- `security.sudo` provides two extra options now, while not changing the
module's default behaviour:
- `defaultOptions` controls the options used for the default rules;
- `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved
for `root` and the `wheel` group.
- `virtualisation.googleComputeImage` provides a `efi` option to support UEFI
booting now.
- CoreDNS may be built with external plugins now. This may be done by
overriding `externalPlugins` and `vendorHash` arguments like this:
```nix
{
services.coredns = {
enable = true;
package = pkgs.coredns.override {
externalPlugins = [
{name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";}
];
vendorHash = "<SRI hash>";
};
};
}
```
To get the necessary SRI hash, set `vendorHash = "";`. The build will fail
and produce the correct `vendorHash` in the error message.
If you use this feature, updates to CoreDNS may require updating `vendorHash`
by following these steps again.
- Using `fusuma` enables the following plugins now:
[appmatcher](https://github.com/iberianpig/fusuma-plugin-appmatcher),
[keypress](https://github.com/iberianpig/fusuma-plugin-keypress),
[sendkey](https://github.com/iberianpig/fusuma-plugin-sendkey),
[tap](https://github.com/iberianpig/fusuma-plugin-tap) and
[wmctrl](https://github.com/iberianpig/fusuma-plugin-wmctrl).
- The Home Assistant module offers support for installing custom components and
lovelace modules now. Available at
[`services.home-assistant.customComponents`](#opt-services.home-assistant.customComponents)
and
[`services.home-assistant.customLovelaceModules`](#opt-services.home-assistant.customLovelaceModules).
- TeX Live environments can now be built with the new `texlive.withPackages`.
The procedure for creating custom TeX packages has been changed. Refer to the
[Nixpkgs
manual](https://nixos.org/manual/nixpkgs/stable/#sec-language-texlive-custom-packages)
for more details.
- In `wxGTK32`, the webkit module `wxWebView` has been enabled on all builds.
Prior releases only enabled this on Darwin.
- Support for WiFi6 (IEEE 802.11ax) and WPA3-SAE-PK was enabled in the
`hostapd` package, along with a significant rework of the hostapd module.
- LXD supports virtual machine instances now to complement the existing
container support.
- The `nixos-rebuild` command has been given a `list-generations` subcommand.
Refer to `man nixos-rebuild` for more details.
- [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
An experimental new module `security.sudo-rs` was added.
Switching to it (via ` security.sudo-rs.enable = true;`) introduces
slight changes in sudo behaviour, due to `sudo-rs`' current limitations:
- terminfo-related environment variables aren't preserved for `root` and `wheel`;
- `root` and `wheel` are not given the ability to set (or preserve)
arbitrary environment variables.
**Note:** The `sudo-rs` module only takes configuration through `security.sudo-rs`,
and in particular does not automatically use previously-set rules; this could be
achieved with `security.sudo-rs.extraRules = security.sudo.extraRules;` for instance.
- There is a new NixOS option when writing NixOS tests
`testing.initrdBackdoor`, that enables `backdoor.service` in initrd. Requires
`boot.initrd.systemd.enable` to be enabled. Boot will pause in Stage 1 at
`initrd.target`, and will listen for commands from the `Machine` python
interface, just like Stage 2 normally does. This enables commands to be sent
to test and debug Stage 1. Use `machine.switch_root()` to leave Stage 1 and
proceed to Stage 2.
- The Linux kernel module `msr` (refer to
[`msr(4)`](https://man7.org/linux/man-pages/man4/msr.4.html)), which provides
an interface to read and write the model-specific registers (MSRs) of an x86
CPU, can now be configured via `hardware.cpu.x86.msr`.