Home Explore Blog Models CI



nixpkgs
5th chunk of `nixos/doc/manual/release-notes/rl-2111.section.md`
8774c5c4581690919756b643f68263b0a2fffbbcb3d2d83a0000000100001004
- [twingate](https://docs.twingate.com/docs/linux), a high performance, easy to use zero trust solution that enables access to private resources from any device with better security than a VPN.

## Backward Incompatibilities {#sec-release-21.11-incompatibilities}

- The NixOS VM test framework, `pkgs.nixosTest`/`make-test-python.nix` (`pkgs.testers.nixosTest` since 22.05), now requires detaching commands such as `succeed("foo &")` and `succeed("foo | xclip -i")` to close stdout.
  This can be done with a redirect such as `succeed("foo >&2 &")`. This breaking change was necessitated by a race condition causing tests to fail or hang.
  It applies to all methods that invoke commands on the nodes, including `execute`, `succeed`, `fail`, `wait_until_succeeds`, `wait_until_fails`.

- The `services.wakeonlan` option was removed, and replaced with `networking.interfaces.<name>.wakeOnLan`.

- The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set.
  This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe.

- Since `iptables` now uses `nf_tables` backend and `ipset` doesn't support it, some applications (ferm, shorewall, firehol) may have limited functionality.

- The `paperless` module and package have been removed. All users should migrate to the
  successor `paperless-ng` instead. The Paperless project [has been
  archived](https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4)
  and advises all users to use `paperless-ng` instead.

  Users can use the `services.paperless-ng` module as a replacement while noting the following incompatibilities:

  - `services.paperless.ocrLanguages` has no replacement. Users should migrate to [`services.paperless-ng.extraConfig`](options.html#opt-services.paperless-ng.extraConfig) instead:

  ```nix
  {
    services.paperless-ng.extraConfig = {
      # Provide languages as ISO 639-2 codes
      # separated by a plus (+) sign.
      # https://en.wikipedia.org/wiki/List_of_ISO_639-2_codes
      PAPERLESS_OCR_LANGUAGE = "deu+eng+jpn"; # German & English & Japanse
    };
  }
  ```

  - If you previously specified `PAPERLESS_CONSUME_MAIL_*` settings in
    `services.paperless.extraConfig` you should remove those options now. You
    now _must_ define those settings in the admin interface of paperless-ng.

  - Option `services.paperless.manage` no longer exists.
    Use the script at `${services.paperless-ng.dataDir}/paperless-ng-manage` instead.
    Note that this script only exists after the `paperless-ng` service has been
    started at least once.

  - After switching to the new system configuration you should run the Django
    management command to reindex your documents and optionally create a user,
    if you don't have one already.

    To do so, enter the data directory (the value of
    `services.paperless-ng.dataDir`, `/var/lib/paperless` by default), switch
    to the paperless user and execute the management command like below:

    ```
    $ cd /var/lib/paperless
    $ su paperless -s /bin/sh
    $ ./paperless-ng-manage document_index reindex
    # if not already done create a user account, paperless-ng requires a login
    $ ./paperless-ng-manage createsuperuser
    Username (leave blank to use 'paperless'): my-user-name
    Email address: me@example.com
    Password: **********
    Password (again): **********
    Superuser created successfully.
    ```

- The `staticjinja` package has been upgraded from 1.0.4 to 4.1.1

- Firefox v91 does not support addons with invalid signature anymore. Firefox ESR needs to be used for nix addon support.

- The `erigon` ethereum node has moved to a new database format in `2021-05-04`, and requires a full resync

- The `erigon` ethereum node has moved its database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
Title: New Twingate Service and Critical System Incompatibilities (Release 21.11)
Summary
This document introduces Twingate, a high-performance zero-trust solution, and outlines several backward incompatibilities. Key changes include modifications to the NixOS VM test framework requiring explicit stdout closure for detached commands, the removal of `services.wakeonlan` in favor of `networking.interfaces.<name>.wakeOnLan`, and new mandatory owner/group/setuid/setgid specifications for `security.wrappers`. The `paperless` module and package have been removed, requiring migration to `paperless-ng` with specific configuration and management command adjustments. Additionally, `iptables` now uses `nf_tables` potentially limiting `ipset`-dependent applications, `staticjinja` has been upgraded, Firefox v91 no longer supports unsigned addons (requiring ESR for Nix addon support), and the `erigon` ethereum node requires a full resync due to database format changes and manual chaindata relocation.