Home Explore Blog Models CI



nixpkgs
17th chunk of `nixos/doc/manual/release-notes/rl-2411.section.md`
37ec4363fef6b0e1db7fad1ee3b7cbb0b70f66b844b839f90000000100000fab
- A few options of `services.samba` have been moved from `extraConfig` and `configText` to the new freeform option `settings` and renamed, e.g.:
  - `services.samba.invalidUsers` to `services.samba.settings.global."invalid users"`
  - `services.samba.securityType` to `services.samba.settings.global."security type"`
  - `services.samba.shares` to `services.samba.settings`
  - `services.samba.enableWinbindd` to `services.samba.winbindd.enable`
  - `services.samba.enableNmbd` to `services.samba.nmbd.enable`

- `zx` was updated to v8, which introduces several breaking changes.
  See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.

- `feishin` removed support for Navidrome `< v0.53.2` due to an API change. See the [v0.10.0 release notes](https://github.com/jeffvli/feishin/releases/tag/v0.10.0) for more information.

- `services.dnscrypt-wrapper` was removed, as the project has been effectively unmaintained since 2018. Moreover, the NixOS module had to rely on an abandoned version of `dnscrypt-proxy` v1 for the rotation of keys.
  To wrap a resolver with DNSCrypt, you can instead use `dnsdist`. See `services.dnsdist.dnscrypt`

- The `portunus` package and service do not support weak password hashes anymore.
  If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing.
  Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes.
  If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration:
  ```nix
  {
    services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
    services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
  }
  ```

- The default value of `services.kubernetes.kubelet.hostname` is now lowercased.
  Explicitly set `kubelet.hostname` to `networking.fqdnOrHostName` to get back
  the old default behavior.

- Docker now defaults to 27.x, as version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).

- `keycloak` was updated to version 25, which introduces new hostname related options.
  See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.

- `programs.vim.defaultEditor` now only works if `programs.vim.enable` is enabled.

- `services.mautrix-meta` was updated to [0.4](https://github.com/mautrix/meta/releases/tag/v0.4.0). This release makes significant changes to the settings format. If you have custom settings you should migrate them to the new format. Unfortunately upstream provides little guidance for how to do this, but [the auto-migration code](https://github.com/mautrix/meta/blob/f5440b05aac125b4c95b1af85635a717cbc6dd0e/cmd/mautrix-meta/legacymigrate.go#L23) may serve as a useful reference. The NixOS module should warn you if you still have any old settings configured.

- The `nodePackages.shout` package has been removed because it was deprecated upstream in favor of `thelounge`.
  The `shout` top-level attribute was an alias to this package.
  The associated `services.shout` module has also been removed.

- `prometheus-openldap-exporter` was removed, as it was unmaintained both upstream and in nixpkgs.

- The `indi-full` package no longer contains non-free drivers.
  To get the old collection of drivers use `indi-full-nonfree` or create your own collection of drivers by overriding indi-with-drivers.
  E.g.: `pkgs.indi-with-drivers.override {extraDrivers = with pkgs.indi-3rdparty; [indi-gphoto];}`

- `/share/vim-plugins` now only gets linked if `programs.vim.enable` is enabled

- The `services.guix` module now manages trusted substitute servers
Title: Software Updates, Deprecations, and Configuration Adjustments
Summary
This document details recent updates, deprecations, and configuration shifts across system services and packages. Significant changes include: `services.samba` options refactored; `zx` updated to v8; `keycloak` to v25 with new hostname options; `mautrix-meta` to v0.4 with revised settings. `Portunus` now mandates strong password hashes, requiring upgrades or legacy package use. Docker defaults to 27.x. Removed components include `services.dnscrypt-wrapper`, `nodePackages.shout` (and its module), and `prometheus-openldap-exporter` due to lack of maintenance or deprecation. `feishin` dropped older Navidrome support. Other adjustments: `services.kubernetes.kubelet.hostname` defaults to lowercase; `indi-full` no longer includes non-free drivers; `programs.vim` options and `/share/vim-plugins` linking are now conditional on `programs.vim.enable`. `services.guix` now manages trusted substitute servers.