Home Explore Blog Models CI



nixpkgs
12th chunk of `nixos/doc/manual/release-notes/rl-2505.section.md`
7f418bab27c586f0130267c6dbb59979f8f9c8152f9e6af8000000010000101e
  - Mattermost now supports peer authentication on both MySQL and Postgres database backends. Updating [](#opt-system.stateVersion) to 25.05 or later will result in peer authentication being used by default if the Mattermost server would otherwise be connecting to localhost. This is the recommended configuration.
  - Note that the Mattermost module will create an account _without_ a well-known UID if the username differs from the default (`mattermost`). If you used Mattermost with a nonstandard username, you may want to review the module changes before upgrading.

- DokuWiki with the Caddy webserver (`services.dokuwiki.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.
  If you set custom Caddy options for a DokuWiki site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.

- Wordpress with the Caddy webserver (`services.wordpress.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
  Given a site example.com, http://example.com now 301 redirects to https://example.com.
  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.

- The behavior of `services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers` was changed to not include `CCMP-256` anymore.
  Since all configured pairwise ciphers have to be supported by the radio, this caused startup failures on many devices which is hard to debug in hostapd.

- The `hardware.gkraken` module has been removed. The recommended alternative is [`programs.coolercontrol`](#opt-programs.coolercontrol.enable).

- To avoid delaying user logins unnecessarily the `multi-user.target` is no longer ordered after `network-online.target`.
  System services requiring a connection to start correctly must explicitly state so, i.e.
  ```nix
  {
    systemd.services."<name>" = {
      wants = [ "network-online.target" ];
      after = [ "network-online.target" ];
    };
  }
  ```
  This changed follows a deprecation period of one year started in NixOS 24.05 (see [PR #283818](https://github.com/NixOS/nixpkgs/pull/283818)).

- The values of `services.borgbackup.jobs.*.extraArgs` and other `extra*Args` options are now represented as Bash arrays. If these arguments were modified using `services.borgbackup.jobs.*.preHook`, they will need to be adjusted to append to these arrays, i.e.
  ```diff
  -extraCreateArgs="$extraCreateArgs --exclude /some/path"
  +extraCreateArgs+=("--exclude" "/some/path")
  ```

- `programs.xonsh.package` now gets overridden internally with `extraPackages` to support `programs.xonsh.extraPackages`. See `programs.xonsh.extraPackages` for more details.

- `services.nitter.guestAccounts` has been renamed to `services.nitter.sessionsFile`, for consistency with upstream. The file format is unchanged.

- `virtualisation.azure.agent` option provided by `azure-agent.nix` is replaced by `services.waagent`, and will be removed in a future release.

- The ZFS import service now respects `fileSystems.*.options = [ "noauto" ];` and does not add that pool's import service to `zfs-import.target`, meaning it will not be automatically imported at boot.

- Default file names of images generated by several builders in `system.build` have been changed as outlined in the table below.

  Names are now known at evaluation time and customizable via the new options `image.baseName`, `image.extension`, `image.fileName` and `image.filePath` with the latter returning a path relative to the derivations out path (e.g. `iso/${image.fileName` for iso images).

  | `system.build` Option    | Old Filename                                               | New Filename                                                    |
  | ------------------------ | ---------------------------------------------------------- | ----------------------------------------------------------------|
Title: Service Configuration Updates, Renames, and Default Behavior Changes
Summary
This document outlines several system-wide updates and configuration changes. Mattermost now defaults to peer authentication and requires review for non-standard usernames. DokuWiki and WordPress's Caddy webserver integration now defaults to HTTPS. `services.hostapd` removes `CCMP-256` from recommended ciphers to prevent startup issues. The `hardware.gkraken` module is removed, replaced by `programs.coolercontrol`. The `multi-user.target` no longer waits for `network-online.target`, requiring services needing network connectivity to explicitly state this. `services.borgbackup.jobs.*.extraArgs` now use Bash arrays, necessitating syntax changes for modifications. `services.nitter.guestAccounts` is renamed to `sessionsFile`, and `virtualisation.azure.agent` is replaced by `services.waagent`. ZFS import services now respect the `noauto` option, preventing automatic import at boot. Default filenames for images generated by `system.build` have changed and are now customizable.