Home Explore Blog Models CI



nixpkgs
17th chunk of `nixos/doc/manual/release-notes/rl-2505.section.md`
817d9e2059761632f8e2f28cd04954e357126283fa1996690000000100000cd5
- `networking.wireguard` now has an optional networkd backend. It is enabled by default when `networking.useNetworkd` is enabled, and it can be enabled alongside scripted networking with `networking.wireguard.useNetworkd`. Some `networking.wireguard` options have slightly different behavior with the networkd and script-based backends, documented in each option.

- `services.rss-bridge` now has a `package` option as well as support for `caddy` as reverse proxy.

- `services.avahi.ipv6` now defaults to true.

- In the `services.xserver.displayManager.startx` module, two new options [generateScript](#opt-services.xserver.displayManager.startx.generateScript) and [extraCommands](#opt-services.xserver.displayManager.startx.extraCommands) have been added to to declaratively configure the .xinitrc script.

- All services that require a root certificate bundle now use the value of a new read-only option, `security.pki.caBundle`.

- [`services.hddfancontrol`](#opt-services.hddfancontrol.enable) has been modified to use an attribute set for settings, enabling configurations with multiple instances of the daemon running at once (e.g., for two separate drive bays).

- `services.cloudflared` now uses a dynamic user, and its `user` and `group` options have been removed. If the user or group is still necessary, they can be created manually.

- The Home Assistant module has new options {option}`services.home-assistant.blueprints.automation`, `services.home-assistant.blueprints.script`, and {option}`services.home-assistant.blueprints.template` that allow for the declarative installation of [blueprints](https://www.home-assistant.io/docs/blueprint/) into the appropriate configuration directories.

- `services.dovecot2.modules` have been removed, now need to use `environment.systemPackages` to load additional Dovecot modules.

- `services.kmonad` now creates a determinate symlink (in `/dev/input/by-id/`) to each of KMonad virtual devices.

- `services.searx` now supports configuration of the favicons cache and other options available in SearXNG's `favicons.toml` file

- `services.gitea` now supports CAPTCHA usage through the `services.gitea.captcha` variable.

- `services.soft-serve` now restarts upon config change.

- `services.keycloak` now provides a `realmFiles` option that allows to import realms during startup. See https://www.keycloak.org/server/importExport

- `bind.cacheNetworks` now only controls access for recursive queries, where it previously controlled access for all queries.

- The [Starship](https://starship.rs) module now automatically loads the starship prompt when using [`xonsh`](https://xon.sh).

- [`services.mongodb.enableAuth`](#opt-services.mongodb.enableAuth) now uses the newer [mongosh](https://github.com/mongodb-js/mongosh) shell instead of the legacy shell to configure the initial superuser. You can configure the mongosh package to use through the [`services.mongodb.mongoshPackage`](#opt-services.mongodb.mongoshPackage) option.

- There is a new set of NixOS test tools for testing virtual Wi-Fi networks in many different topologies. See the {option}`services.vwifi` module, {option}`services.kismet` NixOS test, and [manual](https://nixos.org/manual/nixpkgs/unstable/#sec-nixos-test-wifi) for documentation and examples.
Title: NixOS Service Enhancements, Configuration Updates, and New Testing Tools
Summary
This NixOS update brings many updates and configuration changes. Networking improvements include an optional `networkd` backend for `networking.wireguard`, `services.avahi.ipv6` defaulting to true, and `bind.cacheNetworks` access refined. Services updated: `services.rss-bridge` (pkg/Caddy support), `services.xserver.displayManager.startx` (xinitrc scripting), `services.hddfancontrol` (multi-instance). `services.cloudflared` uses a dynamic user; `services.home-assistant` adds declarative blueprint install; `services.dovecot2` module loading altered. Further updates: `services.kmonad` symlinks generated; `services.searx` favicons cache support; `services.gitea` CAPTCHA added; `services.soft-serve` restarts on config; `services.keycloak` gains `realmFiles`; `services.mongodb.enableAuth` employs `mongosh`. System-wide, `security.pki.caBundle` unifies root certs, and `Starship` auto-loads with `xonsh`. New virtual Wi-Fi network test tools also introduced.