This is the second stable release branch of NixOS. In addition to numerous new and upgraded packages and modules, this release has the following highlights: Installation on UEFI systems is now supported. See for details. Systemd has been updated to version 212, which has numerous improvements. NixOS now automatically starts systemd user instances when you log in. You can define global user units through the systemd.unit.* options. NixOS is now based on Glibc 2.19 and GCC 4.8. The default Linux kernel has been updated to 3.12. KDE has been updated to 4.12. GNOME 3.10 experimental support has been added. Nix has been updated to 1.7 (details). NixOS now supports fully declarative management of users and groups. If you set users.mutableUsers to false, then the contents of /etc/passwd and /etc/group will be congruent to your NixOS configuration. For instance, if you remove a user from users.extraUsers and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. If users.mutableUsers is true (the default), then behaviour is unchanged from NixOS 13.10. NixOS now has basic container support, meaning you can easily run a NixOS instance as a container in a NixOS host system. These containers are suitable for testing and experimentation but not production use, since they’re not fully isolated from the host. See for details. Systemd units provided by packages can now be overridden from the NixOS configuration. For instance, if a package foo provides systemd units, you can say: { systemd.packages = [ pkgs.foo ]; } to enable those units. You can then set or override unit options in the usual way, e.g. { systemd.services.foo.wantedBy = [ "multi-user.target" ]; systemd.services.foo.serviceConfig.MemoryLimit = "512M"; } When upgrading from a previous release, please be aware of the following incompatible changes: Nixpkgs no longer exposes unfree packages by default. If your NixOS configuration requires unfree packages from Nixpkgs, you need to enable support for them explicitly by setting: { nixpkgs.config.allowUnfree = true; } Otherwise, you get an error message such as: error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’ has an unfree license, refusing to evaluate The Adobe Flash player is no longer enabled by default in the Firefox and Chromium wrappers. To enable it, you must set: { nixpkgs.config.allowUnfree = true; nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium } The firewall is now enabled by default. If you don’t want this, you need to disable it explicitly: { networking.firewall.enable = false; } The option boot.loader.grub.memtest86 has been renamed to boot.loader.grub.memtest86.enable. The mysql55 service has been merged into the mysql service, which no longer sets a default for the option services.mysql.package. Package variants are now differentiated by suffixing the name, rather than the version. For instance, sqlite-3.8.4.3-interactive is now called sqlite-interactive-3.8.4.3. This ensures that nix-env -i sqlite is unambiguous, and that nix-env -u won’t upgrade sqlite to sqlite-interactive or vice versa. Notably, this change affects the Firefox wrapper (which provides plugins), as it is now called firefox-wrapper. So when using nix-env, you should do nix-env -e firefox; nix-env -i firefox-wrapper if you want to keep using the wrapper. This change does not affect declarative package management, since attribute names like pkgs.firefoxWrapper were already unambiguous. The symlink /etc/ca-bundle.crt is gone. Programs should instead use the environment variable OPENSSL_X509_CERT_FILE (which points to /etc/ssl/certs/ca-bundle.crt).