NixOS is een Linux-distributie met een packagemanager die het mogelijk maakt om de configuratie declaratief te maken, in plaats van die op te bouwen uit een sequentie van commando's en configuratiebestanden. Onder de motorkap gebruikt Nix een functionele programmeertaal waarmee het systeem of de configuratie kan worden gedefinieerd. Nix is bedacht door Eelco Dolstra, een Nederlandse informaticus die aan de Universiteit van Utrecht op NixOS is gepromoveerd. Meer informatie over NixOS kan op ons eigen forum worden gevonden. Donderdag is versie 22.11 van NixOS uitgekomen en de belangrijkste veranderingen die daarin zijn aangebracht zijn hieronder voor je op een rijtje gezet.
Release 22.11 (“Raccoon”) highlightsIn addition to numerous new and upgraded packages, this release includes the following highlights:
- Software that uses the
crypt
password hashing API is now using the implementation provided bylibxcrypt
instead of glibc’s, which enables support for more secure algorithms.
- Support for algorithms that
libxcrypt
does not consider strong are deprecated as of this release, and will be removed in NixOS 23.05.- This includes system login passwords. Given this, we strongly encourage all users to update their system passwords, as you will be unable to login if password hashes are not migrated by the time their support is removed.
- When using
users.users.<name>.hashedPassword
to configure user passwords, runmkpasswd
, and use the yescrypt hash that is provided as the new value.- On the other hand, for interactively configured user passwords, simply re-set the passwords for all users with
passwd
.- This release introduces warnings for the use of deprecated hash algorithms for both methods of configuring passwords. To make sure you migrated correctly, run
nixos-rebuild switch
.- The NixOS documentation is now generated from markdown. While docbook is still part of the documentation build process, it’s a big step towards the full migration.
aarch64-linux
is now included in thenixos-22.11
andnixos-22.11-small
channels. This means that when those channel update, bothx86_64-linux
andaarch64-linux
will be available in the binary cache.aarch64-linux
ISOs are now available on the downloads page.nsncd
is now available as a replacement ofnscd
.nscd
is responsible for resolving hostnames, users and more in NixOS and has been a long standing source of bugs, such as sporadic network freezes. More context in this issue. Help us test the new implementation by settingservices.nscd.enableNsncd
totrue
. We plan to usensncd
by default in NixOS 23.05.- Linode cloud images are now supported by importing
${modulesPath}/virtualisation/linode-image.nix
and accessingsystem.build.linodeImage
on the output.hardware.nvidia
has a new option,hardware.nvidia.open
, that can be used to enable the usage of NVIDIA’s open-source kernel driver. Note that the driver’s support for GeForce and Workstation GPUs is still alpha quality, see the release announcement for more information.- The
emacs
package now makes use of native compilation which means:
- Emacs packages from Nixpkgs, builtin or not, will do native compilation ahead of time so you can enjoy the benefit of native compilation without compiling them on you machine;
- Emacs packages from somewhere else, e.g.
package-install
, will perform asynchronously deferred native compilation. If you do not want this, maybe to avoid CPU consumption for compilation, you can use(setq native-comp-deferred-compilation nil)
to disable it while still benefiting from native compilation for packages from Nixpkgs.