- `services.netbox` now support RFC42-style options, through `services.netbox.settings`.

- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.

- `services.borgmatic` now allows for multiple configurations, placed in `/etc/borgmatic.d/`, you can define them with `services.borgmatic.configurations`.

- `service.openafsServer` features a new backup server `pkgs.fabs` as a
  replacement for openafs's own `buserver`. See
  [FABS](https://github.com/openafs-contrib/fabs) to check if this is an viable
  replacement. It stores backups as volume dump files and thus better integrates
  into contemporary backup solutions.

- `services.maddy` got several updates:
  - Configuration of users and their credentials using `services.maddy.ensureCredentials`.
  - TLS configuration is now possible via `services.maddy.tls` with two loaders present: ACME and file based.

- The `dnsmasq` service now takes configuration via the
  `services.dnsmasq.settings` attribute set. The option
  `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
  end of life.

- The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed.
  The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans.
  Passing plain PHP is no longer possible.
  Same applies to `acl` which now also only accepts structured `settings`.

- The `zsh` package changes the way to set environment variables on NixOS systems where `programs.zsh.enable` equals `false`.  It now sources `/etc/set-environment` when reading the system-level `zshenv` file.  Before, it sourced `/etc/profile` when reading the system-level `zprofile` file.

- The `wordpress` service now takes configuration via the `services.wordpress.sites.<name>.settings` attribute set, `extraConfig` is still available to append  additional text to `wp-config.php`.

- To reduce closure size in `nixos/modules/profiles/minimal.nix` profile disabled installation documentations and manuals. Also disabled `logrotate` and `udisks2` services.

- To reduce closure size in `nixos/modules/installer/netboot/netboot-minimal.nix` profile disabled load linux firmwares, pre-installing the complete stdenv and `networking.wireless` service.

- The minimal ISO image now uses the `nixos/modules/profiles/minimal.nix` profile.

- NixOS installer ISOs can now be built for `powerpc64le-linux`; see `nixos/modules/installer/sd-card/sd-image-powerpc64le.nix` and [PR 192672](https://github.com/NixOS/nixpkgs/pull/192672).  Hydra does not support this platform, so you must build the binaries yourself.

- The `ghcWithPackages` and `ghcWithHoogle` wrappers will now also symlink GHC's
  and all included libraries' documentation to `$out/share/doc` for convenience.
  If undesired, the old behavior can be restored by overriding the builders with
  `{ installDocumentation = false; }`.

- The nftables module now validates its ruleset at build time. The new `networking.nftables.checkRuleset` option allows disabling this check, which may fail when rules have very specific requirements, that the sandbox environment, by default, will not cover. The `networking.nftables.preCheckRuleset` option can be used to prepare the environment before the checks are run.

- The `services.mastodon` module now supports connection to a remote `PostgreSQL` database.

- [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication.
  - If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set).