Home Explore Blog Models CI



nixpkgs
4th chunk of `nixos/doc/manual/release-notes/rl-1603.section.md`
ffdda5754a3a4bce1ab433a3a76bb2c3ef7d17890cd1ae810000000100000f52
    i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [
      anthy
      mozc
    ];
  }
  ```

  That is equivalent to the old version:

  ```nix
  {
    programs.ibus.enable = true;
    programs.ibus.plugins = with pkgs; [
      ibus-anthy
      mozc
    ];
  }
  ```

- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn't be overridden by anything else.

- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.

- The option `services.nsd.zones.<name>.data` no longer interpret the dollar sign (\$) as a shell variable, as such it should not be escaped anymore. Thus the following zone data:

  ```dns-zone
  $ORIGIN example.com.
  $TTL 1800
  @       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (

  ```

  Should modified to look like the actual file expected by nsd:

  ```dns-zone
  $ORIGIN example.com.
  $TTL 1800
  @       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (

  ```

- `service.syncthing.dataDir` options now has to point to exact folder where syncthing is writing to. Example configuration should look something like:

  ```nix
  {
    services.syncthing = {
      enable = true;
      dataDir = "/home/somebody/.syncthing";
      user = "somebody";
    };
  }
  ```

- `networking.firewall.allowPing` is now enabled by default. Users are encouraged to configure an appropriate rate limit for their machines using the Kernel interface at `/proc/sys/net/ipv4/icmp_ratelimit` and `/proc/sys/net/ipv6/icmp/ratelimit` or using the firewall itself, i.e. by setting the NixOS option `networking.firewall.pingLimit`.

- Systems with some broadcom cards used to result into a generated config that is no longer accepted. If you get errors like

  ```ShellSession
  error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
  ```

  you should either re-run `nixos-generate-config` or manually replace `"${config.boot.kernelPackages.broadcom_sta}"` by `config.boot.kernelPackages.broadcom_sta` in your `/etc/nixos/hardware-configuration.nix`. More discussion is on [ the github issue](https://github.com/NixOS/nixpkgs/pull/12595).

- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:

  ```shell
  GPG_TTY=$(tty)
  export GPG_TTY
  ```

  If you want to use gpg-agent for SSH, too, add the following to your session initialization (e.g. `displayManager.sessionCommands`)

  ```shell
      gpg-connect-agent /bye
      unset SSH_AGENT_PID
      export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
  ```

  and make sure that

  ```conf
      enable-ssh-support
  ```

  is included in your `~/.gnupg/gpg-agent.conf`. You will need to use `ssh-add` to re-add your ssh keys. If gpg's automatic transformation of the private keys to the new format fails, you will need to re-import your private keyring as well:

  ```ShellSession
      gpg --import ~/.gnupg/secring.gpg
  ```

  The `gpg-agent(1)` man page has more details about this subject, i.e. in the "EXAMPLES" section.

Other notable improvements:

- `ejabberd` module is brought back and now works on NixOS.

- Input method support was improved. New NixOS modules (fcitx, nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n) have been added.
Title: System Service and Configuration Updates (Continued)
Summary
This chunk continues system and service configuration updates. It details IBus configuration changes and `services.udev.extraRules` now writing to `99-local.rules`. The `services.gitlab` module saw a significant rewrite with updated options, and `services.nsd.zones.<name>.data` no longer interprets '$' as a shell variable. `service.syncthing.dataDir` now requires an exact folder path. `networking.firewall.allowPing` is enabled by default, with rate-limiting recommendations. A fix is provided for Broadcom `broadcom-sta` errors. `services.xserver.startGnuPGAgent` has been removed due to GnuPG 2.1.x changes, with instructions for manual `gpg-agent` configuration for X sessions and SSH. Additionally, the `ejabberd` module is restored, and input method support is improved with new modules and engines for fcitx, nabi, uim, and ibus.