- `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.settings.overwriteprotocol),
  - `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.settings.skeletondirectory),
  - `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.settings._profile.enabled_),
  - `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and
  - `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies).

- `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block.
  Example:

  ```nix
  {
    locations."/".extraConfig = ''
      add_header Alt-Svc 'h3=":$server_port"; ma=86400';
    '';
    locations."^~ /assets/".extraConfig = ''
      add_header Alt-Svc 'h3=":$server_port"; ma=86400';
    '';
  }
  ```

- `services.pgbouncer` now has systemd support enabled and will log to journald. The default setting for `services.pgbouncer.logFile` is now `null` to disable logging to a separate log file.

- `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it is
  not declarative and is broken with newer postgresql versions. Consider using
  [](#opt-services.postgresql.ensureUsers._.ensureDBOwnership)
  instead or a tool that is more suited for managing the data inside a postgresql database.

- `services.redis.vmOverCommit` now defaults to `true` and no longer enforces Transparent Hugepages (THP) to be disabled. Redis only works with THP configured to `madvise` which is the kernel's default.

- `services.resolved.fallbackDns`
  - can now be used to disable the upstream fallback servers entirely by setting it to `[]`
  - to get previous behaviour of upstream defaults, set it to `null`
  - default value has changed from `[]` to `null`, in order to preserve default behaviour

- `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed.

- `services.vikunja.setupNginx` setting has been removed. Users now need to set up the webserver configuration on their own with a proxy pass to the vikunja service.

- `services.vmagent` module deprecates `dataDir`, `group` and `user` settings in favor of the systemd-provided CacheDirectory and DynamicUser.

- `services.vmagent.remoteWriteUrl` setting has been renamed to `services.vmagent.remoteWrite.url` and now defaults to `null`.

- `services.zope2` has been removed, as `zope2` is unmaintained and was relying on Python 2.

- `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets.

- `stalwart-mail` has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md).

- `system.etc.overlay.enable` option was added. If enabled, `/etc` is
  mounted via an overlayfs instead of being created by a custom perl script.

- `system.forbiddenDependenciesRegex` has been renamed to `system.forbiddenDependenciesRegexes` and now has the type of `listOf string` instead of `string` to accept multiple regexes.

- `systemd.oomd` module behavior has changed:

  - Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
    Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6).

  - Remove swap policy. This helps prevent killing processes when user's swap is small.

  - Expand the memory pressure policy to `system.slice`, `user-.slice`, and all user-owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb).

  - Rename `systemd.oomd.enableUserServices` to `systemd.oomd.enableUserSlices`.

- `systemd.sysusers.enable` option was added. If enabled, users and