Home Explore Blog Models CI



nixpkgs
2nd chunk of `nixos/doc/manual/release-notes/rl-2111.section.md`
654b1584318a570b4fd01b373f3911f0971a50efa8d523c20000000100000fe9
- `kubernetes-helm` now defaults to 3.7.0, which introduced some breaking changes to the experimental OCI manifest format. See [HIP 6](https://github.com/helm/community/blob/main/hips/hip-0006.md) for more details.
  `helmfile` also defaults to 0.141.0, which is the minimum compatible version.

- GNOME has been upgraded to 41. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/41.0/) for details.

- LXD support was greatly improved:
  - building LXD images from configurations is now directly possible with just nixpkgs
  - hydra is now building nixOS LXD images that can be used standalone with full nixos-rebuild support

- OpenSSH was updated to version 8.8p1
  - This breaks connections to old SSH daemons as ssh-rsa host keys and ssh-rsa public keys that were signed with SHA-1 are disabled by default now
  - These can be re-enabled, see the [OpenSSH changelog](https://www.openssh.com/txt/release-8.8) for details

- ORY Kratos was updated to version 0.8.0-alpha.3
  - This release requires you to run SQL migrations. Please, as always, create a backup of your database first!
  - The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.
  - The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead.
  - for more details, see [Release Notes](https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1).

## New Services {#sec-release-21.11-new-services}

- [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances).

- [clipcat](https://github.com/xrelkd/clipcat/), an X11 clipboard manager written in Rust. Available at [services.clipcat](options.html#opt-services.clipcat.enable).

- [dex](https://github.com/dexidp/dex), an OpenID Connect (OIDC) identity and OAuth 2.0 provider. Available at [services.dex](options.html#opt-services.dex.enable).

- [geoipupdate](https://github.com/maxmind/geoipupdate), a GeoIP database updater from MaxMind. Available as [services.geoipupdate](options.html#opt-services.geoipupdate.enable).

- [Jibri](https://github.com/jitsi/jibri), a service for recording or streaming a Jitsi Meet conference. Available as [services.jibri](options.html#opt-services.jibri.enable).

- [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea.dhcp4).

- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast.enable).

- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).

- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).

- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

- Users of flashrom should migrate to [programs.flashrom.enable](options.html#opt-programs.flashrom.enable) and add themselves to the `flashrom` group to be able to access programmers supported by flashrom.

- [vikunja](https://vikunja.io), a to-do list app. Available as [services.vikunja](#opt-services.vikunja.enable).

- [opensnitch](https://github.com/evilsocket/opensnitch), an application firewall. Available as [services.opensnitch](#opt-services.opensnitch.enable).

- [snapraid](https://www.snapraid.it/), a backup program for disk arrays.
Title: Release 21.11: Key Updates and New Services
Summary
This chunk details further updates in Release 21.11, including `kubernetes-helm` defaulting to v3.7.0 (with breaking OCI manifest changes) and `helmfile` to v0.141.0. GNOME has been upgraded to version 41, and LXD support has been significantly improved, enabling direct image building from nixpkgs. OpenSSH is updated to 8.8p1, which disables SHA-1 host keys by default and may break connections to older SSH daemons. ORY Kratos also received an update to v0.8.0-alpha.3, requiring SQL migrations and SDK updates. The release also introduces several new services, such as `btrbk` (btrfs backup), `clipcat` (X11 clipboard manager), `dex` (OpenID Connect provider), `Jibri` (Jitsi Meet recorder), `Kea` (DHCP/DDNS server), `owncast` (live streaming), `PeerTube` (decentralized video), `sourcehut` (dev tools), `vikunja` (to-do app), and `opensnitch` (application firewall), among others. Users of `flashrom` are advised to migrate to the new program option.