Release 22.05 (“Quokka”, 2022.05/??)
In addition to numerous new and upgraded packages, this release has
the following highlights:
Support is planned until the end of December 2022, handing over
to 22.11.
Highlightssecurity.acme.defaults has been added to
simplify configuring settings for many certificates at once.
This also opens up the the option to use DNS-01 validation
when using enableACME on web server virtual
hosts (e.g.
services.nginx.virtualHosts.*.enableACME).
PHP 8.1 is now available
New Services
aesmd,
the Intel SGX Architectural Enclave Service Manager. Available
as
services.aesmd.
rootless
Docker, a systemd --user Docker
service which runs without root permissions. Available as
virtualisation.docker.rootless.enable.
filebeat,
a lightweight shipper for forwarding and centralizing log
data. Available as
services.filebeat.
PowerDNS-Admin,
a web interface for the PowerDNS server. Available at
services.powerdns-admin.
Backward Incompatibilitiespkgs.ghc now refers to
pkgs.targetPackages.haskellPackages.ghc.
This only makes a difference if you are
cross-compiling and will ensure that
pkgs.ghc always runs on the host platform
and compiles for the target platform (similar to
pkgs.gcc for example).
haskellPackages.ghc still behaves as
before, running on the build platform and compiling for the
host platform (similar to stdenv.cc). This
means you don’t have to adjust your derivations if you use
haskellPackages.callPackage, but when using
pkgs.callPackage and taking
ghc as an input, you should now use
buildPackages.ghc instead to ensure cross
compilation keeps working (or switch to
haskellPackages.callPackage).
pkgs.emacsPackages.orgPackages is removed
because org elpa is deprecated. The packages in the top level
of pkgs.emacsPackages, such as org and
org-contrib, refer to the ones in
pkgs.emacsPackages.elpaPackages and
pkgs.emacsPackages.nongnuPackages where the
new versions will release.
The wafHook hook now honors
NIX_BUILD_CORES when
enableParallelBuilding is not set
explicitly. Packages can restore the old behaviour by setting
enableParallelBuilding=false.
pkgs.claws-mail-gtk2, representing Claws
Mail’s older release version three, was removed in order to
get rid of Python 2. Please switch to
claws-mail, which is Claws Mail’s latest
release based on GTK+3 and Python 3.
The writers.writePython2 and corresponding
writers.writePython2Bin convenience
functions to create executable Python 2 scripts in the store
were removed in preparation of removal of the Python 2
interpreter. Scripts have to be converted to Python 3 for use
with writers.writePython3 or
writers.writePyPy2 needs to be used.
If you previously used
/etc/docker/daemon.json, you need to
incorporate the changes into the new option
virtualisation.docker.daemon.settings.
The autorestic package has been upgraded
from 1.3.0 to 1.5.0 which introduces breaking changes in
config file, check
their
migration guide for more details.
For pkgs.python3.pkgs.ipython, its direct
dependency
pkgs.python3.pkgs.matplotlib-inline (which
is really an adapter to integrate matplotlib in ipython if it
is installed) does not depend on
pkgs.python3.pkgs.matplotlib anymore. This
is closer to a non-Nix install of ipython. This has the added
benefit to reduce the closure size of
ipython from ~400MB to ~160MB (including
~100MB for python itself).
Other Notable Changes
The option
services.redis.servers
was added to support per-application
redis-server which is more secure since
Redis databases are only mere key prefixes without any
configuration or ACL of their own. Backward-compatibility is
preserved by mapping old
services.redis.settings to
services.redis.servers."".settings,
but you are strongly encouraged to name each
redis-server instance after the application
using it, instead of keeping that nameless one. Except for the
nameless
services.redis.servers."" still
accessible at 127.0.0.1:6379, and to the
members of the Unix group redis through the
Unix socket /run/redis/redis.sock, all
other services.redis.servers.${serverName}
are only accessible by default to the members of the Unix
group redis-${serverName} through the Unix
socket /run/redis-${serverName}/redis.sock.
The
writers.writePyPy2/writers.writePyPy3
and corresponding
writers.writePyPy2Bin/writers.writePyPy3Bin
convenience functions to create executable Python 2/3 scripts
using the PyPy interpreter were added.
The influxdb2 package was split into
influxdb2-server and
influxdb2-cli, matching the split that took
place upstream. A combined influxdb2
package is still provided in this release for backwards
compatibilty, but will be removed at a later date.
The services.unifi.openPorts option default
value of true is now deprecated and will be
changed to false in 22.11. Configurations
using this default will print a warning when rebuilt.
security.acme certificates will now
correctly check for CA revokation before reaching their
minimum age.
Removing domains from
security.acme.certs._name_.extraDomainNames
will now correctly remove those domains during rebuild/renew.
The option
services.ssh.enableAskPassword
was added, decoupling the setting of
SSH_ASKPASS from
services.xserver.enable. This allows easy
usage in non-X11 environments, e.g. Wayland.
The services.stubby module was converted to
a
settings-style
configuration.