nix-git/NixOS Upgrades.md

NixOS Upgrades

Notes on how I upgraded my NixOS systems.

Upgrade from 23.05 to 23.11

• https://discourse.nixos.org/t/nixos-23-11-released/36210

Change the tracking branch of nixpkgs from 23.05 to 23.11:

niv modify nixpkgs      --branch   nixos-23.11
niv modify home-manager --branch release-23.11

Update home.stateVersion to home.stateVersion = "23.11"; in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-23.11

Read the release notes. GNOME 45: Notably, Loupe has replaced Eye of GNOME as the default image viewer, Snapshot has replaced Cheese as the default camera application, and Photos will no longer be installed.

Updating with nixos-rebuild boot and rebooting is recommended.

niv update && colmena build --on yodaTux   -v --show-trace && colmena apply-local --sudo   boot
niv update && colmena build --on remoteTab -v --show-trace && colmena apply --on remoteTab boot
niv update && colmena build --on @server   -v --show-trace && colmena apply --on @server   boot

Update channel (for nix-shell usage in a terminal):

sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-23.05
sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
sudo nix-channel --update

Upgrade from 23.11 to 24.05

Release Announcement: https://nixos.org/blog/announcements/2024/nixos-2405/

Upgrade Instructions: https://nixos.org/manual/nixos/stable/#sec-upgrading

Release Manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05

• Highlights

  • GNOME 46: This release we have also stopped including the legacy and unsupported Adwaita-Dark theme by default.
  • Regarding Adwaita Dark theme: https://discourse.nixos.org/t/nixos-24-05-released/46279/9

• New Services

  • Anki Sync Server
  • AMDVLK, AMD’s open source Vulkan driver, is now available to be configured as hardware.amdgpu.amdvlk. This also allows configuring runtime settings of AMDVLK and enabling experimental features.
  • AppImage, a tool to package desktop applications, now has a binfmt option to support running AppImages seamlessly on NixOS. Available as programs.appimage.binfmt.
  • davis, a simple CardDav and CalDav server inspired by Baïkal. Available as services.davis.
  • db-rest, a wrapper around Deutsche Bahn’s internal API for public transport data. Available as services.db-rest.
  • dnsproxy, a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as services.dnsproxy.
  • fritz-exporter, a Prometheus exporter for extracting metrics from FRITZ! devices. Available as services.prometheus.exporters.fritz.
  • mautrix-signal, a Matrix-Signal puppeting bridge. Available as services.mautrix-signal.
  • ryzen-monitor-ng, a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as programs.ryzen-monitor-ng.
  • Scrutiny, a S.M.A.R.T monitoring tool for hard disks with a web frontend. Available as services.scrutiny.

• Backward Incompatibilities

  • boot.supportedFilesystems and boot.initrd.supportedFilesystems are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using supportedFilesystems.fs or false instead of using lib.elem "fs" supportedFilesystems as was done previously.
  • cryptsetup has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. Take the time to review the release notes:
    • Some SATA and NVMe devices support hardware encryption through OPAL2 TCG interface
    • Using hardware disk encryption is controversial as you must trust proprietary hardware. On the other side, using both software and hardware encryption layers increases the security margin by adding an additional layer of protection. There is usually no performance drop if OPAL encryption is used (the drive always operates with full throughput), and it does ​not add any utilization to the main CPU.
    • OPAL encryption can be used in combination with software (dm-crypt) encryption
    • Do not use hardware-only encryption if you do not fully trust your hardware vendor.
  • screen’s module has been cleaned, and will now require you to set programs.screen.enable in order to populate screenrc and add the program to the environment.
  • services.avahi.nssmdns was split into services.avahi.nssmdns4 and services.avahi.nssmdns6 [...]
  • services.resolved.fallbackDns

• Other Notable Changes

  • boot.initrd.network.ssh.authorizedKeyFiles is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.

Apply changes/improvements to config files.

Change the tracking branch of nixpkgs from 23.11 to 24.05:

niv modify nixpkgs      --branch   nixos-24.05
niv modify home-manager --branch release-24.05

Update home.stateVersion to home.stateVersion = "24.05"; in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.05

• "There was no state version change in this release."
• git --no-pager grep --line-number --ignore-case stateVersion

Updating with nixos-rebuild boot and rebooting is recommended.

• sudo nix-channel --update && niv update && colmena build -v --on yodaNas && colmena apply-local --sudo boot
• sudo reboot

Update channel (for nix-shell usage in a terminal):

sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-23.11
sudo nix-channel --add https://nixos.org/channels/nixos-24.05 nixos
sudo nix-channel --update