19 KiB
Release 22.11 (“Raccoon”, 2022.11/??)
Support is planned until the end of June 2023, handing over to 23.05.
Highlights
In addition to numerous new and upgraded packages, this release has the following highlights:
-
During cross-compilation, tests are now executed if the test suite can be executed by the build platform. This is the case when doing “native” cross-compilation where the build and host platforms are largely the same, but the nixpkgs' cross compilation infrastructure is used, e.g.
pkgsStatic
andpkgsLLVM
. Another possibility is that the build platform is a superset of the host platform, e.g. when cross-compiling fromx86_64-unknown-linux
toi686-unknown-linux
. The predicate gating test suite execution is the newly addedcanExecute
predicate: You can e.g. check ifstdenv.buildPlatform
can execute binaries built forstdenv.hostPlatform
(i.e. produced bystdenv.cc
) by evaluatingstdenv.buildPlatform.canExecute stdenv.hostPlatform
. -
The
nixpkgs.hostPlatform
andnixpkgs.buildPlatform
options have been added. These cover and override thenixpkgs.{system,localSystem,crossSystem}
options.hostPlatform
is the platform or "system
" string of the NixOS system described by the configuration.buildPlatform
is the platform that is responsible for building the NixOS configuration. It defaults to thehostPlatform
, for a non-cross build configuration. To cross compile, setbuildPlatform
to a different value.
The new options convey the same information, but with fewer options, and following the Nixpkgs terminology.
The existing options
nixpkgs.{system,localSystem,crossSystem}
have not been formally deprecated, to allow for evaluation of the change and to allow for a transition period so that in time the ecosystem can switch without breaking compatibility with any supported NixOS release. -
emacs
enables native compilation which means:- emacs packages from nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
- emacs packages from somewhere else, e.g.
package-install
, will do asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use(setq native-comp-deferred-compilation nil)
to disable it while still enjoy the benefit of native compilation for packages from nixpkgs.
-
nixos-generate-config
now generates configurations that can be built in pure mode. This is achieved by setting the newnixpkgs.hostPlatform
option.You may have to unset the
system
parameter inlib.nixosSystem
, or similarly remove definitions of thenixpkgs.{system,localSystem,crossSystem}
options.Alternatively, you can remove the
hostPlatform
line and use NixOS like you would in NixOS 22.05 and earlier. -
PHP now defaults to PHP 8.1, updated from 8.0.
-
Perl has been updated to 5.36, and its core module
HTTP::Tiny
was patched to verify SSL/TLS certificates by default. -
Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
-
OpenSSL now defaults to OpenSSL 3, updated from 1.1.1.
-
An image configuration and generator has been added for Linode images, largely based on the present GCE configuration and image.
-
hardware.nvidia
has a new optionopen
that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see NVIDIA Releases Open-Source GPU Kernel Modules for the official announcement.
New Services
-
appvm, Nix based app VMs. Available as virtualisation.appvm.
-
syncstorage-rs, a self-hostable sync server for Firefox. Available as services.firefox-syncserver.
-
dragonflydb, a modern replacement for Redis and Memcached. Available as services.dragonflydb.
-
Komga, a free and open source comics/mangas media server. Available as services.komga.
-
Tandoor Recipes, a self-hosted multi-tenant recipe collection. Available as services.tandoor-recipes.
-
HBase cluster, a distributed, scalable, big data store. Available as services.hadoop.hbase.
-
Sachet, an SMS alerting tool for the Prometheus Alertmanager. Available as services.prometheus.sachet.
-
infnoise, a hardware True Random Number Generator dongle. Available as services.infnoise.
-
kthxbye, an alert acknowledgement management daemon for Prometheus Alertmanager. Available as services.kthxbye
-
kanata, a tool to improve keyboard comfort and usability with advanced customization. Available as services.kanata.
-
languagetool, a multilingual grammar, style, and spell checker. Available as services.languagetool.
-
OpenRGB, a FOSS tool for controlling RGB lighting. Available as services.hardware.openrgb.enable.
-
Outline, a wiki and knowledge base similar to Notion. Available as services.outline.
-
alps, a simple and extensible webmail. Available as services.alps.
-
netbird, a zero configuration VPN. Available as services.netbird.
-
persistent-evdev, a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as services.persistent-evdev.
-
schleuder, a mailing list manager with PGP support. Enable using services.schleuder.
-
Dolibarr, an enterprise resource planning and customer relationship manager. Enable using services.dolibarr.
-
FreshRSS, a free, self-hostable RSS feed aggregator. Available as services.freshrss.
-
expressvpn, the CLI client for ExpressVPN. Available as services.expressvpn.
-
go-autoconfig, IMAP/SMTP autodiscover server. Available as services.go-autoconfig.
-
tmate-ssh-server, server side part of tmate. Available as services.tmate-ssh-server.
-
Grafana Tempo, a distributed tracing store. Available as services.tempo.
-
AusweisApp2, the authentication software for the German ID card. Available as programs.ausweisapp.
-
Patroni, a template for PostgreSQL HA with ZooKeeper, etcd or Consul. Available as services.patroni.
-
Prometheus IPMI exporter, an IPMI exporter for Prometheus. Available as services.prometheus.exporters.ipmi.
-
WriteFreely, a simple blogging platform with ActivityPub support. Available as services.writefreely.
-
Listmonk, a self-hosted newsletter manager. Enable using services.listmonk.
Backward Incompatibilities
-
Nixpkgs now requires Nix 2.3 or newer.
-
The
isCompatible
predicate checking CPU compatibility is no longer exposed by the platform sets generated usinglib.systems.elaborate
. In most cases you will want to use the newcanExecute
predicate instead which also considers the kernel / syscall interface. It is briefly described in the release's highlights section.lib.systems.parse.isCompatible
still exists, but has changed semantically: Architectures with differing endianness modes are no longer considered compatible. -
ngrok
has been upgraded from 2.3.40 to 3.0.4. Please see the upgrade guide and changelog. Notably, breaking changes are that the config file format has changed and support for single hypen arguments was dropped. -
i18n.supportedLocales
is now by default only generated with the locales set ini18n.defaultLocale
andi18n.extraLocaleSettings
. This got partially copied over from the minimal profile and reduces the final system size by up to 200MB. If you require all locales installed set the option to[ "all" ]
. -
The
isPowerPC
predicate, found onplatform
attrsets (hostPlatform
,buildPlatform
,targetPlatform
, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replacefoo.isPowerPC
with(with foo; isPower && is32bit && isBigEndian)
. -
The
fetchgit
fetcher now uses cone mode by default for sparse checkouts. Non-cone mode can be enabled by passingnonConeMode = true
, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice. -
bsp-layout
no longer uses the commandcycle
to switch to other window layouts, as it got replaced by the commandsprevious
andnext
. -
The Barco ClickShare driver/client package
pkgs.clickshare-csc1
and the optionprograms.clickshare-csc1.enable
have been removed, as it requiresqt4
, which reached its end-of-life 2015 and will no longer be supported by nixpkgs. According to Barco many of their base unit models can be used with Google Chrome and the Google Cast extension. -
services.hbase
has been renamed toservices.hbase-standalone
. For production HBase clusters, useservices.hadoop.hbase
instead. -
The
coq
package and versioned variants starting atcoq_8_14
no longer include CoqIDE, which is now available throughcoqPackages.coqide
. It is still possible to get CoqIDE as part of thecoq
package by overriding thebuildIde
argument of the derivation. -
PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release.
-
pkgs.cosign
does not provide thecosigned
binary anymore. -
Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues. Users who still wish to remain using GTK can do so by using
emacs-gtk
. -
riak package removed along with
services.riak
module, due to lack of maintainer to update the package. -
xow package removed along with the
hardware.xow
module, due to the project being deprecated in favor ofxone
, which is available via thehardware.xone
module. -
dd-agent package removed along with the
services.dd-agent
module, due to the project being deprecated in favor ofdatadog-agent
, which is available via theservices.datadog-agent
module. -
teleport
has been upgraded to major version 10. Please see upstream upgrade instructions and release notes. -
lemmy module option
services.lemmy.settings.database.createLocally
moved toservices.lemmy.database.createLocally
. -
virtlyst package and
services.virtlyst
module removed, due to lack of maintainers. -
The
services.graphite.api
andservices.graphite.beacon
NixOS options, and thepython3.pkgs.graphite_api
,python3.pkgs.graphite_beacon
andpython3.pkgs.influxgraph
packages, have been removed due to lack of upstream maintenance. -
The
aws
package has been removed due to being abandoned by the upstream. It is recommended to useawscli
orawscli2
instead. -
The
meta.mainProgram
attribute of packages inwineWowPackages
now defaults to"wine64"
. -
The
paperless
module now defaultsPAPERLESS_TIME_ZONE
to your configured system timezone. -
(Neo)Vim can not be configured with
configure.pathogen
anymore to reduce maintainance burden. Useconfigure.packages
instead. -
Neovim can not be configured with plug anymore (still works for vim).
-
k3s
no longer supports docker as runtime due to upstream dropping support. -
k3s
supportsclusterInit
option, and it is enabled by default, for servers. -
stylua
no longer acceptslua52Support
andluauSupport
overrides, usefeatures
instead, which defaults to[ "lua54" "luau" ]
.
Other Notable Changes
-
The
xplr
package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the upstream release notes for more details. -
github-runner
gained support for ephemeral runners and registrations using a personal access token (PAT) instead of a registration token. Seeservices.github-runner.ephemeral
andservices.github-runner.tokenFile
for details. -
A new module was added for the Saleae Logic device family, providing the options
hardware.saleae-logic.enable
andhardware.saleae-logic.package
. -
The Redis module now disables RDB persistence when
services.redis.servers.<name>.save = []
instead of using the Redis default. -
Neo4j was updated from version 3 to version 4. See this migration guide on how to migrate your Neo4j instance.
-
The
networking.wireguard
module now can set the mtu on interfaces and tag its packets with an fwmark. -
The
services.matrix-synapse
systemd unit has been hardened. -
Matrix Synapse now requires entries in the
state_group_edges
table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. -
The
diamond
package has been update from 0.8.36 to 2.0.15. See the upstream release notes for more details. -
dockerTools.buildImage
deprecates the misunderstoodcontents
parameter, in favor ofcopyToRoot
. UsecopyToRoot = buildEnv { ... };
or similar if you intend to add packages to/bin
. -
memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
-
Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
-
The
documentation.nixos.options.allowDocBook
option was added to ease the transition to CommonMark option documentation. Setting this option tofalse
causes an error for every option included in the manual that uses DocBook documentation; it defaults totrue
to preserve the previous behavior and will be removed once the transition to CommonMark is complete. -
The udisks2 service, available at
services.udisks2.enable
, is now disabled by default. It will automatically be enabled through services and desktop environments as needed. This also means that polkit will now actually be disabled by default. The default forsecurity.polkit.enable
was already flipped in the previous release, but udisks2 being enabled by default re-enabled it. -
Add udev rules for the Teensy family of microcontrollers.
-
systemd-oomd is enabled by default. Depending on which systemd units have
ManagedOOMSwap=kill
orManagedOOMMemoryPressure=kill
, systemd-oomd will SIGKILL all the processes under the appropriate descendant cgroups when the configured limits are exceeded. NixOS does currently not configure cgroups with oomd by default, this can be enabled using systemd.oomd.enableRootSlice, systemd.oomd.enableSystemSlice, and systemd.oomd.enableUserServices. -
The
pass-secret-service
package now includes systemd units from upstream, so adding it to the NixOSservices.dbus.packages
option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API. -
There is a new module for AMD SEV CPU functionality, which grants access to the hardware.
-
The Wordpress module got support for installing language packs through
services.wordpress.sites.<site>.languages
. -
There is a new module for the
thunar
program (the Xfce file manager), which depends on thexfconf
dbus service, and also has a dbus service and a systemd unit. The optionservices.xserver.desktopManager.xfce.thunarPlugins
has been renamed toprograms.thunar.plugins
, and in a future release it may be removed. -
There is a new module for the
xfconf
program (the Xfce configuration storage system), which has a dbus service. -
The
nomad
package now defaults to 1.3, which no longer has a downgrade path to releases 1.2 or older. -
The
nodePackages
package set now defaults to the LTS release in thenodejs
package again, instead of being pinned tonodejs-14_x
. Several updates to node2nix have been made for compatibility with newer Node.js and npm versions and a newpostRebuild
hook has been added for packages to perform extra build steps before the npm install step prunes dev dependencies.