In addition to numerous new and upgraded packages, this release has the following highlights: PXE "netboot" media has landed in . See for documentation. Xorg-server-1.18.*. If you choose "ati_unfree" driver, 1.17.* is still used due to ABI incompatibility. The following new services were added since the last release: (this will get automatically generated at release time) When upgrading from a previous release, please be aware of the following incompatible changes: A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages were changed late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) Shell aliases for systemd sub-commands were dropped: start, stop, restart, status. Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default behavior of Redis 3.2 /var/setuid-wrappers/ is now a symlink so it can be atomically updated and it's not mounted as tmpfs anymore since setuid binaries are located on /run/ as tmpfs. Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI. services.xserver.libinput.accelProfile default changed from flat to adaptive, as per official documentation. fonts.fontconfig.ultimate.rendering was removed because our presets were obsolete for some time. New presets are hardcoded into freetype; one selects a preset via fonts.fontconfig.ultimate.preset. You can customize those presets via ordinary environment variables, using environment.variables. The audit service is no longer enabled by default. Use security.audit.enable = true; to explicitly enable it. pkgs.linuxPackages.virtualbox now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new pkgs.virtualbox instead. goPackages was replaced with separated Go applications in appropriate nixpkgs categories. Each Go package uses its own dependency set defined in nix. There's also a new go2nix tool introduced to generate Go package definition from its Go source automatically. services.mongodb.extraConfig configuration format was changed to YAML. Other notable improvements: Revamped grsecurity/PaX support. There is now only a single general-purpose distribution kernel and the configuration interface has been streamlined. Desktop users should be able to simply set security.grsecurity.enable = true to get a reasonably secure system without having to sacrifice too much functionality. See for documentation Special filesystems, like /proc, /run and others, now have the same mount options as recommended by systemd. They are now unified across different places in NixOS. Options are also updated on the system switch if possible. One benefit from this is improved security -- most such filesystems are now mounted with noexec, nodev and/or nosuid options. The reverse path filter was interfering with DHCPv4 server operation in the past. An exception for DHCPv4 and a new option to log packets that were dropped due to the reverse path filter was added (networking.firewall.logReversePathDrops) for easier debugging. Containers configuration within containers.<name>.config is now properly typed and checked. In particular, partial configurations are merged correctly. (#17365)