Home Explore Blog Models CI



nixpkgs
16th chunk of `nixos/doc/manual/release-notes/rl-2411.section.md`
a1ab639914354affdfe766caee960544f752c9b0527afca80000000100001054
  data and the filesystem for blobs.

- `services.stargazer` has been hardened to improve security, but these
  changes make break certain setups, particularly around traditional CGI.

  - `services.stargazer.allowCgiUser` has been added, enabling
    Stargazer's `cgi-user` option to work, which was previously broken.

- `services.shiori` now requires the HTTP secret value `SHIORI_HTTP_SECRET_KEY` to be provided as an environment variable. `services.shiori.environmentFile` has been introduced to handle this:

  ```
  # This is how a environment file can be generated:
  # $ printf "SHIORI_HTTP_SECRET_KEY=%s\n" "$(openssl rand -hex 16)" > /path/to/env-file
  services.shiori.environmentFile = "/path/to/env-file";
  ```

- `/share/nano` is now only linked when `programs.nano.enable` is enabled.

- PPD files for Utax printers were renamed (spaces replaced by underscores) in the newest `foomatic-db` package. Users of Utax printers might need to adapt their `hardware.printers.ensurePrinters.*.model` value to account for this.

- `sqldeveloper` was dropped due to being severely out-of-date and having a dependency on
  JavaFX for Java 8, which we do not support.

- The `kvdo` kernel module package was removed as it was upstreamed in kernel version 6.9, where it is now called `dm-vdo`.

- `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details.

- `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will
  ultimately remove it in GitLab 18.0 (as outlined in the
  [documentation](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes)).
  After upgrading to GitLab >= 17.0, it is possible to re-enable support for registration tokens in the UI until GitLab 18.0.
  Refer to the manual on [using registration tokens after GitLab 17.0](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170).
  GitLab administrators should migrate to the [new runner registration workflow](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170)
  with *runner authentication tokens* until the release of GitLab 18.0.

- `gitlab` has been updated from 16.x to 17.x and requires `postgresql` >= 14.9, as stated in the [documentation](https://docs.gitlab.com/17.1/ee/install/requirements.html#postgresql-requirements). Check the [upgrade guide](#module-services-postgres-upgrading) in the NixOS manual on how to upgrade your PostgreSQL installation.

- `gitaly` (part of `gitlab`) is now using the bundled `git` package instead of `pkgs.git`, to maintain compatibility with GitLab.

- `nixos/gitlab` no longer adds `pkgs.git` to `environment.systemPackages` by default.

- The `replay-sorcery` package and module was removed as it unmaintained upstream. Consider using `gpu-screen-recorder` or `obs-studio` instead.

- A few options of `services.samba` have been moved from `extraConfig` and `configText` to the new freeform option `settings` and renamed, e.g.:
  - `services.samba.invalidUsers` to `services.samba.settings.global."invalid users"`
  - `services.samba.securityType` to `services.samba.settings.global."security type"`
  - `services.samba.shares` to `services.samba.settings`
  - `services.samba.enableWinbindd` to `services.samba.winbindd.enable`
  - `services.samba.enableNmbd` to `services.samba.nmbd.enable`

- `zx` was updated to v8, which introduces several breaking changes.
  See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.

- `feishin` removed support for Navidrome `< v0.53.2` due to an API change. See the [v0.10.0 release notes](https://github.com/jeffvli/feishin/releases/tag/v0.10.0) for more information.

- `services.dnscrypt-wrapper` was removed, as the project has been effectively unmaintained since 2018. Moreover, the NixOS module had to rely on an abandoned version of `dnscrypt-proxy` v1 for the rotation of keys.
Title: Software Updates, Deprecations, and Configuration Adjustments
Summary
This document outlines service and package updates, deprecations, and configuration changes. Key updates include `services.stargazer` security hardening; `services.shiori` now requires `SHIORI_HTTP_SECRET_KEY` via an environment file; and `services.samba` options are refactored into a new `settings` structure. Removed packages and modules include `sqldeveloper` (out-of-date), `kvdo` (upstreamed to `dm-vdo`), `replay-sorcery` (unmaintained), and `services.dnscrypt-wrapper` (unmaintained). GitLab updates from 16.x to 17.x require PostgreSQL 14.9+ and a migration from runner registration to authentication tokens, also bundling its own `git`. Other changes involve `libe57format` and `zx` major updates with breaking API changes, `feishin` dropping older Navidrome support, conditional `/share/nano` linking, and renamed Utax printer PPD files.