Home Explore Blog Models CI



nixpkgs
3rd chunk of `nixos/doc/manual/release-notes/rl-1609.section.md`
1460645dde22a5b6ebb6656d3cda4be9457833a67c7edfb20000000100000d72
- Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.

- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).

- `fonts.fontconfig.ultimate.rendering` was removed because our presets were obsolete for some time. New presets are hardcoded into FreeType; you can select a preset via `fonts.fontconfig.ultimate.preset`. You can customize those presets via ordinary environment variables, using `environment.variables`.

- The `audit` service is no longer enabled by default. Use `security.audit.enable = true` to explicitly enable it.

- `pkgs.linuxPackages.virtualbox` now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new `pkgs.virtualbox` instead.

- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There's also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.

- `services.mongodb.extraConfig` configuration format was changed to YAML.

- PHP has been upgraded to 7.0

Other notable improvements:

- Revamped grsecurity/PaX support. There is now only a single general-purpose distribution kernel and the configuration interface has been streamlined. Desktop users should be able to set

  ```nix
  { security.grsecurity.enable = true; }
  ```

  to get a reasonably secure system without having to sacrifice too much functionality.

- Special filesystems, like `/proc`, `/run` and others, now have the same mount options as recommended by systemd and are unified across different places in NixOS. Mount options are updated during `nixos-rebuild switch` if possible. One benefit from this is improved security --- most such filesystems are now mounted with `noexec`, `nodev` and/or `nosuid` options.

- The reverse path filter was interfering with DHCPv4 server operation in the past. An exception for DHCPv4 and a new option to log packets that were dropped due to the reverse path filter was added (`networking.firewall.logReversePathDrops`) for easier debugging.

- Containers configuration within `containers.<name>.config` is [now properly typed and checked](https://github.com/NixOS/nixpkgs/pull/17365). In particular, partial configurations are merged correctly.

- The directory container setuid wrapper programs, `/var/setuid-wrappers`, [is now updated atomically to prevent failures if the switch to a new configuration is interrupted.](https://github.com/NixOS/nixpkgs/pull/18124)

- `services.xserver.startGnuPGAgent` has been removed due to GnuPG 2.1.x bump. See [ how to achieve similar behavior](https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c). You might need to `pkill gpg-agent` after the upgrade to prevent a stale agent being in the way.

- [ Declarative users could share the uid due to the bug in the script handling conflict resolution. ](https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147)

- Gummi boot has been replaced using systemd-boot.

- Hydra package and NixOS module were added for convenience.
Title: NixOS/Nixpkgs Updates: Configuration Changes, Deprecations, and System Enhancements
Summary
This NixOS/Nixpkgs update details configuration changes, deprecations, and system enhancements. Key incompatible changes include: `gitlab-runner` script split; `libinput.accelProfile` default now `adaptive`; `fonts.fontconfig.ultimate.rendering` removed, replaced by `ultimate.preset`; `audit` service disabled by default; `pkgs.linuxPackages.virtualbox` now only kernel modules (user-space is `pkgs.virtualbox`); `goPackages` replaced by individual apps and `go2nix`; `services.mongodb.extraConfig` now YAML; PHP upgraded to 7.0; and `services.xserver.startGnuPGAgent` removed due to GnuPG 2.1.x. Notable improvements: revamped grsecurity/PaX; unified, more secure mount options for special filesystems (`noexec`, `nodev`, `nosuid`); DHCPv4 reverse path filter fix with new logging; `containers.<name>.config` now typed and checked; atomic `/var/setuid-wrappers` updates; declarative user UID conflict resolution; systemd-boot replaces Gummi boot; and Hydra package/NixOS module addition.