This is the second stable release branch of NixOS. In addition to numerous new and upgraded packages and modules, this release has the following highlights:
Systemd has been updated to version 212, which has <linkxlink:href="http://cgit.freedesktop.org/systemd/systemd/plain/NEWS?id=v212">numerous improvements</link>. NixOS now automatically starts systemd user instances when you log in. You can define global user units through the <option>systemd.unit.*</option> options.
NixOS now supports fully declarative management of users and groups. If you set <option>users.mutableUsers</option> to <literal>false</literal>, then the contents of <filename>/etc/passwd</filename> and <filename>/etc/group</filename> will be <link
xlink:href="https://www.usenix.org/legacy/event/lisa02/tech/full_papers/traugott/traugott_html/">congruent</link> to your NixOS configuration. For instance, if you remove a user from <option>users.extraUsers</option> and run <command>nixos-rebuild</command>, the user account will cease to exist. Also, imperative commands for managing users and groups, such as <command>useradd</command>, are no longer available. If <option>users.mutableUsers</option> is <literal>true</literal> (the default), then behaviour is unchanged from NixOS 13.10.
NixOS now has basic container support, meaning you can easily run a NixOS instance as a container in a NixOS host system. These containers are suitable for testing and experimentation but not production use, since they’re not fully isolated from the host. See <xreflinkend="ch-containers"/> for details.
Systemd units provided by packages can now be overridden from the NixOS configuration. For instance, if a package <literal>foo</literal> provides systemd units, you can say:
Nixpkgs no longer exposes unfree packages by default. If your NixOS configuration requires unfree packages from Nixpkgs, you need to enable support for them explicitly by setting:
The <literal>mysql55</literal> service has been merged into the <literal>mysql</literal> service, which no longer sets a default for the option <option>services.mysql.package</option>.
Package variants are now differentiated by suffixing the name, rather than the version. For instance, <filename>sqlite-3.8.4.3-interactive</filename> is now called <filename>sqlite-interactive-3.8.4.3</filename>. This ensures that <literal>nix-env -i sqlite</literal> is unambiguous, and that <literal>nix-env -u</literal> won’t “upgrade” <literal>sqlite</literal> to <literal>sqlite-interactive</literal> or vice versa. Notably, this change affects the Firefox wrapper (which provides plugins), as it is now called <literal>firefox-wrapper</literal>. So when using <command>nix-env</command>, you should do <literal>nix-env -e firefox; nix-env -i firefox-wrapper</literal> if you want to keep using the wrapper. This change does not affect declarative package management, since attribute names like <literal>pkgs.firefoxWrapper</literal> were already unambiguous.
The symlink <filename>/etc/ca-bundle.crt</filename> is gone. Programs should instead use the environment variable <envar>OPENSSL_X509_CERT_FILE</envar> (which points to <filename>/etc/ssl/certs/ca-bundle.crt</filename>).
