mirror of
https://codeberg.org/privacy1st/nix-git
synced 2025-01-25 06:45:44 +01:00
100 lines
6.9 KiB
Markdown
100 lines
6.9 KiB
Markdown
|
# NixOS Upgrades
|
|||
|
|
|||
|
Notes on how I upgraded my NixOS systems.
|
|||
|
|
|||
|
## Upgrade from 23.05 to 23.11
|
|||
|
|
|||
|
* https://discourse.nixos.org/t/nixos-23-11-released/36210
|
|||
|
|
|||
|
Change the tracking branch of nixpkgs from 23.05 to 23.11:
|
|||
|
|
|||
|
```shell
|
|||
|
niv modify nixpkgs --branch nixos-23.11
|
|||
|
niv modify home-manager --branch release-23.11
|
|||
|
```
|
|||
|
|
|||
|
Update `home.stateVersion` to `home.stateVersion = "23.11";` in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-23.11
|
|||
|
|
|||
|
Read the release notes. GNOME 45: Notably, Loupe has replaced Eye of GNOME as the default image viewer, Snapshot has replaced Cheese as the default camera application, and Photos will no longer be installed.
|
|||
|
|
|||
|
Updating with nixos-rebuild boot and rebooting is recommended.
|
|||
|
|
|||
|
```shell
|
|||
|
niv update && colmena build --on yodaTux -v --show-trace && colmena apply-local --sudo boot
|
|||
|
niv update && colmena build --on remoteTab -v --show-trace && colmena apply --on remoteTab boot
|
|||
|
niv update && colmena build --on @server -v --show-trace && colmena apply --on @server boot
|
|||
|
```
|
|||
|
|
|||
|
Update channel (for `nix-shell` usage in a terminal):
|
|||
|
|
|||
|
```shell
|
|||
|
sudo nix-channel --list
|
|||
|
#=> nixos https://nixos.org/channels/nixos-23.05
|
|||
|
sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
|
|||
|
sudo nix-channel --update
|
|||
|
```
|
|||
|
|
|||
|
## Upgrade from 23.11 to 24.05
|
|||
|
|
|||
|
Release Announcement: https://nixos.org/blog/announcements/2024/nixos-2405/
|
|||
|
|
|||
|
Upgrade Instructions: https://nixos.org/manual/nixos/stable/#sec-upgrading
|
|||
|
|
|||
|
Release Manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
|
|||
|
|
|||
|
- Highlights
|
|||
|
- GNOME 46: This release we have also stopped including the legacy and unsupported Adwaita-Dark theme by default.
|
|||
|
- Regarding Adwaita Dark theme: https://discourse.nixos.org/t/nixos-24-05-released/46279/9
|
|||
|
|
|||
|
- New Services
|
|||
|
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html)
|
|||
|
- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD’s open source Vulkan driver, is now available to be configured as [hardware.amdgpu.amdvlk](https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.amdvlk.enable). This also allows configuring runtime settings of AMDVLK and enabling experimental features.
|
|||
|
- [AppImage](https://appimage.org/), a tool to package desktop applications, now has a `binfmt` option to support running AppImages seamlessly on NixOS. Available as [programs.appimage.binfmt](https://nixos.org/manual/nixos/stable/options#opt-programs.appimage.binfmt).
|
|||
|
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](https://nixos.org/manual/nixos/stable/options#opt-services.davis.enable).
|
|||
|
- [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn’s internal API for public transport data. Available as [services.db-rest](https://nixos.org/manual/nixos/stable/options#opt-services.db-rest.enable).
|
|||
|
- [dnsproxy](https://github.com/AdguardTeam/dnsproxy), a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as [services.dnsproxy](https://nixos.org/manual/nixos/stable/options#opt-services.dnsproxy.enable).
|
|||
|
- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](https://nixos.org/manual/nixos/stable/options#opt-services.prometheus.exporters.fritz.enable).
|
|||
|
- [mautrix-signal](https://github.com/mautrix/signal), a Matrix-Signal puppeting bridge. Available as [services.mautrix-signal](https://nixos.org/manual/nixos/stable/options#opt-services.mautrix-signal.enable).
|
|||
|
- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](https://nixos.org/manual/nixos/stable/options#opt-programs.ryzen-monitor-ng.enable).
|
|||
|
- [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. Available as [services.scrutiny](https://nixos.org/manual/nixos/stable/options#opt-services.scrutiny.enable).
|
|||
|
|
|||
|
- Backward Incompatibilities
|
|||
|
- `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously.
|
|||
|
- `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes):
|
|||
|
- Some SATA and NVMe devices support hardware encryption through OPAL2 TCG interface
|
|||
|
- Using hardware disk encryption is controversial as you must trust proprietary hardware. On the other side, using both software and hardware encryption layers increases the security margin by adding an additional layer of protection. There is usually no performance drop if OPAL encryption is used (the drive always operates with full throughput), and it does not add any utilization to the main CPU.
|
|||
|
- OPAL encryption can be used in combination with software (dm-crypt) encryption
|
|||
|
- Do not use hardware-only encryption if you do not fully trust your hardware vendor.
|
|||
|
- `screen`’s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment.
|
|||
|
- `services.avahi.nssmdns` was split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` [...]
|
|||
|
- `services.resolved.fallbackDns`
|
|||
|
|
|||
|
- Other Notable Changes
|
|||
|
- `boot.initrd.network.ssh.authorizedKeyFiles` is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.
|
|||
|
|
|||
|
Apply changes/improvements to config files.
|
|||
|
|
|||
|
Change the tracking branch of nixpkgs from 23.11 to 24.05:
|
|||
|
|
|||
|
```shell
|
|||
|
niv modify nixpkgs --branch nixos-24.05
|
|||
|
niv modify home-manager --branch release-24.05
|
|||
|
```
|
|||
|
|
|||
|
Update `home.stateVersion` to `home.stateVersion = "24.05";` in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.05
|
|||
|
- "There was no state version change in this release."
|
|||
|
- `git --no-pager grep --line-number --ignore-case stateVersion`
|
|||
|
|
|||
|
Updating with nixos-rebuild boot and rebooting is recommended.
|
|||
|
- `sudo nix-channel --update && niv update && colmena build -v --on yodaNas && colmena apply-local --sudo boot`
|
|||
|
- `sudo reboot`
|
|||
|
|
|||
|
Update channel (for `nix-shell` usage in a terminal):
|
|||
|
|
|||
|
```shell
|
|||
|
sudo nix-channel --list
|
|||
|
#=> nixos https://nixos.org/channels/nixos-23.11
|
|||
|
sudo nix-channel --add https://nixos.org/channels/nixos-24.05 nixos
|
|||
|
sudo nix-channel --update
|
|||
|
```
|