Home Explore Blog CI



nixpkgs
17th chunk of `nixos/doc/manual/release-notes/rl-2305.section.md`
e648d50cb6fe1a9fd150e4b572841c12e119d9ca0264740c0000000100000fb4
    - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md).
    - `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.

- The nginx module also received an update to `services.nginx.recommendedGzipSettings`:
  - Enables gzip compression for only certain proxied requests.
  - Allow checking and loading of precompressed files.
  - Updated gzip mime-types.
  - Increased the minimum length of a response that will be gzipped.

- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and configure [services.garage.package](options.html#opt-services.garage.package).

- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.

- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.

- The `firewall` and `nat` modules can now optionally rely on an nftables based implementation. Enable `networking.nftables` to use it.

- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).

- `services.xserver.desktopManager.plasma5.phononBackend` now defaults to vlc according to [upstrean recommendation](https://community.kde.org/Distributions/Packaging_Recommendations#Non-Plasma_packages)

- The `zramSwap` is now implemented with `zram-generator`, and the option `zramSwap.numDevices` for using ZRAM devices as general purpose ephemeral block devices has been removed.

- As Singularity has renamed to [Apptainer](https://apptainer.org/news/community-announcement-20211130)
  to distinguish from [an un-renamed fork by Sylabs Inc.](https://sylabs.io/2021/05/singularity-community-edition),
  there are now two packages of Singularity/Apptainer:
  * `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming.
  * `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc..

  `singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use.

- The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`.

- The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.

- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.

- [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.

- `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision

- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.

- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.
Title: NixOS 23.05: Updates for Nginx, Garage, Nebula, Firewall, FWUPD, Plasma5, ZRAM, Singularity/Apptainer, Tailscale, OpenJDK, Xastir, and More
Summary
Nginx has updates for Brotli and Gzip settings, as well as proxy settings. Garage version is tied to `system.stateVersion`. Nebula adds relay configuration options. Resilio sync secret keys can be provided via a secrets file. The firewall module can use an nftables implementation. FWUPD allows structured daemon settings. Plasma5's phonon backend defaults to VLC. ZRAM swap is now implemented with `zram-generator`. Singularity is now Apptainer, with two available packages. `singularity-tools.buildImage` has a new input for package selection and a new option enables fakeroot support. Tailscale configuration (`useRoutingFeatures`) allows use of the machine as an exit node. OpenJDK no longer includes JavaFX by default. Xastir can access AX.25 interfaces. `nixos-version` accepts `--configuration-revision`. Fixed `services.nomad.extraSettingsPlugins` and removed `services.prometheus.exporters.pihole.interval`.