Home Explore Blog Models CI



nixpkgs
10th chunk of `nixos/doc/manual/release-notes/rl-2111.section.md`
f32d61163d6c02f52bfb9ce2f95d64bcac5e3ce3de92f7440000000100001086
- The Linux kernel for security reasons now restricts access to BPF syscalls via `BPF_UNPRIV_DEFAULT_OFF=y`. Unprivileged access can be reenabled via the `kernel.unprivileged_bpf_disabled` sysctl knob.

- `/usr` will always be included in the initial ramdisk. See the `fileSystems.<name>.neededForBoot` option.
  If any files exist under `/usr` (which is not typical for NixOS), they will be included in the initial ramdisk, increasing its size to a possibly problematic extent.

- `pkgs.haskell-language-server` will now by default be linked dynamically to improve TemplateHaskell compatibility. To mitigate the increased closure size it will now by default only support our current default ghc (at the moment 9.0.2). Add other ghc versions via e.g. `pkgs.haskell-language-server.override { supportedGhcVersions = [ "90" "92" ]; }`.

- `pkgs.redis` is now built using the system jemalloc. This disables the experimental active defragmentation feature of redis. Users who require this feature can switch back to redis' vendored version of jemalloc by setting `services.redis.package = pkgs.redis.override { useSystemJemalloc = false; };`.

## Other Notable Changes {#sec-release-21.11-notable-changes}


- The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set.
  In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched.

- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options:
    - [`forwardPorts`](options.html#opt-virtualisation.forwardPorts) to configure IPv4 port forwarding,
    - [`sharedDirectories`](options.html#opt-virtualisation.sharedDirectories) to set up shared host directories,
    - [`resolution`](options.html#opt-virtualisation.resolution) to set the screen resolution,
    - [`useNixStoreImage`](options.html#opt-virtualisation.useNixStoreImage) to use a disk image for the Nix store instead of 9P.

  In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance.

- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

  However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs.

- The [`services.xserver.extraLayouts`](options.html#opt-services.xserver.extraLayouts) no longer cause additional rebuilds when a layout is added or modified.

- Sway: The terminal emulator `rxvt-unicode` is no longer installed by default via `programs.sway.extraPackages`. The current default configuration uses `alacritty` (and soon `foot`) so this is only an issue when using a customized configuration and not installing `rxvt-unicode` explicitly.

- `python3` now defaults to Python 3.9. Python 3.9 introduces many deprecation warnings, please look at the [What's New In Python 3.9 post](https://docs.python.org/3/whatsnew/3.9.html) for more information.

- `qtile` hase been updated from '0.16.0' to '0.18.0', please check [qtile changelog](https://github.com/qtile/qtile/blob/master/CHANGELOG) for changes.

- The `claws-mail` package now references the new GTK+ 3 release branch, major version 4. To use the GTK+ 2 releases, one can install the `claws-mail-gtk2` package.

- The wordpress module provides a new interface which allows to use different webservers with the new option [`services.wordpress.webserver`](options.html#opt-services.wordpress.webserver).  Currently `httpd`, `caddy` and `nginx` are supported. The definitions of wordpress sites should now be set in [`services.wordpress.sites`](options.html#opt-services.wordpress.sites).
Title: Notable Changes in Release 21.11
Summary
This section outlines significant changes and updates in the latest release. Key changes include enhanced Linux kernel security restricting BPF syscalls, automatic inclusion of `/usr` in the initial ramdisk, and dynamic linking for `pkgs.haskell-language-server` with limited GHC support. `pkgs.redis` now uses system jemalloc, disabling active defragmentation. The Linux kernel package infrastructure has been restructured, and the `virtualisation` module for QEMU VMs has new options for port forwarding, shared directories, and resolution. The default `services.openssh.logLevel` is now `INFO` to reduce log spam, though `fail2ban` will override it to `VERBOSE`. `services.xserver.extraLayouts` no longer cause rebuilds, `rxvt-unicode` is no longer default for Sway, and `python3` defaults to version 3.9. `qtile` has been updated, `claws-mail` now uses GTK+ 3, and the `wordpress` module introduces a new interface for webservers and site definitions.