Merge master into staging-next · pyrox.dev/nixpkgs@b68a0d2

+12

maintainers/maintainer-list.nix

··· 1202 1202 github = "beardhatcode"; 1203 1203 githubId = 662538; 1204 1204 }; 1205 + beezow = { 1206 + name = "beezow"; 1207 + email = "zbeezow@gmail.com"; 1208 + github = "beezow"; 1209 + githubId = 42082156; 1210 + }; 1205 1211 bendlas = { 1206 1212 email = "herwig@bendlas.net"; 1207 1213 github = "bendlas"; ··· 2268 2274 github = "danielfullmer"; 2269 2275 githubId = 1298344; 2270 2276 name = "Daniel Fullmer"; 2277 + }; 2278 + dan4ik605743 = { 2279 + email = "6057430gu@gmail.com"; 2280 + github = "dan4ik605743"; 2281 + githubId = 86075850; 2282 + name = "Danil Danevich"; 2271 2283 }; 2272 2284 das-g = { 2273 2285 email = "nixpkgs@raphael.dasgupta.ch";

+1565

nixos/doc/manual/from_md/release-notes/rl-2105.section.xml

··· 1 + <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.05"> 2 + <title>Release 21.05 (<quote>Okapi</quote>, 2021.05/31)</title> 3 + <para> 4 + Support is planned until the end of December 2021, handing over to 5 + 21.11. 6 + </para> 7 + <section xml:id="sec-release-21.05-highlights"> 8 + <title>Highlights</title> 9 + <para> 10 + In addition to numerous new and upgraded packages, this release 11 + has the following highlights: 12 + </para> 13 + <itemizedlist> 14 + <listitem> 15 + <para> 16 + Core version changes: 17 + </para> 18 + <itemizedlist> 19 + <listitem> 20 + <para> 21 + gcc: 9.3.0 -> 10.3.0 22 + </para> 23 + </listitem> 24 + <listitem> 25 + <para> 26 + glibc: 2.30 -> 2.32 27 + </para> 28 + </listitem> 29 + <listitem> 30 + <para> 31 + default linux: 5.4 -> 5.10, all supported kernels 32 + available 33 + </para> 34 + </listitem> 35 + <listitem> 36 + <para> 37 + mesa: 20.1.7 -> 21.0.1 38 + </para> 39 + </listitem> 40 + </itemizedlist> 41 + </listitem> 42 + <listitem> 43 + <para> 44 + Desktop Environments: 45 + </para> 46 + <itemizedlist> 47 + <listitem> 48 + <para> 49 + GNOME: 3.36 -> 40, see its 50 + <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release 51 + notes</link> 52 + </para> 53 + </listitem> 54 + <listitem> 55 + <para> 56 + Plasma5: 5.18.5 -> 5.21.3 57 + </para> 58 + </listitem> 59 + <listitem> 60 + <para> 61 + kdeApplications: 20.08.1 -> 20.12.3 62 + </para> 63 + </listitem> 64 + <listitem> 65 + <para> 66 + cinnamon: 4.6 -> 4.8.1 67 + </para> 68 + </listitem> 69 + </itemizedlist> 70 + </listitem> 71 + <listitem> 72 + <para> 73 + Programming Languages and Frameworks: 74 + </para> 75 + <itemizedlist spacing="compact"> 76 + <listitem> 77 + <para> 78 + Python optimizations were disabled again. Builds with 79 + optimizations enabled are not reproducible. Optimizations 80 + can now be enabled with an option. 81 + </para> 82 + </listitem> 83 + </itemizedlist> 84 + </listitem> 85 + <listitem> 86 + <para> 87 + The linux_latest kernel was updated to the 5.12 series. It 88 + currently is not officially supported for use with the zfs 89 + filesystem. If you use zfs, you should use a different kernel 90 + version (either the LTS kernel, or track a specific one). 91 + </para> 92 + </listitem> 93 + </itemizedlist> 94 + </section> 95 + <section xml:id="sec-release-21.05-new-services"> 96 + <title>New Services</title> 97 + <para> 98 + The following new services were added since the last release: 99 + </para> 100 + <itemizedlist> 101 + <listitem> 102 + <para> 103 + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 104 + 3.8 was 105 + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> 106 + packaged, along with a rewrite to the Nix expressions, 107 + allowing users to override the features upstream supports 108 + selecting to compile or not to. Additionally, the attribute 109 + <literal>gnuradio</literal> and <literal>gnuradio3_7</literal> 110 + now point to an externally wrapped by default derivations, 111 + that allow you to also add `extraPythonPackages` to the Python 112 + interpreter used by GNURadio. Missing environmental variables 113 + needed for operational GUI were also added 114 + (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). 115 + </para> 116 + </listitem> 117 + <listitem> 118 + <para> 119 + <link xlink:href="https://www.keycloak.org/">Keycloak</link>, 120 + an open source identity and access management server with 121 + support for 122 + <link xlink:href="https://openid.net/connect/">OpenID 123 + Connect</link>, <link xlink:href="https://oauth.net/2/">OAUTH 124 + 2.0</link> and 125 + <link xlink:href="https://en.wikipedia.org/wiki/SAML_2.0">SAML 126 + 2.0</link>. 127 + </para> 128 + <para> 129 + See the <link linkend="module-services-keycloak">Keycloak 130 + section of the NixOS manual</link> for more information. 131 + </para> 132 + </listitem> 133 + <listitem> 134 + <para> 135 + <link xlink:href="options.html#opt-services.samba-wsdd.enable">services.samba-wsdd.enable</link> 136 + Web Services Dynamic Discovery host daemon 137 + </para> 138 + </listitem> 139 + <listitem> 140 + <para> 141 + <link xlink:href="https://www.discourse.org/">Discourse</link>, 142 + a modern and open source discussion platform. 143 + </para> 144 + <para> 145 + See the <link linkend="module-services-discourse">Discourse 146 + section of the NixOS manual</link> for more information. 147 + </para> 148 + </listitem> 149 + <listitem> 150 + <para> 151 + <link xlink:href="options.html#opt-services.nebula.networks">services.nebula.networks</link> 152 + <link xlink:href="https://github.com/slackhq/nebula">Nebula 153 + VPN</link> 154 + </para> 155 + </listitem> 156 + </itemizedlist> 157 + </section> 158 + <section xml:id="sec-release-21.05-incompatibilities"> 159 + <title>Backward Incompatibilities</title> 160 + <para> 161 + When upgrading from a previous release, please be aware of the 162 + following incompatible changes: 163 + </para> 164 + <itemizedlist> 165 + <listitem> 166 + <para> 167 + GNOME desktop environment was upgraded to 40, see the release 168 + notes for 169 + <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> 170 + and 171 + <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. 172 + The <literal>gnome3</literal> attribute set has been renamed 173 + to <literal>gnome</literal> and so have been the NixOS 174 + options. 175 + </para> 176 + </listitem> 177 + <listitem> 178 + <para> 179 + If you are using <literal>services.udev.extraRules</literal> 180 + to assign custom names to network interfaces, this may stop 181 + working due to a change in the initialisation of dhcpcd and 182 + systemd networkd. To avoid this, either move them to 183 + <literal>services.udev.initrdRules</literal> or see the new 184 + <link linkend="sec-custom-ifnames">Assigning custom 185 + names</link> section of the NixOS manual for an example using 186 + networkd links. 187 + </para> 188 + </listitem> 189 + <listitem> 190 + <para> 191 + The <literal>security.hideProcessInformation</literal> module 192 + has been removed. It was broken since the switch to 193 + cgroups-v2. 194 + </para> 195 + </listitem> 196 + <listitem> 197 + <para> 198 + The <literal>linuxPackages.ati_drivers_x11</literal> kernel 199 + modules have been removed. The drivers only supported kernels 200 + prior to 4.2, and thus have become obsolete. 201 + </para> 202 + </listitem> 203 + <listitem> 204 + <para> 205 + The <literal>systemConfig</literal> kernel parameter is no 206 + longer added to boot loader entries. It has been unused since 207 + September 2010, but if do have a system generation from that 208 + era, you will now be unable to boot into them. 209 + </para> 210 + </listitem> 211 + <listitem> 212 + <para> 213 + <literal>systemd-journal2gelf</literal> no longer parses json 214 + and expects the receiving system to handle it. How to achieve 215 + this with Graylog is described in this 216 + <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub 217 + issue</link>. 218 + </para> 219 + </listitem> 220 + <listitem> 221 + <para> 222 + If the <literal>services.dbus</literal> module is enabled, 223 + then the user D-Bus session is now always socket activated. 224 + The associated options 225 + <literal>services.dbus.socketActivated</literal> and 226 + <literal>services.xserver.startDbusSession</literal> have 227 + therefore been removed and you will receive a warning if they 228 + are present in your configuration. This change makes the user 229 + D-Bus session available also for non-graphical logins. 230 + </para> 231 + </listitem> 232 + <listitem> 233 + <para> 234 + The <literal>networking.wireless.iwd</literal> module now 235 + installs the upstream-provided 80-iwd.link file, which sets 236 + the NamePolicy= for all wlan devices to "keep 237 + kernel", to avoid race conditions between iwd and 238 + networkd. If you don't want this, you can set 239 + <literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>. 240 + </para> 241 + </listitem> 242 + <listitem> 243 + <para> 244 + <literal>rubyMinimal</literal> was removed due to being unused 245 + and unusable. The default ruby interpreter includes JIT 246 + support, which makes it reference it's compiler. Since JIT 247 + support is probably needed by some Gems, it was decided to 248 + enable this feature with all cc references by default, and 249 + allow to build a Ruby derivation without references to cc, by 250 + setting <literal>jitSupport = false;</literal> in an overlay. 251 + See 252 + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link> 253 + for more info. 254 + </para> 255 + </listitem> 256 + <listitem> 257 + <para> 258 + Setting 259 + <literal>services.openssh.authorizedKeysFiles</literal> now 260 + also affects which keys 261 + <literal>security.pam.enableSSHAgentAuth</literal> will use. 262 + WARNING: If you are using these options in combination do make 263 + sure that any key paths you use are present in 264 + <literal>services.openssh.authorizedKeysFiles</literal>! 265 + </para> 266 + </listitem> 267 + <listitem> 268 + <para> 269 + The option <literal>fonts.enableFontDir</literal> has been 270 + renamed to 271 + <link xlink:href="options.html#opt-fonts.fontDir.enable">fonts.fontDir.enable</link>. 272 + The path of font directory has also been changed to 273 + <literal>/run/current-system/sw/share/X11/fonts</literal>, for 274 + consistency with other X11 resources. 275 + </para> 276 + </listitem> 277 + <listitem> 278 + <para> 279 + A number of options have been renamed in the kicad interface. 280 + <literal>oceSupport</literal> has been renamed to 281 + <literal>withOCE</literal>, <literal>withOCCT</literal> has 282 + been renamed to <literal>withOCC</literal>, 283 + <literal>ngspiceSupport</literal> has been renamed to 284 + <literal>withNgspice</literal>, and 285 + <literal>scriptingSupport</literal> has been renamed to 286 + <literal>withScripting</literal>. Additionally, 287 + <literal>kicad/base.nix</literal> no longer provides default 288 + argument values since these are provided by 289 + <literal>kicad/default.nix</literal>. 290 + </para> 291 + </listitem> 292 + <listitem> 293 + <para> 294 + The socket for the <literal>pdns-recursor</literal> module was 295 + moved from <literal>/var/lib/pdns-recursor</literal> to 296 + <literal>/run/pdns-recursor</literal> to match upstream. 297 + </para> 298 + </listitem> 299 + <listitem> 300 + <para> 301 + Paperwork was updated to version 2. The on-disk format 302 + slightly changed, and it is not possible to downgrade from 303 + Paperwork 2 back to Paperwork 1.3. Back your documents up 304 + before upgrading. See 305 + <link xlink:href="https://forum.openpaper.work/t/paperwork-2-0/112/5">this 306 + thread</link> for more details. 307 + </para> 308 + </listitem> 309 + <listitem> 310 + <para> 311 + PowerDNS has been updated from <literal>4.2.x</literal> to 312 + <literal>4.3.x</literal>. Please be sure to review the 313 + <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade 314 + Notes</link> provided by upstream before upgrading. Worth 315 + specifically noting is that the service now runs entirely as a 316 + dedicated <literal>pdns</literal> user, instead of starting as 317 + <literal>root</literal> and dropping privileges, as well as 318 + the default <literal>socket-dir</literal> location changing 319 + from <literal>/var/lib/powerdns</literal> to 320 + <literal>/run/pdns</literal>. 321 + </para> 322 + </listitem> 323 + <listitem> 324 + <para> 325 + The <literal>mediatomb</literal> service is now using by 326 + default the new and maintained fork <literal>gerbera</literal> 327 + package instead of the unmaintained 328 + <literal>mediatomb</literal> package. If you want to keep the 329 + old behavior, you must declare it with: 330 + </para> 331 + <programlisting language="bash"> 332 + { 333 + services.mediatomb.package = pkgs.mediatomb; 334 + } 335 + </programlisting> 336 + <para> 337 + One new option <literal>openFirewall</literal> has been 338 + introduced which defaults to false. If you relied on the 339 + service declaration to add the firewall rules itself before, 340 + you should now declare it with: 341 + </para> 342 + <programlisting language="bash"> 343 + { 344 + services.mediatomb.openFirewall = true; 345 + } 346 + </programlisting> 347 + </listitem> 348 + <listitem> 349 + <para> 350 + xfsprogs was update from 4.19 to 5.11. It now enables reflink 351 + support by default on filesystem creation. Support for 352 + reflinks was added with an experimental status to kernel 4.9 353 + and deemed stable in kernel 4.16. If you want to be able to 354 + mount XFS filesystems created with this release of xfsprogs on 355 + kernel releases older than those, you need to format them with 356 + <literal>mkfs.xfs -m reflink=0</literal>. 357 + </para> 358 + </listitem> 359 + <listitem> 360 + <para> 361 + The uWSGI server is now built with POSIX capabilities. As a 362 + consequence, root is no longer required in emperor mode and 363 + the service defaults to running as the unprivileged 364 + <literal>uwsgi</literal> user. Any additional capability can 365 + be added via the new option 366 + <link xlink:href="options.html#opt-services.uwsgi.capabilities">services.uwsgi.capabilities</link>. 367 + The previous behaviour can be restored by setting: 368 + </para> 369 + <programlisting language="bash"> 370 + { 371 + services.uwsgi.user = "root"; 372 + services.uwsgi.group = "root"; 373 + services.uwsgi.instance = 374 + { 375 + uid = "uwsgi"; 376 + gid = "uwsgi"; 377 + }; 378 + } 379 + </programlisting> 380 + <para> 381 + Another incompatibility from the previous release is that 382 + vassals running under a different user or group need to use 383 + <literal>immediate-{uid,gid}</literal> instead of the usual 384 + <literal>uid,gid</literal> options. 385 + </para> 386 + </listitem> 387 + <listitem> 388 + <para> 389 + btc1 has been abandoned upstream, and removed. 390 + </para> 391 + </listitem> 392 + <listitem> 393 + <para> 394 + cpp_ethereum (aleth) has been abandoned upstream, and removed. 395 + </para> 396 + </listitem> 397 + <listitem> 398 + <para> 399 + riak-cs package removed along with 400 + <literal>services.riak-cs</literal> module. 401 + </para> 402 + </listitem> 403 + <listitem> 404 + <para> 405 + stanchion package removed along with 406 + <literal>services.stanchion</literal> module. 407 + </para> 408 + </listitem> 409 + <listitem> 410 + <para> 411 + mutt has been updated to a new major version (2.x), which 412 + comes with some backward incompatible changes that are 413 + described in the 414 + <link xlink:href="http://www.mutt.org/relnotes/2.0/">release 415 + notes for Mutt 2.0</link>. 416 + </para> 417 + </listitem> 418 + <listitem> 419 + <para> 420 + <literal>vim</literal> and <literal>neovim</literal> switched 421 + to Python 3, dropping all Python 2 support. 422 + </para> 423 + </listitem> 424 + <listitem> 425 + <para> 426 + <link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>, 427 + which is off by default, had a <literal>chmod</literal> race 428 + condition fixed. As an aside, the parent directory's 429 + permissions were widened, and the key files were made 430 + owner-writable. This only affects newly created keys. However, 431 + if the exact permissions are important for your setup, read 432 + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>. 433 + </para> 434 + </listitem> 435 + <listitem> 436 + <para> 437 + <link xlink:href="options.html#opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link> 438 + previously did nothing, but has been fixed. However its 439 + default has been changed to <literal>false</literal> to 440 + preserve the existing default behaviour. If you have this 441 + explicitly set to <literal>true</literal>, please note that 442 + your non-root pools will now be forcibly imported. 443 + </para> 444 + </listitem> 445 + <listitem> 446 + <para> 447 + openafs now points to openafs_1_8, which is the new stable 448 + release. OpenAFS 1.6 was removed. 449 + </para> 450 + </listitem> 451 + <listitem> 452 + <para> 453 + The WireGuard module gained a new option 454 + <literal>networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds</literal> 455 + that implements refreshing the IP of DNS-based endpoints 456 + periodically (which WireGuard itself 457 + <link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot 458 + do</link>). 459 + </para> 460 + </listitem> 461 + <listitem> 462 + <para> 463 + MariaDB has been updated to 10.5. Before you upgrade, it would 464 + be best to take a backup of your database and read 465 + <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105"> 466 + Incompatible Changes Between 10.4 and 10.5</link>. After the 467 + upgrade you will need to run <literal>mysql_upgrade</literal>. 468 + </para> 469 + </listitem> 470 + <listitem> 471 + <para> 472 + The TokuDB storage engine dropped in mariadb 10.5 and removed 473 + in mariadb 10.6. It is recommended to switch to RocksDB. See 474 + also 475 + <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> 476 + and 477 + <link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: 478 + Remove the TokuDB storage engine</link>. 479 + </para> 480 + </listitem> 481 + <listitem> 482 + <para> 483 + The <literal>openldap</literal> module now has support for 484 + OLC-style configuration, users of the 485 + <literal>configDir</literal> option may wish to migrate. If 486 + you continue to use <literal>configDir</literal>, ensure that 487 + <literal>olcPidFile</literal> is set to 488 + <literal>/run/slapd/slapd.pid</literal>. 489 + </para> 490 + <para> 491 + As a result, <literal>extraConfig</literal> and 492 + <literal>extraDatabaseConfig</literal> are removed. To help 493 + with migration, you can convert your 494 + <literal>slapd.conf</literal> file to OLC configuration with 495 + the following script (find the location of this configuration 496 + file by running <literal>systemctl status openldap</literal>, 497 + it is the <literal>-f</literal> option. 498 + </para> 499 + <programlisting> 500 + $ TMPDIR=$(mktemp -d) 501 + $ slaptest -f /path/to/slapd.conf -F $TMPDIR 502 + $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' 503 + </programlisting> 504 + <para> 505 + This will dump your current configuration in LDIF format, 506 + which should be straightforward to convert into Nix settings. 507 + This does not show your schema configuration, as this is 508 + unnecessarily verbose for users of the default schemas and 509 + <literal>slaptest</literal> is buggy with schemas directly in 510 + the config file. 511 + </para> 512 + </listitem> 513 + <listitem> 514 + <para> 515 + Amazon EC2 and OpenStack Compute (nova) images now re-fetch 516 + instance meta data and user data from the instance metadata 517 + service (IMDS) on each boot. For example: stopping an EC2 518 + instance, changing its user data, and restarting the instance 519 + will now cause it to fetch and apply the new user data. 520 + </para> 521 + <warning> 522 + <para> 523 + Specifically, <literal>/etc/ec2-metadata</literal> is 524 + re-populated on each boot. Some NixOS scripts that read from 525 + this directory are guarded to only run if the files they 526 + want to manipulate do not already exist, and so will not 527 + re-apply their changes if the IMDS response changes. 528 + Examples: <literal>root</literal>'s SSH key is only added if 529 + <literal>/root/.ssh/authorized_keys</literal> does not 530 + exist, and SSH host keys are only set from user data if they 531 + do not exist in <literal>/etc/ssh</literal>. 532 + </para> 533 + </warning> 534 + </listitem> 535 + <listitem> 536 + <para> 537 + The <literal>rspamd</literal> services is now sandboxed. It is 538 + run as a dynamic user instead of root, so secrets and other 539 + files may have to be moved or their permissions may have to be 540 + fixed. The sockets are now located in 541 + <literal>/run/rspamd</literal> instead of 542 + <literal>/run</literal>. 543 + </para> 544 + </listitem> 545 + <listitem> 546 + <para> 547 + Enabling the Tor client no longer silently also enables and 548 + configures Privoxy, and the 549 + <literal>services.tor.client.privoxy.enable</literal> option 550 + has been removed. To enable Privoxy, and to configure it to 551 + use Tor's faster port, use the following configuration: 552 + </para> 553 + <programlisting language="bash"> 554 + { 555 + opt-services.privoxy.enable = true; 556 + opt-services.privoxy.enableTor = true; 557 + } 558 + </programlisting> 559 + </listitem> 560 + <listitem> 561 + <para> 562 + The <literal>services.tor</literal> module has a new 563 + exhaustively typed 564 + <link xlink:href="options.html#opt-services.tor.settings">services.tor.settings</link> 565 + option following RFC 0042; backward compatibility with old 566 + options has been preserved when aliasing was possible. The 567 + corresponding systemd service has been hardened, but there is 568 + a chance that the service still requires more permissions, so 569 + please report any related trouble on the bugtracker. Onion 570 + services v3 are now supported in 571 + <link xlink:href="options.html#opt-services.tor.relay.onionServices">services.tor.relay.onionServices</link>. 572 + A new 573 + <link xlink:href="options.html#opt-services.tor.openFirewall">services.tor.openFirewall</link> 574 + option as been introduced for allowing connections on all the 575 + TCP ports configured. 576 + </para> 577 + </listitem> 578 + <listitem> 579 + <para> 580 + The options 581 + <literal>services.slurm.dbdserver.storagePass</literal> and 582 + <literal>services.slurm.dbdserver.configFile</literal> have 583 + been removed. Use 584 + <literal>services.slurm.dbdserver.storagePassFile</literal> 585 + instead to provide the database password. Extra config options 586 + can be given via the option 587 + <literal>services.slurm.dbdserver.extraConfig</literal>. The 588 + actual configuration file is created on the fly on startup of 589 + the service. This avoids that the password gets exposed in the 590 + nix store. 591 + </para> 592 + </listitem> 593 + <listitem> 594 + <para> 595 + The <literal>wafHook</literal> hook does not wrap Python 596 + anymore. Packages depending on <literal>wafHook</literal> need 597 + to include any Python into their 598 + <literal>nativeBuildInputs</literal>. 599 + </para> 600 + </listitem> 601 + <listitem> 602 + <para> 603 + Starting with version 1.7.0, the project formerly named 604 + <literal>CodiMD</literal> is now named 605 + <literal>HedgeDoc</literal>. New installations will no longer 606 + use the old name for users, state directories and such, this 607 + needs to be considered when moving state to a more recent 608 + NixOS installation. Based on 609 + <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>, 610 + existing installations will continue to work. 611 + </para> 612 + </listitem> 613 + <listitem> 614 + <para> 615 + The fish-foreign-env package has been replaced with 616 + fishPlugins.foreign-env, in which the fish functions have been 617 + relocated to the <literal>vendor_functions.d</literal> 618 + directory to be loaded automatically. 619 + </para> 620 + </listitem> 621 + <listitem> 622 + <para> 623 + The prometheus json exporter is now managed by the prometheus 624 + community. Together with additional features some backwards 625 + incompatibilities were introduced. Most importantly the 626 + exporter no longer accepts a fixed command-line parameter to 627 + specify the URL of the endpoint serving JSON. It now expects 628 + this URL to be passed as an URL parameter, when scraping the 629 + exporter's <literal>/probe</literal> endpoint. In the 630 + prometheus scrape configuration the scrape target might look 631 + like this: 632 + </para> 633 + <programlisting> 634 + http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint 635 + </programlisting> 636 + <para> 637 + Existing configuration for the exporter needs to be updated, 638 + but can partially be re-used. Documentation is available in 639 + the upstream repository and a small example for NixOS is 640 + available in the corresponding NixOS test. 641 + </para> 642 + <para> 643 + These changes also affect 644 + <link xlink:href="options.html#opt-services.prometheus.exporters.rspamd.enable">services.prometheus.exporters.rspamd.enable</link>, 645 + which is just a preconfigured instance of the json exporter. 646 + </para> 647 + <para> 648 + For more information, take a look at the 649 + <link xlink:href="https://github.com/prometheus-community/json_exporter"> 650 + official documentation</link> of the json_exporter. 651 + </para> 652 + </listitem> 653 + <listitem> 654 + <para> 655 + Androidenv was updated, removing the 656 + <literal>includeDocs</literal> and 657 + <literal>lldbVersions</literal> arguments. Docs only covered a 658 + single version of the Android SDK, LLDB is now bundled with 659 + the NDK, and both are no longer available to download from the 660 + Android package repositories. Additionally, since the package 661 + lists have been updated, some older versions of Android 662 + packages may not be bundled. If you depend on older versions 663 + of Android packages, we recommend overriding the repo. 664 + </para> 665 + <para> 666 + Android packages are now loaded from a repo.json file created 667 + by parsing Android repo XML files. The arguments 668 + <literal>repoJson</literal> and <literal>repoXmls</literal> 669 + have been added to allow overriding the built-in androidenv 670 + repo.json with your own. Additionally, license files are now 671 + written to allow compatibility with Gradle-based tools, and 672 + the <literal>extraLicenses</literal> argument has been added 673 + to accept more SDK licenses if your project requires it. See 674 + the androidenv documentation for more details. 675 + </para> 676 + </listitem> 677 + <listitem> 678 + <para> 679 + The attribute <literal>mpi</literal> is now consistently used 680 + to provide a default, system-wide MPI implementation. The 681 + default implementation is openmpi, which has been used before 682 + by all derivations affects by this change. Note that all 683 + packages that have used <literal>mpi ? null</literal> in the 684 + input for optional MPI builds, have been changed to the 685 + boolean input paramater <literal>useMpi</literal> to enable 686 + building with MPI. Building all packages with 687 + <literal>mpich</literal> instead of the default 688 + <literal>openmpi</literal> can now be achived like this: 689 + </para> 690 + <programlisting language="bash"> 691 + self: super: 692 + { 693 + mpi = super.mpich; 694 + } 695 + </programlisting> 696 + </listitem> 697 + <listitem> 698 + <para> 699 + The Searx module has been updated with the ability to 700 + configure the service declaratively and uWSGI integration. The 701 + option <literal>services.searx.configFile</literal> has been 702 + renamed to 703 + <link xlink:href="options.html#opt-services.searx.settingsFile">services.searx.settingsFile</link> 704 + for consistency with the new 705 + <link xlink:href="options.html#opt-services.searx.settings">services.searx.settings</link>. 706 + In addition, the <literal>searx</literal> uid and gid 707 + reservations have been removed since they were not necessary: 708 + the service is now running with a dynamically allocated uid. 709 + </para> 710 + </listitem> 711 + <listitem> 712 + <para> 713 + The libinput module has been updated with the ability to 714 + configure mouse and touchpad settings separately. The options 715 + in <literal>services.xserver.libinput</literal> have been 716 + renamed to 717 + <literal>services.xserver.libinput.touchpad</literal>, while 718 + there is a new 719 + <literal>services.xserver.libinput.mouse</literal> for mouse 720 + related configuration. 721 + </para> 722 + <para> 723 + Since touchpad options no longer apply to all devices, you may 724 + want to replicate your touchpad configuration in mouse 725 + section. 726 + </para> 727 + </listitem> 728 + <listitem> 729 + <para> 730 + ALSA OSS emulation 731 + (<literal>sound.enableOSSEmulation</literal>) is now disabled 732 + by default. 733 + </para> 734 + </listitem> 735 + <listitem> 736 + <para> 737 + Thinkfan as been updated to <literal>1.2.x</literal>, which 738 + comes with a new YAML based configuration format. For this 739 + reason, several NixOS options of the thinkfan module have been 740 + changed to non-backward compatible types. In addition, a new 741 + <link xlink:href="options.html#opt-services.thinkfan.settings">services.thinkfan.settings</link> 742 + option has been added. 743 + </para> 744 + <para> 745 + Please read the 746 + <link xlink:href="https://github.com/vmatare/thinkfan#readme"> 747 + thinkfan documentation</link> before updating. 748 + </para> 749 + </listitem> 750 + <listitem> 751 + <para> 752 + Adobe Flash Player support has been dropped from the tree. In 753 + particular, the following packages no longer support it: 754 + </para> 755 + <itemizedlist> 756 + <listitem> 757 + <para> 758 + chromium 759 + </para> 760 + </listitem> 761 + <listitem> 762 + <para> 763 + firefox 764 + </para> 765 + </listitem> 766 + <listitem> 767 + <para> 768 + qt48 769 + </para> 770 + </listitem> 771 + <listitem> 772 + <para> 773 + qt5.qtwebkit 774 + </para> 775 + </listitem> 776 + </itemizedlist> 777 + <para> 778 + Additionally, packages flashplayer and hal-flash were removed 779 + along with the <literal>services.flashpolicyd</literal> 780 + module. 781 + </para> 782 + </listitem> 783 + <listitem> 784 + <para> 785 + The <literal>security.rngd</literal> module has been removed. 786 + It was disabled by default in 20.09 as it was functionally 787 + redundant with krngd in the linux kernel. It is not necessary 788 + for any device that the kernel recognises as an hardware RNG, 789 + as it will automatically run the krngd task to periodically 790 + collect random data from the device and mix it into the 791 + kernel's RNG. 792 + </para> 793 + <para> 794 + The default SMTP port for GitLab has been changed to 795 + <literal>25</literal> from its previous default of 796 + <literal>465</literal>. If you depended on this default, you 797 + should now set the 798 + <link xlink:href="options.html#opt-services.gitlab.smtp.port">services.gitlab.smtp.port</link> 799 + option. 800 + </para> 801 + </listitem> 802 + <listitem> 803 + <para> 804 + The default version of ImageMagick has been updated from 6 to 805 + 7. You can use imagemagick6, imagemagick6_light, and 806 + imagemagick6Big if you need the older version. 807 + </para> 808 + </listitem> 809 + <listitem> 810 + <para> 811 + <link xlink:href="options.html#opt-services.xserver.videoDrivers">services.xserver.videoDrivers</link> 812 + no longer uses the deprecated <literal>cirrus</literal> and 813 + <literal>vesa</literal> device dependent X drivers by default. 814 + It also enables both <literal>amdgpu</literal> and 815 + <literal>nouveau</literal> drivers by default now. 816 + </para> 817 + </listitem> 818 + <listitem> 819 + <para> 820 + The <literal>kindlegen</literal> package is gone, because it 821 + is no longer supported or hosted by Amazon. Sadly, its 822 + replacement, Kindle Previewer, has no Linux support. However, 823 + there are other ways to generate MOBI files. See 824 + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/96439">the 825 + discussion</link> for more info. 826 + </para> 827 + </listitem> 828 + <listitem> 829 + <para> 830 + The apacheKafka packages are now built with version-matched 831 + JREs. Versions 2.6 and above, the ones that recommend it, use 832 + jdk11, while versions below remain on jdk8. The NixOS service 833 + has been adjusted to start the service using the same version 834 + as the package, adjustable with the new 835 + <link xlink:href="options.html#opt-services.apache-kafka.jre">services.apache-kafka.jre</link> 836 + option. Furthermore, the default list of 837 + <link xlink:href="options.html#opt-services.apache-kafka.jvmOptions">services.apache-kafka.jvmOptions</link> 838 + have been removed. You should set your own according to the 839 + <link xlink:href="https://kafka.apache.org/documentation/#java">upstream 840 + documentation</link> for your Kafka version. 841 + </para> 842 + </listitem> 843 + <listitem> 844 + <para> 845 + The kodi package has been modified to allow concise addon 846 + management. Consider the following configuration from previous 847 + releases of NixOS to install kodi, including the 848 + kodiPackages.inputstream-adaptive and kodiPackages.vfs-sftp 849 + addons: 850 + </para> 851 + <programlisting language="bash"> 852 + { 853 + environment.systemPackages = [ 854 + pkgs.kodi 855 + ]; 856 + 857 + nixpkgs.config.kodi = { 858 + enableInputStreamAdaptive = true; 859 + enableVFSSFTP = true; 860 + }; 861 + } 862 + </programlisting> 863 + <para> 864 + All Kodi <literal>config</literal> flags have been removed, 865 + and as a result the above configuration should now be written 866 + as: 867 + </para> 868 + <programlisting language="bash"> 869 + { 870 + environment.systemPackages = [ 871 + (pkgs.kodi.withPackages (p: with p; [ 872 + inputstream-adaptive 873 + vfs-sftp 874 + ])) 875 + ]; 876 + } 877 + </programlisting> 878 + </listitem> 879 + <listitem> 880 + <para> 881 + <literal>environment.defaultPackages</literal> now includes 882 + the nano package. If pkgs.nano is not added to the list, make 883 + sure another editor is installed and the 884 + <literal>EDITOR</literal> environment variable is set to it. 885 + Environment variables can be set using 886 + <literal>environment.variables</literal>. 887 + </para> 888 + </listitem> 889 + <listitem> 890 + <para> 891 + <literal>services.minio.dataDir</literal> changed type to a 892 + list of paths, required for specifiyng multiple data 893 + directories for using with erasure coding. Currently, the 894 + service doesn't enforce nor checks the correct number of paths 895 + to correspond to minio requirements. 896 + </para> 897 + </listitem> 898 + <listitem> 899 + <para> 900 + All CUDA toolkit versions prior to CUDA 10 have been removed. 901 + </para> 902 + </listitem> 903 + <listitem> 904 + <para> 905 + The kbdKeymaps package was removed since dvp and neo are now 906 + included in kbd. If you want to use the Programmer Dvorak 907 + Keyboard Layout, you have to use 908 + <literal>dvorak-programmer</literal> in 909 + <literal>console.keyMap</literal> now instead of 910 + <literal>dvp</literal>. In 911 + <literal>services.xserver.xkbVariant</literal> it's still 912 + <literal>dvp</literal>. 913 + </para> 914 + </listitem> 915 + <listitem> 916 + <para> 917 + The babeld service is now being run as an unprivileged user. 918 + To achieve that the module configures 919 + <literal>skip-kernel-setup true</literal> and takes care of 920 + setting forwarding and rp_filter sysctls by itself as well as 921 + for each interface in 922 + <literal>services.babeld.interfaces</literal>. 923 + </para> 924 + </listitem> 925 + <listitem> 926 + <para> 927 + The <literal>services.zigbee2mqtt.config</literal> option has 928 + been renamed to 929 + <literal>services.zigbee2mqtt.settings</literal> and now 930 + follows 931 + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 932 + 0042</link>. 933 + </para> 934 + </listitem> 935 + </itemizedlist> 936 + <para> 937 + The yadm dotfile manager has been updated from 2.x to 3.x, which 938 + has new (XDG) default locations for some data/state files. Most 939 + yadm commands will fail and print a legacy path warning (which 940 + describes how to upgrade/migrate your repository). If you have 941 + scripts, daemons, scheduled jobs, shell profiles, etc. that invoke 942 + yadm, expect them to fail or misbehave until you perform this 943 + migration and prepare accordingly. 944 + </para> 945 + <itemizedlist> 946 + <listitem> 947 + <para> 948 + Instead of determining 949 + <literal>services.radicale.package</literal> automatically 950 + based on <literal>system.stateVersion</literal>, the latest 951 + version is always used because old versions are not officially 952 + supported. 953 + </para> 954 + <para> 955 + Furthermore, Radicale's systemd unit was hardened which might 956 + break some deployments. In particular, a non-default 957 + <literal>filesystem_folder</literal> has to be added to 958 + <literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal> 959 + if the deprecated <literal>services.radicale.config</literal> 960 + is used. 961 + </para> 962 + </listitem> 963 + <listitem> 964 + <para> 965 + In the <literal>security.acme</literal> module, use of 966 + <literal>--reuse-key</literal> parameter for Lego has been 967 + removed. It was introduced for HKPK, but this security feature 968 + is now deprecated. It is a better security practice to rotate 969 + key pairs instead of always keeping the same. If you need to 970 + keep this parameter, you can add it back using 971 + <literal>extraLegoRenewFlags</literal> as an option for the 972 + appropriate certificate. 973 + </para> 974 + </listitem> 975 + </itemizedlist> 976 + </section> 977 + <section xml:id="sec-release-21.05-notable-changes"> 978 + <title>Other Notable Changes</title> 979 + <itemizedlist> 980 + <listitem> 981 + <para> 982 + <literal>stdenv.lib</literal> has been deprecated and will 983 + break eval in 21.11. Please use <literal>pkgs.lib</literal> 984 + instead. See 985 + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/108938">#108938</link> 986 + for details. 987 + </para> 988 + </listitem> 989 + <listitem> 990 + <para> 991 + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 992 + has a <literal>pkgs</literal> attribute set, and there's a 993 + <literal>gnuradio.callPackage</literal> function that extends 994 + <literal>pkgs</literal> with a 995 + <literal>mkDerivation</literal>, and a 996 + <literal>mkDerivationWith</literal>, like Qt5. Now all 997 + <literal>gnuradio.pkgs</literal> are defined with 998 + <literal>gnuradio.callPackage</literal> and some packages that 999 + depend on gnuradio are defined with this as well. 1000 + </para> 1001 + </listitem> 1002 + <listitem> 1003 + <para> 1004 + <link xlink:href="https://www.privoxy.org/">Privoxy</link> has 1005 + been updated to version 3.0.32 (See 1006 + <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). 1007 + Compared to the previous release, Privoxy has gained support 1008 + for HTTPS inspection (still experimental), Brotli 1009 + decompression, several new filters and lots of bug fixes, 1010 + including security ones. In addition, the package is now built 1011 + with compression and external filters support, which were 1012 + previously disabled. 1013 + </para> 1014 + <para> 1015 + Regarding the NixOS module, new options for HTTPS inspection 1016 + have been added and 1017 + <literal>services.privoxy.extraConfig</literal> has been 1018 + replaced by the new 1019 + <link xlink:href="options.html#opt-services.privoxy.settings">services.privoxy.settings</link> 1020 + (See 1021 + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 1022 + 0042</link> for the motivation). 1023 + </para> 1024 + </listitem> 1025 + <listitem> 1026 + <para> 1027 + <link xlink:href="https://kodi.tv/">Kodi</link> has been 1028 + updated to version 19.1 "Matrix". See the 1029 + <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> 1030 + for further details. 1031 + </para> 1032 + </listitem> 1033 + <listitem> 1034 + <para> 1035 + The <literal>services.packagekit.backend</literal> option has 1036 + been removed as it only supported a single setting which would 1037 + always be the default. Instead new 1038 + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 1039 + 0042</link> compliant 1040 + <link xlink:href="options.html#opt-services.packagekit.settings">services.packagekit.settings</link> 1041 + and 1042 + <link xlink:href="options.html#opt-services.packagekit.vendorSettings">services.packagekit.vendorSettings</link> 1043 + options have been introduced. 1044 + </para> 1045 + </listitem> 1046 + <listitem> 1047 + <para> 1048 + <link xlink:href="https://nginx.org">Nginx</link> has been 1049 + updated to stable version 1.20.0. Now nginx uses the zlib-ng 1050 + library by default. 1051 + </para> 1052 + </listitem> 1053 + <listitem> 1054 + <para> 1055 + KDE Gear (formerly KDE Applications) is upgraded to 21.04, see 1056 + its 1057 + <link xlink:href="https://kde.org/announcements/gear/21.04/">release 1058 + notes</link> for details. 1059 + </para> 1060 + <para> 1061 + The <literal>kdeApplications</literal> package set is now 1062 + <literal>kdeGear</literal>, in keeping with the new name. The 1063 + old name remains for compatibility, but it is deprecated. 1064 + </para> 1065 + </listitem> 1066 + <listitem> 1067 + <para> 1068 + <link xlink:href="https://libreswan.org/">Libreswan</link> has 1069 + been updated to version 4.4. The package now includes example 1070 + configurations and manual pages by default. The NixOS module 1071 + has been changed to use the upstream systemd units and write 1072 + the configuration in the <literal>/etc/ipsec.d/ </literal> 1073 + directory. In addition, two new options have been added to 1074 + specify connection policies 1075 + (<link xlink:href="options.html#opt-services.libreswan.policies">services.libreswan.policies</link>) 1076 + and disable send/receive redirects 1077 + (<link xlink:href="options.html#opt-services.libreswan.disableRedirects">services.libreswan.disableRedirects</link>). 1078 + </para> 1079 + </listitem> 1080 + <listitem> 1081 + <para> 1082 + The Mailman NixOS module (<literal>services.mailman</literal>) 1083 + has a new option 1084 + <link xlink:href="options.html#opt-services.mailman.enablePostfix">services.mailman.enablePostfix</link>, 1085 + defaulting to true, that controls integration with Postfix. 1086 + </para> 1087 + <para> 1088 + If this option is disabled, default MTA config becomes not set 1089 + and you should set the options in 1090 + <literal>services.mailman.settings.mta</literal> according to 1091 + the desired configuration as described in 1092 + <link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman 1093 + documentation</link>. 1094 + </para> 1095 + </listitem> 1096 + <listitem> 1097 + <para> 1098 + The default-version of <literal>nextcloud</literal> is 1099 + nextcloud21. Please note that it's <emphasis>not</emphasis> 1100 + possible to upgrade <literal>nextcloud</literal> across 1101 + multiple major versions! This means that it's e.g. not 1102 + possible to upgrade from nextcloud18 to nextcloud20 in a 1103 + single deploy and most <literal>20.09</literal> users will 1104 + have to upgrade to nextcloud20 first. 1105 + </para> 1106 + <para> 1107 + The package can be manually upgraded by setting 1108 + <link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link> 1109 + to nextcloud21. 1110 + </para> 1111 + </listitem> 1112 + <listitem> 1113 + <para> 1114 + The setting 1115 + <link xlink:href="options.html#opt-services.redis.bind">services.redis.bind</link> 1116 + defaults to <literal>127.0.0.1</literal> now, making Redis 1117 + listen on the loopback interface only, and not all public 1118 + network interfaces. 1119 + </para> 1120 + </listitem> 1121 + <listitem> 1122 + <para> 1123 + NixOS now emits a deprecation warning if systemd's 1124 + <literal>StartLimitInterval</literal> setting is used in a 1125 + <literal>serviceConfig</literal> section instead of in a 1126 + <literal>unitConfig</literal>; that setting is deprecated and 1127 + now undocumented for the service section by systemd upstream, 1128 + but still effective and somewhat buggy there, which can be 1129 + confusing. See 1130 + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> 1131 + for details. 1132 + </para> 1133 + <para> 1134 + All services should use 1135 + <link xlink:href="options.html#opt-systemd.services._name_.startLimitIntervalSec">systemd.services.<emphasis>name</emphasis>.startLimitIntervalSec</link> 1136 + or <literal>StartLimitIntervalSec</literal> in 1137 + <link xlink:href="options.html#opt-systemd.services._name_.unitConfig">systemd.services.<emphasis>name</emphasis>.unitConfig</link> 1138 + instead. 1139 + </para> 1140 + </listitem> 1141 + <listitem> 1142 + <para> 1143 + The <literal>mediatomb</literal> service declares new options. 1144 + It also adapts existing options so the configuration 1145 + generation is now lazy. The existing option 1146 + <literal>customCfg</literal> (defaults to false), when 1147 + enabled, stops the service configuration generation 1148 + completely. It then expects the users to provide their own 1149 + correct configuration at the right location (whereas the 1150 + configuration was generated and not used at all before). The 1151 + new option <literal>transcodingOption</literal> (defaults to 1152 + no) allows a generated configuration. It makes the mediatomb 1153 + service pulls the necessary runtime dependencies in the nix 1154 + store (whereas it was generated with hardcoded values before). 1155 + The new option <literal>mediaDirectories</literal> allows the 1156 + users to declare autoscan media directories from their nixos 1157 + configuration: 1158 + </para> 1159 + <programlisting language="bash"> 1160 + { 1161 + services.mediatomb.mediaDirectories = [ 1162 + { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } 1163 + { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } 1164 + ]; 1165 + } 1166 + </programlisting> 1167 + </listitem> 1168 + <listitem> 1169 + <para> 1170 + The Unbound DNS resolver service 1171 + (<literal>services.unbound</literal>) has been refactored to 1172 + allow reloading, control sockets and to fix startup ordering 1173 + issues. 1174 + </para> 1175 + <para> 1176 + It is now possible to enable a local UNIX control socket for 1177 + unbound by setting the 1178 + <link xlink:href="options.html#opt-services.unbound.localControlSocketPath">services.unbound.localControlSocketPath</link> 1179 + option. 1180 + </para> 1181 + <para> 1182 + Previously we just applied a very minimal set of restrictions 1183 + and trusted unbound to properly drop root privs and 1184 + capabilities. 1185 + </para> 1186 + <para> 1187 + As of this we are (for the most part) just using the upstream 1188 + example unit file for unbound. The main difference is that we 1189 + start unbound as <literal>unbound</literal> user with the 1190 + required capabilities instead of letting unbound do the chroot 1191 + & uid/gid changes. 1192 + </para> 1193 + <para> 1194 + The upstream unit configuration this is based on is a lot 1195 + stricter with all kinds of permissions then our previous 1196 + variant. It also came with the default of having the 1197 + <literal>Type</literal> set to <literal>notify</literal>, 1198 + therefore we are now also using the 1199 + <literal>unbound-with-systemd</literal> package here. Unbound 1200 + will start up, read the configuration files and start 1201 + listening on the configured ports before systemd will declare 1202 + the unit <literal>active (running)</literal>. This will likely 1203 + help with startup order and the occasional race condition 1204 + during system activation where the DNS service is started but 1205 + not yet ready to answer queries. Services depending on 1206 + <literal>nss-lookup.target</literal> or 1207 + <literal>unbound.service</literal> are now be able to use 1208 + unbound when those targets have been reached. 1209 + </para> 1210 + <para> 1211 + Additionally to the much stricter runtime environment the 1212 + <literal>/dev/urandom</literal> mount lines we previously had 1213 + in the code (that randomly failed during the stop-phase) have 1214 + been removed as systemd will take care of those for us. 1215 + </para> 1216 + <para> 1217 + The <literal>preStart</literal> script is now only required if 1218 + we enabled the trust anchor updates (which are still enabled 1219 + by default). 1220 + </para> 1221 + <para> 1222 + Another benefit of the refactoring is that we can now issue 1223 + reloads via either <literal>pkill -HUP unbound</literal> and 1224 + <literal>systemctl reload unbound</literal> to reload the 1225 + running configuration without taking the daemon offline. A 1226 + prerequisite of this was that unbound configuration is 1227 + available on a well known path on the file system. We are 1228 + using the path <literal>/etc/unbound/unbound.conf</literal> as 1229 + that is the default in the CLI tooling which in turn enables 1230 + us to use <literal>unbound-control</literal> without passing a 1231 + custom configuration location. 1232 + </para> 1233 + <para> 1234 + The module has also been reworked to be 1235 + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 1236 + 0042</link> compliant. As such, 1237 + <literal>sevices.unbound.extraConfig</literal> has been 1238 + removed and replaced by 1239 + <link xlink:href="options.html#opt-services.unbound.settings">services.unbound.settings</link>. 1240 + <literal>services.unbound.interfaces</literal> has been 1241 + renamed to 1242 + <literal>services.unbound.settings.server.interface</literal>. 1243 + </para> 1244 + <para> 1245 + <literal>services.unbound.forwardAddresses</literal> and 1246 + <literal>services.unbound.allowedAccess</literal> have also 1247 + been changed to use the new settings interface. You can follow 1248 + the instructions when executing 1249 + <literal>nixos-rebuild</literal> to upgrade your configuration 1250 + to use the new interface. 1251 + </para> 1252 + </listitem> 1253 + <listitem> 1254 + <para> 1255 + The <literal>services.dnscrypt-proxy2</literal> module now 1256 + takes the upstream's example configuration and updates it with 1257 + the user's settings. An option has been added to restore the 1258 + old behaviour if you prefer to declare the configuration from 1259 + scratch. 1260 + </para> 1261 + </listitem> 1262 + <listitem> 1263 + <para> 1264 + NixOS now defaults to the unified cgroup hierarchy 1265 + (cgroupsv2). See the 1266 + <link xlink:href="https://www.redhat.com/sysadmin/fedora-31-control-group-v2">Fedora 1267 + Article for 31</link> for details on why this is desirable, 1268 + and how it impacts containers. 1269 + </para> 1270 + <para> 1271 + If you want to run containers with a runtime that does not yet 1272 + support cgroupsv2, you can switch back to the old behaviour by 1273 + setting 1274 + <link xlink:href="options.html#opt-systemd.enableUnifiedCgroupHierarchy">systemd.enableUnifiedCgroupHierarchy</link> 1275 + = <literal>false</literal>; and rebooting. 1276 + </para> 1277 + </listitem> 1278 + <listitem> 1279 + <para> 1280 + PulseAudio was upgraded to 14.0, with changes to the handling 1281 + of default sinks. See its 1282 + <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release 1283 + notes</link>. 1284 + </para> 1285 + </listitem> 1286 + <listitem> 1287 + <para> 1288 + GNOME users may wish to delete their 1289 + <literal>~/.config/pulse</literal> due to the changes to 1290 + stream routing logic. See 1291 + <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio 1292 + bug 832</link> for more information. 1293 + </para> 1294 + </listitem> 1295 + <listitem> 1296 + <para> 1297 + The zookeeper package does not provide 1298 + <literal>zooInspector.sh</literal> anymore, as that 1299 + "contrib" has been dropped from upstream releases. 1300 + </para> 1301 + </listitem> 1302 + <listitem> 1303 + <para> 1304 + In the ACME module, the data used to build the hash for the 1305 + account directory has changed to accomodate new features to 1306 + reduce account rate limit issues. This will trigger new 1307 + account creation on the first rebuild following this update. 1308 + No issues are expected to arise from this, thanks to the new 1309 + account creation handling. 1310 + </para> 1311 + </listitem> 1312 + <listitem> 1313 + <para> 1314 + <link xlink:href="options.html#opt-users.users._name_.createHome">users.users.<emphasis>name</emphasis>.createHome</link> 1315 + now always ensures home directory permissions to be 1316 + <literal>0700</literal>. Permissions had previously been 1317 + ignored for already existing home directories, possibly 1318 + leaving them readable by others. The option's description was 1319 + incorrect regarding ownership management and has been 1320 + simplified greatly. 1321 + </para> 1322 + </listitem> 1323 + <listitem> 1324 + <para> 1325 + When defining a new user, one of 1326 + <link xlink:href="options.html#opt-users.users._name_.isNormalUser">users.users.<emphasis>name</emphasis>.isNormalUser</link> 1327 + and 1328 + <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> 1329 + is now required. This is to prevent accidentally giving a UID 1330 + above 1000 to system users, which could have unexpected 1331 + consequences, like running user activation scripts for system 1332 + users. Note that users defined with an explicit UID below 500 1333 + are exempted from this check, as 1334 + <link xlink:href="options.html#opt-users.users._name_.isSystemUser">users.users.<emphasis>name</emphasis>.isSystemUser</link> 1335 + has no effect for those. 1336 + </para> 1337 + </listitem> 1338 + <listitem> 1339 + <para> 1340 + The <literal>security.apparmor</literal> module, for the 1341 + <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> 1342 + Mandatory Access Control system, has been substantialy 1343 + improved along with related tools, so that module maintainers 1344 + can now more easily write AppArmor profiles for NixOS. The 1345 + most notable change on the user-side is the new option 1346 + <link xlink:href="options.html#opt-security.apparmor.policies">security.apparmor.policies</link>, 1347 + replacing the previous <literal>profiles</literal> option to 1348 + provide a way to disable a profile and to select whether to 1349 + confine in enforce mode (default) or in complain mode (see 1350 + <literal>journalctl -b --grep apparmor</literal>). 1351 + Security-minded users may also want to enable 1352 + <link xlink:href="options.html#opt-security.apparmor.killUnconfinedConfinables">security.apparmor.killUnconfinedConfinables</link>, 1353 + at the cost of having some of their processes killed when 1354 + updating to a NixOS version introducing new AppArmor profiles. 1355 + </para> 1356 + </listitem> 1357 + <listitem> 1358 + <para> 1359 + The GNOME desktop manager once again installs gnome.epiphany 1360 + by default. 1361 + </para> 1362 + </listitem> 1363 + <listitem> 1364 + <para> 1365 + NixOS now generates empty <literal>/etc/netgroup</literal>. 1366 + <literal>/etc/netgroup</literal> defines network-wide groups 1367 + and may affect to setups using NIS. 1368 + </para> 1369 + </listitem> 1370 + <listitem> 1371 + <para> 1372 + Platforms, like <literal>stdenv.hostPlatform</literal>, no 1373 + longer have a <literal>platform</literal> attribute. It has 1374 + been (mostly) flattened away: 1375 + </para> 1376 + <itemizedlist> 1377 + <listitem> 1378 + <para> 1379 + <literal>platform.gcc</literal> is now 1380 + <literal>gcc</literal> 1381 + </para> 1382 + </listitem> 1383 + <listitem> 1384 + <para> 1385 + <literal>platform.kernel*</literal> is now 1386 + <literal>linux-kernel.*</literal> 1387 + </para> 1388 + </listitem> 1389 + </itemizedlist> 1390 + <para> 1391 + Additionally, <literal>platform.kernelArch</literal> moved to 1392 + the top level as <literal>linuxArch</literal> to match the 1393 + other <literal>*Arch</literal> variables. 1394 + </para> 1395 + <para> 1396 + The <literal>platform</literal> grouping of these things never 1397 + meant anything, and was just a historial/implementation 1398 + artifact that was overdue removal. 1399 + </para> 1400 + </listitem> 1401 + <listitem> 1402 + <para> 1403 + <literal>services.restic</literal> now uses a dedicated cache 1404 + directory for every backup defined in 1405 + <literal>services.restic.backups</literal>. The old global 1406 + cache directory, <literal>/root/.cache/restic</literal>, is 1407 + now unused and can be removed to free up disk space. 1408 + </para> 1409 + </listitem> 1410 + <listitem> 1411 + <para> 1412 + <literal>isync</literal>: The <literal>isync</literal> 1413 + compatibility wrapper was removed and the Master/Slave 1414 + terminology has been deprecated and should be replaced with 1415 + Far/Near in the configuration file. 1416 + </para> 1417 + </listitem> 1418 + <listitem> 1419 + <para> 1420 + The nix-gc service now accepts randomizedDelaySec (default: 0) 1421 + and persistent (default: true) parameters. By default nix-gc 1422 + will now run immediately if it would have been triggered at 1423 + least once during the time when the timer was inactive. 1424 + </para> 1425 + </listitem> 1426 + <listitem> 1427 + <para> 1428 + The <literal>rustPlatform.buildRustPackage</literal> function 1429 + is split into several hooks: cargoSetupHook to set up 1430 + vendoring for Cargo-based projects, cargoBuildHook to build a 1431 + project using Cargo, cargoInstallHook to install a project 1432 + using Cargo, and cargoCheckHook to run tests in Cargo-based 1433 + projects. With this change, mixed-language projects can use 1434 + the relevant hooks within builders other than 1435 + <literal>buildRustPackage</literal>. However, these changes 1436 + also required several API changes to 1437 + <literal>buildRustPackage</literal> itself: 1438 + </para> 1439 + <itemizedlist> 1440 + <listitem> 1441 + <para> 1442 + The <literal>target</literal> argument was removed. 1443 + Instead, <literal>buildRustPackage</literal> will always 1444 + use the same target as the C/C++ compiler that is used. 1445 + </para> 1446 + </listitem> 1447 + <listitem> 1448 + <para> 1449 + The <literal>cargoParallelTestThreads</literal> argument 1450 + was removed. Parallel tests are now disabled through 1451 + <literal>dontUseCargoParallelTests</literal>. 1452 + </para> 1453 + </listitem> 1454 + </itemizedlist> 1455 + </listitem> 1456 + <listitem> 1457 + <para> 1458 + The <literal>rustPlatform.maturinBuildHook</literal> hook was 1459 + added. This hook can be used with 1460 + <literal>buildPythonPackage</literal> to build Python packages 1461 + that are written in Rust and use Maturin as their build tool. 1462 + </para> 1463 + </listitem> 1464 + <listitem> 1465 + <para> 1466 + Kubernetes has 1467 + <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated 1468 + docker</link> as container runtime. As a consequence, the 1469 + Kubernetes module now has support for configuration of custom 1470 + remote container runtimes and enables containerd by default. 1471 + Note that containerd is more strict regarding container image 1472 + OCI-compliance. As an example, images with CMD or ENTRYPOINT 1473 + defined as strings (not lists) will fail on containerd, while 1474 + working fine on docker. Please test your setup and container 1475 + images with containerd prior to upgrading. 1476 + </para> 1477 + </listitem> 1478 + <listitem> 1479 + <para> 1480 + The GitLab module now has support for automatic backups. A 1481 + schedule can be set with the 1482 + <link xlink:href="options.html#opt-services.gitlab.backup.startAt">services.gitlab.backup.startAt</link> 1483 + option. 1484 + </para> 1485 + </listitem> 1486 + <listitem> 1487 + <para> 1488 + Prior to this release, systemd would also read system units 1489 + from an undocumented 1490 + <literal>/etc/systemd-mutable/system</literal> path. This path 1491 + has been dropped from the defaults. That path (or others) can 1492 + be re-enabled by adding it to the 1493 + <link xlink:href="options.html#opt-boot.extraSystemdUnitPaths">boot.extraSystemdUnitPaths</link> 1494 + list. 1495 + </para> 1496 + </listitem> 1497 + <listitem> 1498 + <para> 1499 + PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle 1500 + and has been removed. 1501 + </para> 1502 + </listitem> 1503 + <listitem> 1504 + <para> 1505 + <link xlink:href="https://www.xfce.org/">Xfce4</link> relies 1506 + on GIO/GVfs for userspace virtual filesystem access in 1507 + applications like 1508 + <link xlink:href="https://docs.xfce.org/xfce/thunar/">thunar</link> 1509 + and 1510 + <link xlink:href="https://docs.xfce.org/apps/gigolo/">gigolo</link>. 1511 + For that to work, the gvfs nixos service is enabled by 1512 + default, and it can be configured with the specific package 1513 + that provides GVfs. Until now Xfce4 was setting it to use a 1514 + lighter version of GVfs (without support for samba). To avoid 1515 + conflicts with other desktop environments this setting has 1516 + been dropped. Users that still want it should add the 1517 + following to their system configuration: 1518 + </para> 1519 + <programlisting language="bash"> 1520 + { 1521 + services.gvfs.package = pkgs.gvfs.override { samba = null; }; 1522 + } 1523 + </programlisting> 1524 + </listitem> 1525 + <listitem> 1526 + <para> 1527 + The newly enabled <literal>systemd-pstore.service</literal> 1528 + now automatically evacuates crashdumps and panic logs from the 1529 + persistent storage to 1530 + <literal>/var/lib/systemd/pstore</literal>. This prevents 1531 + NVRAM from filling up, which ensures the latest diagnostic 1532 + data is always stored and alleviates problems with writing new 1533 + boot configurations. 1534 + </para> 1535 + </listitem> 1536 + <listitem> 1537 + <para> 1538 + Nixpkgs now contains 1539 + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically 1540 + packaged GNOME Shell extensions</link> from the 1541 + <link xlink:href="https://extensions.gnome.org/">GNOME 1542 + Extensions</link> portal. You can find them, filed by their 1543 + UUID, under <literal>gnome38Extensions</literal> attribute for 1544 + GNOME 3.38 and under <literal>gnome40Extensions</literal> for 1545 + GNOME 40. Finally, the <literal>gnomeExtensions</literal> 1546 + attribute contains extensions for the latest GNOME Shell 1547 + version in Nixpkgs, listed under a more human-friendly name. 1548 + The unqualified attribute scope also contains manually 1549 + packaged extensions. Note that the automatically packaged 1550 + extensions are provided for convenience and are not checked or 1551 + guaranteed to work. 1552 + </para> 1553 + </listitem> 1554 + <listitem> 1555 + <para> 1556 + Erlang/OTP versions older than R21 got dropped. We also 1557 + dropped the cuter package, as it was purely an example of how 1558 + to build a package. We also dropped <literal>lfe_1_2</literal> 1559 + as it could not build with R21+. Moving forward, we expect to 1560 + only support 3 yearly releases of OTP. 1561 + </para> 1562 + </listitem> 1563 + </itemizedlist> 1564 + </section> 1565 + </section>

+11

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

··· 341 341 attempts from the SSH logs. 342 342 </para> 343 343 </listitem> 344 + <listitem> 345 + <para> 346 + Sway: The terminal emulator <literal>rxvt-unicode</literal> is 347 + no longer installed by default via 348 + <literal>programs.sway.extraPackages</literal>. The current 349 + default configuration uses <literal>alacritty</literal> (and 350 + soon <literal>foot</literal>) so this is only an issue when 351 + using a customized configuration and not installing 352 + <literal>rxvt-unicode</literal> explicitly. 353 + </para> 354 + </listitem> 344 355 </itemizedlist> 345 356 </section> 346 357 </section>

+1 -1

nixos/doc/manual/release-notes/release-notes.xml

··· 9 9 current unstable revision. 10 10 </para> 11 11 <xi:include href="../from_md/release-notes/rl-2111.section.xml" /> 12 - <xi:include href="rl-2105.xml" /> 12 + <xi:include href="../from_md/release-notes/rl-2105.section.xml" /> 13 13 <xi:include href="../from_md/release-notes/rl-2009.section.xml" /> 14 14 <xi:include href="../from_md/release-notes/rl-2003.section.xml" /> 15 15 <xi:include href="../from_md/release-notes/rl-1909.section.xml" />

+428

nixos/doc/manual/release-notes/rl-2105.section.md

··· 1 + # Release 21.05 ("Okapi", 2021.05/31) {#sec-release-21.05} 2 + 3 + Support is planned until the end of December 2021, handing over to 21.11. 4 + 5 + ## Highlights {#sec-release-21.05-highlights} 6 + 7 + In addition to numerous new and upgraded packages, this release has the following highlights: 8 + 9 + - Core version changes: 10 + 11 + - gcc: 9.3.0 -\> 10.3.0 12 + 13 + - glibc: 2.30 -\> 2.32 14 + 15 + - default linux: 5.4 -\> 5.10, all supported kernels available 16 + 17 + - mesa: 20.1.7 -\> 21.0.1 18 + 19 + - Desktop Environments: 20 + 21 + - GNOME: 3.36 -\> 40, see its [release notes](https://help.gnome.org/misc/release-notes/40.0/) 22 + 23 + - Plasma5: 5.18.5 -\> 5.21.3 24 + 25 + - kdeApplications: 20.08.1 -\> 20.12.3 26 + 27 + - cinnamon: 4.6 -\> 4.8.1 28 + 29 + - Programming Languages and Frameworks: 30 + 31 + - Python optimizations were disabled again. Builds with optimizations enabled are not reproducible. Optimizations can now be enabled with an option. 32 + 33 + - The linux_latest kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). 34 + 35 + ## New Services {#sec-release-21.05-new-services} 36 + 37 + The following new services were added since the last release: 38 + 39 + - [GNURadio](https://www.gnuradio.org/) 3.8 was [finally](https://github.com/NixOS/nixpkgs/issues/82263) packaged, along with a rewrite to the Nix expressions, allowing users to override the features upstream supports selecting to compile or not to. Additionally, the attribute `gnuradio` and `gnuradio3_7` now point to an externally wrapped by default derivations, that allow you to also add \`extraPythonPackages\` to the Python interpreter used by GNURadio. Missing environmental variables needed for operational GUI were also added ([\#75478](https://github.com/NixOS/nixpkgs/issues/75478)). 40 + 41 + - [Keycloak](https://www.keycloak.org/), an open source identity and access management server with support for [OpenID Connect](https://openid.net/connect/), [OAUTH 2.0](https://oauth.net/2/) and [SAML 2.0](https://en.wikipedia.org/wiki/SAML_2.0). 42 + 43 + See the [Keycloak section of the NixOS manual](#module-services-keycloak) for more information. 44 + 45 + - [services.samba-wsdd.enable](options.html#opt-services.samba-wsdd.enable) Web Services Dynamic Discovery host daemon 46 + 47 + - [Discourse](https://www.discourse.org/), a modern and open source discussion platform. 48 + 49 + See the [Discourse section of the NixOS manual](#module-services-discourse) for more information. 50 + 51 + - [services.nebula.networks](options.html#opt-services.nebula.networks) [Nebula VPN](https://github.com/slackhq/nebula) 52 + 53 + ## Backward Incompatibilities {#sec-release-21.05-incompatibilities} 54 + 55 + When upgrading from a previous release, please be aware of the following incompatible changes: 56 + 57 + - GNOME desktop environment was upgraded to 40, see the release notes for [40.0](https://help.gnome.org/misc/release-notes/40.0/) and [3.38](https://help.gnome.org/misc/release-notes/3.38/). The `gnome3` attribute set has been renamed to `gnome` and so have been the NixOS options. 58 + 59 + - If you are using `services.udev.extraRules` to assign custom names to network interfaces, this may stop working due to a change in the initialisation of dhcpcd and systemd networkd. To avoid this, either move them to `services.udev.initrdRules` or see the new [Assigning custom names](#sec-custom-ifnames) section of the NixOS manual for an example using networkd links. 60 + 61 + - The `security.hideProcessInformation` module has been removed. It was broken since the switch to cgroups-v2. 62 + 63 + - The `linuxPackages.ati_drivers_x11` kernel modules have been removed. The drivers only supported kernels prior to 4.2, and thus have become obsolete. 64 + 65 + - The `systemConfig` kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them. 66 + 67 + - `systemd-journal2gelf` no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this [GitHub issue](https://github.com/parse-nl/SystemdJournal2Gelf/issues/10). 68 + 69 + - If the `services.dbus` module is enabled, then the user D-Bus session is now always socket activated. The associated options `services.dbus.socketActivated` and `services.xserver.startDbusSession` have therefore been removed and you will receive a warning if they are present in your configuration. This change makes the user D-Bus session available also for non-graphical logins. 70 + 71 + - The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don\'t want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`. 72 + 73 + - `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it\'s compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info. 74 + 75 + - Setting `services.openssh.authorizedKeysFiles` now also affects which keys `security.pam.enableSSHAgentAuth` will use. WARNING: If you are using these options in combination do make sure that any key paths you use are present in `services.openssh.authorizedKeysFiles`! 76 + 77 + - The option `fonts.enableFontDir` has been renamed to [fonts.fontDir.enable](options.html#opt-fonts.fontDir.enable). The path of font directory has also been changed to `/run/current-system/sw/share/X11/fonts`, for consistency with other X11 resources. 78 + 79 + - A number of options have been renamed in the kicad interface. `oceSupport` has been renamed to `withOCE`, `withOCCT` has been renamed to `withOCC`, `ngspiceSupport` has been renamed to `withNgspice`, and `scriptingSupport` has been renamed to `withScripting`. Additionally, `kicad/base.nix` no longer provides default argument values since these are provided by `kicad/default.nix`. 80 + 81 + - The socket for the `pdns-recursor` module was moved from `/var/lib/pdns-recursor` to `/run/pdns-recursor` to match upstream. 82 + 83 + - Paperwork was updated to version 2. The on-disk format slightly changed, and it is not possible to downgrade from Paperwork 2 back to Paperwork 1.3. Back your documents up before upgrading. See [this thread](https://forum.openpaper.work/t/paperwork-2-0/112/5) for more details. 84 + 85 + - PowerDNS has been updated from `4.2.x` to `4.3.x`. Please be sure to review the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0) provided by upstream before upgrading. Worth specifically noting is that the service now runs entirely as a dedicated `pdns` user, instead of starting as `root` and dropping privileges, as well as the default `socket-dir` location changing from `/var/lib/powerdns` to `/run/pdns`. 86 + 87 + - The `mediatomb` service is now using by default the new and maintained fork `gerbera` package instead of the unmaintained `mediatomb` package. If you want to keep the old behavior, you must declare it with: 88 + 89 + ```nix 90 + { 91 + services.mediatomb.package = pkgs.mediatomb; 92 + } 93 + ``` 94 + 95 + One new option `openFirewall` has been introduced which defaults to false. If you relied on the service declaration to add the firewall rules itself before, you should now declare it with: 96 + 97 + ```nix 98 + { 99 + services.mediatomb.openFirewall = true; 100 + } 101 + ``` 102 + 103 + - xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation. Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16. If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them with `mkfs.xfs -m reflink=0`. 104 + 105 + - The uWSGI server is now built with POSIX capabilities. As a consequence, root is no longer required in emperor mode and the service defaults to running as the unprivileged `uwsgi` user. Any additional capability can be added via the new option [services.uwsgi.capabilities](options.html#opt-services.uwsgi.capabilities). The previous behaviour can be restored by setting: 106 + 107 + ```nix 108 + { 109 + services.uwsgi.user = "root"; 110 + services.uwsgi.group = "root"; 111 + services.uwsgi.instance = 112 + { 113 + uid = "uwsgi"; 114 + gid = "uwsgi"; 115 + }; 116 + } 117 + ``` 118 + 119 + Another incompatibility from the previous release is that vassals running under a different user or group need to use `immediate-{uid,gid}` instead of the usual `uid,gid` options. 120 + 121 + - btc1 has been abandoned upstream, and removed. 122 + 123 + - cpp_ethereum (aleth) has been abandoned upstream, and removed. 124 + 125 + - riak-cs package removed along with `services.riak-cs` module. 126 + 127 + - stanchion package removed along with `services.stanchion` module. 128 + 129 + - mutt has been updated to a new major version (2.x), which comes with some backward incompatible changes that are described in the [release notes for Mutt 2.0](http://www.mutt.org/relnotes/2.0/). 130 + 131 + - `vim` and `neovim` switched to Python 3, dropping all Python 2 support. 132 + 133 + - [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory\'s permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294). 134 + 135 + - [boot.zfs.forceImportAll](options.html#opt-boot.zfs.forceImportAll) previously did nothing, but has been fixed. However its default has been changed to `false` to preserve the existing default behaviour. If you have this explicitly set to `true`, please note that your non-root pools will now be forcibly imported. 136 + 137 + - openafs now points to openafs_1_8, which is the new stable release. OpenAFS 1.6 was removed. 138 + 139 + - The WireGuard module gained a new option `networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds` that implements refreshing the IP of DNS-based endpoints periodically (which WireGuard itself [cannot do](https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html)). 140 + 141 + - MariaDB has been updated to 10.5. Before you upgrade, it would be best to take a backup of your database and read [ Incompatible Changes Between 10.4 and 10.5](https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105). After the upgrade you will need to run `mysql_upgrade`. 142 + 143 + - The TokuDB storage engine dropped in mariadb 10.5 and removed in mariadb 10.6. It is recommended to switch to RocksDB. See also [TokuDB](https://mariadb.com/kb/en/tokudb/) and [MDEV-19780: Remove the TokuDB storage engine](https://jira.mariadb.org/browse/MDEV-19780). 144 + 145 + - The `openldap` module now has support for OLC-style configuration, users of the `configDir` option may wish to migrate. If you continue to use `configDir`, ensure that `olcPidFile` is set to `/run/slapd/slapd.pid`. 146 + 147 + As a result, `extraConfig` and `extraDatabaseConfig` are removed. To help with migration, you can convert your `slapd.conf` file to OLC configuration with the following script (find the location of this configuration file by running `systemctl status openldap`, it is the `-f` option. 148 + 149 + ```ShellSession 150 + $ TMPDIR=$(mktemp -d) 151 + $ slaptest -f /path/to/slapd.conf -F $TMPDIR 152 + $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' 153 + ``` 154 + 155 + This will dump your current configuration in LDIF format, which should be straightforward to convert into Nix settings. This does not show your schema configuration, as this is unnecessarily verbose for users of the default schemas and `slaptest` is buggy with schemas directly in the config file. 156 + 157 + - Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and restarting the instance will now cause it to fetch and apply the new user data. 158 + 159 + ::: {.warning} 160 + Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`\'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`. 161 + ::: 162 + 163 + - The `rspamd` services is now sandboxed. It is run as a dynamic user instead of root, so secrets and other files may have to be moved or their permissions may have to be fixed. The sockets are now located in `/run/rspamd` instead of `/run`. 164 + 165 + - Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor\'s faster port, use the following configuration: 166 + 167 + ```nix 168 + { 169 + opt-services.privoxy.enable = true; 170 + opt-services.privoxy.enableTor = true; 171 + } 172 + ``` 173 + 174 + - The `services.tor` module has a new exhaustively typed [services.tor.settings](options.html#opt-services.tor.settings) option following RFC 0042; backward compatibility with old options has been preserved when aliasing was possible. The corresponding systemd service has been hardened, but there is a chance that the service still requires more permissions, so please report any related trouble on the bugtracker. Onion services v3 are now supported in [services.tor.relay.onionServices](options.html#opt-services.tor.relay.onionServices). A new [services.tor.openFirewall](options.html#opt-services.tor.openFirewall) option as been introduced for allowing connections on all the TCP ports configured. 175 + 176 + - The options `services.slurm.dbdserver.storagePass` and `services.slurm.dbdserver.configFile` have been removed. Use `services.slurm.dbdserver.storagePassFile` instead to provide the database password. Extra config options can be given via the option `services.slurm.dbdserver.extraConfig`. The actual configuration file is created on the fly on startup of the service. This avoids that the password gets exposed in the nix store. 177 + 178 + - The `wafHook` hook does not wrap Python anymore. Packages depending on `wafHook` need to include any Python into their `nativeBuildInputs`. 179 + 180 + - Starting with version 1.7.0, the project formerly named `CodiMD` is now named `HedgeDoc`. New installations will no longer use the old name for users, state directories and such, this needs to be considered when moving state to a more recent NixOS installation. Based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will continue to work. 181 + 182 + - The fish-foreign-env package has been replaced with fishPlugins.foreign-env, in which the fish functions have been relocated to the `vendor_functions.d` directory to be loaded automatically. 183 + 184 + - The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter\'s `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this: 185 + 186 + ``` 187 + http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint 188 + ``` 189 + 190 + Existing configuration for the exporter needs to be updated, but can partially be re-used. Documentation is available in the upstream repository and a small example for NixOS is available in the corresponding NixOS test. 191 + 192 + These changes also affect [services.prometheus.exporters.rspamd.enable](options.html#opt-services.prometheus.exporters.rspamd.enable), which is just a preconfigured instance of the json exporter. 193 + 194 + For more information, take a look at the [ official documentation](https://github.com/prometheus-community/json_exporter) of the json_exporter. 195 + 196 + - Androidenv was updated, removing the `includeDocs` and `lldbVersions` arguments. Docs only covered a single version of the Android SDK, LLDB is now bundled with the NDK, and both are no longer available to download from the Android package repositories. Additionally, since the package lists have been updated, some older versions of Android packages may not be bundled. If you depend on older versions of Android packages, we recommend overriding the repo. 197 + 198 + Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments `repoJson` and `repoXmls` have been added to allow overriding the built-in androidenv repo.json with your own. Additionally, license files are now written to allow compatibility with Gradle-based tools, and the `extraLicenses` argument has been added to accept more SDK licenses if your project requires it. See the androidenv documentation for more details. 199 + 200 + - The attribute `mpi` is now consistently used to provide a default, system-wide MPI implementation. The default implementation is openmpi, which has been used before by all derivations affects by this change. Note that all packages that have used `mpi ? null` in the input for optional MPI builds, have been changed to the boolean input paramater `useMpi` to enable building with MPI. Building all packages with `mpich` instead of the default `openmpi` can now be achived like this: 201 + 202 + ```nix 203 + self: super: 204 + { 205 + mpi = super.mpich; 206 + } 207 + ``` 208 + 209 + - The Searx module has been updated with the ability to configure the service declaratively and uWSGI integration. The option `services.searx.configFile` has been renamed to [services.searx.settingsFile](options.html#opt-services.searx.settingsFile) for consistency with the new [services.searx.settings](options.html#opt-services.searx.settings). In addition, the `searx` uid and gid reservations have been removed since they were not necessary: the service is now running with a dynamically allocated uid. 210 + 211 + - The libinput module has been updated with the ability to configure mouse and touchpad settings separately. The options in `services.xserver.libinput` have been renamed to `services.xserver.libinput.touchpad`, while there is a new `services.xserver.libinput.mouse` for mouse related configuration. 212 + 213 + Since touchpad options no longer apply to all devices, you may want to replicate your touchpad configuration in mouse section. 214 + 215 + - ALSA OSS emulation (`sound.enableOSSEmulation`) is now disabled by default. 216 + 217 + - Thinkfan as been updated to `1.2.x`, which comes with a new YAML based configuration format. For this reason, several NixOS options of the thinkfan module have been changed to non-backward compatible types. In addition, a new [services.thinkfan.settings](options.html#opt-services.thinkfan.settings) option has been added. 218 + 219 + Please read the [ thinkfan documentation](https://github.com/vmatare/thinkfan#readme) before updating. 220 + 221 + - Adobe Flash Player support has been dropped from the tree. In particular, the following packages no longer support it: 222 + 223 + - chromium 224 + 225 + - firefox 226 + 227 + - qt48 228 + 229 + - qt5.qtwebkit 230 + 231 + Additionally, packages flashplayer and hal-flash were removed along with the `services.flashpolicyd` module. 232 + 233 + - The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel\'s RNG. 234 + 235 + The default SMTP port for GitLab has been changed to `25` from its previous default of `465`. If you depended on this default, you should now set the [services.gitlab.smtp.port](options.html#opt-services.gitlab.smtp.port) option. 236 + 237 + - The default version of ImageMagick has been updated from 6 to 7. You can use imagemagick6, imagemagick6_light, and imagemagick6Big if you need the older version. 238 + 239 + - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) no longer uses the deprecated `cirrus` and `vesa` device dependent X drivers by default. It also enables both `amdgpu` and `nouveau` drivers by default now. 240 + 241 + - The `kindlegen` package is gone, because it is no longer supported or hosted by Amazon. Sadly, its replacement, Kindle Previewer, has no Linux support. However, there are other ways to generate MOBI files. See [the discussion](https://github.com/NixOS/nixpkgs/issues/96439) for more info. 242 + 243 + - The apacheKafka packages are now built with version-matched JREs. Versions 2.6 and above, the ones that recommend it, use jdk11, while versions below remain on jdk8. The NixOS service has been adjusted to start the service using the same version as the package, adjustable with the new [services.apache-kafka.jre](options.html#opt-services.apache-kafka.jre) option. Furthermore, the default list of [services.apache-kafka.jvmOptions](options.html#opt-services.apache-kafka.jvmOptions) have been removed. You should set your own according to the [upstream documentation](https://kafka.apache.org/documentation/#java) for your Kafka version. 244 + 245 + - The kodi package has been modified to allow concise addon management. Consider the following configuration from previous releases of NixOS to install kodi, including the kodiPackages.inputstream-adaptive and kodiPackages.vfs-sftp addons: 246 + 247 + ```nix 248 + { 249 + environment.systemPackages = [ 250 + pkgs.kodi 251 + ]; 252 + 253 + nixpkgs.config.kodi = { 254 + enableInputStreamAdaptive = true; 255 + enableVFSSFTP = true; 256 + }; 257 + } 258 + ``` 259 + 260 + All Kodi `config` flags have been removed, and as a result the above configuration should now be written as: 261 + 262 + ```nix 263 + { 264 + environment.systemPackages = [ 265 + (pkgs.kodi.withPackages (p: with p; [ 266 + inputstream-adaptive 267 + vfs-sftp 268 + ])) 269 + ]; 270 + } 271 + ``` 272 + 273 + - `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`. 274 + 275 + - `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn\'t enforce nor checks the correct number of paths to correspond to minio requirements. 276 + 277 + - All CUDA toolkit versions prior to CUDA 10 have been removed. 278 + 279 + - The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it\'s still `dvp`. 280 + 281 + - The babeld service is now being run as an unprivileged user. To achieve that the module configures `skip-kernel-setup true` and takes care of setting forwarding and rp_filter sysctls by itself as well as for each interface in `services.babeld.interfaces`. 282 + 283 + - The `services.zigbee2mqtt.config` option has been renamed to `services.zigbee2mqtt.settings` and now follows [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). 284 + 285 + The yadm dotfile manager has been updated from 2.x to 3.x, which has new (XDG) default locations for some data/state files. Most yadm commands will fail and print a legacy path warning (which describes how to upgrade/migrate your repository). If you have scripts, daemons, scheduled jobs, shell profiles, etc. that invoke yadm, expect them to fail or misbehave until you perform this migration and prepare accordingly. 286 + 287 + - Instead of determining `services.radicale.package` automatically based on `system.stateVersion`, the latest version is always used because old versions are not officially supported. 288 + 289 + Furthermore, Radicale\'s systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used. 290 + 291 + - In the `security.acme` module, use of `--reuse-key` parameter for Lego has been removed. It was introduced for HKPK, but this security feature is now deprecated. It is a better security practice to rotate key pairs instead of always keeping the same. If you need to keep this parameter, you can add it back using `extraLegoRenewFlags` as an option for the appropriate certificate. 292 + 293 + ## Other Notable Changes {#sec-release-21.05-notable-changes} 294 + 295 + - `stdenv.lib` has been deprecated and will break eval in 21.11. Please use `pkgs.lib` instead. See [\#108938](https://github.com/NixOS/nixpkgs/issues/108938) for details. 296 + 297 + - [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there\'s a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well. 298 + 299 + - [Privoxy](https://www.privoxy.org/) has been updated to version 3.0.32 (See [announcement](https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html)). Compared to the previous release, Privoxy has gained support for HTTPS inspection (still experimental), Brotli decompression, several new filters and lots of bug fixes, including security ones. In addition, the package is now built with compression and external filters support, which were previously disabled. 300 + 301 + Regarding the NixOS module, new options for HTTPS inspection have been added and `services.privoxy.extraConfig` has been replaced by the new [services.privoxy.settings](options.html#opt-services.privoxy.settings) (See [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) for the motivation). 302 + 303 + - [Kodi](https://kodi.tv/) has been updated to version 19.1 \"Matrix\". See the [announcement](https://kodi.tv/article/kodi-190-matrix-release) for further details. 304 + 305 + - The `services.packagekit.backend` option has been removed as it only supported a single setting which would always be the default. Instead new [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) compliant [services.packagekit.settings](options.html#opt-services.packagekit.settings) and [services.packagekit.vendorSettings](options.html#opt-services.packagekit.vendorSettings) options have been introduced. 306 + 307 + - [Nginx](https://nginx.org) has been updated to stable version 1.20.0. Now nginx uses the zlib-ng library by default. 308 + 309 + - KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its [release notes](https://kde.org/announcements/gear/21.04/) for details. 310 + 311 + The `kdeApplications` package set is now `kdeGear`, in keeping with the new name. The old name remains for compatibility, but it is deprecated. 312 + 313 + - [Libreswan](https://libreswan.org/) has been updated to version 4.4. The package now includes example configurations and manual pages by default. The NixOS module has been changed to use the upstream systemd units and write the configuration in the `/etc/ipsec.d/ ` directory. In addition, two new options have been added to specify connection policies ([services.libreswan.policies](options.html#opt-services.libreswan.policies)) and disable send/receive redirects ([services.libreswan.disableRedirects](options.html#opt-services.libreswan.disableRedirects)). 314 + 315 + - The Mailman NixOS module (`services.mailman`) has a new option [services.mailman.enablePostfix](options.html#opt-services.mailman.enablePostfix), defaulting to true, that controls integration with Postfix. 316 + 317 + If this option is disabled, default MTA config becomes not set and you should set the options in `services.mailman.settings.mta` according to the desired configuration as described in [Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html). 318 + 319 + - The default-version of `nextcloud` is nextcloud21. Please note that it\'s _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it\'s e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first. 320 + 321 + The package can be manually upgraded by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud21. 322 + 323 + - The setting [services.redis.bind](options.html#opt-services.redis.bind) defaults to `127.0.0.1` now, making Redis listen on the loopback interface only, and not all public network interfaces. 324 + 325 + - NixOS now emits a deprecation warning if systemd\'s `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details. 326 + 327 + All services should use [systemd.services._name_.startLimitIntervalSec](options.html#opt-systemd.services._name_.startLimitIntervalSec) or `StartLimitIntervalSec` in [systemd.services._name_.unitConfig](options.html#opt-systemd.services._name_.unitConfig) instead. 328 + 329 + - The `mediatomb` service declares new options. It also adapts existing options so the configuration generation is now lazy. The existing option `customCfg` (defaults to false), when enabled, stops the service configuration generation completely. It then expects the users to provide their own correct configuration at the right location (whereas the configuration was generated and not used at all before). The new option `transcodingOption` (defaults to no) allows a generated configuration. It makes the mediatomb service pulls the necessary runtime dependencies in the nix store (whereas it was generated with hardcoded values before). The new option `mediaDirectories` allows the users to declare autoscan media directories from their nixos configuration: 330 + 331 + ```nix 332 + { 333 + services.mediatomb.mediaDirectories = [ 334 + { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } 335 + { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } 336 + ]; 337 + } 338 + ``` 339 + 340 + - The Unbound DNS resolver service (`services.unbound`) has been refactored to allow reloading, control sockets and to fix startup ordering issues. 341 + 342 + It is now possible to enable a local UNIX control socket for unbound by setting the [services.unbound.localControlSocketPath](options.html#opt-services.unbound.localControlSocketPath) option. 343 + 344 + Previously we just applied a very minimal set of restrictions and trusted unbound to properly drop root privs and capabilities. 345 + 346 + As of this we are (for the most part) just using the upstream example unit file for unbound. The main difference is that we start unbound as `unbound` user with the required capabilities instead of letting unbound do the chroot & uid/gid changes. 347 + 348 + The upstream unit configuration this is based on is a lot stricter with all kinds of permissions then our previous variant. It also came with the default of having the `Type` set to `notify`, therefore we are now also using the `unbound-with-systemd` package here. Unbound will start up, read the configuration files and start listening on the configured ports before systemd will declare the unit `active (running)`. This will likely help with startup order and the occasional race condition during system activation where the DNS service is started but not yet ready to answer queries. Services depending on `nss-lookup.target` or `unbound.service` are now be able to use unbound when those targets have been reached. 349 + 350 + Additionally to the much stricter runtime environment the `/dev/urandom` mount lines we previously had in the code (that randomly failed during the stop-phase) have been removed as systemd will take care of those for us. 351 + 352 + The `preStart` script is now only required if we enabled the trust anchor updates (which are still enabled by default). 353 + 354 + Another benefit of the refactoring is that we can now issue reloads via either `pkill -HUP unbound` and `systemctl reload unbound` to reload the running configuration without taking the daemon offline. A prerequisite of this was that unbound configuration is available on a well known path on the file system. We are using the path `/etc/unbound/unbound.conf` as that is the default in the CLI tooling which in turn enables us to use `unbound-control` without passing a custom configuration location. 355 + 356 + The module has also been reworked to be [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) compliant. As such, `sevices.unbound.extraConfig` has been removed and replaced by [services.unbound.settings](options.html#opt-services.unbound.settings). `services.unbound.interfaces` has been renamed to `services.unbound.settings.server.interface`. 357 + 358 + `services.unbound.forwardAddresses` and `services.unbound.allowedAccess` have also been changed to use the new settings interface. You can follow the instructions when executing `nixos-rebuild` to upgrade your configuration to use the new interface. 359 + 360 + - The `services.dnscrypt-proxy2` module now takes the upstream\'s example configuration and updates it with the user\'s settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch. 361 + 362 + - NixOS now defaults to the unified cgroup hierarchy (cgroupsv2). See the [Fedora Article for 31](https://www.redhat.com/sysadmin/fedora-31-control-group-v2) for details on why this is desirable, and how it impacts containers. 363 + 364 + If you want to run containers with a runtime that does not yet support cgroupsv2, you can switch back to the old behaviour by setting [systemd.enableUnifiedCgroupHierarchy](options.html#opt-systemd.enableUnifiedCgroupHierarchy) = `false`; and rebooting. 365 + 366 + - PulseAudio was upgraded to 14.0, with changes to the handling of default sinks. See its [release notes](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/). 367 + 368 + - GNOME users may wish to delete their `~/.config/pulse` due to the changes to stream routing logic. See [PulseAudio bug 832](https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832) for more information. 369 + 370 + - The zookeeper package does not provide `zooInspector.sh` anymore, as that \"contrib\" has been dropped from upstream releases. 371 + 372 + - In the ACME module, the data used to build the hash for the account directory has changed to accomodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling. 373 + 374 + - [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly. 375 + 376 + - When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those. 377 + 378 + - The `security.apparmor` module, for the [AppArmor](https://gitlab.com/apparmor/apparmor/-/wikis/Documentation) Mandatory Access Control system, has been substantialy improved along with related tools, so that module maintainers can now more easily write AppArmor profiles for NixOS. The most notable change on the user-side is the new option [security.apparmor.policies](options.html#opt-security.apparmor.policies), replacing the previous `profiles` option to provide a way to disable a profile and to select whether to confine in enforce mode (default) or in complain mode (see `journalctl -b --grep apparmor`). Security-minded users may also want to enable [security.apparmor.killUnconfinedConfinables](options.html#opt-security.apparmor.killUnconfinedConfinables), at the cost of having some of their processes killed when updating to a NixOS version introducing new AppArmor profiles. 379 + 380 + - The GNOME desktop manager once again installs gnome.epiphany by default. 381 + 382 + - NixOS now generates empty `/etc/netgroup`. `/etc/netgroup` defines network-wide groups and may affect to setups using NIS. 383 + 384 + - Platforms, like `stdenv.hostPlatform`, no longer have a `platform` attribute. It has been (mostly) flattened away: 385 + 386 + - `platform.gcc` is now `gcc` 387 + 388 + - `platform.kernel*` is now `linux-kernel.*` 389 + 390 + Additionally, `platform.kernelArch` moved to the top level as `linuxArch` to match the other `*Arch` variables. 391 + 392 + The `platform` grouping of these things never meant anything, and was just a historial/implementation artifact that was overdue removal. 393 + 394 + - `services.restic` now uses a dedicated cache directory for every backup defined in `services.restic.backups`. The old global cache directory, `/root/.cache/restic`, is now unused and can be removed to free up disk space. 395 + 396 + - `isync`: The `isync` compatibility wrapper was removed and the Master/Slave terminology has been deprecated and should be replaced with Far/Near in the configuration file. 397 + 398 + - The nix-gc service now accepts randomizedDelaySec (default: 0) and persistent (default: true) parameters. By default nix-gc will now run immediately if it would have been triggered at least once during the time when the timer was inactive. 399 + 400 + - The `rustPlatform.buildRustPackage` function is split into several hooks: cargoSetupHook to set up vendoring for Cargo-based projects, cargoBuildHook to build a project using Cargo, cargoInstallHook to install a project using Cargo, and cargoCheckHook to run tests in Cargo-based projects. With this change, mixed-language projects can use the relevant hooks within builders other than `buildRustPackage`. However, these changes also required several API changes to `buildRustPackage` itself: 401 + 402 + - The `target` argument was removed. Instead, `buildRustPackage` will always use the same target as the C/C++ compiler that is used. 403 + 404 + - The `cargoParallelTestThreads` argument was removed. Parallel tests are now disabled through `dontUseCargoParallelTests`. 405 + 406 + - The `rustPlatform.maturinBuildHook` hook was added. This hook can be used with `buildPythonPackage` to build Python packages that are written in Rust and use Maturin as their build tool. 407 + 408 + - Kubernetes has [deprecated docker](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/) as container runtime. As a consequence, the Kubernetes module now has support for configuration of custom remote container runtimes and enables containerd by default. Note that containerd is more strict regarding container image OCI-compliance. As an example, images with CMD or ENTRYPOINT defined as strings (not lists) will fail on containerd, while working fine on docker. Please test your setup and container images with containerd prior to upgrading. 409 + 410 + - The GitLab module now has support for automatic backups. A schedule can be set with the [services.gitlab.backup.startAt](options.html#opt-services.gitlab.backup.startAt) option. 411 + 412 + - Prior to this release, systemd would also read system units from an undocumented `/etc/systemd-mutable/system` path. This path has been dropped from the defaults. That path (or others) can be re-enabled by adding it to the [boot.extraSystemdUnitPaths](options.html#opt-boot.extraSystemdUnitPaths) list. 413 + 414 + - PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle and has been removed. 415 + 416 + - [Xfce4](https://www.xfce.org/) relies on GIO/GVfs for userspace virtual filesystem access in applications like [thunar](https://docs.xfce.org/xfce/thunar/) and [gigolo](https://docs.xfce.org/apps/gigolo/). For that to work, the gvfs nixos service is enabled by default, and it can be configured with the specific package that provides GVfs. Until now Xfce4 was setting it to use a lighter version of GVfs (without support for samba). To avoid conflicts with other desktop environments this setting has been dropped. Users that still want it should add the following to their system configuration: 417 + 418 + ```nix 419 + { 420 + services.gvfs.package = pkgs.gvfs.override { samba = null; }; 421 + } 422 + ``` 423 + 424 + - The newly enabled `systemd-pstore.service` now automatically evacuates crashdumps and panic logs from the persistent storage to `/var/lib/systemd/pstore`. This prevents NVRAM from filling up, which ensures the latest diagnostic data is always stored and alleviates problems with writing new boot configurations. 425 + 426 + - Nixpkgs now contains [automatically packaged GNOME Shell extensions](https://github.com/NixOS/nixpkgs/pull/118232) from the [GNOME Extensions](https://extensions.gnome.org/) portal. You can find them, filed by their UUID, under `gnome38Extensions` attribute for GNOME 3.38 and under `gnome40Extensions` for GNOME 40. Finally, the `gnomeExtensions` attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work. 427 + 428 + - Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package. We also dropped `lfe_1_2` as it could not build with R21+. Moving forward, we expect to only support 3 yearly releases of OTP.

-1266

nixos/doc/manual/release-notes/rl-2105.xml

··· 1 - <section xmlns="http://docbook.org/ns/docbook" 2 - xmlns:xlink="http://www.w3.org/1999/xlink" 3 - xmlns:xi="http://www.w3.org/2001/XInclude" 4 - version="5.0" 5 - xml:id="sec-release-21.05"> 6 - <title>Release 21.05 (“Okapi”, 2021.05/31)</title> 7 - 8 - <para> 9 - Support is planned until the end of December 2021, handing over to 21.11. 10 - </para> 11 - <section xmlns="http://docbook.org/ns/docbook" 12 - xmlns:xlink="http://www.w3.org/1999/xlink" 13 - xmlns:xi="http://www.w3.org/2001/XInclude" 14 - version="5.0" 15 - xml:id="sec-release-21.05-highlights"> 16 - <title>Highlights</title> 17 - 18 - <para> 19 - In addition to numerous new and upgraded packages, this release has the 20 - following highlights: 21 - </para> 22 - 23 - <itemizedlist> 24 - 25 - <listitem> 26 - <para> 27 - Core version changes: 28 - </para> 29 - <itemizedlist> 30 - <listitem> 31 - <para> 32 - gcc: 9.3.0 -> 10.3.0 33 - </para> 34 - </listitem> 35 - <listitem> 36 - <para> 37 - glibc: 2.30 -> 2.32 38 - </para> 39 - </listitem> 40 - <listitem> 41 - <para> 42 - default linux: 5.4 -> 5.10, all supported kernels available 43 - </para> 44 - </listitem> 45 - <listitem> 46 - <para> 47 - mesa: 20.1.7 -> 21.0.1 48 - </para> 49 - </listitem> 50 - </itemizedlist> 51 - </listitem> 52 - <listitem> 53 - <para> 54 - Desktop Environments: 55 - </para> 56 - <itemizedlist> 57 - <listitem> 58 - <para> 59 - GNOME: 3.36 -> 40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release notes</link> 60 - </para> 61 - </listitem> 62 - <listitem> 63 - <para> 64 - Plasma5: 5.18.5 -> 5.21.3 65 - </para> 66 - </listitem> 67 - <listitem> 68 - <para> 69 - kdeApplications: 20.08.1 -> 20.12.3 70 - </para> 71 - </listitem> 72 - <listitem> 73 - <para> 74 - cinnamon: 4.6 -> 4.8.1 75 - </para> 76 - </listitem> 77 - </itemizedlist> 78 - </listitem> 79 - 80 - <listitem> 81 - <para> 82 - Programming Languages and Frameworks: 83 - </para> 84 - <itemizedlist> 85 - 86 - <listitem> 87 - <para> 88 - Python optimizations were disabled again. Builds with optimizations enabled 89 - are not reproducible. Optimizations can now be enabled with an option. 90 - </para> 91 - </listitem> 92 - 93 - </itemizedlist> 94 - </listitem> 95 - <listitem> 96 - <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para> 97 - </listitem> 98 - 99 - </itemizedlist> 100 - </section> 101 - 102 - <section xmlns="http://docbook.org/ns/docbook" 103 - xmlns:xlink="http://www.w3.org/1999/xlink" 104 - xmlns:xi="http://www.w3.org/2001/XInclude" 105 - version="5.0" 106 - xml:id="sec-release-21.05-new-services"> 107 - <title>New Services</title> 108 - 109 - <para> 110 - The following new services were added since the last release: 111 - </para> 112 - 113 - <itemizedlist> 114 - <listitem> 115 - <para> 116 - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 and 3.9 were 117 - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> 118 - packaged, along with a rewrite to the Nix expressions, allowing users to 119 - override the features upstream supports selecting to compile or not to. 120 - Additionally, the attribute <code>gnuradio</code> (3.9), <code>gnuradio3_8</code> and <code>gnuradio3_7</code> 121 - now point to an externally wrapped by default derivations, that allow you to 122 - also add `extraPythonPackages` to the Python interpreter used by GNURadio. 123 - Missing environmental variables needed for operational GUI were also added 124 - (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). 125 - </para> 126 - </listitem> 127 - 128 - <listitem> 129 - <para> 130 - <link xlink:href="https://www.keycloak.org/">Keycloak</link>, 131 - an open source identity and access management server with 132 - support for <link 133 - xlink:href="https://openid.net/connect/">OpenID Connect</link>, 134 - <link xlink:href="https://oauth.net/2/">OAUTH 2.0</link> and 135 - <link xlink:href="https://en.wikipedia.org/wiki/SAML_2.0">SAML 136 - 2.0</link>. 137 - </para> 138 - <para> 139 - See the <link linkend="module-services-keycloak">Keycloak 140 - section of the NixOS manual</link> for more information. 141 - </para> 142 - </listitem> 143 - <listitem> 144 - <para> 145 - <xref linkend="opt-services.samba-wsdd.enable" /> Web Services Dynamic Discovery host daemon 146 - </para> 147 - </listitem> 148 - <listitem> 149 - <para> 150 - <link xlink:href="https://www.discourse.org/">Discourse</link>, a 151 - modern and open source discussion platform. 152 - </para> 153 - <para> 154 - See the <link linkend="module-services-discourse">Discourse 155 - section of the NixOS manual</link> for more information. 156 - </para> 157 - </listitem> 158 - <listitem> 159 - <para> 160 - <xref linkend="opt-services.nebula.networks" /> <link xlink:href="https://github.com/slackhq/nebula">Nebula VPN</link> 161 - </para> 162 - </listitem> 163 - </itemizedlist> 164 - 165 - </section> 166 - 167 - <section xmlns="http://docbook.org/ns/docbook" 168 - xmlns:xlink="http://www.w3.org/1999/xlink" 169 - xmlns:xi="http://www.w3.org/2001/XInclude" 170 - version="5.0" 171 - xml:id="sec-release-21.05-incompatibilities"> 172 - <title>Backward Incompatibilities</title> 173 - 174 - <para> 175 - When upgrading from a previous release, please be aware of the following 176 - incompatible changes: 177 - </para> 178 - 179 - <itemizedlist> 180 - <listitem> 181 - <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para> 182 - </listitem> 183 - 184 - <listitem> 185 - <para> 186 - If you are using <option>services.udev.extraRules</option> to assign 187 - custom names to network interfaces, this may stop working due to a change 188 - in the initialisation of dhcpcd and systemd networkd. To avoid this, either 189 - move them to <option>services.udev.initrdRules</option> or see the new 190 - <link linkend="sec-custom-ifnames">Assigning custom names</link> section 191 - of the NixOS manual for an example using networkd links. 192 - </para> 193 - </listitem> 194 - <listitem> 195 - <para> 196 - The <option>security.hideProcessInformation</option> module has been removed. 197 - It was broken since the switch to cgroups-v2. 198 - </para> 199 - </listitem> 200 - <listitem> 201 - <para> 202 - The <literal>linuxPackages.ati_drivers_x11</literal> kernel modules have been removed. 203 - The drivers only supported kernels prior to 4.2, and thus have become obsolete. 204 - </para> 205 - </listitem> 206 - <listitem> 207 - <para> 208 - The <literal>systemConfig</literal> kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them. 209 - </para> 210 - </listitem> 211 - <listitem> 212 - <para> 213 - <literal>systemd-journal2gelf</literal> no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub issue</link>. 214 - </para> 215 - </listitem> 216 - <listitem> 217 - <para> 218 - If the <varname>services.dbus</varname> module is enabled, then 219 - the user D-Bus session is now always socket activated. The 220 - associated options <varname>services.dbus.socketActivated</varname> 221 - and <varname>services.xserver.startDbusSession</varname> have 222 - therefore been removed and you will receive a warning if 223 - they are present in your configuration. This change makes the 224 - user D-Bus session available also for non-graphical logins. 225 - </para> 226 - </listitem> 227 - <listitem> 228 - <para> 229 - The <varname>networking.wireless.iwd</varname> module now installs 230 - the upstream-provided 80-iwd.link file, which sets the NamePolicy= 231 - for all wlan devices to "keep kernel", to avoid race conditions 232 - between iwd and networkd. If you don't want this, you can set 233 - <literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>. 234 - </para> 235 - </listitem> 236 - <listitem> 237 - <para> 238 - <literal>rubyMinimal</literal> was removed due to being unused and 239 - unusable. The default ruby interpreter includes JIT support, which makes 240 - it reference it's compiler. Since JIT support is probably needed by some 241 - Gems, it was decided to enable this feature with all cc references by 242 - default, and allow to build a Ruby derivation without references to cc, 243 - by setting <literal>jitSupport = false;</literal> in an overlay. See 244 - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link> 245 - for more info. 246 - </para> 247 - </listitem> 248 - <listitem> 249 - <para> 250 - Setting <option>services.openssh.authorizedKeysFiles</option> now also affects which keys <option>security.pam.enableSSHAgentAuth</option> will use. 251 - 252 - WARNING: If you are using these options in combination do make sure that any key paths you use are present in <option>services.openssh.authorizedKeysFiles</option>! 253 - </para> 254 - </listitem> 255 - <listitem> 256 - <para> 257 - The option <option>fonts.enableFontDir</option> has been renamed to 258 - <xref linkend="opt-fonts.fontDir.enable"/>. The path of font directory 259 - has also been changed to <literal>/run/current-system/sw/share/X11/fonts</literal>, 260 - for consistency with other X11 resources. 261 - </para> 262 - </listitem> 263 - <listitem> 264 - <para> 265 - A number of options have been renamed in the kicad interface. <literal>oceSupport</literal> 266 - has been renamed to <literal>withOCE</literal>, <literal>withOCCT</literal> has been renamed 267 - to <literal>withOCC</literal>, <literal>ngspiceSupport</literal> has been renamed to 268 - <literal>withNgspice</literal>, and <literal>scriptingSupport</literal> has been renamed to 269 - <literal>withScripting</literal>. Additionally, <literal>kicad/base.nix</literal> no longer 270 - provides default argument values since these are provided by 271 - <literal>kicad/default.nix</literal>. 272 - </para> 273 - </listitem> 274 - <listitem> 275 - <para> 276 - The socket for the <literal>pdns-recursor</literal> module was moved from <literal>/var/lib/pdns-recursor</literal> 277 - to <literal>/run/pdns-recursor</literal> to match upstream. 278 - </para> 279 - </listitem> 280 - <listitem> 281 - <para> 282 - Paperwork was updated to version 2. The on-disk format slightly changed, 283 - and it is not possible to downgrade from Paperwork 2 back to Paperwork 284 - 1.3. Back your documents up before upgrading. See <link xlink:href="https://forum.openpaper.work/t/paperwork-2-0/112/5">this thread</link> for more details. 285 - </para> 286 - </listitem> 287 - <listitem> 288 - <para> 289 - PowerDNS has been updated from <literal>4.2.x</literal> to <literal>4.3.x</literal>. Please 290 - be sure to review the <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade Notes</link> 291 - provided by upstream before upgrading. Worth specifically noting is that the service now runs 292 - entirely as a dedicated <literal>pdns</literal> user, instead of starting as <literal>root</literal> 293 - and dropping privileges, as well as the default <literal>socket-dir</literal> location changing from 294 - <literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>. 295 - </para> 296 - </listitem> 297 - <listitem> 298 - <para> 299 - The <literal>mediatomb</literal> service is 300 - now using by default the new and maintained fork 301 - <literal>gerbera</literal> package instead of the unmaintained 302 - <literal>mediatomb</literal> package. If you want to keep the old 303 - behavior, you must declare it with: 304 - <programlisting> 305 - services.mediatomb.package = pkgs.mediatomb; 306 - </programlisting> 307 - One new option <literal>openFirewall</literal> has been introduced which 308 - defaults to false. If you relied on the service declaration to add the 309 - firewall rules itself before, you should now declare it with: 310 - <programlisting> 311 - services.mediatomb.openFirewall = true; 312 - </programlisting> 313 - </para> 314 - </listitem> 315 - <listitem> 316 - <para> 317 - xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation. 318 - Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16. 319 - If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them 320 - with <literal>mkfs.xfs -m reflink=0</literal>. 321 - </para> 322 - </listitem> 323 - <listitem> 324 - <para> 325 - The uWSGI server is now built with POSIX capabilities. As a consequence, 326 - root is no longer required in emperor mode and the service defaults to 327 - running as the unprivileged <literal>uwsgi</literal> user. Any additional 328 - capability can be added via the new option 329 - <xref linkend="opt-services.uwsgi.capabilities"/>. 330 - The previous behaviour can be restored by setting: 331 - <programlisting> 332 - <xref linkend="opt-services.uwsgi.user"/> = "root"; 333 - <xref linkend="opt-services.uwsgi.group"/> = "root"; 334 - <xref linkend="opt-services.uwsgi.instance"/> = 335 - { 336 - uid = "uwsgi"; 337 - gid = "uwsgi"; 338 - }; 339 - </programlisting> 340 - </para> 341 - <para> 342 - Another incompatibility from the previous release is that vassals running under a 343 - different user or group need to use <literal>immediate-{uid,gid}</literal> 344 - instead of the usual <literal>uid,gid</literal> options. 345 - </para> 346 - </listitem> 347 - <listitem> 348 - <para> 349 - <package>btc1</package> has been abandoned upstream, and removed. 350 - </para> 351 - </listitem> 352 - <listitem> 353 - <para> 354 - <package>cpp_ethereum</package> (aleth) has been abandoned upstream, and removed. 355 - </para> 356 - </listitem> 357 - <listitem> 358 - <para> 359 - <package>riak-cs</package> package removed along with <varname>services.riak-cs</varname> module. 360 - </para> 361 - </listitem> 362 - <listitem> 363 - <para> 364 - <package>stanchion</package> package removed along with <varname>services.stanchion</varname> module. 365 - </para> 366 - </listitem> 367 - <listitem> 368 - <para> 369 - <package>mutt</package> has been updated to a new major version (2.x), which comes with 370 - some backward incompatible changes that are described in the 371 - <link xlink:href="http://www.mutt.org/relnotes/2.0/">release notes for Mutt 2.0</link>. 372 - </para> 373 - </listitem> 374 - <listitem> 375 - <para> 376 - <literal>vim</literal> and <literal>neovim</literal> switched to Python 3, dropping all Python 2 support. 377 - </para> 378 - </listitem> 379 - <listitem> 380 - <para> 381 - <link linkend="opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>, 382 - which is off by default, had a <literal>chmod</literal> race condition 383 - fixed. As an aside, the parent directory's permissions were widened, 384 - and the key files were made owner-writable. 385 - This only affects newly created keys. 386 - However, if the exact permissions are important for your setup, read 387 - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>. 388 - </para> 389 - </listitem> 390 - <listitem> 391 - <para> 392 - <link linkend="opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link> 393 - previously did nothing, but has been fixed. However its default has been 394 - changed to <literal>false</literal> to preserve the existing default 395 - behaviour. If you have this explicitly set to <literal>true</literal>, 396 - please note that your non-root pools will now be forcibly imported. 397 - </para> 398 - </listitem> 399 - <listitem> 400 - <para> 401 - <package>openafs</package> now points to <package>openafs_1_8</package>, 402 - which is the new stable release. OpenAFS 1.6 was removed. 403 - </para> 404 - </listitem> 405 - <listitem> 406 - <para> 407 - The WireGuard module gained a new option 408 - <option>networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds</option> 409 - that implements refreshing the IP of DNS-based endpoints periodically 410 - (which WireGuard itself 411 - <link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot do</link>). 412 - </para> 413 - </listitem> 414 - <listitem> 415 - <para> 416 - MariaDB has been updated to 10.5. 417 - Before you upgrade, it would be best to take a backup of your database and read 418 - <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105"> 419 - Incompatible Changes Between 10.4 and 10.5</link>. 420 - After the upgrade you will need to run <literal>mysql_upgrade</literal>. 421 - </para> 422 - </listitem> 423 - <listitem> 424 - <para> 425 - The TokuDB storage engine dropped in <package>mariadb</package> 10.5 and removed in <package>mariadb</package> 10.6. 426 - It is recommended to switch to RocksDB. See also <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> and 427 - <link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: Remove the TokuDB storage engine</link>. 428 - </para> 429 - </listitem> 430 - <listitem> 431 - <para> 432 - The <literal>openldap</literal> module now has support for OLC-style 433 - configuration, users of the <literal>configDir</literal> option may wish 434 - to migrate. If you continue to use <literal>configDir</literal>, ensure that 435 - <literal>olcPidFile</literal> is set to <literal>/run/slapd/slapd.pid</literal>. 436 - </para> 437 - <para> 438 - As a result, <literal>extraConfig</literal> and <literal>extraDatabaseConfig</literal> 439 - are removed. To help with migration, you can convert your <literal>slapd.conf</literal> 440 - file to OLC configuration with the following script (find the location of this 441 - configuration file by running <literal>systemctl status openldap</literal>, it is the 442 - <literal>-f</literal> option. 443 - </para> 444 - <programlisting> 445 - TMPDIR=$(mktemp -d) 446 - slaptest -f /path/to/slapd.conf -F $TMPDIR 447 - slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' 448 - </programlisting> 449 - <para> 450 - This will dump your current configuration in LDIF format, which should be 451 - straightforward to convert into Nix settings. This does not show your schema 452 - configuration, as this is unnecessarily verbose for users of the default schemas 453 - and <literal>slaptest</literal> is buggy with schemas directly in the config file. 454 - </para> 455 - </listitem> 456 - <listitem> 457 - <para> 458 - Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance 459 - metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and 460 - restarting the instance will now cause it to fetch and apply the new user data. 461 - </para> 462 - <warning> 463 - <para> 464 - Specifically, <literal>/etc/ec2-metadata</literal> is re-populated on each boot. Some NixOS scripts that read 465 - from this directory are guarded to only run if the files they want to manipulate do not already exist, and so 466 - will not re-apply their changes if the IMDS response changes. Examples: <literal>root</literal>'s SSH key is 467 - only added if <literal>/root/.ssh/authorized_keys</literal> does not exist, and SSH host keys are only set from 468 - user data if they do not exist in <literal>/etc/ssh</literal>. 469 - </para> 470 - </warning> 471 - </listitem> 472 - <listitem> 473 - <para> 474 - The <literal>rspamd</literal> services is now sandboxed. It is run as 475 - a dynamic user instead of root, so secrets and other files may have to 476 - be moved or their permissions may have to be fixed. The sockets are now 477 - located in <literal>/run/rspamd</literal> instead of <literal>/run</literal>. 478 - </para> 479 - </listitem> 480 - <listitem> 481 - <para> 482 - Enabling the Tor client no longer silently also enables and 483 - configures Privoxy, and the 484 - <varname>services.tor.client.privoxy.enable</varname> option has 485 - been removed. To enable Privoxy, and to configure it to use 486 - Tor's faster port, use the following configuration: 487 - </para> 488 - <programlisting> 489 - <xref linkend="opt-services.privoxy.enable" /> = true; 490 - <xref linkend="opt-services.privoxy.enableTor" /> = true; 491 - </programlisting> 492 - </listitem> 493 - <listitem> 494 - <para> 495 - The <literal>services.tor</literal> module has a new exhaustively typed <xref linkend="opt-services.tor.settings" /> option following RFC 0042; backward compatibility with old options has been preserved when aliasing was possible. 496 - The corresponding systemd service has been hardened, 497 - but there is a chance that the service still requires more permissions, 498 - so please report any related trouble on the bugtracker. 499 - Onion services v3 are now supported in <xref linkend="opt-services.tor.relay.onionServices" />. 500 - A new <xref linkend="opt-services.tor.openFirewall" /> option as been introduced for allowing connections on all the TCP ports configured. 501 - </para> 502 - </listitem> 503 - <listitem> 504 - <para> 505 - The options <literal>services.slurm.dbdserver.storagePass</literal> 506 - and <literal>services.slurm.dbdserver.configFile</literal> have been removed. 507 - Use <literal>services.slurm.dbdserver.storagePassFile</literal> instead to provide the database password. 508 - Extra config options can be given via the option <literal>services.slurm.dbdserver.extraConfig</literal>. The actual configuration file is created on the fly on startup of the service. 509 - This avoids that the password gets exposed in the nix store. 510 - </para> 511 - </listitem> 512 - <listitem> 513 - <para> 514 - The <literal>wafHook</literal> hook does not wrap Python anymore. 515 - Packages depending on <literal>wafHook</literal> need to include any Python into their <literal>nativeBuildInputs</literal>. 516 - </para> 517 - </listitem> 518 - <listitem> 519 - <para> 520 - Starting with version 1.7.0, the project formerly named <literal>CodiMD</literal> 521 - is now named <literal>HedgeDoc</literal>. 522 - New installations will no longer use the old name for users, state directories and such, this needs to be considered when moving state to a more recent NixOS installation. 523 - Based on <xref linkend="opt-system.stateVersion" />, existing installations will continue to work. 524 - </para> 525 - </listitem> 526 - <listitem> 527 - <para> 528 - The <package>fish-foreign-env</package> package has been replaced with 529 - <package>fishPlugins.foreign-env</package>, in which the fish 530 - functions have been relocated to the 531 - <literal>vendor_functions.d</literal> directory to be loaded automatically. 532 - </para> 533 - </listitem> 534 - <listitem> 535 - <para> 536 - The prometheus json exporter is now managed by the prometheus community. Together with additional features 537 - some backwards incompatibilities were introduced. 538 - Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the 539 - endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter's 540 - <literal>/probe</literal> endpoint. 541 - In the prometheus scrape configuration the scrape target might look like this: 542 - <programlisting> 543 - http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint 544 - </programlisting> 545 - </para> 546 - <para> 547 - Existing configuration for the exporter needs to be updated, but can partially be re-used. 548 - Documentation is available in the upstream repository and a small example for NixOS is available 549 - in the corresponding NixOS test. 550 - </para> 551 - <para> 552 - These changes also affect <xref linkend="opt-services.prometheus.exporters.rspamd.enable" />, which is 553 - just a preconfigured instance of the json exporter. 554 - </para> 555 - <para> 556 - For more information, take a look at the <link xlink:href="https://github.com/prometheus-community/json_exporter"> 557 - official documentation</link> of the json_exporter. 558 - </para> 559 - </listitem> 560 - <listitem> 561 - <para> 562 - Androidenv was updated, removing the <literal>includeDocs</literal> and <literal>lldbVersions</literal> 563 - arguments. Docs only covered a single version of the Android SDK, LLDB is now bundled with the NDK, 564 - and both are no longer available to download from the Android package repositories. Additionally, since 565 - the package lists have been updated, some older versions of Android packages may not be bundled. If you 566 - depend on older versions of Android packages, we recommend overriding the repo. 567 - </para> 568 - <para> 569 - Android packages are now loaded from a repo.json file created by parsing Android repo XML files. The arguments 570 - <literal>repoJson</literal> and <literal>repoXmls</literal> have been added to allow overriding the built-in 571 - androidenv repo.json with your own. Additionally, license files are now written to allow compatibility 572 - with Gradle-based tools, and the <literal>extraLicenses</literal> argument has been added to accept more 573 - SDK licenses if your project requires it. See the androidenv documentation for more details. 574 - </para> 575 - </listitem> 576 - <listitem> 577 - <para> 578 - The attribute <varname>mpi</varname> is now consistently used to 579 - provide a default, system-wide MPI implementation. 580 - The default implementation is openmpi, which has been used before by 581 - all derivations affects by this change. 582 - Note that all packages that have used <varname>mpi ? null</varname> in the input 583 - for optional MPI builds, have been changed to the boolean input paramater 584 - <varname>useMpi</varname> to enable building with MPI. 585 - 586 - Building all packages with <varname>mpich</varname> instead 587 - of the default <varname>openmpi</varname> can now be achived like this: 588 - <programlisting> 589 - self: super: 590 - { 591 - mpi = super.mpich; 592 - } 593 - </programlisting> 594 - </para> 595 - </listitem> 596 - <listitem> 597 - <para> 598 - The Searx module has been updated with the ability to configure the 599 - service declaratively and uWSGI integration. 600 - The option <literal>services.searx.configFile</literal> has been renamed 601 - to <xref linkend="opt-services.searx.settingsFile"/> for consistency with 602 - the new <xref linkend="opt-services.searx.settings"/>. In addition, the 603 - <literal>searx</literal> uid and gid reservations have been removed 604 - since they were not necessary: the service is now running with a 605 - dynamically allocated uid. 606 - </para> 607 - </listitem> 608 - <listitem> 609 - <para> 610 - The libinput module has been updated with the ability to configure mouse and touchpad settings separately. 611 - The options in <literal>services.xserver.libinput</literal> have been renamed to <literal>services.xserver.libinput.touchpad</literal>, 612 - while there is a new <literal>services.xserver.libinput.mouse</literal> for mouse related configuration. 613 - </para> 614 - <para> 615 - Since touchpad options no longer apply to all devices, you may want to replicate your touchpad configuration in 616 - mouse section. 617 - </para> 618 - </listitem> 619 - <listitem> 620 - <para> 621 - ALSA OSS emulation (<varname>sound.enableOSSEmulation</varname>) is now disabled by default. 622 - </para> 623 - </listitem> 624 - <listitem> 625 - <para> 626 - Thinkfan as been updated to <literal>1.2.x</literal>, which comes with a 627 - new YAML based configuration format. For this reason, several NixOS options 628 - of the thinkfan module have been changed to non-backward compatible types. 629 - In addition, a new <xref linkend="opt-services.thinkfan.settings"/> option has 630 - been added. 631 - </para> 632 - <para> 633 - Please read the <link xlink:href="https://github.com/vmatare/thinkfan#readme"> 634 - thinkfan documentation</link> before updating. 635 - </para> 636 - </listitem> 637 - <listitem> 638 - <para> 639 - Adobe Flash Player support has been dropped from the tree. In particular, 640 - the following packages no longer support it: 641 - <itemizedlist> 642 - <listitem><simpara><package>chromium</package></simpara></listitem> 643 - <listitem><simpara><package>firefox</package></simpara></listitem> 644 - <listitem><simpara><package>qt48</package></simpara></listitem> 645 - <listitem><simpara><package>qt5.qtwebkit</package></simpara></listitem> 646 - </itemizedlist> 647 - Additionally, packages <package>flashplayer</package> and 648 - <package>hal-flash</package> were removed along with the 649 - <varname>services.flashpolicyd</varname> module. 650 - </para> 651 - </listitem> 652 - <listitem> 653 - <para> 654 - The <literal>security.rngd</literal> module has been removed. 655 - It was disabled by default in 20.09 as it was functionally redundant 656 - with krngd in the linux kernel. It is not necessary for any device that the kernel recognises 657 - as an hardware RNG, as it will automatically run the krngd task to periodically collect random 658 - data from the device and mix it into the kernel's RNG. 659 - </para> 660 - <para> 661 - The default SMTP port for GitLab has been changed to 662 - <literal>25</literal> from its previous default of 663 - <literal>465</literal>. If you depended on this default, you 664 - should now set the <xref linkend="opt-services.gitlab.smtp.port" /> 665 - option. 666 - </para> 667 - </listitem> 668 - <listitem> 669 - <para> 670 - The default version of ImageMagick has been updated from 6 to 7. 671 - You can use <package>imagemagick6</package>, 672 - <package>imagemagick6_light</package>, and 673 - <package>imagemagick6Big</package> if you need the older version. 674 - </para> 675 - </listitem> 676 - <listitem> 677 - <para> 678 - <xref linkend="opt-services.xserver.videoDrivers" /> no longer uses the deprecated <literal>cirrus</literal> and <literal>vesa</literal> device dependent X drivers by default. It also enables both <literal>amdgpu</literal> and <literal>nouveau</literal> drivers by default now. 679 - </para> 680 - </listitem> 681 - <listitem> 682 - <para> 683 - The <literal>kindlegen</literal> package is gone, because it is no longer supported or hosted by Amazon. Sadly, its replacement, Kindle Previewer, has no Linux support. However, there are other ways to generate MOBI files. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/96439">the discussion</link> for more info. 684 - </para> 685 - </listitem> 686 - <listitem> 687 - <para> 688 - The <package>apacheKafka</package> packages are now built with 689 - version-matched JREs. Versions 2.6 and above, the ones that recommend it, 690 - use jdk11, while versions below remain on jdk8. The NixOS service has 691 - been adjusted to start the service using the same version as the package, 692 - adjustable with the new 693 - <link linkend="opt-services.apache-kafka.jre">services.apache-kafka.jre</link> 694 - option. Furthermore, the default list of 695 - <link linkend="opt-services.apache-kafka.jvmOptions">services.apache-kafka.jvmOptions</link> 696 - have been removed. You should set your own according to the 697 - <link xlink:href="https://kafka.apache.org/documentation/#java">upstream documentation</link> 698 - for your Kafka version. 699 - </para> 700 - </listitem> 701 - <listitem> 702 - <para> 703 - The <package>kodi</package> package has been modified to allow concise addon management. Consider 704 - the following configuration from previous releases of NixOS to install <package>kodi</package>, 705 - including the <package>kodiPackages.inputstream-adaptive</package> and <package>kodiPackages.vfs-sftp</package> 706 - addons: 707 - 708 - <programlisting> 709 - environment.systemPackages = [ 710 - pkgs.kodi 711 - ]; 712 - 713 - nixpkgs.config.kodi = { 714 - enableInputStreamAdaptive = true; 715 - enableVFSSFTP = true; 716 - }; 717 - </programlisting> 718 - 719 - All Kodi <literal>config</literal> flags have been removed, and as a result the above configuration 720 - should now be written as: 721 - 722 - <programlisting> 723 - environment.systemPackages = [ 724 - (pkgs.kodi.withPackages (p: with p; [ 725 - inputstream-adaptive 726 - vfs-sftp 727 - ])) 728 - ]; 729 - </programlisting> 730 - </para> 731 - </listitem> 732 - <listitem> 733 - <para> 734 - <option>environment.defaultPackages</option> now includes the nano package. 735 - If <package>pkgs.nano</package> is not added to the list, 736 - make sure another editor is installed and the <literal>EDITOR</literal> 737 - environment variable is set to it. 738 - Environment variables can be set using <option>environment.variables</option>. 739 - </para> 740 - </listitem> 741 - <listitem> 742 - <para> 743 - <option>services.minio.dataDir</option> changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. 744 - Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements. 745 - </para> 746 - </listitem> 747 - <listitem> 748 - <para> 749 - All CUDA toolkit versions prior to CUDA 10 have been removed. 750 - </para> 751 - </listitem> 752 - <listitem> 753 - <para> 754 - The <package>kbdKeymaps</package> package was removed since dvp and neo 755 - are now included in <package>kbd</package>. 756 - 757 - If you want to use the Programmer Dvorak Keyboard Layout, you have to use 758 - <literal>dvorak-programmer</literal> in <option>console.keyMap</option> 759 - now instead of <literal>dvp</literal>. 760 - In <option>services.xserver.xkbVariant</option> it's still <literal>dvp</literal>. 761 - </para> 762 - </listitem> 763 - <listitem> 764 - <para> 765 - The <package>babeld</package> service is now being run as an unprivileged user. To achieve that the module configures 766 - <literal>skip-kernel-setup true</literal> and takes care of setting forwarding and rp_filter sysctls by itself as well 767 - as for each interface in <varname>services.babeld.interfaces</varname>. 768 - </para> 769 - </listitem> 770 - <listitem> 771 - <para> 772 - The <option>services.zigbee2mqtt.config</option> option has been renamed to <option>services.zigbee2mqtt.settings</option> and 773 - now follows <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>. 774 - </para> 775 - </listitem> 776 - <listitem> 777 - <para> 778 - The <package>yadm</package> dotfile manager has been updated from 2.x to 3.x, which has new (XDG) default locations for some data/state files. Most yadm commands will fail and print a legacy path warning (which describes how to upgrade/migrate your repository). If you have scripts, daemons, scheduled jobs, shell profiles, etc. that invoke yadm, expect them to fail or misbehave until you perform this migration and prepare accordingly. 779 - </para> 780 - </listitem> 781 - <listitem> 782 - <para> 783 - Instead of determining <option>services.radicale.package</option> 784 - automatically based on <option>system.stateVersion</option>, the latest 785 - version is always used because old versions are not officially supported. 786 - </para> 787 - <para> 788 - Furthermore, Radicale's systemd unit was hardened which might break some 789 - deployments. In particular, a non-default 790 - <literal>filesystem_folder</literal> has to be added to 791 - <option>systemd.services.radicale.serviceConfig.ReadWritePaths</option> if 792 - the deprecated <option>services.radicale.config</option> is used. 793 - </para> 794 - </listitem> 795 - <listitem> 796 - <para> 797 - In the <option>security.acme</option> module, use of <literal>--reuse-key</literal> 798 - parameter for Lego has been removed. It was introduced for HKPK, but this security 799 - feature is now deprecated. It is a better security practice to rotate key pairs 800 - instead of always keeping the same. If you need to keep this parameter, you can add 801 - it back using <literal>extraLegoRenewFlags</literal> as an option for the 802 - appropriate certificate. 803 - </para> 804 - </listitem> 805 - </itemizedlist> 806 - </section> 807 - 808 - <section xmlns="http://docbook.org/ns/docbook" 809 - xmlns:xlink="http://www.w3.org/1999/xlink" 810 - xmlns:xi="http://www.w3.org/2001/XInclude" 811 - version="5.0" 812 - xml:id="sec-release-21.05-notable-changes"> 813 - <title>Other Notable Changes</title> 814 - 815 - <itemizedlist> 816 - <listitem> 817 - <para> 818 - <literal>stdenv.lib</literal> has been deprecated and will break 819 - eval in 21.11. Please use <literal>pkgs.lib</literal> instead. 820 - See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/108938">#108938</link> 821 - for details. 822 - </para> 823 - </listitem> 824 - 825 - <listitem> 826 - <para> 827 - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a 828 - <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code> 829 - function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a 830 - <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are 831 - defined with <code>gnuradio.callPackage</code> and some packages that depend 832 - on gnuradio are defined with this as well. 833 - </para> 834 - </listitem> 835 - <listitem> 836 - <para> 837 - <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated 838 - to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). 839 - Compared to the previous release, Privoxy has gained support for HTTPS 840 - inspection (still experimental), Brotli decompression, several new filters 841 - and lots of bug fixes, including security ones. In addition, the package 842 - is now built with compression and external filters support, which were 843 - previously disabled. 844 - </para> 845 - <para> 846 - Regarding the NixOS module, new options for HTTPS inspection have been added 847 - and <option>services.privoxy.extraConfig</option> has been replaced by the new 848 - <xref linkend="opt-services.privoxy.settings"/> 849 - (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link> 850 - for the motivation). 851 - </para> 852 - </listitem> 853 - <listitem> 854 - <para> 855 - <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See 856 - the <link xlink:href="https://kodi.tv/article/kodi-19-0-matrix-release">announcement</link> for 857 - further details. 858 - </para> 859 - </listitem> 860 - <listitem> 861 - <para> 862 - The <option>services.packagekit.backend</option> option has been removed as 863 - it only supported a single setting which would always be the default. 864 - Instead new <link 865 - xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 866 - 0042</link> compliant <xref linkend="opt-services.packagekit.settings"/> 867 - and <xref linkend="opt-services.packagekit.vendorSettings"/> options have 868 - been introduced. 869 - </para> 870 - </listitem> 871 - <listitem> 872 - <para> 873 - <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0. 874 - Now nginx uses the zlib-ng library by default. 875 - </para> 876 - </listitem> 877 - <listitem> 878 - <para> 879 - KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its 880 - <link xlink:href="https://kde.org/announcements/gear/21.04/">release 881 - notes</link> for details. 882 - </para> 883 - <para> 884 - The <code>kdeApplications</code> package set is now <code>kdeGear</code>, 885 - in keeping with the new name. The old name remains for compatibility, but 886 - it is deprecated. 887 - </para> 888 - </listitem> 889 - <listitem> 890 - <para> 891 - <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated 892 - to version 4.4. The package now includes example configurations and manual 893 - pages by default. The NixOS module has been changed to use the upstream 894 - systemd units and write the configuration in the <literal>/etc/ipsec.d/ 895 - </literal> directory. In addition, two new options have been added to 896 - specify connection policies 897 - (<xref linkend="opt-services.libreswan.policies"/>) 898 - and disable send/receive redirects 899 - (<xref linkend="opt-services.libreswan.disableRedirects"/>). 900 - </para> 901 - </listitem> 902 - 903 - <listitem> 904 - <para> 905 - The Mailman NixOS module (<literal>services.mailman</literal>) has a new 906 - option <xref linkend="opt-services.mailman.enablePostfix" />, defaulting 907 - to true, that controls integration with Postfix. 908 - </para> 909 - <para> 910 - If this option is disabled, default MTA config becomes not set and you 911 - should set the options in <literal>services.mailman.settings.mta</literal> 912 - according to the desired configuration as described in 913 - <link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman documentation</link>. 914 - </para> 915 - </listitem> 916 - <listitem> 917 - <para> 918 - The default-version of <literal>nextcloud</literal> is <package>nextcloud21</package>. 919 - Please note that it's <emphasis>not</emphasis> possible to upgrade <literal>nextcloud</literal> 920 - across multiple major versions! This means that it's e.g. not possible to upgrade 921 - from <package>nextcloud18</package> to <package>nextcloud20</package> in a single deploy and 922 - most <literal>20.09</literal> users will have to upgrade to <package>nextcloud20</package> 923 - first. 924 - </para> 925 - <para> 926 - The package can be manually upgraded by setting <xref linkend="opt-services.nextcloud.package" /> 927 - to <package>nextcloud21</package>. 928 - </para> 929 - </listitem> 930 - <listitem> 931 - <para> 932 - The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces. 933 - </para> 934 - </listitem> 935 - <listitem> 936 - <para> 937 - NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details. 938 - </para> 939 - <para> 940 - All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead. 941 - </para> 942 - </listitem> 943 - <listitem> 944 - <para> 945 - The <literal>mediatomb</literal> service 946 - declares new options. It also adapts existing options so the 947 - configuration generation is now lazy. The existing option 948 - <literal>customCfg</literal> (defaults to false), when enabled, stops 949 - the service configuration generation completely. It then expects the 950 - users to provide their own correct configuration at the right location 951 - (whereas the configuration was generated and not used at all before). 952 - The new option <literal>transcodingOption</literal> (defaults to no) 953 - allows a generated configuration. It makes the mediatomb service pulls 954 - the necessary runtime dependencies in the nix store (whereas it was 955 - generated with hardcoded values before). The new option 956 - <literal>mediaDirectories</literal> allows the users to declare autoscan 957 - media directories from their nixos configuration: 958 - <programlisting> 959 - services.mediatomb.mediaDirectories = [ 960 - { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } 961 - { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } 962 - ]; 963 - </programlisting> 964 - </para> 965 - </listitem> 966 - <listitem> 967 - <para> 968 - The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues. 969 - </para> 970 - 971 - <para> 972 - It is now possible to enable a local UNIX control socket for unbound by setting the <xref linkend="opt-services.unbound.localControlSocketPath" /> 973 - option. 974 - </para> 975 - 976 - <para> 977 - Previously we just applied a very minimal set of restrictions and 978 - trusted unbound to properly drop root privs and capabilities. 979 - </para> 980 - 981 - <para> 982 - As of this we are (for the most part) just using the upstream 983 - example unit file for unbound. The main difference is that we start 984 - unbound as <literal>unbound</literal> user with the required capabilities instead of 985 - letting unbound do the chroot & uid/gid changes. 986 - </para> 987 - 988 - <para> 989 - The upstream unit configuration this is based on is a lot stricter with 990 - all kinds of permissions then our previous variant. It also came with 991 - the default of having the <literal>Type</literal> set to <literal>notify</literal>, therefore we are now also 992 - using the <literal>unbound-with-systemd</literal> package here. Unbound will start up, 993 - read the configuration files and start listening on the configured ports 994 - before systemd will declare the unit <literal>active (running)</literal>. 995 - This will likely help with startup order and the occasional race condition during system 996 - activation where the DNS service is started but not yet ready to answer 997 - queries. Services depending on <literal>nss-lookup.target</literal> or <literal>unbound.service</literal> 998 - are now be able to use unbound when those targets have been reached. 999 - </para> 1000 - 1001 - <para> 1002 - Additionally to the much stricter runtime environment the 1003 - <literal>/dev/urandom</literal> mount lines we previously had in the code (that 1004 - randomly failed during the stop-phase) have been removed as systemd will take care of those for us. 1005 - </para> 1006 - 1007 - <para> 1008 - The <literal>preStart</literal> script is now only required if we enabled the trust 1009 - anchor updates (which are still enabled by default). 1010 - </para> 1011 - 1012 - <para> 1013 - Another benefit of the refactoring is that we can now issue reloads via 1014 - either <literal>pkill -HUP unbound</literal> and <literal>systemctl reload unbound</literal> to reload the 1015 - running configuration without taking the daemon offline. A prerequisite 1016 - of this was that unbound configuration is available on a well known path 1017 - on the file system. We are using the path <literal>/etc/unbound/unbound.conf</literal> as that is the 1018 - default in the CLI tooling which in turn enables us to use 1019 - <literal>unbound-control</literal> without passing a custom configuration location. 1020 - </para> 1021 - 1022 - <para> 1023 - The module has also been reworked to be <link 1024 - xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 1025 - 0042</link> compliant. As such, 1026 - <option>sevices.unbound.extraConfig</option> has been removed and replaced 1027 - by <xref linkend="opt-services.unbound.settings"/>. <option>services.unbound.interfaces</option> 1028 - has been renamed to <option>services.unbound.settings.server.interface</option>. 1029 - </para> 1030 - 1031 - <para> 1032 - <option>services.unbound.forwardAddresses</option> and 1033 - <option>services.unbound.allowedAccess</option> have also been changed to 1034 - use the new settings interface. You can follow the instructions when 1035 - executing <literal>nixos-rebuild</literal> to upgrade your configuration to 1036 - use the new interface. 1037 - </para> 1038 - </listitem> 1039 - <listitem> 1040 - <para> 1041 - The <literal>services.dnscrypt-proxy2</literal> module now takes the upstream's example configuration and updates it with the user's settings. 1042 - 1043 - An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch. 1044 - </para> 1045 - </listitem> 1046 - <listitem> 1047 - <para> 1048 - NixOS now defaults to the unified cgroup hierarchy (cgroupsv2). 1049 - See the <link xlink:href="https://www.redhat.com/sysadmin/fedora-31-control-group-v2">Fedora Article for 31</link> 1050 - for details on why this is desirable, and how it impacts containers. 1051 - </para> 1052 - <para> 1053 - If you want to run containers with a runtime that does not yet support cgroupsv2, 1054 - you can switch back to the old behaviour by setting 1055 - <xref linkend="opt-systemd.enableUnifiedCgroupHierarchy"/> = <literal>false</literal>; 1056 - and rebooting. 1057 - </para> 1058 - </listitem> 1059 - <listitem> 1060 - <para> 1061 - PulseAudio was upgraded to 14.0, with changes to the handling of default sinks. 1062 - See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>. 1063 - </para> 1064 - </listitem> 1065 - <listitem> 1066 - <para> 1067 - GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing 1068 - logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link> 1069 - for more information. 1070 - </para> 1071 - </listitem> 1072 - <listitem> 1073 - <para> 1074 - The <package>zookeeper</package> package does not provide 1075 - <literal>zooInspector.sh</literal> anymore, as that "contrib" has 1076 - been dropped from upstream releases. 1077 - </para> 1078 - </listitem> 1079 - <listitem> 1080 - <para> 1081 - In the ACME module, the data used to build the hash for the account 1082 - directory has changed to accomodate new features to reduce account 1083 - rate limit issues. This will trigger new account creation on the first 1084 - rebuild following this update. No issues are expected to arise from this, 1085 - thanks to the new account creation handling. 1086 - </para> 1087 - </listitem> 1088 - <listitem> 1089 - <para> 1090 - <xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>. 1091 - Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. 1092 - The option's description was incorrect regarding ownership management and has been simplified greatly. 1093 - </para> 1094 - </listitem> 1095 - <listitem> 1096 - <para> 1097 - When defining a new user, one of <xref linkend="opt-users.users._name_.isNormalUser" /> and <xref linkend="opt-users.users._name_.isSystemUser" /> is now required. 1098 - This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. 1099 - Note that users defined with an explicit UID below 500 are exempted from this check, as <xref linkend="opt-users.users._name_.isSystemUser" /> has no effect for those. 1100 - </para> 1101 - </listitem> 1102 - <listitem> 1103 - <para> 1104 - The <literal>security.apparmor</literal> module, 1105 - for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> 1106 - Mandatory Access Control system, 1107 - has been substantialy improved along with related tools, 1108 - so that module maintainers can now more easily write AppArmor profiles for NixOS. 1109 - The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>, 1110 - replacing the previous <literal>profiles</literal> option 1111 - to provide a way to disable a profile 1112 - and to select whether to confine in enforce mode (default) 1113 - or in complain mode (see <literal>journalctl -b --grep apparmor</literal>). 1114 - Security-minded users may also want to enable <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>, 1115 - at the cost of having some of their processes killed 1116 - when updating to a NixOS version introducing new AppArmor profiles. 1117 - </para> 1118 - </listitem> 1119 - <listitem> 1120 - <para> 1121 - The GNOME desktop manager once again installs <package>gnome.epiphany</package> by default. 1122 - </para> 1123 - </listitem> 1124 - <listitem> 1125 - <para> 1126 - NixOS now generates empty <literal>/etc/netgroup</literal>. 1127 - <literal>/etc/netgroup</literal> defines network-wide groups and may affect to setups using NIS. 1128 - </para> 1129 - </listitem> 1130 - <listitem> 1131 - <para> 1132 - Platforms, like <varname>stdenv.hostPlatform</varname>, no longer have a <varname>platform</varname> attribute. 1133 - It has been (mostly) flattened away: 1134 - </para> 1135 - <itemizedlist> 1136 - <listitem><para><varname>platform.gcc</varname> is now <varname>gcc</varname></para></listitem> 1137 - <listitem><para><literal>platform.kernel*</literal> is now <literal>linux-kernel.*</literal></para></listitem> 1138 - </itemizedlist> 1139 - <para> 1140 - Additionally, <varname>platform.kernelArch</varname> moved to the top level as <varname>linuxArch</varname> to match the other <literal>*Arch</literal> variables. 1141 - </para> 1142 - <para> 1143 - The <varname>platform</varname> grouping of these things never meant anything, and was just a historial/implementation artifact that was overdue removal. 1144 - </para> 1145 - </listitem> 1146 - <listitem> 1147 - <para> 1148 - <varname>services.restic</varname> now uses a dedicated cache directory for every backup defined in <varname>services.restic.backups</varname>. The old global cache directory, <literal>/root/.cache/restic</literal>, is now unused and can be removed to free up disk space. 1149 - </para> 1150 - </listitem> 1151 - <listitem> 1152 - <para> 1153 - <literal>isync</literal>: The <literal>isync</literal> compatibility wrapper was removed and the Master/Slave 1154 - terminology has been deprecated and should be replaced with Far/Near in the configuration file. 1155 - </para> 1156 - </listitem> 1157 - <listitem> 1158 - <para> 1159 - The nix-gc service now accepts randomizedDelaySec (default: 0) and persistent (default: true) parameters. 1160 - By default nix-gc will now run immediately if it would have been triggered at least 1161 - once during the time when the timer was inactive. 1162 - </para> 1163 - </listitem> 1164 - <listitem> 1165 - <para> 1166 - The <literal>rustPlatform.buildRustPackage</literal> function is split into several hooks: 1167 - <package>cargoSetupHook</package> to set up vendoring for Cargo-based projects, 1168 - <package>cargoBuildHook</package> to build a project using Cargo, 1169 - <package>cargoInstallHook</package> to install a project using Cargo, and 1170 - <package>cargoCheckHook</package> to run tests in Cargo-based projects. With this change, 1171 - mixed-language projects can use the relevant hooks within builders other than 1172 - <literal>buildRustPackage</literal>. However, these changes also required several API changes to 1173 - <literal>buildRustPackage</literal> itself: 1174 - 1175 - <itemizedlist> 1176 - <listitem> 1177 - <para> 1178 - The <literal>target</literal> argument was removed. Instead, <literal>buildRustPackage</literal> 1179 - will always use the same target as the C/C++ compiler that is used. 1180 - </para> 1181 - </listitem> 1182 - <listitem> 1183 - <para> 1184 - The <literal>cargoParallelTestThreads</literal> argument was removed. Parallel tests are 1185 - now disabled through <literal>dontUseCargoParallelTests</literal>. 1186 - </para> 1187 - </listitem> 1188 - </itemizedlist> 1189 - </para> 1190 - </listitem> 1191 - <listitem> 1192 - <para> 1193 - The <literal>rustPlatform.maturinBuildHook</literal> hook was added. This hook can be used 1194 - with <literal>buildPythonPackage</literal> to build Python packages that are written in Rust 1195 - and use Maturin as their build tool. 1196 - </para> 1197 - </listitem> 1198 - <listitem> 1199 - <para> 1200 - Kubernetes has <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated docker</link> as container runtime. 1201 - As a consequence, the Kubernetes module now has support for configuration of custom remote container runtimes and enables containerd by default. 1202 - Note that containerd is more strict regarding container image OCI-compliance. 1203 - As an example, images with CMD or ENTRYPOINT defined as strings (not lists) will fail on containerd, while working fine on docker. 1204 - Please test your setup and container images with containerd prior to upgrading. 1205 - </para> 1206 - </listitem> 1207 - <listitem> 1208 - <para> 1209 - The GitLab module now has support for automatic backups. A 1210 - schedule can be set with the 1211 - <link linkend="opt-services.gitlab.backup.startAt">services.gitlab.backup.startAt</link> 1212 - option. 1213 - </para> 1214 - </listitem> 1215 - <listitem> 1216 - <para> 1217 - Prior to this release, systemd would also read system units from an undocumented <literal>/etc/systemd-mutable/system</literal> path. 1218 - This path has been dropped from the defaults. That path (or others) can be re-enabled by adding it to the 1219 - <link linkend="opt-boot.extraSystemdUnitPaths">boot.extraSystemdUnitPaths</link> list. 1220 - </para> 1221 - </listitem> 1222 - <listitem> 1223 - <para> 1224 - PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle and has been removed. 1225 - </para> 1226 - </listitem> 1227 - <listitem> 1228 - <para> 1229 - <link xlink:href="https://www.xfce.org/">Xfce4</link> relies on 1230 - GIO/GVfs for userspace virtual filesystem access in applications 1231 - like <link xlink:href="https://docs.xfce.org/xfce/thunar/">thunar</link> and 1232 - <link xlink:href="https://docs.xfce.org/apps/gigolo/">gigolo</link>. 1233 - For that to work, the gvfs nixos service is enabled by default, 1234 - and it can be configured with the specific package that provides 1235 - GVfs. Until now Xfce4 was setting it to use a lighter version of 1236 - GVfs (without support for samba). To avoid conflicts with other 1237 - desktop environments this setting has been dropped. Users that 1238 - still want it should add the following to their system 1239 - configuration: 1240 - <programlisting> 1241 - <xref linkend="opt-services.gvfs.package" /> = pkgs.gvfs.override { samba = null; }; 1242 - </programlisting> 1243 - </para> 1244 - </listitem> 1245 - <listitem> 1246 - <para> 1247 - The newly enabled <literal>systemd-pstore.service</literal> now automatically evacuates crashdumps and panic logs from the persistent storage to <literal>/var/lib/systemd/pstore</literal>. 1248 - This prevents NVRAM from filling up, which ensures the latest diagnostic data is always stored and alleviates problems with writing new boot configurations. 1249 - </para> 1250 - </listitem> 1251 - <listitem> 1252 - <para> 1253 - Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work. 1254 - </para> 1255 - </listitem> 1256 - <listitem> 1257 - <para> 1258 - Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package. 1259 - We also dropped <literal>lfe_1_2</literal> as it could not build with R21+. 1260 - Moving forward, we expect to only support 3 yearly releases of OTP. 1261 - </para> 1262 - </listitem> 1263 - 1264 - </itemizedlist> 1265 - </section> 1266 - </section>

+2

nixos/doc/manual/release-notes/rl-2111.section.md

··· 83 83 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. 84 84 85 85 However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. 86 + 87 + - Sway: The terminal emulator `rxvt-unicode` is no longer installed by default via `programs.sway.extraPackages`. The current default configuration uses `alacritty` (and soon `foot`) so this is only an issue when using a customized configuration and not installing `rxvt-unicode` explicitly.

+1 -2

nixos/modules/programs/sway.nix

··· 91 91 type = with types; listOf package; 92 92 default = with pkgs; [ 93 93 swaylock swayidle alacritty dmenu 94 - rxvt-unicode # For backward compatibility (old default terminal) 95 94 ]; 96 95 defaultText = literalExample '' 97 - with pkgs; [ swaylock swayidle rxvt-unicode alacritty dmenu ]; 96 + with pkgs; [ swaylock swayidle alacritty dmenu ]; 98 97 ''; 99 98 example = literalExample '' 100 99 with pkgs; [

+60

pkgs/applications/audio/tonelib-gfx/default.nix

··· 1 + { stdenv 2 + , dpkg 3 + , lib 4 + , autoPatchelfHook 5 + , fetchurl 6 + , gtk3 7 + , glib 8 + , desktop-file-utils 9 + , alsa-lib 10 + , libjack2 11 + , harfbuzz 12 + , fribidi 13 + , pango 14 + , freetype 15 + }: 16 + 17 + stdenv.mkDerivation rec { 18 + pname = "tonelib-gfx"; 19 + version = "4.6.6"; 20 + 21 + src = fetchurl { 22 + url = "https://www.tonelib.net/download/0509/ToneLib-GFX-amd64.deb"; 23 + sha256 = "sha256-wdX3SQSr0IZHsTUl+1Y0iETme3gTyryexhZ/9XHkGeo="; 24 + }; 25 + 26 + buildInputs = [ 27 + dpkg 28 + gtk3 29 + glib 30 + desktop-file-utils 31 + alsa-lib 32 + libjack2 33 + harfbuzz 34 + fribidi 35 + pango 36 + freetype 37 + ]; 38 + 39 + nativeBuildInputs = [ 40 + autoPatchelfHook 41 + ]; 42 + 43 + unpackPhase = '' 44 + mkdir -p $TMP/ $out/ 45 + dpkg -x $src $TMP 46 + ''; 47 + 48 + installPhase = '' 49 + cp -R $TMP/usr/* $out/ 50 + mv $out/bin/ToneLib-GFX $out/bin/tonelib-gfx 51 + ''; 52 + 53 + meta = with lib; { 54 + description = "Tonelib GFX is an amp and effects modeling software for electric guitar and bass."; 55 + homepage = "https://tonelib.net/"; 56 + license = licenses.unfree; 57 + maintainers = with maintainers; [ dan4ik605743 ]; 58 + platforms = platforms.linux; 59 + }; 60 + }

+2 -2

pkgs/applications/misc/kanboard/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "kanboard"; 5 - version = "1.2.19"; 5 + version = "1.2.20"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "kanboard"; 9 9 repo = "kanboard"; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-48U3eRg6obRjgK06SKN2g1+0wocqm2aGyXO2yZw5fs8="; 11 + sha256 = "sha256-IB+GhUZvjngjf1UHKc7B/PkZHVXKYUTk6CVA5XSiF5Y="; 12 12 }; 13 13 14 14 dontBuild = true;

+3 -3

pkgs/applications/networking/cluster/helmfile/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "helmfile"; 5 - version = "0.139.8"; 5 + version = "0.139.9"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "roboll"; 9 9 repo = "helmfile"; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-4QNtjVc2/diJO92xn4J2ZJO7JYDHmPgOE4kGndU5RW0="; 11 + sha256 = "sha256-MHvfDeN4r9jwnXANHTpMEQUIoAZ+uXAmDtl8wdcpjHI="; 12 12 }; 13 13 14 - vendorSha256 = "sha256-GY2+oecRbI5hEVI5lCsTuU3WYIfUGceINyXGPjorisE="; 14 + vendorSha256 = "sha256-QYI5HxEUNrZKSjk0LlbhjvxXlWCbbLup51Ht3HJDNC8="; 15 15 16 16 doCheck = false; 17 17

+3 -3

pkgs/applications/networking/cluster/k9s/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "k9s"; 5 - version = "0.24.9"; 5 + version = "0.24.10"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "derailed"; 9 9 repo = "k9s"; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-9/P6OaSZDJ98EQ9DM4Oib0T1sC1K3WxUXh4IQU3qXbs="; 11 + sha256 = "sha256-ImWIR112q59hyKHXBmb9W6eVvu4xr+U4+uh2ZGcXv1g="; 12 12 }; 13 13 14 14 buildFlagsArray = '' ··· 18 18 -X github.com/derailed/k9s/cmd.commit=${src.rev} 19 19 ''; 20 20 21 - vendorSha256 = "sha256-hqmymxP4zK8GVqOxzB6vRfFyo+VIeI1suBu64/oEVig="; 21 + vendorSha256 = "sha256-EEN3nKQBtAGG7MAa9h11KFPZ9g7xtNxhFB1i/2QS66g="; 22 22 23 23 doCheck = false; 24 24

+2 -2

pkgs/applications/networking/ipfs/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "ipfs"; 5 - version = "0.8.0"; 5 + version = "0.9.0"; 6 6 rev = "v${version}"; 7 7 8 8 # go-ipfs makes changes to it's source tarball that don't match the git source. 9 9 src = fetchurl { 10 10 url = "https://github.com/ipfs/go-ipfs/releases/download/${rev}/go-ipfs-source.tar.gz"; 11 - sha256 = "sha256-uK3+Ekr5AM6mmGmjFSj1Rotm5pbH657BYUlP9B39WEw="; 11 + sha256 = "sha256:1fyffnw1d860w7gwm6ijbgrh68297z5bmvww8yqfshm3xgvcs6bf"; 12 12 }; 13 13 14 14 # tarball contains multiple files/directories

+17 -5

pkgs/applications/networking/powerdns-admin/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, mkYarnPackage, writeText, python3Packages }: 1 + { lib, stdenv, fetchFromGitHub, mkYarnPackage, writeText, python3 }: 2 2 3 3 let 4 4 version = "0.2.3"; ··· 9 9 sha256 = "16faz57d77mxkflkvwyi8gb9wvnq2vhw79b84v1fmqvxri1yaphw"; 10 10 }; 11 11 12 - pythonDeps = with python3Packages; [ 12 + python = python3.override { 13 + packageOverrides = self: super: { 14 + dnspython = super.dnspython.overridePythonAttrs (oldAttrs: rec { 15 + version = "1.16.0"; 16 + src = oldAttrs.src.override { 17 + inherit version; 18 + sha256 = "36c5e8e38d4369a08b6780b7f27d790a292b2b08eea01607865bf0936c558e01"; 19 + }; 20 + }); 21 + }; 22 + }; 23 + 24 + pythonDeps = with python.pkgs; [ 13 25 flask flask_assets flask_login flask_sqlalchemy flask_migrate flask-seasurf flask_mail flask-sslify 14 26 mysqlclient sqlalchemy 15 - configobj bcrypt requests ldap pyotp qrcode dnspython_1 27 + configobj bcrypt requests ldap pyotp qrcode dnspython 16 28 gunicorn python3-saml pyopenssl pytz cssmin jsmin authlib bravado-core 17 29 lima pytimeparse pyyaml 18 30 ]; ··· 64 76 65 77 inherit src version; 66 78 67 - nativeBuildInputs = [ python3Packages.wrapPython ]; 79 + nativeBuildInputs = [ python.pkgs.wrapPython ]; 68 80 69 81 pythonPath = pythonDeps; 70 82 ··· 96 108 echo "$gunicornScript" > $out/bin/powerdns-admin 97 109 chmod +x $out/bin/powerdns-admin 98 110 wrapProgram $out/bin/powerdns-admin \ 99 - --set PATH ${python3Packages.python}/bin \ 111 + --set PATH ${python.pkgs.python}/bin \ 100 112 --set PYTHONPATH $out/share:$program_PYTHONPATH 101 113 102 114 runHook postInstall

+4 -4

pkgs/applications/networking/remote/vmware-horizon-client/default.nix

··· 39 39 , zlib 40 40 }: 41 41 let 42 - version = "2012"; 42 + version = "2103"; 43 43 44 44 sysArch = 45 45 if stdenv.hostPlatform.system == "x86_64-linux" then "x64" 46 46 else throw "Unsupported system: ${stdenv.hostPlatform.system}"; 47 - # The downloaded archive also contains i386 and ARM binaries, but these have not been tested. 47 + # The downloaded archive also contains ARM binaries, but these have not been tested. 48 48 49 49 vmwareHorizonClientFiles = stdenv.mkDerivation { 50 50 name = "vmwareHorizonClientFiles"; 51 51 inherit version; 52 52 src = fetchurl { 53 - url = "https://download3.vmware.com/software/view/viewclients/CART21FQ4/VMware-Horizon-Client-Linux-2012-8.1.0-17349998.tar.gz"; 54 - sha256 = "0afda1f3116e75a4e7f89990d8ee60ccea5f3bb8a2360652162fa11c795724ce"; 53 + url = "https://download3.vmware.com/software/view/viewclients/CART22FQ1/VMware-Horizon-Client-Linux-2103-8.2.0-17742757.tar.gz"; 54 + sha256 = "62f95bb802b058a98f5ee6c2296b89bd7e15884a24dc8a8ba7ce89de7e0798e4"; 55 55 }; 56 56 nativeBuildInputs = [ makeWrapper ]; 57 57 installPhase = ''

+50

pkgs/applications/science/robotics/emuflight-configurator/default.nix

··· 1 + {lib, stdenv, fetchurl, unzip, makeDesktopItem, copyDesktopItems, nwjs 2 + , wrapGAppsHook, gsettings-desktop-schemas, gtk3 }: 3 + 4 + stdenv.mkDerivation rec { 5 + pname = "emuflight-configurator"; 6 + version = "0.3.5"; 7 + 8 + src = fetchurl { 9 + url = "https://github.com/emuflight/EmuConfigurator/releases/download/${version}/emuflight-configurator_${version}_linux64.zip"; 10 + sha256 = "d55bdc52cf93d58c728ccb296ef912a5fc0f42c57ed95f3ded5f85d1c10838c4"; 11 + }; 12 + 13 + nativeBuildInputs = [ wrapGAppsHook unzip copyDesktopItems ]; 14 + 15 + buildInputs = [ gsettings-desktop-schemas gtk3 ]; 16 + 17 + installPhase = '' 18 + mkdir -p $out/bin $out/share/${pname} 19 + 20 + cp -r . $out/share/${pname}/ 21 + install -m 444 -D icon/emu_icon_128.png $out/share/icons/hicolor/128x128/apps/${pname}.png 22 + 23 + makeWrapper ${nwjs}/bin/nw $out/bin/${pname} --add-flags $out/share/${pname} 24 + ''; 25 + 26 + desktopItems = [ 27 + (makeDesktopItem { 28 + name = pname; 29 + exec = pname; 30 + icon = pname; 31 + comment = "Emuflight configuration tool"; 32 + desktopName = "Emuflight Configurator"; 33 + genericName = "Flight controller configuration tool"; 34 + }) 35 + ]; 36 + 37 + meta = with lib; { 38 + description = "The Emuflight flight control system configuration tool"; 39 + longDescription = '' 40 + A crossplatform configuration tool for the Emuflight flight control system. 41 + Various types of aircraft are supported by the tool and by Emuflight, e.g. 42 + quadcopters, hexacopters, octocopters and fixed-wing aircraft. 43 + The application allows you to configure the Emuflight software running on any supported Emuflight target. 44 + ''; 45 + homepage = "https://github.com/emuflight/EmuConfigurator"; 46 + license = licenses.gpl3Only; 47 + maintainers = with maintainers; [ beezow ]; 48 + platforms = platforms.linux; 49 + }; 50 + }

+2 -2

pkgs/applications/virtualization/docker-slim/default.nix

··· 6 6 7 7 buildGoPackage rec { 8 8 pname = "docker-slim"; 9 - version = "1.36.0"; 9 + version = "1.36.1"; 10 10 11 11 goPackagePath = "github.com/docker-slim/docker-slim"; 12 12 ··· 14 14 owner = "docker-slim"; 15 15 repo = "docker-slim"; 16 16 rev = version; 17 - sha256 = "sha256-4wSQ5R0haVnbtWk2im83A1FzrJDHVEFLqnkROGNF4q8="; 17 + sha256 = "sha256-BoBZBzQYd/HbOCerpvcNcR/7Fds6+weY2QFRjqSfOjU="; 18 18 }; 19 19 20 20 subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ];

+2 -2

pkgs/data/fonts/inter/default.nix

··· 1 1 { lib, fetchzip }: 2 2 3 3 let 4 - version = "3.18"; 4 + version = "3.19"; 5 5 in fetchzip { 6 6 name = "inter-${version}"; 7 7 ··· 12 12 unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype 13 13 ''; 14 14 15 - sha256 = "sha256-+wbN1vSS8v1Z1VIfDNeY9DB8Kr6v7UnFg37EPPAD7wI="; 15 + sha256 = "sha256-8p15thg3xyvCA/8dH2jGQoc54nzESFDyv5m47FgWrSI="; 16 16 17 17 meta = with lib; { 18 18 homepage = "https://rsms.me/inter/";

+2 -2

pkgs/development/interpreters/jruby/default.nix

··· 6 6 jruby = stdenv.mkDerivation rec { 7 7 pname = "jruby"; 8 8 9 - version = "9.2.18.0"; 9 + version = "9.2.19.0"; 10 10 11 11 src = fetchurl { 12 12 url = "https://s3.amazonaws.com/jruby.org/downloads/${version}/jruby-bin-${version}.tar.gz"; 13 - sha256 = "sha256-QlpclwptkYrlMSdYUGNNEhaeNVd1SyuBf7+3mHoywac="; 13 + sha256 = "sha256-H3SIWi0/pYn8vrKSo5+s9/hr4+rBqwFeMsZdMqzz878="; 14 14 }; 15 15 16 16 nativeBuildInputs = [ makeWrapper ];

+2 -2

pkgs/development/libraries/bctoolbox/default.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "bctoolbox"; 10 - version = "4.5.15"; 10 + version = "4.5.20"; 11 11 12 12 nativeBuildInputs = [ cmake bcunit ]; 13 13 buildInputs = [ mbedtls ]; ··· 18 18 group = "BC"; 19 19 repo = pname; 20 20 rev = version; 21 - sha256 = "sha256-yN9dfeJBuUxXfG7zDoawn2nKGsrhetBcXpGDmcekU20="; 21 + sha256 = "sha256-n/S0G7dGaDWWsvOITceITmWUNpebcHMedkLTklxGjQg="; 22 22 }; 23 23 24 24 # Do not build static libraries

+2 -2

pkgs/development/libraries/libxmp/default.nix

··· 1 1 { lib, stdenv, fetchurl }: 2 2 3 3 stdenv.mkDerivation rec { 4 - name = "libxmp-4.4.1"; 4 + name = "libxmp-4.5.0"; 5 5 6 6 meta = with lib; { 7 7 description = "Extended module player library"; ··· 17 17 18 18 src = fetchurl { 19 19 url = "mirror://sourceforge/xmp/libxmp/${name}.tar.gz"; 20 - sha256 = "1kycz4jsyvmf7ny9227b497wc7y5ligydi6fvvldmkf8hk63ad9m"; 20 + sha256 = "sha256-eEfSYhEtFOhEL0TlrG7Z3bylTCUShHILVjyFKzHybnU="; 21 21 }; 22 22 }

+6 -12

pkgs/development/libraries/libzip/default.nix

··· 1 1 { lib, stdenv 2 2 , cmake 3 - , fetchpatch 4 3 , fetchurl 5 4 , perl 6 5 , zlib ··· 11 10 , xz 12 11 , withOpenssl ? false 13 12 , openssl 13 + , withZstd ? false 14 + , zstd 14 15 }: 15 16 16 17 stdenv.mkDerivation rec { 17 18 pname = "libzip"; 18 - version = "1.7.3"; 19 + version = "1.8.0"; 19 20 20 21 src = fetchurl { 21 22 url = "https://libzip.org/download/${pname}-${version}.tar.gz"; 22 - sha256 = "1k5rihiz7m1ahhjzcbq759hb9crzqkgw78pkxga118y5a32pc8hf"; 23 + sha256 = "17l3ygrnbszm3b99dxmw94wcaqpbljzg54h4c0y8ss8aij35bvih"; 23 24 }; 24 25 25 - # Remove in next release 26 - patches = [ 27 - (fetchpatch { 28 - url = "https://github.com/nih-at/libzip/commit/351201419d79b958783c0cfc7c370243165523ac.patch"; 29 - sha256 = "0d93z98ki0yiaza93268cxkl35y1r7ll9f7l8sivx3nfxj2c1n8a"; 30 - }) 31 - ]; 32 - 33 26 outputs = [ "out" "dev" "man" ]; 34 27 35 28 nativeBuildInputs = [ cmake perl groff ]; 36 29 propagatedBuildInputs = [ zlib ]; 37 30 buildInputs = lib.optionals withLZMA [ xz ] 38 31 ++ lib.optionals withBzip2 [ bzip2 ] 39 - ++ lib.optionals withOpenssl [ openssl ]; 32 + ++ lib.optionals withOpenssl [ openssl ] 33 + ++ lib.optionals withZstd [ zstd ]; 40 34 41 35 preCheck = '' 42 36 # regress/runtest is a generated file

+34 -10

pkgs/development/libraries/poppler/0.61.nix

··· 1 - { stdenv, lib, fetchurl, cmake, ninja, pkg-config, libiconv, libintl 2 - , zlib, curl, cairo, freetype, fontconfig, lcms, libjpeg, openjpeg, fetchpatch 1 + { stdenv 2 + , lib 3 + , fetchurl 4 + , fetchpatch 5 + , cairo 6 + , cmake 7 + , curl 8 + , fontconfig 9 + , freetype 10 + , lcms 11 + , libiconv 12 + , libintl 13 + , libjpeg 14 + , ninja 15 + , openjpeg 16 + , pkg-config 17 + , zlib 3 18 , withData ? true, poppler_data 4 19 , qt5Support ? false, qtbase ? null 5 20 , introspectionSupport ? false, gobject-introspection ? null ··· 12 27 mkFlag = optset: flag: "-DENABLE_${flag}=${if optset then "on" else "off"}"; 13 28 in 14 29 stdenv.mkDerivation rec { 15 - name = "poppler-${suffix}-${version}"; 30 + pname = "poppler-${suffix}"; 31 + inherit version; 16 32 17 33 src = fetchurl { 18 - url = "${meta.homepage}/poppler-${version}.tar.xz"; 34 + url = "https://poppler.freedesktop.org/poppler-${version}.tar.xz"; 19 35 sha256 = "1afdrxxkaivvviazxkg5blsf2x24sjkfj92ib0d3q5pm8dihjrhj"; 20 36 }; 21 37 22 38 outputs = [ "out" "dev" ]; 23 39 24 40 patches = [ 41 + # Fix internal crash: a negative number that should not be 25 42 (fetchpatch { 26 43 name = "CVE-2018-13988"; 27 44 url = "https://cgit.freedesktop.org/poppler/poppler/patch/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee"; 28 45 sha256 = "1l8713s57xc6g81bldw934rsfm140fqc7ggd50ha5mxdl1b3app2"; 29 46 }) 47 + # Fix internal crash: a negative number that should not be (not the above!) 30 48 ./0.61-CVE-2019-9959.patch 31 49 ]; 32 50 33 - buildInputs = [ libiconv libintl ] ++ lib.optional withData poppler_data; 51 + nativeBuildInputs = [ 52 + cmake 53 + ninja 54 + pkg-config 55 + ]; 56 + 57 + buildInputs = [ 58 + libiconv 59 + libintl 60 + ] 61 + ++ lib.optional withData poppler_data; 34 62 35 63 # TODO: reduce propagation to necessary libs 36 64 propagatedBuildInputs = with lib; ··· 38 66 ++ optionals (!minimal) [ cairo lcms curl ] 39 67 ++ optional qt5Support qtbase 40 68 ++ optional introspectionSupport gobject-introspection; 41 - 42 - nativeBuildInputs = [ cmake ninja pkg-config ]; 43 69 44 70 # Not sure when and how to pass it. It seems an upstream bug anyway. 45 71 CXXFLAGS = lib.optionalString stdenv.cc.isClang "-std=c++11"; ··· 58 84 meta = with lib; { 59 85 homepage = "https://poppler.freedesktop.org/"; 60 86 description = "A PDF rendering library"; 61 - 62 87 longDescription = '' 63 88 Poppler is a PDF rendering library based on the xpdf-3.0 code base. 64 89 ''; 65 - 66 - license = licenses.gpl2; 90 + license = licenses.gpl2Plus; 67 91 platforms = platforms.all; 68 92 maintainers = with maintainers; [ ttuegel ]; 69 93 };

+23 -22

pkgs/development/libraries/poppler/default.nix

··· 1 - { stdenv 2 - , lib 1 + { lib 2 + , stdenv 3 3 , fetchurl 4 4 , fetchpatch 5 + , cairo 5 6 , cmake 6 - , ninja 7 - , pkg-config 8 - , libiconv 9 - , libintl 10 - , zlib 7 + , pcre 8 + , boost 9 + , cups-filters 11 10 , curl 12 - , cairo 13 - , freetype 14 11 , fontconfig 12 + , freetype 13 + , inkscape 15 14 , lcms 15 + , libiconv 16 + , libintl 16 17 , libjpeg 18 + , ninja 17 19 , openjpeg 20 + , pkg-config 21 + , scribusUnstable 22 + , texlive 23 + , zlib 18 24 , withData ? true, poppler_data 19 25 , qt5Support ? false, qtbase ? null 20 26 , introspectionSupport ? false, gobject-introspection ? null 21 27 , utils ? false, nss ? null 22 28 , minimal ? false 23 29 , suffix ? "glib" 24 - , inkscape 25 - , cups-filters 26 - , texlive 27 - , scribusUnstable 28 30 }: 29 31 30 32 let 31 33 mkFlag = optset: flag: "-DENABLE_${flag}=${if optset then "on" else "off"}"; 32 34 in 33 35 stdenv.mkDerivation rec { 34 - name = "poppler-${suffix}-${version}"; 35 - version = "21.05.0"; # beware: updates often break cups-filters build, check texlive and scribusUnstable too! 36 + pname = "poppler-${suffix}"; 37 + version = "21.06.1"; # beware: updates often break cups-filters build, check texlive and scribusUnstable too! 36 38 37 39 outputs = [ "out" "dev" ]; 38 40 39 41 src = fetchurl { 40 - url = "${meta.homepage}/poppler-${version}.tar.xz"; 41 - sha256 = "sha256-2v1Te2gPrRIVvED8U9HzjoRJ18GFvGDVqJ4dJskNvYw="; 42 + url = "https://poppler.freedesktop.org/poppler-${version}.tar.xz"; 43 + sha256 = "sha256-hrCeWgLeQAgaORbvhxHFEo6vSx/FnV+H0Oxm8E9ZXbQ="; 42 44 }; 43 45 44 46 nativeBuildInputs = [ ··· 48 50 ]; 49 51 50 52 buildInputs = [ 53 + boost 54 + pcre 51 55 libiconv 52 56 libintl 53 57 ] ++ lib.optional withData [ ··· 98 102 meta = with lib; { 99 103 homepage = "https://poppler.freedesktop.org/"; 100 104 description = "A PDF rendering library"; 101 - 102 105 longDescription = '' 103 - Poppler is a PDF rendering library based on the xpdf-3.0 code 104 - base. In addition it provides a number of tools that can be 105 - installed separately. 106 + Poppler is a PDF rendering library based on the xpdf-3.0 code base. In 107 + addition it provides a number of tools that can be installed separately. 106 108 ''; 107 - 108 109 license = licenses.gpl2Plus; 109 110 platforms = platforms.all; 110 111 maintainers = with maintainers; [ ttuegel ] ++ teams.freedesktop.members;

+3 -3

pkgs/development/libraries/srt/default.nix

··· 4 4 with lib; 5 5 stdenv.mkDerivation rec { 6 6 pname = "srt"; 7 - version = "1.4.2"; 7 + version = "1.4.3"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "Haivision"; 11 11 repo = "srt"; 12 12 rev = "v${version}"; 13 - sha256 = "01nx3a35hzq2x0dvp2n2b86phpdy1z83kdraag7aq3hmc7f8iagg"; 13 + sha256 = "1f60vlfxhh9bhafws82c3301whjlz5gy92jz9a9ymwfg5h53bv1j"; 14 14 }; 15 15 16 16 nativeBuildInputs = [ cmake ]; ··· 30 30 31 31 meta = { 32 32 description = "Secure, Reliable, Transport"; 33 - homepage = "https://www.srtalliance.org"; 33 + homepage = "https://github.com/Haivision/srt"; 34 34 license = licenses.mpl20; 35 35 maintainers = with maintainers; [ nh2 ]; 36 36 platforms = platforms.all;

+3 -2

pkgs/development/python-modules/extractcode/libarchive.nix

··· 6 6 , bzip2 7 7 , expat 8 8 , lz4 9 - , lzma 9 + , xz 10 10 , zlib 11 11 , zstd 12 12 , plugincode 13 13 , pytestCheckHook 14 14 }: 15 + 15 16 buildPythonPackage rec { 16 17 pname = "extractcode-libarchive"; 17 18 version = "21.4.4"; ··· 34 35 ln -s ${lib.getLib bzip2}/lib/libbz2.so libbz2-la3511.so.1.0 35 36 ln -s ${lib.getLib expat}/lib/libexpat.so libexpat-la3511.so.1 36 37 ln -s ${lib.getLib lz4}/lib/liblz4.so liblz4-la3511.so.1 37 - ln -s ${lib.getLib lzma}/lib/liblzma.so liblzma-la3511.so.5 38 + ln -s ${lib.getLib xz}/lib/liblzma.so liblzma-la3511.so.5 38 39 ln -s ${lib.getLib zlib}/lib/libz.so libz-la3511.so.1 39 40 ln -s ${lib.getLib zstd}/lib/libzstd.so libzstd-la3511.so.1 40 41

+28

pkgs/development/python-modules/hlk-sw16/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchFromGitHub 4 + }: 5 + 6 + buildPythonPackage rec { 7 + pname = "hlk-sw16"; 8 + version = "0.0.9"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "jameshilliard"; 12 + repo = "hlk-sw16"; 13 + rev = version; 14 + sha256 = "010s85nr6xn89i8yvdagg72a97dh1v2pyfqa33v76p9p8xbgh8dz"; 15 + }; 16 + 17 + # no tests implemented 18 + doCheck = false; 19 + 20 + pythonImportsCheck = [ "hlk_sw16" ]; 21 + 22 + meta = with lib; { 23 + description = "Python client for HLK-SW16"; 24 + homepage = "https://github.com/jameshilliard/hlk-sw16"; 25 + license = licenses.mit; 26 + maintainers = with maintainers; [ dotlambda ]; 27 + }; 28 + }

+51

pkgs/development/python-modules/huawei-lte-api/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , pythonOlder 4 + , fetchFromGitHub 5 + , dicttoxml 6 + , requests 7 + , xmltodict 8 + , pytestCheckHook 9 + }: 10 + 11 + buildPythonPackage rec { 12 + pname = "huawei-lte-api"; 13 + version = "1.4.18"; 14 + 15 + disabled = pythonOlder "3.4"; 16 + 17 + src = fetchFromGitHub { 18 + owner = "Salamek"; 19 + repo = "huawei-lte-api"; 20 + rev = version; 21 + sha256 = "1qaqxmh03j10wa9wqbwgc5r3ays8wfr7bldvsm45fycr3qfyn5fg"; 22 + }; 23 + 24 + postPatch = '' 25 + substituteInPlace setup.py \ 26 + --replace "pytest-runner" "" 27 + ''; 28 + 29 + propagatedBuildInputs = [ 30 + dicttoxml 31 + requests 32 + xmltodict 33 + ]; 34 + 35 + checkInputs = [ 36 + pytestCheckHook 37 + ]; 38 + 39 + pythonImportsCheck = [ 40 + "huawei_lte_api.AuthorizedConnection" 41 + "huawei_lte_api.Client" 42 + "huawei_lte_api.Connection" 43 + ]; 44 + 45 + meta = with lib; { 46 + description = "API For huawei LAN/WAN LTE Modems"; 47 + homepage = "https://github.com/Salamek/huawei-lte-api"; 48 + license = licenses.lgpl3Only; 49 + maintainers = with maintainers; [ dotlambda ]; 50 + }; 51 + }

+31

pkgs/development/python-modules/pyaehw4a1/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , isPy27 4 + , fetchFromGitHub 5 + }: 6 + 7 + buildPythonPackage rec { 8 + pname = "pyaehw4a1"; 9 + version = "0.3.9"; 10 + 11 + disabled = isPy27; 12 + 13 + src = fetchFromGitHub { 14 + owner = "bannhead"; 15 + repo = "pyaehw4a1"; 16 + rev = "v${version}"; 17 + sha256 = "0grs7kiyhzlwqzmw2yxkkglnwjfpimgwxbgp0047rlp3k8md7sjv"; 18 + }; 19 + 20 + # no tests implemented 21 + doCheck = false; 22 + 23 + pythonImportsCheck = [ "pyaehw4a1" ]; 24 + 25 + meta = with lib; { 26 + description = "Python interface for Hisense AEH-W4A1 module"; 27 + homepage = "https://github.com/bannhead/pyaehw4a1"; 28 + license = licenses.asl20; 29 + maintainers = with maintainers; [ dotlambda ]; 30 + }; 31 + }

+8 -5

pkgs/development/python-modules/pyrsistent/default.nix

··· 3 3 , fetchPypi 4 4 , isPy27 5 5 , six 6 - , pytest_4 7 - , hypothesis_4 8 - , pytestrunner 6 + , pytestCheckHook 7 + , hypothesis 9 8 }: 10 9 11 10 buildPythonPackage rec { ··· 21 20 22 21 propagatedBuildInputs = [ six ]; 23 22 24 - checkInputs = [ pytestrunner pytest_4 hypothesis_4 ]; 23 + checkInputs = [ pytestCheckHook hypothesis ]; 25 24 26 25 postPatch = '' 27 - substituteInPlace setup.py --replace 'pytest<5' 'pytest' 26 + substituteInPlace setup.py \ 27 + --replace 'pytest<5' 'pytest' \ 28 + --replace 'hypothesis<5' 'hypothesis' 28 29 ''; 30 + 31 + pythonImportsCheck = [ "pyrsistent" ]; 29 32 30 33 meta = with lib; { 31 34 homepage = "https://github.com/tobgu/pyrsistent/";

+26

pkgs/development/python-modules/python-louvain/default.nix

··· 1 + { lib 2 + , fetchPypi 3 + , buildPythonPackage 4 + , networkx 5 + , numpy }: 6 + 7 + buildPythonPackage rec { 8 + pname = "python-louvain"; 9 + version = "0.15"; 10 + 11 + src = fetchPypi { 12 + inherit pname version; 13 + sha256 = "sha256-KoVu374plSpgpVOKhLt4zKGPaISoi5Ml6FoRyN1JF+s="; 14 + }; 15 + 16 + propagatedBuildInputs = [ networkx numpy ]; 17 + 18 + pythonImportsCheck = [ "community" ]; 19 + 20 + meta = with lib; { 21 + homepage = "https://github.com/taynaud/python-louvain"; 22 + description = "Louvain Community Detection"; 23 + license = licenses.bsd3; 24 + maintainers = with maintainers; [ erictapen ]; 25 + }; 26 + }

+2 -2

pkgs/development/python-modules/sleekxmpp/default.nix

··· 1 - { lib, fetchPypi, buildPythonPackage, dns, pyasn1 }: 1 + { lib, fetchPypi, buildPythonPackage, dnspython, pyasn1 }: 2 2 3 3 buildPythonPackage rec { 4 4 pname = "sleekxmpp"; 5 5 version = "1.3.3"; 6 6 7 - propagatedBuildInputs = [ dns pyasn1 ]; 7 + propagatedBuildInputs = [ dnspython pyasn1 ]; 8 8 9 9 patches = [ 10 10 ./dnspython-ip6.patch

+33

pkgs/development/python-modules/somecomfort/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , prettytable 5 + , requests 6 + }: 7 + 8 + buildPythonPackage rec { 9 + pname = "somecomfort"; 10 + version = "0.5.2"; 11 + 12 + src = fetchPypi { 13 + inherit pname version; 14 + sha256 = "681f44449e8c0a923305aa05aa5262f4d2304a6ecea496caa8d5a51b724a0fef"; 15 + }; 16 + 17 + propagatedBuildInputs = [ 18 + requests 19 + prettytable 20 + ]; 21 + 22 + # tests require network access 23 + doCheck = false; 24 + 25 + pythonImportsCheck = [ "somecomfort" ]; 26 + 27 + meta = with lib; { 28 + description = "Client for Honeywell's US-based cloud devices"; 29 + homepage = "https://github.com/kk7ds/somecomfort"; 30 + license = licenses.gpl3Only; 31 + maintainers = with maintainers; [ dotlambda ]; 32 + }; 33 + }

+2 -2

pkgs/development/tools/git-quick-stats/default.nix

··· 11 11 12 12 stdenv.mkDerivation rec { 13 13 pname = "git-quick-stats"; 14 - version = "2.2.0"; 14 + version = "2.3.0"; 15 15 16 16 src = fetchFromGitHub { 17 17 repo = "git-quick-stats"; 18 18 owner = "arzzen"; 19 19 rev = version; 20 - sha256 = "sha256-cE9eo8FUUNlhmBrHalFDTFK2LIQUaWFy7Gj/E2F15t4="; 20 + sha256 = "sha256-uioL4ysioxo+YMCa3VPoUMpY1cVZJ0Jljt8d9jWRT9k="; 21 21 }; 22 22 23 23 nativeBuildInputs = [ makeWrapper ];

+24

pkgs/misc/vim-plugins/generated.nix

··· 1593 1593 meta.homepage = "https://github.com/floobits/floobits-neovim/"; 1594 1594 }; 1595 1595 1596 + formatter-nvim = buildVimPluginFrom2Nix { 1597 + pname = "formatter-nvim"; 1598 + version = "2021-06-23"; 1599 + src = fetchFromGitHub { 1600 + owner = "mhartington"; 1601 + repo = "formatter.nvim"; 1602 + rev = "fc5757d6c9099125edba64b86cb5c9afac9b833b"; 1603 + sha256 = "170lcd7qwzckxib98clld0hgydkjvrr86md3b035q7higgad386m"; 1604 + }; 1605 + meta.homepage = "https://github.com/mhartington/formatter.nvim/"; 1606 + }; 1607 + 1596 1608 forms = buildVimPluginFrom2Nix { 1597 1609 pname = "forms"; 1598 1610 version = "2012-11-28"; ··· 5533 5545 sha256 = "05yapm3g9rj7k69dhlm7hspakbczwwlbx1lcdydvkx639ka7j09d"; 5534 5546 }; 5535 5547 meta.homepage = "https://github.com/vim-airline/vim-airline-themes/"; 5548 + }; 5549 + 5550 + vim-alias = buildVimPluginFrom2Nix { 5551 + pname = "vim-alias"; 5552 + version = "2021-06-23"; 5553 + src = fetchFromGitHub { 5554 + owner = "Konfekt"; 5555 + repo = "vim-alias"; 5556 + rev = "9d1a86284c223fad488137075867ba1c1bd20599"; 5557 + sha256 = "1fqa39j3ax7cvj7bn33r545zwbplmf4b6n7z5jgqqn8h03hsq7x1"; 5558 + }; 5559 + meta.homepage = "https://github.com/Konfekt/vim-alias/"; 5536 5560 }; 5537 5561 5538 5562 vim-android = buildVimPluginFrom2Nix {

+2

pkgs/misc/vim-plugins/vim-plugin-names

··· 301 301 kien/rainbow_parentheses.vim 302 302 knubie/vim-kitty-navigator 303 303 konfekt/fastfold 304 + Konfekt/vim-alias 304 305 konfekt/vim-DetectSpellLang 305 306 kosayoda/nvim-lightbulb 306 307 kristijanhusak/defx-git ··· 392 393 mfussenegger/nvim-jdtls 393 394 mg979/vim-visual-multi 394 395 mg979/vim-xtabline 396 + mhartington/formatter.nvim 395 397 mhartington/oceanic-next 396 398 mhinz/vim-crates 397 399 mhinz/vim-grepper

+2 -2

pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix

··· 38 38 mktplcRef = { 39 39 name = "vsliveshare"; 40 40 publisher = "ms-vsliveshare"; 41 - version = "1.0.4360"; 42 - sha256 = "0d39b94nxp5brr8ljb5flfn49zms083vp5i7xlrqhz7pskb9dpz8"; 41 + version = "1.0.4419"; 42 + sha256 = "1r2xp8ggcrfsf4yzxjiss3hprk4dw7nchwxy920yn2iglvkaalsh"; 43 43 }; 44 44 }).overrideAttrs({ nativeBuildInputs ? [], buildInputs ? [], ... }: { 45 45 nativeBuildInputs = nativeBuildInputs ++ [

+2 -2

pkgs/os-specific/linux/dpdk/default.nix

··· 8 8 9 9 let 10 10 mod = kernel != null; 11 - dpdkVersion = "21.02"; 11 + dpdkVersion = "21.05"; 12 12 in stdenv.mkDerivation rec { 13 13 pname = "dpdk"; 14 14 version = "${dpdkVersion}" + lib.optionalString mod "-${kernel.version}"; 15 15 16 16 src = fetchurl { 17 17 url = "https://fast.dpdk.org/rel/dpdk-${dpdkVersion}.tar.xz"; 18 - sha256 = "sha256-CZJKKoJVGqKZeKNoYYT4oQX1L1ZAsb4of1QLLJHpSJs=="; 18 + sha256 = "sha256-HhJJm0xfzbV8g+X+GE6mvs3ffPCSiTwsXvLvsO7BLws="; 19 19 }; 20 20 21 21 nativeBuildInputs = [

+1

pkgs/servers/dns/knot-dns/default.nix

··· 50 50 CFLAGS = [ "-O2" "-DNDEBUG" ]; 51 51 52 52 doCheck = true; 53 + checkFlags = "V=1"; # verbose output in case some test fails 53 54 doInstallCheck = true; 54 55 55 56 postInstall = ''

+4 -4

pkgs/servers/home-assistant/component-packages.nix

··· 348 348 "here_travel_time" = ps: with ps; [ herepy ]; 349 349 "hikvision" = ps: with ps; [ ]; # missing inputs: pyhik 350 350 "hikvisioncam" = ps: with ps; [ ]; # missing inputs: hikvision 351 - "hisense_aehw4a1" = ps: with ps; [ ]; # missing inputs: pyaehw4a1 351 + "hisense_aehw4a1" = ps: with ps; [ pyaehw4a1 ]; 352 352 "history" = ps: with ps; [ aiohttp-cors sqlalchemy ]; 353 353 "history_stats" = ps: with ps; [ sqlalchemy ]; 354 354 "hitron_coda" = ps: with ps; [ ]; 355 355 "hive" = ps: with ps; [ pyhiveapi ]; 356 - "hlk_sw16" = ps: with ps; [ ]; # missing inputs: hlk-sw16 356 + "hlk_sw16" = ps: with ps; [ hlk-sw16 ]; 357 357 "home_connect" = ps: with ps; [ aiohttp-cors homeconnect ]; 358 358 "home_plus_control" = ps: with ps; [ aiohttp-cors homepluscontrol ]; 359 359 "homeassistant" = ps: with ps; [ ]; ··· 362 362 "homematic" = ps: with ps; [ pyhomematic ]; 363 363 "homematicip_cloud" = ps: with ps; [ homematicip ]; 364 364 "homeworks" = ps: with ps; [ ]; # missing inputs: pyhomeworks 365 - "honeywell" = ps: with ps; [ ]; # missing inputs: somecomfort 365 + "honeywell" = ps: with ps; [ somecomfort ]; 366 366 "horizon" = ps: with ps; [ ]; # missing inputs: horimote 367 367 "hp_ilo" = ps: with ps; [ python-hpilo ]; 368 368 "html5" = ps: with ps; [ aiohttp-cors pywebpush ]; 369 369 "http" = ps: with ps; [ aiohttp-cors ]; 370 370 "htu21d" = ps: with ps; [ smbus-cffi ]; # missing inputs: i2csense 371 - "huawei_lte" = ps: with ps; [ getmac stringcase url-normalize ]; # missing inputs: huawei-lte-api 371 + "huawei_lte" = ps: with ps; [ getmac huawei-lte-api stringcase url-normalize ]; 372 372 "huawei_router" = ps: with ps; [ ]; 373 373 "hue" = ps: with ps; [ aiohue ]; 374 374 "huisbaasje" = ps: with ps; [ ]; # missing inputs: huisbaasje-client

+4

pkgs/servers/home-assistant/default.nix

··· 459 459 "hddtemp" 460 460 "heos" 461 461 "here_travel_time" 462 + "hisense_aehw4a1" 462 463 "history" 463 464 "history_stats" 464 465 "hive" 466 + "hlk_sw16" 465 467 "home_connect" 466 468 "home_plus_control" 467 469 "homeassistant" ··· 469 471 "homekit_controller" 470 472 "homematic" 471 473 "homematicip_cloud" 474 + "honeywell" 472 475 "html5" 473 476 "http" 477 + "huawei_lte" 474 478 "hue" 475 479 "humidifier" 476 480 "hyperion"

+1 -1

pkgs/servers/sql/patroni/default.nix

··· 25 25 boto 26 26 click 27 27 consul 28 - dns 28 + dnspython 29 29 kazoo 30 30 kubernetes 31 31 prettytable

+25 -12

pkgs/tools/filesystems/ceph/default.nix

··· 2 2 , ensureNewerSourcesHook 3 3 , cmake, pkg-config 4 4 , which, git 5 - , boost, python3Packages 5 + , boost 6 6 , libxml2, zlib, lz4 7 7 , openldap, lttng-ust 8 8 , babeltrace, gperf ··· 92 92 platforms = [ "x86_64-linux" "aarch64-linux" ]; 93 93 }; 94 94 95 - ceph-common = python3Packages.buildPythonPackage rec{ 95 + ceph-common = python.pkgs.buildPythonPackage rec{ 96 96 pname = "ceph-common"; 97 97 inherit src version; 98 98 99 99 sourceRoot = "ceph-${version}/src/python-common"; 100 100 101 - checkInputs = [ python3Packages.pytest ]; 102 - propagatedBuildInputs = with python3Packages; [ pyyaml six ]; 101 + checkInputs = [ python.pkgs.pytest ]; 102 + propagatedBuildInputs = with python.pkgs; [ pyyaml six ]; 103 103 104 104 meta = getMeta "Ceph common module for code shared by manager modules"; 105 105 }; 106 106 107 - ceph-python-env = python3Packages.python.withPackages (ps: [ 107 + python = python3.override { 108 + packageOverrides = self: super: { 109 + # scipy > 1.3 breaks diskprediction_local, leading to mgr hang on startup 110 + # Bump once these issues are resolved: 111 + # https://tracker.ceph.com/issues/42764 https://tracker.ceph.com/issues/45147 112 + scipy = super.scipy.overridePythonAttrs (oldAttrs: rec { 113 + version = "1.3.3"; 114 + src = oldAttrs.src.override { 115 + inherit version; 116 + sha256 = "02iqb7ws7fw5fd1a83hx705pzrw1imj7z0bphjsl4bfvw254xgv4"; 117 + }; 118 + doCheck = false; 119 + }); 120 + }; 121 + }; 122 + 123 + ceph-python-env = python.withPackages (ps: [ 108 124 ps.sphinx 109 125 ps.flask 110 126 ps.cython ··· 122 138 ps.pyjwt 123 139 ps.webob 124 140 ps.bcrypt 125 - # scipy > 1.3 breaks diskprediction_local, leading to mgr hang on startup 126 - # Bump (and get rid of scipy_1_3) once these issues are resolved: 127 - # https://tracker.ceph.com/issues/42764 https://tracker.ceph.com/issues/45147 128 - ps.scipy_1_3 141 + ps.scipy 129 142 ps.six 130 143 ps.pyyaml 131 144 ]); ··· 147 160 148 161 nativeBuildInputs = [ 149 162 cmake 150 - pkg-config which git python3Packages.wrapPython makeWrapper 151 - python3Packages.python # for the toPythonPath function 163 + pkg-config which git python.pkgs.wrapPython makeWrapper 164 + python.pkgs.python # for the toPythonPath function 152 165 (ensureNewerSourcesHook { year = "1980"; }) 153 - python3 166 + python 154 167 fmt 155 168 # for building docs/man-pages presumably 156 169 doxygen

+2 -2

pkgs/tools/misc/disfetch/default.nix

··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 pname = "disfetch"; 7 - version = "1.22"; 7 + version = "1.24"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "llathasa-veleth"; 11 11 repo = "disfetch"; 12 12 rev = version; 13 - sha256 = "sha256-fNmoaEwRrm6EFe+BwOTwAs1THMYhcal1eshXf+1mVQg="; 13 + sha256 = "sha256-Uoc5xSyLXXEqdyYn71NK8c8A/1wQ6djYn/HHJwGg5vc="; 14 14 }; 15 15 16 16 dontBuild = true;

+3 -3

pkgs/tools/misc/dust/default.nix

··· 2 2 3 3 rustPlatform.buildRustPackage rec { 4 4 pname = "du-dust"; 5 - version = "0.5.4"; 5 + version = "0.6.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "bootandy"; 9 9 repo = "dust"; 10 10 rev = "v${version}"; 11 - sha256 = "1knl7kwngmq598bnlvlq9x8sqp914sv1abfm55kw9f7mja2d6pw0"; 11 + sha256 = "sha256-15n8CpyyC41oJRrFlNHYXF5UjOyYPX93Zrq7jcU2DVM="; 12 12 # Remove unicode file names which leads to different checksums on HFS+ 13 13 # vs. other filesystems because of unicode normalisation. 14 14 extraPostFetch = '' ··· 16 16 ''; 17 17 }; 18 18 19 - cargoSha256 = "sha256-M/CGsjhErZe4sFs6D5ZW+TWOHVkFtXgidME/GYiM6qA="; 19 + cargoSha256 = "sha256-rqNj3EwszSIn2cMmslO6T3K5NxQJ9u56m37TU1GwtVI="; 20 20 21 21 doCheck = false; 22 22

+2 -2

pkgs/tools/misc/gh-ost/default.nix

··· 2 2 3 3 buildGoPackage rec { 4 4 pname = "gh-ost"; 5 - version = "1.1.1"; 5 + version = "1.1.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "github"; 9 9 repo = "gh-ost"; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-srJXzY4TTHZDYKq8OPqin4zRoYlmaJKhHXDzO/GjBV8="; 11 + sha256 = "sha256-q1wtATFm65c2esQ+TPR2f+YafYeOmC79EumHyGxXrnE="; 12 12 }; 13 13 14 14 goPackagePath = "github.com/github/gh-ost";

+3 -3

pkgs/tools/misc/go.rice/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "go.rice"; 5 - version = "1.0.0"; 5 + version = "1.0.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "GeertJohan"; 9 9 repo = "go.rice"; 10 10 rev = "v${version}"; 11 - sha256 = "0m1pkqnx9glf3mlx5jdaby9yxccbl02jpjgpi4m7x1hb4s2gn6vx"; 11 + sha256 = "sha256-jO4otde/m52L2NrE88aXRjdGDBNxnbP1Zt+5fEqfNIc="; 12 12 }; 13 13 14 - vendorSha256 = "0cb5phyl2zm1xnkhvisv0lzgknsi93yzmpayg30w7jc6z4icwnw7"; 14 + vendorSha256 = "sha256-VlpdZcqg7yWUADN8oD/IAgAXVdzJeIeymx2Pu/7E21o="; 15 15 16 16 doCheck = false; 17 17

+1 -1

pkgs/tools/misc/ntfy/default.nix

··· 17 17 18 18 propagatedBuildInputs = with python3Packages; [ 19 19 requests ruamel_yaml appdirs 20 - sleekxmpp dns 20 + sleekxmpp dnspython 21 21 emoji 22 22 psutil 23 23 matrix-client

+3 -3

pkgs/tools/package-management/cargo-release/default.nix

··· 2 2 3 3 rustPlatform.buildRustPackage rec { 4 4 pname = "cargo-release"; 5 - version = "0.14.0"; 5 + version = "0.15.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "sunng87"; 9 9 repo = "cargo-release"; 10 10 rev = "v${version}"; 11 - sha256 = "sha256-vb2YpoF/mO/FQpXxVfJxECep5H7DCOKNcud9XqL3Bug="; 11 + sha256 = "sha256-hEpPRAUPHz9lDTJLyDMUAS+dH6hlppvi3Bb3ahnYW9U="; 12 12 }; 13 13 14 - cargoSha256 = "sha256-F4Cr20EiWIu4ghE/rDzNEHhZGJWlC9jFXi6/rc4BFy8="; 14 + cargoSha256 = "sha256-tOiralZWA21HBTxYWVB1LZH2ArfgY7HB45dVqHoXe/Q="; 15 15 16 16 nativeBuildInputs = [ pkg-config ]; 17 17 buildInputs = [ openssl ]

+2 -2

pkgs/tools/security/clamav/default.nix

··· 5 5 6 6 stdenv.mkDerivation rec { 7 7 pname = "clamav"; 8 - version = "0.103.2"; 8 + version = "0.103.3"; 9 9 10 10 src = fetchurl { 11 11 url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; 12 - sha256 = "sha256-1LXQrGZiYuQjoyb7VHeMqnxpYk1sP5VCiV/rhHgnG9I="; 12 + sha256 = "sha256-n249GESfPRo5kncdaWaFJJ36EnNv4rKSmFjyx9gnauk="; 13 13 }; 14 14 15 15 # don't install sample config files into the absolute sysconfdir folder

+1 -1

pkgs/tools/security/fierce/default.nix

··· 15 15 substituteInPlace requirements.txt --replace 'dnspython==1.16.0' 'dnspython' 16 16 ''; 17 17 18 - propagatedBuildInputs = [ python3.pkgs.dns ]; 18 + propagatedBuildInputs = [ python3.pkgs.dnspython ]; 19 19 20 20 # tests require network access 21 21 doCheck = false;

+1 -1

pkgs/tools/security/theharvester/default.nix

··· 22 22 beautifulsoup4 23 23 censys 24 24 certifi 25 - dns 25 + dnspython 26 26 gevent 27 27 grequests 28 28 lxml

+8 -1

pkgs/top-level/all-packages.nix

··· 17712 17712 suffix = "min"; 17713 17713 }; 17714 17714 17715 - poppler_utils = poppler.override { suffix = "utils"; utils = true; }; 17715 + poppler_utils = poppler.override { 17716 + suffix = "utils"; 17717 + utils = true; 17718 + }; 17716 17719 17717 17720 popt = callPackage ../development/libraries/popt { }; 17718 17721 ··· 27156 27159 27157 27160 tortoisehg = callPackage ../applications/version-management/tortoisehg { }; 27158 27161 27162 + tonelib-gfx = callPackage ../applications/audio/tonelib-gfx { }; 27163 + 27159 27164 tony = libsForQt514.callPackage ../applications/audio/tony { }; 27160 27165 27161 27166 toot = callPackage ../applications/misc/toot { }; ··· 30445 30450 apmplanner2 = libsForQt514.callPackage ../applications/science/robotics/apmplanner2 { }; 30446 30451 30447 30452 betaflight-configurator = callPackage ../applications/science/robotics/betaflight-configurator { }; 30453 + 30454 + emuflight-configurator = callPackage ../applications/science/robotics/emuflight-configurator { }; 30448 30455 30449 30456 mission-planner = callPackage ../applications/science/robotics/mission-planner { }; 30450 30457

+1

pkgs/top-level/python-aliases.nix

··· 36 36 blockdiagcontrib-cisco = throw "blockdiagcontrib-cisco is not compatible with blockdiag 2.0.0 and has been removed."; # Added 2020-11-29 37 37 bugseverywhere = throw "bugseverywhere has been removed: Abandoned by upstream."; # Added 2019-11-27 38 38 detox = throw "detox is no longer maintained, and was broken since may 2019"; # added 2020-07-04 39 + dns = dnspython; # Alias for compatibility, 2017-12-10 39 40 faulthandler = throw "faulthandler is built into ${python.executable}"; 40 41 gitdb2 = throw "gitdb2 has been deprecated, use gitdb instead."; # added 2020-03-14 41 42 glances = throw "glances has moved to pkgs.glances"; # added 2020-20-28

+11 -18

pkgs/top-level/python-packages.nix

··· 2106 2106 2107 2107 dnspython = callPackage ../development/python-modules/dnspython { }; 2108 2108 2109 - dnspython_1 = callPackage ../development/python-modules/dnspython/1.nix { }; 2110 - 2111 - dns = self.dnspython; # Alias for compatibility, 2017-12-10 2112 - 2113 2109 doc8 = callPackage ../development/python-modules/doc8 { }; 2114 2110 2115 2111 docker = callPackage ../development/python-modules/docker { }; ··· 2388 2384 bzip2 2389 2385 expat 2390 2386 lz4 2391 - lzma 2387 + xz 2392 2388 zlib 2393 2389 zstd; 2394 2390 }; ··· 3254 3250 3255 3251 hkdf = callPackage ../development/python-modules/hkdf { }; 3256 3252 3253 + hlk-sw16 = callPackage ../development/python-modules/hlk-sw16 { }; 3254 + 3257 3255 hmmlearn = callPackage ../development/python-modules/hmmlearn { }; 3258 3256 3259 3257 hocr-tools = callPackage ../development/python-modules/hocr-tools { }; ··· 3326 3324 3327 3325 httpx = callPackage ../development/python-modules/httpx { }; 3328 3326 3327 + huawei-lte-api = callPackage ../development/python-modules/huawei-lte-api { }; 3328 + 3329 3329 huey = callPackage ../development/python-modules/huey { }; 3330 3330 3331 3331 hug = callPackage ../development/python-modules/hug { }; ··· 3363 3363 hyperlink = callPackage ../development/python-modules/hyperlink { }; 3364 3364 3365 3365 hyperopt = callPackage ../development/python-modules/hyperopt { }; 3366 - 3367 - # File name is called 2.nix because this one will need to remain for Python 2. 3368 - hypothesis_4 = callPackage ../development/python-modules/hypothesis/2.nix { }; 3369 3366 3370 3367 hypothesis-auto = callPackage ../development/python-modules/hypothesis-auto { }; 3371 3368 ··· 5277 5274 pmsensor = callPackage ../development/python-modules/pmsensor { }; 5278 5275 5279 5276 ppdeep = callPackage ../development/python-modules/ppdeep { }; 5277 + 5278 + pyaehw4a1 = callPackage ../development/python-modules/pyaehw4a1 { }; 5280 5279 5281 5280 pyatag = callPackage ../development/python-modules/pyatag { }; 5282 5281 ··· 6927 6926 6928 6927 python-logstash = callPackage ../development/python-modules/python-logstash { }; 6929 6928 6929 + python-louvain = callPackage ../development/python-modules/python-louvain { }; 6930 + 6930 6931 python-ly = callPackage ../development/python-modules/python-ly { }; 6931 6932 6932 6933 python-lz4 = callPackage ../development/python-modules/python-lz4 { }; ··· 7694 7695 7695 7696 scikit-tda = callPackage ../development/python-modules/scikit-tda { }; 7696 7697 7697 - scipy_1_3 = self.scipy.overridePythonAttrs (oldAttrs: rec { 7698 - version = "1.3.3"; 7699 - src = oldAttrs.src.override { 7700 - inherit version; 7701 - sha256 = "02iqb7ws7fw5fd1a83hx705pzrw1imj7z0bphjsl4bfvw254xgv4"; 7702 - }; 7703 - doCheck = false; 7704 - disabled = !isPy3k; 7705 - }); 7706 - 7707 7698 scipy_1_4 = self.scipy.overridePythonAttrs (oldAttrs: rec { 7708 7699 version = "1.4.1"; 7709 7700 src = oldAttrs.src.override { ··· 8012 8003 solo-python = disabledIf (!pythonAtLeast "3.6") (callPackage ../development/python-modules/solo-python { }); 8013 8004 8014 8005 somajo = callPackage ../development/python-modules/somajo { }; 8006 + 8007 + somecomfort = callPackage ../development/python-modules/somecomfort { }; 8015 8008 8016 8009 sopel = callPackage ../development/python-modules/sopel { }; 8017 8010

+2 -2

pkgs/top-level/python2-packages.nix

··· 82 82 83 83 django_evolution = callPackage ../development/python-modules/django_evolution { }; 84 84 85 - dnspython = super.dnspython_1; 85 + dnspython = callPackage ../development/python-modules/dnspython/1.nix { }; 86 86 87 87 docker-py = disabled super.docker-py; 88 88 ··· 172 172 173 173 http_signature = callPackage ../development/python-modules/http_signature { }; 174 174 175 - hypothesis = super.hypothesis_4; 175 + hypothesis = callPackage ../development/python-modules/hypothesis/2.nix { }; 176 176 177 177 idna = callPackage ../development/python-modules/idna/2.nix { }; 178 178