| blob | b72c4326004c381137a2e6cff0e4545d5ec090e8 |
1 <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.11">
2 <title>Release 22.11 (“Raccoon”, 2022.11/30)</title>
3 <para>
4 The NixOS release team is happy to announce a new version of NixOS
5 22.11. NixOS is both a Linux distribution, and a set of packages
6 usable on other Linux systems and macOS.
7 </para>
8 <para>
9 This release is supported until the end of June 2023, handing over
10 to NixOS 23.05.
11 </para>
12 <para>
13 To upgrade to the latest release follow the
14 <link linkend="sec-upgrading">upgrade chapter</link>.
15 </para>
16 <section xml:id="sec-release-22.11-highlights">
17 <title>Highlights</title>
18 <para>
19 In addition to numerous new and upgraded packages, this release
20 includes the following highlights:
21 </para>
22 <itemizedlist>
23 <listitem>
24 <para>
25 Software that uses the <literal>crypt</literal> password
26 hashing API is now using the implementation provided by
27 <link xlink:href="https://github.com/besser82/libxcrypt"><literal>libxcrypt</literal></link>
28 instead of glibc’s, which enables support for more secure
29 algorithms.
30 </para>
31 <itemizedlist spacing="compact">
32 <listitem>
33 <para>
34 Support for algorithms that <literal>libxcrypt</literal>
35 <link xlink:href="https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41">does
36 not consider strong</link> are
37 <emphasis role="strong">deprecated</emphasis> as of this
38 release, and will be removed in NixOS 23.05.
39 </para>
40 </listitem>
41 <listitem>
42 <para>
43 This includes system login passwords. Given this, we
44 <emphasis role="strong">strongly encourage</emphasis> all
45 users to update their system passwords, as you will be
46 unable to login if password hashes are not migrated by the
47 time their support is removed.
48 </para>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>
52 When using
53 <literal>users.users.<name>.hashedPassword</literal>
54 to configure user passwords, run
55 <literal>mkpasswd</literal>, and use the yescrypt hash
56 that is provided as the new value.
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 On the other hand, for interactively configured user
62 passwords, simply re-set the passwords for all users
63 with <literal>passwd</literal>.
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 This release introduces warnings for the use of
69 deprecated hash algorithms for both methods of
70 configuring passwords. To make sure you migrated
71 correctly, run
72 <literal>nixos-rebuild switch</literal>.
73 </para>
74 </listitem>
75 </itemizedlist>
76 </listitem>
77 </itemizedlist>
78 </listitem>
79 <listitem>
80 <para>
81 The NixOS documentation is now generated from markdown. While
82 docbook is still part of the documentation build process, it’s
83 a big step towards the full migration.
84 </para>
85 </listitem>
86 <listitem>
87 <para>
88 <literal>aarch64-linux</literal> is now included in the
89 <literal>nixos-22.11</literal> and
90 <literal>nixos-22.11-small</literal> channels. This means that
91 when those channel update, both
92 <literal>x86_64-linux</literal> and
93 <literal>aarch64-linux</literal> will be available in the
94 binary cache.
95 </para>
96 </listitem>
97 <listitem>
98 <para>
99 <literal>aarch64-linux</literal> ISOs are now available on the
100 <link xlink:href="https://nixos.org/download.html">downloads
101 page</link>.
102 </para>
103 </listitem>
104 <listitem>
105 <para>
106 <literal>nsncd</literal> is now available as a replacement of
107 <literal>nscd</literal>.
108 </para>
109 <para>
110 <literal>nscd</literal> is responsible for resolving
111 hostnames, users and more in NixOS and has been a long
112 standing source of bugs, such as sporadic network freezes.
113 </para>
114 <para>
115 More context in this
116 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/135888">issue</link>.
117 </para>
118 <para>
119 Help us test the new implementation by setting
120 <literal>services.nscd.enableNsncd</literal> to
121 <literal>true</literal>.
122 </para>
123 <para>
124 We plan to use <literal>nsncd</literal> by default in NixOS
125 23.05.
126 </para>
127 </listitem>
128 <listitem>
129 <para>
130 Linode cloud images are now supported by importing
131 <literal>${modulesPath}/virtualisation/linode-image.nix</literal>
132 and accessing <literal>system.build.linodeImage</literal> on
133 the output.
134 </para>
135 </listitem>
136 <listitem>
137 <para>
138 <literal>hardware.nvidia</literal> has a new option,
139 <literal>hardware.nvidia.open</literal>, that can be used to
140 enable the usage of NVIDIA’s open-source kernel driver. Note
141 that the driver’s support for GeForce and Workstation GPUs is
142 still alpha quality, see
143 <link xlink:href="https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/">the
144 release announcement</link> for more information.
145 </para>
146 </listitem>
147 <listitem>
148 <para>
149 The <literal>emacs</literal> package now makes use of native
150 compilation which means:
151 </para>
152 <itemizedlist spacing="compact">
153 <listitem>
154 <para>
155 Emacs packages from Nixpkgs, builtin or not, will do
156 native compilation ahead of time so you can enjoy the
157 benefit of native compilation without compiling them on
158 you machine;
159 </para>
160 </listitem>
161 <listitem>
162 <para>
163 Emacs packages from somewhere else, e.g.
164 <literal>package-install</literal>, will perform
165 asynchronously deferred native compilation. If you do not
166 want this, maybe to avoid CPU consumption for compilation,
167 you can use
168 <literal>(setq native-comp-deferred-compilation nil)</literal>
169 to disable it while still benefiting from native
170 compilation for packages from Nixpkgs.
171 </para>
172 </listitem>
173 </itemizedlist>
174 </listitem>
175 </itemizedlist>
176 </section>
177 <section xml:id="sec-release-22.11-internal">
178 <title>Internal changes</title>
179 <itemizedlist>
180 <listitem>
181 <para>
182 Haskell <literal>ghcWithPackages</literal> is now up to 15
183 times faster to evaluate, thanks to changing
184 <literal>lib.closePropagation</literal> from a quadratic to
185 linear complexity. Please see backward incompatibilities notes
186 below.
187 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/194391">https://github.com/NixOS/nixpkgs/pull/194391</link>
188 </para>
189 </listitem>
190 <listitem>
191 <para>
192 For cross-compilation targets that can also run on the
193 building machine, we now run tests. This, for example, is the
194 case for the <literal>pkgsStatic</literal> and
195 <literal>pkgsLLVM</literal> package sets or i686 packages on
196 <literal>x86_64</literal> machines.
197 </para>
198 </listitem>
199 <listitem>
200 <para>
201 To simplify cross-compilation in NixOS, this release
202 introduces the <literal>nixpkgs.hostPlatform</literal> and
203 <literal>nixpkgs.buildPlatform</literal> options. These cover
204 and override the
205 <literal>nixpkgs.{system,localSystem,crossSystem}</literal>
206 options.
207 </para>
208 <itemizedlist spacing="compact">
209 <listitem>
210 <para>
211 <literal>hostPlatform</literal> is the platform or
212 <quote><literal>system</literal></quote> string of the
213 NixOS system described by the configuration.
214 </para>
215 </listitem>
216 <listitem>
217 <para>
218 <literal>buildPlatform</literal> is the platform that is
219 responsible for building the NixOS configuration. It
220 defaults to the <literal>hostPlatform</literal>, for a
221 non-cross build configuration. To cross compile, set
222 <literal>buildPlatform</literal> to a different value.
223 </para>
224 </listitem>
225 </itemizedlist>
226 <para>
227 The new options convey the same information, but with fewer
228 options, and following the Nixpkgs terminology.
229 </para>
230 <para>
231 The existing options
232 <literal>nixpkgs.{system,localSystem,crossSystem}</literal>
233 have not been formally deprecated, to allow for evaluation of
234 the change and to allow for a transition period so that in
235 time the ecosystem can switch without breaking compatibility
236 with any supported NixOS release.
237 </para>
238 </listitem>
239 </itemizedlist>
240 </section>
241 <section xml:id="sec-release-22.11-version-updates">
242 <title>Notable version updates</title>
243 <itemizedlist>
244 <listitem>
245 <para>
246 Nix has been upgraded from v2.8.1 to v2.11.0. For more
247 information, please see the release notes for
248 <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.9.html">2.9</link>,
249 <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.10.html">2.10</link>
250 and
251 <link xlink:href="https://nixos.org/manual/nix/stable/release-notes/rl-2.11.html">2.11</link>.
252 </para>
253 </listitem>
254 <listitem>
255 <para>
256 OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
257 </para>
258 </listitem>
259 <listitem>
260 <para>
261 GNOME has been upgraded to version 43. Please see the
262 <link xlink:href="https://release.gnome.org/43/">release
263 notes</link> for details.
264 </para>
265 </listitem>
266 <listitem>
267 <para>
268 KDE Plasma has been upgraded from v5.24 to v5.26. Please see
269 the release notes for
270 <link xlink:href="https://kde.org/announcements/plasma/5/5.25.0/">v5.25</link>
271 and
272 <link xlink:href="https://kde.org/announcements/plasma/5/5.26.0/">v5.26</link>
273 for more details on the included changes.
274 </para>
275 </listitem>
276 <listitem>
277 <para>
278 Cinnamon has been updated to 5.4, and the Cinnamon module now
279 defaults to Blueman as the Bluetooth manager and slick-greeter
280 as the LightDM greeter, to match upstream.
281 </para>
282 </listitem>
283 <listitem>
284 <para>
285 PHP now defaults to PHP 8.1, updated from 8.0.
286 </para>
287 </listitem>
288 <listitem>
289 <para>
290 Perl has been updated to 5.36, and its core module
291 <literal>HTTP::Tiny</literal> was patched to verify SSL/TLS
292 certificates by default.
293 </para>
294 </listitem>
295 <listitem>
296 <para>
297 Python now defaults to 3.10, updated from 3.9.
298 </para>
299 </listitem>
300 </itemizedlist>
301 </section>
302 <section xml:id="sec-release-22.11-incompatibilities">
303 <title>Backward Incompatibilities</title>
304 <itemizedlist>
305 <listitem>
306 <para>
307 Nixpkgs now requires Nix 2.3 or newer.
308 </para>
309 </listitem>
310 <listitem>
311 <para>
312 The <literal>isCompatible</literal> predicate checking CPU
313 compatibility is no longer exposed by the platform sets
314 generated using <literal>lib.systems.elaborate</literal>. In
315 most cases you will want to use the new
316 <literal>canExecute</literal> predicate instead which also
317 considers the kernel / syscall interface. It is briefly
318 described in the release’s
319 <link linkend="sec-release-22.11-highlights">highlights
320 section</link>.
321 <literal>lib.systems.parse.isCompatible</literal> still
322 exists, but has changed semantically: Architectures with
323 differing endianness modes are <emphasis>no longer considered
324 compatible</emphasis>.
325 </para>
326 </listitem>
327 <listitem>
328 <para>
329 <literal>ngrok</literal> has been upgraded from 2.3.40 to
330 3.0.4. Please see
331 <link xlink:href="https://ngrok.com/docs/guides/upgrade-v2-v3">the
332 upgrade guide</link> and
333 <link xlink:href="https://ngrok.com/docs/ngrok-agent/changelog">changelog</link>.
334 Notably, breaking changes are that the config file format has
335 changed and support for single hyphen arguments was dropped.
336 </para>
337 </listitem>
338 <listitem>
339 <para>
340 <literal>i18n.supportedLocales</literal> is now only generated
341 with the locales set in <literal>i18n.defaultLocale</literal>
342 and <literal>i18n.extraLocaleSettings</literal>.
343 </para>
344 <itemizedlist spacing="compact">
345 <listitem>
346 <para>
347 This reduces the final system closure size by up to 200MB.
348 </para>
349 </listitem>
350 <listitem>
351 <para>
352 If you require all locales installed, set the option to
353 <literal>[ "all" ]</literal>.
354 </para>
355 </listitem>
356 </itemizedlist>
357 </listitem>
358 <listitem>
359 <para>
360 Deprecated settings <literal>logrotate.paths</literal> and
361 <literal>logrotate.extraConfig</literal> have been removed.
362 Please convert any uses to
363 <link linkend="opt-services.logrotate.settings">services.logrotate.settings</link>
364 instead.
365 </para>
366 </listitem>
367 <listitem>
368 <para>
369 The <literal>isPowerPC</literal> predicate, found on
370 <literal>platform</literal> attrsets
371 (<literal>hostPlatform</literal>,
372 <literal>buildPlatform</literal>,
373 <literal>targetPlatform</literal>, etc) has been removed in
374 order to reduce confusion. The predicate was was defined such
375 that it matches only the 32-bit big-endian members of the
376 POWER/PowerPC family, despite having a name which would imply
377 a broader set of systems. If you were using this predicate,
378 you can replace <literal>foo.isPowerPC</literal> with
379 <literal>(with foo; isPower && is32bit && isBigEndian)</literal>.
380 </para>
381 </listitem>
382 <listitem>
383 <para>
384 The <literal>fetchgit</literal> fetcher now uses
385 <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling">cone
386 mode</link> by default for sparse checkouts.
387 <link xlink:href="https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems">Non-cone
388 mode</link> can be enabled by passing
389 <literal>nonConeMode = true</literal>, but note that non-cone
390 mode is deprecated and this option may be removed alongside a
391 future Git update without notice.
392 </para>
393 </listitem>
394 <listitem>
395 <para>
396 The <literal>fetchgit</literal> fetcher supports sparse
397 checkouts via the <literal>sparseCheckout</literal> option.
398 This used to accept a multi-line string with
399 directories/patterns to check out, but now requires a list of
400 strings.
401 </para>
402 </listitem>
403 <listitem>
404 <para>
405 <literal>openssh</literal> was updated to version 9.1,
406 disabling the generation of DSA keys when using
407 <literal>ssh-keygen -A</literal> as they are insecure. Also,
408 <literal>SetEnv</literal> directives in
409 <literal>ssh_config</literal> and
410 <literal>sshd_config</literal> are now first-match-wins.
411 </para>
412 </listitem>
413 <listitem>
414 <para>
415 <literal>bsp-layout</literal> no longer uses the command
416 <literal>cycle</literal> to switch to other window layouts, as
417 it got replaced by the commands <literal>previous</literal>
418 and <literal>next</literal>.
419 </para>
420 </listitem>
421 <listitem>
422 <para>
423 The Barco ClickShare driver/client package
424 <literal>pkgs.clickshare-csc1</literal> and the option
425 <literal>programs.clickshare-csc1.enable</literal> have been
426 removed, as it requires <literal>qt4</literal>, which reached
427 its end-of-life 2015 and will no longer be supported by
428 nixpkgs.
429 <link xlink:href="https://www.barco.com/de/support/knowledge-base/4380-can-i-use-linux-os-with-clickshare-base-units">According
430 to Barco</link> many of their base unit models can be used
431 with Google Chrome and the Google Cast extension.
432 </para>
433 </listitem>
434 <listitem>
435 <para>
436 <literal>services.hbase</literal> has been renamed to
437 <literal>services.hbase-standalone</literal>. For production
438 HBase clusters, use <literal>services.hadoop.hbase</literal>
439 instead.
440 </para>
441 </listitem>
442 <listitem>
443 <para>
444 The <literal>p4</literal> package now only includes the
445 open-source Perforce Helix Core command-line client and APIs.
446 It no longer installs the unfree Helix Core Server binaries
447 <literal>p4d</literal>, <literal>p4broker</literal>, and
448 <literal>p4p</literal>. To install the Helix Core Server
449 binaries, use the <literal>p4d</literal> package instead.
450 </para>
451 </listitem>
452 <listitem>
453 <para>
454 The OpenSSL extension for the PHP interpreter used by
455 Nextcloud is built against OpenSSL 1.1 if
456 <xref linkend="opt-system.stateVersion" /> is below
457 <literal>22.11</literal>. This is to make sure that people
458 using
459 <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side
460 encryption</link> don’t lose access to their files.
461 </para>
462 <para>
463 In any other case, it’s safe to use OpenSSL 3 for PHP’s
464 OpenSSL extension. This can be done by setting
465 <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />
466 to <literal>false</literal>.
467 </para>
468 </listitem>
469 <listitem>
470 <para>
471 The <literal>coq</literal> package and versioned variants
472 starting at <literal>coq_8_14</literal> no longer include
473 CoqIDE, which is now available through
474 <literal>coqPackages.coqide</literal>. It is still possible to
475 get CoqIDE as part of the <literal>coq</literal> package by
476 overriding the <literal>buildIde</literal> argument of the
477 derivation.
478 </para>
479 </listitem>
480 <listitem>
481 <para>
482 PHP 7.4 is no longer supported due to upstream not supporting
483 this version for the entire lifecycle of the 22.11 release.
484 </para>
485 </listitem>
486 <listitem>
487 <para>
488 The ipfs package and module were renamed to kubo. The kubo
489 module now uses an RFC42-style <literal>settings</literal>
490 option instead of <literal>extraConfig</literal> and the
491 <literal>gatewayAddress</literal>,
492 <literal>apiAddress</literal> and
493 <literal>swarmAddress</literal> options were renamed. Using
494 the old names will print a warning but still work.
495 </para>
496 </listitem>
497 <listitem>
498 <para>
499 <literal>pkgs.cosign</literal> does not provide the
500 <literal>cosigned</literal> binary anymore. The
501 <literal>sget</literal> binary has been moved into its own
502 package.
503 </para>
504 </listitem>
505 <listitem>
506 <para>
507 Emacs now uses the Lucid toolkit by default instead of GTK
508 because of stability and compatibility issues. Users who still
509 wish to remain using GTK can do so by using
510 <literal>emacs-gtk</literal>.
511 </para>
512 </listitem>
513 <listitem>
514 <para>
515 <literal>kanidm</literal> has been updated to 1.1.0-alpha.10
516 and now requires a TLS certificate and key. It will always
517 start <literal>https</literal> and-–-if enabled-–-an LDAPS
518 server and no HTTP and LDAP server anymore.
519 </para>
520 </listitem>
521 <listitem>
522 <para>
523 riak package removed along with
524 <literal>services.riak</literal> module, due to lack of
525 maintainer to update the package.
526 </para>
527 </listitem>
528 <listitem>
529 <para>
530 ppd files in <literal>pkgs.cups-drv-rastertosag-gdi</literal>
531 are now gzipped. If you refer to such a ppd file with its path
532 (e.g. via
533 <link xlink:href="options.html#opt-hardware.printers.ensurePrinters">hardware.printers.ensurePrinters</link>)
534 you will need to append <literal>.gz</literal> to the path.
535 </para>
536 </listitem>
537 <listitem>
538 <para>
539 xow package removed along with the
540 <literal>hardware.xow</literal> module, due to the project
541 being deprecated in favor of <literal>xone</literal>, which is
542 available via the <literal>hardware.xone</literal> module.
543 </para>
544 </listitem>
545 <listitem>
546 <para>
547 dd-agent package removed along with the
548 <literal>services.dd-agent</literal> module, due to the
549 project being deprecated in favor of
550 <literal>datadog-agent</literal>, which is available via the
551 <literal>services.datadog-agent</literal> module.
552 </para>
553 </listitem>
554 <listitem>
555 <para>
556 <literal>teleport</literal> has been upgraded to major version
557 10. Please see upstream
558 <link xlink:href="https://goteleport.com/docs/ver/10.0/management/operations/upgrading/">upgrade
559 instructions</link> and
560 <link xlink:href="https://goteleport.com/docs/ver/10.0/changelog/#1000">release
561 notes</link>.
562 </para>
563 </listitem>
564 <listitem>
565 <para>
566 <literal>lib.closePropagation</literal> now needs that all
567 gathered sets have an <literal>outPath</literal> attribute.
568 </para>
569 </listitem>
570 <listitem>
571 <para>
572 lemmy module option
573 <literal>services.lemmy.settings.database.createLocally</literal>
574 moved to
575 <literal>services.lemmy.database.createLocally</literal>.
576 </para>
577 </listitem>
578 <listitem>
579 <para>
580 virtlyst package and <literal>services.virtlyst</literal>
581 module removed, due to lack of maintainers.
582 </para>
583 </listitem>
584 <listitem>
585 <para>
586 The <literal>nix.checkConfig</literal> option now fully
587 disables the config check. The new
588 <literal>nix.checkAllErrors</literal> option behaves like
589 <literal>nix.checkConfig</literal> previously did.
590 </para>
591 </listitem>
592 <listitem>
593 <para>
594 <literal>generateOptparseApplicativeCompletions</literal> and
595 <literal>generateOptparseApplicativeCompletion</literal> from
596 <literal>haskell.lib.compose</literal> (and
597 <literal>haskell.lib</literal>) have been deprecated in favor
598 of <literal>generateOptparseApplicativeCompletions</literal>
599 (plural!) as provided by the haskell package sets (so
600 <literal>haskellPackages.generateOptparseApplicativeCompletions</literal>
601 etc.). The latter allows for cross-compilation (by
602 automatically disabling generation of completion in the cross
603 case). For it to work properly you need to make sure that the
604 function comes from the same context as the package you are
605 trying to override, i.e. always use the same package set as
606 your package is coming from or – even better – use
607 <literal>self.generateOptparseApplicativeCompletions</literal>
608 if you are overriding a haskell package set. The old functions
609 are retained for backwards compatibility, but yield are
610 warning.
611 </para>
612 </listitem>
613 <listitem>
614 <para>
615 The <literal>services.graphite.api</literal> and
616 <literal>services.graphite.beacon</literal> NixOS options, and
617 the <literal>python3.pkgs.graphite_api</literal>,
618 <literal>python3.pkgs.graphite_beacon</literal> and
619 <literal>python3.pkgs.influxgraph</literal> packages, have
620 been removed due to lack of upstream maintenance.
621 </para>
622 </listitem>
623 <listitem>
624 <para>
625 The <literal>trace</literal> binary from
626 <literal>perf-linux</literal> package has been removed, due to
627 being a duplicate of the <literal>perf</literal> binary.
628 </para>
629 </listitem>
630 <listitem>
631 <para>
632 The <literal>aws</literal> package has been removed due to
633 being abandoned by the upstream. It is recommended to use
634 <literal>awscli</literal> or <literal>awscli2</literal>
635 instead.
636 </para>
637 </listitem>
638 <listitem>
639 <para>
640 The
641 <link xlink:href="https://ce-programming.github.io/CEmu">CEmu
642 TI-84 Plus CE emulator</link> package has been renamed to
643 <literal>cemu-ti</literal>. The
644 <link xlink:href="https://cemu.info">Cemu Wii U
645 emulator</link> is now packaged as <literal>cemu</literal>.
646 </para>
647 </listitem>
648 <listitem>
649 <para>
650 <literal>systemd-networkd</literal> v250 deprecated, renamed,
651 and moved some sections and settings which leads to the
652 following breaking module changes:
653 </para>
654 <itemizedlist spacing="compact">
655 <listitem>
656 <para>
657 <literal>systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig</literal>
658 is renamed to
659 <literal>systemd.network.networks.<name>.dhcpPrefixDelegationConfig</literal>.
660 </para>
661 </listitem>
662 <listitem>
663 <para>
664 <literal>systemd.network.networks.<name>.dhcpV6Config</literal>
665 no longer accepts the
666 <literal>ForceDHCPv6PDOtherInformation=</literal> setting.
667 Please use the <literal>WithoutRA=</literal> and
668 <literal>UseDelegatedPrefix=</literal> settings in your
669 <literal>systemd.network.networks.<name>.dhcpV6Config</literal>
670 and the <literal>DHCPv6Client=</literal> setting in your
671 <literal>systemd.network.networks.<name>.ipv6AcceptRAConfig</literal>
672 to control when the DHCPv6 client is started and how the
673 delegated prefixes are handled by the DHCPv6 client.
674 </para>
675 </listitem>
676 <listitem>
677 <para>
678 <literal>systemd.network.networks.<name>.networkConfig</literal>
679 no longer accepts the <literal>IPv6Token=</literal>
680 setting. Use the <literal>Token=</literal> setting in your
681 <literal>systemd.network.networks.<name>.ipv6AcceptRAConfig</literal>
682 instead. The
683 <literal>systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig</literal>
684 now also accepts the <literal>Token=</literal> setting.
685 </para>
686 </listitem>
687 </itemizedlist>
688 </listitem>
689 <listitem>
690 <para>
691 <literal>arangodb</literal> versions 3.3, 3.4, and 3.5 have
692 been removed because they are at EOL upstream. The default is
693 now 3.10.0. Support for aarch64-linux has been removed since
694 the target cannot be built reproducibly. By default
695 <literal>arangodb</literal> is now built for the
696 <literal>haswell</literal> architecture. If you wish to build
697 for a different architecture, you may override the
698 <literal>targetArchitecture</literal> argument with a value
699 from
700 <link xlink:href="https://github.com/arangodb/arangodb/blob/207ec6937e41a46e10aea34953879341f0606841/cmake/OptimizeForArchitecture.cmake#L594">this
701 list supported upstream</link>. Some architecture specific
702 optimizations are also conditionally enabled. You may alter
703 this behavior by overriding the
704 <literal>asmOptimizations</literal> parameter. You may also
705 add additional architecture support by adding more
706 <literal>-DHAS_XYZ</literal> flags to
707 <literal>cmakeFlags</literal> via
708 <literal>overrideAttrs</literal>.
709 </para>
710 </listitem>
711 <listitem>
712 <para>
713 The <literal>meta.mainProgram</literal> attribute of packages
714 in <literal>wineWowPackages</literal> now defaults to
715 <literal>"wine64"</literal>.
716 </para>
717 </listitem>
718 <listitem>
719 <para>
720 The <literal>paperless</literal> module now defaults
721 <literal>PAPERLESS_TIME_ZONE</literal> to your configured
722 system timezone.
723 </para>
724 </listitem>
725 <listitem>
726 <para>
727 The top-level <literal>termonad-with-packages</literal> alias
728 for <literal>termonad</literal> has been removed.
729 </para>
730 </listitem>
731 <listitem>
732 <para>
733 Linux 4.9 has been removed because it will reach its end of
734 life within the lifespan of 22.11.
735 </para>
736 </listitem>
737 <listitem>
738 <para>
739 (Neo)Vim can not be configured with
740 <literal>configure.pathogen</literal> anymore to reduce
741 maintainance burden. Use <literal>configure.packages</literal>
742 instead.
743 </para>
744 </listitem>
745 <listitem>
746 <para>
747 Neovim can not be configured with plug anymore (still works
748 for vim).
749 </para>
750 </listitem>
751 <listitem>
752 <para>
753 The <literal>adguardhome</literal> module no longer uses
754 <literal>host</literal> and <literal>port</literal> options,
755 use <literal>settings.bind_host</literal> and
756 <literal>settings.bind_port</literal> instead.
757 </para>
758 </listitem>
759 <listitem>
760 <para>
761 The default <literal>kops</literal> version is now 1.25.1 and
762 support for 1.22 and older has been dropped.
763 </para>
764 </listitem>
765 <listitem>
766 <para>
767 The <literal>zrepl</literal> package has been updated from
768 0.5.0 to 0.6.0. See the
769 <link xlink:href="https://zrepl.github.io/changelog.html">changelog</link>
770 for details.
771 </para>
772 </listitem>
773 <listitem>
774 <para>
775 <literal>k3s</literal> no longer supports Docker as runtime
776 due to upstream dropping support.
777 </para>
778 </listitem>
779 <listitem>
780 <para>
781 <literal>cassandra_2_1</literal> and
782 <literal>cassandra_2_2</literal> have been removed. Please
783 update to <literal>cassandra_3_11</literal> or
784 <literal>cassandra_3_0</literal>. See the
785 <link xlink:href="https://github.com/apache/cassandra/blob/cassandra-3.11.14/NEWS.txt">changelog</link>
786 for more information about the upgrade process.
787 </para>
788 </listitem>
789 <listitem>
790 <para>
791 <literal>mysql57</literal> has been removed. Please update to
792 <literal>mysql80</literal> or <literal>mariadb</literal>. See
793 the
794 <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mysql-to-mariadb/">upgrade
795 guide</link> for more information.
796 </para>
797 </listitem>
798 <listitem>
799 <para>
800 Consequently, <literal>cqrlog</literal> and
801 <literal>amorok</literal> now use <literal>mariadb</literal>
802 instead of <literal>mysql57</literal> for their embedded
803 databases. Running <literal>mysql_upgrade</literal> may be
804 neccesary.
805 </para>
806 </listitem>
807 <listitem>
808 <para>
809 <literal>k3s</literal> supports <literal>clusterInit</literal>
810 option, and it is enabled by default, for servers.
811 </para>
812 </listitem>
813 <listitem>
814 <para>
815 <literal>percona-server56</literal> has been removed. Please
816 migrate to <literal>mysql</literal> or
817 <literal>mariadb</literal> if possible.
818 </para>
819 </listitem>
820 <listitem>
821 <para>
822 <literal>obs-studio</literal> hase been updated to version 28.
823 If you have packaged custom plugins, check if they are
824 compatible. <literal>obs-websocket</literal> has been
825 integrated into <literal>obs-studio</literal>.
826 </para>
827 </listitem>
828 <listitem>
829 <para>
830 <literal>signald</literal> has been bumped to
831 <literal>0.23.0</literal>. For the upgrade, a migration
832 process is necessary. It can be done by running a command like
833 this before starting <literal>signald.service</literal>:
834 </para>
835 <programlisting>
836 signald -d /var/lib/signald/db \
837 --database sqlite:/var/lib/signald/db \
838 --migrate-data
839 </programlisting>
840 <para>
841 For further information, please read the upstream changelogs.
842 </para>
843 </listitem>
844 <listitem>
845 <para>
846 <literal>stylua</literal> no longer accepts
847 <literal>lua52Support</literal> and
848 <literal>luauSupport</literal> overrides. Use
849 <literal>features</literal> instead, which defaults to
850 <literal>[ "lua54" "luau" ]</literal>.
851 </para>
852 </listitem>
853 <listitem>
854 <para>
855 <literal>ocamlPackages.ocaml_extlib</literal> has been renamed
856 to <literal>ocamlPackages.extlib</literal>.
857 </para>
858 </listitem>
859 <listitem>
860 <para>
861 <literal>pkgs.fetchNextcloudApp</literal> has been rewritten
862 to circumvent impurities in e.g. tarballs from GitHub and to
863 make it easier to apply patches. This means that your hashes
864 are out-of-date and the (previously required) attributes
865 <literal>name</literal> and <literal>version</literal> are no
866 longer accepted.
867 </para>
868 </listitem>
869 <listitem>
870 <para>
871 The Syncthing service now only allows absolute paths—starting
872 with <literal>/</literal> or <literal>~/</literal>—for
873 <literal>services.syncthing.folders.<name>.path</literal>.
874 In a future release other paths will be allowed again and
875 interpreted relative to
876 <literal>services.syncthing.dataDir</literal>.
877 </para>
878 </listitem>
879 <listitem>
880 <para>
881 <literal>services.github-runner</literal> and
882 <literal>services.github-runners.<name></literal> gained
883 the option <literal>serviceOverrides</literal> which allows
884 overriding the systemd <literal>serviceConfig</literal>. If
885 you have been overriding the systemd service configuration
886 (i.e., by defining
887 <literal>systemd.services.github-runner.serviceConfig</literal>),
888 you have to use the <literal>serviceOverrides</literal> option
889 now. Example:
890 </para>
891 <programlisting>
892 services.github-runner.serviceOverrides.SupplementaryGroups = [
893 "docker"
894 ];
895 </programlisting>
896 </listitem>
897 </itemizedlist>
898 </section>
899 <section xml:id="sec-release-22.11-notable-changes">
900 <title>Other Notable Changes</title>
901 <itemizedlist>
902 <listitem>
903 <para>
904 PHP is now built in <literal>NTS</literal> (Non-Thread Safe)
905 mode by default.
906 </para>
907 <itemizedlist spacing="compact">
908 <listitem>
909 <para>
910 For Apache and <literal>mod_php</literal> usage, we enable
911 <literal>ZTS</literal> (Zend Thread Safe) mode. This has
912 been a common practice for a long time in other
913 distributions.
914 </para>
915 </listitem>
916 </itemizedlist>
917 </listitem>
918 <listitem>
919 <para>
920 <literal>firefox</literal>, <literal>thunderbird</literal> and
921 <literal>librewolf</literal> now come with Wayland support by
922 default. The <literal>firefox-wayland</literal>,
923 <literal>firefox-esr-wayland</literal>,
924 <literal>thunderbird-wayland</literal> and
925 <literal>librewolf-wayland</literal> attributes are obsolete
926 and have been aliased to their generic attribute.
927 </para>
928 </listitem>
929 <listitem>
930 <para>
931 The <literal>xplr</literal> package has been updated from
932 0.18.0 to 0.19.0, which brings some breaking changes. See the
933 <link xlink:href="https://github.com/sayanarijit/xplr/releases/tag/v0.19.0">upstream
934 release notes</link> for more details.
935 </para>
936 </listitem>
937 <listitem>
938 <para>
939 Configuring multiple GitHub runners is now possible through
940 <literal>services.github-runners.<name></literal>. The
941 options under <literal>services.github-runner</literal>
942 remain, to configure a single runner.
943 </para>
944 </listitem>
945 <listitem>
946 <para>
947 <literal>github-runner</literal> gained support for ephemeral
948 runners and registrations using a personal access token (PAT)
949 instead of a registration token. See
950 <literal>services.github-runner.ephemeral</literal> and
951 <literal>services.github-runner.tokenFile</literal> for
952 details.
953 </para>
954 </listitem>
955 <listitem>
956 <para>
957 A new module was added to provide hardware support for the
958 Saleae Logic device family, providing the options
959 <literal>hardware.saleae-logic.enable</literal> and
960 <literal>hardware.saleae-logic.package</literal>.
961 </para>
962 </listitem>
963 <listitem>
964 <para>
965 ZFS module will no longer allow hibernation by default.
966 </para>
967 <itemizedlist spacing="compact">
968 <listitem>
969 <para>
970 This is a safety measure to prevent data loss cases like
971 the ones described at
972 <link xlink:href="https://github.com/openzfs/zfs/issues/260">OpenZFS/260</link>
973 and
974 <link xlink:href="https://github.com/openzfs/zfs/issues/12842">OpenZFS/12842</link>.
975 </para>
976 </listitem>
977 <listitem>
978 <para>
979 Use the <literal>boot.zfs.allowHibernation</literal>
980 option to configure this behaviour.
981 </para>
982 </listitem>
983 </itemizedlist>
984 </listitem>
985 <listitem>
986 <para>
987 Mastodon now automatically removes remote media attachments
988 older than 30 days. This is configurable through
989 <literal>services.mastodon.mediaAutoRemove</literal>.
990 </para>
991 </listitem>
992 <listitem>
993 <para>
994 The Redis module now disables RDB persistence when
995 <literal>services.redis.servers.<name>.save = []</literal>
996 instead of using the Redis default.
997 </para>
998 </listitem>
999 <listitem>
1000 <para>
1001 Neo4j was updated from version 3 to version 4. See upstream’s
1002 <link xlink:href="https://neo4j.com/docs/upgrade-migration-guide/current/">migration
1003 guide</link> for information on how to migrate your instance.
1004 </para>
1005 </listitem>
1006 <listitem>
1007 <para>
1008 The <literal>networking.wireguard</literal> module now can set
1009 the mtu on interfaces and tag its packets with an fwmark.
1010 </para>
1011 </listitem>
1012 <listitem>
1013 <para>
1014 The option <literal>overrideStrategy</literal> was added to
1015 the different systemd unit options
1016 (<literal>systemd.services.<name></literal>,
1017 <literal>systemd.sockets.<name></literal>, …) to allow
1018 enforcing the creation of a dropin file, rather than the main
1019 unit file, by setting it to <literal>asDropin</literal>. This
1020 is useful in cases where the existence of the main unit file
1021 is not known to Nix at evaluation time, for example when the
1022 main unit file is provided by adding a package to
1023 <literal>systemd.packages</literal>. See the fix proposed in
1024 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/135557#issuecomment-1295392470">NixOS’s
1025 systemd abstraction doesn’t work with systemd template
1026 units</link> for an example.
1027 </para>
1028 </listitem>
1029 <listitem>
1030 <para>
1031 The <literal>polymc</literal> package has been removed due to
1032 a rogue maintainer. It has been replaced by
1033 <literal>prismlauncher</literal>, a fork by the rest of the
1034 maintainers. For more details, see
1035 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/196624">the
1036 PR that made this change</link> and
1037 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/196460">the
1038 issue detailing the vulnerability</link>. Users with existing
1039 installations should rename
1040 <literal>~/.local/share/polymc</literal> to
1041 <literal>~/.local/share/PrismLauncher</literal>. The main
1042 config file’s path has also moved from
1043 <literal>~/.local/share/polymc/polymc.cfg</literal> to
1044 <literal>~/.local/share/PrismLauncher/prismlauncher.cfg</literal>.
1045 </para>
1046 </listitem>
1047 <listitem>
1048 <para>
1049 The <literal>bloat</literal> package has been updated from
1050 unstable-2022-03-31 to unstable-2022-10-25, which brings a
1051 breaking change. See
1052 <link xlink:href="https://git.freesoftwareextremist.com/bloat/commit/?id=887ed241d64ba5db3fd3d87194fb5595e5ad7d73">this
1053 upstream commit message</link> for details.
1054 </para>
1055 </listitem>
1056 <listitem>
1057 <para>
1058 Synapse’s systemd unit has been hardened.
1059 </para>
1060 </listitem>
1061 <listitem>
1062 <para>
1063 The module <literal>services.grafana</literal> was refactored
1064 to be compliant with
1065 <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
1066 0042</link>. To be precise, this means that the following
1067 things have changed:
1068 </para>
1069 <itemizedlist>
1070 <listitem>
1071 <para>
1072 The newly introduced option
1073 <xref linkend="opt-services.grafana.settings" /> is an
1074 attribute-set that will be converted into Grafana’s INI
1075 format. This means that the configuration from
1076 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/">Grafana’s
1077 configuration reference</link> can be directly written as
1078 attribute-set in Nix within this option.
1079 </para>
1080 </listitem>
1081 <listitem>
1082 <para>
1083 The option
1084 <literal>services.grafana.extraOptions</literal> has been
1085 removed. This option was an association of environment
1086 variables for Grafana. If you had an expression like
1087 </para>
1088 <programlisting language="bash">
1089 {
1090 services.grafana.extraOptions.SECURITY_ADMIN_USER = "foobar";
1091 }
1092 </programlisting>
1093 <para>
1094 your Grafana instance was running with
1095 <literal>GF_SECURITY_ADMIN_USER=foobar</literal> in its
1096 environment.
1097 </para>
1098 <para>
1099 For the migration, it is recommended to turn it into the
1100 INI format, i.e. to declare
1101 </para>
1102 <programlisting language="bash">
1103 {
1104 services.grafana.settings.security.admin_user = "foobar";
1105 }
1106 </programlisting>
1107 <para>
1108 instead.
1109 </para>
1110 <para>
1111 The keys in
1112 <literal>services.grafana.extraOptions</literal> have the
1113 format
1114 <literal><INI section name>_<Key Name></literal>.
1115 Further details are outlined in the
1116 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables">configuration
1117 reference</link>.
1118 </para>
1119 <para>
1120 Alternatively you can also set all your values from
1121 <literal>extraOptions</literal> to
1122 <literal>systemd.services.grafana.environment</literal>,
1123 make sure you don’t forget to add the
1124 <literal>GF_</literal> prefix though!
1125 </para>
1126 </listitem>
1127 <listitem>
1128 <para>
1129 Previously, the options
1130 <xref linkend="opt-services.grafana.provision.datasources" />
1131 and
1132 <xref linkend="opt-services.grafana.provision.dashboards" />
1133 expected lists of datasources or dashboards for the
1134 <link xlink:href="https://grafana.com/docs/grafana/latest/administration/provisioning/">declarative
1135 provisioning</link>.
1136 </para>
1137 <para>
1138 To declare lists of
1139 </para>
1140 <itemizedlist spacing="compact">
1141 <listitem>
1142 <para>
1143 <emphasis role="strong">datasources</emphasis>, please
1144 rename your declarations to
1145 <xref linkend="opt-services.grafana.provision.datasources.settings.datasources" />.
1146 </para>
1147 </listitem>
1148 <listitem>
1149 <para>
1150 <emphasis role="strong">dashboards</emphasis>, please
1151 rename your declarations to
1152 <xref linkend="opt-services.grafana.provision.dashboards.settings.providers" />.
1153 </para>
1154 </listitem>
1155 </itemizedlist>
1156 <para>
1157 This change was made to support more features for that:
1158 </para>
1159 <itemizedlist>
1160 <listitem>
1161 <para>
1162 It’s possible to declare the
1163 <literal>apiVersion</literal> of your dashboards and
1164 datasources by
1165 <xref linkend="opt-services.grafana.provision.datasources.settings.apiVersion" />
1166 (or
1167 <xref linkend="opt-services.grafana.provision.dashboards.settings.apiVersion" />).
1168 </para>
1169 </listitem>
1170 <listitem>
1171 <para>
1172 Instead of declaring datasources and dashboards in
1173 pure Nix, it’s also possible to specify configuration
1174 files (or directories) with YAML instead using
1175 <xref linkend="opt-services.grafana.provision.datasources.path" />
1176 (or
1177 <xref linkend="opt-services.grafana.provision.dashboards.path" />.
1178 This is useful when having provisioning files from
1179 non-NixOS Grafana instances that you also want to
1180 deploy to NixOS.
1181 </para>
1182 <para>
1183 <emphasis role="strong">Note:</emphasis> secrets from
1184 these files will be leaked into the store unless you
1185 use a
1186 <link xlink:href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider"><emphasis role="strong">file</emphasis>-provider
1187 or env-var</link> for secrets!
1188 </para>
1189 </listitem>
1190 <listitem>
1191 <para>
1192 <xref linkend="opt-services.grafana.provision.notifiers" />
1193 is not affected by this change because this feature is
1194 deprecated by Grafana and will probably removed in
1195 Grafana 10. It’s recommended to use
1196 <literal>services.grafana.provision.alerting.contactPoints</literal>
1197 instead.
1198 </para>
1199 </listitem>
1200 </itemizedlist>
1201 </listitem>
1202 </itemizedlist>
1203 </listitem>
1204 <listitem>
1205 <para>
1206 The <literal>services.grafana.provision.alerting</literal>
1207 option was added. It includes suboptions for every
1208 alerting-related objects (with the exception of
1209 <literal>notifiers</literal>), which means it’s now possible
1210 to configure modern Grafana alerting declaratively.
1211 </para>
1212 </listitem>
1213 <listitem>
1214 <para>
1215 Synapse now requires entries in the
1216 <literal>state_group_edges</literal> table to be unique, in
1217 order to prevent accidentally introducing duplicate
1218 information (for example, because a database backup was
1219 restored multiple times). If your Synapse database already has
1220 duplicate rows in this table, this could fail with an error
1221 and require manual remediation.
1222 </para>
1223 </listitem>
1224 <listitem>
1225 <para>
1226 The <literal>diamond</literal> package has been update from
1227 0.8.36 to 2.0.15. See the
1228 <link xlink:href="https://github.com/bbuchfink/diamond/releases">upstream
1229 release notes</link> for more details.
1230 </para>
1231 </listitem>
1232 <listitem>
1233 <para>
1234 The <literal>guake</literal> package has been updated from
1235 3.6.3 to 3.9.0, see the
1236 <link xlink:href="https://github.com/Guake/guake/releases">changelog</link>
1237 for more details.
1238 </para>
1239 </listitem>
1240 <listitem>
1241 <para>
1242 The <literal>netlify-cli</literal> package has been updated
1243 from 6.13.2 to 12.2.4, see the
1244 <link xlink:href="https://github.com/netlify/cli/releases">changelog</link>
1245 for more details.
1246 </para>
1247 </listitem>
1248 <listitem>
1249 <para>
1250 <literal>dockerTools.buildImage</literal>’s
1251 <literal>contents</literal> parameter has been deprecated in
1252 favor of <literal>copyToRoot</literal>. Use
1253 <literal>copyToRoot = buildEnv { ... };</literal> or similar
1254 if you intend to add packages to <literal>/bin</literal>.
1255 </para>
1256 </listitem>
1257 <listitem>
1258 <para>
1259 The <literal>proxmox.qemuConf.bios</literal> option was added,
1260 it corresponds to <literal>Hardware->BIOS</literal> field
1261 in Proxmox web interface. Use
1262 <literal>"ovmf"</literal> value to build UEFI image,
1263 default value remains <literal>"bios"</literal>. New
1264 option <literal>proxmox.partitionTableType</literal> defaults
1265 to either <literal>"legacy"</literal> or
1266 <literal>"efi"</literal>, depending on the
1267 <literal>bios</literal> value. Setting
1268 <literal>partitionTableType</literal> to
1269 <literal>"hybrid"</literal> results in an image,
1270 which supports both methods
1271 (<literal>"bios"</literal> and
1272 <literal>"ovmf"</literal>), thereby remaining
1273 bootable after change to Proxmox
1274 <literal>Hardware->BIOS</literal> field.
1275 </para>
1276 </listitem>
1277 <listitem>
1278 <para>
1279 memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2.
1280 It is now the upstream version from https://www.memtest.org/,
1281 as coreboot’s fork is no longer available.
1282 </para>
1283 </listitem>
1284 <listitem>
1285 <para>
1286 Option descriptions, examples, and defaults writting in
1287 DocBook are now deprecated. Using CommonMark is preferred and
1288 will become the default in a future release.
1289 </para>
1290 </listitem>
1291 <listitem>
1292 <para>
1293 The
1294 <literal>documentation.nixos.options.allowDocBook</literal>
1295 option was added to ease the transition to CommonMark option
1296 documentation. Setting this option to <literal>false</literal>
1297 causes an error for every option included in the manual that
1298 uses DocBook documentation; it defaults to
1299 <literal>true</literal> to preserve the previous behavior and
1300 will be removed once the transition to CommonMark is complete.
1301 </para>
1302 </listitem>
1303 <listitem>
1304 <para>
1305 The Redis module now persists each instance’s configuration
1306 file in the state directory, in order to support some more
1307 advanced use cases like Sentinel.
1308 </para>
1309 </listitem>
1310 <listitem>
1311 <para>
1312 <literal>protonup</literal> has been aliased to and replaced
1313 by <literal>protonup-ng</literal> due to upstream not
1314 maintaining it.
1315 </para>
1316 </listitem>
1317 <listitem>
1318 <para>
1319 The udisks2 service, available at
1320 <literal>services.udisks2.enable</literal>, is now disabled by
1321 default. It will automatically be enabled through services and
1322 desktop environments as needed. This also means that polkit
1323 will now actually be disabled by default. The default for
1324 <literal>security.polkit.enable</literal> was already flipped
1325 in the previous release, but udisks2 being enabled by default
1326 re-enabled it.
1327 </para>
1328 </listitem>
1329 <listitem>
1330 <para>
1331 Nextcloud has been updated to version
1332 <emphasis role="strong">25</emphasis>. Additionally the
1333 following things have changed for Nextcloud in NixOS:
1334 </para>
1335 <itemizedlist spacing="compact">
1336 <listitem>
1337 <para>
1338 For Nextcloud <emphasis role="strong">>=24</emphasis>,
1339 the default PHP version is 8.1.
1340 </para>
1341 </listitem>
1342 <listitem>
1343 <para>
1344 Nextcloud <emphasis role="strong">23</emphasis> has been
1345 removed since it will reach its
1346 <link xlink:href="https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule/d76576a12a626d53305d480a6065b57cab705d3d">end
1347 of life in December 2022</link>.
1348 </para>
1349 </listitem>
1350 <listitem>
1351 <para>
1352 If <literal>system.stateVersion</literal> is
1353 <emphasis role="strong">>=22.11</emphasis>, Nextcloud
1354 25 will be installed by default. For older versions,
1355 Nextcloud 24 will be installed.
1356 </para>
1357 </listitem>
1358 <listitem>
1359 <para>
1360 Please ensure that you only upgrade one major release at a
1361 time! Nextcloud doesn’t support upgrades across multiple
1362 versions, i.e. an upgrade from
1363 <emphasis role="strong">23</emphasis> to
1364 <emphasis role="strong">25</emphasis> is only possible
1365 when upgrading to <emphasis role="strong">24</emphasis>
1366 first.
1367 </para>
1368 </listitem>
1369 </itemizedlist>
1370 </listitem>
1371 <listitem>
1372 <para>
1373 systemd-oomd is enabled by default. Depending on which systemd
1374 units have <literal>ManagedOOMSwap=kill</literal> or
1375 <literal>ManagedOOMMemoryPressure=kill</literal>, systemd-oomd
1376 will SIGKILL all the processes under the appropriate
1377 descendant cgroups when the configured limits are exceeded.
1378 NixOS does currently not configure cgroups with oomd by
1379 default, this can be enabled using
1380 <link xlink:href="options.html#opt-systemd.oomd.enableRootSlice">systemd.oomd.enableRootSlice</link>,
1381 <link xlink:href="options.html#opt-systemd.oomd.enableSystemSlice">systemd.oomd.enableSystemSlice</link>,
1382 and
1383 <link xlink:href="options.html#opt-systemd.oomd.enableUserServices">systemd.oomd.enableUserServices</link>.
1384 </para>
1385 </listitem>
1386 <listitem>
1387 <para>
1388 The <literal>tt-rss</literal> service performs two database
1389 migrations when you first use its web UI after upgrade.
1390 Consider backing up its database before updating.
1391 </para>
1392 </listitem>
1393 <listitem>
1394 <para>
1395 The <literal>pass-secret-service</literal> package now
1396 includes systemd units from upstream, so adding it to the
1397 NixOS <literal>services.dbus.packages</literal> option will
1398 make it start automatically as a systemd user service when an
1399 application tries to talk to the libsecret D-Bus API.
1400 </para>
1401 </listitem>
1402 <listitem>
1403 <para>
1404 The Wordpress module now has support for installing language
1405 packs through a new option,
1406 <literal>services.wordpress.sites.<site>.languages</literal>.
1407 </para>
1408 </listitem>
1409 <listitem>
1410 <para>
1411 The default package for
1412 <literal>services.mullvad-vpn.package</literal> was changed to
1413 <literal>pkgs.mullvad</literal>, allowing cross-platform usage
1414 of Mullvad. <literal>pkgs.mullvad</literal> only contains the
1415 Mullvad CLI tool, so users who rely on the Mullvad GUI will
1416 want to change it back to <literal>pkgs.mullvad-vpn</literal>,
1417 or add <literal>pkgs.mullvad-vpn</literal> to their
1418 environment.
1419 </para>
1420 </listitem>
1421 <listitem>
1422 <para>
1423 PowerDNS has been updated from v4.6.2 to v4.7.2. Please be
1424 sure to review the
1425 <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#to-4-7-0-or-master">Upgrade
1426 Notes</link> provided by upstream before upgrading. Worth
1427 specifically noting is that the new Catalog Zones feature
1428 comes with a mandatory schema change for the GSQL database
1429 backends, which has to be manually applied.
1430 </para>
1431 </listitem>
1432 <listitem>
1433 <para>
1434 There is a new module for the <literal>thunar</literal>
1435 program (the Xfce file manager), which depends on the
1436 <literal>xfconf</literal> dbus service, and also has a dbus
1437 service and a systemd unit. The option
1438 <literal>services.xserver.desktopManager.xfce.thunarPlugins</literal>
1439 has been renamed to
1440 <literal>programs.thunar.plugins</literal>, and may be removed
1441 in a future release.
1442 </para>
1443 </listitem>
1444 <listitem>
1445 <para>
1446 There is a new module for <literal>xfconf</literal> (the Xfce
1447 configuration storage system), which has a dbus service.
1448 </para>
1449 </listitem>
1450 <listitem>
1451 <para>
1452 The Mastodon package has been upgraded to v4.0.0. See the
1453 <link xlink:href="https://github.com/mastodon/mastodon/releases/tag/v4.0.0">v4.0.0
1454 release notes</link> for a list of changes. On standard
1455 setups, no manual migration steps are required. Nevertheless,
1456 a database backup is recommended.
1457 </para>
1458 </listitem>
1459 <listitem>
1460 <para>
1461 The <literal>nomad</literal> package now defaults to v1.3,
1462 which no longer has a downgrade path to v1.2 or older.
1463 </para>
1464 </listitem>
1465 <listitem>
1466 <para>
1467 The <literal>nodePackages</literal> package set now defaults
1468 to the LTS release in the <literal>nodejs</literal> package
1469 again, instead of being pinned to
1470 <literal>nodejs-14_x</literal>. Several updates to node2nix
1471 have been made for compatibility with newer Node.js and npm
1472 versions and a new <literal>postRebuild</literal> hook has
1473 been added for packages to perform extra build steps before
1474 the npm install step prunes dev dependencies.
1475 </para>
1476 </listitem>
1477 <listitem>
1478 <para>
1479 <literal>boot.kernel.sysctl</literal> is defined as a
1480 freeformType and adds a custom merge option for
1481 <literal>net.core.rmem_max</literal> (taking the highest value
1482 defined to avoid conflicts between 2 services trying to set
1483 that value).
1484 </para>
1485 </listitem>
1486 <listitem>
1487 <para>
1488 The <literal>mame</literal> package does not ship with its
1489 tools anymore in the default output. They were moved to a
1490 separate <literal>tools</literal> output instead. For
1491 convenience, <literal>mame-tools</literal> package was added
1492 for those who want to use it.
1493 </para>
1494 </listitem>
1495 <listitem>
1496 <para>
1497 A NixOS module for Firefox has been added which allows
1498 preferences and
1499 <link xlink:href="https://github.com/mozilla/policy-templates/blob/master/README.md">policies</link>
1500 to be set. This also allows extensions to be installed via the
1501 <literal>ExtensionSettings</literal> policy. The new options
1502 are under <literal>programs.firefox</literal>.
1503 </para>
1504 </listitem>
1505 <listitem>
1506 <para>
1507 The option
1508 <literal>services.picom.experimentalBackends</literal> was
1509 removed since it is now the default and the option will cause
1510 <literal>picom</literal> to quit instead.
1511 </para>
1512 </listitem>
1513 <listitem>
1514 <para>
1515 <literal>haskellPackages.callHackage</literal> is not always
1516 invalidated if <literal>all-cabal-hashes</literal> changes,
1517 leading to less rebuilds of haskell dependencies.
1518 </para>
1519 </listitem>
1520 <listitem>
1521 <para>
1522 <literal>haskellPackages.callHackage</literal> and
1523 <literal>haskellPackages.callCabal2nix</literal> (and related
1524 functions) no longer keep a reference to the
1525 <literal>cabal2nix</literal> call used to generate them. As a
1526 result, they will be garbage collected more often.
1527 </para>
1528 </listitem>
1529 </itemizedlist>
1530 </section>
1531 <section xml:id="sec-release-22.11-new-services">
1532 <title>New Services</title>
1533 <itemizedlist>
1534 <listitem>
1535 <para>
1536 <link xlink:href="https://git.sr.ht/~migadu/alps">alps</link>,
1537 a simple and extensible webmail. Available as
1538 <link linkend="opt-services.alps.enable">services.alps</link>.
1539 </para>
1540 </listitem>
1541 <listitem>
1542 <para>
1543 <link xlink:href="https://github.com/jollheef/appvm">appvm</link>,
1544 Nix based app VMs. Available as
1545 <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>.
1546 </para>
1547 </listitem>
1548 <listitem>
1549 <para>
1550 <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>,
1551 the authentication software for the German ID card. Available
1552 as
1553 <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>.
1554 </para>
1555 </listitem>
1556 <listitem>
1557 <para>
1558 <link xlink:href="https://github.com/maxbrunet/automatic-timezoned">automatic-timezoned</link>.
1559 a Linux daemon to automatically update the system timezone
1560 based on location. Available as
1561 <link linkend="opt-services.automatic-timezoned.enable">services.automatic-timezoned</link>.
1562 </para>
1563 </listitem>
1564 <listitem>
1565 <para>
1566 <link xlink:href="https://www.dolibarr.org/">Dolibarr</link>,
1567 an enterprise resource planning and customer relationship
1568 manager. Enable using
1569 <link linkend="opt-services.dolibarr.enable">services.dolibarr</link>.
1570 </para>
1571 </listitem>
1572 <listitem>
1573 <para>
1574 <link xlink:href="https://dragonflydb.io/">dragonflydb</link>,
1575 a modern replacement for Redis and Memcached. Available as
1576 <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
1577 </para>
1578 </listitem>
1579 <listitem>
1580 <para>
1581 <link xlink:href="https://github.com/shizunge/endlessh-go">endlessh-go</link>,
1582 an SSH tarpit that exposes Prometheus metrics. Available as
1583 <link linkend="opt-services.endlessh-go.enable">services.endlessh-go</link>.
1584 </para>
1585 </listitem>
1586 <listitem>
1587 <para>
1588 <link xlink:href="https://github.com/skeeto/endlessh">endlessh</link>,
1589 an SSH tarpit. Available as
1590 <link linkend="opt-services.endlessh.enable">services.endlessh</link>.
1591 </para>
1592 </listitem>
1593 <listitem>
1594 <para>
1595 <link xlink:href="https://evcc.io">EVCC</link> is an EV charge
1596 controller with PV integration. It supports a multitude of
1597 chargers, meters, vehicle APIs and more and ties that together
1598 with a well-tested backend and a lightweight web frontend.
1599 Available as
1600 <link linkend="opt-services.evcc.enable">services.evcc</link>.
1601 </para>
1602 </listitem>
1603 <listitem>
1604 <para>
1605 <link xlink:href="https://www.expressvpn.com">expressvpn</link>,
1606 the CLI client for ExpressVPN. Available as
1607 <link linkend="opt-services.expressvpn.enable">services.expressvpn</link>.
1608 </para>
1609 </listitem>
1610 <listitem>
1611 <para>
1612 <link xlink:href="https://freshrss.org/">FreshRSS</link>, a
1613 free, self-hostable RSS feed aggregator. Available as
1614 <link linkend="opt-services.freshrss.enable">services.freshrss</link>.
1615 </para>
1616 </listitem>
1617 <listitem>
1618 <para>
1619 <link xlink:href="https://garagehq.deuxfleurs.fr/">Garage</link>,
1620 a simple object storage server for geodistributed deployments,
1621 alternative to MinIO. Available as
1622 <link linkend="opt-services.garage.enable">services.garage</link>.
1623 </para>
1624 </listitem>
1625 <listitem>
1626 <para>
1627 <link xlink:href="https://github.com/L11R/go-autoconfig">go-autoconfig</link>,
1628 IMAP/SMTP autodiscover server. Available as
1629 <link linkend="opt-services.go-autoconfig.enable">services.go-autoconfig</link>.
1630 </para>
1631 </listitem>
1632 <listitem>
1633 <para>
1634 <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana
1635 Tempo</link>, a distributed tracing store. Available as
1636 <link linkend="opt-services.tempo.enable">services.tempo</link>.
1637 </para>
1638 </listitem>
1639 <listitem>
1640 <para>
1641 <link xlink:href="https://hbase.apache.org/">HBase
1642 cluster</link>, a distributed, scalable, big data store.
1643 Available as
1644 <link xlink:href="options.html#opt-services.hadoop.hbase.enable">services.hadoop.hbase</link>.
1645 </para>
1646 </listitem>
1647 <listitem>
1648 <para>
1649 <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,
1650 a hardware True Random Number Generator dongle. Available as
1651 <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
1652 </para>
1653 </listitem>
1654 <listitem>
1655 <para>
1656 <link xlink:href="https://github.com/jtroo/kanata">kanata</link>,
1657 a tool to improve keyboard comfort and usability with advanced
1658 customization. Available as
1659 <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>.
1660 </para>
1661 </listitem>
1662 <listitem>
1663 <para>
1664 <link xlink:href="https://github.com/prymitive/karma">karma</link>,
1665 an alert dashboard for Prometheus Alertmanager. Available as
1666 <link xlink:href="options.html#opt-services.karma.enable">services.karma</link>
1667 </para>
1668 </listitem>
1669 <listitem>
1670 <para>
1671 <link xlink:href="https://komga.org/">Komga</link>, a free and
1672 open source comics/mangas media server. Available as
1673 <link linkend="opt-services.komga.enable">services.komga</link>.
1674 </para>
1675 </listitem>
1676 <listitem>
1677 <para>
1678 <link xlink:href="https://github.com/prymitive/kthxbye">kthxbye</link>,
1679 an alert acknowledgement management daemon for Prometheus
1680 Alertmanager. Available as
1681 <link xlink:href="options.html#opt-services.kthxbye.enable">services.kthxbye</link>
1682 </para>
1683 </listitem>
1684 <listitem>
1685 <para>
1686 <link xlink:href="https://languagetool.org/">languagetool</link>,
1687 a multilingual grammar, style, and spell checker. Available as
1688 <link xlink:href="options.html#opt-services.languagetool.enable">services.languagetool</link>.
1689 </para>
1690 </listitem>
1691 <listitem>
1692 <para>
1693 <link xlink:href="https://listmonk.app">Listmonk</link>, a
1694 self-hosted newsletter manager. Enable using
1695 <link xlink:href="options.html#opt-services.listmonk.enable">services.listmonk</link>.
1696 </para>
1697 </listitem>
1698 <listitem>
1699 <para>
1700 <link xlink:href="https://mepo.milesalan.com">Mepo</link>, a
1701 fast, simple, hackable OSM map viewer for mobile and desktop
1702 Linux. Available as
1703 <link linkend="opt-programs.mepo.enable">programs.mepo.enable</link>.
1704 </para>
1705 </listitem>
1706 <listitem>
1707 <para>
1708 <link xlink:href="https://troglobit.com/projects/merecat/">merecat</link>,
1709 a small and easy HTTP server based on thttpd. Available as
1710 <link linkend="opt-services.merecat.enable">services.merecat</link>
1711 </para>
1712 </listitem>
1713 <listitem>
1714 <para>
1715 <link xlink:href="https://netbird.io">netbird</link>, a zero
1716 configuration VPN. Available as
1717 <link xlink:href="options.html#opt-services.netbird.enable">services.netbird</link>.
1718 </para>
1719 </listitem>
1720 <listitem>
1721 <para>
1722 <link xlink:href="https://ntfy.sh">ntfy.sh</link>, a push
1723 notification service. Available as
1724 <link linkend="opt-services.ntfy-sh.enable">services.ntfy-sh</link>
1725 </para>
1726 </listitem>
1727 <listitem>
1728 <para>
1729 <link xlink:href="https://gitlab.com/CalcProgrammer1/OpenRGB/-/tree/master">OpenRGB</link>,
1730 a FOSS tool for controlling RGB lighting. Available as
1731 <link xlink:href="options.html#opt-services.hardware.openrgb.enable">services.hardware.openrgb.enable</link>.
1732 </para>
1733 </listitem>
1734 <listitem>
1735 <para>
1736 <link xlink:href="https://www.getoutline.com/">Outline</link>,
1737 a wiki and knowledge base similar to Notion. Available as
1738 <link linkend="opt-services.outline.enable">services.outline</link>.
1739 </para>
1740 </listitem>
1741 <listitem>
1742 <para>
1743 <link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
1744 a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
1745 Available as
1746 <link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
1747 </para>
1748 </listitem>
1749 <listitem>
1750 <para>
1751 <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>,
1752 a daemon to add virtual proxy devices that mirror a physical
1753 input device but persist even if the underlying hardware is
1754 hot-plugged. Available as
1755 <link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>.
1756 </para>
1757 </listitem>
1758 <listitem>
1759 <para>
1760 <link xlink:href="https://github.com/edneville/please">Please</link>,
1761 a Sudo clone written in Rust. Available as
1762 <link linkend="opt-security.please.enable">security.please</link>.
1763 </para>
1764 </listitem>
1765 <listitem>
1766 <para>
1767 <link xlink:href="https://github.com/prometheus-community/ipmi_exporter">Prometheus
1768 IPMI exporter</link>, an IPMI exporter for Prometheus.
1769 Available as
1770 <link linkend="opt-services.prometheus.exporters.ipmi.enable">services.prometheus.exporters.ipmi</link>.
1771 </para>
1772 </listitem>
1773 <listitem>
1774 <para>
1775 <link xlink:href="https://github.com/messagebird/sachet/">Sachet</link>,
1776 an SMS alerting tool for the Prometheus Alertmanager.
1777 Available as
1778 <link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>.
1779 </para>
1780 </listitem>
1781 <listitem>
1782 <para>
1783 <link xlink:href="https://schleuder.org/">schleuder</link>, a
1784 mailing list manager with PGP support. Enable using
1785 <link linkend="opt-services.schleuder.enable">services.schleuder</link>.
1786 </para>
1787 </listitem>
1788 <listitem>
1789 <para>
1790 <link xlink:href="https://github.com/mozilla-services/syncstorage-rs">syncstorage-rs</link>,
1791 a self-hostable sync server for Firefox. Available as
1792 <link xlink:href="options.html#opt-services.firefox-syncserver.enable">services.firefox-syncserver</link>.
1793 </para>
1794 </listitem>
1795 <listitem>
1796 <para>
1797 <link xlink:href="https://tandoor.dev">Tandoor Recipes</link>,
1798 a self-hosted multi-tenant recipe collection. Available as
1799 <link xlink:href="options.html#opt-services.tandoor-recipes.enable">services.tandoor-recipes</link>.
1800 </para>
1801 </listitem>
1802 <listitem>
1803 <para>
1804 <link xlink:href="https://github.com/tmate-io/tmate-ssh-server">tmate-ssh-server</link>,
1805 server side part of
1806 <link xlink:href="https://tmate.io/">tmate</link>. Available
1807 as
1808 <link linkend="opt-services.tmate-ssh-server.enable">services.tmate-ssh-server</link>.
1809 </para>
1810 </listitem>
1811 <listitem>
1812 <para>
1813 <link xlink:href="https://uptime.kuma.pet/">Uptime
1814 Kuma</link>, a fancy self-hosted monitoring tool. Available as
1815 <link linkend="opt-services.uptime-kuma.enable">services.uptime-kuma</link>.
1816 </para>
1817 </listitem>
1818 <listitem>
1819 <para>
1820 <link xlink:href="https://writefreely.org">WriteFreely</link>,
1821 a simple blogging platform with ActivityPub support. Available
1822 as
1823 <link xlink:href="options.html#opt-services.writefreely.enable">services.writefreely</link>.
1824 </para>
1825 </listitem>
1826 <listitem>
1827 <para>
1828 <link xlink:href="https://github.com/XTLS/Xray-core">xray</link>,
1829 a fully compatible v2ray-core replacement. Features XTLS,
1830 which when enabled on server and client, brings UDP FullCone
1831 NAT to proxy setups. Available as
1832 <link xlink:href="options.html#opt-services.xray.enable">services.xray</link>.
1833 </para>
1834 </listitem>
1835 </itemizedlist>
1836 </section>
1837 </section>