operations can easily be run from the command line. This behavior can be
  disabled by setting `createWrapper` to `false`, for each backup
  configuration.

- `services.prometheus.exporters` has a new exporter to monitor electrical
  power consumption based on PowercapRAPL sensor called
  [Scaphandre](https://github.com/hubblo-org/scaphandre). Refer to [PR
  #239803](https://github.com/NixOS/nixpkgs/pull/239803) for more details.

- The `services.calibre-server` module has new options to configure the `host`,
  `port`, `auth.enable`, `auth.mode` and `auth.userDb` path. Refer to [PR
  #216497](https://github.com/NixOS/nixpkgs/pull/216497/) for more details.

- `services.prometheus.exporters` has a new
  [exporter](https://github.com/hipages/php-fpm_exporter) to monitor PHP-FPM
  processes. Refer to [PR
  #240394](https://github.com/NixOS/nixpkgs/pull/240394) for more details.

- `services.github-runner` and `services.github-runners.<name>` gained the
  option `nodeRuntimes`. This option defaults to `[ "node20" ]`.  I.e., the
  service supports Node.js 20 GitHub Actions only. The list of Node.js versions
  accepted by `nodeRuntimes` tracks the versions the upstream GitHub Actions
  runner supports. Refer to [PR
  #249103](https://github.com/NixOS/nixpkgs/pull/249103) for details.

- `programs.gnupg` has the option `agent.settings` now. This allows setting
  verbatim config values in `/etc/gnupg/gpg-agent.conf`.

- `dockerTools.buildImage`, `dockerTools.buildLayeredImage` and
  `dockerTools.streamLayeredImage` use `lib.makeOverridable` now . This allows
  `dockerTools`-based images to be customized more efficiently at the Nix
  level.

- `services.influxdb2` supports doing an automatic initial setup and
  provisioning of users, organizations, buckets and authentication tokens now.
  Refer to [PR #249502](https://github.com/NixOS/nixpkgs/pull/249502) for more
  details.

- `wrapHelm` exposes `passthru.pluginsDir` now which can be passed to
  `helmfile`. For convenience, a top-level package `helmfile-wrapped` has been
  added, which inherits `passthru.pluginsDir` from `kubernetes-helm-wrapped`.
  Refer to [PR #217768](https://github.com/NixOS/nixpkgs/issues/217768) for
  more details.

- The `boot.initrd.network.udhcp.enable` option allows control over DHCP during
  Stage 1 regardless of what `networking.useDHCP` is set to.

- `networking.nftables` has the option `networking.nftables.table.<table>` now. This creates tables
  and have them be updated atomically, instead of flushing the ruleset.

- `hardware.nvidia` gained `datacenter` options for enabling NVIDIA Data Center
  drivers and configuration of NVLink/NVSwitch topologies through
  `nv-fabricmanager`.

- The new `boot.bcache.enable` option allows completely removing `bcache`
  mount support. It is enabled by default.

- `security.sudo` provides two extra options now, while not changing the
  module's default behaviour:
  - `defaultOptions` controls the options used for the default rules;
  - `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved
    for `root` and the `wheel` group.

- `virtualisation.googleComputeImage` provides a `efi` option to support UEFI
  booting now.

- CoreDNS may be built with external plugins now. This may be done by
  overriding `externalPlugins` and `vendorHash` arguments like this:

  ```nix
  {
    services.coredns = {
      enable = true;
      package = pkgs.coredns.override {
        externalPlugins = [
          {
            name = "fanout";
            repo = "github.com/networkservicemesh/fanout";
            version = "v1.9.1";
          }
        ];
        vendorHash = "<SRI hash>";
      };
    };
  }
  ```

  To get the necessary SRI hash, set `vendorHash = "";`. The build will fail
  and produce the correct `vendorHash` in the error message.

  If you use this feature, updates to CoreDNS may require updating `vendorHash`
  by following these steps again.

- Using `fusuma` enables the following plugins now: