Home Explore Blog CI



nixpkgs
3rd chunk of `nixos/doc/manual/release-notes/rl-2105.section.md`
015ae5f2c4148857db57e295bdd45ca5fd2485bd7f86fa3d0000000100001080
- The socket for the `pdns-recursor` module was moved from `/var/lib/pdns-recursor` to `/run/pdns-recursor` to match upstream.

- Paperwork was updated to version 2. The on-disk format slightly changed, and it is not possible to downgrade from Paperwork 2 back to Paperwork 1.3. Back your documents up before upgrading. See [this thread](https://forum.openpaper.work/t/paperwork-2-0/112/5) for more details.

- PowerDNS has been updated from `4.2.x` to `4.3.x`. Please be sure to review the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0) provided by upstream before upgrading. Worth specifically noting is that the service now runs entirely as a dedicated `pdns` user, instead of starting as `root` and dropping privileges, as well as the default `socket-dir` location changing from `/var/lib/powerdns` to `/run/pdns`.

- The `mediatomb` service is now using by default the new and maintained fork `gerbera` package instead of the unmaintained `mediatomb` package. If you want to keep the old behavior, you must declare it with:

  ```nix
  {
    services.mediatomb.package = pkgs.mediatomb;
  }
  ```

  One new option `openFirewall` has been introduced which defaults to false. If you relied on the service declaration to add the firewall rules itself before, you should now declare it with:

  ```nix
  {
    services.mediatomb.openFirewall = true;
  }
  ```

- xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation. Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16. If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them with `mkfs.xfs -m reflink=0`.

- The uWSGI server is now built with POSIX capabilities. As a consequence, root is no longer required in emperor mode and the service defaults to running as the unprivileged `uwsgi` user. Any additional capability can be added via the new option [services.uwsgi.capabilities](options.html#opt-services.uwsgi.capabilities). The previous behaviour can be restored by setting:

  ```nix
  {
    services.uwsgi.user = "root";
    services.uwsgi.group = "root";
    services.uwsgi.instance =
      {
        uid = "uwsgi";
        gid = "uwsgi";
      };
  }
  ```

  Another incompatibility from the previous release is that vassals running under a different user or group need to use `immediate-{uid,gid}` instead of the usual `uid,gid` options.

- btc1 has been abandoned upstream, and removed.

- cpp_ethereum (aleth) has been abandoned upstream, and removed.

- riak-cs package removed along with `services.riak-cs` module.

- stanchion package removed along with `services.stanchion` module.

- mutt has been updated to a new major version (2.x), which comes with some backward incompatible changes that are described in the [release notes for Mutt 2.0](http://www.mutt.org/relnotes/2.0/).

- `vim` and `neovim` switched to Python 3, dropping all Python 2 support.

- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory's permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).

- [boot.zfs.forceImportAll](options.html#opt-boot.zfs.forceImportAll) previously did nothing, but has been fixed. However its default has been changed to `false` to preserve the existing default behaviour. If you have this explicitly set to `true`, please note that your non-root pools will now be forcibly imported.

- openafs now points to openafs_1_8, which is the new stable release. OpenAFS 1.6 was removed.

- The WireGuard module gained a new option `networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds` that implements refreshing the IP of DNS-based endpoints periodically (which WireGuard itself [cannot do](https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html)).
Title: NixOS Release 21.05 Incompatibilities and Changes (Continued)
Summary
Further backward incompatibilities and changes in NixOS 21.05 include changes to the `pdns-recursor` socket location, an update to Paperwork version 2 and potential upgrade issues, PowerDNS updates with a switch to a dedicated user, the replacement of `mediatomb` with `gerbera` and related firewall options, enabling reflink support in xfsprogs, using POSIX capabilities for uWSGI, removal of `btc1`, `cpp_ethereum`, `riak-cs`, and `stanchion`, an update to Mutt 2.x, Python 3 migration for Vim and Neovim, fixes to `generatePrivateKeyFile` for WireGuard, corrected behavior for `boot.zfs.forceImportAll`, and the addition of dynamic endpoint refresh for WireGuard peers. The openafs package was updated, and OpenAFS 1.6 was removed.