forked from mirrors/nixpkgs
a3e7a83514
Rootless Docker service
97 lines
5.8 KiB
Markdown
97 lines
5.8 KiB
Markdown
# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05}
|
|
|
|
In addition to numerous new and upgraded packages, this release has the following highlights:
|
|
|
|
- Support is planned until the end of December 2022, handing over to 22.11.
|
|
|
|
## Highlights {#sec-release-22.05-highlights}
|
|
|
|
- `security.acme.defaults` has been added to simplify configuring
|
|
settings for many certificates at once. This also opens up the
|
|
the option to use DNS-01 validation when using `enableACME` on
|
|
web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`).
|
|
|
|
- PHP 8.1 is now available
|
|
|
|
## New Services {#sec-release-22.05-new-services}
|
|
|
|
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
|
|
- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable).
|
|
|
|
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
|
|
|
|
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
|
|
|
|
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
|
|
|
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
|
|
This *only* makes a difference if you are cross-compiling and will
|
|
ensure that `pkgs.ghc` always runs on the host platform and compiles
|
|
for the target platform (similar to `pkgs.gcc` for example).
|
|
`haskellPackages.ghc` still behaves as before, running on the build
|
|
platform and compiling for the host platform (similar to `stdenv.cc`).
|
|
This means you don't have to adjust your derivations if you use
|
|
`haskellPackages.callPackage`, but when using `pkgs.callPackage` and
|
|
taking `ghc` as an input, you should now use `buildPackages.ghc`
|
|
instead to ensure cross compilation keeps working (or switch to
|
|
`haskellPackages.callPackage`).
|
|
|
|
- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated.
|
|
The packages in the top level of `pkgs.emacsPackages`, such as org and
|
|
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
|
|
`pkgs.emacsPackages.nongnuPackages` where the new versions will release.
|
|
|
|
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
|
|
|
- `pkgs.claws-mail-gtk2`, representing Claws Mail's older release version three, was removed in order to get rid of Python 2.
|
|
Please switch to `claws-mail`, which is Claws Mail's latest release based on GTK+3 and Python 3.
|
|
|
|
- The `writers.writePython2` and corresponding `writers.writePython2Bin` convenience functions to create executable Python 2 scripts in the store were removed in preparation of removal of the Python 2 interpreter.
|
|
Scripts have to be converted to Python 3 for use with `writers.writePython3` or `writers.writePyPy2` needs to be used.
|
|
|
|
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
|
|
|
|
- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details.
|
|
|
|
## Other Notable Changes {#sec-release-22.05-notable-changes}
|
|
|
|
- The option [services.redis.servers](#opt-services.redis.servers) was added
|
|
to support per-application `redis-server` which is more secure since Redis databases
|
|
are only mere key prefixes without any configuration or ACL of their own.
|
|
Backward-compatibility is preserved by mapping old `services.redis.settings`
|
|
to `services.redis.servers."".settings`, but you are strongly encouraged
|
|
to name each `redis-server` instance after the application using it,
|
|
instead of keeping that nameless one.
|
|
Except for the nameless `services.redis.servers.""`
|
|
still accessible at `127.0.0.1:6379`,
|
|
and to the members of the Unix group `redis`
|
|
through the Unix socket `/run/redis/redis.sock`,
|
|
all other `services.redis.servers.${serverName}`
|
|
are only accessible by default
|
|
to the members of the Unix group `redis-${serverName}`
|
|
through the Unix socket `/run/redis-${serverName}/redis.sock`.
|
|
|
|
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
|
|
|
|
- The `influxdb2` package was split into `influxdb2-server` and
|
|
`influxdb2-cli`, matching the split that took place upstream. A
|
|
combined `influxdb2` package is still provided in this release for
|
|
backwards compatibilty, but will be removed at a later date.
|
|
|
|
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
|
|
Configurations using this default will print a warning when rebuilt.
|
|
|
|
- `security.acme` certificates will now correctly check for CA
|
|
revokation before reaching their minimum age.
|
|
|
|
- Removing domains from `security.acme.certs._name_.extraDomainNames`
|
|
will now correctly remove those domains during rebuild/renew.
|
|
|
|
- The option
|
|
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
|
|
added, decoupling the setting of `SSH_ASKPASS` from
|
|
`services.xserver.enable`. This allows easy usage in non-X11 environments,
|
|
e.g. Wayland.
|
|
|
|
- The `services.stubby` module was converted to a [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
|