Home Explore Blog Models CI



nixpkgs
17th chunk of `nixos/doc/manual/release-notes/rl-2305.section.md`
7d10e1b0ac821c30f5e63030a3815118b1baac4b288a2e970000000100000fb4
    - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md).
    - `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.

- The nginx module also received an update to `services.nginx.recommendedGzipSettings`:
  - Enables gzip compression for only certain proxied requests.
  - Allow checking and loading of precompressed files.
  - Updated gzip mime-types.
  - Increased the minimum length of a response that will be gzipped.

- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and configure [services.garage.package](options.html#opt-services.garage.package).

- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.

- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.

- The `firewall` and `nat` modules can now optionally rely on an nftables based implementation. Enable `networking.nftables` to use it.

- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).

- `services.xserver.desktopManager.plasma5.phononBackend` now defaults to vlc according to [upstrean recommendation](https://community.kde.org/Distributions/Packaging_Recommendations#Non-Plasma_packages)

- The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed.

- As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130)
  to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition),
  there are now two packages of Singularity/Apptainer:
  * `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming.
  * `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc..

  `singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use.

- The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`.

- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.

- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.

- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.

- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision

- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.

- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.
Title: NixOS Module & Service Updates: Network, Security, and Configuration Refinements
Summary
NixOS updates bring Nginx improvements with new Brotli, Proxy, and Gzip settings. Garage versioning now follows `system.stateVersion`, requiring explicit upgrades. Nebula introduces traffic relaying options. Resilio Sync supports secrets files for security. Firewall/NAT modules can now optionally use nftables via `networking.nftables`. `services.fwupd` allows structured daemon settings. Plasma5's `phononBackend` defaults to VLC, and `zramSwap` uses `zram-generator` (removing `zramSwap.numDevices`). Singularity is renamed to Apptainer, offering distinct packages and new options like `enableFakeroot` and updated `buildImage` arguments. `services.tailscale.useRoutingFeatures` manages exit nodes and subnet routers, removing RPF warnings. OpenJDK 11+ drops default JavaFX support (re-enable possible). Xastir gains `libax25` support. `nixos-version` adds `--configuration-revision`. `services.nomad.extraSettingsPlugins` was fixed, and `services.prometheus.exporters.pihole.interval` removed.