diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2105.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2105.section.xml | 1565 |
1 files changed, 1565 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml new file mode 100644 index 00000000000..e043bee7761 --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-2105.section.xml @@ -0,0 +1,1565 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.05"> + <title>Release 21.05 (<quote>Okapi</quote>, 2021.05/31)</title> + <para> + Support is planned until the end of December 2021, handing over to + 21.11. + </para> + <section xml:id="sec-release-21.05-highlights"> + <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> + <itemizedlist> + <listitem> + <para> + Core version changes: + </para> + <itemizedlist> + <listitem> + <para> + gcc: 9.3.0 -> 10.3.0 + </para> + </listitem> + <listitem> + <para> + glibc: 2.30 -> 2.32 + </para> + </listitem> + <listitem> + <para> + default linux: 5.4 -> 5.10, all supported kernels + available + </para> + </listitem> + <listitem> + <para> + mesa: 20.1.7 -> 21.0.1 + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + Desktop Environments: + </para> + <itemizedlist> + <listitem> + <para> + GNOME: 3.36 -> 40, see its + <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release + notes</link> + </para> + </listitem> + <listitem> + <para> + Plasma5: 5.18.5 -> 5.21.3 + </para> + </listitem> + <listitem> + <para> + kdeApplications: 20.08.1 -> 20.12.3 + </para> + </listitem> + <listitem> + <para> + cinnamon: 4.6 -> 4.8.1 + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + Programming Languages and Frameworks: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + Python optimizations were disabled again. Builds with + optimizations enabled are not reproducible. Optimizations + can now be enabled with an option. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The linux_latest kernel was updated to the 5.12 series. It + currently is not officially supported for use with the zfs + filesystem. If you use zfs, you should use a different kernel + version (either the LTS kernel, or track a specific one). + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-21.05-new-services"> + <title>New Services</title> + <para> + The following new services were added since the last release: + </para> + <itemizedlist> + <listitem> + <para> + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> + 3.8 was + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> + packaged, along with a rewrite to the Nix expressions, + allowing users to override the features upstream supports + selecting to compile or not to. Additionally, the attribute + <literal>gnuradio</literal> and <literal>gnuradio3_7</literal> + now point to an externally wrapped by default derivations, + that allow you to also add `extraPythonPackages` to the Python + interpreter used by GNURadio. Missing environmental variables + needed for operational GUI were also added + (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.keycloak.org/">Keycloak</link>, + an open source identity and access management server with + support for + <link xlink:href="https://openid.net/connect/">OpenID + Connect</link>, <link xlink:href="https://oauth.net/2/">OAUTH + 2.0</link> and + <link xlink:href="https://en.wikipedia.org/wiki/SAML_2.0">SAML + 2.0</link>. + </para> + <para> + See the <link linkend="module-services-keycloak">Keycloak + section of the NixOS manual</link> for more information. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.samba-wsdd.enable">services.samba-wsdd.enable</link> + Web Services Dynamic Discovery host daemon + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.discourse.org/">Discourse</link>, + a modern and open source discussion platform. + </para> + <para> + See the <link linkend="module-services-discourse">Discourse + section of the NixOS manual</link> for more information. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.nebula.networks">services.nebula.networks</link> + <link xlink:href="https://github.com/slackhq/nebula">Nebula + VPN</link> + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-21.05-incompatibilities"> + <title>Backward Incompatibilities</title> + <para> + When upgrading from a previous release, please be aware of the + following incompatible changes: + </para> + <itemizedlist> + <listitem> + <para> + GNOME desktop environment was upgraded to 40, see the release + notes for + <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> + and + <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. + The <literal>gnome3</literal> attribute set has been renamed + to <literal>gnome</literal> and so have been the NixOS + options. + </para> + </listitem> + <listitem> + <para> + If you are using <literal>services.udev.extraRules</literal> + to assign custom names to network interfaces, this may stop + working due to a change in the initialisation of dhcpcd and + systemd networkd. To avoid this, either move them to + <literal>services.udev.initrdRules</literal> or see the new + <link linkend="sec-custom-ifnames">Assigning custom + names</link> section of the NixOS manual for an example using + networkd links. + </para> + </listitem> + <listitem> + <para> + The <literal>security.hideProcessInformation</literal> module + has been removed. It was broken since the switch to + cgroups-v2. + </para> + </listitem> + <listitem> + <para> + The <literal>linuxPackages.ati_drivers_x11</literal> kernel + modules have been removed. The drivers only supported kernels + prior to 4.2, and thus have become obsolete. + </para> + </listitem> + <listitem> + <para> + The <literal>systemConfig</literal> kernel parameter is no + longer added to boot loader entries. It has been unused since + September 2010, but if do have a system generation from that + era, you will now be unable to boot into them. + </para> + </listitem> + <listitem> + <para> + <literal>systemd-journal2gelf</literal> no longer parses json + and expects the receiving system to handle it. How to achieve + this with Graylog is described in this + <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub + issue</link>. + </para> + </listitem> + <listitem> + <para> + If the <literal>services.dbus</literal> module is enabled, + then the user D-Bus session is now always socket activated. + The associated options + <literal>services.dbus.socketActivated</literal> and + <literal>services.xserver.startDbusSession</literal> have + therefore been removed and you will receive a warning if they + are present in your configuration. This change makes the user + D-Bus session available also for non-graphical logins. + </para> + </listitem> + <listitem> + <para> + The <literal>networking.wireless.iwd</literal> module now + installs the upstream-provided 80-iwd.link file, which sets + the NamePolicy= for all wlan devices to "keep + kernel", to avoid race conditions between iwd and + networkd. If you don't want this, you can set + <literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>rubyMinimal</literal> was removed due to being unused + and unusable. The default ruby interpreter includes JIT + support, which makes it reference it's compiler. Since JIT + support is probably needed by some Gems, it was decided to + enable this feature with all cc references by default, and + allow to build a Ruby derivation without references to cc, by + setting <literal>jitSupport = false;</literal> in an overlay. + See + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link> + for more info. + </para> + </listitem> + <listitem> + <para> + Setting + <literal>services.openssh.authorizedKeysFiles</literal> now + also affects which keys + <literal>security.pam.enableSSHAgentAuth</literal> will use. + WARNING: If you are using these options in combination do make + sure that any key paths you use are present in + <literal>services.openssh.authorizedKeysFiles</literal>! + </para> + </listitem> + <listitem> + <para> + The option <literal>fonts.enableFontDir</literal> has been + renamed to + <link xlink:href="options.html#opt-fonts.fontDir.enable">fonts.fontDir.enable</link>. + The path of font directory has also been changed to + <literal>/run/current-system/sw/share/X11/fonts</literal>, for + consistency with other X11 resources. + </para> + </listitem> + <listitem> + <para> + A number of options have been renamed in the kicad interface. + <literal>oceSupport</literal> has been renamed to + <literal>withOCE</literal>, <literal>withOCCT</literal> has + been renamed to <literal>withOCC</literal>, + <literal>ngspiceSupport</literal> has been renamed to + <literal>withNgspice</literal>, and + <literal>scriptingSupport</literal> has been renamed to + <literal>withScripting</literal>. Additionally, + <literal>kicad/base.nix</literal> no longer provides default + argument values since these are provided by + <literal>kicad/default.nix</literal>. + </para> + </listitem> + <listitem> + <para> + The socket for the <literal>pdns-recursor</literal> module was + moved from <literal>/var/lib/pdns-recursor</literal> to + <literal>/run/pdns-recursor</literal> to match upstream. + </para> + </listitem> + <listitem> + <para> + Paperwork was updated to version 2. The on-disk format + slightly changed, and it is not possible to downgrade from + Paperwork 2 back to Paperwork 1.3. Back your documents up + before upgrading. See + <link xlink:href="https://forum.openpaper.work/t/paperwork-2-0/112/5">this + thread</link> for more details. + </para> + </listitem> + <listitem> + <para> + PowerDNS has been updated from <literal>4.2.x</literal> to + <literal>4.3.x</literal>. Please be sure to review the + <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade + Notes</link> provided by upstream before upgrading. Worth + specifically noting is that the service now runs entirely as a + dedicated <literal>pdns</literal> user, instead of starting as + <literal>root</literal> and dropping privileges, as well as + the default <literal>socket-dir</literal> location changing + from <literal>/var/lib/powerdns</literal> to + <literal>/run/pdns</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>mediatomb</literal> service is now using by + default the new and maintained fork <literal>gerbera</literal> + package instead of the unmaintained + <literal>mediatomb</literal> package. If you want to keep the + old behavior, you must declare it with: + </para> + <programlisting language="bash"> +{ + services.mediatomb.package = pkgs.mediatomb; +} +</programlisting> + <para> + One new option <literal>openFirewall</literal> has been + introduced which defaults to false. If you relied on the + service declaration to add the firewall rules itself before, + you should now declare it with: + </para> + <programlisting language="bash"> +{ + services.mediatomb.openFirewall = true; +} +</programlisting> + </listitem> + <listitem> + <para> + xfsprogs was update from 4.19 to 5.11. It now enables reflink + support by default on filesystem creation. Support for + reflinks was added with an experimental status to kernel 4.9 + and deemed stable in kernel 4.16. If you want to be able to + mount XFS filesystems created with this release of xfsprogs on + kernel releases older than those, you need to format them with + <literal>mkfs.xfs -m reflink=0</literal>. + </para> + </listitem> + <listitem> + <para> + The uWSGI server is now built with POSIX capabilities. As a + consequence, root is no longer required in emperor mode and + the service defaults to running as the unprivileged + <literal>uwsgi</literal> user. Any additional capability can + be added via the new option + <link xlink:href="options.html#opt-services.uwsgi.capabilities">services.uwsgi.capabilities</link>. + The previous behaviour can be restored by setting: + </para> + <programlisting language="bash"> +{ + services.uwsgi.user = "root"; + services.uwsgi.group = "root"; + services.uwsgi.instance = + { + uid = "uwsgi"; + gid = "uwsgi"; + }; +} +</programlisting> + <para> + Another incompatibility from the previous release is that + vassals running under a different user or group need to use + <literal>immediate-{uid,gid}</literal> instead of the usual + <literal>uid,gid</literal> options. + </para> + </listitem> + <listitem> + <para> + btc1 has been abandoned upstream, and removed. + </para> + </listitem> + <listitem> + <para> + cpp_ethereum (aleth) has been abandoned upstream, and removed. + </para> + </listitem> + <listitem> + <para> + riak-cs package removed along with + <literal>services.riak-cs</literal> module. + </para> + </listitem> + <listitem> + <para> + stanchion package removed along with + <literal>services.stanchion</literal> module. + </para> + </listitem> + <listitem> + <para> + mutt has been updated to a new major version (2.x), which + comes with some backward incompatible changes that are + described in the + <link xlink:href="http://www.mutt.org/relnotes/2.0/">release + notes for Mutt 2.0</link>. + </para> + </listitem> + <listitem> + <para> + <literal>vim</literal> and <literal>neovim</literal> switched + to Python 3, dropping all Python 2 support. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>, + which is off by default, had a <literal>chmod</literal> race + condition fixed. As an aside, the parent directory's + permissions were widened, and the key files were made + owner-writable. This only affects newly created keys. However, + if the exact permissions are important for your setup, read + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link> + previously did nothing, but has been fixed. However its + default has been changed to <literal>false</literal> to + preserve the existing default behaviour. If you have this + explicitly set to <literal>true</literal>, please note that + your non-root pools will now be forcibly imported. + </para> + </listitem> + <listitem> + <para> + openafs now points to openafs_1_8, which is the new stable + release. OpenAFS 1.6 was removed. + </para> + </listitem> + <listitem> + <para> + The WireGuard module gained a new option + <literal>networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds</literal> + that implements refreshing the IP of DNS-based endpoints + periodically (which WireGuard itself + <link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot + do</link>). + </para> + </listitem> + <listitem> + <para> + MariaDB has been updated to 10.5. Before you upgrade, it would + be best to take a backup of your database and read + <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105"> + Incompatible Changes Between 10.4 and 10.5</link>. After the + upgrade you will need to run <literal>mysql_upgrade</literal>. + </para> + </listitem> + <listitem> + <para> + The TokuDB storage engine dropped in mariadb 10.5 and removed + in mariadb 10.6. It is recommended to switch to RocksDB. See + also + <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> + and + <link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: + Remove the TokuDB storage engine</link>. + </para> + </listitem> + <listitem> + <para> + The <literal>openldap</literal> module now has support for + OLC-style configuration, users of the + <literal>configDir</literal> option may wish to migrate. If + you continue to use <literal>configDir</literal>, ensure that + <literal>olcPidFile</literal> is set to + <literal>/run/slapd/slapd.pid</literal>. + </para> + <para> + As a result, <literal>extraConfig</literal> and + <literal>extraDatabaseConfig</literal> are removed. To help + with migration, you can convert your + <literal>slapd.conf</literal> file to OLC configuration with + the following script (find the location of this configuration + file by running <literal>systemctl status openldap</literal>, + it is the <literal>-f</literal> option. + </para> + <programlisting> +$ TMPDIR=$(mktemp -d) +$ slaptest -f /path/to/slapd.conf -F $TMPDIR +$ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' +</programlisting> + <para> + This will dump your current configuration in LDIF format, + which should be straightforward to convert into Nix settings. + This does not show your schema configuration, as this is + unnecessarily verbose for users of the default schemas and + <literal>slaptest</literal> is buggy with schemas directly in + the config file. + </para> + </listitem> + <listitem> + <para> + Amazon EC2 and OpenStack Compute (nova) images now re-fetch + instance meta data and user data from the instance metadata + service (IMDS) on each boot. For example: stopping an EC2 + instance, changing its user data, and restarting the instance + will now cause it to fetch and apply the new user data. + </para> + <warning> + <para> + Specifically, <literal>/etc/ec2-metadata</literal> is + re-populated on each boot. Some NixOS scripts that read from + this directory are guarded to only run if the files they + want to manipulate do not already exist, and so will not + re-apply their changes if the IMDS response changes. + Examples: <literal>root</literal>'s SSH key is only added if + <literal>/root/.ssh/authorized_keys</literal> does not + exist, and SSH host keys are only set from user data if they + do not exist in <literal>/etc/ssh</literal>. + </para> + </warning> + </listitem> + <listitem> + <para> + The <literal>rspamd</literal> services is now sandboxed. It is + run as a dynamic user instead of root, so secrets and other + files may have to be moved or their permissions may have to be + fixed. The sockets are now located in + <literal>/run/rspamd</literal> instead of + <literal>/run</literal>. + </para> + </listitem> + <listitem> + <para> + Enabling the Tor client no longer silently also enables and + configures Privoxy, and the + <literal>services.tor.client.privoxy.enable</literal> option + has been removed. To enable Privoxy, and to configure it to + use Tor's faster port, use the following configuration: + </para> + <programlisting language="bash"> +{ + opt-services.privoxy.enable = true; + opt-services.privoxy.enableTor = true; +} +</programlisting> + </listitem> + <listitem> + <para> + The <literal>services.tor</literal> module has a new + exhaustively typed + <link xlink:href="options.html#opt-services.tor.settings">services.tor.settings</link> + option following RFC 0042; backward compatibility with old + options has been preserved when aliasing was possible. The + corresponding systemd service has been hardened, but there is + a chance that the service still requires more permissions, so + please report any related trouble on the bugtracker. Onion + services v3 are now supported in + <link xlink:href="options.html#opt-services.tor.relay.onionServices">services.tor.relay.onionServices</link>. + A new + <link xlink:href="options.html#opt-services.tor.openFirewall">services.tor.openFirewall</link> + option as been introduced for allowing connections on all the + TCP ports configured. + </para> + </listitem> + <listitem> + <para> + The options + <literal>services.slurm.dbdserver.storagePass</literal> and + <literal>services.slurm.dbdserver.configFile</literal> have + been removed. Use + <literal>services.slurm.dbdserver.storagePassFile</literal> + instead to provide the database password. Extra config options + can be given via the option + <literal>services.slurm.dbdserver.extraConfig</literal>. The + actual configuration file is created on the fly on startup of + the service. This avoids that the password gets exposed in the + nix store. + </para> + </listitem> + <listitem> + <para> + The <literal>wafHook</literal> hook does not wrap Python + anymore. Packages depending on <literal>wafHook</literal> need + to include any Python into their + <literal>nativeBuildInputs</literal>. + </para> + </listitem> + <listitem> + <para> + Starting with version 1.7.0, the project formerly named + <literal>CodiMD</literal> is now named + <literal>HedgeDoc</literal>. New installations will no longer + use the old name for users, state directories and such, this + needs to be considered when moving state to a more recent + NixOS installation. Based on + <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>, + existing installations will continue to work. + </para> + </listitem> + <listitem> + <para> + The fish-foreign-env package has been replaced with + fishPlugins.foreign-env, in which the fish functions have been + relocated to the <literal>vendor_functions.d</literal> + directory to be loaded automatically. + </para> + </listitem> + <listitem> + <para> + The prometheus json exporter is now managed by the prometheus + community. Together with additional features some backwards + incompatibilities were introduced. Most importantly the + exporter no longer accepts a fixed command-line parameter to + specify the URL of the endpoint serving JSON. It now expects + this URL to be passed as an URL parameter, when scraping the + exporter's <literal>/probe</literal> endpoint. In the + prometheus scrape configuration the scrape target might look + like this: + </para> + <programlisting> +http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint +</programlisting> + <para> + Existing configuration for the exporter needs to be updated, + but can partially be re-used. Documentation is available in + the upstream repository and a small example for NixOS is + available in the corresponding NixOS test. + </para> + <para> + These changes also affect + <link xlink:href="options.html#opt-services.prometheus.exporters.rspamd.enable">services.prometheus.exporters.rspamd.enable</link>, + which is just a preconfigured instance of the json exporter. + </para> + <para> + For more information, take a look at the + <link xlink:href="https://github.com/prometheus-community/json_exporter"> + official documentation</link> of the json_exporter. + </para> + </listitem> + <listitem> + <para> + Androidenv was updated, removing the + <literal>includeDocs</literal> and + <literal>lldbVersions</literal> arguments. Docs only covered a + single version of the Android SDK, LLDB is now bundled with + the NDK, and both are no longer available to download from the + Android package repositories. Additionally, since the package + lists have been updated, some older versions of Android + packages may not be bundled. If you depend on older versions + of Android packages, we recommend overriding the repo. + </para> + <para> + Android packages are now loaded from a repo.json file created + by parsing Android repo XML files. The arguments + <literal>repoJson</literal> and <literal>repoXmls</literal> + have been added to allow overriding the built-in androidenv + repo.json with your own. Additionally, license files are now + written to allow compatibility with Gradle-based tools, and + the <literal>extraLicenses</literal> argument has been added + to accept more SDK licenses if your project requires it. See + the androidenv documentation for more details. + </para> + </listitem> + <listitem> + <para> + The attribute <literal>mpi</literal> is now consistently used + to provide a default, system-wide MPI implementation. The + default implementation is openmpi, which has been used before + by all derivations affects by this change. Note that all + packages that have used <literal>mpi ? null</literal> in the + input for optional MPI builds, have been changed to the + boolean input paramater <literal>useMpi</literal> to enable + building with MPI. Building all packages with + <literal>mpich</literal> instead of the default + <literal>openmpi</literal> can now be achived like this: + </para> + <programlisting language="bash"> +self: super: +{ + mpi = super.mpich; +} +</programlisting> + </listitem> + <listitem> + <para> + The Searx module has been updated with the ability to + configure the service declaratively and uWSGI integration. The + option <literal>services.searx.configFile</literal> has been + renamed to + <link xlink:href="options.html#opt-services.searx.settingsFile">services.searx.settingsFile</link> + for consistency with the new + <link xlink:href="options.html#opt-services.searx.settings">services.searx.settings</link>. + In addition, the <literal>searx</literal> uid and gid + reservations have been removed since they were not necessary: + the service is now running with a dynamically allocated uid. + </para> + </listitem> + <listitem> + <para> + The libinput module has been updated with the ability to + configure mouse and touchpad settings separately. The options + in <literal>services.xserver.libinput</literal> have been + renamed to + <literal>services.xserver.libinput.touchpad</literal>, while + there is a new + <literal>services.xserver.libinput.mouse</literal> for mouse + related configuration. + </para> + <para> + Since touchpad options no longer apply to all devices, you may + want to replicate your touchpad configuration in mouse + section. + </para> + </listitem> + <listitem> + <para> + ALSA OSS emulation + (<literal>sound.enableOSSEmulation</literal>) is now disabled + by default. + </para> + </listitem> + <listitem> + <para> + Thinkfan as been updated to <literal>1.2.x</literal>, which + comes with a new YAML based configuration format. For this + reason, several NixOS options of the thinkfan module have been + changed to non-backward compatible types. In addition, a new + <link xlink:href="options.html#opt-services.thinkfan.settings">services.thinkfan.settings</link> + option has been added. + </para> + <para> + Please read the + <link xlink:href="https://github.com/vmatare/thinkfan#readme"> + thinkfan documentation</link> before updating. + </para> + </listitem> + <listitem> + <para> + Adobe Flash Player support has been dropped from the tree. In + particular, the following packages no longer support it: + </para> + <itemizedlist> + <listitem> + <para> + chromium + </para> + </listitem> + <listitem> + <para> + firefox + </para> + </listitem> + <listitem> + <para> + qt48 + </para> + </listitem> + <listitem> + <para> + qt5.qtwebkit + </para> + </listitem> + </itemizedlist> + <para> + Additionally, packages flashplayer and hal-flash were removed + along with the <literal>services.flashpolicyd</literal> + module. + </para> + </listitem> + <listitem> + <para> + The <literal>security.rngd</literal> module has been removed. + It was disabled by default in 20.09 as it was functionally + redundant with krngd in the linux kernel. It is not necessary + for any device that the kernel recognises as an hardware RNG, + as it will automatically run the krngd task to periodically + collect random data from the device and mix it into the + kernel's RNG. + </para> + <para> + The default SMTP port for GitLab has been changed to + <literal>25</literal> from its previous default of + <literal>465</literal>. If you depended on this default, you + should now set the + <link xlink:href="options.html#opt-services.gitlab.smtp.port">services.gitlab.smtp.port</link> + option. + </para> + </listitem> + <listitem> + <para> + The default version of ImageMagick has been updated from 6 to + 7. You can use imagemagick6, imagemagick6_light, and + imagemagick6Big if you need the older version. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.xserver.videoDrivers">services.xserver.videoDrivers</link> + no longer uses the deprecated <literal>cirrus</literal> and + <literal>vesa</literal> device dependent X drivers by default. + It also enables both <literal>amdgpu</literal> and + <literal>nouveau</literal> drivers by default now. + </para> + </listitem> + <listitem> + <para> + The <literal>kindlegen</literal> package is gone, because it + is no longer supported or hosted by Amazon. Sadly, its + replacement, Kindle Previewer, has no Linux support. However, + there are other ways to generate MOBI files. See + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/96439">the + discussion</link> for more info. + </para> + </listitem> + <listitem> + <para> + The apacheKafka packages are now built with version-matched + JREs. Versions 2.6 and above, the ones that recommend it, use + jdk11, while versions below remain on jdk8. The NixOS service + has been adjusted to start the service using the same version + as the package, adjustable with the new + <link xlink:href="options.html#opt-services.apache-kafka.jre">services.apache-kafka.jre</link> + option. Furthermore, the default list of + <link xlink:href="options.html#opt-services.apache-kafka.jvmOptions">services.apache-kafka.jvmOptions</link> + have been removed. You should set your own according to the + <link xlink:href="https://kafka.apache.org/documentation/#java">upstream + documentation</link> for your Kafka version. + </para> + </listitem> + <listitem> + <para> + The kodi package has been modified to allow concise addon + management. Consider the following configuration from previous + releases of NixOS to install kodi, including the + kodiPackages.inputstream-adaptive and kodiPackages.vfs-sftp + addons: + </para> + <programlisting language="bash"> +{ + environment.systemPackages = [ + pkgs.kodi + ]; + + nixpkgs.config.kodi = { + enableInputStreamAdaptive = true; + enableVFSSFTP = true; + }; +} +</programlisting> + <para> + All Kodi <literal>config</literal> flags have been removed, + and as a result the above configuration should now be written + as: + </para> + <programlisting language="bash"> +{ + environment.systemPackages = [ + (pkgs.kodi.withPackages (p: with p; [ + inputstream-adaptive + vfs-sftp + ])) + ]; +} +</programlisting> + </listitem> + <listitem> + <para> + <literal>environment.defaultPackages</literal> now includes + the nano package. If pkgs.nano is not added to the list, make + sure another editor is installed and the + <literal>EDITOR</literal> environment variable is set to it. + Environment variables can be set using + <literal>environment.variables</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>services.minio.dataDir</literal> changed type to a + list of paths, required for specifiyng multiple data + directories for using with erasure coding. Currently, the + service doesn't enforce nor checks the correct number of paths + to correspond to minio requirements. + </para> + </listitem> + <listitem> + <para> + All CUDA toolkit versions prior to CUDA 10 have been removed. + </para> + </listitem> + <listitem> + <para> + The kbdKeymaps package was removed since dvp and neo are now + included in kbd. If you want to use the Programmer Dvorak + Keyboard Layout, you have to use + <literal>dvorak-programmer</literal> in + <literal>console.keyMap</literal> now instead of + <literal>dvp</literal>. In + <literal>services.xserver.xkbVariant</literal> it's still + <literal>dvp</literal>. + </para> + </listitem> + <listitem> + <para> + The babeld service is now being run as an unprivileged user. + To achieve that the module configures + <literal>skip-kernel-setup true</literal> and takes care of + setting forwarding and rp_filter sysctls by itself as well as + for each interface in + <literal>services.babeld.interfaces</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>services.zigbee2mqtt.config</literal> option has + been renamed to + <literal>services.zigbee2mqtt.settings</literal> and now + follows + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link>. + </para> + </listitem> + </itemizedlist> + <para> + The yadm dotfile manager has been updated from 2.x to 3.x, which + has new (XDG) default locations for some data/state files. Most + yadm commands will fail and print a legacy path warning (which + describes how to upgrade/migrate your repository). If you have + scripts, daemons, scheduled jobs, shell profiles, etc. that invoke + yadm, expect them to fail or misbehave until you perform this + migration and prepare accordingly. + </para> + <itemizedlist> + <listitem> + <para> + Instead of determining + <literal>services.radicale.package</literal> automatically + based on <literal>system.stateVersion</literal>, the latest + version is always used because old versions are not officially + supported. + </para> + <para> + Furthermore, Radicale's systemd unit was hardened which might + break some deployments. In particular, a non-default + <literal>filesystem_folder</literal> has to be added to + <literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal> + if the deprecated <literal>services.radicale.config</literal> + is used. + </para> + </listitem> + <listitem> + <para> + In the <literal>security.acme</literal> module, use of + <literal>--reuse-key</literal> parameter for Lego has been + removed. It was introduced for HKPK, but this security feature + is now deprecated. It is a better security practice to rotate + key pairs instead of always keeping the same. If you need to + keep this parameter, you can add it back using + <literal>extraLegoRenewFlags</literal> as an option for the + appropriate certificate. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-21.05-notable-changes"> + <title>Other Notable Changes</title> + <itemizedlist> + <listitem> + <para> + <literal>stdenv.lib</literal> has been deprecated and will + break eval in 21.11. Please use <literal>pkgs.lib</literal> + instead. See + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/108938">#108938</link> + for details. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> + has a <literal>pkgs</literal> attribute set, and there's a + <literal>gnuradio.callPackage</literal> function that extends + <literal>pkgs</literal> with a + <literal>mkDerivation</literal>, and a + <literal>mkDerivationWith</literal>, like Qt5. Now all + <literal>gnuradio.pkgs</literal> are defined with + <literal>gnuradio.callPackage</literal> and some packages that + depend on gnuradio are defined with this as well. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.privoxy.org/">Privoxy</link> has + been updated to version 3.0.32 (See + <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). + Compared to the previous release, Privoxy has gained support + for HTTPS inspection (still experimental), Brotli + decompression, several new filters and lots of bug fixes, + including security ones. In addition, the package is now built + with compression and external filters support, which were + previously disabled. + </para> + <para> + Regarding the NixOS module, new options for HTTPS inspection + have been added and + <literal>services.privoxy.extraConfig</literal> has been + replaced by the new + <link xlink:href="options.html#opt-services.privoxy.settings">services.privoxy.settings</link> + (See + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link> for the motivation). + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://kodi.tv/">Kodi</link> has been + updated to version 19.1 "Matrix". See the + <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> + for further details. + </para> + </listitem> + <listitem> + <para> + The <literal>services.packagekit.backend</literal> option has + been removed as it only supported a single setting which would + always be the default. Instead new + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link> compliant + <link xlink:href="options.html#opt-services.packagekit.settings">services.packagekit.settings</link> + and + <link xlink:href="options.html#opt-services.packagekit.vendorSettings">services.packagekit.vendorSettings</link> + options have been introduced. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://nginx.org">Nginx</link> has been + updated to stable version 1.20.0. Now nginx uses the zlib-ng + library by default. + </para> + </listitem> + <listitem> + <para> + KDE Gear (formerly KDE Applications) is upgraded to 21.04, see + its + <link xlink:href="https://kde.org/announcements/gear/21.04/">release + notes</link> for details. + </para> + <para> + The <literal>kdeApplications</literal> package set is now + <literal>kdeGear</literal>, in keeping with the new name. The + old name remains for compatibility, but it is deprecated. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://libreswan.org/">Libreswan</link> has + been updated to version 4.4. The package now includes example + configurations and manual pages by default. The NixOS module + has been changed to use the upstream systemd units and write + the configuration in the <literal>/etc/ipsec.d/ </literal> + directory. In addition, two new options have been added to + specify connection policies + (<link xlink:href="options.html#opt-services.libreswan.policies">services.libreswan.policies</link>) + and disable send/receive redirects + (<link xlink:href="options.html#opt-services.libreswan.disableRedirects">services.libreswan.disableRedirects</link>). + </para> + </listitem> + <listitem> + <para> + The Mailman NixOS module (<literal>services.mailman</literal>) + has a new option + <link xlink:href="options.html#opt-services.mailman.enablePostfix">services.mailman.enablePostfix</link>, + defaulting to true, that controls integration with Postfix. + </para> + <para> + If this option is disabled, default MTA config becomes not set + and you should set the options in + <literal>services.mailman.settings.mta</literal> according to + the desired configuration as described in + <link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman + documentation</link>. + </para> + </listitem> + <listitem> + <para> + The default-version of <literal>nextcloud</literal> is + nextcloud21. Please note that it's <emphasis>not</emphasis> + possible to upgrade <literal>nextcloud</literal> across + multiple major versions! This means that it's e.g. not + possible to upgrade from nextcloud18 to nextcloud20 in a + single deploy and most <literal>20.09</literal> users will + have to upgrade to nextcloud20 first. + </para> + <para> + The package can be manually upgraded by setting + <link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link> + to nextcloud21. + </para> + </listitem> + <listitem> + <para> + The setting + <link xlink:href="options.html#opt-services.redis.bind">services.redis.bind</link> + defaults to <literal>127.0.0.1</literal> now, making Redis + listen on the loopback interface only, and not all public + network interfaces. + </para> + </listitem> + <listitem> + <para> + NixOS now emits a deprecation warning if systemd's + <literal>StartLimitInterval</literal> setting is used in a + <literal>serviceConfig</literal> section instead of in a + <literal>unitConfig</literal>; that setting is deprecated and + now undocumented for the service section by systemd upstream, + but still effective and somewhat buggy there, which can be + confusing. See + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> + for details. + </para> + <para> + All services should use + <link xlink:href="options.html#opt-systemd.services._name_.startLimitIntervalSec">systemd.services.<emphasis>name</emphasis>.startLimitIntervalSec</link> + or <literal>StartLimitIntervalSec</literal> in + <link xlink:href="options.html#opt-systemd.services._name_.unitConfig">systemd.services.<emphasis>name</emphasis>.unitConfig</link> + instead. + </para> + </listitem> + <listitem> + <para> + The <literal>mediatomb</literal> service declares new options. + It also adapts existing options so the configuration + generation is now lazy. The existing option + <literal>customCfg</literal> (defaults to false), when + enabled, stops the service configuration generation + completely. It then expects the users to provide their own + correct configuration at the right location (whereas the + configuration was generated and not used at all before). The + new option <literal>transcodingOption</literal> (defaults to + no) allows a generated configuration. It makes the mediatomb + service pulls the necessary runtime dependencies in the nix + store (whereas it was generated with hardcoded values before). + The new option <literal>mediaDirectories</literal> allows the + users to declare autoscan media directories from their nixos + configuration: + </para> + <programlisting language="bash"> +{ + services.mediatomb.mediaDirectories = [ + { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } + { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } + ]; +} +</programlisting> + </listitem> + <listitem> + <para> + The Unbound DNS resolver service + (<literal>services.unbound</literal>) has been refactored to + allow reloading, control sockets and to fix startup ordering + issues. + </para> + <para> + It is now possible to enable a local UNIX control socket for + unbound by setting the + <link xlink:href="options.html#opt-services.unbound.localControlSocketPath">services.unbound.localControlSocketPath</link> + option. + </para> + <para> + Previously we just applied a very minimal set of restrictions + and trusted unbound to properly drop root privs and + capabilities. + </para> + <para> + As of this we are (for the most part) just using the upstream + example unit file for unbound. The main difference is that we + start unbound as <literal>unbound</literal> user with the + required capabilities instead of letting unbound do the chroot + & uid/gid changes. + </para> + <para> + The upstream unit configuration this is based on is a lot + stricter with all kinds of permissions then our previous + variant. It also came with the default of having the + <literal>Type</literal> set to <literal>notify</literal>, + therefore we are now also using the + <literal>unbound-with-systemd</literal> package here. Unbound + will start up, read the configuration files and start + listening on the configured ports before systemd will declare + the unit <literal>active (running)</literal>. This will likely + help with startup order and the occasional race condition + during system activation where the DNS service is started but + not yet ready to answer queries. Services depending on + <literal>nss-lookup.target</literal> or + <literal>unbound.service</literal> are now be able to use + unbound when those targets have been reached. + </para> + <para> + Additionally to the much stricter runtime environment the + <literal>/dev/urandom</literal> mount lines we previously had + in the code (that randomly failed during the stop-phase) have + been removed as systemd will take care of those for us. + </para> + <para> + The <literal>preStart</literal> script is now only required if + we enabled the trust anchor updates (which are still enabled + by default). + </para> + <para> + Another benefit of the refactoring is that we can now issue + reloads via either <literal>pkill -HUP unbound</literal> and + <literal>systemctl reload unbound</literal> to reload the + running configuration without taking the daemon offline. A + prerequisite of this was that unbound configuration is + available on a well known path on the file system. We are + using the path <literal>/etc/unbound/unbound.conf</literal> as + that is the default in the CLI tooling which in turn enables + us to use <literal>unbound-control</literal> without passing a + custom configuration location. + </para> + <para> + The module has also been reworked to be + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link> compliant. As such, + <literal>sevices.unbound.extraConfig</literal> has been + removed and replaced by + <link xlink:href="options.html#opt-services.unbound.settings">services.unbound.settings</link>. + <literal>services.unbound.interfaces</literal> has been + renamed to + <literal>services.unbound.settings.server.interface</literal>. + </para> + <para> + <literal>services.unbound.forwardAddresses</literal> and + <literal>services.unbound.allowedAccess</literal> have also + been changed to use the new settings interface. You can follow + the instructions when executing + <literal>nixos-rebuild</literal> to upgrade your configuration + to use the new interface. + </para> + </listitem> + <listitem> + <para> + The <literal>services.dnscrypt-proxy2</literal> module now + takes the upstream's example configuration and updates it with + the user's settings. An option has been added to restore the + old behaviour if you prefer to declare the configuration from + scratch. + </para> + </listitem> + <listitem> + <para> + NixOS now defaults to the unified cgroup hierarchy + (cgroupsv2). See the + <link xlink:href="https://www.redhat.com/sysadmin/fedora-31-control-group-v2">Fedora + Article for 31</link> for details on why this is desirable, + and how it impacts containers. + </para> + <para> + If you want to run containers with a runtime that does not yet + support cgroupsv2, you can switch back to the old behaviour by + setting + <link xlink:href="options.html#opt-systemd.enableUnifiedCgroupHierarchy">systemd.enableUnifiedCgroupHierarchy</link> + = <literal>false</literal>; and rebooting. + </para> + </listitem> + <listitem> + <para> + PulseAudio was upgraded to 14.0, with changes to the handling + of default sinks. See its + <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release + notes</link>. + </para> + </listitem> + <listitem> + <para> + GNOME users may wish to delete their + <literal>~/.config/pulse</literal> due to the changes to + stream routing logic. See + <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio + bug 832</link> for more information. + </para> + </listitem> + <listitem> + <para> + The zookeeper package does not provide + <literal>zooInspector.sh</literal> anymore, as that + "contrib" has been dropped from upstream releases. + </para> + </listitem> + <listitem> + <para> + In the ACME module, the data used to build the hash for the + account directory has changed to accomodate new features to + reduce account rate limit issues. This will trigger new + account creation on the first rebuild following this update. + No issues are expected to arise from this, thanks to the new + account creation handling. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-users.users._name_.createHome">users.users.<emphasis>name</emphasis>.createHome</link> + now always ensures home directory permissions to be + <literal>0700</literal>. Permissions had previously been + ignored for already existing home directories, possibly + leaving them readable by others. The option's description was + incorrect regarding ownership management and has been + simplified greatly. + </para> + </listitem> + <listitem> + <para> + When defining a new user, one of + <link xlink:href="options.html#opt-users.users._name_.isNormalUser">users.users.<emphasis>name</emphasis>.isNormalUser</link> + and + <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> + is now required. This is to prevent accidentally giving a UID + above 1000 to system users, which could have unexpected + consequences, like running user activation scripts for system + users. Note that users defined with an explicit UID below 500 + are exempted from this check, as + <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> + has no effect for those. + </para> + </listitem> + <listitem> + <para> + The <literal>security.apparmor</literal> module, for the + <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> + Mandatory Access Control system, has been substantialy + improved along with related tools, so that module maintainers + can now more easily write AppArmor profiles for NixOS. The + most notable change on the user-side is the new option + <link xlink:href="options.html#opt-security.apparmor.policies">security.apparmor.policies</link>, + replacing the previous <literal>profiles</literal> option to + provide a way to disable a profile and to select whether to + confine in enforce mode (default) or in complain mode (see + <literal>journalctl -b --grep apparmor</literal>). + Security-minded users may also want to enable + <link xlink:href="options.html#opt-security.apparmor.killUnconfinedConfinables">security.apparmor.killUnconfinedConfinables</link>, + at the cost of having some of their processes killed when + updating to a NixOS version introducing new AppArmor profiles. + </para> + </listitem> + <listitem> + <para> + The GNOME desktop manager once again installs gnome.epiphany + by default. + </para> + </listitem> + <listitem> + <para> + NixOS now generates empty <literal>/etc/netgroup</literal>. + <literal>/etc/netgroup</literal> defines network-wide groups + and may affect to setups using NIS. + </para> + </listitem> + <listitem> + <para> + Platforms, like <literal>stdenv.hostPlatform</literal>, no + longer have a <literal>platform</literal> attribute. It has + been (mostly) flattened away: + </para> + <itemizedlist> + <listitem> + <para> + <literal>platform.gcc</literal> is now + <literal>gcc</literal> + </para> + </listitem> + <listitem> + <para> + <literal>platform.kernel*</literal> is now + <literal>linux-kernel.*</literal> + </para> + </listitem> + </itemizedlist> + <para> + Additionally, <literal>platform.kernelArch</literal> moved to + the top level as <literal>linuxArch</literal> to match the + other <literal>*Arch</literal> variables. + </para> + <para> + The <literal>platform</literal> grouping of these things never + meant anything, and was just a historial/implementation + artifact that was overdue removal. + </para> + </listitem> + <listitem> + <para> + <literal>services.restic</literal> now uses a dedicated cache + directory for every backup defined in + <literal>services.restic.backups</literal>. The old global + cache directory, <literal>/root/.cache/restic</literal>, is + now unused and can be removed to free up disk space. + </para> + </listitem> + <listitem> + <para> + <literal>isync</literal>: The <literal>isync</literal> + compatibility wrapper was removed and the Master/Slave + terminology has been deprecated and should be replaced with + Far/Near in the configuration file. + </para> + </listitem> + <listitem> + <para> + The nix-gc service now accepts randomizedDelaySec (default: 0) + and persistent (default: true) parameters. By default nix-gc + will now run immediately if it would have been triggered at + least once during the time when the timer was inactive. + </para> + </listitem> + <listitem> + <para> + The <literal>rustPlatform.buildRustPackage</literal> function + is split into several hooks: cargoSetupHook to set up + vendoring for Cargo-based projects, cargoBuildHook to build a + project using Cargo, cargoInstallHook to install a project + using Cargo, and cargoCheckHook to run tests in Cargo-based + projects. With this change, mixed-language projects can use + the relevant hooks within builders other than + <literal>buildRustPackage</literal>. However, these changes + also required several API changes to + <literal>buildRustPackage</literal> itself: + </para> + <itemizedlist> + <listitem> + <para> + The <literal>target</literal> argument was removed. + Instead, <literal>buildRustPackage</literal> will always + use the same target as the C/C++ compiler that is used. + </para> + </listitem> + <listitem> + <para> + The <literal>cargoParallelTestThreads</literal> argument + was removed. Parallel tests are now disabled through + <literal>dontUseCargoParallelTests</literal>. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The <literal>rustPlatform.maturinBuildHook</literal> hook was + added. This hook can be used with + <literal>buildPythonPackage</literal> to build Python packages + that are written in Rust and use Maturin as their build tool. + </para> + </listitem> + <listitem> + <para> + Kubernetes has + <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated + docker</link> as container runtime. As a consequence, the + Kubernetes module now has support for configuration of custom + remote container runtimes and enables containerd by default. + Note that containerd is more strict regarding container image + OCI-compliance. As an example, images with CMD or ENTRYPOINT + defined as strings (not lists) will fail on containerd, while + working fine on docker. Please test your setup and container + images with containerd prior to upgrading. + </para> + </listitem> + <listitem> + <para> + The GitLab module now has support for automatic backups. A + schedule can be set with the + <link xlink:href="options.html#opt-services.gitlab.backup.startAt">services.gitlab.backup.startAt</link> + option. + </para> + </listitem> + <listitem> + <para> + Prior to this release, systemd would also read system units + from an undocumented + <literal>/etc/systemd-mutable/system</literal> path. This path + has been dropped from the defaults. That path (or others) can + be re-enabled by adding it to the + <link xlink:href="options.html#opt-boot.extraSystemdUnitPaths">boot.extraSystemdUnitPaths</link> + list. + </para> + </listitem> + <listitem> + <para> + PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle + and has been removed. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.xfce.org/">Xfce4</link> relies + on GIO/GVfs for userspace virtual filesystem access in + applications like + <link xlink:href="https://docs.xfce.org/xfce/thunar/">thunar</link> + and + <link xlink:href="https://docs.xfce.org/apps/gigolo/">gigolo</link>. + For that to work, the gvfs nixos service is enabled by + default, and it can be configured with the specific package + that provides GVfs. Until now Xfce4 was setting it to use a + lighter version of GVfs (without support for samba). To avoid + conflicts with other desktop environments this setting has + been dropped. Users that still want it should add the + following to their system configuration: + </para> + <programlisting language="bash"> +{ + services.gvfs.package = pkgs.gvfs.override { samba = null; }; +} +</programlisting> + </listitem> + <listitem> + <para> + The newly enabled <literal>systemd-pstore.service</literal> + now automatically evacuates crashdumps and panic logs from the + persistent storage to + <literal>/var/lib/systemd/pstore</literal>. This prevents + NVRAM from filling up, which ensures the latest diagnostic + data is always stored and alleviates problems with writing new + boot configurations. + </para> + </listitem> + <listitem> + <para> + Nixpkgs now contains + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically + packaged GNOME Shell extensions</link> from the + <link xlink:href="https://extensions.gnome.org/">GNOME + Extensions</link> portal. You can find them, filed by their + UUID, under <literal>gnome38Extensions</literal> attribute for + GNOME 3.38 and under <literal>gnome40Extensions</literal> for + GNOME 40. Finally, the <literal>gnomeExtensions</literal> + attribute contains extensions for the latest GNOME Shell + version in Nixpkgs, listed under a more human-friendly name. + The unqualified attribute scope also contains manually + packaged extensions. Note that the automatically packaged + extensions are provided for convenience and are not checked or + guaranteed to work. + </para> + </listitem> + <listitem> + <para> + Erlang/OTP versions older than R21 got dropped. We also + dropped the cuter package, as it was purely an example of how + to build a package. We also dropped <literal>lfe_1_2</literal> + as it could not build with R21+. Moving forward, we expect to + only support 3 yearly releases of OTP. + </para> + </listitem> + </itemizedlist> + </section> +</section> |