What's Changed

YAY! A huge release. Let's see what's changed.

Note: I plan on doing more frequent patch/minor release cycles in the future. Apologies for the super long one this time around.

Breaking Changes

Some deprecations and breaking changes have been introduced.

The new breaking change policy is this: minor releases will be subject to breaking changes at any time. However, for the vast majority of cases, a two-release cycle for deprecation will happen. First, soft deprecation will be introduced in one minor release that warns the user about what to do. The next minor release will hard-deprecate the feature and remove it entirely from the repository.

This policy is one more step on the road to 1.0.0 stabilization.

• Module option renaming
  • services.nixos-cli -> programs.nixos-cli
  • services.nixos-cli.config -> programs.nixos-cli.settings
  • services.nixos-cli.prebuildOptionCache -> programs.nixos-cli.option-cache.enable
  • services.nixos-cli.useActivationInterface -> programs.nixos-cli.activation-interface.enable
• Automatic execution of nixos apply as root is not the default anymore. This has been replaced by usage of the --local-root/--remote-root flags. Set apply.reexec_as_root = true to bring back the old behavior.
• Settings deprecations (see settings section for more info)
  • auto_rollback -> rollback.enable
  • no_confirm -> confirmation.always = true
  • root_command -> root.command + root.password_method
  • use_nvd -> differ.type = "command" + differ.command = ["nvd", "diff"]

• feat(apply): Don't re-exec as root by default and add a flag for escalating to root locally by @Sporif in #155
• feat(module): use kebab-case for option names, make more flexible by @water-sucks in #183
• refactor(nix): more package/module renames/modernization by @water-sucks in #191

Magic Rollback

Sometimes, nixos apply --target-host can go wrong, SSH can be disabled, internet can be misconfigured, and you don't have access to your machine to rollback! That sucks, right?

Enter magic rollback.

This mechanism forces the invoking machine to reconnect to the new machine and send an acknowledgement of the activation. If it cannot do so within the configured time frame, then it will rollback all on its own! This requires zero configuration on the destination machine, just systemd-run to be available.

This behavior can be explicitly disabled by setting rollback.enable = false or by specifying --no-rollback on the command line to nixos apply.

Credit to https://github.com/serokell/deploy-rs for coming up with the concept.

• feat(apply): magic rollback by @water-sucks in #133

Internal Differ

An internal generation differ is now builtin to nixos-cli! This uses the Nix store SQLite database to perform the closure diff, and outputs the package diffs in a tabled format.

Additionally, if differ.query_derivations is set, then derivers will be queried if they exist in order to find the most accurate package names and versions, rather than relying on pname-version parsing that can fail in some instances.

Credit to https://github.com/faukah/dix for coming up with this approach first.

The internal differ is also the new default differ; other differs such as nvd, dix, etc. can be configured using differ.command.

• feat(diff): init internal differ by @water-sucks in #192

New Settings

The following settings have been added.

• apply.reexec_as_root
• confirmation.always
• confirmation.empty
• confirmation.invalid
• differ.command
• differ.tool
• differ.query_derivations
• rollback.enable
• rollback.timeout
• ssh.hosts_file_completion
• ssh.host_key_verification
• ssh.known_hosts_files
• ssh.private_key_cmd
• root.command
• root.password_method
• use_default_aliases

Consult nixos-cli-settings(5) or https://nix-community.github.io/nixos-cli/settings for more information.

Miscellaneous Features

• feat(nix): add integration tests, refactor file structure by @water-sucks in #135
• chore(deps): update optnix dependency to v0.3.0 by @water-sucks in #137
• feat(settings): add new confirmation settings to control default/invalid input behavior by @water-sucks in #138
• feat(option): update optnix dependency by @water-sucks in #142
• feat(completion): Add path completion by @Sporif in #150
• feat(apply): Allow deploying pre-built closures by @Sporif in #166
• fix(apply): reduce restrictions on certain options by @Sporif in #168
• fix(option): display the evaluation trace for cache build failures by @Sporif in #170
• fix: Support quoted attribute names by @Sporif in #165
• fix(apply): add dry run support for legacy and remote builds by @Sporif in #179
• feat(ssh): add configuration by @Sporif in #175
• refactor(system): make root cmd+flags a property of the command struct by @water-sucks in #181
• feat(aliases)!: add commonly used aliases by default by @Sporif in #185
• feat(apply): add --eval-only flag by @iyiola-dev in #193
• fix(apply): standardise --eval-only output by @Sporif in #197
• refactor(ssh): use agent instead of temporary files for private keys by @water-sucks in #196
• feat(completion): support for SSH hosts by @Sporif in #195
• feat(settings): add SSH host key checking option by @water-sucks in #209
• fix(diff): remove immutable flag from sqlite connection by @Sporif in #210

Bug Fixes

• fix(init): resolve filesystem attribute generation bugs by @water-sucks in #132
• fix(apply): use correct condition to skip activation by @water-sucks in #134
• fix(install): a few minor fixes by @Sporif in #148
• fix(completion): Fix panic in specialisation flag by @Sporif in #149
• chore: fix formatting, add gofmt to checks by @Sporif in #151
• fix(enter): inherit parent PID namespace by @Sporif in #152
• fix(enter): Fix running systemd tmpfiles with no users or groups by @Sporif in #153
• fix(install): bootloader installation fixes by @Sporif in #160
• fix(apply): Fix dry builds by @Sporif in #157
• fix(install): Fix --system flag by @Sporif in #156
• fix(enter): Fix resolv.conf bind-mount by @Sporif in #154
• fix(apply): validate system closure by @Sporif in #158
• fix(ssh): parse ssh host string manually, clean up bugs by @water-sucks in #161
• fix(aliases): display error messages only once by @Sporif in #171
• fix(system): fix copying closures between remotes by @Sporif in #174
• refactor(nixopts): use typed option keys for arg parsing/serialization by @water-sucks in #176
• fix(apply): minor logging fixes by @Sporif in #177
• fix(apply): fix result location for remote builds with --output by @Sporif in #178
• fix(system): use wrapper for local env when necessary by @water-sucks in #182
• fix(apply): suppress gc root warning from legacy build commands by @Sporif in #184
• refactor(settings): use better serialization methods and types by @water-sucks in #194
• fix(docs): use settings instead of config by @ilkecan in #203
• fix(module): explicitly set defaultText to literal by @ilkecan in #202
• chore(deps): prevent duplicate repos in lock file by @ilkecan in #201
• fix(ssh): perform root command elevation test once before password input by @water-sucks in #204
• fix(settings): resolve bugs with completions/validation by @water-sucks in #208
• fix(input): allow canceling confirmation input using context by @water-sucks in #212

Announcements

Huge thanks to @Sporif for stepping up and maki...

What's Changed

Remote Building/Activation

The long-anticipated --build-host and --target-host parameters from nixos-rebuild.sh are now available! nixos-cli can now deploy systems remotely with SSH, and with virtually no interaction required if correctly configured.

• feat(apply): add support for remote building/activation by @water-sucks in #116
• feat(system): mimic SSH known_hosts key addition process by @water-sucks in #121
• feat(system): redo password handling for remote root, allow SSH password auth by @water-sucks in #124

Image Building

nixos apply now supports building pre-configured disk images for various platforms using the --image <variant> flag.

Examples of possible variants include iso, proxmox, ec2, and many others, Run nixos apply --image '' to list available images for your configuration.

• feat(apply): add image build option by @water-sucks in #127

Miscellaneous Features

• feat: specify parameters for file and attribute for legacy-style CLIs by @water-sucks in #129

Bug Fixes

• fix(logger): remove spurious debug prefix from cmd arrays in console by @water-sucks in #115
• fix(completion): disable settings warning in completion mode by @water-sucks in #118
• fix(system): redo signal forwarding for processes by @water-sucks in #125
• fix(install): resolve longstanding bugs with installation process by @water-sucks in #128
• fix(nix): rename pkgs.system -> pkgs.stdenv.hostPlatform.system by @water-sucks in #130

Full Changelog: 0.14.0...0.15.0

What's Changed

Activation Interface

A new activation interface is available! This is a reimplementation of switch-to-configuration-ng in Go as a self-contained binary.

The reasoning for creating this is in the linked issue at #55.

• feat(apply): pass NIXOS_GENERATION_TAG through if it is set by @water-sucks in #97

Miscellaneous Features

• feat(settings): suppress the no settings warning based on env var by @water-sucks in #93
• feat(init): always use release number from nixpkgs by @water-sucks in #98
• feat(completion): support completions in other shells using carapace by @nuttycream in #99
• feat(generation): add regex match flag for deleting generations by @water-sucks in #103
• feat: create self-contained activation command by @water-sucks in #94
• refactor(log): generalize interface and add new log types by @water-sucks in #111

Bug Fixes

• fix: resolve golangci-lint warnings, add to CI checks by @water-sucks in #101
• fix(apply): correct condition for setting --impure with commit messages by @water-sucks in #102
• fix(apply): do not create generations when --no-boot is specified by @water-sucks in #106
• fix: Resolve symlink before FlakeRefFromEnv by @Darkness9724 in #107
• fix(install): use cobra.Command to set include flag for nixos-config value by @water-sucks in #109

New Contributors

• @nuttycream made their first contribution in #99
• @Darkness9724 made their first contribution in #107

Full Changelog: 0.13.0...0.14.0

What's Changed

Breaking Changes

• feat(option)!: update optnix, use interactive mode by default by @water-sucks in #92

The optnix dependency has been updated to v0.2.0. This brings some new behavior that is now mirrored in nixos-cli: namely, interactive mode (previously hidden with nixos option -i) is now the default.

To opt out of interactive mode and get the original behavior of nixos option back, use nixos option -n. Using JSON or value-only output implicitly uses this mode as well.

Bug Fixes

• fix(generation): do not fail if nixos-version.json is not found by @water-sucks in #85
• fix(nixopts): remove redundant -- from -I flag construction by @water-sucks in #86
• fix(configuration): use dirname for configuration if path is to a direct file by @water-sucks in #87
• fix(apply): use correct error message for dirty git trees by @water-sucks in #89
• fix(build): add guards for platform-specific support by @water-sucks in #90
• fix(init): call nixpkgs version function from build opts by @water-sucks in #91

Other

• refactor(build): use immutable functions for retrieving compile-time variables by @water-sucks in #84

Shoutouts

Huge shoutout to @Wishmater for finding many of these bugs in the legacy nixos-cli implementation.

Full Changelog: 0.12.3...0.13.0

What's Changed

This release was created because the module import for v0.12.2 was not working for legacy systems due to an unforseen bug with how it was declared.

Mostly contains very small fixes and updates to dependencies and documentation.

• fix(docs): categorize flags per command, pass commit hash to site gen by @water-sucks in #61
• chore: update cobra -> 1.9.1, use its inbuilt CompletionFunc type by @water-sucks in #66
• feat: use optnix implementation for option command by @water-sucks in #67
• chore: remove flake-parts dependency by @water-sucks in #68
• missing semicolon in installation.md by @asdanjer in #70
• fix(module): use normal import call for exposing module in default.nix by @water-sucks in #78
• feat(module): use legacy package by default when imported through default.nix by @water-sucks in #79
• docs: add comparisons page, update references to projects by @water-sucks in #80

New Contributors

• @asdanjer made their first contribution in #70

Full Changelog: 0.12.2...0.12.3

This release is mostly a bugfix release.

What's Changed

• fix(option): add flake ref argument to option command by @water-sucks in #57
• feat(settings): add auto-rollback setting by @water-sucks in #59
• fix(apply): run switch-to-configuration test when only --no-boot is specified
• fix(apply): require --output option for build-only runs

Full Changelog: 0.12.1...0.12.2

What's Changed

Man Pages+Website

A new high-level documentation website created using mdbook is live, at https://water-sucks.github.io/nixos, for an easier introduction to why this tool even exists.

Also, much more exhaustive man pages are now distributed in the Nix package, generated using scdoc.

Misc. Changes

• some nix cleanup :D by @isabelroses in #51
• feat(option): remove help view, use man page for TUI help
• fix(option): use stderr for spinner output (fixes JSON output for nixos option -j)
• fix(build): use proper "revision" attribute instead of "rev" for legacy package builds
• fix some completion discrepancies for bools

New Contributors

• @isabelroses made their first contribution in #51

Thanks

Thanks, @isabelroses! For spreading the word about my project in your Discord :}

Full Changelog: 0.12.0...0.12.1

What's Changed

Rewrite

A full rewrite has been completed, from Zig to Go. I will be outlining the reasons for this architectural change at a later time, and will edit this post with the link. For now, a short explanation of my changes is in the linked PR.

Rewrite PR: #50

Along with this rewrite, a slew of small (also potentially breaking!) changes:

• Remove aliases for --config and --color-always command-line flags
• Remove aliases subcommand
• option.max_rank changed to option.min_score, has the opposite behavior now, as well as a command-line switch
• Add option.debounce_time setting, to optimize responsiveness for the option UI

New Features

• New root_command setting: change what command to use to escalate to root (by default sudo)
• A new look for the generation list command
  
• nixos generation list now uses the UI by default, a -t switch is provided for tabular format
• A slightly changed look for the nixos option UI as well, for the evaluated values

What's Changed

Fix Dependency Breakage

The upstream libvaxis and zf dependencies were broken by some renaming of transitive dependencies' repos. Be careful out there, people! I had to dig through GitHub issues to find out why this was breaking, and that sucked.

I thought this breakage was deserving of a patch release number. Keep in mind that since this is a short fixed release, the actual update commit was a bit weird, and involved some workarounds for integers, so this may just completely bug out if you have more than 2^16 (65,536) generations on your machine, which I doubt most people do, to be frank.

• feat(option): render description markdown by @water-sucks in #42
• feat(apply): add setting to use git commit message as description by @water-sucks in #43
• refactor: simplify color formatting by @water-sucks in #44
• fix(deps): use forked version of libvaxis, update zf by @water-sucks in #46

What's Changed

Options Search TUI

OK, this is pretty killer. You can now search through your NixOS options locally! Run nixos option -i to see what options are available for use in your configuration, and press to see their value.

Make sure to enable the options cache using the services.nixos-cli.prebuildOptionCache for much faster startup time.

Search results can be fine-tuned for how strict you want your matching to be. See the options.max_rank configuration option for more information.

Set Config Options On Command Line

Configuration properties can now be set with a command-line flag in the form of --config key=value.

This is to make setting configuration values easier without having to copy a configuration file or rebuild a configuration.

Other Features

• feat(generation): collect garbage automatically upon deletion

Full Changelog: 0.10.0...0.11.0