In addition to numerous new and upgraded packages, this release has the following highlights: User channels are now in the default NIX_PATH, allowing users to use their personal nix-channel defined channels in nix-build and nix-shell commands, as well as in imports like import <mychannel>. For example $ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable $ nix-channel --update $ nix-build '<nixpkgsunstable>' -A gitFull $ nix run -f '<nixpkgsunstable>' gitFull $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'

The following new services were added since the last release: When enabled the iproute2 will copy the files expected by ip route (e.g., rt_tables) in /run/iproute2. This allows to write aliases for routing tables for instance.

When upgrading from a previous release, please be aware of the following incompatible changes: lib.strict is removed. Use builtins.seq instead. The clementine package points now to the free derivation. clementineFree is removed now and clementineUnfree points to the package which is bundled with the unfree libspotify package. The netcat package is now taken directly from OpenBSD's libressl, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command. The services.docker-registry.extraConfig object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in the docker/distribution docs. gnucash has changed from version 2.4 to 3.x. If you've been using gnucash (version 2.4) instead of gnucash26 (version 2.6) you must open your Gnucash data file(s) with gnucash26 and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade documentation. Gnucash 2.4 is still available under the attribute gnucash24.

dockerTools.pullImage relies on image digest instead of image tag to download the image. The sha256 of a pulled image has to be updated. lib.attrNamesToStr has been deprecated. Use more specific concatenation (lib.concat(Map)StringsSep) instead. lib.addErrorContextToAttrs has been deprecated. Use builtins.addErrorContext directly. lib.showVal has been deprecated. Use lib.traceSeqN instead. lib.traceXMLVal has been deprecated. Use lib.traceValFn builtins.toXml instead. lib.traceXMLValMarked has been deprecated. Use lib.traceValFn (x: str + builtins.toXML x) instead. lib.traceValIfNot has been deprecated. Use if/then/else and lib.traceValSeq instead. lib.traceCallXml has been deprecated. Please complain if you use the function regularly. The attribute lib.nixpkgsVersion has been deprecated in favor of lib.version. Please refer to the discussion in NixOS/nixpkgs#39416 for further reference. The module for security.dhparams has two new options now: security.dhparams.stateless Puts the generated Diffie-Hellman parameters into the Nix store instead of managing them in a stateful manner in /var/lib/dhparams. security.dhparams.defaultBitSize The default bit size to use for the generated Diffie-Hellman parameters. The path to the actual generated parameter files should now be queried using config.security.dhparams.params.name.path because it might be either in the Nix store or in a directory configured by security.dhparams.path. Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). An example usage of this would be: { config, ... }: { security.dhparams.params.myservice = {}; environment.etc."myservice.conf".text = '' dhparams = ${config.security.dhparams.params.myservice.path} ''; } networking.networkmanager.useDnsmasq has been deprecated. Use networking.networkmanager.dns instead. The option services.kubernetes.apiserver.admissionControl was renamed to services.kubernetes.apiserver.enableAdmissionPlugins. Recommented way to access the Kubernetes Dashboard is with HTTPS (TLS) Therefore; public service port for the dashboard has changed to 443 (container port 8443) and scheme to https.