Home Explore Blog CI



nixpkgs
3rd chunk of `nixos/doc/manual/release-notes/rl-1609.section.md`
a12bc2a46a84e9b0f2f761b4b6d450698658e9d0c6f88eb60000000100000d78
- Gitlab's maintenance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.

- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).

- `fonts.fontconfig.ultimate.rendering` was removed because our presets were obsolete for some time. New presets are hardcoded into FreeType; you can select a preset via `fonts.fontconfig.ultimate.preset`. You can customize those presets via ordinary environment variables, using `environment.variables`.

- The `audit` service is no longer enabled by default. Use `security.audit.enable = true` to explicitly enable it.

- `pkgs.linuxPackages.virtualbox` now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new `pkgs.virtualbox` instead.

- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There's also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.

- `services.mongodb.extraConfig` configuration format was changed to YAML.

- PHP has been upgraded to 7.0

Other notable improvements:

- Revamped grsecurity/PaX support. There is now only a single general-purpose distribution kernel and the configuration interface has been streamlined. Desktop users should be able to set

  ```nix
  {
    security.grsecurity.enable = true;
  }
  ```

  to get a reasonably secure system without having to sacrifice too much functionality.

- Special filesystems, like `/proc`, `/run` and others, now have the same mount options as recommended by systemd and are unified across different places in NixOS. Mount options are updated during `nixos-rebuild switch` if possible. One benefit from this is improved security --- most such filesystems are now mounted with `noexec`, `nodev` and/or `nosuid` options.

- The reverse path filter was interfering with DHCPv4 server operation in the past. An exception for DHCPv4 and a new option to log packets that were dropped due to the reverse path filter was added (`networking.firewall.logReversePathDrops`) for easier debugging.

- Containers configuration within `containers.<name>.config` is [now properly typed and checked](https://github.com/NixOS/nixpkgs/pull/17365). In particular, partial configurations are merged correctly.

- The directory container setuid wrapper programs, `/var/setuid-wrappers`, [is now updated atomically to prevent failures if the switch to a new configuration is interrupted.](https://github.com/NixOS/nixpkgs/pull/18124)

- `services.xserver.startGnuPGAgent` has been removed due to GnuPG 2.1.x bump. See [ how to achieve similar behavior](https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c). You might need to `pkill gpg-agent` after the upgrade to prevent a stale agent being in the way.

- [ Declarative users could share the uid due to the bug in the script handling conflict resolution. ](https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147)

- Gummi boot has been replaced using systemd-boot.

- Hydra package and NixOS module were added for convenience.
Title: NixOS 16.09: Further Changes, Improvements, and Service Updates
Summary
This section details additional changes and improvements in NixOS 16.09. It covers the removal of the `gitlab-runner` script, changes to `services.xserver.libinput.accelProfile`, the removal of `fonts.fontconfig.ultimate.rendering`, the disabling of the `audit` service by default, the separation of kernel modules in `pkgs.linuxPackages.virtualbox`, the replacement of `goPackages`, the change to YAML format for `services.mongodb.extraConfig`, and the upgrade of PHP to 7.0. It also includes notable improvements such as revamped grsecurity/PaX support, unified mount options for special filesystems, enhancements to the reverse path filter, typed and checked container configurations, atomic updates to setuid wrapper programs, the removal of `services.xserver.startGnuPGAgent`, a fix for shared UIDs in declarative users, the replacement of Gummi boot with systemd-boot, and the addition of Hydra package and NixOS module.