<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05">
<title>Release 22.05 (“Quokka”, 2022.05/??)</title>
<para>
In addition to numerous new and upgraded packages, this release has
the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Support is planned until the end of December 2022, handing over
to 22.11.
</para>
</listitem>
</itemizedlist>
<section xml:id="sec-release-22.05-highlights">
<title>Highlights</title>
<itemizedlist>
<listitem>
<para>
<literal>security.acme.defaults</literal> has been added to
simplify configuring settings for many certificates at once.
This also opens up the the option to use DNS-01 validation
when using <literal>enableACME</literal> on web server virtual
hosts (e.g.
<literal>services.nginx.virtualHosts.*.enableACME</literal>).
</para>
</listitem>
<listitem>
<para>
PHP 8.1 is now available
</para>
</listitem>
<listitem>
<para>
Mattermost has been updated to extended support release 6.3,
as the previously packaged extended support release 5.37 is
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
its end of life</link>. Migrations may take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
and
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
upgrade notes</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-new-services">
<title>New Services</title>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
the Intel SGX Architectural Enclave Service Manager. Available
as
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless
Docker</link>, a <literal>systemd --user</literal> Docker
service which runs without root permissions. Available as
<link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://conduit.rs/">matrix-conduit</link>,
a simple, fast and reliable chat server powered by matrix.
Available as
<link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
a lightweight shipper for forwarding and centralizing log
data. Available as
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>,
a kernel module for mounting the Apple File System (APFS).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://frrouting.org/">FRRouting</link>, a
popular suite of Internet routing protocol daemons (BGP, BFD,
OSPF, IS-IS, VVRP and others). Available as
<link linkend="opt-services.ffr.babel.enable">services.frr</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>,
a bouncer-style Matrix IRC bridge. Available as
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://ergo.chat">ergochat</link>, a modern
IRC with IRCv3 features. Available as
<link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
a web interface for the PowerDNS server. Available at
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
web application for managing and creating invoices. Available
at
<link xlink:href="options.html#opt-services.invoiceplane.enable">services.invoiceplane</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>,
a Prometheus exporter for mtr metrics. Available as
<link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
a C# application with primary purpose of idling Steam cards
from multiple accounts simultaneously. Available as
<link xlink:href="options.html#opt-services.archisteamfarm.enable">services.archisteamfarm</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://goteleport.com">teleport</link>,
allows engineers and security professionals to unify access
for SSH servers, Kubernetes clusters, web applications, and
databases across all environments. Available at
<link linkend="opt-services.teleport.enable">services.teleport</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://loic-sharma.github.io/BaGet/">BaGet</link>,
a lightweight NuGet and symbol server. Available at
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://moosefs.com">moosefs</link>, fault
tolerant petabyte distributed file system. Available as
<link linkend="opt-services.moosefs">moosefs</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
a server for handling XMPP HTTP Upload requests. Available at
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>,
an online collaborative spreadsheet. Available as
<link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://timetagger.app">timetagger</link>,
an open source time-tracker with an intuitive user experience
and powerful reporting.
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
a browser-based version of the RStudio IDE for the R
programming language. Available as
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/juanfont/headscale">headscale</link>,
an Open Source implementation of the
<link xlink:href="https://tailscale.io">Tailscale</link>
Control Server. Available as
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
<literal>pkgs.ghc</literal> now refers to
<literal>pkgs.targetPackages.haskellPackages.ghc</literal>.
This <emphasis>only</emphasis> makes a difference if you are
cross-compiling and will ensure that
<literal>pkgs.ghc</literal> always runs on the host platform
and compiles for the target platform (similar to
<literal>pkgs.gcc</literal> for example).
<literal>haskellPackages.ghc</literal> still behaves as
before, running on the build platform and compiling for the
host platform (similar to <literal>stdenv.cc</literal>). This
means you don’t have to adjust your derivations if you use
<literal>haskellPackages.callPackage</literal>, but when using
<literal>pkgs.callPackage</literal> and taking
<literal>ghc</literal> as an input, you should now use
<literal>buildPackages.ghc</literal> instead to ensure cross
compilation keeps working (or switch to
<literal>haskellPackages.callPackage</literal>).
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
because org elpa is deprecated. The packages in the top level
of <literal>pkgs.emacsPackages</literal>, such as org and
org-contrib, refer to the ones in
<literal>pkgs.emacsPackages.elpaPackages</literal> and
<literal>pkgs.emacsPackages.nongnuPackages</literal> where the
new versions will release.
</para>
</listitem>
<listitem>
<para>
<literal>services.kubernetes.addons.dashboard</literal> was
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
The DHCP server (<literal>services.dhcpd4</literal>,
<literal>services.dhcpd6</literal>) has been hardened. The
service is now using the systemd’s
<literal>DynamicUser</literal> mechanism to run as an
unprivileged dynamically-allocated user with limited
capabilities. The dhcpd state files are now always stored in
<literal>/var/lib/dhcpd{4,6}</literal> and the
<literal>services.dhcpd4.stateDir</literal> and
<literal>service.dhcpd6.stateDir</literal> options have been
removed. If you were depending on root privileges or
set{uid,gid,cap} binaries in dhcpd shell hooks, you may give
dhcpd more capabilities with e.g.
<literal>systemd.services.dhcpd6.serviceConfig.AmbientCapabilities</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>mailpile</literal> email webclient
(<literal>services.mailpile</literal>) has been removed due to
its reliance on python2.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
(<literal>services.moinmoin</literal>) has been removed,
because Python 2 is being retired from nixpkgs.
</para>
</listitem>
<listitem>
<para>
The <literal>wafHook</literal> hook now honors
<literal>NIX_BUILD_CORES</literal> when
<literal>enableParallelBuilding</literal> is not set
explicitly. Packages can restore the old behaviour by setting
<literal>enableParallelBuilding=false</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.claws-mail-gtk2</literal>, representing Claws
Mail’s older release version three, was removed in order to
get rid of Python 2. Please switch to
<literal>claws-mail</literal>, which is Claws Mail’s latest
release based on GTK+3 and Python 3.
</para>
</listitem>
<listitem>
<para>
The <literal>writers.writePython2</literal> and corresponding
<literal>writers.writePython2Bin</literal> convenience
functions to create executable Python 2 scripts in the store
were removed in preparation of removal of the Python 2
interpreter. Scripts have to be converted to Python 3 for use
with <literal>writers.writePython3</literal> or
<literal>writers.writePyPy2</literal> needs to be used.
</para>
</listitem>
<listitem>
<para>
The <literal>gnome-passwordsafe</literal> package updated to
<link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version
6.x</link> and renamed to <literal>gnome-secrets</literal>.
</para>
</listitem>
<listitem>
<para>
If you previously used
<literal>/etc/docker/daemon.json</literal>, you need to
incorporate the changes into the new option
<literal>virtualisation.docker.daemon.settings</literal>.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in
<literal>services.wordpress</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.wordpress.sites</literal> instead.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in
<literal>services.dokuwiki</literal> to configure sites with
the old interface has been removed. Please use
<literal>services.dokuwiki.sites</literal> instead.
</para>
</listitem>
<listitem>
<para>
opensmtpd-extras is no longer build with python2 scripting
support due to python2 deprecation in nixpkgs
</para>
</listitem>
<listitem>
<para>
The <literal>autorestic</literal> package has been upgraded
from 1.3.0 to 1.5.0 which introduces breaking changes in
config file, check
<link xlink:href="https://autorestic.vercel.app/migration/1.4_1.5">their
migration guide</link> for more details.
</para>
</listitem>
<listitem>
<para>
For <literal>pkgs.python3.pkgs.ipython</literal>, its direct
dependency
<literal>pkgs.python3.pkgs.matplotlib-inline</literal> (which
is really an adapter to integrate matplotlib in ipython if it
is installed) does not depend on
<literal>pkgs.python3.pkgs.matplotlib</literal> anymore. This
is closer to a non-Nix install of ipython. This has the added
benefit to reduce the closure size of
<literal>ipython</literal> from ~400MB to ~160MB (including
~100MB for python itself).
</para>
</listitem>
<listitem>
<para>
<literal>documentation.man</literal> has been refactored to
support choosing a man implementation other than GNU’s
<literal>man-db</literal>. For this,
<literal>documentation.man.manualPages</literal> has been
renamed to
<literal>documentation.man.man-db.manualPages</literal>. If
you want to use the new alternative man implementation
<literal>mandoc</literal>, add
<literal>documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }</literal>
to your configuration.
</para>
</listitem>
<listitem>
<para>
Normal users (with <literal>isNormalUser = true</literal>)
which have non-empty <literal>subUidRanges</literal> or
<literal>subGidRanges</literal> set no longer have additional
implicit ranges allocated. To enable automatic allocation back
set <literal>autoSubUidGidRange = true</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>idris2</literal> now requires
<literal>--package</literal> when using packages
<literal>contrib</literal> and <literal>network</literal>,
while previously these idris2 packages were automatically
loaded.
</para>
</listitem>
<listitem>
<para>
The iputils package, which is installed by default, no longer
provides the legacy tools <literal>tftpd</literal> and
<literal>traceroute6</literal>. More tools
(<literal>ninfod</literal>, <literal>rarpd</literal>, and
<literal>rdisc</literal>) are going to be removed in the next
release. See
<link xlink:href="https://github.com/iputils/iputils/releases/tag/20211215">upstream’s
release notes</link> for more details and available
replacements.
</para>
</listitem>
<listitem>
<para>
<literal>services.thelounge.private</literal> was removed in
favor of <literal>services.thelounge.public</literal>, to
follow with upstream changes.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.docbookrx</literal> was removed since it’s
unmaintained
</para>
</listitem>
<listitem>
<para>
<literal>tilp2</literal> was removed together with its module
</para>
</listitem>
<listitem>
<para>
The options
<literal>networking.interfaces.<name>.ipv4.routes</literal>
and
<literal>networking.interfaces.<name>.ipv6.routes</literal>
are no longer ignored when using networkd instead of the
default scripted network backend by setting
<literal>networking.useNetworkd</literal> to
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
MultiMC has been replaced with the fork PolyMC due to upstream
developers being hostile to 3rd party package maintainers.
PolyMC removes all MultiMC branding and is aimed at providing
proper 3rd party packages like the one contained in Nixpkgs.
This change affects the data folder where game instances and
other save and configuration files are stored. Users with
existing installations should rename
<literal>~/.local/share/multimc</literal> to
<literal>~/.local/share/polymc</literal>. The main config
file’s path has also moved from
<literal>~/.local/share/multimc/multimc.cfg</literal> to
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
<listitem>
<para>
The terraform 0.12 compatibility has been removed and the
<literal>terraform.withPlugins</literal> and
<literal>terraform-providers.mkProvider</literal>
implementations simplified. Providers now need to be stored
under
<literal>$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version></literal>
(which mkProvider does).
</para>
<para>
This breaks back-compat so it’s not possible to mix-and-match
with previous versions of nixpkgs. In exchange, it now becomes
possible to use the providers from
<link xlink:href="https://github.com/numtide/nixpkgs-terraform-providers-bin">nixpkgs-terraform-providers-bin</link>
directly.
</para>
</listitem>
<listitem>
<para>
The existing <literal>pkgs.opentelemetry-collector</literal>
has been moved to
<literal>pkgs.opentelemetry-collector-contrib</literal> to
match the actual source being the <quote>contrib</quote>
edition. <literal>pkgs.opentelemetry-collector</literal> is
now the actual core release of opentelemetry-collector. If you
use the community contributions you should change the package
you refer to. If you don’t need them update your commands from
<literal>otelcontribcol</literal> to
<literal>otelcorecol</literal> and enjoy a 7x smaller binary.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
have different release schedules. To maintain compatibility
with prior releases of Nixpkgs,
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesn’t
include serif fonts.
</para>
</listitem>
<listitem>
<para>
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that don’t use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.cacheDir</literal> option has
been removed, since the cache directory is now handled by
systemd.
</para>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.extraConfig</literal> option
has been replaced by
<literal>services.bookstack.config</literal> which implements
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
<listitem>
<para>
<literal>lib.assertMsg</literal> and
<literal>lib.assertOneOf</literal> no longer return
<literal>false</literal> if the passed condition is
<literal>false</literal>, <literal>throw</literal>ing the
given error message instead (which makes the resulting error
message less cluttered). This will not impact the behaviour of
code using these functions as intended, namely as top-level
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
<link xlink:href="https://github.com/navarasu/onedark.nvim">navarasu/onedark.nvim</link>
(formerly refers to
<link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>).
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
The option
<link linkend="opt-services.redis.servers">services.redis.servers</link>
was added to support per-application
<literal>redis-server</literal> which is more secure since
Redis databases are only mere key prefixes without any
configuration or ACL of their own. Backward-compatibility is
preserved by mapping old
<literal>services.redis.settings</literal> to
<literal>services.redis.servers."".settings</literal>,
but you are strongly encouraged to name each
<literal>redis-server</literal> instance after the application
using it, instead of keeping that nameless one. Except for the
nameless
<literal>services.redis.servers.""</literal> still
accessible at <literal>127.0.0.1:6379</literal>, and to the
members of the Unix group <literal>redis</literal> through the
Unix socket <literal>/run/redis/redis.sock</literal>, all
other <literal>services.redis.servers.${serverName}</literal>
are only accessible by default to the members of the Unix
group <literal>redis-${serverName}</literal> through the Unix
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-virtualisation.vmVariant">virtualisation.vmVariant</link>
was added to allow users to make changes to the
<literal>nixos-rebuild build-vm</literal> configuration that
do not apply to their normal system.
</para>
<para>
The <literal>config.system.build.vm</literal> attribute now
always exists and defaults to the value from
<literal>vmVariant</literal>. Configurations that import the
<literal>virtualisation/qemu-vm.nix</literal> module
themselves will override this value, such that
<literal>vmVariant</literal> is not used.
</para>
<para>
Similarly
<link linkend="opt-virtualisation.vmVariantWithBootLoader">virtualisation.vmVariantWithBootloader</link>
was added.
</para>
</listitem>
<listitem>
<para>
The configuration portion of the <literal>nix-daemon</literal>
module has been reworked and exposed as
<link xlink:href="options.html#opt-nix-settings">nix.settings</link>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Legacy options have been mapped to the corresponding
options under under
<link xlink:href="options.html#opt-nix.settings">nix.settings</link>
but may be deprecated in the future.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-nix.buildMachines.publicHostKey">nix.buildMachines.publicHostKey</link>
has been added.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The
<literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal>
and corresponding
<literal>writers.writePyPy2Bin</literal>/<literal>writers.writePyPy3Bin</literal>
convenience functions to create executable Python 2/3 scripts
using the PyPy interpreter were added.
</para>
</listitem>
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = "1"</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
<listitem>
<para>
The <literal>influxdb2</literal> package was split into
<literal>influxdb2-server</literal> and
<literal>influxdb2-cli</literal>, matching the split that took
place upstream. A combined <literal>influxdb2</literal>
package is still provided in this release for backwards
compatibilty, but will be removed at a later date.
</para>
</listitem>
<listitem>
<para>
The <literal>services.unifi.openPorts</literal> option default
value of <literal>true</literal> is now deprecated and will be
changed to <literal>false</literal> in 22.11. Configurations
using this default will print a warning when rebuilt.
</para>
</listitem>
<listitem>
<para>
<literal>security.acme</literal> certificates will now
correctly check for CA revokation before reaching their
minimum age.
</para>
</listitem>
<listitem>
<para>
Removing domains from
<literal>security.acme.certs._name_.extraDomainNames</literal>
will now correctly remove those domains during rebuild/renew.
</para>
</listitem>
<listitem>
<para>
MariaDB is now offered in several versions, not just the
newest one. So if you have a need for running MariaDB 10.4 for
example, you can now just set
<literal>services.mysql.package = pkgs.mariadb_104;</literal>.
In general, it is recommended to run the newest version, to
get the newest features, while sticking with an LTS version
will most likely provide a more stable experience. Sometimes
software is also incompatible with the newest version of
MariaDB.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy
usage in non-X11 environments, e.g. Wayland.
</para>
</listitem>
<listitem>
<para>
<link linkend="opt-programs.ssh.knownHosts">programs.ssh.knownHosts</link>
has gained an <literal>extraHostNames</literal> option to
replace <literal>hostNames</literal>.
<literal>hostNames</literal> is deprecated, but still
available for now.
</para>
</listitem>
<listitem>
<para>
The <literal>services.stubby</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
<listitem>
<para>
The option <literal>services.duplicati.dataDir</literal> has
been added to allow changing the location of duplicati’s
files.
</para>
</listitem>
<listitem>
<para>
A new option
<literal>boot.initrd.extraModprobeConfig</literal> has been
added which can be used to configure kernel modules that are
loaded in the initrd.
</para>
</listitem>
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
repositories recursively using <literal>fetchgit</literal> or
<literal>fetchhg</literal> if the argument
<literal>fetchSubmodules</literal> is set to
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The option <literal>services.thelounge.plugins</literal> has
been added to allow installing plugins for The Lounge. Plugins
can be found in
<literal>pkgs.theLoungePlugins.plugins</literal> and
<literal>pkgs.theLoungePlugins.themes</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>firmwareLinuxNonfree</literal> package has been
renamed to <literal>linux-firmware</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> configuration.
</para>
</listitem>
<listitem>
<para>
The default value for
<literal>programs.spacefm.settings.graphical_su</literal> got
unset. It previously pointed to <literal>gksu</literal> which
has been removed.
</para>
</listitem>
<listitem>
<para>
A new module was added for the
<link xlink:href="https://starship.rs/">Starship</link> shell
prompt, providing the options
<literal>programs.starship.enable</literal> and
<literal>programs.starship.settings</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
0.4.0 to 0.5:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The RPC protocol version was bumped; all zrepl daemons in
a setup must be updated and restarted before replication
can resume.
</para>
</listitem>
<listitem>
<para>
A bug involving encrypt-on-receive has been fixed. Read
the
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
documentation</link> and check the output of
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
on the receiver.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Renamed option
<literal>services.openssh.challengeResponseAuthentication</literal>
to
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a
warning.
</para>
</listitem>
<listitem>
<para>
<literal>programs.tmux</literal> has a new option
<literal>plugins</literal> that accepts a list of packages
from the <literal>tmuxPlugins</literal> group. The specified
packages are added to the system and loaded by
<literal>tmux</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>