<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11">
<title>Release 21.11 (“?”, 2021.11/??)</title>
<para>
In addition to numerous new and upgraded packages, this release has
the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Support is planned until the end of June 2022, handing over to
22.05.
</para>
</listitem>
</itemizedlist>
<section xml:id="sec-release-21.11-highlights">
<title>Highlights</title>
<itemizedlist>
<listitem>
<para>
PHP now defaults to PHP 8.0, updated from 7.4.
</para>
</listitem>
<listitem>
<para>
kOps now defaults to 1.21.0, which uses containerd as the
default runtime.
</para>
</listitem>
<listitem>
<para>
<literal>python3</literal> now defaults to Python 3.9, updated
from Python 3.8.
</para>
</listitem>
<listitem>
<para>
PostgreSQL now defaults to major version 13.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-new-services">
<title>New Services</title>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://digint.ch/btrbk/index.html">btrbk</link>,
a backup tool for btrfs subvolumes, taking advantage of btrfs
specific capabilities to create atomic snapshots and transfer
them incrementally to your backup locations. Available as
<link xlink:href="options.html#opt-services.brtbk.instances">services.btrbk</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/xrelkd/clipcat/">clipcat</link>,
an X11 clipboard manager written in Rust. Available at
[services.clipcat](options.html#o pt-services.clipcat.enable).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/maxmind/geoipupdate">geoipupdate</link>,
a GeoIP database updater from MaxMind. Available as
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs
2nd generation DHCP and DDNS server suite. Available at
<link xlink:href="options.html#opt-services.kea">services.kea</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a
collection of tools useful for software development. Available
as
<link xlink:href="options.html#opt-services.sourcehut.enable">services.sourcehut</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://download.pureftpd.org/pub/ucarp/README">ucarp</link>,
an userspace implementation of the Common Address Redundancy
Protocol (CARP). Available as
<link xlink:href="options.html#opt-networking.ucarp.enable">networking.ucarp</link>.
</para>
</listitem>
<listitem>
<para>
Users of flashrom should migrate to
<link xlink:href="options.html#opt-programs.flashrom.enable">programs.flashrom.enable</link>
and add themselves to the <literal>flashrom</literal> group to
be able to access programmers supported by flashrom.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://vikunja.io">vikunja</link>, a to-do
list app. Available as
<link linkend="opt-services.vikunja.enable">services.vikunja</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.snapraid.it/">snapraid</link>, a
backup program for disk arrays. Available as
<link linkend="opt-snapraid.enable">snapraid</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/hockeypuck/hockeypuck">Hockeypuck</link>,
a OpenPGP Key Server. Available as
<link linkend="opt-services.hockeypuck.enable">services.hockeypuck</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/buildkite/buildkite-agent-metrics">buildkite-agent-metrics</link>,
a command-line tool for collecting Buildkite agent metrics,
now has a Prometheus exporter available as
<link linkend="opt-services.prometheus.exporters.buildkite-agent.enable">services.prometheus.exporters.buildkite-agent</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
The <literal>staticjinja</literal> package has been upgraded
from 1.0.4 to 3.0.1
</para>
</listitem>
<listitem>
<para>
<literal>services.geoip-updater</literal> was broken and has
been replaced by
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
</para>
</listitem>
<listitem>
<para>
PHP 7.3 is no longer supported due to upstream not supporting
this version for the entire lifecycle of the 21.11 release.
</para>
</listitem>
<listitem>
<para>
Those making use of <literal>buildBazelPackage</literal> will
need to regenerate the fetch hashes (preferred), or set
<literal>fetchConfigured = false;</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>consul</literal> was upgraded to a new major release
with breaking changes, see
<link xlink:href="https://github.com/hashicorp/consul/releases/tag/v1.10.0">upstream
changelog</link>.
</para>
</listitem>
<listitem>
<para>
fsharp41 has been removed in preference to use the latest
dotnet-sdk
</para>
</listitem>
<listitem>
<para>
The following F#-related packages have been removed for being
unmaintaned. Please use <literal>fetchNuGet</literal> for
specific packages.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
ExtCore
</para>
</listitem>
<listitem>
<para>
Fake
</para>
</listitem>
<listitem>
<para>
Fantomas
</para>
</listitem>
<listitem>
<para>
FsCheck
</para>
</listitem>
<listitem>
<para>
FsCheck262
</para>
</listitem>
<listitem>
<para>
FsCheckNunit
</para>
</listitem>
<listitem>
<para>
FSharpAutoComplete
</para>
</listitem>
<listitem>
<para>
FSharpCompilerCodeDom
</para>
</listitem>
<listitem>
<para>
FSharpCompilerService
</para>
</listitem>
<listitem>
<para>
FSharpCompilerTools
</para>
</listitem>
<listitem>
<para>
FSharpCore302
</para>
</listitem>
<listitem>
<para>
FSharpCore3125
</para>
</listitem>
<listitem>
<para>
FSharpCore4001
</para>
</listitem>
<listitem>
<para>
FSharpCore4117
</para>
</listitem>
<listitem>
<para>
FSharpData
</para>
</listitem>
<listitem>
<para>
FSharpData225
</para>
</listitem>
<listitem>
<para>
FSharpDataSQLProvider
</para>
</listitem>
<listitem>
<para>
FSharpFormatting
</para>
</listitem>
<listitem>
<para>
FsLexYacc
</para>
</listitem>
<listitem>
<para>
FsLexYacc706
</para>
</listitem>
<listitem>
<para>
FsLexYaccRuntime
</para>
</listitem>
<listitem>
<para>
FsPickler
</para>
</listitem>
<listitem>
<para>
FsUnit
</para>
</listitem>
<listitem>
<para>
Projekt
</para>
</listitem>
<listitem>
<para>
Suave
</para>
</listitem>
<listitem>
<para>
UnionArgParser
</para>
</listitem>
<listitem>
<para>
ExcelDnaRegistration
</para>
</listitem>
<listitem>
<para>
MathNetNumerics
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>programs.x2goserver</literal> is now
<literal>services.x2goserver</literal>
</para>
</listitem>
<listitem>
<para>
The following dotnet-related packages have been removed for
being unmaintaned. Please use <literal>fetchNuGet</literal>
for specific packages.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Autofac
</para>
</listitem>
<listitem>
<para>
SystemValueTuple
</para>
</listitem>
<listitem>
<para>
MicrosoftDiaSymReader
</para>
</listitem>
<listitem>
<para>
MicrosoftDiaSymReaderPortablePdb
</para>
</listitem>
<listitem>
<para>
SystemCollectionsImmutable
</para>
</listitem>
<listitem>
<para>
SystemCollectionsImmutable131
</para>
</listitem>
<listitem>
<para>
SystemReflectionMetadata
</para>
</listitem>
<listitem>
<para>
NUnit350
</para>
</listitem>
<listitem>
<para>
Deedle
</para>
</listitem>
<listitem>
<para>
ExcelDna
</para>
</listitem>
<listitem>
<para>
GitVersionTree
</para>
</listitem>
<listitem>
<para>
NDeskOptions
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
The <literal>antlr</literal> package now defaults to the 4.x
release instead of the old 2.7.7 version.
</para>
</listitem>
<listitem>
<para>
The <literal>pulseeffects</literal> package updated to
<link xlink:href="https://github.com/wwmm/easyeffects/releases/tag/v6.0.0">version
4.x</link> and renamed to <literal>easyeffects</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>libwnck</literal> package now defaults to the 3.x
release instead of the old 2.31.0 version.
</para>
</listitem>
<listitem>
<para>
The <literal>bitwarden_rs</literal> packages and modules were
renamed to <literal>vaultwarden</literal>
<link xlink:href="https://github.com/dani-garcia/vaultwarden/discussions/1642">following
upstream</link>. More specifically,
</para>
<itemizedlist>
<listitem>
<para>
<literal>pkgs.bitwarden_rs</literal>,
<literal>pkgs.bitwarden_rs-sqlite</literal>,
<literal>pkgs.bitwarden_rs-mysql</literal> and
<literal>pkgs.bitwarden_rs-postgresql</literal> were
renamed to <literal>pkgs.vaultwarden</literal>,
<literal>pkgs.vaultwarden-sqlite</literal>,
<literal>pkgs.vaultwarden-mysql</literal> and
<literal>pkgs.vaultwarden-postgresql</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The <literal>bitwarden_rs</literal> executable was
also renamed to <literal>vaultwarden</literal> in all
packages.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> was renamed to
<literal>pkgs.vaultwarden-vault</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>pkgs.bitwarden_rs-vault</literal> is
preserved as an alias for backwards compatibility, but
may be removed in the future.
</para>
</listitem>
<listitem>
<para>
The static files were moved from
<literal>/usr/share/bitwarden_rs</literal> to
<literal>/usr/share/vaultwarden</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>services.bitwarden_rs</literal> config module
was renamed to <literal>services.vaultwarden</literal>.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.bitwarden_rs</literal> is preserved
as an alias for backwards compatibility, but may be
removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>systemd.services.bitwarden_rs</literal>,
<literal>systemd.services.backup-bitwarden_rs</literal>
and <literal>systemd.timers.backup-bitwarden_rs</literal>
were renamed to
<literal>systemd.services.vaultwarden</literal>,
<literal>systemd.services.backup-vaultwarden</literal> and
<literal>systemd.timers.backup-vaultwarden</literal>,
respectively.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>users.users.bitwarden_rs</literal> and
<literal>users.groups.bitwarden_rs</literal> were renamed
to <literal>users.users.vaultwarden</literal> and
<literal>users.groups.vaultwarden</literal>, respectively.
</para>
</listitem>
<listitem>
<para>
The data directory remains located at
<literal>/var/lib/bitwarden_rs</literal>, for backwards
compatibility.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<literal>yggdrasil</literal> was upgraded to a new major
release with breaking changes, see
<link xlink:href="https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0">upstream
changelog</link>.
</para>
</listitem>
<listitem>
<para>
<literal>icingaweb2</literal> was upgraded to a new release
which requires a manual database upgrade, see
<link xlink:href="https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0">upstream
changelog</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>isabelle</literal> package has been upgraded from
2020 to 2021
</para>
</listitem>
<listitem>
<para>
the <literal>mingw-64</literal> package has been upgraded from
6.0.0 to 9.0.0
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
The setting
<link xlink:href="options.html#opt-services.openssh.logLevel"><literal>services.openssh.logLevel</literal></link>
<literal>"VERBOSE"</literal>
<literal>"INFO"</literal>. This brings NixOS in line
with upstream and other Linux distributions, and reduces log
spam on servers due to bruteforcing botnets.
</para>
<para>
However, if
<link xlink:href="options.html#opt-services.fail2ban.enable"><literal>services.fail2ban.enable</literal></link>
is <literal>true</literal>, the <literal>fail2ban</literal>
will override the verbosity to
<literal>"VERBOSE"</literal>, so that
<literal>fail2ban</literal> can observe the failed login
attempts from the SSH logs.
</para>
</listitem>
<listitem>
<para>
Sway: The terminal emulator <literal>rxvt-unicode</literal> is
no longer installed by default via
<literal>programs.sway.extraPackages</literal>. The current
default configuration uses <literal>alacritty</literal> (and
soon <literal>foot</literal>) so this is only an issue when
using a customized configuration and not installing
<literal>rxvt-unicode</literal> explicitly.
</para>
</listitem>
<listitem>
<para>
<literal>python3</literal> now defaults to Python 3.9. Python
3.9 introduces many deprecation warnings, please look at the
<link xlink:href="https://docs.python.org/3/whatsnew/3.9.html">What’s
New In Python 3.9 post</link> for more information.
</para>
</listitem>
<listitem>
<para>
The <literal>claws-mail</literal> package now references the
new GTK+ 3 release branch, major version 4. To use the GTK+ 2
releases, one can install the
<literal>claws-mail-gtk2</literal> package.
</para>
</listitem>
<listitem>
<para>
The wordpress module provides a new interface which allows to
use different webservers with the new option
<link xlink:href="options.html#opt-services.wordpress.webserver"><literal>services.wordpress.webserver</literal></link>.
Currently <literal>httpd</literal> and
<literal>nginx</literal> are supported. The definitions of
wordpress sites should now be set in
<link xlink:href="options.html#opt-services.wordpress.sites"><literal>services.wordpress.sites</literal></link>.
</para>
<para>
Sites definitions that use the old interface are automatically
migrated in the new option. This backward compatibility will
be removed in 22.05.
</para>
</listitem>
<listitem>
<para>
The order of NSS (host) modules has been brought in line with
upstream recommendations:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The <literal>myhostname</literal> module is placed before
the <literal>resolve</literal> (optional) and
<literal>dns</literal> entries, but after
<literal>file</literal> (to allow overriding via
<literal>/etc/hosts</literal> /
<literal>networking.extraHosts</literal>, and prevent ISPs
with catchall-DNS resolvers from hijacking
<literal>.localhost</literal> domains)
</para>
</listitem>
<listitem>
<para>
The <literal>mymachines</literal> module, which provides
hostname resolution for local containers (registered with
<literal>systemd-machined</literal>) is placed to the
front, to make sure its mappings are preferred over other
resolvers.
</para>
</listitem>
<listitem>
<para>
If systemd-networkd is enabled, the
<literal>resolve</literal> module is placed before
<literal>files</literal> and
<literal>myhostname</literal>, as it provides the same
logic internally, with caching.
</para>
</listitem>
<listitem>
<para>
The <literal>mdns(_minimal)</literal> module has been
updated to the new priorities.
</para>
</listitem>
</itemizedlist>
<para>
If you use your own NSS host modules, make sure to update your
priorities according to these rules:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
NSS modules which should be queried before
<literal>resolved</literal> DNS resolution should use
mkBefore.
</para>
</listitem>
<listitem>
<para>
NSS modules which should be queried after
<literal>resolved</literal>, <literal>files</literal> and
<literal>myhostname</literal>, but before
<literal>dns</literal> should use the default priority
</para>
</listitem>
<listitem>
<para>
NSS modules which should come after <literal>dns</literal>
should use mkAfter.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The
<link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link>
module has a new
<link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link>
option.
</para>
</listitem>
</itemizedlist>
</section>
</section>