Home Explore Blog Models CI



nixpkgs
22th chunk of `nixos/doc/manual/release-notes/rl-2411.section.md`
729a671a9887857c572b483d9b82a991aeee7bfe53b2f398000000010000109c
- Tailscale's `authKeyFile` can now have its corresponding parameters set through `config.services.tailscale.authKeyParameters`, allowing for non-ephemeral unsupervised deployment and more.
  See [Registering new nodes using OAuth credentials](https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials) for the supported options.

- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.

- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.

- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations.

- [`services.jupyter`](#opt-services.jupyter.enable) is now compatible with `Jupyter Notebook 7`. See [the migration guide](https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html) for details.

- The kubelet configuration file can now be amended with arbitrary additional content using the `services.kubernetes.kubelet.extraConfig` option.

- The `services.seafile` module was updated to major version 11.
  - As part of this upgrade, the database backend will be migrated to MySQL.
    This process should be automatic, but in case of a botched migration,
    old sqlite files are not removed and can be used to manually migrate the database.
  - Additionally, the updated CSRF protection may prevent some users from logging in.
    Specific origin addresses can be whitelisted using the `services.seafile.seahubExtraConf` option
    (e.g. `services.seafile.seahubExtraConf = ''CSRF_TRUSTED_ORIGINS = ["https://example.com"]'';`).
    Note that first solution of the [official FAQ answer](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=BQhH-2HSQs68Nq2EW91DBA)
    is not allowed by the `services.nginx` module's config-checker.

- The new option `boot.binfmt.addEmulatedSystemsToNixSandbox` allows you to skip adding the emulated systems to `nix.settings.extra-platforms`. Now you can emulate foreign binaries locally while only building them on native remote builders.

- The latest available version of Nextcloud is v30 (available as `pkgs.nextcloud30`). The installation logic is as follows:
  - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
  - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.
  - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.11, `pkgs.nextcloud30` will be installed by default.
  - Please note that an upgrade from v28 (or older) to v30 directly is not possible. Please upgrade to `nextcloud29` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud29;`](options.html#opt-services.nextcloud.package).

- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
  The derivation now installs "impl" headers selectively instead of by a wildcard.
  Use `imgui.src` if you just want to access the unpacked sources.

- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.

- The `boot.loader.raspberryPi` options were marked as deprecated in 23.11 and have now been removed.

- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.

- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
  unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.

- The `i18n.inputMethod` module introduces two new properties:
  `enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.
Title: NixOS Updates: Service Enhancements, System Changes, and Package Versioning
Summary
This document outlines various updates across NixOS services and system configurations. Key changes include enhanced Tailscale authentication parameters, default IPv6 for VLAN 1 in `nixosTests`, new provisioning for Kanidm, and compatibility with Jupyter Notebook 7. Kubernetes' kubelet configuration can now be extended, and the Seafile module has been upgraded to v11, migrating to MySQL and updating CSRF protection. A new option `boot.binfmt.addEmulatedSystemsToNixSandbox` allows skipping emulated systems in the Nix sandbox. Nextcloud's default package now aligns with `system.stateVersion`, supporting v29 or v30, with a note on upgrade paths. Other updates cover `imgui` package build changes, easier Windows dual-boot setup with `systemd-boot`, removal of deprecated Raspberry Pi boot options and Linux 4.19, default restriction of unprivileged `dmesg` access, and new properties for `i18n.inputMethod` replacing the deprecated `enabled` option.