Home Explore Blog Models CI



nixpkgs
20th chunk of `nixos/doc/manual/release-notes/rl-2311.section.md`
24caa3fb60c7c144755e4caa8a23ebcf2b27a966f6156ade0000000100000fce
  with WireGuard. Available as
  [services.rosenpass](#opt-services.rosenpass.enable).

- [c2FmZQ](https://github.com/c2FmZQ/c2FmZQ/), an application that can securely
  encrypt, store, and share files, including but not limited to pictures and
  videos. Available as
  [services.c2fmzq-server](#opt-services.c2fmzq-server.enable).

- [preload](http://sourceforge.net/projects/preload), a service that makes
  applications run faster by prefetching binaries and shared objects.
  Available as [services.preload](#opt-services.preload.enable).

### Other Notable Changes {#sec-release-23.11-nixos-notable-changes}

- The new option `system.switch.enable` was added. It is enabled by default.
  Disabling it makes the system unable to be reconfigured via `nixos-rebuild`.
  This is of advantage for image based appliances where updates are handled
  outside the image.

- `services.searx` receives new options for better SearXNG support. This
  includes options for the built-in rate limiter, bot protection and
  automatically configuring a local Redis server.

- The iptables firewall module installs the `nixos-firewall-tool` now which
  allows the user to easily temporarily open ports through the firewall.

- A new option was added to the virtualisation module that enables specifying
  explicitly named network interfaces in QEMU VMs. The existing
  `virtualisation.vlans` is still supported for cases where the name of the
  network interface is irrelevant.

- `services.outline` can be configured to use local filesystem storage now.
  Previously ony S3 storage was possible. This may be set using
  [services.outline.storage.storageType](#opt-services.outline.storage.storageType).

- `pkgs.openvpn3` optionally supports systemd-resolved now. `programs.openvpn3`
  will automatically enable systemd-resolved support if
  [services.resolved.enable](#opt-services.resolved.enable) is set to true.

- The
  [services.woodpecker-server.environmentFile](#opt-services.woodpecker-server.environmentFile)
  type was changed to list of paths to be more consistent to the
  woodpecker-agent module

- `services.matrix-synapse` has new options to configure worker processes for
  matrix-synapse using
  [`services.matrix-synapse.workers`](#opt-services.matrix-synapse.workers).
  Configuring a local redis server using
  [`services.matrix-synapse.configureRedisLocally`](#opt-services.matrix-synapse.configureRedisLocally)
  is also possible now.

- The `services.nginx` module gained a `defaultListen` option at server-level
  with support for PROXY protocol listeners. Also `proxyProtocol` is exposed in
  the `services.nginx.virtualHosts.<name>.listen` option now. This it is
  possible to run PROXY listeners and non-PROXY listeners at a server-level.
  Refer to [PR #213510](https://github.com/NixOS/nixpkgs/pull/213510/) for more
  details.

- `services.restic.backups` adds wrapper scripts to your system path now. This
  wrapper script sets the same environment variables as the service, so restic
  operations can easily be run from the command line. This behavior can be
  disabled by setting `createWrapper` to `false`, for each backup
  configuration.

- `services.prometheus.exporters` has a new exporter to monitor electrical
  power consumption based on PowercapRAPL sensor called
  [Scaphandre](https://github.com/hubblo-org/scaphandre). Refer to [PR
  #239803](https://github.com/NixOS/nixpkgs/pull/239803) for more details.

- The `services.calibre-server` module has new options to configure the `host`,
  `port`, `auth.enable`, `auth.mode` and `auth.userDb` path. Refer to [PR
  #216497](https://github.com/NixOS/nixpkgs/pull/216497/) for more details.

- `services.prometheus.exporters` has a new
  [exporter](https://github.com/hipages/php-fpm_exporter) to monitor PHP-FPM
  processes. Refer to [PR
  #240394](https://github.com/NixOS/nixpkgs/pull/240394) for more details.

- `services.github-runner` and `services.github-runners.<name>` gained the
  option `nodeRuntimes`. This option defaults to `[ "node20" ]`.  I.e., the
Title: New Service Additions and System-Wide Enhancements
Summary
This chunk concludes a list of new services: Rosenpass (post-quantum VPN), c2FmZQ (secure file sharing), and preload (application prefetching). It then details 'Other Notable Changes,' covering various system and service enhancements. Key updates include: a new `system.switch.enable` option to control `nixos-rebuild`; `nixos-firewall-tool` for temporary port opening; explicit network interface naming in QEMU VMs; improved `services.searx` with SearXNG features (rate limiting, bot protection, Redis); local filesystem storage for `services.outline`; systemd-resolved support for `pkgs.openvpn3`; `services.woodpecker-server.environmentFile` type change; new worker/Redis config for `services.matrix-synapse`; `services.nginx` enhancements (`defaultListen`, `proxyProtocol`); `services.restic.backups` wrapper scripts; new Prometheus exporters (Scaphandre for power, PHP-FPM); extended `services.calibre-server` options (host, port, auth); and a `nodeRuntimes` option for `services.github-runner`.