Home Explore Blog CI



nixpkgs
3rd chunk of `nixos/doc/manual/release-notes/rl-1703.section.md`
bf0ec08e58257affa380724872fffe733a9a7d2911e959820000000100000b66
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid's documentation.

- `Ntpd` was replaced by `systemd-timesyncd` as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting `services.ntp.enable` to `true`. Upstream time servers for all NTP implementations are now configured using `networking.timeServers`.

- `service.nylon` is now declared using named instances. As an example:

  ```nix
  {
    services.nylon = {
      enable = true;
      acceptInterface = "br0";
      bindInterface = "tun1";
      port = 5912;
    };
  }
  ```

  should be replaced with:

  ```nix
  {
    services.nylon.myvpn = {
      enable = true;
      acceptInterface = "br0";
      bindInterface = "tun1";
      port = 5912;
    };
  }
  ```

  this enables you to declare a SOCKS proxy for each uplink.

- `overridePackages` function no longer exists. It is replaced by [ overlays](https://nixos.org/nixpkgs/manual/#sec-overlays-install). For example, the following code:

  ```nix
  let
    pkgs = import <nixpkgs> {};
  in
    pkgs.overridePackages (self: super: { /* ... */ })
  ```

  should be replaced by:

  ```nix
  let
    pkgs = import <nixpkgs> {};
  in
    import pkgs.path { overlays = [(self: super: { /* ... */ })]; }
  ```

- Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs.

- `local_recipient_maps` is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.

- Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags `-4` and `-6` have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the `-I` flag, but by encoding the interface into the address (`ping fe80::1%eth0`).

- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.

- The `fetch*` functions no longer support md5, please use sha256 instead.
Title: NixOS 17.03: Backward Incompatibilities (Continued)
Summary
This section details further backward incompatibilities in NixOS 17.03. It covers changes to Parsoid configuration, the replacement of Ntpd with systemd-timesyncd, the new named instance declaration for service.nylon, the removal of overridePackages and its replacement with overlays, disabling autoloading of connection tracking helpers, changes to Postfix's local_recipient_maps, the removal of ping6 and traceroute6 from iputils, the socket handling changes in the services.rmilter module, and the deprecation of md5 in fetch* functions in favor of sha256.