instead of a dynamically created one via `DynamicUser`.
The use of SUID wrappers is incompatible with SystemD's `DynamicUser` setting,
and GNS3 requires calling ubridge through its SUID wrapper to function properly.
This change requires to manually move the following directories:
* from `/var/lib/private/gns3` to `/var/lib/gns3`
* from `/var/log/private/gns3` to `/var/log/gns3`
and to change the ownership of these directories and their contents to `gns3` (including `/etc/gns3`).
- Legacy package `stalwart-mail_0_6` was dropped, please note the
[manual upgrade process](https://github.com/stalwartlabs/mail-server/blob/main/UPGRADING.md)
before changing the package to `pkgs.stalwart-mail` in
[`services.stalwart-mail.package`](#opt-services.stalwart-mail.package).
- `nomad_1_5` and `nomad_1_6` were dropped, as [they have reached end-of-life upstream](https://support.hashicorp.com/hc/en-us/articles/360021185113-Support-Period-and-End-of-Life-EOL-Policy). Evaluating them will throw an error.
- The default `nomad` package has been updated to 1.8.x. For more information, see [breaking changes for Nomad 1.8](https://developer.hashicorp.com/nomad/docs/upgrade/upgrade-specific#nomad-1-8-0)
- `androidndkPkgs` has been updated to `androidndkPkgs_26`.
- Android NDK version 26 and SDK version 33 are now the default versions used for cross compilation to android.
- `ankisyncd` package and its `services.ankisyncd` have been removed. Use [`services.anki-sync-server`](#opt-services.anki-sync-server.enable) instead.
- `nodePackages.vscode-css-languageserver-bin`, `nodePackages.vscode-html-languageserver-bin`,
and `nodePackages.vscode-json-languageserver-bin` were dropped due to an unmaintained upstream.
The `vscode-langservers-extracted` package is a maintained drop-in replacement.
- `nodePackages.prisma` has been replaced by `prisma`.
- `fetchNextcloudApp` has been rewritten to use `fetchurl` rather than
`fetchzip`. This invalidates all existing hashes, but you can restore the old
behavior by passing it `unpack = true`.
- `haskell.lib.compose.justStaticExecutables` now disallows references to GHC in its
output by default to alert users to closure size issues caused by
[#164630](https://github.com/NixOS/nixpkgs/issues/164630). See ["Packaging
Helpers" in the Haskell section of the Nixpkgs
manual](https://nixos.org/manual/nixpkgs/unstable/#haskell-packaging-helpers)
for information on working around `output '...' is not allowed to refer to
the following paths` errors caused by this change.
- `services.stalwart-mail` now runs under the `stalwart-mail` system user
instead of a dynamic one via `DynamicUser` in order to avoid automatic
ownership changes on its large file store on service restart.
This change requires to manually move the state directory from
`/var/lib/private/stalwart-mail` to `/var/lib/stalwart-mail`, and to
change the ownership of the directory and its content to `stalwart-mail`.
- `services.stalwart-mail` now uses RocksDB as the default storage backend
for `stateVersion` ≥ 24.11. It was previously using SQLite for structured
data and the filesystem for blobs.
- `services.stargazer` has been hardened to improve security, but these
changes make break certain setups, particularly around traditional CGI.
- `services.stargazer.allowCgiUser` has been added, enabling
Stargazer's `cgi-user` option to work, which was previously broken.
- `services.shiori` now requires the HTTP secret value `SHIORI_HTTP_SECRET_KEY` to be provided as an environment variable. `services.shiori.environmentFile` has been introduced to handle this:
```
# This is how a environment file can be generated:
# $ printf "SHIORI_HTTP_SECRET_KEY=%s\n" "$(openssl rand -hex 16)" > /path/to/env-file
services.shiori.environmentFile = "/path/to/env-file";
```
- `/share/nano` is now only linked when `programs.nano.enable` is enabled.
- PPD files for Utax printers were renamed (spaces replaced by underscores) in the newest `foomatic-db` package. Users of Utax printers might need to adapt their `hardware.printers.ensurePrinters.*.model` value to account for this.