Home Explore Blog Models CI



nixpkgs
10th chunk of `nixos/doc/manual/release-notes/rl-2505.section.md`
3ce3bfee54a20a0c6d899367bafa52a058aef0097a573c36000000010000102f
  Note that options other than `services.pdns-recursor.settings` are unaffacted by this change.

- The `virtualisation.hypervGuest.videoMode` option has been removed. Standard tooling can now be used to configure display modes for Hyper-V VMs.

- Nextcloud's default FPM pool settings have been increased according to upstream recommentations. It's advised
  to review the new defaults and description of
  [](#opt-services.nextcloud.poolSettings).

- In `users.users` subuid allocation on systems with multiple users it could happen that some users' allocated subuid ranges collided with others. Now these users get new subuid ranges assigned. When this happens, a warning is issued on the first activation. If the subuids were used (e.g. with rootless container managers like podman), please change the ownership of affected files accordingly.

- The `services.locate` module does no longer support findutil's `locate` due to its inferior performance compared to `mlocate` and `plocate`. The new default is `plocate`.
  As the `service.locate.localuser` option only applied when using findutil's `locate`, it has also been removed.

- `services.paperless` now installs `paperless-manage` as a normal system package instead of creating a symlink in `/var/lib/paperless`.
  `paperless-manage` now also changes to the appropriate user when being executed.

- `asusd` has been upgraded to version 6 which supports multiple aura devices. To account for this, the single `auraConfig` configuration option has been replaced with `auraConfigs` which is an attribute set of config options per each device. The config files may also be now specified as either source files or text strings; to account for this you will need to specify that `text` is used for your existing configs, e.g.:
  ```diff
  -services.asusd.asusdConfig = '''file contents'''
  +services.asusd.asusdConfig.text = '''file contents'''
  ```

- `linuxPackages.nvidiaPackages.stable` now defaults to the `production` variant instead of `latest`.

- `services.paperless.address` no longer accepts a domain name or Unix domain socket.

- `networking.wireguard.enable = true` does not always add `wireguard-tools` to system packages anymore. Only when wireguard interfaces are configured, the backing implementation packages are added to system PATH.

- `virtualisation/azure-common.nix`'s filesystem and grub configurations have been moved to `virtualisation/azure-image.nix`. This makes `azure-common.nix` more generic so it could be used for users who generate Azure image using other methods (e.g. nixos-generators and disko). For existing users depending on these configurations, please also import `azure-image.nix`.

- `services.signald` has been removed as `signald` is unmaintained upstream and has been incompatible to official Signal servers for a long while.

- The `earlyoom` service is now using upstream systemd service, which enables
  hardening and filesystem isolation by default. If you need filesystem write
  access or want to access home directory via `killHook`, hardening setting can
  be changed via, e.g. `systemd.services.earlyoom.serviceConfig.ProtectSystem`.

  `services.earlyoom.extraArgs` is now shell-escaped for each element without
  word-breaking. So you want to write `extraArgs = [ "--prefer" "spaced pat" ]`
  rather than previous `extraArgs = [ "--prefer 'spaced pat'" ]`.

- `programs.less.lessopen` is now null by default. To restore the previous behaviour, set it to `''|${lib.getExe' pkgs.lesspipe "lesspipe.sh"} %s''`.

- `hardware.pulseaudio` has been renamed to `services.pulseaudio`.  The deprecated option names will continue to work, but causes a warning.

- `services.nextcloud` now uses systemd's credential mechanism to read in secret files. The `nextcloud-occ` wrapper script implements this using `systemd-run`, as such it now also requires root privileges or `$CREDENTIALS_DIRECTORY` set where running it as user `nextcloud` was enough previously.

- `services.mongodb.initialRootPassword` has been replaced with the more secure option [`services.mongodb.initialRootPasswordFile`](#opt-services.mongodb.initialRootPasswordFile)
Title: Service Configuration Updates, Removals, and Backward Incompatibilities
Summary
This chunk outlines numerous backward incompatibilities, removals, and configuration updates. Key removals include `virtualisation.hypervGuest.videoMode` and the unmaintained `services.signald`. Default changes impact `services.locate` (now `plocate`), `linuxPackages.nvidiaPackages.stable` (to `production`), and `programs.less.lessopen` (now null). `hardware.pulseaudio` was renamed to `services.pulseaudio`. Azure filesystem/grub configurations moved from `azure-common.nix` to `azure-image.nix`. Service-specific updates affect `services.paperless` (manage setup, address restriction), `asusd` v6 (auraConfig to auraConfigs, syntax), `earlyoom` (systemd hardening, extraArgs syntax), `services.nextcloud` (systemd credentials, FPM settings), and `services.mongodb` (initialRootPassword replaced by file). Other changes involve `networking.wireguard.enable` conditionally adding `wireguard-tools` and `users.users` subuid reassignments potentially requiring file ownership updates.