Home Explore Blog CI



nixpkgs
22th chunk of `nixos/doc/manual/release-notes/rl-2411.section.md`
184ce7f73baa1ef29539dba4abe8c76862e74dad0b52e7ba000000010000109c
- Tailscale's `authKeyFile` can now have its corresponding parameters set through `config.services.tailscale.authKeyParameters`, allowing for non-ephemeral unsupervised deployment and more.
  See [Registering new nodes using OAuth credentials](https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials) for the supported options.

- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.

- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.

- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations.

- [`services.jupyter`](#opt-services.jupyter.enable) is now compatible with `Jupyter Notebook 7`. See [the migration guide](https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html) for details.

- The kubelet configuration file can now be amended with arbitrary additional content using the `services.kubernetes.kubelet.extraConfig` option.

- The `services.seafile` module was updated to major version 11.
  - As part of this upgrade, the database backend will be migrated to MySQL.
    This process should be automatic, but in case of a botched migration,
    old sqlite files are not removed and can be used to manually migrate the database.
  - Additionally, the updated CSRF protection may prevent some users from logging in.
    Specific origin addresses can be whitelisted using the `services.seafile.seahubExtraConf` option
    (e.g. `services.seafile.seahubExtraConf = ''CSRF_TRUSTED_ORIGINS = ["https://example.com"]'';`).
    Note that first solution of the [official FAQ answer](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=BQhH-2HSQs68Nq2EW91DBA)
    is not allowed by the `services.nginx` module's config-checker.

- The new option `boot.binfmt.addEmulatedSystemsToNixSandbox` allows you to skip adding the emulated systems to `nix.settings.extra-platforms`. Now you can emulate foreign binaries locally while only building them on native remote builders.

- The latest available version of Nextcloud is v30 (available as `pkgs.nextcloud30`). The installation logic is as follows:
  - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
  - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.
  - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.11, `pkgs.nextcloud30` will be installed by default.
  - Please note that an upgrade from v28 (or older) to v30 directly is not possible. Please upgrade to `nextcloud29` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud29;`](options.html#opt-services.nextcloud.package).

- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
  The derivation now installs "impl" headers selectively instead of by a wildcard.
  Use `imgui.src` if you just want to access the unpacked sources.

- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.

- The `boot.loader.raspberryPi` options were marked as deprecated in 23.11 and have now been removed.

- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.

- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
  unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.

- The `i18n.inputMethod` module introduces two new properties:
  `enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.
Title: Further Updates and Changes in NixOS 24.11: Tailscale, Kanidm, Jupyter, Seafile, and More
Summary
This section details additional updates in NixOS 24.11, including enhanced Tailscale auth key configuration, default IPv6 setup in `nixosTests`, Kanidm provisioning and service type corrections, and compatibility of `services.jupyter` with Jupyter Notebook 7. The kubelet configuration can now be amended with `services.kubernetes.kubelet.extraConfig`, and the `services.seafile` module is updated to version 11, migrating to MySQL and requiring potential CSRF origin whitelisting. A new option, `boot.binfmt.addEmulatedSystemsToNixSandbox`, is added for emulating foreign binaries. Nextcloud is updated to v30 with specific upgrade paths. The `imgui` package now builds a static archive, and `boot.loader.systemd-boot.windows` simplifies dual-boot setup. Linux 4.19 is removed, unprivileged `dmesg` access is restricted, and the `i18n.inputMethod` module is updated with `enable` and `type` properties, deprecating `enabled`.