nix-git/NixOS Upgrades.md
2024-12-03 22:14:58 +01:00

10 KiB
Raw Blame History

NixOS Upgrades

Notes on how I upgraded my NixOS systems.

Upgrade from 23.05 to 23.11

Change the tracking branch of nixpkgs from 23.05 to 23.11:

niv modify nixpkgs      --branch   nixos-23.11
niv modify home-manager --branch release-23.11

Update home.stateVersion to home.stateVersion = "23.11"; in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-23.11

Read the release notes. GNOME 45: Notably, Loupe has replaced Eye of GNOME as the default image viewer, Snapshot has replaced Cheese as the default camera application, and Photos will no longer be installed.

Updating with nixos-rebuild boot and rebooting is recommended.

niv update && colmena build --on yodaTux   -v --show-trace && colmena apply-local --sudo   boot
niv update && colmena build --on remoteTab -v --show-trace && colmena apply --on remoteTab boot
niv update && colmena build --on @server   -v --show-trace && colmena apply --on @server   boot

Update channel (for nix-shell usage in a terminal):

sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-23.05
sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
sudo nix-channel --update

Upgrade from 23.11 to 24.05

Release Announcement: https://nixos.org/blog/announcements/2024/nixos-2405/

Upgrade Instructions: https://nixos.org/manual/nixos/stable/#sec-upgrading

Release Manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05

  • Highlights

  • New Services

  • Backward Incompatibilities

    • boot.supportedFilesystems and boot.initrd.supportedFilesystems are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using supportedFilesystems.fs or false instead of using lib.elem "fs" supportedFilesystems as was done previously.
    • cryptsetup has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. Take the time to review the release notes:
      • Some SATA and NVMe devices support hardware encryption through OPAL2 TCG interface
      • Using hardware disk encryption is controversial as you must trust proprietary hardware. On the other side, using both software and hardware encryption layers increases the security margin by adding an additional layer of protection. There is usually no performance drop if OPAL encryption is used (the drive always operates with full throughput), and it does not add any utilization to the main CPU.
      • OPAL encryption can be used in combination with software (dm-crypt) encryption
      • Do not use hardware-only encryption if you do not fully trust your hardware vendor.
    • screens module has been cleaned, and will now require you to set programs.screen.enable in order to populate screenrc and add the program to the environment.
    • services.avahi.nssmdns was split into services.avahi.nssmdns4 and services.avahi.nssmdns6 [...]
    • services.resolved.fallbackDns
  • Other Notable Changes

    • boot.initrd.network.ssh.authorizedKeyFiles is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.

Apply changes/improvements to config files.

Change the tracking branch of nixpkgs from 23.11 to 24.05:

niv modify nixpkgs      --branch   nixos-24.05
niv modify home-manager --branch release-24.05

Update home.stateVersion to home.stateVersion = "24.05"; in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.05

  • "There was no state version change in this release."
  • git --no-pager grep --line-number --ignore-case stateVersion

Updating with nixos-rebuild boot and rebooting is recommended.

  • sudo nix-channel --update && niv update && colmena build -v --on yodaNas && colmena apply-local --sudo boot
  • sudo reboot

Update channel (for nix-shell usage in a terminal):

sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-23.11
sudo nix-channel --add https://nixos.org/channels/nixos-24.05 nixos
sudo nix-channel --update

Upgrade from 24.05 to 24.11

Announcement: https://nixos.org/blog/announcements/2024/nixos-2411/

  • Featured
    • Gnome 47
      • https://release.gnome.org/47/
      • GNOME 47 includes an enhanced fractional display scaling feature, which provides better support for legacy X11 apps. This feature is still considered experimental and should only be used for testing. To enable it, you can run the following from the command line:
      • gsettings set org.gnome.mutter experimental-features '["scale-monitor-framebuffer", "xwayland-native-scaling"]'

Release manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.11

  • Highlights

    • Convenience options for amdgpu, the open source driver for Radeon cards, are now available under hardware.amdgpu (https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.initrd.enable)
    • AMDVLK, AMDs open source Vulkan driver, is now available to be configured under the hardware.amdgpu.amdvlk option (https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.amdvlk.enable). This also allows configuring runtime settings for AMDVLK, including enabling experimental features.
    • default sound server for most graphical sessions has been switched from PulseAudio to PipeWire
    • Firefly-iii Data Importer, a data importer for Firefly-III. Available as services.firefly-iii-data-importer.
    • ddns-updater, a service with a WebUI to update DNS records periodically for many providers. Available as services.ddns-updater.
    • Collabora Online, a collaborative online office suite based on LibreOffice technology. Available as services.collabora-online.
    • Immich, a self-hosted photo and video backup solution. Available as services.immich.
  • Backward Incompatibilities

    • sound options, see below
    • openssh and openssh_hpn are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components.
  • Other Notable Changes

    • The new boot.loader.systemd-boot.windows option makes setting up dual-booting with Windows on a different drive easier.
  • sound options removal

    • pipewire -> remove sound.enable

Home-Manager: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.11

  • There was no state version change in this release.

Change the tracking branch of nixpkgs from 24.05 to 24.11:

niv show
niv modify nixpkgs      --branch   nixos-24.11
niv modify home-manager --branch release-24.11
niv update

Update home.stateVersion to home.stateVersion = "24.11"; in order to match the NixOS channel.

Update channels:

sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-24.05
sudo nix-channel --add https://nixos.org/channels/nixos-24.11 nixos
sudo nix-channel --update

Updating with nixos-rebuild boot and rebooting is recommended:

colmena build --on $(hostname) -v --show-trace && colmena apply-local --sudo boot
sudo reboot