- `services.restic.backups` adds wrapper scripts to your system path now. This
wrapper script sets the same environment variables as the service, so restic
operations can easily be run from the command line. This behavior can be
disabled by setting `createWrapper` to `false`, for each backup
configuration.
- `services.prometheus.exporters` has a new exporter to monitor electrical
power consumption based on PowercapRAPL sensor called
[Scaphandre](https://github.com/hubblo-org/scaphandre). Refer to [PR
#239803](https://github.com/NixOS/nixpkgs/pull/239803) for more details.
- The `services.calibre-server` module has new options to configure the `host`,
`port`, `auth.enable`, `auth.mode` and `auth.userDb` path. Refer to [PR
#216497](https://github.com/NixOS/nixpkgs/pull/216497/) for more details.
- `services.prometheus.exporters` has a new
[exporter](https://github.com/hipages/php-fpm_exporter) to monitor PHP-FPM
processes. Refer to [PR
#240394](https://github.com/NixOS/nixpkgs/pull/240394) for more details.
- `services.github-runner` and `services.github-runners.<name>` gained the
option `nodeRuntimes`. This option defaults to `[ "node20" ]`. I.e., the
service supports Node.js 20 GitHub Actions only. The list of Node.js versions
accepted by `nodeRuntimes` tracks the versions the upstream GitHub Actions
runner supports. Refer to [PR
#249103](https://github.com/NixOS/nixpkgs/pull/249103) for details.
- `programs.gnupg` has the option `agent.settings` now. This allows setting
verbatim config values in `/etc/gnupg/gpg-agent.conf`.
- `dockerTools.buildImage`, `dockerTools.buildLayeredImage` and
`dockerTools.streamLayeredImage` use `lib.makeOverridable` now . This allows
`dockerTools`-based images to be customized more efficiently at the Nix
level.
- `services.influxdb2` supports doing an automatic initial setup and
provisioning of users, organizations, buckets and authentication tokens now.
Refer to [PR #249502](https://github.com/NixOS/nixpkgs/pull/249502) for more
details.
- `wrapHelm` exposes `passthru.pluginsDir` now which can be passed to
`helmfile`. For convenience, a top-level package `helmfile-wrapped` has been
added, which inherits `passthru.pluginsDir` from `kubernetes-helm-wrapped`.
Refer to [PR #217768](https://github.com/NixOS/nixpkgs/issues/217768) for
more details.
- The `boot.initrd.network.udhcp.enable` option allows control over DHCP during
Stage 1 regardless of what `networking.useDHCP` is set to.
- `networking.nftables` has the option `networking.nftables.table.<table>` now. This creates tables
and have them be updated atomically, instead of flushing the ruleset.
- `hardware.nvidia` gained `datacenter` options for enabling NVIDIA Data Center
drivers and configuration of NVLink/NVSwitch topologies through
`nv-fabricmanager`.
- The new `boot.bcache.enable` option allows completely removing `bcache`
mount support. It is enabled by default.
- `security.sudo` provides two extra options now, while not changing the
module's default behaviour:
- `defaultOptions` controls the options used for the default rules;
- `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved
for `root` and the `wheel` group.
- `virtualisation.googleComputeImage` provides a `efi` option to support UEFI
booting now.
- CoreDNS may be built with external plugins now. This may be done by
overriding `externalPlugins` and `vendorHash` arguments like this:
```nix
{
services.coredns = {
enable = true;
package = pkgs.coredns.override {
externalPlugins = [
{name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";}
];
vendorHash = "<SRI hash>";
};
};
}
```
To get the necessary SRI hash, set `vendorHash = "";`. The build will fail
and produce the correct `vendorHash` in the error message.
If you use this feature, updates to CoreDNS may require updating `vendorHash`