Release 21.11 (“?”, 2021.11/??)
In addition to numerous new and upgraded packages, this release has
the following highlights:
Support is planned until the end of June 2022, handing over to
22.05.
Highlights
PHP now defaults to PHP 8.0, updated from 7.4.
kOps now defaults to 1.21.0, which uses containerd as the
default runtime.
python3 now defaults to Python 3.9, updated
from Python 3.8.
PostgreSQL now defaults to major version 13.
New Services
btrbk,
a backup tool for btrfs subvolumes, taking advantage of btrfs
specific capabilities to create atomic snapshots and transfer
them incrementally to your backup locations. Available as
services.btrbk.
clipcat,
an X11 clipboard manager written in Rust. Available at
[services.clipcat](options.html#o pt-services.clipcat.enable).
geoipupdate,
a GeoIP database updater from MaxMind. Available as
services.geoipupdate.
Kea, ISCs
2nd generation DHCP and DDNS server suite. Available at
services.kea.
sourcehut, a
collection of tools useful for software development. Available
as
services.sourcehut.
ucarp,
an userspace implementation of the Common Address Redundancy
Protocol (CARP). Available as
networking.ucarp.
Users of flashrom should migrate to
programs.flashrom.enable
and add themselves to the flashrom group to
be able to access programmers supported by flashrom.
vikunja, a to-do
list app. Available as
services.vikunja.
snapraid, a
backup program for disk arrays. Available as
snapraid.
Hockeypuck,
a OpenPGP Key Server. Available as
services.hockeypuck.
buildkite-agent-metrics,
a command-line tool for collecting Buildkite agent metrics,
now has a Prometheus exporter available as
services.prometheus.exporters.buildkite-agent.
influxdb-exporter
a Prometheus exporter that exports metrics received on an
InfluxDB compatible endpoint is now available as
services.prometheus.exporters.influxdb.
mx-puppet-discord,
a discord puppeting bridge for matrix. Available as
services.mx-puppet-discord.
MeshCentral,
a remote administration service (TeamViewer but
self-hosted and with more features) is now available
with a package and a module:
services.meshcentral.enable
moonraker,
an API web server for Klipper. Available as
moonraker.
Backward Incompatibilities
The staticjinja package has been upgraded
from 1.0.4 to 3.0.1
services.geoip-updater was broken and has
been replaced by
services.geoipupdate.
PHP 7.3 is no longer supported due to upstream not supporting
this version for the entire lifecycle of the 21.11 release.
Those making use of buildBazelPackage will
need to regenerate the fetch hashes (preferred), or set
fetchConfigured = false;.
consul was upgraded to a new major release
with breaking changes, see
upstream
changelog.
fsharp41 has been removed in preference to use the latest
dotnet-sdk
The following F#-related packages have been removed for being
unmaintaned. Please use fetchNuGet for
specific packages.
ExtCore
Fake
Fantomas
FsCheck
FsCheck262
FsCheckNunit
FSharpAutoComplete
FSharpCompilerCodeDom
FSharpCompilerService
FSharpCompilerTools
FSharpCore302
FSharpCore3125
FSharpCore4001
FSharpCore4117
FSharpData
FSharpData225
FSharpDataSQLProvider
FSharpFormatting
FsLexYacc
FsLexYacc706
FsLexYaccRuntime
FsPickler
FsUnit
Projekt
Suave
UnionArgParser
ExcelDnaRegistration
MathNetNumerics
programs.x2goserver is now
services.x2goserver
The following dotnet-related packages have been removed for
being unmaintaned. Please use fetchNuGet
for specific packages.
Autofac
SystemValueTuple
MicrosoftDiaSymReader
MicrosoftDiaSymReaderPortablePdb
SystemCollectionsImmutable
SystemCollectionsImmutable131
SystemReflectionMetadata
NUnit350
Deedle
ExcelDna
GitVersionTree
NDeskOptions
The antlr package now defaults to the 4.x
release instead of the old 2.7.7 version.
The pulseeffects package updated to
version
4.x and renamed to easyeffects.
The libwnck package now defaults to the 3.x
release instead of the old 2.31.0 version.
The bitwarden_rs packages and modules were
renamed to vaultwarden
following
upstream. More specifically,
pkgs.bitwarden_rs,
pkgs.bitwarden_rs-sqlite,
pkgs.bitwarden_rs-mysql and
pkgs.bitwarden_rs-postgresql were
renamed to pkgs.vaultwarden,
pkgs.vaultwarden-sqlite,
pkgs.vaultwarden-mysql and
pkgs.vaultwarden-postgresql,
respectively.
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
The bitwarden_rs executable was
also renamed to vaultwarden in all
packages.
pkgs.bitwarden_rs-vault was renamed to
pkgs.vaultwarden-vault.
pkgs.bitwarden_rs-vault is
preserved as an alias for backwards compatibility, but
may be removed in the future.
The static files were moved from
/usr/share/bitwarden_rs to
/usr/share/vaultwarden.
The services.bitwarden_rs config module
was renamed to services.vaultwarden.
services.bitwarden_rs is preserved
as an alias for backwards compatibility, but may be
removed in the future.
systemd.services.bitwarden_rs,
systemd.services.backup-bitwarden_rs
and systemd.timers.backup-bitwarden_rs
were renamed to
systemd.services.vaultwarden,
systemd.services.backup-vaultwarden and
systemd.timers.backup-vaultwarden,
respectively.
Old names are preserved as aliases for backwards
compatibility, but may be removed in the future.
users.users.bitwarden_rs and
users.groups.bitwarden_rs were renamed
to users.users.vaultwarden and
users.groups.vaultwarden, respectively.
The data directory remains located at
/var/lib/bitwarden_rs, for backwards
compatibility.
yggdrasil was upgraded to a new major
release with breaking changes, see
upstream
changelog.
icingaweb2 was upgraded to a new release
which requires a manual database upgrade, see
upstream
changelog.
The isabelle package has been upgraded from
2020 to 2021
the mingw-64 package has been upgraded from
6.0.0 to 9.0.0
tt-rss was upgraded to the commit on
2021-06-21, which has breaking changes. If you use
services.tt-rss.extraConfig you should
migrate to the putenv-style configuration.
See
this
Discourse post in the tt-rss forums for more details.
The following Visual Studio Code extensions were renamed to
keep the naming convention uniform.
bbenoist.Nix ->
bbenoist.nixCoenraadS.bracket-pair-colorizer ->
coenraads.bracket-pair-colorizergolang.Go ->
golang.goservices.uptimed now uses
/var/lib/uptimed as its stateDirectory
instead of /var/spool/uptimed. Make sure to
move all files to the new directory.
Deprecated package aliases in emacs.pkgs.*
have been removed. These aliases were remnants of the old
Emacs package infrastructure. We now use exact upstream names
wherever possible.
programs.neovim.runtime switched to a
linkFarm internally, making it impossible
to use wildcards in the source argument.
The openrazer and
openrazer-daemon packages as well as the
hardware.openrazer module now require users
to be members of the openrazer group
instead of plugdev. With this change, users
no longer need be granted the entire set of
plugdev group permissions, which can
include permissions other than those required by
openrazer. This is desirable from a
security point of view. The setting
harware.openrazer.users
can be used to add users to the openrazer
group.
The yambar package has been split into
yambar and
yambar-wayland, corresponding to the xorg
and wayland backend respectively. Please switch to
yambar-wayland if you are on wayland.
Other Notable Changes
The setting
services.openssh.logLevel"VERBOSE""INFO". This brings NixOS in line
with upstream and other Linux distributions, and reduces log
spam on servers due to bruteforcing botnets.
However, if
services.fail2ban.enable
is true, the fail2ban
will override the verbosity to
"VERBOSE", so that
fail2ban can observe the failed login
attempts from the SSH logs.
Sway: The terminal emulator rxvt-unicode is
no longer installed by default via
programs.sway.extraPackages. The current
default configuration uses alacritty (and
soon foot) so this is only an issue when
using a customized configuration and not installing
rxvt-unicode explicitly.
python3 now defaults to Python 3.9. Python
3.9 introduces many deprecation warnings, please look at the
What’s
New In Python 3.9 post for more information.
The claws-mail package now references the
new GTK+ 3 release branch, major version 4. To use the GTK+ 2
releases, one can install the
claws-mail-gtk2 package.
The wordpress module provides a new interface which allows to
use different webservers with the new option
services.wordpress.webserver.
Currently httpd and
nginx are supported. The definitions of
wordpress sites should now be set in
services.wordpress.sites.
Sites definitions that use the old interface are automatically
migrated in the new option. This backward compatibility will
be removed in 22.05.
The order of NSS (host) modules has been brought in line with
upstream recommendations:
The myhostname module is placed before
the resolve (optional) and
dns entries, but after
file (to allow overriding via
/etc/hosts /
networking.extraHosts, and prevent ISPs
with catchall-DNS resolvers from hijacking
.localhost domains)
The mymachines module, which provides
hostname resolution for local containers (registered with
systemd-machined) is placed to the
front, to make sure its mappings are preferred over other
resolvers.
If systemd-networkd is enabled, the
resolve module is placed before
files and
myhostname, as it provides the same
logic internally, with caching.
The mdns(_minimal) module has been
updated to the new priorities.
If you use your own NSS host modules, make sure to update your
priorities according to these rules:
NSS modules which should be queried before
resolved DNS resolution should use
mkBefore.
NSS modules which should be queried after
resolved, files and
myhostname, but before
dns should use the default priority
NSS modules which should come after dns
should use mkAfter.
The
networking.wireless.iwd
module has a new
networking.wireless.iwd.settings
option.
The
services.syncoid.enable
module now properly drops ZFS permissions after usage. Before
it delegated permissions to whole pools instead of datasets
and didn’t clean up after execution. You can manually look
this up for your pools by running
zfs allow your-pool-name and use
zfs unallow syncoid your-pool-name to clean
this up.
Zfs: latestCompatibleLinuxPackages is now
exported on the zfs package. One can use
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
to always track the latest compatible kernel with a given
version of zfs.
Nginx will use the value of
sslTrustedCertificate if provided for a
virtual host, even if enableACME is set.
This is useful for providers not using the same certificate to
sign OCSP responses and server certificates.