Networking, System, and Application Configuration Updates

- In addition to the hostname, the fully qualified domain name (FQDN), which consists of `${networking.hostName}` and `${networking.domain}` is now added to `/etc/hosts`, to allow local FQDN resolution, as used by the `hostname --fqdn` command and other applications that try to determine the FQDN. These new entries take precedence over entries from the DNS which could cause regressions in some very specific setups. Additionally the hostname is now resolved to `127.0.0.2` instead of `127.0.1.1` to be consistent with what `nss-myhostname` (from systemd) returns. The old behaviour can e.g. be restored by using `networking.hosts = lib.mkForce { "127.0.1.1" = [ config.networking.hostName ]; };`. - The hostname (`networking.hostName`) must now be a valid DNS label (see RFC 1035, RFC 1123) and as such must not contain the domain part. This means that the hostname must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname (`uname --nodename`) the option `boot.kernel.sysctl."kernel.hostname"` can be used as a workaround (but be aware of the 64 character limit). - The GRUB specific option `boot.loader.grub.extraInitrd` has been replaced with the generic option `boot.initrd.secrets`. This option creates a secondary initrd from the specified files, rather than using a manually created initrd file. Due to an existing bug with `boot.loader.grub.extraInitrd`, it is not possible to directly boot an older generation that used that option. It is still possible to rollback to that generation if the required initrd file has not been deleted. - The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can't be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205). - In the `resilio` module, [services.resilio.httpListenAddr](options.html#opt-services.resilio.httpListenAddr) has been changed to listen to `[::1]` instead of `0.0.0.0`. - `sslh` has been updated to version `1.21`. The `ssl` probe must be renamed to `tls` in [services.sslh.appendConfig](options.html#opt-services.sslh.appendConfig). - Users of [OpenAFS 1.6](http://openafs.org) must upgrade their services to OpenAFS 1.8! In this release, the OpenAFS package version 1.6.24 is marked broken but can be used during transition to OpenAFS 1.8.x. Use the options `services.openafsClient.packages.module`, `services.openafsClient.packages.programs` and `services.openafsServer.package` to select a different OpenAFS package. OpenAFS 1.6 will be removed in the next release. The package `openafs` and the service options will then silently point to the OpenAFS 1.8 release. See also the OpenAFS [Administrator Guide](http://docs.openafs.org/AdminGuide/index.html) for instructions. Beware of the following when updating servers: - The storage format of the server key has changed and the key must be converted before running the new release. - When updating multiple database servers, turn off the database servers from the highest IP down to the lowest with resting periods in between. Start up in reverse order. Do not concurrently run database servers working with different OpenAFS releases! - Update servers first, then clients. - Radicale's default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher. - `udpt` experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml. The new configuration documentation can be found at [the official website](https://naim94a.github.io/udpt/config.html) and example configuration is packaged in `${udpt}/share/udpt/udpt.toml`.

This chunk outlines several system and application updates. `/etc/hosts` now includes the FQDN and resolves the hostname to `127.0.0.2` (previously `127.0.1.1`), while `networking.hostName` must conform to DNS label standards (RFC 1035/1123). The GRUB-specific `boot.loader.grub.extraInitrd` option has been replaced by the generic `boot.initrd.secrets`. The unmaintained `DNSChain` package was removed. `services.resilio.httpListenAddr` now defaults to `[::1]`, and `sslh` 1.21 requires renaming the `ssl` probe to `tls`. OpenAFS users must upgrade from 1.6 to 1.8, with specific instructions for server updates. Radicale's default package changed from 2.x to 3.x (auto-upgrading with `stateVersion` 20.09+), and `udpt` was rewritten, switching its configuration format from ini to toml.