. - </para> - </listitem> - <listitem> - <para> - The default-version of <literal>nextcloud</literal> is - nextcloud21. Please note that it's <emphasis>not</emphasis> - possible to upgrade <literal>nextcloud</literal> across - multiple major versions! This means that it's e.g. not - possible to upgrade from nextcloud18 to nextcloud20 in a - single deploy and most <literal>20.09</literal> users will - have to upgrade to nextcloud20 first. - </para> - <para> - The package can be manually upgraded by setting - <link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link> - to nextcloud21. - </para> - </listitem> - <listitem> - <para> - The setting - <link xlink:href="options.html#opt-services.redis.bind">services.redis.bind</link> - defaults to <literal>127.0.0.1</literal> now, making Redis - listen on the loopback interface only, and not all public - network interfaces. - </para> - </listitem> - <listitem> - <para> - NixOS now emits a deprecation warning if systemd's - <literal>StartLimitInterval</literal> setting is used in a - <literal>serviceConfig</literal> section instead of in a - <literal>unitConfig</literal>; that setting is deprecated and - now undocumented for the service section by systemd upstream, - but still effective and somewhat buggy there, which can be - confusing. See - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> - for details. - </para> - <para> - All services should use - <link xlink:href="options.html#opt-systemd.services._name_.startLimitIntervalSec">systemd.services.<emphasis>name</emphasis>.startLimitIntervalSec</link> - or <literal>StartLimitIntervalSec</literal> in - <link xlink:href="options.html#opt-systemd.services._name_.unitConfig">systemd.services.<emphasis>name</emphasis>.unitConfig</link> - instead. - </para> - </listitem> - <listitem> - <para> - The <literal>mediatomb</literal> service declares new options. - It also adapts existing options so the configuration - generation is now lazy. The existing option - <literal>customCfg</literal> (defaults to false), when - enabled, stops the service configuration generation - completely. It then expects the users to provide their own - correct configuration at the right location (whereas the - configuration was generated and not used at all before). The - new option <literal>transcodingOption</literal> (defaults to - no) allows a generated configuration. It makes the mediatomb - service pulls the necessary runtime dependencies in the nix - store (whereas it was generated with hardcoded values before). - The new option <literal>mediaDirectories</literal> allows the - users to declare autoscan media directories from their nixos - configuration: - </para> - <programlisting language="bash"> -{ - services.mediatomb.mediaDirectories = [ - { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } - { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } - ]; -} -</programlisting> - </listitem> - <listitem> - <para> - The Unbound DNS resolver service - (<literal>services.unbound</literal>) has been refactored to - allow reloading, control sockets and to fix startup ordering - issues. - </para> - <para> - It is now possible to enable a local UNIX control socket for - unbound by setting the - <link xlink:href="options.html#opt-services.unbound.localControlSocketPath">services.unbound.localControlSocketPath</link> - option. - </para> - <para> - Previously we just applied a very minimal set of restrictions - and trusted unbound to properly drop root privs and - capabilities. - </para> - <para> - As of this we are (for the most part) just using the upstream - example unit file for unbound. The main difference is that we - start unbound as <literal>unbound</literal> user with the - required capabilities instead of letting unbound do the chroot - & uid/gid changes. - </para> - <para> - The upstream unit configuration this is based on is a lot - stricter with all kinds of permissions then our previous - variant. It also came with the default of having the - <literal>Type</literal> set to <literal>notify</literal>, - therefore we are now also using the - <literal>unbound-with-systemd</literal> package here. Unbound - will start up, read the configuration files and start - listening on the configured ports before systemd will declare - the unit <literal>active (running)</literal>. This will likely - help with startup order and the occasional race condition - during system activation where the DNS service is started but - not yet ready to answer queries. Services depending on - <literal>nss-lookup.target</literal> or - <literal>unbound.service</literal> are now be able to use - unbound when those targets have been reached. - </para> - <para> - Additionally to the much stricter runtime environment the - <literal>/dev/urandom</literal> mount lines we previously had - in the code (that randomly failed during the stop-phase) have - been removed as systemd will take care of those for us. - </para> - <para> - The <literal>preStart</literal> script is now only required if - we enabled the trust anchor updates (which are still enabled - by default). - </para> - <para> - Another benefit of the refactoring is that we can now issue - reloads via either <literal>pkill -HUP unbound</literal> and - <literal>systemctl reload unbound</literal> to reload the - running configuration without taking the daemon offline. A - prerequisite of this was that unbound configuration is - available on a well known path on the file system. We are - using the path <literal>/etc/unbound/unbound.conf</literal> as - that is the default in the CLI tooling which in turn enables - us to use <literal>unbound-control</literal> without passing a - custom configuration location. - </para> - <para> - The module has also been reworked to be - <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link> compliant. As such, - <literal>sevices.unbound.extraConfig</literal> has been - removed and replaced by - <link xlink:href="options.html#opt-services.unbound.settings">services.unbound.settings</link>. - <literal>services.unbound.interfaces</literal> has been - renamed to - <literal>services.unbound.settings.server.interface</literal>. - </para> - <para> - <literal>services.unbound.forwardAddresses</literal> and - <literal>services.unbound.allowedAccess</literal> have also - been changed to use the new settings interface. You can follow - the instructions when executing - <literal>nixos-rebuild</literal> to upgrade your configuration - to use the new interface. - </para> - </listitem> - <listitem> - <para> - The <literal>services.dnscrypt-proxy2</literal> module now - takes the upstream's example configuration and updates it with - the user's settings. An option has been added to restore the - old behaviour if you prefer to declare the configuration from - scratch. - </para> - </listitem> - <listitem> - <para> - NixOS now defaults to the unified cgroup hierarchy - (cgroupsv2). See the - <link xlink:href="https://www.redhat.com/sysadmin/fedora-31-control-group-v2">Fedora - Article for 31</link> for details on why this is desirable, - and how it impacts containers. - </para> - <para> - If you want to run containers with a runtime that does not yet - support cgroupsv2, you can switch back to the old behaviour by - setting - <link xlink:href="options.html#opt-systemd.enableUnifiedCgroupHierarchy">systemd.enableUnifiedCgroupHierarchy</link> - = <literal>false</literal>; and rebooting. - </para> - </listitem> - <listitem> - <para> - PulseAudio was upgraded to 14.0, with changes to the handling - of default sinks. See its - <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release - notes</link>. - </para> - </listitem> - <listitem> - <para> - GNOME users may wish to delete their - <literal>~/.config/pulse</literal> due to the changes to - stream routing logic. See - <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio - bug 832</link> for more information. - </para> - </listitem> - <listitem> - <para> - The zookeeper package does not provide - <literal>zooInspector.sh</literal> anymore, as that - "contrib" has been dropped from upstream releases. - </para> - </listitem> - <listitem> - <para> - In the ACME module, the data used to build the hash for the - account directory has changed to accomodate new features to - reduce account rate limit issues. This will trigger new - account creation on the first rebuild following this update. - No issues are expected to arise from this, thanks to the new - account creation handling. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-users.users._name_.createHome">users.users.<emphasis>name</emphasis>.createHome</link> - now always ensures home directory permissions to be - <literal>0700</literal>. Permissions had previously been - ignored for already existing home directories, possibly - leaving them readable by others. The option's description was - incorrect regarding ownership management and has been - simplified greatly. - </para> - </listitem> - <listitem> - <para> - When defining a new user, one of - <link xlink:href="options.html#opt-users.users._name_.isNormalUser">users.users.<emphasis>name</emphasis>.isNormalUser</link> - and - <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> - is now required. This is to prevent accidentally giving a UID - above 1000 to system users, which could have unexpected - consequences, like running user activation scripts for system - users. Note that users defined with an explicit UID below 500 - are exempted from this check, as - <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> - has no effect for those. - </para> - </listitem> - <listitem> - <para> - The <literal>security.apparmor</literal> module, for the - <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> - Mandatory Access Control system, has been substantialy - improved along with related tools, so that module maintainers - can now more easily write AppArmor profiles for NixOS. The - most notable change on the user-side is the new option - <link xlink:href="options.html#opt-security.apparmor.policies">security.apparmor.policies</link>, - replacing the previous <literal>profiles</literal> option to - provide a way to disable a profile and to select whether to - confine in enforce mode (default) or in complain mode (see - <literal>journalctl -b --grep apparmor</literal>). - Security-minded users may also want to enable - <link xlink:href="options.html#opt-security.apparmor.killUnconfinedConfinables">security.apparmor.killUnconfinedConfinables</link>, - at the cost of having some of their processes killed when - updating to a NixOS version introducing new AppArmor profiles. - </para> - </listitem> - <listitem> - <para> - The GNOME desktop manager once again installs gnome.epiphany - by default. - </para> - </listitem> - <listitem> - <para> - NixOS now generates empty <literal>/etc/netgroup</literal>. - <literal>/etc/netgroup</literal> defines network-wide groups - and may affect to setups using NIS. - </para> - </listitem> - <listitem> - <para> - Platforms, like <literal>stdenv.hostPlatform</literal>, no - longer have a <literal>platform</literal> attribute. It has - been (mostly) flattened away: - </para> - <itemizedlist> - <listitem> - <para> - <literal>platform.gcc</literal> is now - <literal>gcc</literal> - </para> - </listitem> - <listitem> - <para> - <literal>platform.kernel*</literal> is now - <literal>linux-kernel.*</literal> - </para> - </listitem> - </itemizedlist> - <para> - Additionally, <literal>platform.kernelArch</literal> moved to - the top level as <literal>linuxArch</literal> to match the - other <literal>*Arch</literal> variables. - </para> - <para> - The <literal>platform</literal> grouping of these things never - meant anything, and was just a historial/implementation - artifact that was overdue removal. - </para> - </listitem> - <listitem> - <para> - <literal>services.restic</literal> now uses a dedicated cache - directory for every backup defined in - <literal>services.restic.backups</literal>. The old global - cache directory, <literal>/root/.cache/restic</literal>, is - now unused and can be removed to free up disk space. - </para> - </listitem> - <listitem> - <para> - <literal>isync</literal>: The <literal>isync</literal> - compatibility wrapper was removed and the Master/Slave - terminology has been deprecated and should be replaced with - Far/Near in the configuration file. - </para> - </listitem> - <listitem> - <para> - The nix-gc service now accepts randomizedDelaySec (default: 0) - and persistent (default: true) parameters. By default nix-gc - will now run immediately if it would have been triggered at - least once during the time when the timer was inactive. - </para> - </listitem> - <listitem> - <para> - The <literal>rustPlatform.buildRustPackage</literal> function - is split into several hooks: cargoSetupHook to set up - vendoring for Cargo-based projects, cargoBuildHook to build a - project using Cargo, cargoInstallHook to install a project - using Cargo, and cargoCheckHook to run tests in Cargo-based - projects. With this change, mixed-language projects can use - the relevant hooks within builders other than - <literal>buildRustPackage</literal>. However, these changes - also required several API changes to - <literal>buildRustPackage</literal> itself: - </para> - <itemizedlist> - <listitem> - <para> - The <literal>target</literal> argument was removed. - Instead, <literal>buildRustPackage</literal> will always - use the same target as the C/C++ compiler that is used. - </para> - </listitem> - <listitem> - <para> - The <literal>cargoParallelTestThreads</literal> argument - was removed. Parallel tests are now disabled through - <literal>dontUseCargoParallelTests</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>rustPlatform.maturinBuildHook</literal> hook was - added. This hook can be used with - <literal>buildPythonPackage</literal> to build Python packages - that are written in Rust and use Maturin as their build tool. - </para> - </listitem> - <listitem> - <para> - Kubernetes has - <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated - docker</link> as container runtime. As a consequence, the - Kubernetes module now has support for configuration of custom - remote container runtimes and enables containerd by default. - Note that containerd is more strict regarding container image - OCI-compliance. As an example, images with CMD or ENTRYPOINT - defined as strings (not lists) will fail on containerd, while - working fine on docker. Please test your setup and container - images with containerd prior to upgrading. - </para> - </listitem> - <listitem> - <para> - The GitLab module now has support for automatic backups. A - schedule can be set with the - <link xlink:href="options.html#opt-services.gitlab.backup.startAt">services.gitlab.backup.startAt</link> - option. - </para> - </listitem> - <listitem> - <para> - Prior to this release, systemd would also read system units - from an undocumented - <literal>/etc/systemd-mutable/system</literal> path. This path - has been dropped from the defaults. That path (or others) can - be re-enabled by adding it to the - <link xlink:href="options.html#opt-boot.extraSystemdUnitPaths">boot.extraSystemdUnitPaths</link> - list. - </para> - </listitem> - <listitem> - <para> - PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle - and has been removed. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.xfce.org/">Xfce4</link> relies - on GIO/GVfs for userspace virtual filesystem access in - applications like - <link xlink:href="https://docs.xfce.org/xfce/thunar/">thunar</link> - and - <link xlink:href="https://docs.xfce.org/apps/gigolo/">gigolo</link>. - For that to work, the gvfs nixos service is enabled by - default, and it can be configured with the specific package - that provides GVfs. Until now Xfce4 was setting it to use a - lighter version of GVfs (without support for samba). To avoid - conflicts with other desktop environments this setting has - been dropped. Users that still want it should add the - following to their system configuration: - </para> - <programlisting language="bash"> -{ - services.gvfs.package = pkgs.gvfs.override { samba = null; }; -} -</programlisting> - </listitem> - <listitem> - <para> - The newly enabled <literal>systemd-pstore.service</literal> - now automatically evacuates crashdumps and panic logs from the - persistent storage to - <literal>/var/lib/systemd/pstore</literal>. This prevents - NVRAM from filling up, which ensures the latest diagnostic - data is always stored and alleviates problems with writing new - boot configurations. - </para> - </listitem> - <listitem> - <para> - Nixpkgs now contains - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically - packaged GNOME Shell extensions</link> from the - <link xlink:href="https://extensions.gnome.org/">GNOME - Extensions</link> portal. You can find them, filed by their - UUID, under <literal>gnome38Extensions</literal> attribute for - GNOME 3.38 and under <literal>gnome40Extensions</literal> for - GNOME 40. Finally, the <literal>gnomeExtensions</literal> - attribute contains extensions for the latest GNOME Shell - version in Nixpkgs, listed under a more human-friendly name. - The unqualified attribute scope also contains manually - packaged extensions. Note that the automatically packaged - extensions are provided for convenience and are not checked or - guaranteed to work. - </para> - </listitem> - <listitem> - <para> - Erlang/OTP versions older than R21 got dropped. We also - dropped the cuter package, as it was purely an example of how - to build a package. We also dropped <literal>lfe_1_2</literal> - as it could not build with R21+. Moving forward, we expect to - only support 3 yearly releases of OTP. - </para> - </listitem> - </itemizedlist> - </section> -</section> |