Home Explore Blog CI



nixpkgs
16th chunk of `nixos/doc/manual/release-notes/rl-2411.section.md`
f54a37cab25a599b682d1dbb6fafb6c86e086764323fe15d0000000100001054
  data and the filesystem for blobs.

- `services.stargazer` has been hardened to improve security, but these
  changes make break certain setups, particularly around traditional CGI.

  - `services.stargazer.allowCgiUser` has been added, enabling
    Stargazer's `cgi-user` option to work, which was previously broken.

- `services.shiori` now requires the HTTP secret value `SHIORI_HTTP_SECRET_KEY` to be provided as an environment variable. `services.shiori.environmentFile` has been introduced to handle this:

  ```
  # This is how a environment file can be generated:
  # $ printf "SHIORI_HTTP_SECRET_KEY=%s\n" "$(openssl rand -hex 16)" > /path/to/env-file
  services.shiori.environmentFile = "/path/to/env-file";
  ```

- `/share/nano` is now only linked when `programs.nano.enable` is enabled.

- PPD files for Utax printers were renamed (spaces replaced by underscores) in the newest `foomatic-db` package. Users of Utax printers might need to adapt their `hardware.printers.ensurePrinters.*.model` value to account for this.

- `sqldeveloper` was dropped due to being severely out-of-date and having a dependency on
  JavaFX for Java 8, which we do not support.

- The `kvdo` kernel module package was removed as it was upstreamed in kernel version 6.9, where it is now called `dm-vdo`.

- `libe57format` has been updated to `>= 3.0.0`, which contains some backward-incompatible API changes. See the [release note](https://github.com/asmaloney/libE57Format/releases/tag/v3.0.0) for more details.

- `gitlab` deprecated support for *runner registration tokens* in GitLab 16.0, disabled their support in GitLab 17.0 and will
  ultimately remove it in GitLab 18.0 (as outlined in the
  [documentation](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes)).
  After upgrading to GitLab >= 17.0, it is possible to re-enable support for registration tokens in the UI until GitLab 18.0.
  Refer to the manual on [using registration tokens after GitLab 17.0](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170).
  GitLab administrators should migrate to the [new runner registration workflow](https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#using-registration-tokens-after-gitlab-170)
  with *runner authentication tokens* until the release of GitLab 18.0.

- `gitlab` has been updated from 16.x to 17.x and requires `postgresql` >= 14.9, as stated in the [documentation](https://docs.gitlab.com/17.1/ee/install/requirements.html#postgresql-requirements). Check the [upgrade guide](#module-services-postgres-upgrading) in the NixOS manual on how to upgrade your PostgreSQL installation.

- `gitaly` (part of `gitlab`) is now using the bundled `git` package instead of `pkgs.git`, to maintain compatibility with GitLab.

- `nixos/gitlab` no longer adds `pkgs.git` to `environment.systemPackages` by default.

- The `replay-sorcery` package and module was removed as it unmaintained upstream. Consider using `gpu-screen-recorder` or `obs-studio` instead.

- A few options of `services.samba` have been moved from `extraConfig` and `configText` to the new freeform option `settings` and renamed, e.g.:
  - `services.samba.invalidUsers` to `services.samba.settings.global."invalid users"`
  - `services.samba.securityType` to `services.samba.settings.global."security type"`
  - `services.samba.shares` to `services.samba.settings`
  - `services.samba.enableWinbindd` to `services.samba.winbindd.enable`
  - `services.samba.enableNmbd` to `services.samba.nmbd.enable`

- `zx` was updated to v8, which introduces several breaking changes.
  See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.

- `feishin` removed support for Navidrome `< v0.53.2` due to an API change. See the [v0.10.0 release notes](https://github.com/jeffvli/feishin/releases/tag/v0.10.0) for more information.

- `services.dnscrypt-wrapper` was removed, as the project has been effectively unmaintained since 2018. Moreover, the NixOS module had to rely on an abandoned version of `dnscrypt-proxy` v1 for the rotation of keys.
Title: More Backward Incompatibilities in NixOS 24.11 (Continued)
Summary
Further backward-incompatible changes in NixOS 24.11: `services.stargazer` hardening, `services.shiori` secret key requirement, `/share/nano` link condition, Utax printer PPD rename, `sqldeveloper` removal, `kvdo` kernel module removal, `libe57format` update, `gitlab` runner registration deprecation & update to 17.x, `gitaly` using bundled `git`, `nixos/gitlab` system packages change, `replay-sorcery` removal, `services.samba` option migration, `zx` update to v8, `feishin` Navidrome version removal, `services.dnscrypt-wrapper` removal.