diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2111.section.md')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 141 |
1 files changed, 83 insertions, 58 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 5661d8cab31..3e1922ddcc2 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -20,19 +20,28 @@ In addition to numerous new and upgraded packages, this release has the followin This allows activation scripts to output what they would change if the activation was really run. The users/modules activation script supports this and outputs some of is actions. +- bash now defaults to major version 5. + +- Systemd was updated to version 249 (from 247). + - Pantheon desktop has been updated to version 6. Due to changes of screen locker, if locking doesn't work for you, please try `gsettings set org.gnome.desktop.lockdown disable-lock-screen false`. +- `kubernetes-helm` now defaults to 3.7.0, which introduced some breaking changes to the experimental OCI manifest format. See [HIP 6](https://github.com/helm/community/blob/main/hips/hip-0006.md) for more details. + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). -- [clipcat](https://github.com/xrelkd/clipcat/), an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#o -pt-services.clipcat.enable). +- [clipcat](https://github.com/xrelkd/clipcat/), an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#opt-services.clipcat.enable). + +- [dex](https://github.com/dexidp/dex), an OpenID Connect (OIDC) identity and OAuth 2.0 provider. Available at [services.dex](options.html#opt-services.dex.enable). - [geoipupdate](https://github.com/maxmind/geoipupdate), a GeoIP database updater from MaxMind. Available as [services.geoipupdate](options.html#opt-services.geoipupdate.enable). - [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea). +- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast). + - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). - [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable). @@ -41,6 +50,8 @@ pt-services.clipcat.enable). - [vikunja](https://vikunja.io), a to-do list app. Available as [services.vikunja](#opt-services.vikunja.enable). +- [opensnitch](https://github.com/evilsocket/opensnitch), an application firewall. Available as [services.opensnitch](#opt-services.opensnitch.enable). + - [snapraid](https://www.snapraid.it/), a backup program for disk arrays. Available as [snapraid](#opt-snapraid.enable). @@ -63,7 +74,7 @@ pt-services.clipcat.enable). Available as [isso](#opt-services.isso.enable) - [navidrome](https://www.navidrome.org/), a personal music streaming server with -subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable). + subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable). - [fluidd](https://docs.fluidd.xyz/), a Klipper web interface for managing 3d printers using moonraker. Available as [fluidd](#opt-services.fluidd.enable). @@ -86,8 +97,12 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - [touchegg](https://github.com/JoseExposito/touchegg), a multi-touch gesture recognizer. Available as [services.touchegg](#opt-services.touchegg.enable). +- [pantheon-tweaks](https://github.com/pantheon-tweaks/pantheon-tweaks), an unofficial system settings panel for Pantheon. Available as [programs.pantheon-tweaks](#opt-programs.pantheon-tweaks.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} +- The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set. + This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe. - The `paperless` module and package have been removed. All users should migrate to the successor `paperless-ng` instead. The Paperless project [has been @@ -95,46 +110,49 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable and advises all users to use `paperless-ng` instead. Users can use the `services.paperless-ng` module as a replacement while noting the following incompatibilities: - - `services.paperless.ocrLanguages` has no replacement. Users should migrate to [`services.paperless-ng.extraConfig`](options.html#opt-services.paperless-ng.extraConfig) instead: - ```nix - { - services.paperless-ng.extraConfig = { - # Provide languages as ISO 639-2 codes - # separated by a plus (+) sign. - # https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes - PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse - }; - } - ``` - - - If you previously specified `PAPERLESS_CONSUME_MAIL_*` settings in - `services.paperless.extraConfig` you should remove those options now. You - now *must* define those settings in the admin interface of paperless-ng. - - - Option `services.paperless.manage` no longer exists. - Use the script at `${services.paperless-ng.dataDir}/paperless-ng-manage` instead. - Note that this script only exists after the `paperless-ng` service has been - started at least once. - - - After switching to the new system configuration you should run the Django - management command to reindex your documents and optionally create a user, - if you don't have one already. - - To do so, enter the data directory (the value of - `services.paperless-ng.dataDir`, `/var/lib/paperless` by default), switch - to the paperless user and execute the management command like below: - ``` - $ cd /var/lib/paperless - $ su paperless -s /bin/sh - $ ./paperless-ng-manage document_index reindex - # if not already done create a user account, paperless-ng requires a login - $ ./paperless-ng-manage createsuperuser - Username (leave blank to use 'paperless'): my-user-name - Email address: me@example.com - Password: ********** - Password (again): ********** - Superuser created successfully. - ``` + + - `services.paperless.ocrLanguages` has no replacement. Users should migrate to [`services.paperless-ng.extraConfig`](options.html#opt-services.paperless-ng.extraConfig) instead: + + ```nix + { + services.paperless-ng.extraConfig = { + # Provide languages as ISO 639-2 codes + # separated by a plus (+) sign. + # https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes + PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse + }; + } + ``` + + - If you previously specified `PAPERLESS_CONSUME_MAIL_*` settings in + `services.paperless.extraConfig` you should remove those options now. You + now _must_ define those settings in the admin interface of paperless-ng. + + - Option `services.paperless.manage` no longer exists. + Use the script at `${services.paperless-ng.dataDir}/paperless-ng-manage` instead. + Note that this script only exists after the `paperless-ng` service has been + started at least once. + + - After switching to the new system configuration you should run the Django + management command to reindex your documents and optionally create a user, + if you don't have one already. + + To do so, enter the data directory (the value of + `services.paperless-ng.dataDir`, `/var/lib/paperless` by default), switch + to the paperless user and execute the management command like below: + + ``` + $ cd /var/lib/paperless + $ su paperless -s /bin/sh + $ ./paperless-ng-manage document_index reindex + # if not already done create a user account, paperless-ng requires a login + $ ./paperless-ng-manage createsuperuser + Username (leave blank to use 'paperless'): my-user-name + Email address: me@example.com + Password: ********** + Password (again): ********** + Superuser created successfully. + ``` - The `staticjinja` package has been upgraded from 1.0.4 to 4.1.0 @@ -231,28 +249,32 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable * The `bitwarden_rs` packages and modules were renamed to `vaultwarden` [following upstream](https://github.com/dani-garcia/vaultwarden/discussions/1642). More specifically, - * `pkgs.bitwarden_rs`, `pkgs.bitwarden_rs-sqlite`, `pkgs.bitwarden_rs-mysql` and + - `pkgs.bitwarden_rs`, `pkgs.bitwarden_rs-sqlite`, `pkgs.bitwarden_rs-mysql` and `pkgs.bitwarden_rs-postgresql` were renamed to `pkgs.vaultwarden`, `pkgs.vaultwarden-sqlite`, `pkgs.vaultwarden-mysql` and `pkgs.vaultwarden-postgresql`, respectively. - * Old names are preserved as aliases for backwards compatibility, but may be removed in the future. - * The `bitwarden_rs` executable was also renamed to `vaultwarden` in all packages. - * `pkgs.bitwarden_rs-vault` was renamed to `pkgs.vaultwarden-vault`. - * `pkgs.bitwarden_rs-vault` is preserved as an alias for backwards compatibility, but may be removed in the future. - * The static files were moved from `/usr/share/bitwarden_rs` to `/usr/share/vaultwarden`. + - Old names are preserved as aliases for backwards compatibility, but may be removed in the future. + - The `bitwarden_rs` executable was also renamed to `vaultwarden` in all packages. + + - `pkgs.bitwarden_rs-vault` was renamed to `pkgs.vaultwarden-vault`. - * The `services.bitwarden_rs` config module was renamed to `services.vaultwarden`. - * `services.bitwarden_rs` is preserved as an alias for backwards compatibility, but may be removed in the future. + - `pkgs.bitwarden_rs-vault` is preserved as an alias for backwards compatibility, but may be removed in the future. + - The static files were moved from `/usr/share/bitwarden_rs` to `/usr/share/vaultwarden`. - * `systemd.services.bitwarden_rs`, `systemd.services.backup-bitwarden_rs` and `systemd.timers.backup-bitwarden_rs` + - The `services.bitwarden_rs` config module was renamed to `services.vaultwarden`. + + - `services.bitwarden_rs` is preserved as an alias for backwards compatibility, but may be removed in the future. + + - `systemd.services.bitwarden_rs`, `systemd.services.backup-bitwarden_rs` and `systemd.timers.backup-bitwarden_rs` were renamed to `systemd.services.vaultwarden`, `systemd.services.backup-vaultwarden` and `systemd.timers.backup-vaultwarden`, respectively. - * Old names are preserved as aliases for backwards compatibility, but may be removed in the future. - * `users.users.bitwarden_rs` and `users.groups.bitwarden_rs` were renamed to `users.users.vaultwarden` and + - Old names are preserved as aliases for backwards compatibility, but may be removed in the future. + + - `users.users.bitwarden_rs` and `users.groups.bitwarden_rs` were renamed to `users.users.vaultwarden` and `users.groups.vaultwarden`, respectively. - * The data directory remains located at `/var/lib/bitwarden_rs`, for backwards compatibility. + - The data directory remains located at `/var/lib/bitwarden_rs`, for backwards compatibility. - `yggdrasil` was upgraded to a new major release with breaking changes, see [upstream changelog](https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0). @@ -265,6 +287,7 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - `tt-rss` was upgraded to the commit on 2021-06-21, which has breaking changes. If you use `services.tt-rss.extraConfig` you should migrate to the `putenv`-style configuration. See [this Discourse post](https://community.tt-rss.org/t/rip-config-php-hello-classes-config-php/4337) in the tt-rss forums for more details. - The following Visual Studio Code extensions were renamed to keep the naming convention uniform. + - `bbenoist.Nix` -> `bbenoist.nix` - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` - `golang.Go` -> `golang.go` @@ -284,12 +307,12 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland. - The `services.minio` module gained an additional option `consoleAddress`, that -configures the address and port the web UI is listening, it defaults to `:9001`. -To be able to access the web UI this port needs to be opened in the firewall. + configures the address and port the web UI is listening, it defaults to `:9001`. + To be able to access the web UI this port needs to be opened in the firewall. - The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available. -- The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used. +- The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used. - The attribute `linuxPackages_latest_hardened` was dropped because the hardened patches lag behind the upstream kernel which made version bumps harder. If you want to use @@ -325,6 +348,8 @@ To be able to access the web UI this port needs to be opened in the firewall. However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. +- The [`services.xserver.extraLayouts`](options.html#opt-services.xserver.extraLayouts) no longer cause additional rebuilds when a layout is added or modified. + - Sway: The terminal emulator `rxvt-unicode` is no longer installed by default via `programs.sway.extraPackages`. The current default configuration uses `alacritty` (and soon `foot`) so this is only an issue when using a customized configuration and not installing `rxvt-unicode` explicitly. - `python3` now defaults to Python 3.9. Python 3.9 introduces many deprecation warnings, please look at the [What's New In Python 3.9 post](https://docs.python.org/3/whatsnew/3.9.html) for more information. |