Home Explore Blog Models CI



nixpkgs
23th chunk of `nixos/doc/manual/release-notes/rl-2311.section.md`
6927fbecc8c8c3c36cfc5cf70f7cdff0f61ba2ed2c8251460000000100000fbd
  and in particular does not automatically use previously-set rules; this could be
  achieved with `security.sudo-rs.extraRules = security.sudo.extraRules;` for instance.


- There is a new NixOS option when writing NixOS tests
  `testing.initrdBackdoor`, that enables `backdoor.service` in initrd. Requires
  `boot.initrd.systemd.enable` to be enabled. Boot will pause in Stage 1 at
  `initrd.target`, and will listen for commands from the `Machine` python
  interface, just like Stage 2 normally does. This enables commands to be sent
  to test and debug Stage 1. Use `machine.switch_root()` to leave Stage 1 and
  proceed to Stage 2.

- The Linux kernel module `msr` (refer to
  [`msr(4)`](https://man7.org/linux/man-pages/man4/msr.4.html)), which provides
  an interface to read and write the model-specific registers (MSRs) of an x86
  CPU, can now be configured via `hardware.cpu.x86.msr`.

- The `qemu-vm.nix` module now supports disabling overriding `fileSystems` with
  `virtualisation.fileSystems`. This enables the user to boot VMs from
  "external" disk images not created by the qemu-vm module. You can stop the
  qemu-vm module from overriding `fileSystems` by setting
  `virtualisation.fileSystems = lib.mkForce { };`.

- When using [split parity files](https://www.snapraid.it/manual#7.1) in `snapraid`,
  the snapraid-sync systemd service will no longer fail to run.

- `wpa_supplicant`'s configuration file cannot be read by non-root users, and
  secrets (such as Pre-Shared Keys) can safely be passed via
  `networking.wireless.environmentFile`.

  The configuration file could previously be read, when `userControlled.enable` (non-default),
  by users who are in both `wheel` and `userControlled.group` (defaults to `wheel`)


## Nixpkgs Library {#sec-release-23.11-nixpkgs-lib}

### Breaking Changes {#sec-release-23.11-lib-breaking}

- [`lib.lists.foldl'`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.foldl-prime)
  now always evaluates the initial accumulator argument first. If you depend on
  the lazier behavior, consider using
  [`lib.lists.foldl`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.lists.foldl)
  or
  [`builtins.foldl'`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-foldl')
  instead.
- [`lib.attrsets.foldlAttrs`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.attrsets.foldlAttrs)
  now always evaluates the initial accumulator argument first.
- Now that the internal NixOS transition to Markdown documentation is complete,
  `lib.options.literalDocBook` has been removed after deprecation in 22.11.
- `lib.types.string` is now fully deprecated and gives a warning when used.

### Additions and Improvements {#sec-release-23.11-lib-additions-improvements}

- [`lib.fileset`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-fileset):
  A new sub-library to select local files to use for sources, designed to be
  easy and safe to use.

  This aims to be a replacement for `lib.sources`-based filtering. To learn
  more about it, see [the blog
  post](https://www.tweag.io/blog/2023-11-28-file-sets/) or [the
  tutorial](https://nix.dev/tutorials/file-sets).

- [`lib.gvariant`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-gvariant):
  A partial and basic implementation of GVariant formatted strings. See
  [GVariant Format
  Strings](https://docs.gtk.org/glib/gvariant-format-strings.html) for details.

  :::{.warning}
  This API is not considered fully stable and it might therefore
  change in backwards incompatible ways without prior notice.
  :::

- [`lib.asserts`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-asserts):
  New function:
  [`assertEachOneOf`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.asserts.assertEachOneOf).
- [`lib.attrsets`](https://nixos.org/manual/nixpkgs/stable#sec-functions-library-attrsets):
  New function:
  [`attrsToList`](https://nixos.org/manual/nixpkgs/stable#function-library-lib.attrsets.attrsToList).
Title: NixOS Module Enhancements and Nixpkgs Library Updates
Summary
This chunk details various system enhancements and Nixpkgs library updates. Key module changes include: `sudo-rs` configuration for `extraRules`, the new `testing.initrdBackdoor` option for debugging NixOS Stage 1, `msr` kernel module configuration via `hardware.cpu.x86.msr`, `qemu-vm.nix` module's ability to disable `fileSystems` overrides, a fix for `snapraid-sync` with split parity files, and improved security for `wpa_supplicant` configuration. The Nixpkgs library introduces breaking changes such as eager evaluation for `lib.lists.foldl'` and `lib.attrsets.foldlAttrs`, removal of `lib.options.literalDocBook`, and deprecation of `lib.types.string`. New library additions include `lib.fileset` for local file selection, `lib.gvariant` for GVariant strings (experimental), `lib.asserts.assertEachOneOf`, and `lib.attrsets.attrsToList`.