[services.soft-serve](#opt-services.soft-serve.enable).
- [Rosenpass](https://rosenpass.eu/), a service for post-quantum-secure VPNs
with WireGuard. Available as
[services.rosenpass](#opt-services.rosenpass.enable).
- [c2FmZQ](https://github.com/c2FmZQ/c2FmZQ/), an application that can securely
encrypt, store, and share files, including but not limited to pictures and
videos. Available as
[services.c2fmzq-server](#opt-services.c2fmzq-server.enable).
- [preload](http://sourceforge.net/projects/preload), a service that makes
applications run faster by prefetching binaries and shared objects.
Available as [services.preload](#opt-services.preload.enable).
### Other Notable Changes {#sec-release-23.11-nixos-notable-changes}
- The new option `system.switch.enable` was added. It is enabled by default.
Disabling it makes the system unable to be reconfigured via `nixos-rebuild`.
This is of advantage for image based appliances where updates are handled
outside the image.
- `services.searx` receives new options for better SearXNG support. This
includes options for the built-in rate limiter, bot protection and
automatically configuring a local Redis server.
- The iptables firewall module installs the `nixos-firewall-tool` now which
allows the user to easily temporarily open ports through the firewall.
- A new option was added to the virtualisation module that enables specifying
explicitly named network interfaces in QEMU VMs. The existing
`virtualisation.vlans` is still supported for cases where the name of the
network interface is irrelevant.
- `services.outline` can be configured to use local filesystem storage now.
Previously ony S3 storage was possible. This may be set using
[services.outline.storage.storageType](#opt-services.outline.storage.storageType).
- `pkgs.openvpn3` optionally supports systemd-resolved now. `programs.openvpn3`
will automatically enable systemd-resolved support if
[services.resolved.enable](#opt-services.resolved.enable) is set to true.
- The
[services.woodpecker-server.environmentFile](#opt-services.woodpecker-server.environmentFile)
type was changed to list of paths to be more consistent to the
woodpecker-agent module
- `services.matrix-synapse` has new options to configure worker processes for
matrix-synapse using
[`services.matrix-synapse.workers`](#opt-services.matrix-synapse.workers).
Configuring a local redis server using
[`services.matrix-synapse.configureRedisLocally`](#opt-services.matrix-synapse.configureRedisLocally)
is also possible now.
- The `services.nginx` module gained a `defaultListen` option at server-level
with support for PROXY protocol listeners. Also `proxyProtocol` is exposed in
the `services.nginx.virtualHosts.<name>.listen` option now. This it is
possible to run PROXY listeners and non-PROXY listeners at a server-level.
Refer to [PR #213510](https://github.com/NixOS/nixpkgs/pull/213510/) for more
details.
- `services.restic.backups` adds wrapper scripts to your system path now. This
wrapper script sets the same environment variables as the service, so restic
operations can easily be run from the command line. This behavior can be
disabled by setting `createWrapper` to `false`, for each backup
configuration.
- `services.prometheus.exporters` has a new exporter to monitor electrical
power consumption based on PowercapRAPL sensor called
[Scaphandre](https://github.com/hubblo-org/scaphandre). Refer to [PR
#239803](https://github.com/NixOS/nixpkgs/pull/239803) for more details.
- The `services.calibre-server` module has new options to configure the `host`,
`port`, `auth.enable`, `auth.mode` and `auth.userDb` path. Refer to [PR
#216497](https://github.com/NixOS/nixpkgs/pull/216497/) for more details.
- `services.prometheus.exporters` has a new
[exporter](https://github.com/hipages/php-fpm_exporter) to monitor PHP-FPM
processes. Refer to [PR
#240394](https://github.com/NixOS/nixpkgs/pull/240394) for more details.