mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
169 lines
10 KiB
Markdown
169 lines
10 KiB
Markdown
# NixOS Upgrades
|
||
|
||
Notes on how I upgraded my NixOS systems.
|
||
|
||
<!-- TOC -->
|
||
* [NixOS Upgrades](#nixos-upgrades)
|
||
* [Upgrade from 23.05 to 23.11](#upgrade-from-2305-to-2311)
|
||
* [Upgrade from 23.11 to 24.05](#upgrade-from-2311-to-2405)
|
||
* [Upgrade from 24.05 to 24.11](#upgrade-from-2405-to-2411)
|
||
<!-- TOC -->
|
||
|
||
## Upgrade from 23.05 to 23.11
|
||
|
||
* https://discourse.nixos.org/t/nixos-23-11-released/36210
|
||
|
||
Change the tracking branch of nixpkgs from 23.05 to 23.11:
|
||
|
||
```shell
|
||
niv modify nixpkgs --branch nixos-23.11
|
||
niv modify home-manager --branch release-23.11
|
||
```
|
||
|
||
Update `home.stateVersion` to `home.stateVersion = "23.11";` in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-23.11
|
||
|
||
Read the release notes. GNOME 45: Notably, Loupe has replaced Eye of GNOME as the default image viewer, Snapshot has replaced Cheese as the default camera application, and Photos will no longer be installed.
|
||
|
||
Updating with nixos-rebuild boot and rebooting is recommended.
|
||
|
||
```shell
|
||
niv update && colmena build --on yodaTux -v --show-trace && colmena apply-local --sudo boot
|
||
niv update && colmena build --on remoteTab -v --show-trace && colmena apply --on remoteTab boot
|
||
niv update && colmena build --on @server -v --show-trace && colmena apply --on @server boot
|
||
```
|
||
|
||
Update channel (for `nix-shell` usage in a terminal):
|
||
|
||
```shell
|
||
sudo nix-channel --list
|
||
#=> nixos https://nixos.org/channels/nixos-23.05
|
||
sudo nix-channel --add https://nixos.org/channels/nixos-23.11 nixos
|
||
sudo nix-channel --update
|
||
```
|
||
|
||
## Upgrade from 23.11 to 24.05
|
||
|
||
Release Announcement: https://nixos.org/blog/announcements/2024/nixos-2405/
|
||
|
||
Upgrade Instructions: https://nixos.org/manual/nixos/stable/#sec-upgrading
|
||
|
||
Release Manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
|
||
|
||
- Highlights
|
||
- GNOME 46: This release we have also stopped including the legacy and unsupported Adwaita-Dark theme by default.
|
||
- Regarding Adwaita Dark theme: https://discourse.nixos.org/t/nixos-24-05-released/46279/9
|
||
|
||
- New Services
|
||
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html)
|
||
- [AMDVLK](https://github.com/GPUOpen-Drivers/AMDVLK), AMD’s open source Vulkan driver, is now available to be configured as [hardware.amdgpu.amdvlk](https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.amdvlk.enable). This also allows configuring runtime settings of AMDVLK and enabling experimental features.
|
||
- [AppImage](https://appimage.org/), a tool to package desktop applications, now has a `binfmt` option to support running AppImages seamlessly on NixOS. Available as [programs.appimage.binfmt](https://nixos.org/manual/nixos/stable/options#opt-programs.appimage.binfmt).
|
||
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](https://nixos.org/manual/nixos/stable/options#opt-services.davis.enable).
|
||
- [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn’s internal API for public transport data. Available as [services.db-rest](https://nixos.org/manual/nixos/stable/options#opt-services.db-rest.enable).
|
||
- [dnsproxy](https://github.com/AdguardTeam/dnsproxy), a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as [services.dnsproxy](https://nixos.org/manual/nixos/stable/options#opt-services.dnsproxy.enable).
|
||
- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](https://nixos.org/manual/nixos/stable/options#opt-services.prometheus.exporters.fritz.enable).
|
||
- [mautrix-signal](https://github.com/mautrix/signal), a Matrix-Signal puppeting bridge. Available as [services.mautrix-signal](https://nixos.org/manual/nixos/stable/options#opt-services.mautrix-signal.enable).
|
||
- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](https://nixos.org/manual/nixos/stable/options#opt-programs.ryzen-monitor-ng.enable).
|
||
- [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. Available as [services.scrutiny](https://nixos.org/manual/nixos/stable/options#opt-services.scrutiny.enable).
|
||
|
||
- Backward Incompatibilities
|
||
- `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously.
|
||
- `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes):
|
||
- Some SATA and NVMe devices support hardware encryption through OPAL2 TCG interface
|
||
- Using hardware disk encryption is controversial as you must trust proprietary hardware. On the other side, using both software and hardware encryption layers increases the security margin by adding an additional layer of protection. There is usually no performance drop if OPAL encryption is used (the drive always operates with full throughput), and it does not add any utilization to the main CPU.
|
||
- OPAL encryption can be used in combination with software (dm-crypt) encryption
|
||
- Do not use hardware-only encryption if you do not fully trust your hardware vendor.
|
||
- `screen`’s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment.
|
||
- `services.avahi.nssmdns` was split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` [...]
|
||
- `services.resolved.fallbackDns`
|
||
|
||
- Other Notable Changes
|
||
- `boot.initrd.network.ssh.authorizedKeyFiles` is a new option in the initrd ssh daemon module, for adding authorized keys via list of files.
|
||
|
||
Apply changes/improvements to config files.
|
||
|
||
Change the tracking branch of nixpkgs from 23.11 to 24.05:
|
||
|
||
```shell
|
||
niv modify nixpkgs --branch nixos-24.05
|
||
niv modify home-manager --branch release-24.05
|
||
```
|
||
|
||
Update `home.stateVersion` to `home.stateVersion = "24.05";` in order to match the NixOS channel. Read the corresponding release notes: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.05
|
||
- "There was no state version change in this release."
|
||
- `git --no-pager grep --line-number --ignore-case stateVersion`
|
||
|
||
Updating with nixos-rebuild boot and rebooting is recommended.
|
||
- `sudo nix-channel --update && niv update && colmena build -v --on yodaNas && colmena apply-local --sudo boot`
|
||
- `sudo reboot`
|
||
|
||
Update channel (for `nix-shell` usage in a terminal):
|
||
|
||
```shell
|
||
sudo nix-channel --list
|
||
#=> nixos https://nixos.org/channels/nixos-23.11
|
||
sudo nix-channel --add https://nixos.org/channels/nixos-24.05 nixos
|
||
sudo nix-channel --update
|
||
```
|
||
|
||
## Upgrade from 24.05 to 24.11
|
||
|
||
Announcement: https://nixos.org/blog/announcements/2024/nixos-2411/
|
||
|
||
- Featured
|
||
- Gnome 47
|
||
- https://release.gnome.org/47/
|
||
- GNOME 47 includes an enhanced fractional display scaling feature, which provides better support for legacy X11 apps. This feature is still considered experimental and should only be used for testing. To enable it, you can run the following from the command line:
|
||
- `gsettings set org.gnome.mutter experimental-features '["scale-monitor-framebuffer", "xwayland-native-scaling"]'`
|
||
|
||
Release manual: https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.11
|
||
|
||
- Highlights
|
||
- Convenience options for amdgpu, the open source driver for Radeon cards, are now available under hardware.amdgpu (https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.initrd.enable)
|
||
- AMDVLK, AMD’s open source Vulkan driver, is now available to be configured under the hardware.amdgpu.amdvlk option (https://nixos.org/manual/nixos/stable/options#opt-hardware.amdgpu.amdvlk.enable). This also allows configuring runtime settings for AMDVLK, including enabling experimental features.
|
||
- default sound server for most graphical sessions has been switched from PulseAudio to PipeWire
|
||
- Firefly-iii Data Importer, a data importer for Firefly-III. Available as services.firefly-iii-data-importer.
|
||
- ddns-updater, a service with a WebUI to update DNS records periodically for many providers. Available as services.ddns-updater.
|
||
- Collabora Online, a collaborative online office suite based on LibreOffice technology. Available as services.collabora-online.
|
||
- Immich, a self-hosted photo and video backup solution. Available as services.immich.
|
||
|
||
- Backward Incompatibilities
|
||
- `sound` options, see below
|
||
- openssh and openssh_hpn are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components.
|
||
|
||
- Other Notable Changes
|
||
- The new boot.loader.systemd-boot.windows option makes setting up dual-booting with Windows on a different drive easier.
|
||
|
||
- sound options removal
|
||
- pipewire -> remove `sound.enable`
|
||
|
||
Home-Manager: https://nix-community.github.io/home-manager/release-notes.xhtml#sec-release-24.11
|
||
|
||
- There was no state version change in this release.
|
||
|
||
Change the tracking branch of nixpkgs from 24.05 to 24.11:
|
||
|
||
```shell
|
||
niv show
|
||
niv modify nixpkgs --branch nixos-24.11
|
||
niv modify home-manager --branch release-24.11
|
||
niv update
|
||
```
|
||
|
||
Update `home.stateVersion` to `home.stateVersion = "24.11";` in order to match the NixOS channel.
|
||
|
||
Update channels:
|
||
|
||
```shell
|
||
sudo nix-channel --list
|
||
#=> nixos https://nixos.org/channels/nixos-24.05
|
||
sudo nix-channel --add https://nixos.org/channels/nixos-24.11 nixos
|
||
sudo nix-channel --update
|
||
```
|
||
|
||
Updating with nixos-rebuild boot and rebooting is recommended:
|
||
|
||
```shell
|
||
colmena build --on $(hostname) -v --show-trace && colmena apply-local --sudo boot
|
||
sudo reboot
|
||
```
|