diff --git a/doc/languages-frameworks/gnome.xml b/doc/languages-frameworks/gnome.xml index 8b3151d5bf94..9e0f21a6c74f 100644 --- a/doc/languages-frameworks/gnome.xml +++ b/doc/languages-frameworks/gnome.xml @@ -210,7 +210,7 @@ mkDerivation { dontWrapGApps = true; # Arguments to be passed to `makeWrapper`, only used by qt5’s mkDerivation - qtWrapperArgs = [ + qtWrapperArgs [ "\${gappsWrapperArgs[@]}" ]; } @@ -258,16 +258,6 @@ mkDerivation { - - - I need to wrap a binary outside bin and libexec directories. - - - - You can manually trigger the wrapping with wrapGApp in preFixup phase. It takes a path to a program as a first argument; the remaining arguments are passed directly to wrapProgram function. - - - diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 058561eb624a..3cb0cd3fa99d 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -693,7 +693,7 @@ name = "Aycan iRiCAN"; }; babariviere = { - email = "babariviere@protonmail.com"; + email = "babathriviere@gmail.com"; github = "babariviere"; githubId = 12128029; name = "babariviere"; diff --git a/nixos/doc/manual/administration/boot-problems.xml b/nixos/doc/manual/administration/boot-problems.xml index d6f9cb190fbf..de3d8ac21aeb 100644 --- a/nixos/doc/manual/administration/boot-problems.xml +++ b/nixos/doc/manual/administration/boot-problems.xml @@ -6,7 +6,12 @@ Boot Problems - If NixOS fails to boot, there are a number of kernel command line parameters that may help you to identify or fix the issue. You can add these parameters in the GRUB boot menu by pressing “e” to modify the selected boot entry and editing the line starting with linux. The following are some useful kernel command line parameters that are recognised by the NixOS boot scripts or by systemd: + If NixOS fails to boot, there are a number of kernel command line parameters + that may help you to identify or fix the issue. You can add these parameters + in the GRUB boot menu by pressing “e” to modify the selected boot entry + and editing the line starting with linux. The following + are some useful kernel command line parameters that are recognised by the + NixOS boot scripts or by systemd: @@ -14,7 +19,9 @@ - Start a root shell if something goes wrong in stage 1 of the boot process (the initial ramdisk). This is disabled by default because there is no authentication for the root shell. + Start a root shell if something goes wrong in stage 1 of the boot process + (the initial ramdisk). This is disabled by default because there is no + authentication for the root shell. @@ -24,7 +31,10 @@ - Start an interactive shell in stage 1 before anything useful has been done. That is, no modules have been loaded and no file systems have been mounted, except for /proc and /sys. + Start an interactive shell in stage 1 before anything useful has been + done. That is, no modules have been loaded and no file systems have been + mounted, except for /proc and + /sys. @@ -44,7 +54,11 @@ - Boot into rescue mode (a.k.a. single user mode). This will cause systemd to start nothing but the unit rescue.target, which runs sulogin to prompt for the root password and start a root login shell. Exiting the shell causes the system to continue with the normal boot process. + Boot into rescue mode (a.k.a. single user mode). This will cause systemd + to start nothing but the unit rescue.target, which + runs sulogin to prompt for the root password and start + a root login shell. Exiting the shell causes the system to continue with + the normal boot process. @@ -54,7 +68,8 @@ - Make systemd very verbose and send log messages to the console instead of the journal. + Make systemd very verbose and send log messages to the console instead of + the journal. @@ -65,6 +80,11 @@ - If no login prompts or X11 login screens appear (e.g. due to hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start rescue mode (described above). (Also note that since most units have a 90-second timeout before systemd gives up on them, the agetty login prompts should appear eventually unless something is very wrong.) + If no login prompts or X11 login screens appear (e.g. due to hanging + dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start + rescue mode (described above). (Also note that since most units have a + 90-second timeout before systemd gives up on them, the + agetty login prompts should appear eventually unless + something is very wrong.) diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml index 3cbc022cd33c..526803e429ba 100644 --- a/nixos/doc/manual/administration/cleaning-store.xml +++ b/nixos/doc/manual/administration/cleaning-store.xml @@ -5,22 +5,31 @@ xml:id="sec-nix-gc"> Cleaning the Nix Store - Nix has a purely functional model, meaning that packages are never upgraded in place. Instead new versions of packages end up in a different location in the Nix store (/nix/store). You should periodically run Nix’s garbage collector to remove old, unreferenced packages. This is easy: + Nix has a purely functional model, meaning that packages are never upgraded + in place. Instead new versions of packages end up in a different location in + the Nix store (/nix/store). You should periodically run + Nix’s garbage collector to remove old, unreferenced + packages. This is easy: $ nix-collect-garbage - Alternatively, you can use a systemd unit that does the same in the background: + Alternatively, you can use a systemd unit that does the same in the + background: # systemctl start nix-gc.service - You can tell NixOS in configuration.nix to run this unit automatically at certain points in time, for instance, every night at 03:15: + You can tell NixOS in configuration.nix to run this unit + automatically at certain points in time, for instance, every night at 03:15: = true; = "03:15"; - The commands above do not remove garbage collector roots, such as old system configurations. Thus they do not remove the ability to roll back to previous configurations. The following command deletes old roots, removing the ability to roll back to them: + The commands above do not remove garbage collector roots, such as old system + configurations. Thus they do not remove the ability to roll back to previous + configurations. The following command deletes old roots, removing the ability + to roll back to them: $ nix-collect-garbage -d @@ -28,20 +37,27 @@ $ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old - Note that NixOS system configurations are stored in the profile /nix/var/nix/profiles/system. + Note that NixOS system configurations are stored in the profile + /nix/var/nix/profiles/system. - Another way to reclaim disk space (often as much as 40% of the size of the Nix store) is to run Nix’s store optimiser, which seeks out identical files in the store and replaces them with hard links to a single copy. + Another way to reclaim disk space (often as much as 40% of the size of the + Nix store) is to run Nix’s store optimiser, which seeks out identical files + in the store and replaces them with hard links to a single copy. $ nix-store --optimise - Since this command needs to read the entire Nix store, it can take quite a while to finish. + Since this command needs to read the entire Nix store, it can take quite a + while to finish.
NixOS Boot Entries - If your /boot partition runs out of space, after clearing old profiles you must rebuild your system with nixos-rebuild to update the /boot partition and clear space. + If your /boot partition runs out of space, after + clearing old profiles you must rebuild your system with + nixos-rebuild to update the /boot + partition and clear space.
diff --git a/nixos/doc/manual/administration/container-networking.xml b/nixos/doc/manual/administration/container-networking.xml index 745fa524916b..42486f01fe8c 100644 --- a/nixos/doc/manual/administration/container-networking.xml +++ b/nixos/doc/manual/administration/container-networking.xml @@ -6,7 +6,10 @@ Container Networking - When you create a container using nixos-container create, it gets it own private IPv4 address in the range 10.233.0.0/16. You can get the container’s IPv4 address as follows: + When you create a container using nixos-container create, + it gets it own private IPv4 address in the range + 10.233.0.0/16. You can get the container’s IPv4 address + as follows: # nixos-container show-ip foo 10.233.4.2 @@ -17,21 +20,34 @@ - Networking is implemented using a pair of virtual Ethernet devices. The network interface in the container is called eth0, while the matching interface in the host is called ve-container-name (e.g., ve-foo). The container has its own network namespace and the CAP_NET_ADMIN capability, so it can perform arbitrary network configuration such as setting up firewall rules, without affecting or having access to the host’s network. + Networking is implemented using a pair of virtual Ethernet devices. The + network interface in the container is called eth0, while + the matching interface in the host is called + ve-container-name (e.g., + ve-foo). The container has its own network namespace and + the CAP_NET_ADMIN capability, so it can perform arbitrary + network configuration such as setting up firewall rules, without affecting or + having access to the host’s network. - By default, containers cannot talk to the outside network. If you want that, you should set up Network Address Translation (NAT) rules on the host to rewrite container traffic to use your external IP address. This can be accomplished using the following configuration on the host: + By default, containers cannot talk to the outside network. If you want that, + you should set up Network Address Translation (NAT) rules on the host to + rewrite container traffic to use your external IP address. This can be + accomplished using the following configuration on the host: = true; = ["ve-+"]; = "eth0"; - where eth0 should be replaced with the desired external interface. Note that ve-+ is a wildcard that matches all container interfaces. + where eth0 should be replaced with the desired external + interface. Note that ve-+ is a wildcard that matches all + container interfaces. - If you are using Network Manager, you need to explicitly prevent it from managing container interfaces: + If you are using Network Manager, you need to explicitly prevent it from + managing container interfaces: networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; diff --git a/nixos/doc/manual/administration/containers.xml b/nixos/doc/manual/administration/containers.xml index 2d5a6dd46a32..0d3355e56a58 100644 --- a/nixos/doc/manual/administration/containers.xml +++ b/nixos/doc/manual/administration/containers.xml @@ -5,15 +5,28 @@ xml:id="ch-containers"> Container Management - NixOS allows you to easily run other NixOS instances as containers. Containers are a light-weight approach to virtualisation that runs software in the container at the same speed as in the host system. NixOS containers share the Nix store of the host, making container creation very efficient. + NixOS allows you to easily run other NixOS instances as + containers. Containers are a light-weight approach to + virtualisation that runs software in the container at the same speed as in + the host system. NixOS containers share the Nix store of the host, making + container creation very efficient. - Currently, NixOS containers are not perfectly isolated from the host system. This means that a user with root access to the container can do things that affect the host. So you should not give container root access to untrusted users. + Currently, NixOS containers are not perfectly isolated from the host system. + This means that a user with root access to the container can do things that + affect the host. So you should not give container root access to untrusted + users. - NixOS containers can be created in two ways: imperatively, using the command nixos-container, and declaratively, by specifying them in your configuration.nix. The declarative approach implies that containers get upgraded along with your host system when you run nixos-rebuild, which is often not what you want. By contrast, in the imperative approach, containers are configured and updated independently from the host system. + NixOS containers can be created in two ways: imperatively, using the command + nixos-container, and declaratively, by specifying them in + your configuration.nix. The declarative approach implies + that containers get upgraded along with your host system when you run + nixos-rebuild, which is often not what you want. By + contrast, in the imperative approach, containers are configured and updated + independently from the host system. diff --git a/nixos/doc/manual/administration/control-groups.xml b/nixos/doc/manual/administration/control-groups.xml index d6ae89da30c4..16d03cc0d1ab 100644 --- a/nixos/doc/manual/administration/control-groups.xml +++ b/nixos/doc/manual/administration/control-groups.xml @@ -5,10 +5,16 @@ xml:id="sec-cgroups"> Control Groups - To keep track of the processes in a running system, systemd uses control groups (cgroups). A control group is a set of processes used to allocate resources such as CPU, memory or I/O bandwidth. There can be multiple control group hierarchies, allowing each kind of resource to be managed independently. + To keep track of the processes in a running system, systemd uses + control groups (cgroups). A control group is a set of + processes used to allocate resources such as CPU, memory or I/O bandwidth. + There can be multiple control group hierarchies, allowing each kind of + resource to be managed independently. - The command systemd-cgls lists all control groups in the systemd hierarchy, which is what systemd uses to keep track of the processes belonging to each service or user session: + The command systemd-cgls lists all control groups in the + systemd hierarchy, which is what systemd uses to keep + track of the processes belonging to each service or user session: $ systemd-cgls ├─user @@ -26,19 +32,34 @@ │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf └─ ... - Similarly, systemd-cgls cpu shows the cgroups in the CPU hierarchy, which allows per-cgroup CPU scheduling priorities. By default, every systemd service gets its own CPU cgroup, while all user sessions are in the top-level CPU cgroup. This ensures, for instance, that a thousand run-away processes in the httpd.service cgroup cannot starve the CPU for one process in the postgresql.service cgroup. (By contrast, it they were in the same cgroup, then the PostgreSQL process would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s CPU share in configuration.nix: + Similarly, systemd-cgls cpu shows the cgroups in the CPU + hierarchy, which allows per-cgroup CPU scheduling priorities. By default, + every systemd service gets its own CPU cgroup, while all user sessions are in + the top-level CPU cgroup. This ensures, for instance, that a thousand + run-away processes in the httpd.service cgroup cannot + starve the CPU for one process in the postgresql.service + cgroup. (By contrast, it they were in the same cgroup, then the PostgreSQL + process would get 1/1001 of the cgroup’s CPU time.) You can limit a + service’s CPU share in configuration.nix: systemd.services.httpd.serviceConfig.CPUShares = 512; - By default, every cgroup has 1024 CPU shares, so this will halve the CPU allocation of the httpd.service cgroup. + By default, every cgroup has 1024 CPU shares, so this will halve the CPU + allocation of the httpd.service cgroup. - There also is a memory hierarchy that controls memory allocation limits; by default, all processes are in the top-level cgroup, so any service or session can exhaust all available memory. Per-cgroup memory limits can be specified in configuration.nix; for instance, to limit httpd.service to 512 MiB of RAM (excluding swap): + There also is a memory hierarchy that controls memory + allocation limits; by default, all processes are in the top-level cgroup, so + any service or session can exhaust all available memory. Per-cgroup memory + limits can be specified in configuration.nix; for + instance, to limit httpd.service to 512 MiB of RAM + (excluding swap): systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; - The command systemd-cgtop shows a continuously updated list of all cgroups with their CPU and memory usage. + The command systemd-cgtop shows a continuously updated + list of all cgroups with their CPU and memory usage. diff --git a/nixos/doc/manual/administration/declarative-containers.xml b/nixos/doc/manual/administration/declarative-containers.xml index a463d2014784..d03dbc4d7055 100644 --- a/nixos/doc/manual/administration/declarative-containers.xml +++ b/nixos/doc/manual/administration/declarative-containers.xml @@ -6,7 +6,10 @@ Declarative Container Specification - You can also specify containers and their configuration in the host’s configuration.nix. For example, the following specifies that there shall be a container named database running PostgreSQL: + You can also specify containers and their configuration in the host’s + configuration.nix. For example, the following specifies + that there shall be a container named database running + PostgreSQL: containers.database = { config = @@ -16,11 +19,18 @@ containers.database = }; }; - If you run nixos-rebuild switch, the container will be built. If the container was already running, it will be updated in place, without rebooting. The container can be configured to start automatically by setting containers.database.autoStart = true in its configuration. + If you run nixos-rebuild switch, the container will be + built. If the container was already running, it will be updated in place, + without rebooting. The container can be configured to start automatically by + setting containers.database.autoStart = true in its + configuration. - By default, declarative containers share the network namespace of the host, meaning that they can listen on (privileged) ports. However, they cannot change the network configuration. You can give a container its own network as follows: + By default, declarative containers share the network namespace of the host, + meaning that they can listen on (privileged) ports. However, they cannot + change the network configuration. You can give a container its own network as + follows: containers.database = { privateNetwork = true; @@ -28,14 +38,23 @@ containers.database = { localAddress = "192.168.100.11"; }; - This gives the container a private virtual Ethernet interface with IP address 192.168.100.11, which is hooked up to a virtual Ethernet interface on the host with IP address 192.168.100.10. (See the next section for details on container networking.) + This gives the container a private virtual Ethernet interface with IP address + 192.168.100.11, which is hooked up to a virtual Ethernet + interface on the host with IP address 192.168.100.10. (See + the next section for details on container networking.) - To disable the container, just remove it from configuration.nix and run nixos-rebuild switch. Note that this will not delete the root directory of the container in /var/lib/containers. Containers can be destroyed using the imperative method: nixos-container destroy foo. + To disable the container, just remove it from + configuration.nix and run nixos-rebuild + switch. Note that this will not delete the root directory of the + container in /var/lib/containers. Containers can be + destroyed using the imperative method: nixos-container destroy + foo. - Declarative containers can be started and stopped using the corresponding systemd service, e.g. systemctl start container@database. + Declarative containers can be started and stopped using the corresponding + systemd service, e.g. systemctl start container@database. diff --git a/nixos/doc/manual/administration/imperative-containers.xml b/nixos/doc/manual/administration/imperative-containers.xml index d5da6bf2017e..7ded0c11786e 100644 --- a/nixos/doc/manual/administration/imperative-containers.xml +++ b/nixos/doc/manual/administration/imperative-containers.xml @@ -6,7 +6,9 @@ Imperative Container Management - We’ll cover imperative container management using nixos-container first. Be aware that container management is currently only possible as root. + We’ll cover imperative container management using + nixos-container first. Be aware that container management + is currently only possible as root. @@ -14,14 +16,23 @@ # nixos-container create foo - This creates the container’s root directory in /var/lib/containers/foo and a small configuration file in /etc/containers/foo.conf. It also builds the container’s initial system configuration and stores it in /nix/var/nix/profiles/per-container/foo/system. You can modify the initial configuration of the container on the command line. For instance, to create a container that has sshd running, with the given public key for root: + This creates the container’s root directory in + /var/lib/containers/foo and a small configuration file + in /etc/containers/foo.conf. It also builds the + container’s initial system configuration and stores it in + /nix/var/nix/profiles/per-container/foo/system. You can + modify the initial configuration of the container on the command line. For + instance, to create a container that has sshd running, + with the given public key for root: # nixos-container create foo --config ' = true; users.users.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"]; ' - By default the next free address in the 10.233.0.0/16 subnet will be chosen as container IP. This behavior can be altered by setting --host-address and --local-address: + By default the next free address in the 10.233.0.0/16 subnet will be chosen + as container IP. This behavior can be altered by setting --host-address and + --local-address: # nixos-container create test --config-file test-container.nix \ --local-address 10.235.1.2 --host-address 10.235.1.1 @@ -33,25 +44,35 @@ # nixos-container start foo - This command will return as soon as the container has booted and has reached multi-user.target. On the host, the container runs within a systemd unit called container@container-name.service. Thus, if something went wrong, you can get status info using systemctl: + This command will return as soon as the container has booted and has reached + multi-user.target. On the host, the container runs within + a systemd unit called + container@container-name.service. + Thus, if something went wrong, you can get status info using + systemctl: # systemctl status container@foo - If the container has started successfully, you can log in as root using the root-login operation: + If the container has started successfully, you can log in as root using the + root-login operation: # nixos-container root-login foo [root@foo:~]# - Note that only root on the host can do this (since there is no authentication). You can also get a regular login prompt using the login operation, which is available to all users on the host: + Note that only root on the host can do this (since there is no + authentication). You can also get a regular login prompt using the + login operation, which is available to all users on the + host: # nixos-container login foo foo login: alice Password: *** - With nixos-container run, you can execute arbitrary commands in the container: + With nixos-container run, you can execute arbitrary + commands in the container: # nixos-container run foo -- uname -a Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux @@ -59,11 +80,15 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux - There are several ways to change the configuration of the container. First, on the host, you can edit /var/lib/container/name/etc/nixos/configuration.nix, and run + There are several ways to change the configuration of the container. First, + on the host, you can edit + /var/lib/container/name/etc/nixos/configuration.nix, + and run # nixos-container update foo - This will build and activate the new configuration. You can also specify a new configuration on the command line: + This will build and activate the new configuration. You can also specify a + new configuration on the command line: # nixos-container update foo --config ' = true; @@ -74,15 +99,23 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux # curl http://$(nixos-container show-ip foo)/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">… - However, note that this will overwrite the container’s /etc/nixos/configuration.nix. + However, note that this will overwrite the container’s + /etc/nixos/configuration.nix. - Alternatively, you can change the configuration from within the container itself by running nixos-rebuild switch inside the container. Note that the container by default does not have a copy of the NixOS channel, so you should run nix-channel --update first. + Alternatively, you can change the configuration from within the container + itself by running nixos-rebuild switch inside the + container. Note that the container by default does not have a copy of the + NixOS channel, so you should run nix-channel --update + first. - Containers can be stopped and started using nixos-container stop and nixos-container start, respectively, or by using systemctl on the container’s service unit. To destroy a container, including its file system, do + Containers can be stopped and started using nixos-container + stop and nixos-container start, respectively, or + by using systemctl on the container’s service unit. To + destroy a container, including its file system, do # nixos-container destroy foo diff --git a/nixos/doc/manual/administration/logging.xml b/nixos/doc/manual/administration/logging.xml index 8089b457786c..da4877fcdf08 100644 --- a/nixos/doc/manual/administration/logging.xml +++ b/nixos/doc/manual/administration/logging.xml @@ -5,11 +5,18 @@ xml:id="sec-logging"> Logging - System-wide logging is provided by systemd’s journal, which subsumes traditional logging daemons such as syslogd and klogd. Log entries are kept in binary files in /var/log/journal/. The command journalctl allows you to see the contents of the journal. For example, + System-wide logging is provided by systemd’s journal, + which subsumes traditional logging daemons such as syslogd and klogd. Log + entries are kept in binary files in /var/log/journal/. + The command journalctl allows you to see the contents of + the journal. For example, $ journalctl -b - shows all journal entries since the last reboot. (The output of journalctl is piped into less by default.) You can use various options and match operators to restrict output to messages of interest. For instance, to get all messages from PostgreSQL: + shows all journal entries since the last reboot. (The output of + journalctl is piped into less by + default.) You can use various options and match operators to restrict output + to messages of interest. For instance, to get all messages from PostgreSQL: $ journalctl -u postgresql.service -- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. -- @@ -19,7 +26,8 @@ Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections - Or to get all messages since the last reboot that have at least a “critical” severity level: + Or to get all messages since the last reboot that have at least a + “critical” severity level: $ journalctl -b -p crit Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice] @@ -27,6 +35,9 @@ Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature ab - The system journal is readable by root and by users in the wheel and systemd-journal groups. All users have a private journal that can be read using journalctl. + The system journal is readable by root and by users in the + wheel and systemd-journal groups. All + users have a private journal that can be read using + journalctl. diff --git a/nixos/doc/manual/administration/maintenance-mode.xml b/nixos/doc/manual/administration/maintenance-mode.xml index dc11316dc1a1..71e3f9ea665d 100644 --- a/nixos/doc/manual/administration/maintenance-mode.xml +++ b/nixos/doc/manual/administration/maintenance-mode.xml @@ -9,6 +9,8 @@ You can enter rescue mode by running: # systemctl rescue - This will eventually give you a single-user root shell. Systemd will stop (almost) all system services. To get out of maintenance mode, just exit from the rescue shell. + This will eventually give you a single-user root shell. Systemd will stop + (almost) all system services. To get out of maintenance mode, just exit from + the rescue shell. diff --git a/nixos/doc/manual/administration/network-problems.xml b/nixos/doc/manual/administration/network-problems.xml index 1d41e5c29957..570f58358845 100644 --- a/nixos/doc/manual/administration/network-problems.xml +++ b/nixos/doc/manual/administration/network-problems.xml @@ -6,11 +6,20 @@ Network Problems - Nix uses a so-called binary cache to optimise building a package from source into downloading it as a pre-built binary. That is, whenever a command like nixos-rebuild needs a path in the Nix store, Nix will try to download that path from the Internet rather than build it from source. The default binary cache is https://cache.nixos.org/. If this cache is unreachable, Nix operations may take a long time due to HTTP connection timeouts. You can disable the use of the binary cache by adding , e.g. + Nix uses a so-called binary cache to optimise building a + package from source into downloading it as a pre-built binary. That is, + whenever a command like nixos-rebuild needs a path in the + Nix store, Nix will try to download that path from the Internet rather than + build it from source. The default binary cache is + https://cache.nixos.org/. If this cache is unreachable, Nix + operations may take a long time due to HTTP connection timeouts. You can + disable the use of the binary cache by adding , e.g. # nixos-rebuild switch --option use-binary-caches false - If you have an alternative binary cache at your disposal, you can use it instead: + If you have an alternative binary cache at your disposal, you can use it + instead: # nixos-rebuild switch --option binary-caches http://my-cache.example.org/ diff --git a/nixos/doc/manual/administration/rebooting.xml b/nixos/doc/manual/administration/rebooting.xml index 989712b20faf..a5abd6f02588 100644 --- a/nixos/doc/manual/administration/rebooting.xml +++ b/nixos/doc/manual/administration/rebooting.xml @@ -16,15 +16,20 @@ # reboot - which is equivalent to systemctl reboot. Alternatively, you can quickly reboot the system using kexec, which bypasses the BIOS by directly loading the new kernel into memory: + which is equivalent to systemctl reboot. Alternatively, + you can quickly reboot the system using kexec, which + bypasses the BIOS by directly loading the new kernel into memory: # systemctl kexec - The machine can be suspended to RAM (if supported) using systemctl suspend, and suspended to disk using systemctl hibernate. + The machine can be suspended to RAM (if supported) using systemctl + suspend, and suspended to disk using systemctl + hibernate. - These commands can be run by any user who is logged in locally, i.e. on a virtual console or in X11; otherwise, the user is asked for authentication. + These commands can be run by any user who is logged in locally, i.e. on a + virtual console or in X11; otherwise, the user is asked for authentication. diff --git a/nixos/doc/manual/administration/rollback.xml b/nixos/doc/manual/administration/rollback.xml index aa6d3c956766..fb87810ba461 100644 --- a/nixos/doc/manual/administration/rollback.xml +++ b/nixos/doc/manual/administration/rollback.xml @@ -6,11 +6,19 @@ Rolling Back Configuration Changes - After running nixos-rebuild to switch to a new configuration, you may find that the new configuration doesn’t work very well. In that case, there are several ways to return to a previous configuration. + After running nixos-rebuild to switch to a new + configuration, you may find that the new configuration doesn’t work very + well. In that case, there are several ways to return to a previous + configuration. - First, the GRUB boot manager allows you to boot into any previous configuration that hasn’t been garbage-collected. These configurations can be found under the GRUB submenu “NixOS - All configurations”. This is especially useful if the new configuration fails to boot. After the system has booted, you can make the selected configuration the default for subsequent boots: + First, the GRUB boot manager allows you to boot into any previous + configuration that hasn’t been garbage-collected. These configurations can + be found under the GRUB submenu “NixOS - All configurations”. This is + especially useful if the new configuration fails to boot. After the system + has booted, you can make the selected configuration the default for + subsequent boots: # /run/current-system/bin/switch-to-configuration boot @@ -22,7 +30,8 @@ This is equivalent to running: # /nix/var/nix/profiles/system-N-link/bin/switch-to-configuration switch - where N is the number of the NixOS system configuration. To get a list of the available configurations, do: + where N is the number of the NixOS system + configuration. To get a list of the available configurations, do: $ ls -l /nix/var/nix/profiles/system-*-link ... diff --git a/nixos/doc/manual/administration/running.xml b/nixos/doc/manual/administration/running.xml index 12512a003c8e..19bec1f7794d 100644 --- a/nixos/doc/manual/administration/running.xml +++ b/nixos/doc/manual/administration/running.xml @@ -6,7 +6,8 @@ Administration - This chapter describes various aspects of managing a running NixOS system, such as how to use the systemd service manager. + This chapter describes various aspects of managing a running NixOS system, + such as how to use the systemd service manager. diff --git a/nixos/doc/manual/administration/service-mgmt.xml b/nixos/doc/manual/administration/service-mgmt.xml index 4ad30ce55a86..1b9c745eb59f 100644 --- a/nixos/doc/manual/administration/service-mgmt.xml +++ b/nixos/doc/manual/administration/service-mgmt.xml @@ -5,10 +5,21 @@ xml:id="sec-systemctl"> Service Management - In NixOS, all system services are started and monitored using the systemd program. Systemd is the “init” process of the system (i.e. PID 1), the parent of all other processes. It manages a set of so-called “units”, which can be things like system services (programs), but also mount points, swap files, devices, targets (groups of units) and more. Units can have complex dependencies; for instance, one unit can require that another unit must be successfully started before the first unit can be started. When the system boots, it starts a unit named default.target; the dependencies of this unit cause all system services to be started, file systems to be mounted, swap files to be activated, and so on. + In NixOS, all system services are started and monitored using the systemd + program. Systemd is the “init” process of the system (i.e. PID 1), the + parent of all other processes. It manages a set of so-called “units”, + which can be things like system services (programs), but also mount points, + swap files, devices, targets (groups of units) and more. Units can have + complex dependencies; for instance, one unit can require that another unit + must be successfully started before the first unit can be started. When the + system boots, it starts a unit named default.target; the + dependencies of this unit cause all system services to be started, file + systems to be mounted, swap files to be activated, and so on. - The command systemctl is the main way to interact with systemd. Without any arguments, it shows the status of active units: + The command systemctl is the main way to interact with + systemd. Without any arguments, it shows the status of + active units: $ systemctl -.mount loaded active mounted / @@ -19,7 +30,8 @@ graphical.target loaded active active Graphical Interface - You can ask for detailed status information about a unit, for instance, the PostgreSQL database service: + You can ask for detailed status information about a unit, for instance, the + PostgreSQL database service: $ systemctl status postgresql.service postgresql.service - PostgreSQL Server @@ -39,7 +51,9 @@ Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG: database system is ready to Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG: autovacuum launcher started Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server. - Note that this shows the status of the unit (active and running), all the processes belonging to the service, as well as the most recent log messages from the service. + Note that this shows the status of the unit (active and running), all the + processes belonging to the service, as well as the most recent log messages + from the service. Units can be stopped, started or restarted: @@ -48,7 +62,9 @@ Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server. # systemctl start postgresql.service # systemctl restart postgresql.service - These operations are synchronous: they wait until the service has finished starting or stopping (or has failed). Starting a unit will cause the dependencies of that unit to be started as well (if necessary). + These operations are synchronous: they wait until the service has finished + starting or stopping (or has failed). Starting a unit will cause the + dependencies of that unit to be started as well (if necessary). users.users.alice.openssh.authorizedKeys.keys = diff --git a/nixos/doc/manual/configuration/summary.xml b/nixos/doc/manual/configuration/summary.xml index c9c8b67b0cfc..ea980254a8fc 100644 --- a/nixos/doc/manual/configuration/summary.xml +++ b/nixos/doc/manual/configuration/summary.xml @@ -6,8 +6,12 @@ Syntax Summary - Below is a summary of the most important syntactic constructs in the Nix expression language. It’s not complete. In particular, there are many other built-in functions. See the Nix manual for the rest. + Below is a summary of the most important syntactic constructs in the Nix + expression language. It’s not complete. In particular, there are many other + built-in functions. See the + Nix + manual for the rest. diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index db8323ec4d4f..4b1710f3a2b1 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -5,7 +5,10 @@ xml:id="sec-user-management"> User Management - NixOS supports both declarative and imperative styles of user management. In the declarative style, users are specified in configuration.nix. For instance, the following states that a user account named alice shall exist: + NixOS supports both declarative and imperative styles of user management. In + the declarative style, users are specified in + configuration.nix. For instance, the following states + that a user account named alice shall exist: .alice = { isNormalUser = true; @@ -15,33 +18,60 @@ openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; - Note that alice is a member of the wheel and networkmanager groups, which allows her to use sudo to execute commands as root and to configure the network, respectively. Also note the SSH public key that allows remote logins with the corresponding private key. Users created in this way do not have a password by default, so they cannot log in via mechanisms that require a password. However, you can use the passwd program to set a password, which is retained across invocations of nixos-rebuild. + Note that alice is a member of the + wheel and networkmanager groups, which + allows her to use sudo to execute commands as + root and to configure the network, respectively. Also note + the SSH public key that allows remote logins with the corresponding private + key. Users created in this way do not have a password by default, so they + cannot log in via mechanisms that require a password. However, you can use + the passwd program to set a password, which is retained + across invocations of nixos-rebuild. - If you set to false, then the contents of /etc/passwd and /etc/group will be congruent to your NixOS configuration. For instance, if you remove a user from and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. Passwords may still be assigned by setting the user's hashedPassword option. A hashed password can be generated using mkpasswd -m sha-512 after installing the mkpasswd package. + If you set to false, then the + contents of /etc/passwd and /etc/group + will be congruent to your NixOS configuration. For instance, if you remove a + user from and run nixos-rebuild, the user + account will cease to exist. Also, imperative commands for managing users and + groups, such as useradd, are no longer available. Passwords may still be + assigned by setting the user's + hashedPassword + option. A hashed password can be generated using mkpasswd -m + sha-512 after installing the mkpasswd package. - A user ID (uid) is assigned automatically. You can also specify a uid manually by adding + A user ID (uid) is assigned automatically. You can also specify a uid + manually by adding uid = 1000; to the user specification. - Groups can be specified similarly. The following states that a group named students shall exist: + Groups can be specified similarly. The following states that a group named + students shall exist: .students.gid = 1000; - As with users, the group ID (gid) is optional and will be assigned automatically if it’s missing. + As with users, the group ID (gid) is optional and will be assigned + automatically if it’s missing. - In the imperative style, users and groups are managed by commands such as useradd, groupmod and so on. For instance, to create a user account named alice: + In the imperative style, users and groups are managed by commands such as + useradd, groupmod and so on. For + instance, to create a user account named alice: # useradd -m alice - To make all nix tools available to this new user use `su - USER` which opens a login shell (==shell that loads the profile) for given user. This will create the ~/.nix-defexpr symlink. So run: + To make all nix tools available to this new user use `su - USER` which opens + a login shell (==shell that loads the profile) for given user. This will + create the ~/.nix-defexpr symlink. So run: # su - alice -c "true" - The flag causes the creation of a home directory for the new user, which is generally what you want. The user does not have an initial password and therefore cannot log in. A password can be set using the passwd utility: + The flag causes the creation of a home directory for the + new user, which is generally what you want. The user does not have an initial + password and therefore cannot log in. A password can be set using the + passwd utility: # passwd alice Enter new UNIX password: *** @@ -50,6 +80,9 @@ Retype new UNIX password: *** A user can be deleted using userdel: # userdel -r alice - The flag deletes the user’s home directory. Accounts can be modified using usermod. Unix groups can be managed using groupadd, groupmod and groupdel. + The flag deletes the user’s home directory. Accounts + can be modified using usermod. Unix groups can be managed + using groupadd, groupmod and + groupdel. diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml index 5c2034239977..9c0e3a8d7aa4 100644 --- a/nixos/doc/manual/configuration/wireless.xml +++ b/nixos/doc/manual/configuration/wireless.xml @@ -6,7 +6,9 @@ Wireless Networks - For a desktop installation using NetworkManager (e.g., GNOME), you just have to make sure the user is in the networkmanager group and you can skip the rest of this section on wireless networks. + For a desktop installation using NetworkManager (e.g., GNOME), you just have + to make sure the user is in the networkmanager group and you can + skip the rest of this section on wireless networks. @@ -23,13 +25,17 @@ "free.wifi" = {}; }; - Be aware that keys will be written to the nix store in plaintext! When no networks are set, it will default to using a configuration file at /etc/wpa_supplicant.conf. You should edit this file yourself to define wireless networks, WPA keys and so on (see + Be aware that keys will be written to the nix store in plaintext! When no + networks are set, it will default to using a configuration file at + /etc/wpa_supplicant.conf. You should edit this file + yourself to define wireless networks, WPA keys and so on (see wpa_supplicant.conf 5 ). - If you are using WPA2 you can generate pskRaw key using wpa_passphrase: + If you are using WPA2 you can generate pskRaw key using + wpa_passphrase: $ wpa_passphrase ESSID PSK network={ @@ -45,10 +51,12 @@ network={ }; } - or you can use it to directly generate the wpa_supplicant.conf: + or you can use it to directly generate the + wpa_supplicant.conf: # wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf - After you have edited the wpa_supplicant.conf, you need to restart the wpa_supplicant service. + After you have edited the wpa_supplicant.conf, you need to + restart the wpa_supplicant service. # systemctl restart wpa_supplicant.service diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index 2d65ba479aab..f6f659b02afa 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -5,18 +5,23 @@ xml:id="sec-x11"> X Window System - The X Window System (X11) provides the basis of NixOS’ graphical user interface. It can be enabled as follows: + The X Window System (X11) provides the basis of NixOS’ graphical user + interface. It can be enabled as follows: = true; - The X server will automatically detect and use the appropriate video driver from a set of X.org drivers (such as vesa and intel). You can also specify a driver manually, e.g. + The X server will automatically detect and use the appropriate video driver + from a set of X.org drivers (such as vesa and + intel). You can also specify a driver manually, e.g. = [ "r128" ]; to enable X.org’s xf86-video-r128 driver. - You also need to enable at least one desktop or window manager. Otherwise, you can only log into a plain undecorated xterm window. Thus you should pick one or more of the following lines: + You also need to enable at least one desktop or window manager. Otherwise, + you can only log into a plain undecorated xterm window. + Thus you should pick one or more of the following lines: = true; = true; @@ -29,7 +34,9 @@ - NixOS’s default display manager (the program that provides a graphical login prompt and manages the X server) is LightDM. You can select an alternative one by picking one of the following lines: + NixOS’s default display manager (the program that + provides a graphical login prompt and manages the X server) is LightDM. You + can select an alternative one by picking one of the following lines: = true; = true; @@ -43,7 +50,8 @@ - The X server is started automatically at boot time. If you don’t want this to happen, you can set: + The X server is started automatically at boot time. If you don’t want this + to happen, you can set: = false; @@ -53,7 +61,8 @@ - On 64-bit systems, if you want OpenGL for 32-bit programs such as in Wine, you should also set the following: + On 64-bit systems, if you want OpenGL for 32-bit programs such as in Wine, + you should also set the following: = true; @@ -61,18 +70,23 @@ Auto-login - The x11 login screen can be skipped entirely, automatically logging you into your window manager and desktop environment when you boot your computer. + The x11 login screen can be skipped entirely, automatically logging you into + your window manager and desktop environment when you boot your computer. - This is especially helpful if you have disk encryption enabled. Since you already have to provide a password to decrypt your disk, entering a second password to login can be redundant. + This is especially helpful if you have disk encryption enabled. Since you + already have to provide a password to decrypt your disk, entering a second + password to login can be redundant. - To enable auto-login, you need to define your default window manager and desktop environment. If you wanted no desktop environment and i3 as your your window manager, you'd define: + To enable auto-login, you need to define your default window manager and + desktop environment. If you wanted no desktop environment and i3 as your your + window manager, you'd define: = "none"; = "i3"; - And, finally, to enable auto-login for a user johndoe: + And, finally, to enable auto-login for a user johndoe: = true; = "johndoe"; @@ -82,7 +96,9 @@ Proprietary NVIDIA drivers - NVIDIA provides a proprietary driver for its graphics cards that has better 3D performance than the X.org drivers. It is not enabled by default because it’s not free software. You can enable it as follows: + NVIDIA provides a proprietary driver for its graphics cards that has better + 3D performance than the X.org drivers. It is not enabled by default because + it’s not free software. You can enable it as follows: = [ "nvidia" ]; @@ -93,51 +109,76 @@ = [ "nvidiaLegacy304" ]; = [ "nvidiaLegacy173" ]; - You may need to reboot after enabling this driver to prevent a clash with other kernel modules. + You may need to reboot after enabling this driver to prevent a clash with + other kernel modules. Proprietary AMD drivers - AMD provides a proprietary driver for its graphics cards that has better 3D performance than the X.org drivers. It is not enabled by default because it’s not free software. You can enable it as follows: + AMD provides a proprietary driver for its graphics cards that has better 3D + performance than the X.org drivers. It is not enabled by default because + it’s not free software. You can enable it as follows: = [ "ati_unfree" ]; - You will need to reboot after enabling this driver to prevent a clash with other kernel modules. + You will need to reboot after enabling this driver to prevent a clash with + other kernel modules. - - For recent AMD GPUs you most likely want to keep either the defaults or "amdgpu" (both free). - + + For recent AMD GPUs you most likely want to keep either the defaults + or "amdgpu" (both free). + Touchpads - Support for Synaptics touchpads (found in many laptops such as the Dell Latitude series) can be enabled as follows: + Support for Synaptics touchpads (found in many laptops such as the Dell + Latitude series) can be enabled as follows: = true; - The driver has many options (see ). For instance, the following disables tap-to-click behavior: + The driver has many options (see ). For + instance, the following disables tap-to-click behavior: = false; - Note: the use of services.xserver.synaptics is deprecated since NixOS 17.09. + Note: the use of services.xserver.synaptics is deprecated + since NixOS 17.09. GTK/Qt themes - GTK themes can be installed either to user profile or system-wide (via environment.systemPackages). To make Qt 5 applications look similar to GTK2 ones, you can install qt5.qtbase.gtk package into your system environment. It should work for all Qt 5 library versions. + GTK themes can be installed either to user profile or system-wide (via + environment.systemPackages). To make Qt 5 applications + look similar to GTK2 ones, you can install qt5.qtbase.gtk + package into your system environment. It should work for all Qt 5 library + versions. Custom XKB layouts - It is possible to install custom XKB keyboard layouts using the option . As a first example, we are going to create a layout based on the basic US layout, with an additional layer to type some greek symbols by pressing the right-alt key. + It is possible to install custom + + XKB + + keyboard layouts using the option + . + As a first example, we are going to create a layout based on the basic US + layout, with an additional layer to type some greek symbols by pressing the + right-alt key. - To do this we are going to create a us-greek file with a xkb_symbols section. + To do this we are going to create a us-greek file + with a xkb_symbols section. xkb_symbols "us-greek" @@ -153,7 +194,8 @@ xkb_symbols "us-greek" }; - To install the layout, the filepath, a description and the list of languages must be given: + To install the layout, the filepath, a description and the list of + languages must be given: .us-greek = { @@ -163,18 +205,32 @@ xkb_symbols "us-greek" } - - The name should match the one given to the xkb_symbols block. - + + The name should match the one given to the + xkb_symbols block. + - The layout should now be installed and ready to use: try it by running setxkbmap us-greek and type <alt>+a. To change the default the usual option can still be used. + The layout should now be installed and ready to use: try it by + running setxkbmap us-greek and type + <alt>+a. To change the default the usual + + option can still be used. - A layout can have several other components besides xkb_symbols, for example we will define new keycodes for some multimedia key and bind these to some symbol. + A layout can have several other components besides + xkb_symbols, for example we will define new + keycodes for some multimedia key and bind these to some symbol. - Use the xev utility from pkgs.xorg.xev to find the codes of the keys of interest, then create a media-key file to hold the keycodes definitions + Use the xev utility from + pkgs.xorg.xev to find the codes of the keys of + interest, then create a media-key file to hold + the keycodes definitions xkb_keycodes "media" @@ -184,7 +240,7 @@ xkb_keycodes "media" } - Now use the newly define keycodes in media-sym: + Now use the newly define keycodes in media-sym: xkb_symbols "media" @@ -195,7 +251,7 @@ xkb_symbols "media" } - As before, to install the layout do + As before, to install the layout do .media = { @@ -206,22 +262,37 @@ xkb_symbols "media" }; - - The function pkgs.writeText <filename> <content> can be useful if you prefer to keep the layout definitions inside the NixOS configuration. - + + The function pkgs.writeText <filename> <content> + can be useful if you prefer to keep the layout definitions + inside the NixOS configuration. + - Unfortunately, the Xorg server does not (currently) support setting a keymap directly but relies instead on XKB rules to select the matching components (keycodes, types, ...) of a layout. This means that components other than symbols won't be loaded by default. As a workaround, you can set the keymap using setxkbmap at the start of the session with: + Unfortunately, the Xorg server does not (currently) support setting a + keymap directly but relies instead on XKB rules to select the matching + components (keycodes, types, ...) of a layout. This means that components + other than symbols won't be loaded by default. As a workaround, you + can set the keymap using setxkbmap at the start of the + session with: = "setxkbmap -keycodes media"; - If you are manually starting the X server, you should set the argument -xkbdir /etc/X11/xkb, otherwise X won't find your layout files. For example with xinit run -$ xinit -- -xkbdir /etc/X11/xkb + If you are manually starting the X server, you should set the argument + -xkbdir /etc/X11/xkb, otherwise X won't find your layout files. + For example with xinit run + $ xinit -- -xkbdir /etc/X11/xkb - To learn how to write layouts take a look at the XKB documentation . More example layouts can also be found here . + To learn how to write layouts take a look at the XKB + + documentation + . More example layouts can also be found + + here + . - + diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 7a93a452fd9d..6ac99c6b2bee 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -14,7 +14,8 @@ - Optionally, compton can be enabled for nice graphical effects, some example settings: + Optionally, compton can be enabled for nice graphical + effects, some example settings: services.compton = { enable = true; @@ -26,7 +27,9 @@ - Some Xfce programs are not installed automatically. To install them manually (system wide), put them into your . + Some Xfce programs are not installed automatically. To install them manually + (system wide), put them into your + . Thunar Volume Support @@ -41,17 +44,25 @@ Polkit Authentication Agent - There is no authentication agent automatically installed alongside Xfce. To allow mounting of local (non-removable) filesystems, you will need to install one. Installing polkit_gnome, a rebuild, logout and login did the trick. + There is no authentication agent automatically installed alongside Xfce. To + allow mounting of local (non-removable) filesystems, you will need to + install one. Installing polkit_gnome, a rebuild, logout + and login did the trick. Troubleshooting - Even after enabling udisks2, volume management might not work. Thunar and/or the desktop takes time to show up. Thunar will spit out this kind of message on start (look at journalctl --user -b). + Even after enabling udisks2, volume management might not work. Thunar and/or + the desktop takes time to show up. Thunar will spit out this kind of message + on start (look at journalctl --user -b). Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported - This is caused by some needed GNOME services not running. This is all fixed by enabling "Launch GNOME services on startup" in the Advanced tab of the Session and Startup settings panel. Alternatively, you can run this command to do the same thing. + This is caused by some needed GNOME services not running. This is all fixed + by enabling "Launch GNOME services on startup" in the Advanced tab of the + Session and Startup settings panel. Alternatively, you can run this command + to do the same thing. $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true diff --git a/nixos/doc/manual/development/assertions.xml b/nixos/doc/manual/development/assertions.xml index c7d5b960aa6b..32f90cf2e7c4 100644 --- a/nixos/doc/manual/development/assertions.xml +++ b/nixos/doc/manual/development/assertions.xml @@ -6,11 +6,18 @@ Warnings and Assertions - When configuration problems are detectable in a module, it is a good idea to write an assertion or warning. Doing so provides clear feedback to the user and prevents errors after the build. + When configuration problems are detectable in a module, it is a good idea to + write an assertion or warning. Doing so provides clear feedback to the user + and prevents errors after the build. - Although Nix has the abort and builtins.trace functions to perform such tasks, they are not ideally suited for NixOS modules. Instead of these functions, you can declare your warnings and assertions using the NixOS module system. + Although Nix has the abort and + builtins.trace + functions + to perform such tasks, they are not ideally suited for NixOS modules. Instead + of these functions, you can declare your warnings and assertions using the + NixOS module system.
@@ -41,7 +48,12 @@ Assertions - This example, extracted from the syslogd module shows how to use assertions. Since there can only be one active syslog daemon at a time, an assertion is useful to prevent such a broken system from being built. + This example, extracted from the + + syslogd module shows how to use + assertions. Since there can only be one active syslog + daemon at a time, an assertion is useful to prevent such a broken system + from being built. diff --git a/nixos/doc/manual/development/building-nixos.xml b/nixos/doc/manual/development/building-nixos.xml index a4bb18656e00..56a596baed00 100644 --- a/nixos/doc/manual/development/building-nixos.xml +++ b/nixos/doc/manual/development/building-nixos.xml @@ -5,17 +5,22 @@ xml:id="sec-building-cd"> Building Your Own NixOS CD - Building a NixOS CD is as easy as configuring your own computer. The idea is to use another module which will replace your configuration.nix to configure the system that would be installed on the CD. + Building a NixOS CD is as easy as configuring your own computer. The idea is + to use another module which will replace your + configuration.nix to configure the system that would be + installed on the CD. - Default CD/DVD configurations are available inside nixos/modules/installer/cd-dvd. + Default CD/DVD configurations are available inside + nixos/modules/installer/cd-dvd. $ git clone https://github.com/NixOS/nixpkgs.git $ cd nixpkgs/nixos $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix - Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command: + Before burning your CD/DVD, you can check the content of the image by + mounting anywhere like suggested by the following command: # mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso diff --git a/nixos/doc/manual/development/building-parts.xml b/nixos/doc/manual/development/building-parts.xml index e05a1342b7aa..88369fb891b3 100644 --- a/nixos/doc/manual/development/building-parts.xml +++ b/nixos/doc/manual/development/building-parts.xml @@ -5,11 +5,14 @@ xml:id="sec-building-parts"> Building Specific Parts of NixOS - With the command nix-build, you can build specific parts of your NixOS configuration. This is done as follows: + With the command nix-build, you can build specific parts + of your NixOS configuration. This is done as follows: $ cd /path/to/nixpkgs/nixos $ nix-build -A config.option - where option is a NixOS option with type “derivation” (i.e. something that can be built). Attributes of interest include: + where option is a NixOS option with type + “derivation” (i.e. something that can be built). Attributes of interest + include: @@ -17,7 +20,10 @@ - The top-level option that builds the entire NixOS system. Everything else in your configuration is indirectly pulled in by this option. This is what nixos-rebuild builds and what /run/current-system points to afterwards. + The top-level option that builds the entire NixOS system. Everything else + in your configuration is indirectly pulled in by this option. This is + what nixos-rebuild builds and what + /run/current-system points to afterwards. A shortcut to build this is: @@ -42,7 +48,8 @@ - A tree of symlinks that form the static parts of /etc. + A tree of symlinks that form the static parts of + /etc. @@ -55,7 +62,9 @@ - The initial ramdisk and kernel of the system. This allows a quick way to test whether the kernel and the initial ramdisk boot correctly, by using QEMU’s and options: + The initial ramdisk and kernel of the system. This allows a quick way to + test whether the kernel and the initial ramdisk boot correctly, by using + QEMU’s and options: $ nix-build -A config.system.build.initialRamdisk -o initrd $ nix-build -A config.system.build.kernel -o kernel @@ -86,18 +95,24 @@ - This builds the unit with the specified name. Note that since unit names contain dots (e.g. httpd.service), you need to put them between quotes, like this: + This builds the unit with the specified name. Note that since unit names + contain dots (e.g. httpd.service), you need to put + them between quotes, like this: $ nix-build -A 'config.systemd.units."httpd.service".unit' - You can also test individual units, without rebuilding the whole system, by putting them in /run/systemd/system: + You can also test individual units, without rebuilding the whole system, + by putting them in /run/systemd/system: $ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \ /run/systemd/system/tmp-httpd.service # systemctl daemon-reload # systemctl start tmp-httpd.service - Note that the unit must not have the same name as any unit in /etc/systemd/system since those take precedence over /run/systemd/system. That’s why the unit is installed as tmp-httpd.service here. + Note that the unit must not have the same name as any unit in + /etc/systemd/system since those take precedence over + /run/systemd/system. That’s why the unit is + installed as tmp-httpd.service here. diff --git a/nixos/doc/manual/development/importing-modules.xml b/nixos/doc/manual/development/importing-modules.xml index 0d57681783e2..1c6a5671eda8 100644 --- a/nixos/doc/manual/development/importing-modules.xml +++ b/nixos/doc/manual/development/importing-modules.xml @@ -6,7 +6,8 @@ Importing Modules - Sometimes NixOS modules need to be used in configuration but exist outside of Nixpkgs. These modules can be imported: + Sometimes NixOS modules need to be used in configuration but exist outside of + Nixpkgs. These modules can be imported: @@ -24,7 +25,9 @@ - The environment variable NIXOS_EXTRA_MODULE_PATH is an absolute path to a NixOS module that is included alongside the Nixpkgs NixOS modules. Like any NixOS module, this module can import additional modules: + The environment variable NIXOS_EXTRA_MODULE_PATH is an + absolute path to a NixOS module that is included alongside the Nixpkgs NixOS + modules. Like any NixOS module, this module can import additional modules: diff --git a/nixos/doc/manual/development/meta-attributes.xml b/nixos/doc/manual/development/meta-attributes.xml index fd15bd3638fd..3d019a4987e1 100644 --- a/nixos/doc/manual/development/meta-attributes.xml +++ b/nixos/doc/manual/development/meta-attributes.xml @@ -6,12 +6,18 @@ Meta Attributes - Like Nix packages, NixOS modules can declare meta-attributes to provide extra information. Module meta attributes are defined in the meta.nix special module. + Like Nix packages, NixOS modules can declare meta-attributes to provide extra + information. Module meta attributes are defined in the + meta.nix + special module. - meta is a top level attribute like options and config. Available meta-attributes are maintainers and doc. + meta is a top level attribute like + options and config. Available + meta-attributes are maintainers and + doc. @@ -45,8 +51,11 @@ - doc points to a valid DocBook file containing the module documentation. Its contents is automatically added to . Changes to a module documentation have to be checked to not break building the NixOS manual: + doc points to a valid DocBook file containing the module + documentation. Its contents is automatically added to + . Changes to a module documentation + have to be checked to not break building the NixOS manual: $ nix-build nixos/release.nix -A manual diff --git a/nixos/doc/manual/development/nixos-tests.xml b/nixos/doc/manual/development/nixos-tests.xml index aedc40e93a6d..2695082e3867 100644 --- a/nixos/doc/manual/development/nixos-tests.xml +++ b/nixos/doc/manual/development/nixos-tests.xml @@ -5,8 +5,13 @@ xml:id="sec-nixos-tests"> NixOS Tests - When you add some feature to NixOS, you should write a test for it. NixOS tests are kept in the directory nixos/tests, and are executed (using Nix) by a testing framework that automatically starts one or more virtual machines containing the NixOS system(s) required for the test. + When you add some feature to NixOS, you should write a test for it. NixOS + tests are kept in the directory + nixos/tests, + and are executed (using Nix) by a testing framework that automatically starts + one or more virtual machines containing the NixOS system(s) required for the + test. diff --git a/nixos/doc/manual/development/option-declarations.xml b/nixos/doc/manual/development/option-declarations.xml index d6fb3f8f687d..eee81bf64263 100644 --- a/nixos/doc/manual/development/option-declarations.xml +++ b/nixos/doc/manual/development/option-declarations.xml @@ -6,7 +6,9 @@ Option Declarations - An option declaration specifies the name, type and description of a NixOS configuration option. It is invalid to define an option that hasn’t been declared in any module. An option declaration generally looks like this: + An option declaration specifies the name, type and description of a NixOS + configuration option. It is invalid to define an option that hasn’t been + declared in any module. An option declaration generally looks like this: options = { name = mkOption { @@ -17,8 +19,13 @@ options = { }; }; - The attribute names within the name attribute path must be camel cased in general but should, as an exception, match the package attribute name when referencing a Nixpkgs package. For example, the option services.nix-serve.bindAddress references the nix-serve Nixpkgs package. + The attribute names within the name attribute path + must be camel cased in general but should, as an exception, match the + + package attribute name when referencing a Nixpkgs package. For + example, the option services.nix-serve.bindAddress + references the nix-serve Nixpkgs package. @@ -30,7 +37,9 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri - The type of the option (see ). It may be omitted, but that’s not advisable since it may lead to errors that are hard to diagnose. + The type of the option (see ). It may + be omitted, but that’s not advisable since it may lead to errors that + are hard to diagnose. @@ -40,7 +49,10 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri - The default value used if no value is defined by any module. A default is not required; but if a default is not given, then users of the module will have to define the value of the option, otherwise an error will be thrown. + The default value used if no value is defined by any module. A default is + not required; but if a default is not given, then users of the module + will have to define the value of the option, otherwise an error will be + thrown. @@ -60,7 +72,8 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri - A textual description of the option, in DocBook format, that will be included in the NixOS manual. + A textual description of the option, in DocBook format, that will be + included in the NixOS manual. @@ -71,15 +84,22 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri Extensible Option Types - Extensible option types is a feature that allow to extend certain types declaration through multiple module files. This feature only work with a restricted set of types, namely enum and submodules and any composed forms of them. + Extensible option types is a feature that allow to extend certain types + declaration through multiple module files. This feature only work with a + restricted set of types, namely enum and + submodules and any composed forms of them. - Extensible option types can be used for enum options that affects multiple modules, or as an alternative to related enable options. + Extensible option types can be used for enum options that + affects multiple modules, or as an alternative to related + enable options. - As an example, we will take the case of display managers. There is a central display manager module for generic display manager options and a module file per display manager backend (slim, sddm, gdm ...). + As an example, we will take the case of display managers. There is a central + display manager module for generic display manager options and a module file + per display manager backend (slim, sddm, gdm ...). @@ -87,12 +107,14 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri - Managing the display managers independently by adding an enable option to every display manager module backend. (NixOS) + Managing the display managers independently by adding an enable option to + every display manager module backend. (NixOS) - Managing the display managers in the central module by adding an option to select which display manager backend to use. + Managing the display managers in the central module by adding an option + to select which display manager backend to use. @@ -103,22 +125,37 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-package-naming"> package attri - Making backends independent can quickly become hard to manage. For display managers, there can be only one enabled at a time, but the type system can not enforce this restriction as there is no relation between each backend enable option. As a result, this restriction has to be done explicitely by adding assertions in each display manager backend module. + Making backends independent can quickly become hard to manage. For display + managers, there can be only one enabled at a time, but the type system can + not enforce this restriction as there is no relation between each backend + enable option. As a result, this restriction has to be + done explicitely by adding assertions in each display manager backend + module. - On the other hand, managing the display managers backends in the central module will require to change the central module option every time a new backend is added or removed. + On the other hand, managing the display managers backends in the central + module will require to change the central module option every time a new + backend is added or removed. - By using extensible option types, it is possible to create a placeholder option in the central module (), and to extend it in each backend module (, ), and to extend + it in each backend module + (, + ). - As a result, displayManager.enable option values can be added without changing the main service module file and the type system automatically enforce that there can only be a single display manager enabled. + As a result, displayManager.enable option values can be + added without changing the main service module file and the type system + automatically enforce that there can only be a single display manager + enabled. @@ -147,11 +184,16 @@ services.xserver.displayManager.enable = mkOption { - The placeholder declaration is a standard mkOption declaration, but it is important that extensible option declarations only use the type argument. + The placeholder declaration is a standard mkOption + declaration, but it is important that extensible option declarations only + use the type argument. - Extensible option types work with any of the composed variants of enum such as with types; nullOr (enum [ "foo" "bar" ]) or with types; listOf (enum [ "foo" "bar" ]). + Extensible option types work with any of the composed variants of + enum such as with types; nullOr (enum [ "foo" + "bar" ]) or with types; listOf (enum [ "foo" "bar" + ]).
diff --git a/nixos/doc/manual/development/option-def.xml b/nixos/doc/manual/development/option-def.xml index 883778c7eb96..50a705d0cb8e 100644 --- a/nixos/doc/manual/development/option-def.xml +++ b/nixos/doc/manual/development/option-def.xml @@ -6,26 +6,33 @@ Option Definitions - Option definitions are generally straight-forward bindings of values to option names, like + Option definitions are generally straight-forward bindings of values to + option names, like config = { services.httpd.enable = true; }; - However, sometimes you need to wrap an option definition or set of option definitions in a property to achieve certain effects: + However, sometimes you need to wrap an option definition or set of option + definitions in a property to achieve certain effects: Delaying Conditionals - If a set of option definitions is conditional on the value of another option, you may need to use mkIf. Consider, for instance: + If a set of option definitions is conditional on the value of another + option, you may need to use mkIf. Consider, for instance: config = if config.services.httpd.enable then { environment.systemPackages = [ ... ]; ... } else {}; - This definition will cause Nix to fail with an “infinite recursion” error. Why? Because the value of depends on the value being constructed here. After all, you could also write the clearly circular and contradictory: + This definition will cause Nix to fail with an “infinite recursion” + error. Why? Because the value of + depends on the value being + constructed here. After all, you could also write the clearly circular and + contradictory: config = if config.services.httpd.enable then { services.httpd.enable = false; @@ -40,7 +47,9 @@ config = mkIf config.services.httpd.enable { ... }; - The special function mkIf causes the evaluation of the conditional to be “pushed down” into the individual definitions, as if you had written: + The special function mkIf causes the evaluation of the + conditional to be “pushed down” into the individual definitions, as if + you had written: config = { environment.systemPackages = if config.services.httpd.enable then [ ... ] else []; @@ -53,18 +62,27 @@ config = { Setting Priorities - A module can override the definitions of an option in other modules by setting a priority. All option definitions that do not have the lowest priority value are discarded. By default, option definitions have priority 1000. You can specify an explicit priority by using mkOverride, e.g. + A module can override the definitions of an option in other modules by + setting a priority. All option definitions that do not + have the lowest priority value are discarded. By default, option definitions + have priority 1000. You can specify an explicit priority by using + mkOverride, e.g. services.openssh.enable = mkOverride 10 false; - This definition causes all other definitions with priorities above 10 to be discarded. The function mkForce is equal to mkOverride 50. + This definition causes all other definitions with priorities above 10 to be + discarded. The function mkForce is equal to + mkOverride 50. Merging Configurations - In conjunction with mkIf, it is sometimes useful for a module to return multiple sets of option definitions, to be merged together as if they were declared in separate modules. This can be done using mkMerge: + In conjunction with mkIf, it is sometimes useful for a + module to return multiple sets of option definitions, to be merged together + as if they were declared in separate modules. This can be done using + mkMerge: config = mkMerge [ # Unconditional stuff. diff --git a/nixos/doc/manual/development/option-types.xml b/nixos/doc/manual/development/option-types.xml index 7cd26e4c937d..8fcbb627342b 100644 --- a/nixos/doc/manual/development/option-types.xml +++ b/nixos/doc/manual/development/option-types.xml @@ -6,14 +6,18 @@ Options Types - Option types are a way to put constraints on the values a module option can take. Types are also responsible of how values are merged in case of multiple value definitions. + Option types are a way to put constraints on the values a module option can + take. Types are also responsible of how values are merged in case of multiple + value definitions.
Basic Types - Basic types are the simplest available types in the module system. Basic types include multiple string types that mainly differ in how definition merging is handled. + Basic types are the simplest available types in the module system. Basic + types include multiple string types that mainly differ in how definition + merging is handled. @@ -33,7 +37,8 @@ - A boolean, its values can be true or false. + A boolean, its values can be true or + false. @@ -43,7 +48,9 @@ - A filesystem path, defined as anything that when coerced to a string starts with a slash. Even if derivations can be considered as path, the more specific types.package should be preferred. + A filesystem path, defined as anything that when coerced to a string + starts with a slash. Even if derivations can be considered as path, the + more specific types.package should be preferred. @@ -80,7 +87,12 @@ - Signed integers with a fixed length (8, 16 or 32 bits). They go from −2n/2 to 2n/2−1 respectively (e.g. −128 to 127 for 8 bits). + Signed integers with a fixed length (8, 16 or 32 bits). They go from + −2n/2 + to + 2n/2−1 + respectively (e.g. −128 to + 127 for 8 bits). @@ -100,7 +112,12 @@ - Unsigned integers with a fixed length (8, 16 or 32 bits). They go from 0 to 2n−1 respectively (e.g. 0 to 255 for 8 bits). + Unsigned integers with a fixed length (8, 16 or 32 bits). They go from + 0 to + + 2n−1 + respectively (e.g. 0 to + 255 for 8 bits). @@ -120,7 +137,8 @@ - A port number. This type is an alias to types.ints.u16. + A port number. This type is an alias to + types.ints.u16. @@ -147,7 +165,8 @@ - A string. Multiple definitions are concatenated with a new line "\n". + A string. Multiple definitions are concatenated with a new line + "\n". @@ -157,7 +176,8 @@ - A string. Multiple definitions are concatenated with a comma ",". + A string. Multiple definitions are concatenated with a comma + ",". @@ -167,7 +187,8 @@ - A string. Multiple definitions are concatenated with a collon ":". + A string. Multiple definitions are concatenated with a collon + ":". @@ -177,7 +198,9 @@ - A string matching a specific regular expression. Multiple definitions cannot be merged. The regular expression is processed using builtins.match. + A string matching a specific regular expression. Multiple definitions + cannot be merged. The regular expression is processed using + builtins.match. @@ -198,7 +221,9 @@ - One element of the list l, e.g. types.enum [ "left" "right" ]. Multiple definitions cannot be merged. + One element of the list l, e.g. + types.enum [ "left" "right" ]. Multiple definitions + cannot be merged. @@ -208,7 +233,8 @@ - A string with a custom separator sep, e.g. types.separatedString "|". + A string with a custom separator sep, e.g. + types.separatedString "|". @@ -218,7 +244,9 @@ - An integer between lowest and highest (both inclusive). Useful for creating types like types.port. + An integer between lowest and + highest (both inclusive). Useful for creating + types like types.port. @@ -228,7 +256,11 @@ - A set of sub options o. o can be an attribute set or a function returning an attribute set. Submodules are used in composed types to create modular options. Submodule are detailed in o. + o can be an attribute set or a function + returning an attribute set. Submodules are used in composed types to + create modular options. Submodule are detailed in + . @@ -240,7 +272,9 @@ Composed Types - Composed types are types that take a type as parameter. listOf int and either int str are examples of composed types. + Composed types are types that take a type as parameter. listOf + int and either int str are examples of composed + types. @@ -250,7 +284,8 @@ - A list of t type, e.g. types.listOf int. Multiple definitions are merged with list concatenation. + A list of t type, e.g. types.listOf + int. Multiple definitions are merged with list concatenation. @@ -260,7 +295,9 @@ - An attribute set of where all the values are of t type. Multiple definitions result in the joined attribute set. + An attribute set of where all the values are of + t type. Multiple definitions result in the + joined attribute set. @@ -270,7 +307,8 @@ - An attribute set or a list of t type. Multiple definitions are merged according to the value. + An attribute set or a list of t type. Multiple + definitions are merged according to the value. @@ -280,7 +318,8 @@ - null or type t. Multiple definitions are merged according to type t. + null or type t. Multiple + definitions are merged according to type t. @@ -290,7 +329,8 @@ - Ensures that type t cannot be merged. It is used to ensure option definitions are declared only once. + Ensures that type t cannot be merged. It is + used to ensure option definitions are declared only once. @@ -300,7 +340,9 @@ - Type t1 or type t2, e.g. with types; either int str. Multiple definitions cannot be merged. + Type t1 or type t2, + e.g. with types; either int str. Multiple definitions + cannot be merged. @@ -310,7 +352,9 @@ - Type t1 or type t2 and so forth, e.g. with types; oneOf [ int str bool ]. Multiple definitions cannot be merged. + Type t1 or type t2 and so forth, + e.g. with types; oneOf [ int str bool ]. Multiple definitions + cannot be merged. @@ -320,7 +364,12 @@ - Type to or type from which will be coerced to type to using function f which takes an argument of type from and return a value of type to. Can be used to preserve backwards compatibility of an option if its type was changed. + Type to or type + from which will be coerced to type + to using function f + which takes an argument of type from and + return a value of type to. Can be used to + preserve backwards compatibility of an option if its type was changed. @@ -331,15 +380,22 @@ Submodule - submodule is a very powerful type that defines a set of sub-options that are handled like a separate module. + submodule is a very powerful type that defines a set of + sub-options that are handled like a separate module. - It takes a parameter o, that should be a set, or a function returning a set with an options key defining the sub-options. Submodule option definitions are type-checked accordingly to the options declarations. Of course, you can nest submodule option definitons for even higher modularity. + It takes a parameter o, that should be a set, or + a function returning a set with an options key defining + the sub-options. Submodule option definitions are type-checked accordingly + to the options declarations. Of course, you can nest + submodule option definitons for even higher modularity. - The option set can be defined directly () or as reference (). + The option set can be defined directly + () or as reference + (). @@ -382,7 +438,12 @@ options.mod = mkOption { - The submodule type is especially interesting when used with composed types like attrsOf or listOf. When composed with listOf (), submodule allows multiple definitions of the submodule option set (). + The submodule type is especially interesting when used + with composed types like attrsOf or + listOf. When composed with listOf + (), + submodule allows multiple definitions of the submodule + option set (). @@ -413,7 +474,10 @@ config.mod = [ - When composed with attrsOf (), submodule allows multiple named definitions of the submodule option set (). + When composed with attrsOf + (), + submodule allows multiple named definitions of the + submodule option set (). @@ -446,7 +510,8 @@ config.mod.two = { foo = 2; bar = "two"; }; Extending types - Types are mainly characterized by their check and merge functions. + Types are mainly characterized by their check and + merge functions. @@ -456,8 +521,13 @@ config.mod.two = { foo = 2; bar = "two"; }; - The function to type check the value. Takes a value as parameter and return a boolean. It is possible to extend a type check with the addCheck function (), or to fully override the check function (). + The function to type check the value. Takes a value as parameter and + return a boolean. It is possible to extend a type check with the + addCheck function + (), or to fully + override the check function + (). Adding a type check @@ -485,7 +555,11 @@ nixThings = mkOption { - Function to merge the options values when multiple values are set. The function takes two parameters, loc the option path as a list of strings, and defs the list of defined values as a list. It is possible to override a type merge function for custom needs. + Function to merge the options values when multiple values are set. The + function takes two parameters, loc the option path as + a list of strings, and defs the list of defined values + as a list. It is possible to override a type merge function for custom + needs. @@ -496,8 +570,12 @@ nixThings = mkOption { Custom Types - Custom types can be created with the mkOptionType function. As type creation includes some more complex topics such as submodule handling, it is recommended to get familiar with types.nix code before creating a new type. + Custom types can be created with the mkOptionType + function. As type creation includes some more complex topics such as + submodule handling, it is recommended to get familiar with + types.nix + code before creating a new type. @@ -521,7 +599,8 @@ nixThings = mkOption { - Description of the type used in documentation. Give information of the type and any of its arguments. + Description of the type used in documentation. Give information of the + type and any of its arguments. @@ -531,7 +610,10 @@ nixThings = mkOption { - A function to type check the definition value. Takes the definition value as a parameter and returns a boolean indicating the type check result, true for success and false for failure. + A function to type check the definition value. Takes the definition value + as a parameter and returns a boolean indicating the type check result, + true for success and false for + failure. @@ -550,7 +632,8 @@ nixThings = mkOption { - The option path as a list of strings, e.g. ["boot" "loader "grub" "enable"]. + The option path as a list of strings, e.g. ["boot" "loader + "grub" "enable"]. @@ -560,7 +643,12 @@ nixThings = mkOption { - The list of sets of defined value and file where the value was defined, e.g. [ { file = "/foo.nix"; value = 1; } { file = "/bar.nix"; value = 2 } ]. The merge function should return the merged value or throw an error in case the values are impossible or not meant to be merged. + The list of sets of defined value and + file where the value was defined, e.g. [ { + file = "/foo.nix"; value = 1; } { file = "/bar.nix"; value = 2 } + ]. The merge function should return the + merged value or throw an error in case the values are impossible or + not meant to be merged. @@ -573,7 +661,13 @@ nixThings = mkOption { - For composed types that can take a submodule as type parameter, this function generate sub-options documentation. It takes the current option prefix as a list and return the set of sub-options. Usually defined in a recursive manner by adding a term to the prefix, e.g. prefix: elemType.getSubOptions (prefix ++ ["prefix"]) where "prefix" is the newly added prefix. + For composed types that can take a submodule as type parameter, this + function generate sub-options documentation. It takes the current option + prefix as a list and return the set of sub-options. Usually defined in a + recursive manner by adding a term to the prefix, e.g. prefix: + elemType.getSubOptions (prefix ++ + ["prefix"]) where + "prefix" is the newly added prefix. @@ -583,7 +677,11 @@ nixThings = mkOption { - For composed types that can take a submodule as type parameter, this function should return the type parameters submodules. If the type parameter is called elemType, the function should just recursively look into submodules by returning elemType.getSubModules;. + For composed types that can take a submodule as type parameter, this + function should return the type parameters submodules. If the type + parameter is called elemType, the function should just + recursively look into submodules by returning + elemType.getSubModules;. @@ -593,7 +691,14 @@ nixThings = mkOption { - For composed types that can take a submodule as type parameter, this function can be used to substitute the parameter of a submodule type. It takes a module as parameter and return the type with the submodule options substituted. It is usually defined as a type function call with a recursive call to substSubModules, e.g for a type composedType that take an elemtype type parameter, this function should be defined as m: composedType (elemType.substSubModules m). + For composed types that can take a submodule as type parameter, this + function can be used to substitute the parameter of a submodule type. It + takes a module as parameter and return the type with the submodule + options substituted. It is usually defined as a type function call with a + recursive call to substSubModules, e.g for a type + composedType that take an elemtype + type parameter, this function should be defined as m: + composedType (elemType.substSubModules m). @@ -603,7 +708,9 @@ nixThings = mkOption { - A function to merge multiple type declarations. Takes the type to merge functor as parameter. A null return value means that type cannot be merged. + A function to merge multiple type declarations. Takes the type to merge + functor as parameter. A null return + value means that type cannot be merged. @@ -618,7 +725,8 @@ nixThings = mkOption { - Note: There is a generic defaultTypeMerge that work with most of value and composed types. + Note: There is a generic defaultTypeMerge that work + with most of value and composed types. @@ -628,7 +736,8 @@ nixThings = mkOption { - An attribute set representing the type. It is used for type operations and has the following keys: + An attribute set representing the type. It is used for type operations + and has the following keys: @@ -657,7 +766,10 @@ nixThings = mkOption { - Holds the value parameter for value types. The types that have a payload are the enum, separatedString and submodule types. + Holds the value parameter for value types. The types that have a + payload are the enum, + separatedString and submodule + types. @@ -667,7 +779,9 @@ nixThings = mkOption { - A binary operation that can merge the payloads of two same types. Defined as a function that take two payloads as parameters and return the payloads merged. + A binary operation that can merge the payloads of two same types. + Defined as a function that take two payloads as parameters and return + the payloads merged. diff --git a/nixos/doc/manual/development/releases.xml b/nixos/doc/manual/development/releases.xml index 8cc4490ff540..1cdec64f69b0 100755 --- a/nixos/doc/manual/development/releases.xml +++ b/nixos/doc/manual/development/releases.xml @@ -17,12 +17,15 @@ - Send an email to the nix-devel mailinglist as a warning about upcoming beta "feature freeze" in a month. + Send an email to the nix-devel mailinglist as a warning about upcoming + beta "feature freeze" in a month. - Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline. Any issue or Pull Request targeting the release should be included in the release milestone. + Discuss with Eelco Dolstra and the community (via IRC, ML) about what + will reach the deadline. Any issue or Pull Request targeting the release + should be included in the release milestone. @@ -34,32 +37,42 @@ - Create an issue for tracking Zero Hydra Failures progress. ZHF is an effort to get build failures down to zero. + Create + an issue for tracking Zero Hydra Failures progress. ZHF is an effort to + get build failures down to zero. - git tag -a -s -m "Release 17.09-beta" 17.09-beta && git push --tags + git tag -a -s -m "Release 17.09-beta" 17.09-beta + && git push --tags - From the master branch run git checkout -B release-17.09. + From the master branch run git checkout -B + release-17.09. - Make sure a channel is created at http://nixos.org/channels/. + + Make sure a channel is created at http://nixos.org/channels/. - Bump the system.defaultChannel attribute in nixos/modules/misc/version.nix + + Bump the system.defaultChannel attribute in + nixos/modules/misc/version.nix - Update versionSuffix in nixos/release.nix, use git log --format=%an|wc -l to get the commit count + + Update versionSuffix in + nixos/release.nix, use git log + --format=%an|wc -l to get the commit count @@ -69,32 +82,44 @@ - Pick a new name for the unstable branch. + + Pick a new name for the unstable branch. - Create a new release notes file for the upcoming release + 1, in this case rl-1803.xml. + Create a new release notes file for the upcoming release + 1, in this + case rl-1803.xml. - Create two Hydra jobsets: release-17.09 and release-17.09-small with stableBranch set to false. + Create two Hydra jobsets: release-17.09 and release-17.09-small with + stableBranch set to false. - Remove attributes that we know we will not be able to support, especially if there is a stable alternative. E.g. Check that our Linux kernels' projected end-of-life are after our release projected end-of-life + Remove attributes that we know we will not be able to support, + especially if there is a stable alternative. E.g. Check that our + Linux kernels' + + projected end-of-life are after our release projected + end-of-life - Edit changelog at nixos/doc/manual/release-notes/rl-1709.xml (double check desktop versions are noted) + Edit changelog at + nixos/doc/manual/release-notes/rl-1709.xml (double + check desktop versions are noted) - Get all new NixOS modules git diff release-17.03..release-17.09 nixos/modules/module-list.nix|grep ^+ + Get all new NixOS modules git diff + release-17.03..release-17.09 nixos/modules/module-list.nix|grep + ^+ @@ -113,7 +138,8 @@ - Monitor the master branch for bugfixes and minor updates and cherry-pick them to the release branch. + Monitor the master branch for bugfixes and minor updates and cherry-pick + them to the release branch. @@ -130,17 +156,21 @@ - Release Nix (currently only Eelco Dolstra can do that). Make sure fallback is updated. + Release Nix (currently only Eelco Dolstra can do that). + + Make sure fallback is updated. - Update README.md with new stable NixOS version information. + + Update README.md with new stable NixOS version information. - Change stableBranch to true and wait for channel to update. + Change stableBranch to true and wait for channel to + update. @@ -157,27 +187,34 @@ - Update "Chapter 4. Upgrading NixOS" section of the manual to match new stable release version. + Update "Chapter 4. Upgrading NixOS" section of the manual to match + new stable release version. - Update http://nixos.org/nixos/download.html and http://nixos.org/nixos/manual in https://github.com/NixOS/nixos-org-configurations + Update http://nixos.org/nixos/download.html and + http://nixos.org/nixos/manual in + https://github.com/NixOS/nixos-org-configurations - Get number of commits for the release: git log release-14.04..release-14.12 --format=%an|wc -l + Get number of commits for the release: git log + release-14.04..release-14.12 --format=%an|wc -l - Commits by contributor: git log release-14.04..release-14.12 --format=%an|sort|uniq -c|sort -rn + Commits by contributor: git log release-14.04..release-14.12 + --format=%an|sort|uniq -c|sort -rn - Send an email to nix-dev to announce the release with above information. Best to check how previous email was formulated to see what needs to be included. + Send an email to nix-dev to announce the release with above information. + Best to check how previous email was formulated to see what needs to be + included. @@ -185,45 +222,26 @@
Release Management Team - - For each release there are two release managers. After each release the release manager having managed two releases steps down and the release management team of the last release appoints a new release manager. + For each release there are two release managers. After each release the + release manager having managed two releases steps down and the release + management team of the last release appoints a new release manager. - - This makes sure a release management team always consists of one release manager who already has managed one release and one release manager being introduced to their role, making it easier to pass on knowledge and experience. + This makes sure a release management team always consists of one release + manager who already has managed one release and one release manager being + introduced to their role, making it easier to pass on knowledge and + experience. - A release manager's role and responsibilities are: - - - - manage the release process - - - - - start discussions about features and changes for a given release - - - - - create a roadmap - - - - - release in cooperation with Eelco Dolstra - - - - - decide which bug fixes, features, etc... get backported after a release - - + manage the release process + start discussions about features and changes for a given release + create a roadmap + release in cooperation with Eelco Dolstra + decide which bug fixes, features, etc... get backported after a release
diff --git a/nixos/doc/manual/development/replace-modules.xml b/nixos/doc/manual/development/replace-modules.xml index 9940143de8e4..7b103c36d907 100644 --- a/nixos/doc/manual/development/replace-modules.xml +++ b/nixos/doc/manual/development/replace-modules.xml @@ -6,15 +6,27 @@ Replace Modules - Modules that are imported can also be disabled. The option declarations and config implementation of a disabled module will be ignored, allowing another to take it's place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release. + Modules that are imported can also be disabled. The option declarations and + config implementation of a disabled module will be ignored, allowing another + to take it's place. This can be used to import a set of modules from another + channel while keeping the rest of the system on a stable release. - disabledModules is a top level attribute like imports, options and config. It contains a list of modules that will be disabled. This can either be the full path to the module or a string with the filename relative to the modules path (eg. <nixpkgs/nixos/modules> for nixos). + disabledModules is a top level attribute like + imports, options and + config. It contains a list of modules that will be + disabled. This can either be the full path to the module or a string with the + filename relative to the modules path (eg. <nixpkgs/nixos/modules> for + nixos). - This example will replace the existing postgresql module with the version defined in the nixos-unstable channel while keeping the rest of the modules and packages from the original nixos channel. This only overrides the module definition, this won't use postgresql from nixos-unstable unless explicitly configured to do so. + This example will replace the existing postgresql module with the version + defined in the nixos-unstable channel while keeping the rest of the modules + and packages from the original nixos channel. This only overrides the module + definition, this won't use postgresql from nixos-unstable unless explicitly + configured to do so. @@ -34,7 +46,9 @@ - This example shows how to define a custom module as a replacement for an existing module. Importing this module will disable the original module without having to know it's implementation details. + This example shows how to define a custom module as a replacement for an + existing module. Importing this module will disable the original module + without having to know it's implementation details. diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.xml b/nixos/doc/manual/development/running-nixos-tests-interactively.xml index e4ded136ca66..e390d62fde2f 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.xml +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.xml @@ -6,7 +6,8 @@ Running Tests interactively - The test itself can be run interactively. This is particularly useful when developing or debugging a test: + The test itself can be run interactively. This is particularly useful when + developing or debugging a test: $ nix-build nixos/tests/login.nix -A driver $ ./result/bin/nixos-test-driver @@ -20,7 +21,10 @@ starting VDE switch for network 1 > $machine->succeed("touch /tmp/foo") > print($machine->succeed("pwd")) # Show stdout of command - The function testScript executes the entire test script and drops you back into the test driver command line upon its completion. This allows you to inspect the state of the VMs after the test (e.g. to debug the test script). + The function testScript executes the entire test script + and drops you back into the test driver command line upon its completion. + This allows you to inspect the state of the VMs after the test (e.g. to debug + the test script). @@ -29,10 +33,12 @@ starting VDE switch for network 1 $ nix-build nixos/tests/login.nix -A driver $ ./result/bin/nixos-run-vms - The script nixos-run-vms starts the virtual machines defined by test. + The script nixos-run-vms starts the virtual machines + defined by test. - The machine state is kept across VM restarts in /tmp/vm-state-machinename. + The machine state is kept across VM restarts in + /tmp/vm-state-machinename.
diff --git a/nixos/doc/manual/development/running-nixos-tests.xml b/nixos/doc/manual/development/running-nixos-tests.xml index 7d81be9b1c6a..13ae1ed93699 100644 --- a/nixos/doc/manual/development/running-nixos-tests.xml +++ b/nixos/doc/manual/development/running-nixos-tests.xml @@ -6,8 +6,11 @@ Running Tests - You can run tests using nix-build. For example, to run the test login.nix, you just do: + You can run tests using nix-build. For example, to run the + test + login.nix, + you just do: $ nix-build '<nixpkgs/nixos/tests/login.nix>' @@ -21,7 +24,11 @@ machine: QEMU running (pid 8841) … 6 out of 6 tests succeeded - After building/downloading all required dependencies, this will perform a build that starts a QEMU/KVM virtual machine containing a NixOS system. The virtual machine mounts the Nix store of the host; this makes VM creation very fast, as no disk image needs to be created. Afterwards, you can view a pretty-printed log of the test: + After building/downloading all required dependencies, this will perform a + build that starts a QEMU/KVM virtual machine containing a NixOS system. The + virtual machine mounts the Nix store of the host; this makes VM creation very + fast, as no disk image needs to be created. Afterwards, you can view a + pretty-printed log of the test: $ firefox result/log.html diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml index 71441feb1ff7..3c30c782746d 100644 --- a/nixos/doc/manual/development/sources.xml +++ b/nixos/doc/manual/development/sources.xml @@ -5,47 +5,77 @@ xml:id="sec-getting-sources"> Getting the Sources - By default, NixOS’s nixos-rebuild command uses the NixOS and Nixpkgs sources provided by the nixos channel (kept in /nix/var/nix/profiles/per-user/root/channels/nixos). To modify NixOS, however, you should check out the latest sources from Git. This is as follows: + By default, NixOS’s nixos-rebuild command uses the NixOS + and Nixpkgs sources provided by the nixos channel (kept in + /nix/var/nix/profiles/per-user/root/channels/nixos). To + modify NixOS, however, you should check out the latest sources from Git. This + is as follows: $ git clone https://github.com/NixOS/nixpkgs $ cd nixpkgs $ git remote add channels https://github.com/NixOS/nixpkgs-channels $ git remote update channels - This will check out the latest Nixpkgs sources to ./nixpkgs the NixOS sources to ./nixpkgs/nixos. (The NixOS source tree lives in a subdirectory of the Nixpkgs repository.) The remote channels refers to a read-only repository that tracks the Nixpkgs/NixOS channels (see for more information about channels). Thus, the Git branch channels/nixos-17.03 will contain the latest built and tested version available in the nixos-17.03 channel. + This will check out the latest Nixpkgs sources to + ./nixpkgs the NixOS sources to + ./nixpkgs/nixos. (The NixOS source tree lives in a + subdirectory of the Nixpkgs repository.) The remote + channels refers to a read-only repository that tracks the + Nixpkgs/NixOS channels (see for more + information about channels). Thus, the Git branch + channels/nixos-17.03 will contain the latest built and + tested version available in the nixos-17.03 channel. - It’s often inconvenient to develop directly on the master branch, since if somebody has just committed (say) a change to GCC, then the binary cache may not have caught up yet and you’ll have to rebuild everything from source. So you may want to create a local branch based on your current NixOS version: + It’s often inconvenient to develop directly on the master branch, since if + somebody has just committed (say) a change to GCC, then the binary cache may + not have caught up yet and you’ll have to rebuild everything from source. + So you may want to create a local branch based on your current NixOS version: $ nixos-version 17.09pre104379.6e0b727 (Hummingbird) $ git checkout -b local 6e0b727 - Or, to base your local branch on the latest version available in a NixOS channel: + Or, to base your local branch on the latest version available in a NixOS + channel: $ git remote update channels $ git checkout -b local channels/nixos-17.03 - (Replace nixos-17.03 with the name of the channel you want to use.) You can use git merge or git rebase to keep your local branch in sync with the channel, e.g. + (Replace nixos-17.03 with the name of the channel you want + to use.) You can use git merge or git + rebase to keep your local branch in sync with the channel, e.g. $ git remote update channels $ git merge channels/nixos-17.03 - You can use git cherry-pick to copy commits from your local branch to the upstream branch. + You can use git cherry-pick to copy commits from your + local branch to the upstream branch. - If you want to rebuild your system using your (modified) sources, you need to tell nixos-rebuild about them using the flag: + If you want to rebuild your system using your (modified) sources, you need to + tell nixos-rebuild about them using the + flag: # nixos-rebuild switch -I nixpkgs=/my/sources/nixpkgs - If you want nix-env to use the expressions in /my/sources, use nix-env -f /my/sources/nixpkgs, or change the default by adding a symlink in ~/.nix-defexpr: + If you want nix-env to use the expressions in + /my/sources, use nix-env -f + /my/sources/nixpkgs, or change the + default by adding a symlink in ~/.nix-defexpr: $ ln -s /my/sources/nixpkgs ~/.nix-defexpr/nixpkgs - You may want to delete the symlink ~/.nix-defexpr/channels_root to prevent root’s NixOS channel from clashing with your own tree (this may break the command-not-found utility though). If you want to go back to the default state, you may just remove the ~/.nix-defexpr directory completely, log out and log in again and it should have been recreated with a link to the root channels. + You may want to delete the symlink + ~/.nix-defexpr/channels_root to prevent root’s NixOS + channel from clashing with your own tree (this may break the + command-not-found utility though). If you want to go back to the default + state, you may just remove the ~/.nix-defexpr directory + completely, log out and log in again and it should have been recreated with a + link to the root channels. + nixos-rebuild reconfigure a NixOS machine + - nixos-rebuild + nixos-rebuild - + - + - + - + - + - + - + - + @@ -54,33 +56,34 @@ - + - + - + - + - + builder-spec + - + - + @@ -90,67 +93,56 @@ - - path + + path - - - - - - - - - - + + + + - - - - - - - - - - number + + + + + number - - - - - - - - - - + + + + - - - - - - - - - - + + + + + Description + - This command updates the system so that it corresponds to the configuration specified in /etc/nixos/configuration.nix. Thus, every time you modify /etc/nixos/configuration.nix or any NixOS module, you must run nixos-rebuild to make the changes take effect. It builds the new system in /nix/store, runs its activation script, and stop and (re)starts any system services if needed. Please note that user services need to be started manually as they aren't detected by the activation script at the moment. + This command updates the system so that it corresponds to the configuration + specified in /etc/nixos/configuration.nix. Thus, every + time you modify /etc/nixos/configuration.nix or any + NixOS module, you must run nixos-rebuild to make the + changes take effect. It builds the new system in + /nix/store, runs its activation script, and stop and + (re)starts any system services if needed. Please note that user services need + to be started manually as they aren't detected by the activation script at the moment. + - This command has one required argument, which specifies the desired operation. It must be one of the following: + This command has one required argument, which specifies the desired + operation. It must be one of the following: + @@ -158,64 +150,91 @@ - Build and activate the new configuration, and make it the boot default. That is, the configuration is added to the GRUB boot menu as the default menu entry, so that subsequent reboots will boot the system into the new configuration. Previous configurations activated with nixos-rebuild switch or nixos-rebuild boot remain available in the GRUB menu. + Build and activate the new configuration, and make it the boot default. + That is, the configuration is added to the GRUB boot menu as the default + menu entry, so that subsequent reboots will boot the system into the new + configuration. Previous configurations activated with + nixos-rebuild switch or nixos-rebuild + boot remain available in the GRUB menu. + - Build the new configuration and make it the boot default (as with nixos-rebuild switch), but do not activate it. That is, the system continues to run the previous configuration until the next reboot. + Build the new configuration and make it the boot default (as with + nixos-rebuild switch), but do not activate it. That + is, the system continues to run the previous configuration until the + next reboot. + - Build and activate the new configuration, but do not add it to the GRUB boot menu. Thus, if you reboot the system (or if it crashes), you will automatically revert to the default configuration (i.e. the configuration resulting from the last call to nixos-rebuild switch or nixos-rebuild boot). + Build and activate the new configuration, but do not add it to the GRUB + boot menu. Thus, if you reboot the system (or if it crashes), you will + automatically revert to the default configuration (i.e. the + configuration resulting from the last call to nixos-rebuild + switch or nixos-rebuild boot). + - Build the new configuration, but neither activate it nor add it to the GRUB boot menu. It leaves a symlink named result in the current directory, which points to the output of the top-level “system” derivation. This is essentially the same as doing + Build the new configuration, but neither activate it nor add it to the + GRUB boot menu. It leaves a symlink named result in + the current directory, which points to the output of the top-level + “system” derivation. This is essentially the same as doing $ nix-build /path/to/nixpkgs/nixos -A system - Note that you do not need to be root to run nixos-rebuild build. + Note that you do not need to be root to run + nixos-rebuild build. + - Show what store paths would be built or downloaded by any of the operations above, but otherwise do nothing. + Show what store paths would be built or downloaded by any of the + operations above, but otherwise do nothing. + - Build the new configuration, but instead of activating it, show what changes would be performed by the activation (i.e. by nixos-rebuild test). For instance, this command will print which systemd units would be restarted. The list of changes is not guaranteed to be complete. + Build the new configuration, but instead of activating it, show what + changes would be performed by the activation (i.e. by + nixos-rebuild test). For instance, this command will + print which systemd units would be restarted. The list of changes is not + guaranteed to be complete. + @@ -226,49 +245,80 @@ + - Build a script that starts a NixOS virtual machine with the desired configuration. It leaves a symlink result in the current directory that points (under result/bin/run-hostname-vm) at the script that starts the VM. Thus, to test a NixOS configuration in a virtual machine, you should do the following: + Build a script that starts a NixOS virtual machine with the desired + configuration. It leaves a symlink result in the + current directory that points (under + result/bin/run-hostname-vm) + at the script that starts the VM. Thus, to test a NixOS configuration in + a virtual machine, you should do the following: $ nixos-rebuild build-vm $ ./result/bin/run-*-vm + - The VM is implemented using the qemu package. For best performance, you should load the kvm-intel or kvm-amd kernel modules to get hardware virtualisation. + The VM is implemented using the qemu package. For + best performance, you should load the kvm-intel or + kvm-amd kernel modules to get hardware + virtualisation. + - The VM mounts the Nix store of the host through the 9P file system. The host Nix store is read-only, so Nix commands that modify the Nix store will not work in the VM. This includes commands such as nixos-rebuild; to change the VM’s configuration, you must halt the VM and re-run the commands above. + The VM mounts the Nix store of the host through the 9P file system. The + host Nix store is read-only, so Nix commands that modify the Nix store + will not work in the VM. This includes commands such as + nixos-rebuild; to change the VM’s configuration, + you must halt the VM and re-run the commands above. + - The VM has its own ext3 root file system, which is automatically created when the VM is first started, and is persistent across reboots of the VM. It is stored in ./hostname.qcow2. + The VM has its own ext3 root file system, which is + automatically created when the VM is first started, and is persistent + across reboots of the VM. It is stored in + ./hostname.qcow2. + - Like , but boots using the regular boot loader of your configuration (e.g., GRUB 1 or 2), rather than booting directly into the kernel and initial ramdisk of the system. This allows you to test whether the boot loader works correctly. However, it does not guarantee that your NixOS configuration will boot successfully on the host hardware (i.e., after running nixos-rebuild switch), because the hardware and boot loader configuration in the VM are different. The boot loader is installed on an automatically generated virtual disk containing a /boot partition, which is mounted read-only in the VM. + Like , but boots using the regular boot loader + of your configuration (e.g., GRUB 1 or 2), rather than booting directly + into the kernel and initial ramdisk of the system. This allows you to + test whether the boot loader works correctly. However, it does not + guarantee that your NixOS configuration will boot successfully on the + host hardware (i.e., after running nixos-rebuild + switch), because the hardware and boot loader configuration in + the VM are different. The boot loader is installed on an automatically + generated virtual disk containing a /boot + partition, which is mounted read-only in the VM. + Options This command accepts the following options: + @@ -280,56 +330,84 @@
+ - Causes the boot loader to be (re)installed on the device specified by the relevant configuration options. + Causes the boot loader to be (re)installed on the device specified by the + relevant configuration options. + - Normally, nixos-rebuild first builds the nixUnstable attribute in Nixpkgs, and uses the resulting instance of the Nix package manager to build the new system configuration. This is necessary if the NixOS modules use features not provided by the currently installed version of Nix. This option disables building a new Nix. + Normally, nixos-rebuild first builds the + nixUnstable attribute in Nixpkgs, and uses the + resulting instance of the Nix package manager to build the new system + configuration. This is necessary if the NixOS modules use features not + provided by the currently installed version of Nix. This option disables + building a new Nix. + - Equivalent to . This option is useful if you call nixos-rebuild frequently (e.g. if you’re hacking on a NixOS module). + Equivalent to + . This option is useful if you call + nixos-rebuild frequently (e.g. if you’re hacking on + a NixOS module). + - Instead of building a new configuration as specified by /etc/nixos/configuration.nix, roll back to the previous configuration. (The previous configuration is defined as the one before the “current” generation of the Nix profile /nix/var/nix/profiles/system.) + Instead of building a new configuration as specified by + /etc/nixos/configuration.nix, roll back to the + previous configuration. (The previous configuration is defined as the one + before the “current” generation of the Nix profile + /nix/var/nix/profiles/system.) + builder-spec - Allow ad-hoc remote builders for building the new system. This requires the user executing nixos-rebuild (usually root) to be configured as a trusted user in the Nix daemon. This can be achieved by using the nix.trustedUsers NixOS option. Examples values for that option are described in the Remote builds chapter in the Nix manual, (i.e. --builders "ssh://bigbrother x86_64-linux"). By specifying an empty string existing builders specified in /etc/nix/machines can be ignored: --builders "" for example when they are not reachable due to network connectivity. + Allow ad-hoc remote builders for building the new system. This requires + the user executing nixos-rebuild (usually root) to be + configured as a trusted user in the Nix daemon. This can be achieved by + using the nix.trustedUsers NixOS option. Examples + values for that option are described in the Remote builds + chapter in the Nix manual, (i.e. --builders + "ssh://bigbrother x86_64-linux"). By specifying an empty string + existing builders specified in /etc/nix/machines can + be ignored: --builders "" for example when they are + not reachable due to network connectivity. + @@ -339,56 +417,97 @@ - Instead of using the Nix profile /nix/var/nix/profiles/system to keep track of the current and previous system configurations, use /nix/var/nix/profiles/system-profiles/name. When you use GRUB 2, for every system profile created with this flag, NixOS will create a submenu named “NixOS - Profile 'name'” in GRUB’s boot menu, containing the current and previous configurations of this profile. + Instead of using the Nix profile + /nix/var/nix/profiles/system to keep track of the + current and previous system configurations, use + /nix/var/nix/profiles/system-profiles/name. + When you use GRUB 2, for every system profile created with this flag, + NixOS will create a submenu named “NixOS - Profile + 'name'” in GRUB’s boot menu, containing + the current and previous configurations of this profile. - For instance, if you want to test a configuration file named test.nix without affecting the default system profile, you would do: + For instance, if you want to test a configuration file named + test.nix without affecting the default system + profile, you would do: $ nixos-rebuild switch -p test -I nixos-config=./test.nix - The new configuration will appear in the GRUB 2 submenu “NixOS - Profile 'test'”. + The new configuration will appear in the GRUB 2 submenu “NixOS - + Profile 'test'”. + - Instead of building the new configuration locally, use the specified host to perform the build. The host needs to be accessible with ssh, and must be able to perform Nix builds. If the option is not set, the build will be copied back to the local machine when done. + Instead of building the new configuration locally, use the specified host + to perform the build. The host needs to be accessible with ssh, and must + be able to perform Nix builds. If the option + is not set, the build will be copied back + to the local machine when done. - Note that, if is not specified, Nix will be built both locally and remotely. This is because the configuration will always be evaluated locally even though the building might be performed remotely. + Note that, if is not specified, Nix will + be built both locally and remotely. This is because the configuration + will always be evaluated locally even though the building might be + performed remotely. - You can include a remote user name in the host name (user@host). You can also set ssh options by defining the NIX_SSHOPTS environment variable. + You can include a remote user name in the host name + (user@host). You can also set ssh options by + defining the NIX_SSHOPTS environment variable. + - Specifies the NixOS target host. By setting this to something other than localhost, the system activation will happen on the remote host instead of the local machine. The remote host needs to be accessible over ssh, and for the commands , and you need root access. + Specifies the NixOS target host. By setting this to something other than + localhost, the system activation will happen + on the remote host instead of the local machine. The remote host needs to + be accessible over ssh, and for the commands , + and you need root access. + - If is not explicitly specified, will implicitly be set to the same value as . So, if you only specify both building and activation will take place remotely (and no build artifacts will be copied to the local machine). + If is not explicitly specified, + will implicitly be set to the same value as + . So, if you only specify + both building and activation will take + place remotely (and no build artifacts will be copied to the local + machine). + - You can include a remote user name in the host name (user@host). You can also set ssh options by defining the NIX_SSHOPTS environment variable. + You can include a remote user name in the host name + (user@host). You can also set ssh options by + defining the NIX_SSHOPTS environment variable. + - In addition, nixos-rebuild accepts various Nix-related flags, including / , , , and / . See the Nix manual for details. + In addition, nixos-rebuild accepts various Nix-related + flags, including / , + , , + and / + . See the Nix manual for details. + Environment + @@ -396,25 +515,31 @@ - Path to the main NixOS configuration module. Defaults to /etc/nixos/configuration.nix. + Path to the main NixOS configuration module. Defaults to + /etc/nixos/configuration.nix. + NIX_SSHOPTS - Additional options to be passed to ssh on the command line. + Additional options to be passed to ssh on the command + line. + Files + + /run/current-system @@ -425,18 +550,22 @@
+ /nix/var/nix/profiles/system - The Nix profile that contains the current and previous system configurations. Used to generate the GRUB boot menu. + The Nix profile that contains the current and previous system + configurations. Used to generate the GRUB boot menu. + + Bugs diff --git a/nixos/doc/manual/man-nixos-version.xml b/nixos/doc/manual/man-nixos-version.xml index cb844da10f01..931c4a5ad029 100644 --- a/nixos/doc/manual/man-nixos-version.xml +++ b/nixos/doc/manual/man-nixos-version.xml @@ -25,7 +25,8 @@ Description - This command shows the version of the currently active NixOS configuration. For example: + This command shows the version of the currently active NixOS configuration. + For example: $ nixos-version 16.03.1011.6317da4 (Emu) @@ -37,7 +38,8 @@ - The NixOS release, indicating the year and month in which it was released (e.g. March 2016). + The NixOS release, indicating the year and month in which it was + released (e.g. March 2016). @@ -47,7 +49,12 @@ - The number of commits in the Nixpkgs Git repository between the start of the release branch and the commit from which this version was built. This ensures that NixOS versions are monotonically increasing. It is git when the current NixOS configuration was built from a checkout of the Nixpkgs Git repository rather than from a NixOS channel. + The number of commits in the Nixpkgs Git repository between the start of + the release branch and the commit from which this version was built. + This ensures that NixOS versions are monotonically increasing. It is + git when the current NixOS configuration was built + from a checkout of the Nixpkgs Git repository rather than from a NixOS + channel. @@ -57,7 +64,8 @@ - The first 7 characters of the commit in the Nixpkgs Git repository from which this version was built. + The first 7 characters of the commit in the Nixpkgs Git repository from + which this version was built. @@ -67,7 +75,9 @@ - The code name of the NixOS release. The first letter of the code name indicates that this is the N'th stable NixOS release; for example, Emu is the fifth release. + The code name of the NixOS release. The first letter of the code name + indicates that this is the N'th stable NixOS release; for example, Emu + is the fifth release. @@ -89,7 +99,8 @@ - Show the full SHA1 hash of the Git commit from which this configuration was built, e.g. + Show the full SHA1 hash of the Git commit from which this configuration + was built, e.g. $ nixos-version --hash 6317da40006f6bc2480c6781999c52d88dde2acf diff --git a/nixos/doc/manual/manual.xml b/nixos/doc/manual/manual.xml index 9f7260b24954..12f52e1997c8 100644 --- a/nixos/doc/manual/manual.xml +++ b/nixos/doc/manual/manual.xml @@ -11,17 +11,26 @@ Preface - This manual describes how to install, use and extend NixOS, a Linux distribution based on the purely functional package management system Nix. + This manual describes how to install, use and extend NixOS, a Linux + distribution based on the purely functional package management system Nix. - If you encounter problems, please report them on the Discourse or on the #nixos channel on Freenode. Bugs should be reported in NixOS’ GitHub issue tracker. + If you encounter problems, please report them on the + Discourse or + on the + #nixos channel on Freenode. Bugs should be + reported in + NixOS’ + GitHub issue tracker. - Commands prefixed with # have to be run as root, either requiring to login as root user or temporarily switching to it using sudo for example. + Commands prefixed with # have to be run as root, either + requiring to login as root user or temporarily switching to it using + sudo for example. diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 198f8eb34818..444862c5739b 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -5,7 +5,8 @@ xml:id="ch-release-notes"> Release Notes - This section lists the release notes for each stable version of NixOS and current unstable revision. + This section lists the release notes for each stable version of NixOS and + current unstable revision. diff --git a/nixos/doc/manual/release-notes/rl-1404.xml b/nixos/doc/manual/release-notes/rl-1404.xml index 26dc5bb252e0..8d8cea4303a3 100644 --- a/nixos/doc/manual/release-notes/rl-1404.xml +++ b/nixos/doc/manual/release-notes/rl-1404.xml @@ -6,16 +6,23 @@ Release 14.04 (“Baboon”, 2014/04/30) - This is the second stable release branch of NixOS. In addition to numerous new and upgraded packages and modules, this release has the following highlights: + This is the second stable release branch of NixOS. In addition to numerous + new and upgraded packages and modules, this release has the following + highlights: - Installation on UEFI systems is now supported. See for details. + Installation on UEFI systems is now supported. See + for details. - Systemd has been updated to version 212, which has numerous improvements. NixOS now automatically starts systemd user instances when you log in. You can define global user units through the options. + Systemd has been updated to version 212, which has + numerous + improvements. NixOS now automatically starts systemd user instances + when you log in. You can define global user units through the + options. @@ -40,28 +47,47 @@ - Nix has been updated to 1.7 (details). - NixOS now supports fully declarative management of users and groups. If you set to false, then the contents of /etc/passwd and /etc/group will be congruent to your NixOS configuration. For instance, if you remove a user from and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. If is true (the default), then behaviour is unchanged from NixOS 13.10. + NixOS now supports fully declarative management of users and groups. If + you set to false, + then the contents of /etc/passwd and + /etc/group will be + congruent + to your NixOS configuration. For instance, if you remove a user from + and run + nixos-rebuild, the user account will cease to exist. + Also, imperative commands for managing users and groups, such as + useradd, are no longer available. If + is true (the + default), then behaviour is unchanged from NixOS 13.10. - NixOS now has basic container support, meaning you can easily run a NixOS instance as a container in a NixOS host system. These containers are suitable for testing and experimentation but not production use, since they’re not fully isolated from the host. See for details. + NixOS now has basic container support, meaning you can easily run a NixOS + instance as a container in a NixOS host system. These containers are + suitable for testing and experimentation but not production use, since + they’re not fully isolated from the host. See + for details. - Systemd units provided by packages can now be overridden from the NixOS configuration. For instance, if a package foo provides systemd units, you can say: + Systemd units provided by packages can now be overridden from the NixOS + configuration. For instance, if a package foo provides + systemd units, you can say: systemd.packages = [ pkgs.foo ]; - to enable those units. You can then set or override unit options in the usual way, e.g. + to enable those units. You can then set or override unit options in the + usual way, e.g. systemd.services.foo.wantedBy = [ "multi-user.target" ]; systemd.services.foo.serviceConfig.MemoryLimit = "512M"; @@ -72,11 +98,14 @@ systemd.services.foo.serviceConfig.MemoryLimit = "512M"; - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - Nixpkgs no longer exposes unfree packages by default. If your NixOS configuration requires unfree packages from Nixpkgs, you need to enable support for them explicitly by setting: + Nixpkgs no longer exposes unfree packages by default. If your NixOS + configuration requires unfree packages from Nixpkgs, you need to enable + support for them explicitly by setting: nixpkgs.config.allowUnfree = true; @@ -89,7 +118,8 @@ error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix: - The Adobe Flash player is no longer enabled by default in the Firefox and Chromium wrappers. To enable it, you must set: + The Adobe Flash player is no longer enabled by default in the Firefox and + Chromium wrappers. To enable it, you must set: nixpkgs.config.allowUnfree = true; nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox @@ -99,7 +129,8 @@ nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium - The firewall is now enabled by default. If you don’t want this, you need to disable it explicitly: + The firewall is now enabled by default. If you don’t want this, you need + to disable it explicitly: networking.firewall.enable = false; @@ -107,22 +138,40 @@ networking.firewall.enable = false; - The option has been renamed to . + The option has been renamed to + . - The mysql55 service has been merged into the mysql service, which no longer sets a default for the option . + The mysql55 service has been merged into the + mysql service, which no longer sets a default for the + option . - Package variants are now differentiated by suffixing the name, rather than the version. For instance, sqlite-3.8.4.3-interactive is now called sqlite-interactive-3.8.4.3. This ensures that nix-env -i sqlite is unambiguous, and that nix-env -u won’t “upgrade” sqlite to sqlite-interactive or vice versa. Notably, this change affects the Firefox wrapper (which provides plugins), as it is now called firefox-wrapper. So when using nix-env, you should do nix-env -e firefox; nix-env -i firefox-wrapper if you want to keep using the wrapper. This change does not affect declarative package management, since attribute names like pkgs.firefoxWrapper were already unambiguous. + Package variants are now differentiated by suffixing the name, rather than + the version. For instance, sqlite-3.8.4.3-interactive + is now called sqlite-interactive-3.8.4.3. This + ensures that nix-env -i sqlite is unambiguous, and that + nix-env -u won’t “upgrade” + sqlite to sqlite-interactive or vice + versa. Notably, this change affects the Firefox wrapper (which provides + plugins), as it is now called firefox-wrapper. So when + using nix-env, you should do nix-env -e + firefox; nix-env -i firefox-wrapper if you want to keep using + the wrapper. This change does not affect declarative package management, + since attribute names like pkgs.firefoxWrapper were + already unambiguous. - The symlink /etc/ca-bundle.crt is gone. Programs should instead use the environment variable OPENSSL_X509_CERT_FILE (which points to /etc/ssl/certs/ca-bundle.crt). + The symlink /etc/ca-bundle.crt is gone. Programs + should instead use the environment variable + OPENSSL_X509_CERT_FILE (which points to + /etc/ssl/certs/ca-bundle.crt). diff --git a/nixos/doc/manual/release-notes/rl-1412.xml b/nixos/doc/manual/release-notes/rl-1412.xml index af17e166322d..139f61c2a550 100644 --- a/nixos/doc/manual/release-notes/rl-1412.xml +++ b/nixos/doc/manual/release-notes/rl-1412.xml @@ -6,16 +6,19 @@ Release 14.12 (“Caterpillar”, 2014/12/30) - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - Systemd has been updated to version 217, which has numerous improvements. + Systemd has been updated to version 217, which has numerous + improvements. - Nix has been updated to 1.8. + + Nix has been updated to 1.8. @@ -35,7 +38,13 @@ - If is enabled (the default), changes made to the declaration of a user or group will be correctly realised when running nixos-rebuild. For instance, removing a user specification from configuration.nix will cause the actual user account to be deleted. If is disabled, it is no longer necessary to specify UIDs or GIDs; if omitted, they are allocated dynamically. + If is enabled (the default), changes + made to the declaration of a user or group will be correctly realised when + running nixos-rebuild. For instance, removing a user + specification from configuration.nix will cause the + actual user account to be deleted. If + is disabled, it is no longer necessary to specify UIDs or GIDs; if + omitted, they are allocated dynamically. @@ -353,12 +362,18 @@ - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - The default version of Apache httpd is now 2.4. If you use the option to pass literal Apache configuration text, you may need to update it — see Apache’s documentation for details. If you wish to continue to use httpd 2.2, add the following line to your NixOS configuration: + The default version of Apache httpd is now 2.4. If you use the + option to pass literal Apache configuration + text, you may need to update it — see + Apache’s + documentation for details. If you wish to continue to use httpd + 2.2, add the following line to your NixOS configuration: services.httpd.package = pkgs.apacheHttpd_2_2; @@ -366,57 +381,85 @@ services.httpd.package = pkgs.apacheHttpd_2_2; - PHP 5.3 has been removed because it is no longer supported by the PHP project. A migration guide is available. + PHP 5.3 has been removed because it is no longer supported by the PHP + project. A migration + guide is available. - The host side of a container virtual Ethernet pair is now called ve-container-name rather than c-container-name. + The host side of a container virtual Ethernet pair is now called + ve-container-name rather + than c-container-name. - GNOME 3.10 support has been dropped. The default GNOME version is now 3.12. + GNOME 3.10 support has been dropped. The default GNOME version is now + 3.12. - VirtualBox has been upgraded to 4.3.20 release. Users may be required to run rm -rf /tmp/.vbox*. The line imports = [ <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is no longer necessary, use services.virtualboxHost.enable = true instead. + VirtualBox has been upgraded to 4.3.20 release. Users may be required to + run rm -rf /tmp/.vbox*. The line imports = [ + <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is no + longer necessary, use services.virtualboxHost.enable = + true instead. - Also, hardening mode is now enabled by default, which means that unless you want to use USB support, you no longer need to be a member of the vboxusers group. + Also, hardening mode is now enabled by default, which means that unless + you want to use USB support, you no longer need to be a member of the + vboxusers group. - Chromium has been updated to 39.0.2171.65. is now enabled by default. chromium*Wrapper packages no longer exist, because upstream removed NSAPI support. chromium-stable has been renamed to chromium. + Chromium has been updated to 39.0.2171.65. + is now enabled by default. + chromium*Wrapper packages no longer exist, because + upstream removed NSAPI support. chromium-stable has + been renamed to chromium. - Python packaging documentation is now part of nixpkgs manual. To override the python packages available to a custom python you now use pkgs.pythonFull.buildEnv.override instead of pkgs.pythonFull.override. + Python packaging documentation is now part of nixpkgs manual. To override + the python packages available to a custom python you now use + pkgs.pythonFull.buildEnv.override instead of + pkgs.pythonFull.override. - boot.resumeDevice = "8:6" is no longer supported. Most users will want to leave it undefined, which takes the swap partitions automatically. There is an evaluation assertion to ensure that the string starts with a slash. + boot.resumeDevice = "8:6" is no longer supported. Most + users will want to leave it undefined, which takes the swap partitions + automatically. There is an evaluation assertion to ensure that the string + starts with a slash. - The system-wide default timezone for NixOS installations changed from CET to UTC. To choose a different timezone for your system, configure time.timeZone in configuration.nix. A fairly complete list of possible values for that setting is available at CET to UTC. To choose a different + timezone for your system, configure time.timeZone in + configuration.nix. A fairly complete list of possible + values for that setting is available at + . - GNU screen has been updated to 4.2.1, which breaks the ability to connect to sessions created by older versions of screen. + GNU screen has been updated to 4.2.1, which breaks the ability to connect + to sessions created by older versions of screen. - The Intel GPU driver was updated to the 3.x prerelease version (used by most distributions) and supports DRI3 now. + The Intel GPU driver was updated to the 3.x prerelease version (used by + most distributions) and supports DRI3 now. diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index 5e162c3f0f73..5c4d99701785 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -6,23 +6,42 @@ Release 15.09 (“Dingo”, 2015/09/30) - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - The Haskell packages infrastructure has been re-designed from the ground up ("Haskell NG"). NixOS now distributes the latest version of every single package registered on Hackage -- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the User's Guide to the Haskell Infrastructure. Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single LTS Haskell release since version 0.0 as well as the most recent Stackage Nightly snapshot. The announcement "Full Stackage Support in Nixpkgs" gives additional details. + The Haskell packages + infrastructure has been re-designed from the ground up ("Haskell + NG"). NixOS now distributes the latest version of every single package + registered on + Hackage -- well + in excess of 8,000 Haskell packages. Detailed instructions on how to use + that infrastructure can be found in the + User's + Guide to the Haskell Infrastructure. Users migrating from an earlier + release may find helpful information below, in the list of + backwards-incompatible changes. Furthermore, we distribute 51(!) additional + Haskell package sets that provide every single + LTS Haskell release + since version 0.0 as well as the most recent + Stackage Nightly + snapshot. The announcement + "Full + Stackage Support in Nixpkgs" gives additional details. - Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security. + Nix has been updated to version 1.10, which among other improvements + enables cryptographic signatures on binary caches for improved security. @@ -31,7 +50,8 @@ system.autoUpgrade.enable = true; - This will cause the system to periodically check for updates in your current channel and run nixos-rebuild. + This will cause the system to periodically check for updates in your + current channel and run nixos-rebuild. @@ -51,7 +71,8 @@ system.autoUpgrade.enable = true; - KDE 5 has been upgraded to KDE Frameworks 5.10, Plasma 5.3.2 and Applications 15.04.3. KDE 4 has been updated to kdelibs-4.14.10. + KDE 5 has been upgraded to KDE Frameworks 5.10, Plasma 5.3.2 and + Applications 15.04.3. KDE 4 has been updated to kdelibs-4.14.10. @@ -403,61 +424,93 @@ system.autoUpgrade.enable = true; - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - sshd no longer supports DSA and ECDSA host keys by default. If you have existing systems with such host keys and want to continue to use them, please set + sshd no longer supports DSA and ECDSA host keys by + default. If you have existing systems with such host keys and want to + continue to use them, please set system.stateVersion = "14.12"; - The new option ensures that certain configuration changes that could break existing systems (such as the sshd host key setting) will maintain compatibility with the specified NixOS release. NixOps sets the state version of existing deployments automatically. + The new option ensures that certain + configuration changes that could break existing systems (such as the + sshd host key setting) will maintain compatibility with + the specified NixOS release. NixOps sets the state version of existing + deployments automatically. - cron is no longer enabled by default, unless you have a non-empty . To force cron to be enabled, set . + cron is no longer enabled by default, unless you have a + non-empty . To force + cron to be enabled, set . - Nix now requires binary caches to be cryptographically signed. If you have unsigned binary caches that you want to continue to use, you should set . + Nix now requires binary caches to be cryptographically signed. If you have + unsigned binary caches that you want to continue to use, you should set + . - Steam now doesn't need root rights to work. Instead of using *-steam-chrootenv, you should now just run steam. steamChrootEnv package was renamed to steam, and old steam package -- to steamOriginal. + Steam now doesn't need root rights to work. Instead of using + *-steam-chrootenv, you should now just run + steam. steamChrootEnv package was + renamed to steam, and old steam + package -- to steamOriginal. - CMPlayer has been renamed to bomi upstream. Package cmplayer was accordingly renamed to bomi + CMPlayer has been renamed to bomi upstream. Package + cmplayer was accordingly renamed to + bomi - Atom Shell has been renamed to Electron upstream. Package atom-shell was accordingly renamed to electron + Atom Shell has been renamed to Electron upstream. Package + atom-shell was accordingly renamed to + electron - Elm is not released on Hackage anymore. You should now use elmPackages.elm which contains the latest Elm platform. + Elm is not released on Hackage anymore. You should now use + elmPackages.elm which contains the latest Elm platform. - The CUPS printing service has been updated to version 2.0.2. Furthermore its systemd service has been renamed to cups.service. + The CUPS printing service has been updated to version + 2.0.2. Furthermore its systemd service has been renamed + to cups.service. - Local printers are no longer shared or advertised by default. This behavior can be changed by enabling or respectively. + Local printers are no longer shared or advertised by default. This + behavior can be changed by enabling + or + respectively. - The VirtualBox host and guest options have been named more consistently. They can now found in instead of and instead of . + The VirtualBox host and guest options have been named more consistently. + They can now found in + instead of and + instead of + . - Also, there now is support for the vboxsf file system using the configuration attribute. An example of how this can be used in a configuration: + Also, there now is support for the vboxsf file system + using the configuration attribute. An example + of how this can be used in a configuration: fileSystems."/shiny" = { device = "myshinysharedfolder"; @@ -468,7 +521,15 @@ fileSystems."/shiny" = { - "nix-env -qa" no longer discovers Haskell packages by name. The only packages visible in the global scope are ghc, cabal-install, and stack, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most nix-env -qa operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running: + "nix-env -qa" no longer discovers Haskell + packages by name. The only packages visible in the global scope are + ghc, cabal-install, and + stack, but all other packages are hidden. The reason + for this inconvenience is the sheer size of the Haskell package set. + Name-based lookups are expensive, and most nix-env -qa + operations would become much slower if we'd add the entire Hackage + database into the top level attribute set. Instead, the list of Haskell + packages can be displayed by running: nix-env -f "<nixpkgs>" -qaP -A haskellPackages @@ -480,56 +541,91 @@ nix-env -f "<nixpkgs>" -qaP -A haskellPackages nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc - Installing Haskell libraries this way, however, is no longer supported. See the next item for more details. + Installing Haskell libraries this way, however, is no + longer supported. See the next item for more details. - Previous versions of NixOS came with a feature called ghc-wrapper, a small script that allowed GHC to transparently pick up on libraries installed in the user's profile. This feature has been deprecated; ghc-wrapper was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the haskellPackages.ghcWithPackages function. The User's Guide to the Haskell Infrastructure provides more information about this subject. + Previous versions of NixOS came with a feature called + ghc-wrapper, a small script that allowed GHC to + transparently pick up on libraries installed in the user's profile. This + feature has been deprecated; ghc-wrapper was removed + from the distribution. The proper way to register Haskell libraries with + the compiler now is the haskellPackages.ghcWithPackages + function. The + User's + Guide to the Haskell Infrastructure provides more information about + this subject. - All Haskell builds that have been generated with version 1.x of the cabal2nix utility are now invalid and need to be re-generated with a current version of cabal2nix to function. The most recent version of this tool can be installed by running nix-env -i cabal2nix. + All Haskell builds that have been generated with version 1.x of the + cabal2nix utility are now invalid and need to be + re-generated with a current version of cabal2nix to + function. The most recent version of this tool can be installed by running + nix-env -i cabal2nix. - The haskellPackages set in Nixpkgs used to have a function attribute called extension that users could override in their ~/.nixpkgs/config.nix files to configure additional attributes, etc. That function still exists, but it's now called overrides. + The haskellPackages set in Nixpkgs used to have a + function attribute called extension that users could + override in their ~/.nixpkgs/config.nix files to + configure additional attributes, etc. That function still exists, but it's + now called overrides. - The OpenBLAS library has been updated to version 0.2.14. Support for the x86_64-darwin platform was added. Dynamic architecture detection was enabled; OpenBLAS now selects microarchitecture-optimized routines at runtime, so optimal performance is achieved without the need to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages which use an optimized BLAS or LAPACK implementation. + The OpenBLAS library has been updated to version + 0.2.14. Support for the + x86_64-darwin platform was added. Dynamic architecture + detection was enabled; OpenBLAS now selects microarchitecture-optimized + routines at runtime, so optimal performance is achieved without the need + to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages + which use an optimized BLAS or LAPACK implementation. - The phpfpm is now using the default PHP version (pkgs.php) instead of PHP 5.4 (pkgs.php54). + The phpfpm is now using the default PHP version + (pkgs.php) instead of PHP 5.4 + (pkgs.php54). - The locate service no longer indexes the Nix store by default, preventing packages with potentially numerous versions from cluttering the output. Indexing the store can be activated by setting . + The locate service no longer indexes the Nix store by + default, preventing packages with potentially numerous versions from + cluttering the output. Indexing the store can be activated by setting + . - The Nix expression search path (NIX_PATH) no longer contains /etc/nixos/nixpkgs by default. You can override NIX_PATH by setting . + The Nix expression search path (NIX_PATH) no longer + contains /etc/nixos/nixpkgs by default. You can + override NIX_PATH by setting . - Python 2.6 has been marked as broken (as it no longer receives security updates from upstream). + Python 2.6 has been marked as broken (as it no longer receives security + updates from upstream). - Any use of module arguments such as pkgs to access library functions, or to define imports attributes will now lead to an infinite loop at the time of the evaluation. + Any use of module arguments such as pkgs to access + library functions, or to define imports attributes will + now lead to an infinite loop at the time of the evaluation. - In case of an infinite loop, use the --show-trace command line argument and read the line just above the error message. + In case of an infinite loop, use the --show-trace + command line argument and read the line just above the error message. $ nixos-rebuild build --show-trace … @@ -538,7 +634,9 @@ infinite recursion encountered - Any use of pkgs.lib, should be replaced by lib, after adding it as argument of the module. The following module + Any use of pkgs.lib, should be replaced by + lib, after adding it as argument of the module. The + following module { config, pkgs, ... }: @@ -566,7 +664,9 @@ with lib; - When pkgs is used to download other projects to import their modules, and only in such cases, it should be replaced by (import <nixpkgs> {}). The following module + When pkgs is used to download other projects to import + their modules, and only in such cases, it should be replaced by + (import <nixpkgs> {}). The following module { config, pkgs, ... }: @@ -606,25 +706,43 @@ in - The nixos and nixpkgs channels were unified, so one can use nix-env -iA nixos.bash instead of nix-env -iA nixos.pkgs.bash. See the commit for details. + The nixos and nixpkgs channels were unified, so one + can use nix-env -iA nixos.bash + instead of nix-env -iA nixos.pkgs.bash. See + the + commit for details. - Users running an SSH server who worry about the quality of their /etc/ssh/moduli file with respect to the vulnerabilities discovered in the Diffie-Hellman key exchange can now replace OpenSSH's default version with one they generated themselves using the new option. + Users running an SSH server who worry about the quality of their + /etc/ssh/moduli file with respect to the + vulnerabilities + discovered in the Diffie-Hellman key exchange can now replace + OpenSSH's default version with one they generated themselves using the new + option. - A newly packaged TeX Live 2015 is provided in pkgs.texlive, split into 6500 nix packages. For basic user documentation see the source. Beware of an issue when installing a too large package set. The plan is to deprecate and maybe delete the original TeX packages until the next release. + A newly packaged TeX Live 2015 is provided in + pkgs.texlive, split into 6500 nix packages. For basic + user documentation see + the + source. Beware of + an + issue when installing a too large package set. The plan is to + deprecate and maybe delete the original TeX packages until the next + release. - on all Python interpreters is now available for nix-shell interoperability. + on all Python interpreters is now available + for nix-shell interoperability. diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index 94808b360764..9b512c4b1e58 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -6,14 +6,17 @@ Release 16.03 (“Emu”, 2016/03/31) - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - Systemd 229, bringing numerous improvements over 217. + Systemd 229, bringing + numerous + improvements over 217. @@ -23,8 +26,11 @@ - GCC 5.3 (was 4.9). Note that GCC 5 changes the C++ ABI in an incompatible way; this may cause problems if you try to link objects compiled with different versions of GCC. + GCC 5.3 (was 4.9). Note that GCC 5 + changes + the C++ ABI in an incompatible way; this may cause problems if you + try to link objects compiled with different versions of GCC. @@ -39,10 +45,20 @@ - Improved support for ensuring bitwise reproducible builds. For example, stdenv now sets the environment variable SOURCE_DATE_EPOCH to a deterministic value, and Nix has gained an option to repeat a build a number of times to test determinism. An ongoing project, the goal of exact reproducibility is to allow binaries to be verified independently (e.g., a user might only trust binaries that appear in three independent binary caches). + Improved support for ensuring + bitwise + reproducible builds. For example, stdenv now sets + the environment variable + SOURCE_DATE_EPOCH + to a deterministic value, and Nix has + gained + an option to repeat a build a number of times to test determinism. + An ongoing project, the goal of exact reproducibility is to allow binaries + to be verified independently (e.g., a user might only trust binaries that + appear in three independent binary caches). @@ -319,38 +335,56 @@ - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - We no longer produce graphical ISO images and VirtualBox images for i686-linux. A minimal ISO image is still provided. + We no longer produce graphical ISO images and VirtualBox images for + i686-linux. A minimal ISO image is still provided. - Firefox and similar browsers are now wrapped by default. The package and attribute names are plain firefox or midori, etc. Backward-compatibility attributes were set up, but note that nix-env -u will not update your current firefox-with-plugins; you have to uninstall it and install firefox instead. + Firefox and similar browsers are now wrapped by + default. The package and attribute names are plain + firefox or midori, etc. + Backward-compatibility attributes were set up, but note that + nix-env -u will not update your + current firefox-with-plugins; you have to uninstall it + and install firefox instead. - wmiiSnap has been replaced with wmii_hg, but services.xserver.windowManager.wmii.enable has been updated respectively so this only affects you if you have explicitly installed wmiiSnap. + wmiiSnap has been replaced with + wmii_hg, but + services.xserver.windowManager.wmii.enable has been + updated respectively so this only affects you if you have explicitly + installed wmiiSnap. - jobs NixOS option has been removed. It served as compatibility layer between Upstart jobs and SystemD services. All services have been rewritten to use systemd.services + jobs NixOS option has been removed. It served as + compatibility layer between Upstart jobs and SystemD services. All services + have been rewritten to use systemd.services - wmiimenu is removed, as it has been removed by the developers upstream. Use wimenu from the wmii-hg package. + wmiimenu is removed, as it has been removed by the + developers upstream. Use wimenu from the + wmii-hg package. - Gitit is no longer automatically added to the module list in NixOS and as such there will not be any manual entries for it. You will need to add an import statement to your NixOS configuration in order to use it, e.g. + Gitit is no longer automatically added to the module list in NixOS and as + such there will not be any manual entries for it. You will need to add an + import statement to your NixOS configuration in order to use it, e.g. ]; @@ -361,7 +395,10 @@ - nginx does not accept flags for enabling and disabling modules anymore. Instead it accepts modules argument, which is a list of modules to be built in. All modules now reside in nginxModules set. Example configuration: + nginx does not accept flags for enabling and disabling + modules anymore. Instead it accepts modules argument, + which is a list of modules to be built in. All modules now reside in + nginxModules set. Example configuration: - s3sync is removed, as it hasn't been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at tarsnap and others. + s3sync is removed, as it hasn't been developed by + upstream for 4 years and only runs with ruby 1.8. For an actively-developer + alternative look at tarsnap and others. - ruby_1_8 has been removed as it's not supported from upstream anymore and probably contains security issues. + ruby_1_8 has been removed as it's not supported from + upstream anymore and probably contains security issues. - tidy-html5 package is removed. Upstream only provided (lib)tidy5 during development, and now they went back to (lib)tidy to work as a drop-in replacement of the original package that has been unmaintained for years. You can (still) use the html-tidy package, which got updated to a stable release from this new upstream. + tidy-html5 package is removed. Upstream only provided + (lib)tidy5 during development, and now they went back to + (lib)tidy to work as a drop-in replacement of the + original package that has been unmaintained for years. You can (still) use + the html-tidy package, which got updated to a stable + release from this new upstream. - extraDeviceOptions argument is removed from bumblebee package. Instead there are now two separate arguments: extraNvidiaDeviceOptions and extraNouveauDeviceOptions for setting extra X11 options for nvidia and nouveau drivers, respectively. + extraDeviceOptions argument is removed from + bumblebee package. Instead there are now two separate + arguments: extraNvidiaDeviceOptions and + extraNouveauDeviceOptions for setting extra X11 options + for nvidia and nouveau drivers, respectively. - The Ctrl+Alt+Backspace key combination no longer kills the X server by default. There's a new option allowing to enable the combination again. + The Ctrl+Alt+Backspace key combination no longer kills + the X server by default. There's a new option + allowing to enable + the combination again. - emacsPackagesNg now contains all packages from the ELPA, MELPA, and MELPA Stable repositories. + emacsPackagesNg now contains all packages from the ELPA, + MELPA, and MELPA Stable repositories. - Data directory for Postfix MTA server is moved from /var/postfix to /var/lib/postfix. Old configurations are migrated automatically. service.postfix module has also received many improvements, such as correct directories' access rights, new aliasFiles and mapFiles options and more. + Data directory for Postfix MTA server is moved from + /var/postfix to /var/lib/postfix. + Old configurations are migrated automatically. + service.postfix module has also received many + improvements, such as correct directories' access rights, new + aliasFiles and mapFiles options and + more. - Filesystem options should now be configured as a list of strings, not a comma-separated string. The old style will continue to work, but print a warning, until the 16.09 release. An example of the new style: + Filesystem options should now be configured as a list of strings, not a + comma-separated string. The old style will continue to work, but print a + warning, until the 16.09 release. An example of the new style: fileSystems."/example" = { device = "/dev/sdc"; @@ -418,20 +479,44 @@ fileSystems."/example" = { - CUPS, installed by services.printing module, now has its data directory in /var/lib/cups. Old configurations from /etc/cups are moved there automatically, but there might be problems. Also configuration options services.printing.cupsdConf and services.printing.cupsdFilesConf were removed because they had been allowing one to override configuration variables required for CUPS to work at all on NixOS. For most use cases, services.printing.extraConf and new option services.printing.extraFilesConf should be enough; if you encounter a situation when they are not, please file a bug. + CUPS, installed by services.printing module, now has its + data directory in /var/lib/cups. Old configurations + from /etc/cups are moved there automatically, but + there might be problems. Also configuration options + services.printing.cupsdConf and + services.printing.cupsdFilesConf were removed because + they had been allowing one to override configuration variables required for + CUPS to work at all on NixOS. For most use cases, + services.printing.extraConf and new option + services.printing.extraFilesConf should be enough; if + you encounter a situation when they are not, please file a bug. - There are also Gutenprint improvements; in particular, a new option services.printing.gutenprint is added to enable automatic updating of Gutenprint PPMs; it's greatly recommended to enable it instead of adding gutenprint to the drivers list. + There are also Gutenprint improvements; in particular, a new option + services.printing.gutenprint is added to enable + automatic updating of Gutenprint PPMs; it's greatly recommended to enable + it instead of adding gutenprint to the + drivers list. - services.xserver.vaapiDrivers has been removed. Use hardware.opengl.extraPackages{,32} instead. You can also specify VDPAU drivers there. + services.xserver.vaapiDrivers has been removed. Use + hardware.opengl.extraPackages{,32} instead. You can also + specify VDPAU drivers there. - programs.ibus moved to i18n.inputMethod.ibus. The option programs.ibus.plugins changed to i18n.inputMethod.ibus.engines and the option to enable ibus changed from programs.ibus.enable to i18n.inputMethod.enabled. i18n.inputMethod.enabled should be set to the used input method name, "ibus" for ibus. An example of the new style: + programs.ibus moved to + i18n.inputMethod.ibus. The option + programs.ibus.plugins changed to + i18n.inputMethod.ibus.engines and the option to enable + ibus changed from programs.ibus.enable to + i18n.inputMethod.enabled. + i18n.inputMethod.enabled should be set to the used input + method name, "ibus" for ibus. An example of the new + style: i18n.inputMethod.enabled = "ibus"; i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ]; @@ -445,17 +530,26 @@ programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ]; - services.udev.extraRules option now writes rules to 99-local.rules instead of 10-local.rules. This makes all the user rules apply after others, so their results wouldn't be overriden by anything else. + services.udev.extraRules option now writes rules to + 99-local.rules instead of + 10-local.rules. This makes all the user rules apply + after others, so their results wouldn't be overriden by anything else. - Large parts of the services.gitlab module has been been rewritten. There are new configuration options available. The stateDir option was renamned to statePath and the satellitesDir option was removed. Please review the currently available options. + Large parts of the services.gitlab module has been been + rewritten. There are new configuration options available. The + stateDir option was renamned to + statePath and the satellitesDir + option was removed. Please review the currently available options. - The option no longer interpret the dollar sign ($) as a shell variable, as such it should not be escaped anymore. Thus the following zone data: + The option no longer + interpret the dollar sign ($) as a shell variable, as such it should not be + escaped anymore. Thus the following zone data: \$ORIGIN example.com. @@ -473,7 +567,9 @@ $TTL 1800 - service.syncthing.dataDir options now has to point to exact folder where syncthing is writing to. Example configuration should look something like: + service.syncthing.dataDir options now has to point to + exact folder where syncthing is writing to. Example configuration should + look something like: services.syncthing = { @@ -485,24 +581,45 @@ services.syncthing = { - networking.firewall.allowPing is now enabled by default. Users are encouraged to configure an appropriate rate limit for their machines using the Kernel interface at /proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit or using the firewall itself, i.e. by setting the NixOS option networking.firewall.pingLimit. + networking.firewall.allowPing is now enabled by default. + Users are encouraged to configure an appropriate rate limit for their + machines using the Kernel interface at + /proc/sys/net/ipv4/icmp_ratelimit and + /proc/sys/net/ipv6/icmp/ratelimit or using the + firewall itself, i.e. by setting the NixOS option + networking.firewall.pingLimit. - Systems with some broadcom cards used to result into a generated config that is no longer accepted. If you get errors like + Systems with some broadcom cards used to result into a generated config + that is no longer accepted. If you get errors like error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created - you should either re-run nixos-generate-config or manually replace "${config.boot.kernelPackages.broadcom_sta}" by config.boot.kernelPackages.broadcom_sta in your /etc/nixos/hardware-configuration.nix. More discussion is on the github issue. + you should either re-run nixos-generate-config or + manually replace + "${config.boot.kernelPackages.broadcom_sta}" by + config.boot.kernelPackages.broadcom_sta in your + /etc/nixos/hardware-configuration.nix. More discussion + is on the + github issue. - The services.xserver.startGnuPGAgent option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to ~/.bashrc or some file that’s sourced when your shell is started: + The services.xserver.startGnuPGAgent option has been + removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new + approach no longer requires (or even supports) the "start everything as a + child of the agent" scheme we've implemented in NixOS for older versions. + To configure the gpg-agent for your X session, add the following code to + ~/.bashrc or some file that’s sourced when your + shell is started: GPG_TTY=$(tty) export GPG_TTY - If you want to use gpg-agent for SSH, too, add the following to your session initialization (e.g. displayManager.sessionCommands) + If you want to use gpg-agent for SSH, too, add the following to your + session initialization (e.g. + displayManager.sessionCommands) gpg-connect-agent /bye unset SSH_AGENT_PID @@ -512,11 +629,15 @@ export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh" enable-ssh-support - is included in your ~/.gnupg/gpg-agent.conf. You will need to use ssh-add to re-add your ssh keys. If gpg’s automatic transformation of the private keys to the new format fails, you will need to re-import your private keyring as well: + is included in your ~/.gnupg/gpg-agent.conf. You will + need to use ssh-add to re-add your ssh keys. If gpg’s + automatic transformation of the private keys to the new format fails, you + will need to re-import your private keyring as well: gpg --import ~/.gnupg/secring.gpg - The gpg-agent(1) man page has more details about this subject, i.e. in the "EXAMPLES" section. + The gpg-agent(1) man page has more details about this + subject, i.e. in the "EXAMPLES" section. @@ -540,7 +661,9 @@ gpg --import ~/.gnupg/secring.gpg - Input method support was improved. New NixOS modules (fcitx, nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n) have been added. + Input method support was improved. New NixOS modules (fcitx, nabi and + uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus + engines (hangul and m17n) have been added. diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml index 95e8fe3abcbc..4a2343edc970 100644 --- a/nixos/doc/manual/release-notes/rl-1609.xml +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -6,36 +6,48 @@ Release 16.09 (“Flounder”, 2016/09/30) - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - Many NixOS configurations and Nix packages now use significantly less disk space, thanks to the extensive work on closure size reduction. For example, the closure size of a minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB. + Many NixOS configurations and Nix packages now use significantly less disk + space, thanks to the + extensive + work on closure size reduction. For example, the closure size of a + minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in + 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB. - To improve security, packages are now built using various hardening features. See the Nixpkgs manual for more information. + To improve security, packages are now + built + using various hardening features. See the Nixpkgs manual for more + information. Support for PXE netboot. See for documentation. + linkend="sec-booting-from-pxe" /> + for documentation. - X.org server 1.18. If you use the ati_unfree driver, 1.17 is still used due to an ABI incompatibility. + X.org server 1.18. If you use the ati_unfree driver, + 1.17 is still used due to an ABI incompatibility. - This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default Linux kernel remains 4.4. + This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default + Linux kernel remains 4.4. @@ -53,71 +65,122 @@ - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages were changed late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) + A large number of packages have been converted to use the multiple outputs + feature of Nix to greatly reduce the amount of required disk space, as + mentioned above. This may require changes to any custom packages to make + them build again; see the relevant chapter in the Nixpkgs manual for more + information. (Additional caveat to packagers: some packaging conventions + related to multiple-output packages + were + changed late (August 2016) in the release cycle and differ from the + initial introduction of multiple outputs.) - Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided haskell.packages.lts-x_y package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. The motivation for this change has been discussed at length on the nix-dev mailing list and in Github issue #14897. Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in another nix-dev article. + Previous versions of Nixpkgs had support for all versions of the LTS + Haskell package set. That support has been dropped. The previously provided + haskell.packages.lts-x_y package sets still exist in + name to aviod breaking user code, but these package sets don't actually + contain the versions mandated by the corresponding LTS release. Instead, + our package set it loosely based on the latest available LTS release, i.e. + LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will + drop those old names entirely. + The + motivation for this change has been discussed at length on the + nix-dev mailing list and in + Github + issue #14897. Development strategies for Haskell hackers who want to + rely on Nix and NixOS have been described in + another + nix-dev article. - Shell aliases for systemd sub-commands were dropped: start, stop, restart, status. + Shell aliases for systemd sub-commands + were + dropped: start, stop, + restart, status. - Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default behavior of Redis 3.2 + Redis now binds to 127.0.0.1 only instead of listening to all network + interfaces. This is the default behavior of Redis 3.2 - /var/empty is now immutable. Activation script runs chattr +i to forbid any modifications inside the folder. See the pull request for what bugs this caused. + /var/empty is now immutable. Activation script runs + chattr +i to forbid any modifications inside the folder. + See the + pull request for what bugs this caused. - Gitlab's maintainance script gitlab-runner was removed and split up into the more clearer gitlab-run and gitlab-rake scripts, because gitlab-runner is a component of Gitlab CI. + Gitlab's maintainance script gitlab-runner was removed + and split up into the more clearer gitlab-run and + gitlab-rake scripts, because + gitlab-runner is a component of Gitlab CI. - services.xserver.libinput.accelProfile default changed from flat to adaptive, as per official documentation. + services.xserver.libinput.accelProfile default changed + from flat to adaptive, as per + + official documentation. - fonts.fontconfig.ultimate.rendering was removed because our presets were obsolete for some time. New presets are hardcoded into FreeType; you can select a preset via fonts.fontconfig.ultimate.preset. You can customize those presets via ordinary environment variables, using environment.variables. + fonts.fontconfig.ultimate.rendering was removed because + our presets were obsolete for some time. New presets are hardcoded into + FreeType; you can select a preset via + fonts.fontconfig.ultimate.preset. You can customize + those presets via ordinary environment variables, using + environment.variables. - The audit service is no longer enabled by default. Use security.audit.enable = true to explicitly enable it. + The audit service is no longer enabled by default. Use + security.audit.enable = true to explicitly enable it. - pkgs.linuxPackages.virtualbox now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new pkgs.virtualbox instead. + pkgs.linuxPackages.virtualbox now contains only the + kernel modules instead of the VirtualBox user space binaries. If you want + to reference the user space binaries, you have to use the new + pkgs.virtualbox instead. - goPackages was replaced with separated Go applications in appropriate nixpkgs categories. Each Go package uses its own dependency set. There's also a new go2nix tool introduced to generate a Go package definition from its Go source automatically. + goPackages was replaced with separated Go applications + in appropriate nixpkgs categories. Each Go package uses + its own dependency set. There's also a new go2nix tool + introduced to generate a Go package definition from its Go source + automatically. - services.mongodb.extraConfig configuration format was changed to YAML. + services.mongodb.extraConfig configuration format was + changed to YAML. @@ -134,42 +197,70 @@ - Revamped grsecurity/PaX support. There is now only a single general-purpose distribution kernel and the configuration interface has been streamlined. Desktop users should be able to simply set + Revamped grsecurity/PaX support. There is now only a single general-purpose + distribution kernel and the configuration interface has been streamlined. + Desktop users should be able to simply set security.grsecurity.enable = true - to get a reasonably secure system without having to sacrifice too much functionality. + to get a reasonably secure system without having to sacrifice too much + functionality. - Special filesystems, like /proc, /run and others, now have the same mount options as recommended by systemd and are unified across different places in NixOS. Mount options are updated during nixos-rebuild switch if possible. One benefit from this is improved security — most such filesystems are now mounted with noexec, nodev and/or nosuid options. + Special filesystems, like /proc, /run + and others, now have the same mount options as recommended by systemd and + are unified across different places in NixOS. Mount options are updated + during nixos-rebuild switch if possible. One benefit + from this is improved security — most such filesystems are now mounted + with noexec, nodev and/or + nosuid options. - The reverse path filter was interfering with DHCPv4 server operation in the past. An exception for DHCPv4 and a new option to log packets that were dropped due to the reverse path filter was added (networking.firewall.logReversePathDrops) for easier debugging. + The reverse path filter was interfering with DHCPv4 server operation in the + past. An exception for DHCPv4 and a new option to log packets that were + dropped due to the reverse path filter was added + (networking.firewall.logReversePathDrops) for easier + debugging. - Containers configuration within containers.<name>.config is now properly typed and checked. In particular, partial configurations are merged correctly. + Containers configuration within + containers.<name>.config is + now + properly typed and checked. In particular, partial configurations + are merged correctly. - The directory container setuid wrapper programs, /var/setuid-wrappers, is now updated atomically to prevent failures if the switch to a new configuration is interrupted. + The directory container setuid wrapper programs, + /var/setuid-wrappers, + is now + updated atomically to prevent failures if the switch to a new configuration + is interrupted. - services.xserver.startGnuPGAgent has been removed due to GnuPG 2.1.x bump. See how to achieve similar behavior. You might need to pkill gpg-agent after the upgrade to prevent a stale agent being in the way. + services.xserver.startGnuPGAgent has been removed due to + GnuPG 2.1.x bump. See + + how to achieve similar behavior. You might need to pkill + gpg-agent after the upgrade to prevent a stale agent being in the + way. - Declarative users could share the uid due to the bug in the script handling conflict resolution. + + Declarative users could share the uid due to the bug in the script handling + conflict resolution. diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 49c364a103ae..14b31b232e90 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -13,24 +13,29 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - Nixpkgs is now extensible through overlays. See the Nixpkgs manual for more information. + Nixpkgs is now extensible through overlays. See the + Nixpkgs + manual for more information. - This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The default Linux kernel is 4.9 and Nix is at 1.11.8. + This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The + default Linux kernel is 4.9 and Nix is at 1.11.8. - The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed + The default desktop environment now is KDE's Plasma 5. KDE 4 has been + removed @@ -40,24 +45,35 @@ - X.org server uses branch 1.19. Due to ABI incompatibilities, ati_unfree keeps forcing 1.17 and amdgpu-pro starts forcing 1.18. + X.org server uses branch 1.19. Due to ABI incompatibilities, + ati_unfree keeps forcing 1.17 and + amdgpu-pro starts forcing 1.18. - Cross compilation has been rewritten. See the nixpkgs manual for details. The most obvious breaking change is that in derivations there is no .nativeDrv nor .crossDrv are now cross by default, not native. + Cross compilation has been rewritten. See the nixpkgs manual for details. + The most obvious breaking change is that in derivations there is no + .nativeDrv nor .crossDrv are now + cross by default, not native. - The overridePackages function has been rewritten to be replaced by overlays + The overridePackages function has been rewritten to be + replaced by + + overlays - Packages in nixpkgs can be marked as insecure through listed vulnerabilities. See the Nixpkgs manual for more information. + Packages in nixpkgs can be marked as insecure through listed + vulnerabilities. See the + Nixpkgs + manual for more information. @@ -496,64 +512,92 @@ Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - Derivations have no .nativeDrv nor .crossDrv and are now cross by default, not native. + Derivations have no .nativeDrv nor + .crossDrv and are now cross by default, not native. - stdenv.overrides is now expected to take self and super arguments. See lib.trivial.extends for what those parameters represent. + stdenv.overrides is now expected to take + self and super arguments. See + lib.trivial.extends for what those parameters + represent. - ansible now defaults to ansible version 2 as version 1 has been removed due to a serious vulnerability unpatched by upstream. + ansible now defaults to ansible version 2 as version 1 + has been removed due to a serious + + vulnerability unpatched by upstream. - gnome alias has been removed along with gtk, gtkmm and several others. Now you need to use versioned attributes, like gnome3. + gnome alias has been removed along with + gtk, gtkmm and several others. Now + you need to use versioned attributes, like gnome3. - The attribute name of the Radicale daemon has been changed from pythonPackages.radicale to radicale. + The attribute name of the Radicale daemon has been changed from + pythonPackages.radicale to radicale. - The stripHash bash function in stdenv changed according to its documentation; it now outputs the stripped name to stdout instead of putting it in the variable strippedName. + The stripHash bash function in + stdenv changed according to its documentation; it now + outputs the stripped name to stdout instead of putting + it in the variable strippedName. - PHP now scans for extra configuration .ini files in /etc/php.d instead of /etc. This prevents accidentally loading non-PHP .ini files that may be in /etc. + PHP now scans for extra configuration .ini files in /etc/php.d instead of + /etc. This prevents accidentally loading non-PHP .ini files that may be in + /etc. - Two lone top-level dict dbs moved into dictdDBs. This affects: dictdWordnet which is now at dictdDBs.wordnet and dictdWiktionary which is now at dictdDBs.wiktionary + Two lone top-level dict dbs moved into dictdDBs. This + affects: dictdWordnet which is now at + dictdDBs.wordnet and dictdWiktionary + which is now at dictdDBs.wiktionary - Parsoid service now uses YAML configuration format. service.parsoid.interwikis is now called service.parsoid.wikis and is a list of either API URLs or attribute sets as specified in parsoid's documentation. + Parsoid service now uses YAML configuration format. + service.parsoid.interwikis is now called + service.parsoid.wikis and is a list of either API URLs + or attribute sets as specified in parsoid's documentation. - Ntpd was replaced by systemd-timesyncd as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting services.ntp.enable to true. Upstream time servers for all NTP implementations are now configured using networking.timeServers. + Ntpd was replaced by + systemd-timesyncd as the default service to synchronize + system time with a remote NTP server. The old behavior can be restored by + setting services.ntp.enable to true. + Upstream time servers for all NTP implementations are now configured using + networking.timeServers. - service.nylon is now declared using named instances. As an example: + service.nylon is now declared using named instances. As + an example: services.nylon = { enable = true; @@ -576,8 +620,11 @@ - overridePackages function no longer exists. It is replaced by overlays. For example, the following code: + overridePackages function no longer exists. It is + replaced by + + overlays. For example, the following code: let pkgs = import <nixpkgs> {}; @@ -595,42 +642,72 @@ in - Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable networking.firewall.autoLoadConntrackHelpers and tune networking.firewall.connectionTrackingModules to suit your needs. + Autoloading connection tracking helpers is now disabled by default. This + default was also changed in the Linux kernel and is considered insecure if + not configured properly in your firewall. If you need connection tracking + helpers (i.e. for active FTP) please enable + networking.firewall.autoLoadConntrackHelpers and tune + networking.firewall.connectionTrackingModules to suit + your needs. - local_recipient_maps is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via services.postfix.extraConfig. + local_recipient_maps is not set to empty value by + Postfix service. It's an insecure default as stated by Postfix + documentation. Those who want to retain this setting need to set it via + services.postfix.extraConfig. - Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags -4 and -6 have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the -I flag, but by encoding the interface into the address (ping fe80::1%eth0). + Iputils no longer provide ping6 and traceroute6. The functionality of + these tools has been integrated into ping and traceroute respectively. To + enforce an address family the new flags -4 and + -6 have been added. One notable incompatibility is that + specifying an interface (for link-local IPv6 for instance) is no longer + done with the -I flag, but by encoding the interface + into the address (ping fe80::1%eth0). - The socket handling of the services.rmilter module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options bindUnixSockets and bindInetSockets have been replaced by services.rmilter.bindSocket.*. The default is still a unix socket in /run/rmilter/rmilter.sock. Refer to the options documentation for more information. + The socket handling of the services.rmilter module has + been fixed and refactored. As rmilter doesn't support binding to more than + one socket, the options bindUnixSockets and + bindInetSockets have been replaced by + services.rmilter.bindSocket.*. The default is still a + unix socket in /run/rmilter/rmilter.sock. Refer to the + options documentation for more information. - The fetch* functions no longer support md5, please use sha256 instead. + The fetch* functions no longer support md5, please use + sha256 instead. - The dnscrypt-proxy module interface has been streamlined around the option. Where possible, legacy option declarations are mapped to but will emit warnings. The has been outright removed: to use an unlisted resolver, use the option. + The dnscrypt-proxy module interface has been streamlined around the + option. Where possible, legacy option + declarations are mapped to but will emit + warnings. The has been outright removed: to + use an unlisted resolver, use the option. - torbrowser now stores local state under ~/.local/share/tor-browser by default. Any browser profile data from the old location, ~/.torbrowser4, must be migrated manually. + torbrowser now stores local state under + ~/.local/share/tor-browser by default. Any browser + profile data from the old location, ~/.torbrowser4, + must be migrated manually. - The ihaskell, monetdb, offlineimap and sitecopy services have been removed. + The ihaskell, monetdb, offlineimap and sitecopy services have been + removed. @@ -646,12 +723,18 @@ in - Module type system have a new extensible option types feature that allow to extend certain types, such as enum, through multiple option declarations of the same option across multiple modules. + Module type system have a new extensible option types feature that allow + to extend certain types, such as enum, through multiple option + declarations of the same option across multiple modules. - jre now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it's recommended to use jre_headless. + jre now defaults to GTK UI by default. This improves + visual consistency and makes Java follow system font style, improving the + situation on HighDPI displays. This has a cost of increased closure size; + for server and other headless workloads it's recommended to use + jre_headless. @@ -661,37 +744,53 @@ in - The Python 2.7 interpreter does not use modules anymore. Instead, all CPython interpreters now include the whole standard library except for `tkinter`, which is available in the Python package set. + The Python 2.7 interpreter does not use modules anymore. Instead, all + CPython interpreters now include the whole standard library except for + `tkinter`, which is available in the Python package set. - Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. Minor modifications had to be made to the interpreters in order to generate deterministic bytecode. This has security implications and is relevant for those using Python in a nix-shell. See the Nixpkgs manual for details. + Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. + Minor modifications had to be made to the interpreters in order to + generate deterministic bytecode. This has security implications and is + relevant for those using Python in a nix-shell. See the + Nixpkgs manual for details. - The Python package sets now use a fixed-point combinator and the sets are available as attributes of the interpreters. + The Python package sets now use a fixed-point combinator and the sets are + available as attributes of the interpreters. - The Python function buildPythonPackage has been improved and can be used to build from Setuptools source, Flit source, and precompiled Wheels. + The Python function buildPythonPackage has been + improved and can be used to build from Setuptools source, Flit source, and + precompiled Wheels. - When adding new or updating current Python libraries, the expressions should be put in separate files in pkgs/development/python-modules and called from python-packages.nix. + When adding new or updating current Python libraries, the expressions + should be put in separate files in + pkgs/development/python-modules and called from + python-packages.nix. - The dnscrypt-proxy service supports synchronizing the list of public resolvers without working DNS resolution. This fixes issues caused by the resolver list becoming outdated. It also improves the viability of DNSCrypt only configurations. + The dnscrypt-proxy service supports synchronizing the list of public + resolvers without working DNS resolution. This fixes issues caused by the + resolver list becoming outdated. It also improves the viability of + DNSCrypt only configurations. - Containers using bridged networking no longer lose their connection after changes to the host networking. + Containers using bridged networking no longer lose their connection after + changes to the host networking. @@ -701,12 +800,16 @@ in - The bind DNS utilities (e.g. dig) have been split into their own output and are now also available in pkgs.dnsutils and it is no longer necessary to pull in all of bind to use them. + The bind DNS utilities (e.g. dig) have been split into their own output + and are now also available in pkgs.dnsutils and it is + no longer necessary to pull in all of bind to use them. - Per-user configuration was moved from ~/.nixpkgs to ~/.config/nixpkgs. The former is still valid for config.nix for backwards compatibility. + Per-user configuration was moved from ~/.nixpkgs to + ~/.config/nixpkgs. The former is still valid for + config.nix for backwards compatibility. diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index ff70bb663a00..795c51d2923d 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -13,23 +13,30 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: - The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE Applications to 17.08.1 and KDE Frameworks to 5.37. + The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE + Applications to 17.08.1 and KDE Frameworks to 5.37. - The user handling now keeps track of deallocated UIDs/GIDs. When a user or group is revived, this allows it to be allocated the UID/GID it had before. A consequence is that UIDs and GIDs are no longer reused. + The user handling now keeps track of deallocated UIDs/GIDs. When a user or + group is revived, this allows it to be allocated the UID/GID it had + before. A consequence is that UIDs and GIDs are no longer reused. - The module option now causes the first head specified in this list to be set as the primary head. Apart from that, it's now possible to also set additional options by using an attribute set, for example: + The module option now causes + the first head specified in this list to be set as the primary head. Apart + from that, it's now possible to also set additional options by using an + attribute set, for example: { services.xserver.xrandrHeads = [ "HDMI-0" @@ -43,21 +50,36 @@ ]; } - This will set the DVI-0 output to be the primary head, even though HDMI-0 is the first head in the list. + This will set the DVI-0 output to be the primary head, + even though HDMI-0 is the first head in the list. - The handling of SSL in the services.nginx module has been cleaned up, renaming the misnamed enableSSL to onlySSL which reflects its original intention. This is not to be used with the already existing forceSSL which creates a second non-SSL virtual host redirecting to the SSL virtual host. This by chance had worked earlier due to specific implementation details. In case you had specified both please remove the enableSSL option to keep the previous behaviour. + The handling of SSL in the services.nginx module has + been cleaned up, renaming the misnamed enableSSL to + onlySSL which reflects its original intention. This is + not to be used with the already existing forceSSL which + creates a second non-SSL virtual host redirecting to the SSL virtual host. + This by chance had worked earlier due to specific implementation details. + In case you had specified both please remove the + enableSSL option to keep the previous behaviour. - Another addSSL option has been introduced to configure both a non-SSL virtual host and an SSL virtual host with the same configuration. + Another addSSL option has been introduced to configure + both a non-SSL virtual host and an SSL virtual host with the same + configuration. - Options to configure resolver options and upstream blocks have been introduced. See their information for further details. + Options to configure resolver options and + upstream blocks have been introduced. See their + information for further details. - The port option has been replaced by a more generic listen option which makes it possible to specify multiple addresses, ports and SSL configs dependant on the new SSL handling mentioned above. + The port option has been replaced by a more generic + listen option which makes it possible to specify + multiple addresses, ports and SSL configs dependant on the new SSL + handling mentioned above. @@ -446,31 +468,47 @@ Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - In an Qemu-based virtualization environment, the network interface names changed from i.e. enp0s3 to ens3. + In an Qemu-based virtualization environment, the + network interface names changed from i.e. enp0s3 to + ens3. - This is due to a kernel configuration change. The new naming is consistent with those of other Linux distributions with systemd. See #29197 for more information. + This is due to a kernel configuration change. The new naming is consistent + with those of other Linux distributions with systemd. See + #29197 + for more information. - A machine is affected if the virt-what tool either returns qemu or kvm and has interface names used in any part of its NixOS configuration, in particular if a static network configuration with networking.interfaces is used. + A machine is affected if the virt-what tool either + returns qemu or kvm + and has interface names used in any part of its NixOS + configuration, in particular if a static network configuration with + networking.interfaces is used. Before rebooting affected machines, please ensure: - Change the interface names in your NixOS configuration. The first interface will be called ens3, the second one ens8 and starting from there incremented by 1. + Change the interface names in your NixOS configuration. The first + interface will be called ens3, the second one + ens8 and starting from there incremented by 1. - After changing the interface names, rebuild your system with nixos-rebuild boot to activate the new configuration after a reboot. If you switch to the new configuration right away you might lose network connectivity! If using nixops, deploy with nixops deploy --force-reboot. + After changing the interface names, rebuild your system with + nixos-rebuild boot to activate the new configuration + after a reboot. If you switch to the new configuration right away you + might lose network connectivity! If using nixops, + deploy with nixops deploy --force-reboot. @@ -478,59 +516,88 @@ - The following changes apply if the stateVersion is changed to 17.09 or higher. For stateVersion = "17.03" or lower the old behavior is preserved. + The following changes apply if the stateVersion is + changed to 17.09 or higher. For stateVersion = "17.03" + or lower the old behavior is preserved. - The postgres default version was changed from 9.5 to 9.6. + The postgres default version was changed from 9.5 to + 9.6. - The postgres superuser name has changed from root to postgres to more closely follow what other Linux distributions are doing. + The postgres superuser name has changed from + root to postgres to more closely + follow what other Linux distributions are doing. - The postgres default dataDir has changed from /var/db/postgres to /var/lib/postgresql/$psqlSchema where $psqlSchema is 9.6 for example. + The postgres default dataDir has + changed from /var/db/postgres to + /var/lib/postgresql/$psqlSchema where $psqlSchema is + 9.6 for example. - The mysql default dataDir has changed from /var/mysql to /var/lib/mysql. + The mysql default dataDir has + changed from /var/mysql to + /var/lib/mysql. - Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found here . It is also possible to use the newer version by setting the package to radicale2, which is done automatically when stateVersion is 17.09 or higher. The extraArgs option has been added to allow passing the data migration arguments specified in the instructions; see the radicale.nix NixOS test for an example migration. + Radicale's default package has changed from 1.x to 2.x. Instructions to + migrate can be found here + . It is also possible to use the newer version by setting the + package to radicale2, which is + done automatically when stateVersion is 17.09 or + higher. The extraArgs option has been added to allow + passing the data migration arguments specified in the instructions; see + the + radicale.nix + NixOS test for an example migration. - The aiccu package was removed. This is due to SixXS sunsetting its IPv6 tunnel. + The aiccu package was removed. This is due to SixXS + sunsetting its IPv6 + tunnel. - The fanctl package and fan module have been removed due to the developers not upstreaming their iproute2 patches and lagging with compatibility to recent iproute2 versions. + The fanctl package and fan module + have been removed due to the developers not upstreaming their iproute2 + patches and lagging with compatibility to recent iproute2 versions. - Top-level idea package collection was renamed. All JetBrains IDEs are now at jetbrains. + Top-level idea package collection was renamed. All + JetBrains IDEs are now at jetbrains. - flexget's state database cannot be upgraded to its new internal format, requiring removal of any existing db-config.sqlite which will be automatically recreated. + flexget's state database cannot be upgraded to its new + internal format, requiring removal of any existing + db-config.sqlite which will be automatically recreated. - The ipfs service now doesn't ignore the dataDir option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with + The ipfs service now doesn't ignore the + dataDir option anymore. If you've ever set this option + to anything other than the default you'll have to either unset it (so the + default gets used) or migrate the old data manually with dataDir=<valueOfDataDir> mv /var/lib/ipfs/.ipfs/* $dataDir @@ -540,66 +607,107 @@ rmdir /var/lib/ipfs/.ipfs - The caddy service was previously using an extra .caddy directory in the data directory specified with the dataDir option. The contents of the .caddy directory are now expected to be in the dataDir. + The caddy service was previously using an extra + .caddy directory in the data directory specified with + the dataDir option. The contents of the + .caddy directory are now expected to be in the + dataDir. - The ssh-agent user service is not started by default anymore. Use programs.ssh.startAgent to enable it if needed. There is also a new programs.gnupg.agent module that creates a gpg-agent user service. It can also serve as a SSH agent if enableSSHSupport is set. + The ssh-agent user service is not started by default + anymore. Use programs.ssh.startAgent to enable it if + needed. There is also a new programs.gnupg.agent module + that creates a gpg-agent user service. It can also + serve as a SSH agent if enableSSHSupport is set. - The services.tinc.networks.<name>.listenAddress option had a misleading name that did not correspond to its behavior. It now correctly defines the ip to listen for incoming connections on. To keep the previous behaviour, use services.tinc.networks.<name>.bindToAddress instead. Refer to the description of the options for more details. + The services.tinc.networks.<name>.listenAddress + option had a misleading name that did not correspond to its behavior. It + now correctly defines the ip to listen for incoming connections on. To + keep the previous behaviour, use + services.tinc.networks.<name>.bindToAddress + instead. Refer to the description of the options for more details. - tlsdate package and module were removed. This is due to the project being dead and not building with openssl 1.1. + tlsdate package and module were removed. This is due to + the project being dead and not building with openssl 1.1. - wvdial package and module were removed. This is due to the project being dead and not building with openssl 1.1. + wvdial package and module were removed. This is due to + the project being dead and not building with openssl 1.1. - cc-wrapper's setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. LD, STRIP, RANLIB, etc). This is done to prevent packages' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this—their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters. + cc-wrapper's setup-hook now exports a number of + environment variables corresponding to binutils binaries, (e.g. + LD, STRIP, RANLIB, etc). This + is done to prevent packages' build systems guessing, which is harder to + predict, especially when cross-compiling. However, some packages have + broken due to this—their build systems either not supporting, or + claiming to support without adequate testing, taking such environment + variables as parameters. - services.firefox.syncserver now runs by default as a non-root user. To accomodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details. + services.firefox.syncserver now runs by default as a + non-root user. To accomodate this change, the default sqlite database + location has also been changed. Migration should work automatically. Refer + to the description of the options for more details. - The compiz window manager and package was removed. The system support had been broken for several years. + The compiz window manager and package was removed. The + system support had been broken for several years. - Touchpad support should now be enabled through libinput as synaptics is now deprecated. See the option services.xserver.libinput.enable. + Touchpad support should now be enabled through libinput + as synaptics is now deprecated. See the option + services.xserver.libinput.enable. - grsecurity/PaX support has been dropped, following upstream's decision to cease free support. See upstream's announcement for more information. No complete replacement for grsecurity/PaX is available presently. + grsecurity/PaX support has been dropped, following upstream's decision to + cease free support. See + + upstream's announcement for more information. No complete + replacement for grsecurity/PaX is available presently. - services.mysql now has declarative configuration of databases and users with the ensureDatabases and ensureUsers options. + services.mysql now has declarative configuration of + databases and users with the ensureDatabases and + ensureUsers options. - These options will never delete existing databases and users, especially not when the value of the options are changed. + These options will never delete existing databases and users, especially + not when the value of the options are changed. - The MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the same name only, and that without the need for a password. + The MySQL users will be identified using + + Unix socket authentication. This authenticates the Unix user with + the same name only, and that without the need for a password. - If you have previously created a MySQL root user with a password, you will need to add root user for unix socket authentication before using the new options. This can be done by running the following SQL script: + If you have previously created a MySQL root user + with a password, you will need to add + root user for unix socket authentication before using + the new options. This can be done by running the following SQL script: CREATE USER 'root'@'%' IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; @@ -612,38 +720,55 @@ FLUSH PRIVILEGES; - services.mysqlBackup now works by default without any user setup, including for users other than mysql. + services.mysqlBackup now works by default without any + user setup, including for users other than mysql. - By default, the mysql user is no longer the user which performs the backup. Instead a system account mysqlbackup is used. + By default, the mysql user is no longer the user which + performs the backup. Instead a system account + mysqlbackup is used. - The mysqlBackup service is also now using systemd timers instead of cron. + The mysqlBackup service is also now using systemd + timers instead of cron. - Therefore, the services.mysqlBackup.period option no longer exists, and has been replaced with services.mysqlBackup.calendar, which is in the format of services.mysqlBackup.period option no + longer exists, and has been replaced with + services.mysqlBackup.calendar, which is in the format + of + systemd.time(7). - If you expect to be sent an e-mail when the backup fails, consider using a script which monitors the systemd journal for errors. Regretfully, at present there is no built-in functionality for this. + If you expect to be sent an e-mail when the backup fails, consider using a + script which monitors the systemd journal for errors. Regretfully, at + present there is no built-in functionality for this. - You can check that backups still work by running systemctl start mysql-backup then systemctl status mysql-backup. + You can check that backups still work by running systemctl start + mysql-backup then systemctl status + mysql-backup. - Templated systemd services e.g container@name are now handled currectly when switching to a new configuration, resulting in them being reloaded. + Templated systemd services e.g container@name are now + handled currectly when switching to a new configuration, resulting in them + being reloaded. - Steam: the newStdcpp parameter was removed and should not be needed anymore. + Steam: the newStdcpp parameter was removed and should + not be needed anymore. - Redis has been updated to version 4 which mandates a cluster mass-restart, due to changes in the network handling, in order to ensure compatibility with networks NATing traffic. + Redis has been updated to version 4 which mandates a cluster mass-restart, + due to changes in the network handling, in order to ensure compatibility + with networks NATing traffic. @@ -659,28 +784,46 @@ FLUSH PRIVILEGES; - Modules can now be disabled by using disabledModules, allowing another to take it's place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release. + Modules can now be disabled by using + + disabledModules, allowing another to take it's place. This can be + used to import a set of modules from another channel while keeping the + rest of the system on a stable release. - Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer's intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available. + Updated to FreeType 2.7.1, including a new TrueType engine. The new engine + replaces the Infinality engine which was the default in NixOS. The default + font rendering settings are now provided by fontconfig-penultimate, + replacing fontconfig-ultimate; the new defaults are less invasive and + provide rendering that is more consistent with other systems and hopefully + with each font designer's intent. Some system-wide configuration has been + removed from the Fontconfig NixOS module where user Fontconfig settings + are available. - ZFS/SPL have been updated to 0.7.0, zfsUnstable, splUnstable have therefore been removed. + ZFS/SPL have been updated to 0.7.0, zfsUnstable, + splUnstable have therefore been removed. - The option now allows the value null in addition to timezone strings. This value allows changing the timezone of a system imperatively using timedatectl set-timezone. The default timezone is still UTC. + The option now allows the value + null in addition to timezone strings. This value allows + changing the timezone of a system imperatively using timedatectl + set-timezone. The default timezone is still UTC. - Nixpkgs overlays may now be specified with a file as well as a directory. The value of <nixpkgs-overlays> may be a file, and ~/.config/nixpkgs/overlays.nix can be used instead of the ~/.config/nixpkgs/overlays directory. + Nixpkgs overlays may now be specified with a file as well as a directory. + The value of <nixpkgs-overlays> may be a file, and + ~/.config/nixpkgs/overlays.nix can be used instead of + the ~/.config/nixpkgs/overlays directory. See the overlays chapter of the Nixpkgs manual for more details. @@ -688,48 +831,67 @@ FLUSH PRIVILEGES; - Definitions for /etc/hosts can now be specified declaratively with networking.hosts. + Definitions for /etc/hosts can now be specified + declaratively with networking.hosts. - Two new options have been added to the installer loader, in addition to the default having changed. The kernel log verbosity has been lowered to the upstream default for the default options, in order to not spam the console when e.g. joining a network. + Two new options have been added to the installer loader, in addition to + the default having changed. The kernel log verbosity has been lowered to + the upstream default for the default options, in order to not spam the + console when e.g. joining a network. - This therefore leads to adding a new debug option to set the log level to the previous verbose mode, to make debugging easier, but still accessible easily. + This therefore leads to adding a new debug option to + set the log level to the previous verbose mode, to make debugging easier, + but still accessible easily. - Additionally a copytoram option has been added, which makes it possible to remove the install medium after booting. This allows tethering from your phone after booting from it. + Additionally a copytoram option has been added, which + makes it possible to remove the install medium after booting. This allows + tethering from your phone after booting from it. - services.gitlab-runner.configOptions has been added to specify the configuration of gitlab-runners declaratively. + services.gitlab-runner.configOptions has been added to + specify the configuration of gitlab-runners declaratively. - services.jenkins.plugins has been added to install plugins easily, this can be generated with jenkinsPlugins2nix. + services.jenkins.plugins has been added to install + plugins easily, this can be generated with jenkinsPlugins2nix. - services.postfix.config has been added to specify the main.cf with NixOS options. Additionally other options have been added to the postfix module and has been improved further. + services.postfix.config has been added to specify the + main.cf with NixOS options. Additionally other options have been added to + the postfix module and has been improved further. - The GitLab package and module have been updated to the latest 10.0 release. + The GitLab package and module have been updated to the latest 10.0 + release. - The systemd-boot boot loader now lists the NixOS version, kernel version and build date of all bootable generations. + The systemd-boot boot loader now lists the NixOS + version, kernel version and build date of all bootable generations. - The dnscrypt-proxy service now defaults to using a random upstream resolver, selected from the list of public non-logging resolvers with DNSSEC support. Existing configurations can be migrated to this mode of operation by omitting the option or setting it to "random". + The dnscrypt-proxy service now defaults to using a random upstream + resolver, selected from the list of public non-logging resolvers with + DNSSEC support. Existing configurations can be migrated to this mode of + operation by omitting the + option or setting it + to "random". diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 2e39b990d9e9..c14679eea071 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -13,7 +13,8 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: @@ -24,36 +25,48 @@ - Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc. + Platform support: x86_64-linux and x86_64-darwin since release time (the + latter isn't NixOS, really). Binaries for aarch64-linux are available, but + no channel exists yet, as it's waiting for some test fixes, etc. - Nix now defaults to 2.0; see its release notes. + Nix now defaults to 2.0; see its + release + notes. - Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237. + Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> + 7, systemd: 234 -> 237. - Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12. + Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 + -> 5.12. - MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes have been made to the infrastructure involved: + MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. + While upgrading a few changes have been made to the infrastructure + involved: - libmysql has been deprecated, please use mysql.connector-c instead, a compatibility passthru has been added to the MySQL packages. + libmysql has been deprecated, please use + mysql.connector-c instead, a compatibility passthru + has been added to the MySQL packages. - The mysql57 package has a new static output containing the static libraries including libmysqld.a + The mysql57 package has a new + static output containing the static libraries + including libmysqld.a @@ -390,7 +403,8 @@ Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: @@ -401,26 +415,39 @@ - Dollar signs in options under are passed verbatim to Postfix, which will interpret them as the beginning of a parameter expression. This was already true for string-valued options in the previous release, but not for list-valued options. If you need to pass literal dollar signs through Postfix, double them. + Dollar signs in options under are passed + verbatim to Postfix, which will interpret them as the beginning of a + parameter expression. This was already true for string-valued options in + the previous release, but not for list-valued options. If you need to pass + literal dollar signs through Postfix, double them. - The postage package (for web-based PostgreSQL administration) has been renamed to pgmanage. The corresponding module has also been renamed. To migrate please rename all options to . + The postage package (for web-based PostgreSQL + administration) has been renamed to pgmanage. The + corresponding module has also been renamed. To migrate please rename all + options to + . - Package attributes starting with a digit have been prefixed with an underscore sign. This is to avoid quoting in the configuration and other issues with command-line tools like nix-env. The change affects the following packages: + Package attributes starting with a digit have been prefixed with an + underscore sign. This is to avoid quoting in the configuration and other + issues with command-line tools like nix-env. The change + affects the following packages: - 2048-in-terminal_2048-in-terminal + 2048-in-terminal → + _2048-in-terminal - 90secondportraits_90secondportraits + 90secondportraits → + _90secondportraits @@ -438,77 +465,134 @@ - The OpenSSH service no longer enables support for DSA keys by default, which could cause a system lock out. Update your keys or, unfavorably, re-enable DSA support manually. + The OpenSSH service no longer enables support for + DSA keys by default, which could cause a system lock out. Update your keys + or, unfavorably, re-enable DSA support manually. - DSA support was deprecated in OpenSSH 7.0, due to it being too weak. To re-enable support, add PubkeyAcceptedKeyTypes +ssh-dss to the end of your . + DSA support was + deprecated in + OpenSSH 7.0, due to it being too weak. To re-enable support, add + PubkeyAcceptedKeyTypes +ssh-dss to the end of your + . - After updating the keys to be stronger, anyone still on a pre-17.03 version is safe to jump to 17.03, as vetted here. + After updating the keys to be stronger, anyone still on a pre-17.03 + version is safe to jump to 17.03, as vetted + here. - The openssh package now includes Kerberos support by default; the openssh_with_kerberos package is now a deprecated alias. If you do not want Kerberos support, you can do openssh.override { withKerberos = false; }. Note, this also applies to the openssh_hpn package. + The openssh package now includes Kerberos support by + default; the openssh_with_kerberos package is now a + deprecated alias. If you do not want Kerberos support, you can do + openssh.override { withKerberos = false; }. Note, this + also applies to the openssh_hpn package. - cc-wrapper has been split in two; there is now also a bintools-wrapper. The most commonly used files in nix-support are now split between the two wrappers. Some commonly used ones, like nix-support/dynamic-linker, are duplicated for backwards compatability, even though they rightly belong only in bintools-wrapper. Other more obscure ones are just moved. + cc-wrapper has been split in two; there is now also a + bintools-wrapper. The most commonly used files in + nix-support are now split between the two wrappers. + Some commonly used ones, like + nix-support/dynamic-linker, are duplicated for + backwards compatability, even though they rightly belong only in + bintools-wrapper. Other more obscure ones are just + moved. - The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. + The propagation logic has been changed. The new logic, along with new + types of dependencies that go with, is thoroughly documented in the + "Specifying dependencies" section of the "Standard Environment" chapter of + the nixpkgs manual. - The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many propagatedNativeBuildInputs should instead be propagatedBuildInputs. Thankfully, that was and is the least used type of dependency. Also, it means that some propagatedBuildInputs should instead be depsTargetTargetPropagated. Other types dependencies should be unaffected. + The old logic isn't but is easy to describe: dependencies were propagated + as the same type of dependency no matter what. In practice, that means + that many propagatedNativeBuildInputs should instead + be propagatedBuildInputs. Thankfully, that was and is + the least used type of dependency. Also, it means that some + propagatedBuildInputs should instead be + depsTargetTargetPropagated. Other types dependencies + should be unaffected. - lib.addPassthru drv passthru is removed. Use lib.extendDerivation true passthru drv instead. + lib.addPassthru drv passthru is removed. Use + lib.extendDerivation true passthru drv instead. - The memcached service no longer accept dynamic socket paths via . Unix sockets can be still enabled by and will be accessible at /run/memcached/memcached.sock. + The memcached service no longer accept dynamic socket + paths via . Unix sockets can be + still enabled by and + will be accessible at /run/memcached/memcached.sock. - The hardware.amdHybridGraphics.disable option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports. + The hardware.amdHybridGraphics.disable option was + removed for lack of a maintainer. If you still need this module, you may + wish to include a copy of it from an older version of nixos in your + imports. - The merging of config options for services.postfix.config was buggy. Previously, if other options in the Postfix module like services.postfix.useSrs were set and the user set config options that were also set by such options, the resulting config wouldn't include all options that were needed. They are now merged correctly. If config options need to be overridden, lib.mkForce or lib.mkOverride can be used. + The merging of config options for + services.postfix.config was buggy. Previously, if other + options in the Postfix module like + services.postfix.useSrs were set and the user set + config options that were also set by such options, the resulting config + wouldn't include all options that were needed. They are now merged + correctly. If config options need to be overridden, + lib.mkForce or lib.mkOverride can be + used. - The following changes apply if the stateVersion is changed to 18.03 or higher. For stateVersion = "17.09" or lower the old behavior is preserved. + The following changes apply if the stateVersion is + changed to 18.03 or higher. For stateVersion = "17.09" + or lower the old behavior is preserved. - matrix-synapse uses postgresql by default instead of sqlite. Migration instructions can be found here . + matrix-synapse uses postgresql by default instead of + sqlite. Migration instructions can be found + + here . - The jid package has been removed, due to maintenance overhead of a go package having non-versioned dependencies. + The jid package has been removed, due to maintenance + overhead of a go package having non-versioned dependencies. - When using (enabled by default in GNOME), it now handles all input devices, not just touchpads. As a result, you might need to re-evaluate any custom Xorg configuration. In particular, Option "XkbRules" "base" may result in broken keyboard layout. + When using (enabled by default + in GNOME), it now handles all input devices, not just touchpads. As a + result, you might need to re-evaluate any custom Xorg configuration. In + particular, Option "XkbRules" "base" may result in + broken keyboard layout. - The attic package was removed. A maintained fork called Borg should be used instead. Migration instructions can be found here. + The attic package was removed. A maintained fork called + Borg should be used + instead. Migration instructions can be found + here. @@ -517,32 +601,52 @@ - The package pkgs.piwik was renamed to pkgs.matomo. + The package pkgs.piwik was renamed to + pkgs.matomo. - The service services.piwik was renamed to services.matomo. + The service services.piwik was renamed to + services.matomo. - The data directory /var/lib/piwik was renamed to /var/lib/matomo. All files will be moved automatically on first startup, but you might need to adjust your backup scripts. + The data directory /var/lib/piwik was renamed to + /var/lib/matomo. All files will be moved + automatically on first startup, but you might need to adjust your + backup scripts. - The default for the nginx configuration changed from piwik.${config.networking.hostName} to matomo.${config.networking.hostName}.${config.networking.domain} if is set, matomo.${config.networking.hostName} if it is not set. If you change your , remember you'll need to update the trustedHosts[] array in /var/lib/matomo/config/config.ini.php as well. + The default for the nginx configuration + changed from piwik.${config.networking.hostName} to + matomo.${config.networking.hostName}.${config.networking.domain} + if is set, + matomo.${config.networking.hostName} if it is not + set. If you change your , remember you'll + need to update the trustedHosts[] array in + /var/lib/matomo/config/config.ini.php as well. - The piwik user was renamed to matomo. The service will adjust ownership automatically for files in the data directory. If you use unix socket authentication, remember to give the new matomo user access to the database and to change the username to matomo in the [database] section of /var/lib/matomo/config/config.ini.php. + The piwik user was renamed to + matomo. The service will adjust ownership + automatically for files in the data directory. If you use unix socket + authentication, remember to give the new matomo user + access to the database and to change the username to + matomo in the [database] section + of /var/lib/matomo/config/config.ini.php. - If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean, but this is neither enforced nor required. + If you named your database `piwik`, you might want to rename it to + `matomo` to keep things clean, but this is neither enforced nor + required. @@ -550,43 +654,59 @@ - nodejs-4_x is end-of-life. nodejs-4_x, nodejs-slim-4_x and nodePackages_4_x are removed. + nodejs-4_x is end-of-life. + nodejs-4_x, nodejs-slim-4_x and + nodePackages_4_x are removed. - The pump.io NixOS module was removed. It is now maintained as an external module. + The pump.io NixOS module was removed. It is now + maintained as an + external + module. - The Prosody XMPP server has received a major update. The following modules were renamed: + The Prosody XMPP server has received a major update. The following modules + were renamed: - is now + is now + - is now + is now + - Many new modules are now core modules, most notably and . + Many new modules are now core modules, most notably + and + . - The better-performing libevent backend is now enabled by default. + The better-performing libevent backend is now enabled + by default. - withCommunityModules now passes through the modules to . Use withOnlyInstalledCommunityModules for modules that should not be enabled directly, e.g lib_ldap. + withCommunityModules now passes through the modules to + . Use + withOnlyInstalledCommunityModules for modules that + should not be enabled directly, e.g lib_ldap. - All prometheus exporter modules are now defined as submodules. The exporters are configured using services.prometheus.exporters. + All prometheus exporter modules are now defined as submodules. The + exporters are configured using + services.prometheus.exporters. @@ -602,17 +722,24 @@ - ZNC option now defaults to true. That means that old configuration is not overwritten by default when update to the znc options are made. + ZNC option now defaults to + true. That means that old configuration is not + overwritten by default when update to the znc options are made. - The option has been added for wireless networks with WPA-Enterprise authentication. There is also a new option to directly configure wpa_supplicant and to connect to hidden networks. + The option + has been added for wireless networks with WPA-Enterprise authentication. + There is also a new option to directly + configure wpa_supplicant and to + connect to hidden networks. - In the module the following options have been removed: + In the module the + following options have been removed: @@ -640,22 +767,34 @@ - To assign static addresses to an interface the options and should be used instead. The options and have been renamed to respectively. The new options and have been added to set up static routing. + To assign static addresses to an interface the options + and should + be used instead. The options and + have been renamed to + respectively. The new options + and have been + added to set up static routing. - The option is now 127.0.0.1 by default. Previously the default behaviour was to listen on all interfaces. + The option is now + 127.0.0.1 by default. Previously the default behaviour + was to listen on all interfaces. - services.btrfs.autoScrub has been added, to periodically check btrfs filesystems for data corruption. If there's a correct copy available, it will automatically repair corrupted blocks. + services.btrfs.autoScrub has been added, to + periodically check btrfs filesystems for data corruption. If there's a + correct copy available, it will automatically repair corrupted blocks. - displayManager.lightdm.greeters.gtk.clock-format. has been added, the clock format string (as expected by strftime, e.g. %H:%M) to use with the lightdm gtk greeter panel. + displayManager.lightdm.greeters.gtk.clock-format. has + been added, the clock format string (as expected by strftime, e.g. + %H:%M) to use with the lightdm gtk greeter panel. If set to null the default clock format is used. @@ -663,10 +802,17 @@ - displayManager.lightdm.greeters.gtk.indicators has been added, a list of allowed indicator modules to use with the lightdm gtk greeter panel. + displayManager.lightdm.greeters.gtk.indicators has been + added, a list of allowed indicator modules to use with the lightdm gtk + greeter panel. - Built-in indicators include ~a11y, ~language, ~session, ~power, ~clock, ~host, ~spacer. Unity indicators can be represented by short name (e.g. sound, power), service file name, or absolute path. + Built-in indicators include ~a11y, + ~language, ~session, + ~power, ~clock, + ~host, ~spacer. Unity indicators can + be represented by short name (e.g. sound, + power), service file name, or absolute path. If set to null the default indicators are used. @@ -688,12 +834,20 @@ - The NixOS test driver supports user services declared by systemd.user.services. The methods waitForUnit, getUnitInfo, startJob and stopJob provide an optional $user argument for that purpose. + The NixOS test driver supports user services declared by + systemd.user.services. The methods + waitForUnit, getUnitInfo, + startJob and stopJob provide an + optional $user argument for that purpose. - Enabling bash completion on NixOS, programs.bash.enableCompletion, will now also enable completion for the Nix command line tools by installing the nix-bash-completions package. + Enabling bash completion on NixOS, + programs.bash.enableCompletion, will now also enable + completion for the Nix command line tools by installing the + nix-bash-completions + package. diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index df53c6f9dd92..3f10b26223dd 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -13,7 +13,8 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following notable updates: + In addition to numerous new and upgraded packages, this release has the + following notable updates: @@ -24,22 +25,28 @@ - Platform support: x86_64-linux and x86_64-darwin as always. Support for aarch64-linux is as with the previous releases, not equivalent to the x86-64-linux release, but with efforts to reach parity. + Platform support: x86_64-linux and x86_64-darwin as always. Support for + aarch64-linux is as with the previous releases, not equivalent to the + x86-64-linux release, but with efforts to reach parity. - Nix has been updated to 2.1; see its release notes. + Nix has been updated to 2.1; see its + release + notes. - Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 2.27, gcc: 7 (unchanged), systemd: 237 → 239. + Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 2.27, gcc: 7 + (unchanged), systemd: 237 → 239. - Desktop version changes: gnome: 3.26 → 3.28, (KDE) plasma-desktop: 5.12 → 5.13. + Desktop version changes: gnome: 3.26 → 3.28, (KDE) plasma-desktop: 5.12 + → 5.13. @@ -51,7 +58,8 @@ - Support for wrapping binaries using firejail has been added through programs.firejail.wrappedBinaries. + Support for wrapping binaries using firejail has been + added through programs.firejail.wrappedBinaries. For example @@ -66,12 +74,17 @@ programs.firejail = { }; - This will place firefox and mpv binaries in the global path wrapped by firejail. + This will place firefox and mpv + binaries in the global path wrapped by firejail. - User channels are now in the default NIX_PATH, allowing users to use their personal nix-channel defined channels in nix-build and nix-shell commands, as well as in imports like import <mychannel>. + User channels are now in the default NIX_PATH, allowing + users to use their personal nix-channel defined + channels in nix-build and nix-shell + commands, as well as in imports like import + <mychannel>. For example @@ -101,31 +114,52 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' - The services.cassandra module has been reworked and was rewritten from scratch. The service has succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of Apache Cassandra. + The services.cassandra module has been reworked and was + rewritten from scratch. The service has succeeding tests for the versions + 2.1, 2.2, 3.0 and 3.11 of + Apache + Cassandra. - There is a new services.foundationdb module for deploying FoundationDB clusters. + There is a new services.foundationdb module for + deploying + FoundationDB + clusters. - When enabled the iproute2 will copy the files expected by ip route (e.g., rt_tables) in /etc/iproute2. This allows to write aliases for routing tables for instance. + When enabled the iproute2 will copy the files expected + by ip route (e.g., rt_tables) in + /etc/iproute2. This allows to write aliases for + routing tables for instance. - services.strongswan-swanctl is a modern replacement for services.strongswan. You can use either one of them to setup IPsec VPNs but not both at the same time. + services.strongswan-swanctl is a modern replacement for + services.strongswan. You can use either one of them to + setup IPsec VPNs but not both at the same time. - services.strongswan-swanctl uses the swanctl command which uses the modern vici Versatile IKE Configuration Interface. The deprecated ipsec command used in services.strongswan is using the legacy stroke configuration interface. + services.strongswan-swanctl uses the + swanctl + command which uses the modern + vici + Versatile IKE Configuration Interface. The deprecated + ipsec command used in + services.strongswan is using the legacy + stroke + configuration interface. - The new services.elasticsearch-curator service periodically curates or manages, your Elasticsearch indices and snapshots. + The new services.elasticsearch-curator service + periodically curates or manages, your Elasticsearch indices and snapshots. @@ -436,32 +470,38 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - Some licenses that were incorrectly not marked as unfree now are. This is the case for: + Some licenses that were incorrectly not marked as unfree now are. This is + the case for: - cc-by-nc-sa-20: Creative Commons Attribution Non Commercial Share Alike 2.0 + cc-by-nc-sa-20: Creative Commons Attribution Non Commercial Share Alike + 2.0 - cc-by-nc-sa-25: Creative Commons Attribution Non Commercial Share Alike 2.5 + cc-by-nc-sa-25: Creative Commons Attribution Non Commercial Share Alike + 2.5 - cc-by-nc-sa-30: Creative Commons Attribution Non Commercial Share Alike 3.0 + cc-by-nc-sa-30: Creative Commons Attribution Non Commercial Share Alike + 3.0 - cc-by-nc-sa-40: Creative Commons Attribution Non Commercial Share Alike 4.0 + cc-by-nc-sa-40: Creative Commons Attribution Non Commercial Share Alike + 4.0 @@ -479,71 +519,128 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' - The deprecated services.cassandra module has seen a complete rewrite. (See above.) + The deprecated services.cassandra module has seen a + complete rewrite. (See above.) - lib.strict is removed. Use builtins.seq instead. + lib.strict is removed. Use + builtins.seq instead. - The clementine package points now to the free derivation. clementineFree is removed now and clementineUnfree points to the package which is bundled with the unfree libspotify package. + The clementine package points now to the free + derivation. clementineFree is removed now and + clementineUnfree points to the package which is bundled + with the unfree libspotify package. - The netcat package is now taken directly from OpenBSD's libressl, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command. + The netcat package is now taken directly from OpenBSD's + libressl, instead of relying on Debian's fork. The new + version should be very close to the old version, but there are some minor + differences. Importantly, flags like -b, -q, -C, and -Z are no longer + accepted by the nc command. - The services.docker-registry.extraConfig object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in the docker/distribution docs. + The services.docker-registry.extraConfig object doesn't + contain environment variables anymore. Instead it needs to provide an + object structure that can be mapped onto the YAML configuration defined in + the + docker/distribution docs. - gnucash has changed from version 2.4 to 3.x. If you've been using gnucash (version 2.4) instead of gnucash26 (version 2.6) you must open your Gnucash data file(s) with gnucash26 and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade documentation. Gnucash 2.4 is still available under the attribute gnucash24. + gnucash has changed from version 2.4 to 3.x. If you've + been using gnucash (version 2.4) instead of + gnucash26 (version 2.6) you must open your Gnucash data + file(s) with gnucash26 and then save them to upgrade + the file format. Then you may use your data file(s) with Gnucash 3.x. See + the upgrade + documentation. + Gnucash 2.4 is still available under the attribute + gnucash24. - services.munge now runs as user (and group) munge instead of root. Make sure the key file is accessible to the daemon. + services.munge now runs as user (and group) + munge instead of root. Make sure the key file is + accessible to the daemon. - dockerTools.buildImage now uses null as default value for tag, which indicates that the nix output hash will be used as tag. + dockerTools.buildImage now uses null + as default value for tag, which indicates that the nix + output hash will be used as tag. - The ELK stack: elasticsearch, logstash and kibana has been upgraded from 2.* to 6.3.*. The 2.* versions have been unsupported since last year so they have been removed. You can still use the 5.* versions under the names elasticsearch5, logstash5 and kibana5. + The ELK stack: elasticsearch, + logstash and kibana has been + upgraded from 2.* to 6.3.*. The 2.* versions have been + unsupported since + last year so they have been removed. You can still use the 5.* + versions under the names elasticsearch5, + logstash5 and kibana5. - The elastic beats: filebeat, heartbeat, metricbeat and packetbeat have had the same treatment: they now target 6.3.* as well. The 5.* versions are available under the names: filebeat5, heartbeat5, metricbeat5 and packetbeat5 + The elastic beats: filebeat, + heartbeat, metricbeat and + packetbeat have had the same treatment: they now target + 6.3.* as well. The 5.* versions are available under the names: + filebeat5, heartbeat5, + metricbeat5 and packetbeat5 - The ELK-6.3 stack now comes with X-Pack by default. Since X-Pack is licensed under the Elastic License the ELK packages now have an unfree license. To use them you need to specify allowUnfree = true; in your nixpkgs configuration. + The ELK-6.3 stack now comes with + X-Pack by + default. Since X-Pack is licensed under the + Elastic + License the ELK packages now have an unfree license. To use them + you need to specify allowUnfree = true; in your nixpkgs + configuration. - Fortunately there is also a free variant of the ELK stack without X-Pack. The packages are available under the names: elasticsearch-oss, logstash-oss and kibana-oss. + Fortunately there is also a free variant of the ELK stack without X-Pack. + The packages are available under the names: + elasticsearch-oss, logstash-oss and + kibana-oss. - Options boot.initrd.luks.devices.name.yubikey.ramfsMountPoint boot.initrd.luks.devices.name.yubikey.storage.mountPoint were removed. luksroot.nix module never supported more than one YubiKey at a time anyway, hence those options never had any effect. You should be able to remove them from your config without any issues. + Options + boot.initrd.luks.devices.name.yubikey.ramfsMountPoint + boot.initrd.luks.devices.name.yubikey.storage.mountPoint + were removed. luksroot.nix module never supported more + than one YubiKey at a time anyway, hence those options never had any + effect. You should be able to remove them from your config without any + issues. - stdenv.system and system in nixpkgs now refer to the host platform instead of the build platform. For native builds this is not change, let alone a breaking one. For cross builds, it is a breaking change, and stdenv.buildPlatform.system can be used instead for the old behavior. They should be using that anyways for clarity. + stdenv.system and system in nixpkgs + now refer to the host platform instead of the build platform. For native + builds this is not change, let alone a breaking one. For cross builds, it + is a breaking change, and stdenv.buildPlatform.system + can be used instead for the old behavior. They should be using that + anyways for clarity. - Groups kvm and render are introduced now, as systemd requires them. + Groups kvm and render are introduced + now, as systemd requires them. @@ -559,69 +656,92 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' - dockerTools.pullImage relies on image digest instead of image tag to download the image. The sha256 of a pulled image has to be updated. + dockerTools.pullImage relies on image digest instead of + image tag to download the image. The sha256 of a pulled + image has to be updated. - lib.attrNamesToStr has been deprecated. Use more specific concatenation (lib.concat(Map)StringsSep) instead. + lib.attrNamesToStr has been deprecated. Use more + specific concatenation (lib.concat(Map)StringsSep) + instead. - lib.addErrorContextToAttrs has been deprecated. Use builtins.addErrorContext directly. + lib.addErrorContextToAttrs has been deprecated. Use + builtins.addErrorContext directly. - lib.showVal has been deprecated. Use lib.traceSeqN instead. + lib.showVal has been deprecated. Use + lib.traceSeqN instead. - lib.traceXMLVal has been deprecated. Use lib.traceValFn builtins.toXml instead. + lib.traceXMLVal has been deprecated. Use + lib.traceValFn builtins.toXml instead. - lib.traceXMLValMarked has been deprecated. Use lib.traceValFn (x: str + builtins.toXML x) instead. + lib.traceXMLValMarked has been deprecated. Use + lib.traceValFn (x: str + builtins.toXML x) instead. - The pkgs argument to NixOS modules can now be set directly using nixpkgs.pkgs. Previously, only the system, config and overlays arguments could be used to influence pkgs. + The pkgs argument to NixOS modules can now be set + directly using nixpkgs.pkgs. Previously, only the + system, config and + overlays arguments could be used to influence + pkgs. - A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs. For example: + A NixOS system can now be constructed more easily based on a preexisting + invocation of Nixpkgs. For example: inherit (pkgs.nixos { boot.loader.grub.enable = false; fileSystems."/".device = "/dev/xvda1"; }) toplevel kernel initialRamdisk manual; - This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays. + This benefits evaluation performance, lets you write Nixpkgs packages that + depend on NixOS images and is consistent with a deployment architecture + that would be centered around Nixpkgs overlays. - lib.traceValIfNot has been deprecated. Use if/then/else and lib.traceValSeq instead. + lib.traceValIfNot has been deprecated. Use + if/then/else and lib.traceValSeq + instead. - lib.traceCallXml has been deprecated. Please complain if you use the function regularly. + lib.traceCallXml has been deprecated. Please complain + if you use the function regularly. - The attribute lib.nixpkgsVersion has been deprecated in favor of lib.version. Please refer to the discussion in NixOS/nixpkgs#39416 for further reference. + The attribute lib.nixpkgsVersion has been deprecated in + favor of lib.version. Please refer to the discussion in + NixOS/nixpkgs#39416 + for further reference. - lib.recursiveUpdateUntil was not acting according to its specification. It has been fixed to act according to the docstring, and a test has been added. + lib.recursiveUpdateUntil was not acting according to + its specification. It has been fixed to act according to the docstring, + and a test has been added. @@ -635,7 +755,9 @@ inherit (pkgs.nixos { - Puts the generated Diffie-Hellman parameters into the Nix store instead of managing them in a stateful manner in /var/lib/dhparams. + Puts the generated Diffie-Hellman parameters into the Nix store instead + of managing them in a stateful manner in + /var/lib/dhparams. @@ -645,20 +767,27 @@ inherit (pkgs.nixos { - The default bit size to use for the generated Diffie-Hellman parameters. + The default bit size to use for the generated Diffie-Hellman + parameters. - The path to the actual generated parameter files should now be queried using config.security.dhparams.params.name.path because it might be either in the Nix store or in a directory configured by . + The path to the actual generated parameter files should now be queried + using + config.security.dhparams.params.name.path + because it might be either in the Nix store or in a directory configured + by . For developers: - Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). + Module implementers should not set a specific bit size in order to let + users configure it by themselves if they want to have a different bit + size than the default (2048). An example usage of this would be: @@ -677,82 +806,126 @@ inherit (pkgs.nixos { - networking.networkmanager.useDnsmasq has been deprecated. Use networking.networkmanager.dns instead. + networking.networkmanager.useDnsmasq has been + deprecated. Use networking.networkmanager.dns instead. - The Kubernetes package has been bumped to major version 1.11. Please consult the release notes for details on new features and api changes. + The Kubernetes package has been bumped to major version 1.11. Please + consult the + release + notes for details on new features and api changes. - The option services.kubernetes.apiserver.admissionControl was renamed to services.kubernetes.apiserver.enableAdmissionPlugins. + The option + services.kubernetes.apiserver.admissionControl was + renamed to + services.kubernetes.apiserver.enableAdmissionPlugins. - Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) Therefore; public service port for the dashboard has changed to 443 (container port 8443) and scheme to https. + Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) + Therefore; public service port for the dashboard has changed to 443 + (container port 8443) and scheme to https. - The option services.kubernetes.apiserver.address was renamed to services.kubernetes.apiserver.bindAddress. Note that the default value has changed from 127.0.0.1 to 0.0.0.0. + The option services.kubernetes.apiserver.address was + renamed to services.kubernetes.apiserver.bindAddress. + Note that the default value has changed from 127.0.0.1 to 0.0.0.0. - The option services.kubernetes.apiserver.publicAddress was not used and thus has been removed. + The option services.kubernetes.apiserver.publicAddress + was not used and thus has been removed. - The option services.kubernetes.addons.dashboard.enableRBAC was renamed to services.kubernetes.addons.dashboard.rbac.enable. + The option + services.kubernetes.addons.dashboard.enableRBAC was + renamed to + services.kubernetes.addons.dashboard.rbac.enable. - The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set services.kubernetes.addons.dashboard.rbac.clusterAdmin to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: kubectl delete clusterrolebinding kubernetes-dashboard + The Kubernetes Dashboard now has only minimal RBAC permissions by default. + If dashboard cluster-admin rights are desired, set + services.kubernetes.addons.dashboard.rbac.clusterAdmin + to true. On existing clusters, in order for the revocation of privileges + to take effect, the current ClusterRoleBinding for kubernetes-dashboard + must be manually removed: kubectl delete clusterrolebinding + kubernetes-dashboard - The programs.screen module provides allows to configure /etc/screenrc, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 pkgs.screen will be added to environment.systemPackages. + The programs.screen module provides allows to configure + /etc/screenrc, however the module behaved fairly + counterintuitive as the config exists, but the package wasn't available. + Since 18.09 pkgs.screen will be added to + environment.systemPackages. - The module now uses WPA2 by default. + The module now uses WPA2 by + default. - s6Dns, s6Networking, s6LinuxUtils and s6PortableUtils renamed to s6-dns, s6-networking, s6-linux-utils and s6-portable-utils respectively. + s6Dns, s6Networking, + s6LinuxUtils and s6PortableUtils + renamed to s6-dns, s6-networking, + s6-linux-utils and s6-portable-utils + respectively. - The module option is now defaulted to true. + The module option is now defaulted to + true. - The config activation script of nixos-rebuild now reloads all user units for each authenticated user. + The config activation script of nixos-rebuild now + reloads + all user units for each authenticated user. - The default display manager is now LightDM. To use SLiM set services.xserver.displayManager.slim.enable to true. + The default display manager is now LightDM. To use SLiM set + services.xserver.displayManager.slim.enable to + true. - NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use </para><para> to start a new paragraph. + NixOS option descriptions are now automatically broken up into individual + paragraphs if the text contains two consecutive newlines, so it's no + longer necessary to use </para><para> to start a + new paragraph. - Top-level buildPlatform, hostPlatform, and targetPlatform in Nixpkgs are deprecated. Please use their equivalents in stdenv instead: stdenv.buildPlatform, stdenv.hostPlatform, and stdenv.targetPlatform. + Top-level buildPlatform, + hostPlatform, and targetPlatform in + Nixpkgs are deprecated. Please use their equivalents in + stdenv instead: + stdenv.buildPlatform, + stdenv.hostPlatform, and + stdenv.targetPlatform. diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index e270519932b8..8ff1681d3b4a 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -13,7 +13,8 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: @@ -24,36 +25,53 @@ - The default Python 3 interpreter is now CPython 3.7 instead of CPython 3.6. + The default Python 3 interpreter is now CPython 3.7 instead of CPython + 3.6. - Added the Pantheon desktop environment. It can be enabled through services.xserver.desktopManager.pantheon.enable. + Added the Pantheon desktop environment. It can be enabled through + services.xserver.desktopManager.pantheon.enable. - By default, services.xserver.desktopManager.pantheon enables LightDM as a display manager, as pantheon's screen locking implementation relies on it. + By default, services.xserver.desktopManager.pantheon + enables LightDM as a display manager, as pantheon's screen locking + implementation relies on it. - Because of that it is recommended to leave LightDM enabled. If you'd like to disable it anyway, set to false and enable your preferred display manager. + Because of that it is recommended to leave LightDM enabled. If you'd like + to disable it anyway, set + to + false and enable your preferred display manager. - Also note that Pantheon's LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn't optimal for use here yet. + Also note that Pantheon's LightDM greeter is not enabled by default, + because it has numerous issues in NixOS and isn't optimal for use here + yet. - A major refactoring of the Kubernetes module has been completed. Refactorings primarily focus on decoupling components and enhancing security. Two-way TLS and RBAC has been enabled by default for all components, which slightly changes the way the module is configured. See: for details. + A major refactoring of the Kubernetes module has been completed. + Refactorings primarily focus on decoupling components and enhancing + security. Two-way TLS and RBAC has been enabled by default for all + components, which slightly changes the way the module is configured. See: + for details. - - There is now a set of options for , which allows to restrict services into a - chroot - 2 ed environment that only contains the store paths from the runtime closure of the service. - + + There is now a set of options for + , which allows to restrict services + into a + chroot + 2 + ed environment that only contains the store paths from + the runtime closure of the service. + @@ -77,7 +95,12 @@ - There is a new security.googleOsLogin module for using OS Login to manage SSH access to Google Compute Engine instances, which supersedes the imperative and broken google-accounts-daemon used in nixos/modules/virtualisation/google-compute-config.nix. + There is a new security.googleOsLogin module for using + OS + Login to manage SSH access to Google Compute Engine instances, + which supersedes the imperative and broken + google-accounts-daemon used in + nixos/modules/virtualisation/google-compute-config.nix. @@ -87,7 +110,10 @@ - There is a new services.cockroachdb module for running CockroachDB databases. NixOS now ships with CockroachDB 2.1.x as well, available on x86_64-linux and aarch64-linux. + There is a new services.cockroachdb module for running + CockroachDB databases. NixOS now ships with CockroachDB 2.1.x as well, + available on x86_64-linux and + aarch64-linux. @@ -100,7 +126,11 @@ - The PAM module for Duo Security has been enabled for use. One can configure it using the options along with the corresponding PAM option in . + The PAM module for Duo + Security has been enabled for use. One can configure it using the + options along with the corresponding PAM + option in + . @@ -114,7 +144,8 @@ Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: @@ -125,131 +156,233 @@ - For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but supports using Nix 1.11 by setting nix.package = pkgs.nix1;. If this option is set to a Nix 1.11 package, you will need to either unset the option or upgrade it to Nix 2.0. + For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but + supports using Nix 1.11 by setting nix.package = + pkgs.nix1;. If this option is set to a Nix 1.11 package, you + will need to either unset the option or upgrade it to Nix 2.0. - For users of NixOS 17.09, you will first need to upgrade Nix by setting nix.package = pkgs.nixStable2; and run nixos-rebuild switch as the root user. + For users of NixOS 17.09, you will first need to upgrade Nix by setting + nix.package = pkgs.nixStable2; and run + nixos-rebuild switch as the root + user. - For users of a daemon-less Nix installation on Linux or macOS, you can upgrade Nix by running curl https://nixos.org/nix/install | sh, or prior to doing a channel update, running nix-env -iA nix. + For users of a daemon-less Nix installation on Linux or macOS, you can + upgrade Nix by running curl https://nixos.org/nix/install | + sh, or prior to doing a channel update, running + nix-env -iA nix. - If you have already run a channel update and Nix is no longer able to evaluate Nixpkgs, the error message printed should provide adequate directions for upgrading Nix. + If you have already run a channel update and Nix is no longer able to + evaluate Nixpkgs, the error message printed should provide adequate + directions for upgrading Nix. - For users of the Nix daemon on macOS, you can upgrade Nix by running sudo -i sh -c 'nix-channel --update && nix-env -iA nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl start org.nixos.nix-daemon. + For users of the Nix daemon on macOS, you can upgrade Nix by running + sudo -i sh -c 'nix-channel --update && nix-env -iA + nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl + start org.nixos.nix-daemon. - The buildPythonPackage function now sets strictDeps = true to help distinguish between native and non-native dependencies in order to improve cross-compilation compatibility. Note however that this may break user expressions. + The buildPythonPackage function now sets + strictDeps = true to help distinguish between native + and non-native dependencies in order to improve cross-compilation + compatibility. Note however that this may break user expressions. - The buildPythonPackage function now sets LANG = C.UTF-8 to enable Unicode support. The glibcLocales package is no longer needed as a build input. + The buildPythonPackage function now sets LANG + = C.UTF-8 to enable Unicode support. The + glibcLocales package is no longer needed as a build + input. - The Syncthing state and configuration data has been moved from services.syncthing.dataDir to the newly defined services.syncthing.configDir, which default to /var/lib/syncthing/.config/syncthing. This change makes possible to share synced directories using ACLs without Syncthing resetting the permission on every start. + The Syncthing state and configuration data has been moved from + services.syncthing.dataDir to the newly defined + services.syncthing.configDir, which default to + /var/lib/syncthing/.config/syncthing. This change makes + possible to share synced directories using ACLs without Syncthing + resetting the permission on every start. - The ntp module now has sane default restrictions. If you're relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set services.ntp.restrictDefault and services.ntp.restrictSource to []. + The ntp module now has sane default restrictions. If + you're relying on the previous defaults, which permitted all queries and + commands from all firewall-permitted sources, you can set + services.ntp.restrictDefault and + services.ntp.restrictSource to []. - Package rabbitmq_server is renamed to rabbitmq-server. + Package rabbitmq_server is renamed to + rabbitmq-server. - The light module no longer uses setuid binaries, but udev rules. As a consequence users of that module have to belong to the video group in order to use the executable (i.e. users.users.yourusername.extraGroups = ["video"];). + The light module no longer uses setuid binaries, but + udev rules. As a consequence users of that module have to belong to the + video group in order to use the executable (i.e. + users.users.yourusername.extraGroups = ["video"];). - Buildbot now supports Python 3 and its packages have been moved to pythonPackages. The options and can be used to select the Python 2 or 3 version of the package. + Buildbot now supports Python 3 and its packages have been moved to + pythonPackages. The options + and + can be used to select + the Python 2 or 3 version of the package. - Options services.znc.confOptions.networks.name.userName and services.znc.confOptions.networks.name.modulePackages were removed. They were never used for anything and can therefore safely be removed. + Options + services.znc.confOptions.networks.name.userName + and + services.znc.confOptions.networks.name.modulePackages + were removed. They were never used for anything and can therefore safely + be removed. - Package wasm has been renamed proglodyte-wasm. The package wasm will be pointed to ocamlPackages.wasm in 19.09, so make sure to update your configuration if you want to keep proglodyte-wasm + Package wasm has been renamed + proglodyte-wasm. The package wasm + will be pointed to ocamlPackages.wasm in 19.09, so make + sure to update your configuration if you want to keep + proglodyte-wasm - When the nixpkgs.pkgs option is set, NixOS will no longer ignore the nixpkgs.overlays option. The old behavior can be recovered by setting nixpkgs.overlays = lib.mkForce [];. + When the nixpkgs.pkgs option is set, NixOS will no + longer ignore the nixpkgs.overlays option. The old + behavior can be recovered by setting nixpkgs.overlays = + lib.mkForce [];. - OpenSMTPD has been upgraded to version 6.4.0p1. This release makes backwards-incompatible changes to the configuration file format. See man smtpd.conf for more information on the new file format. + OpenSMTPD has been upgraded to version 6.4.0p1. This release makes + backwards-incompatible changes to the configuration file format. See + man smtpd.conf for more information on the new file + format. - The versioned postgresql have been renamed to use underscore number seperators. For example, postgresql96 has been renamed to postgresql_9_6. + The versioned postgresql have been renamed to use + underscore number seperators. For example, postgresql96 + has been renamed to postgresql_9_6. - Package consul-ui and passthrough consul.ui have been removed. The package consul now uses upstream releases that vendor the UI into the binary. See #48714 for details. + Package consul-ui and passthrough + consul.ui have been removed. The package + consul now uses upstream releases that vendor the UI + into the binary. See + #48714 + for details. - Slurm introduces the new option services.slurm.stateSaveLocation, which is now set to /var/spool/slurm by default (instead of /var/spool). Make sure to move all files to the new directory or to set the option accordingly. + Slurm introduces the new option + services.slurm.stateSaveLocation, which is now set to + /var/spool/slurm by default (instead of + /var/spool). Make sure to move all files to the new + directory or to set the option accordingly. - The slurmctld now runs as user slurm instead of root. If you want to keep slurmctld running as root, set services.slurm.user = root. + The slurmctld now runs as user slurm instead of + root. If you want to keep slurmctld running as + root, set services.slurm.user = + root. - The options services.slurm.nodeName and services.slurm.partitionName are now sets of strings to correctly reflect that fact that each of these options can occour more than once in the configuration. + The options services.slurm.nodeName and + services.slurm.partitionName are now sets of strings to + correctly reflect that fact that each of these options can occour more + than once in the configuration. - The solr package has been upgraded from 4.10.3 to 7.5.0 and has undergone some major changes. The services.solr module has been updated to reflect these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading. + The solr package has been upgraded from 4.10.3 to 7.5.0 + and has undergone some major changes. The services.solr + module has been updated to reflect these changes. Please review + http://lucene.apache.org/solr/ carefully before upgrading. - Package ckb is renamed to ckb-next, and options hardware.ckb.* are renamed to hardware.ckb-next.*. + Package ckb is renamed to ckb-next, + and options hardware.ckb.* are renamed to + hardware.ckb-next.*. - The option services.xserver.displayManager.job.logToFile which was previously set to true when using the display managers lightdm, sddm or xpra has been reset to the default value (false). + The option + services.xserver.displayManager.job.logToFile which was + previously set to true when using the display managers + lightdm, sddm or + xpra has been reset to the default value + (false). - Network interface indiscriminate NixOS firewall options (networking.firewall.allow*) are now preserved when also setting interface specific rules such as networking.firewall.interfaces.en0.allow*. These rules continue to use the pseudo device "default" (networking.firewall.interfaces.default.*), and assigning to this pseudo device will override the (networking.firewall.allow*) options. + Network interface indiscriminate NixOS firewall options + (networking.firewall.allow*) are now preserved when + also setting interface specific rules such as + networking.firewall.interfaces.en0.allow*. These rules + continue to use the pseudo device "default" + (networking.firewall.interfaces.default.*), and + assigning to this pseudo device will override the + (networking.firewall.allow*) options. - The nscd service now disables all caching of passwd and group databases by default. This was interferring with the correct functioning of the libnss_systemd.so module which is used by systemd to manage uids and usernames in the presence of DynamicUser= in systemd services. This was already the default behaviour in presence of services.sssd.enable = true because nscd caching would interfere with sssd in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network. + The nscd service now disables all caching of + passwd and group databases by + default. This was interferring with the correct functioning of the + libnss_systemd.so module which is used by + systemd to manage uids and usernames in the presence of + DynamicUser= in systemd services. This was already the + default behaviour in presence of services.sssd.enable = + true because nscd caching would interfere with + sssd in unpredictable ways as well. Because we're using + nscd not for caching, but for convincing glibc to find NSS modules in the + nix store instead of an absolute path, we have decided to disable caching + globally now, as it's usually not the behaviour the user wants and can + lead to surprising behaviour. Furthermore, negative caching of host + lookups is also disabled now by default. This should fix the issue of dns + lookups failing in the presence of an unreliable network. - If the old behaviour is desired, this can be restored by setting the services.nscd.config option with the desired caching parameters. + If the old behaviour is desired, this can be restored by setting the + services.nscd.config option with the desired caching + parameters. services.nscd.config = '' @@ -283,65 +416,124 @@ shared hosts yes ''; - See #50316 for details. + See + #50316 + for details. - GitLab Shell previously used the nix store paths for the gitlab-shell command in its authorized_keys file, which might stop working after garbage collection. To circumvent that, we regenerated that file on each startup. As gitlab-shell has now been changed to use /var/run/current-system/sw/bin/gitlab-shell, this is not necessary anymore, but there might be leftover lines with a nix store path. Regenerate the authorized_keys file via sudo -u git -H gitlab-rake gitlab:shell:setup in that case. + GitLab Shell previously used the nix store paths for the + gitlab-shell command in its + authorized_keys file, which might stop working after + garbage collection. To circumvent that, we regenerated that file on each + startup. As gitlab-shell has now been changed to use + /var/run/current-system/sw/bin/gitlab-shell, this is + not necessary anymore, but there might be leftover lines with a nix store + path. Regenerate the authorized_keys file via + sudo -u git -H gitlab-rake gitlab:shell:setup in that + case. - The pam_unix account module is now loaded with its control field set to required instead of sufficient, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to pam_unix. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting + The pam_unix account module is now loaded with its + control field set to required instead of + sufficient, so that later PAM account modules that + might do more extensive checks are being executed. Previously, the whole + account module verification was exited prematurely in case a nss module + provided the account name to pam_unix. The LDAP and + SSSD NixOS modules already add their NSS modules when enabled. In case + your setup breaks due to some later PAM account module previosuly + shadowed, or failing NSS lookups, please file a bug. You can get back the + old behaviour by manually setting .text]]> . - The pam_unix password module is now loaded with its control field set to sufficient instead of required, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by pam_unix, preventing pam_ldap to manage the password as it should. + The pam_unix password module is now loaded with its + control field set to sufficient instead of + required, so that password managed only by later PAM + password modules are being executed. Previously, for example, changing an + LDAP account's password through PAM was not possible: the whole password + module verification was exited prematurely by pam_unix, + preventing pam_ldap to manage the password as it + should. - fish has been upgraded to 3.0. It comes with a number of improvements and backwards incompatible changes. See the fish release notes for more information. + fish has been upgraded to 3.0. It comes with a number + of improvements and backwards incompatible changes. See the + fish + release + notes for more information. - The ibus-table input method has had a change in config format, which causes all previous settings to be lost. See this commit message for details. + The ibus-table input method has had a change in config format, which + causes all previous settings to be lost. See + this + commit message for details. - NixOS module system type types.optionSet and lib.mkOption argument options are deprecated. Use types.submodule instead. (#54637) + NixOS module system type types.optionSet and + lib.mkOption argument options are + deprecated. Use types.submodule instead. + (#54637) - matrix-synapse has been updated to version 0.99. It will no longer generate a self-signed certificate on first launch and will be the last version to accept self-signed certificates. As such, it is now recommended to use a proper certificate verified by a root CA (for example Let's Encrypt). The new manual chapter on Matrix contains a working example of using nginx as a reverse proxy in front of matrix-synapse, using Let's Encrypt certificates. + matrix-synapse has been updated to version 0.99. It + will no + longer generate a self-signed certificate on first launch and will + be + the + last version to accept self-signed certificates. As such, it is now + recommended to use a proper certificate verified by a root CA (for example + Let's Encrypt). The new manual + chapter on Matrix contains a working example of using nginx as a + reverse proxy in front of matrix-synapse, using Let's + Encrypt certificates. - mailutils now works by default when sendmail is not in a setuid wrapper. As a consequence, the sendmailPath argument, having lost its main use, has been removed. + mailutils now works by default when + sendmail is not in a setuid wrapper. As a consequence, + the sendmailPath argument, having lost its main use, + has been removed. - graylog has been upgraded from version 2.* to 3.*. Some setups making use of extraConfig (especially those exposing Graylog via reverse proxies) need to be updated as upstream removed/replaced some settings. See Upgrading Graylog for details. + graylog has been upgraded from version 2.* to 3.*. Some + setups making use of extraConfig (especially those exposing Graylog via + reverse proxies) need to be updated as upstream removed/replaced some + settings. See + Upgrading + Graylog for details. - The option users.ldap.bind.password was renamed to users.ldap.bind.passwordFile, and needs to be readable by the nslcd user. Same applies to the new users.ldap.daemon.rootpwmodpwFile option. + The option users.ldap.bind.password was renamed to users.ldap.bind.passwordFile, + and needs to be readable by the nslcd user. + Same applies to the new users.ldap.daemon.rootpwmodpwFile option. - - nodejs-6_x is end-of-life. nodejs-6_x, nodejs-slim-6_x and nodePackages_6_x are removed. - + + nodejs-6_x is end-of-life. + nodejs-6_x, nodejs-slim-6_x and + nodePackages_6_x are removed. + @@ -356,122 +548,214 @@ - The module gained the option which determines the used Matomo version. + The module gained the option + which determines the used Matomo + version. - The Matomo module now also comes with the systemd service matomo-archive-processing.service and a timer that automatically triggers archive processing every hour. This means that you can safely disable browser triggers for Matomo archiving at Administration > System > General Settings. + The Matomo module now also comes with the systemd service + matomo-archive-processing.service and a timer that + automatically triggers archive processing every hour. This means that you + can safely + + disable browser triggers for Matomo archiving at + Administration > System > General Settings. - Additionally, you can enable to delete old visitor logs at Administration > System > Privacy, but make sure that you run systemctl start matomo-archive-processing.service at least once without errors if you have already collected data before, so that the reports get archived before the source data gets deleted. + Additionally, you can enable to + + delete old visitor logs at Administration > System > + Privacy, but make sure that you run systemctl start + matomo-archive-processing.service at least once without errors + if you have already collected data before, so that the reports get + archived before the source data gets deleted. - composableDerivation along with supporting library functions has been removed. + composableDerivation along with supporting library + functions has been removed. - The deprecated truecrypt package has been removed and truecrypt attribute is now an alias for veracrypt. VeraCrypt is backward-compatible with TrueCrypt volumes. Note that cryptsetup also supports loading TrueCrypt volumes. + The deprecated truecrypt package has been removed and + truecrypt attribute is now an alias for + veracrypt. VeraCrypt is backward-compatible with + TrueCrypt volumes. Note that cryptsetup also supports + loading TrueCrypt volumes. - The Kubernetes DNS addons, kube-dns, has been replaced with CoreDNS. This change is made in accordance with Kubernetes making CoreDNS the official default starting from Kubernetes v1.11. Please beware that upgrading DNS-addon on existing clusters might induce minor downtime while the DNS-addon terminates and re-initializes. Also note that the DNS-service now runs with 2 pod replicas by default. The desired number of replicas can be configured using: . + The Kubernetes DNS addons, kube-dns, has been replaced with CoreDNS. This + change is made in accordance with Kubernetes making CoreDNS the official + default starting from + Kubernetes + v1.11. Please beware that upgrading DNS-addon on existing clusters + might induce minor downtime while the DNS-addon terminates and + re-initializes. Also note that the DNS-service now runs with 2 pod + replicas by default. The desired number of replicas can be configured + using: . - The quassel-webserver package and module was removed from nixpkgs due to the lack of maintainers. + The quassel-webserver package and module was removed from nixpkgs due to + the lack of maintainers. - The manual gained a new chapter on self-hosting matrix-synapse and riot-web , the most prevalent server and client implementations for the Matrix federated communication network. + The manual gained a new chapter on + self-hosting matrix-synapse and + riot-web , the most prevalent server and client + implementations for the + Matrix federated + communication network. - The astah-community package was removed from nixpkgs due to it being discontinued and the downloads not being available anymore. + The astah-community package was removed from nixpkgs due to it being + discontinued and the downloads not being available anymore. - The httpd service now saves log files with a .log file extension by default for easier integration with the logrotate service. + The httpd service now saves log files with a .log file extension by + default for easier integration with the logrotate service. - The owncloud server packages and httpd subservice module were removed from nixpkgs due to the lack of maintainers. + The owncloud server packages and httpd subservice module were removed from + nixpkgs due to the lack of maintainers. - It is possible now to uze ZRAM devices as general purpose ephemeral block devices, not only as swap. Using more than 1 device as ZRAM swap is no longer recommended, but is still possible by setting zramSwap.swapDevices explicitly. + It is possible now to uze ZRAM devices as general purpose ephemeral block + devices, not only as swap. Using more than 1 device as ZRAM swap is no + longer recommended, but is still possible by setting + zramSwap.swapDevices explicitly. ZRAM algorithm can be changed now. - Changes to ZRAM algorithm are applied during nixos-rebuild switch, so make sure you have enough swap space on disk to survive ZRAM device rebuild. Alternatively, use nixos-rebuild boot; reboot. + Changes to ZRAM algorithm are applied during nixos-rebuild + switch, so make sure you have enough swap space on disk to + survive ZRAM device rebuild. Alternatively, use nixos-rebuild + boot; reboot. - Flat volumes are now disabled by default in hardware.pulseaudio. This has been done to prevent applications, which are unaware of this feature, setting their volumes to 100% on startup causing harm to your audio hardware and potentially your ears. + Flat volumes are now disabled by default in + hardware.pulseaudio. This has been done to prevent + applications, which are unaware of this feature, setting their volumes to + 100% on startup causing harm to your audio hardware and potentially your + ears. - With this change application specific volumes are relative to the master volume which can be adjusted independently, whereas before they were absolute; meaning that in effect, it scaled the device-volume with the volume of the loudest application. + With this change application specific volumes are relative to the master + volume which can be adjusted independently, whereas before they were + absolute; meaning that in effect, it scaled the device-volume with the + volume of the loudest application. - The ndppd module now supports all config options provided by the current upstream version as service options. Additionally the ndppd package doesn't contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now. + The + ndppd + module now supports all config + options provided by the current upstream version as service + options. Additionally the ndppd package doesn't contain + the systemd unit configuration from upstream anymore, the unit is + completely configured by the NixOS module now. - New installs of NixOS will default to the Redmine 4.x series unless otherwise specified in services.redmine.package while existing installs of NixOS will default to the Redmine 3.x series. + New installs of NixOS will default to the Redmine 4.x series unless + otherwise specified in services.redmine.package while + existing installs of NixOS will default to the Redmine 3.x series. - The Grafana module now supports declarative datasource and dashboard provisioning. + The Grafana module now + supports declarative + datasource + and dashboard provisioning. - The use of insecure ports on kubernetes has been deprecated. Thus options: services.kubernetes.apiserver.port and services.kubernetes.controllerManager.port has been renamed to .insecurePort, and default of both options has changed to 0 (disabled). + The use of insecure ports on kubernetes has been deprecated. Thus options: + services.kubernetes.apiserver.port and + services.kubernetes.controllerManager.port has been + renamed to .insecurePort, and default of both options + has changed to 0 (disabled). - Note that the default value of services.kubernetes.apiserver.bindAddress has changed from 127.0.0.1 to 0.0.0.0, allowing the apiserver to be accessible from outside the master node itself. If the apiserver insecurePort is enabled, it is strongly recommended to only bind on the loopback interface. See: services.kubernetes.apiserver.insecurebindAddress. + Note that the default value of + services.kubernetes.apiserver.bindAddress has changed + from 127.0.0.1 to 0.0.0.0, allowing the apiserver to be accessible from + outside the master node itself. If the apiserver insecurePort is enabled, + it is strongly recommended to only bind on the loopback interface. See: + services.kubernetes.apiserver.insecurebindAddress. - The option services.kubernetes.apiserver.allowPrivileged and services.kubernetes.kubelet.allowPrivileged now defaults to false. Disallowing privileged containers on the cluster. + The option + services.kubernetes.apiserver.allowPrivileged and + services.kubernetes.kubelet.allowPrivileged now + defaults to false. Disallowing privileged containers on the cluster. - The kubernetes module does no longer add the kubernetes package to environment.systemPackages implicitly. + The kubernetes module does no longer add the kubernetes package to + environment.systemPackages implicitly. - The intel driver has been removed from the default list of X.org video drivers. The modesetting driver should take over automatically, it is better maintained upstream and has less problems with advanced X11 features. This can lead to a change in the output names used by xrandr. Some performance regressions on some GPU models might happen. Some OpenCL and VA-API applications might also break (Beignet seems to provide OpenCL support with modesetting driver, too). Kernel mode setting API does not support backlight control, so xbacklight tool will not work; backlight level can be controlled directly via /sys/ or with brightnessctl. Users who need this functionality more than multi-output XRandR are advised to add `intel` to `videoDrivers` and report an issue (or provide additional details in an existing one) + The intel driver has been removed from the default list + of X.org video + drivers. The modesetting driver should take over + automatically, it is better maintained upstream and has less problems with + advanced X11 features. This can lead to a change in the output names used + by xrandr. Some performance regressions on some GPU + models might happen. Some OpenCL and VA-API applications might also break + (Beignet seems to provide OpenCL support with + modesetting driver, too). Kernel mode setting API does + not support backlight control, so xbacklight tool will + not work; backlight level can be controlled directly via + /sys/ or with brightnessctl. Users + who need this functionality more than multi-output XRandR are advised to + add `intel` to `videoDrivers` and report an issue (or provide additional + details in an existing one) - Openmpi has been updated to version 4.0.0, which removes some deprecated MPI-1 symbols. This may break some older applications that still rely on those symbols. An upgrade guide can be found here. + Openmpi has been updated to version 4.0.0, which removes some deprecated + MPI-1 symbols. This may break some older applications that still rely on + those symbols. An upgrade guide can be found + here. - The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using . + The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by + default. You can set the protocols used by the nginx service using + . diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 92eae4539248..58ab7207f533 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -13,7 +13,8 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: @@ -33,155 +34,85 @@ - - The binfmt module is now easier to use. Additional systems can be added through . For instance, boot.binfmt.emulatedSystems = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]; will set up binfmt interpreters for each of those listed systems. + + The binfmt module is now easier to use. Additional systems can + be added through . + For instance, boot.binfmt.emulatedSystems = [ + "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]; will + set up binfmt interpreters for each of those listed systems. + + + + + The installer now uses a less privileged nixos user whereas before we logged in as root. + To gain root privileges use sudo -i without a password. - The installer now uses a less privileged nixos user whereas before we logged in as root. To gain root privileges use sudo -i without a password. + We've updated to Xfce 4.14, which brings a new module . + If you'd like to upgrade, please switch from the module as it + will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support + and it isn't recommended to use + and simultaneously or to downgrade from Xfce 4.14 after upgrading. - We've updated to Xfce 4.14, which brings a new module . If you'd like to upgrade, please switch from the module as it will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support and it isn't recommended to use and simultaneously or to downgrade from Xfce 4.14 after upgrading. + The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages + like games. + + This can be achieved with the following options which the desktop manager default enables, excluding games. + + + + + + With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually + disable options or use which only excluded the optional applications. + is now unguarded, it can exclude any package installed with + in the GNOME 3 module. - The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages like games. - - - This can be achieved with the following options which the desktop manager default enables, excluding games. - - - - - - - - - - - - - - - - - - - - - - - With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually disable options or use which only excluded the optional applications. is now unguarded, it can exclude any package installed with in the GNOME 3 module. + Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications + to match as close as possible to a default reference GNOME 3 experience. - - - - Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications to match as close as possible to a default reference GNOME 3 experience. - - The following changes were enacted in - + + The following changes were enacted in + Applications removed from defaults: - - - accerciser - - - - - dconf-editor - - - - - evolution - - - - - gnome-documents - - - - - gnome-nettool - - - - - gnome-power-manager - - - - - gnome-todo - - - - - gnome-tweaks - - - - - gnome-usage - - - - - gucharmap - - - - - nautilus-sendto - - - - - vinagre - - + accerciser + dconf-editor + evolution + gnome-documents + gnome-nettool + gnome-power-manager + gnome-todo + gnome-tweaks + gnome-usage + gucharmap + nautilus-sendto + vinagre Applications added to defaults: - - - cheese - - - - - geary - - + cheese + geary - The following changes were enacted in - + + The following changes were enacted in + Applications added to defaults: - - - gnome-color-manager - - - - - orca - - + gnome-color-manager + orca Services enabled: - - - - - + @@ -206,43 +137,41 @@ - The new hardware.printers module allows to declaratively configure CUPS printers via the ensurePrinters and ensureDefaultPrinter options. ensurePrinters will never delete existing printers, but will make sure that the given printers are configured as declared. + The new hardware.printers module allows to declaratively configure CUPS printers + via the ensurePrinters and + ensureDefaultPrinter options. + ensurePrinters will never delete existing printers, + but will make sure that the given printers are configured as declared. - There is a new and module for the program of the same name. If you previously had system-config-printer enabled through some other means you should migrate to using one of these modules. + There is a new and module + for the program of the same name. If you previously had system-config-printer enabled through some other + means you should migrate to using one of these modules. - - If you're a user of the following desktopManager modules no action is needed: - + If you're a user of the following desktopManager modules no action is needed: - - - + - - - + - - - + + - - - - Note Mate uses programs.system-config-printer as it doesn't use it as a service, but its graphical interface directly. + Note Mate uses programs.system-config-printer as it doesn't + use it as a service, but its graphical interface directly. +
Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: - Buildbot no longer supports Python 2, as support was dropped upstream in version 2.0.0. Configurations may need to be modified to make them compatible with Python 3. + Buildbot no longer supports Python 2, as support was dropped upstream in + version 2.0.0. Configurations may need to be modified to make them + compatible with Python 3. - PostgreSQL now uses /run/postgresql as its socket directory instead of /tmp. So if you run an application like eg. Nextcloud, where you need to use the Unix socket path as the database host name, you need to change it accordingly. + PostgreSQL now uses + /run/postgresql as its socket + directory instead of /tmp. So + if you run an application like eg. Nextcloud, where you need to use + the Unix socket path as the database host name, you need to change it + accordingly. @@ -274,212 +211,278 @@ - The options and have been removed because the alertmanager service is now using systemd's DynamicUser mechanism which obviates these options. + The options and + have been removed + because the alertmanager service is now using systemd's + DynamicUser mechanism which obviates these options. - The NetworkManager systemd unit was renamed back from network-manager.service to NetworkManager.service for better compatibility with other applications expecting this name. The same applies to ModemManager where modem-manager.service is now called ModemManager.service again. + The NetworkManager systemd unit was renamed back from network-manager.service to + NetworkManager.service for better compatibility with other applications expecting this name. + The same applies to ModemManager where modem-manager.service is now called ModemManager.service again. - The and options were removed as they are managed internally by the nzbget. The option hadn't actually been used by the module for some time and so was removed as cleanup. + The and + options were removed as they are managed internally by the nzbget. The + option hadn't actually been used by + the module for some time and so was removed as cleanup. - The option was removed, as it was only used by the wordpress apache-httpd service to wait for mysql to have started up. This can be accomplished by either describing a dependency on mysql.service (preferred) or waiting for the (hardcoded) /run/mysqld/mysql.sock file to appear. + The option was removed, as it was only used by the wordpress + apache-httpd service to wait for mysql to have started up. + This can be accomplished by either describing a dependency on mysql.service (preferred) + or waiting for the (hardcoded) /run/mysqld/mysql.sock file to appear. - The module has been removed, see instead for a free software fork of Emby. See the Jellyfin documentation: Migrating from Emby to Jellyfin + The module has been removed, see + instead for a free software fork of Emby. + + See the Jellyfin documentation: + + Migrating from Emby to Jellyfin + + + + + + IPv6 Privacy Extensions are now enabled by default for undeclared + interfaces. The previous behaviour was quite misleading — even though + the default value for + was + true, undeclared interfaces would not prefer temporary + addresses. Now, interfaces not mentioned in the config will prefer + temporary addresses. EUI64 addresses can still be set as preferred by + explicitly setting the option to false for the + interface in question. - IPv6 Privacy Extensions are now enabled by default for undeclared interfaces. The previous behaviour was quite misleading — even though the default value for was true, undeclared interfaces would not prefer temporary addresses. Now, interfaces not mentioned in the config will prefer temporary addresses. EUI64 addresses can still be set as preferred by explicitly setting the option to false for the interface in question. + Since Bittorrent Sync was superseded by Resilio Sync in 2016, the + bittorrentSync, bittorrentSync14, + and bittorrentSync16 packages have been removed in + favor of resilio-sync. + + + The corresponding module, has been + replaced by the module. - Since Bittorrent Sync was superseded by Resilio Sync in 2016, the bittorrentSync, bittorrentSync14, and bittorrentSync16 packages have been removed in favor of resilio-sync. + The httpd service no longer attempts to start the postgresql service. If you have come to depend + on this behaviour then you can preserve the behavior with the following configuration: + systemd.services.httpd.after = [ "postgresql.service" ]; - The corresponding module, has been replaced by the module. + The option has been + marked as deprecated. You may still use this feature, but it will be + removed in a future release of NixOS. You are encouraged to convert any + httpd subservices you may have written to a full NixOS module. + + + Most of the httpd subservices packaged with NixOS have been replaced with + full NixOS modules including LimeSurvey, WordPress, and Zabbix. These + modules can be enabled using the , + , , + and options. - The httpd service no longer attempts to start the postgresql service. If you have come to depend on this behaviour then you can preserve the behavior with the following configuration: systemd.services.httpd.after = [ "postgresql.service" ]; - - - The option has been marked as deprecated. You may still use this feature, but it will be removed in a future release of NixOS. You are encouraged to convert any httpd subservices you may have written to a full NixOS module. - - - Most of the httpd subservices packaged with NixOS have been replaced with full NixOS modules including LimeSurvey, WordPress, and Zabbix. These modules can be enabled using the , , , and options. + The option + was renamed to + (capital L). This follows + + upstreams renaming + of the setting. - The option was renamed to (capital L). This follows upstreams renaming of the setting. + As of this release the NixOps feature autoLuks is deprecated. It no longer works + with our systemd version without manual intervention. + + + Whenever the usage of the module is detected the evaluation will fail with a message + explaining why and how to deal with the situation. + + + A new knob named nixops.enableDeprecatedAutoLuks + has been introduced to disable the eval failure and to acknowledge the notice was received and read. + If you plan on using the feature please note that it might break with subsequent updates. + + + Make sure you set the _netdev option for each of the file systems referring to block + devices provided by the autoLuks module. Not doing this might render the system in a + state where it doesn't boot anymore. + + + If you are actively using the autoLuks module please let us know in + issue #62211. - As of this release the NixOps feature autoLuks is deprecated. It no longer works with our systemd version without manual intervention. - - - Whenever the usage of the module is detected the evaluation will fail with a message explaining why and how to deal with the situation. - - - A new knob named nixops.enableDeprecatedAutoLuks has been introduced to disable the eval failure and to acknowledge the notice was received and read. If you plan on using the feature please note that it might break with subsequent updates. - - - Make sure you set the _netdev option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn't boot anymore. - - - If you are actively using the autoLuks module please let us know in issue #62211. + The setopt declarations will be evaluated at the end of /etc/zshrc, so any code in , + and may break if it relies on those options being set. - The setopt declarations will be evaluated at the end of /etc/zshrc, so any code in , and may break if it relies on those options being set. + The prometheus-nginx-exporter package now uses the offical exporter provided by NGINX Inc. + Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, + have a look at the official repo. - The prometheus-nginx-exporter package now uses the offical exporter provided by NGINX Inc. Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, have a look at the official repo. + The shibboleth-sp package has been updated to version 3. + It is largely backward compatible, for further information refer to the + release notes + and upgrade guide. + + Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped. + + + + + By default, prometheus exporters are now run with DynamicUser enabled. + Exporters that need a real user, now run under a seperate user and group which follow the pattern <exporter-name>-exporter, instead of the previous default nobody and nogroup. + Only some exporters are affected by the latter, namely the exporters dovecot, node, postfix and varnish. + + + + + The ibus-qt package is not installed by default anymore when is set to ibus. + If IBus support in Qt 4.x applications is required, add the ibus-qt package to your manually. + + + + + The CUPS Printing service now uses socket-based activation by + default, only starting when needed. The previous behavior can + be restored by setting + to + false. + + + + + The module has been removed from nixpkgs due to lack of maintainer. + + + + + The module has been removed from nixpkgs due to lack of maintainer. + + + + + Squid 3 has been removed and the derivation now refers to Squid 4. + + + + + The option has been replaced by + . The new option allows setting extra + configuration while being better type-checked and mergeable. + - The shibboleth-sp package has been updated to version 3. It is largely backward compatible, for further information refer to the release notes and upgrade guide. - - - Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped. - - - - - By default, prometheus exporters are now run with DynamicUser enabled. Exporters that need a real user, now run under a seperate user and group which follow the pattern <exporter-name>-exporter, instead of the previous default nobody and nogroup. Only some exporters are affected by the latter, namely the exporters dovecot, node, postfix and varnish. - - - - - The ibus-qt package is not installed by default anymore when is set to ibus. If IBus support in Qt 4.x applications is required, add the ibus-qt package to your manually. - - - - - The CUPS Printing service now uses socket-based activation by default, only starting when needed. The previous behavior can be restored by setting to false. - - - - - The module has been removed from nixpkgs due to lack of maintainer. - - - - - The module has been removed from nixpkgs due to lack of maintainer. - - - - - Squid 3 has been removed and the derivation now refers to Squid 4. - - - - - The option has been replaced by . The new option allows setting extra configuration while being better type-checked and mergeable. - - - - - No service depends on keys.target anymore which is a systemd target that indicates if all NixOps keys were successfully uploaded. Instead, <key-name>-key.service should be used to define a dependency of a key in a service. The full issue behind the keys.target dependency is described at NixOS/nixpkgs#67265. + No service depends on keys.target anymore which is a systemd + target that indicates if all NixOps keys were successfully uploaded. + Instead, <key-name>-key.service should be used to define + a dependency of a key in a service. The full issue behind the keys.target + dependency is described at NixOS/nixpkgs#67265. The following services are affected by this: - - - services.dovecot2 - - - - - services.nsd - - - - - services.softether - - - - - services.strongswan - - - - - services.strongswan-swanctl - - - - - services.httpd - - + services.dovecot2 + services.nsd + services.softether + services.strongswan + services.strongswan-swanctl + services.httpd + + + The option has been replaced by a read-only option for each certificate you define. This will be + a subdirectory of /var/lib/acme. You can use this read-only option to figure out where the certificates are stored for a specific certificate. For example, + the option will use this directory option to find the certs for the virtual host. + + + and options have been removed. To execute a service before certificates + are provisioned or renewed add a RequiredBy=acme-${cert}.service to any service. + + + Furthermore, the acme module will not automatically add a dependency on lighttpd.service anymore. If you are using certficates provided by letsencrypt + for lighttpd, then you should depend on the certificate service acme-${cert}.service> manually. + + + For nginx, the dependencies are still automatically managed when is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, + instead of depending on the catch-all acme-certificates.target. This target unit was also removed from the codebase. + This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal + ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at + NixOS/nixpkgs#60180. + + + + + The old deprecated emacs package sets have been dropped. + What used to be called emacsPackagesNg is now simply called emacsPackages. + + + + + is now disabled by default if stateVersion is 19.09 or higher. + Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to + have any desktopManager enabled default. + + - The option has been replaced by a read-only option for each certificate you define. This will be a subdirectory of /var/lib/acme. You can use this read-only option to figure out where the certificates are stored for a specific certificate. For example, the option will use this directory option to find the certs for the virtual host. - - - and options have been removed. To execute a service before certificates are provisioned or renewed add a RequiredBy=acme-${cert}.service to any service. - - - Furthermore, the acme module will not automatically add a dependency on lighttpd.service anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service acme-${cert}.service> manually. - - - For nginx, the dependencies are still automatically managed when is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all acme-certificates.target. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at NixOS/nixpkgs#60180. + The WeeChat plugin pkgs.weechatScripts.weechat-xmpp has been removed as it doesn't receive + any updates from upstream and depends on outdated Python2-based modules. - The old deprecated emacs package sets have been dropped. What used to be called emacsPackagesNg is now simply called emacsPackages. + Old unsupported versions (logstash5, + kibana5, + filebeat5, + heartbeat5, + metricbeat5, + packetbeat5) of the ELK-stack and Elastic beats have been removed. - is now disabled by default if stateVersion is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to have any desktopManager enabled default. + For NixOS 19.03, both Prometheus 1 and 2 were available to allow for + a seamless transition from version 1 to 2 with existing setups. + Because Prometheus 1 is no longer developed, it was removed. + Prometheus 2 is now configured with services.prometheus. - - The WeeChat plugin pkgs.weechatScripts.weechat-xmpp has been removed as it doesn't receive any updates from upstream and depends on outdated Python2-based modules. - - - - - Old unsupported versions (logstash5, kibana5, filebeat5, heartbeat5, metricbeat5, packetbeat5) of the ELK-stack and Elastic beats have been removed. - - - - - For NixOS 19.03, both Prometheus 1 and 2 were available to allow for a seamless transition from version 1 to 2 with existing setups. Because Prometheus 1 is no longer developed, it was removed. Prometheus 2 is now configured with services.prometheus. - - - - - Citrix Receiver (citrix_receiver) has been dropped in favor of Citrix Workspace (citrix_workspace). - + + Citrix Receiver (citrix_receiver) has been dropped in favor of Citrix Workspace + (citrix_workspace). +
@@ -494,74 +497,122 @@ - The module gained an option named which makes the generated + The module gained an option named + which makes the + generated configuration.nix - 5 manual page include all options from all NixOS modules included in a given configuration.nix configuration file. Currently, it is set to false by default as enabling it frequently prevents evaluation. But the plan is to eventually have it set to true by default. Please set it to true now in your configuration.nix and fix all the bugs it uncovers. + 5 manual page include all options + from all NixOS modules included in a given + configuration.nix configuration file. Currently, it is + set to false by default as enabling it frequently + prevents evaluation. But the plan is to eventually have it set to + true by default. Please set it to + true now in your configuration.nix + and fix all the bugs it uncovers. - The vlc package gained support for Chromecast streaming, enabled by default. TCP port 8010 must be open for it to work, so something like networking.firewall.allowedTCPPorts = [ 8010 ]; may be required in your configuration. Also consider enabling Accelerated Video Playback for better transcoding performance. + The vlc package gained support for Chromecast + streaming, enabled by default. TCP port 8010 must be open for it to work, + so something like networking.firewall.allowedTCPPorts = [ 8010 + ]; may be required in your configuration. Also consider enabling + + Accelerated Video Playback for better transcoding performance. - The following changes apply if the stateVersion is changed to 19.09 or higher. For stateVersion = "19.03" or lower the old behavior is preserved. + The following changes apply if the stateVersion is + changed to 19.09 or higher. For stateVersion = "19.03" + or lower the old behavior is preserved. - solr.package defaults to pkgs.solr_8. + solr.package defaults to + pkgs.solr_8. - The hunspellDicts.fr-any dictionary now ships with fr_FR.{aff,dic} which is linked to fr-toutesvariantes.{aff,dic}. + The hunspellDicts.fr-any dictionary now ships with fr_FR.{aff,dic} + which is linked to fr-toutesvariantes.{aff,dic}. - The mysql service now runs as mysql user. Previously, systemd did execute it as root, and mysql dropped privileges itself. This includes ExecStartPre= and ExecStartPost= phases. To accomplish that, runtime and data directory setup was delegated to RuntimeDirectory and tmpfiles. + The mysql service now runs as mysql + user. Previously, systemd did execute it as root, and mysql dropped privileges + itself. + This includes ExecStartPre= and + ExecStartPost= phases. + To accomplish that, runtime and data directory setup was delegated to + RuntimeDirectory and tmpfiles. - With the upgrade to systemd version 242 the systemd-timesyncd service is no longer using DynamicUser=yes. In order for the upgrade to work we rely on an activation script to move the state from the old to the new directory. The older directory (prior 19.09) was /var/lib/private/systemd/timesync. + With the upgrade to systemd version 242 the systemd-timesyncd + service is no longer using DynamicUser=yes. In order for the + upgrade to work we rely on an activation script to move the state from the old + to the new directory. The older directory (prior 19.09) was + /var/lib/private/systemd/timesync. - As long as the system.config.stateVersion is below 19.09 the state folder will migrated to its proper location (/var/lib/systemd/timesync), if required. + As long as the system.config.stateVersion is below + 19.09 the state folder will migrated to its proper location + (/var/lib/systemd/timesync), if required. - The package avahi is now built to look up service definitions from /etc/avahi/services instead of its output directory in the nix store. Accordingly the module now supports custom service definitions via , which are then placed in the aforementioned directory. See - avahi.service - 5 for more information on custom service definitions. + The package avahi is now built to look up service + definitions from /etc/avahi/services instead of its + output directory in the nix store. Accordingly the module + now supports custom service definitions via + , which are then placed + in the aforementioned directory. See + avahi.service5 + for more information on custom service definitions. - Since version 0.1.19, cargo-vendor honors package includes that are specified in the Cargo.toml file of Rust crates. rustPlatform.buildRustPackage uses cargo-vendor to collect and build dependent crates. Since this change in cargo-vendor changes the set of vendored files for most Rust packages, the hash that use used to verify the dependencies, cargoSha256, also changes. + Since version 0.1.19, cargo-vendor honors package + includes that are specified in the Cargo.toml + file of Rust crates. rustPlatform.buildRustPackage uses + cargo-vendor to collect and build dependent crates. + Since this change in cargo-vendor changes the set of + vendored files for most Rust packages, the hash that use used to verify + the dependencies, cargoSha256, also changes. - The cargoSha256 hashes of all in-tree derivations that use buildRustPackage have been updated to reflect this change. However, third-party derivations that use buildRustPackage may have to be updated as well. + The cargoSha256 hashes of all in-tree derivations that + use buildRustPackage have been updated to reflect this + change. However, third-party derivations that use + buildRustPackage may have to be updated as well. - The consul package was upgraded past version 1.5, so its deprecated legacy UI is no longer available. + The consul package was upgraded past version 1.5, + so its deprecated legacy UI is no longer available. - The default resample-method for PulseAudio has been changed from the upstream default speex-float-1 to speex-float-5. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you'll need to set back to speex-float-1. + The default resample-method for PulseAudio has been changed from the upstream default speex-float-1 + to speex-float-5. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this + so you'll need to set back to speex-float-1. - The phabricator package and associated httpd.extraSubservice, as well as the phd service have been removed from nixpkgs due to lack of maintainer. + The phabricator package and associated httpd.extraSubservice, as well as the + phd service have been removed from nixpkgs due to lack of maintainer. @@ -576,7 +627,8 @@ - The foswiki package and associated httpd.extraSubservice have been removed from nixpkgs due to lack of maintainer. + The foswiki package and associated httpd.extraSubservice have been removed + from nixpkgs due to lack of maintainer. @@ -586,126 +638,155 @@ - It's now possible to change configuration in services.nextcloud after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating /var/lib/nextcloud. + It's now possible to change configuration in + services.nextcloud after the initial deploy + since all config parameters are persisted in an additional config file generated by the module. + Previously core configuration like database parameters were set using their imperative + installer after creating /var/lib/nextcloud. - There exists now lib.forEach, which is like map, but with arguments flipped. When mapping function body spans many lines (or has nested maps), it is often hard to follow which list is modified. + There exists now lib.forEach, which is like map, but with + arguments flipped. When mapping function body spans many lines (or has nested + maps), it is often hard to follow which list is modified. - Previous solution to this problem was either to use lib.flip map idiom or extract that anonymous mapping function to a named one. Both can still be used but lib.forEach is preferred over lib.flip map. + Previous solution to this problem was either to use lib.flip map + idiom or extract that anonymous mapping function to a named one. Both can still be used + but lib.forEach is preferred over lib.flip map. - The /etc/sysctl.d/nixos.conf file containing all the options set via boot.kernel.sysctl was moved to /etc/sysctl.d/60-nixos.conf, as - sysctl.d - 5 recommends prefixing all filenames in /etc/sysctl.d with a two-digit number and a dash to simplify the ordering of the files. + The /etc/sysctl.d/nixos.conf file containing all the options set via + boot.kernel.sysctl was moved to + /etc/sysctl.d/60-nixos.conf, as + sysctl.d5 + recommends prefixing all filenames in /etc/sysctl.d with a + two-digit number and a dash to simplify the ordering of the files. - We now install the sysctl snippets shipped with systemd. - + We now install the sysctl snippets shipped with systemd. + + This enables: + + Loose reverse path filtering + + + Source route filtering + + - This enables: + fq_codel as a packet scheduler (this helps to fight bufferbloat) - - - Loose reverse path filtering - - - - - Source route filtering - - - - - fq_codel as a packet scheduler (this helps to fight bufferbloat) - - - - This also configures the kernel to pass coredumps to systemd-coredump, and restricts the SysRq key combinations to the sync command only. These sysctl snippets can be found in /etc/sysctl.d/50-*.conf, and overridden via boot.kernel.sysctl (which will place the parameters in /etc/sysctl.d/60-nixos.conf). + + + This also configures the kernel to pass coredumps to systemd-coredump, + and restricts the SysRq key combinations to the sync command only. + These sysctl snippets can be found in /etc/sysctl.d/50-*.conf, + and overridden via boot.kernel.sysctl + (which will place the parameters in /etc/sysctl.d/60-nixos.conf). +
+ + + + Coredumps are now acquired by systemd-coredump by default. + systemd-coredump behaviour can still be modified via + . + To stick to the old behaviour (having the kernel dump to a file called core + in the working directory), without piping it through systemd-coredump, set + to "core". - Coredumps are now acquired by systemd-coredump by default. systemd-coredump behaviour can still be modified via . To stick to the old behaviour (having the kernel dump to a file called core in the working directory), without piping it through systemd-coredump, set to "core". + systemd.packages option now also supports generators and + shutdown scripts. Old systemd.generator-packages option has + been removed. - systemd.packages option now also supports generators and shutdown scripts. Old systemd.generator-packages option has been removed. + The rmilter package was removed with associated module and options due deprecation by upstream developer. + Use rspamd in proxy mode instead. - The rmilter package was removed with associated module and options due deprecation by upstream developer. Use rspamd in proxy mode instead. + systemd cgroup accounting via the + systemd.enableCgroupAccounting + option is now enabled by default. It now also enables the more recent Block IO and IP accounting + features. - systemd cgroup accounting via the systemd.enableCgroupAccounting option is now enabled by default. It now also enables the more recent Block IO and IP accounting features. + We no longer enable custom font rendering settings with by default. + The defaults from fontconfig are sufficient. - We no longer enable custom font rendering settings with by default. The defaults from fontconfig are sufficient. - - - - - The crashplan package and the crashplan service have been removed from nixpkgs due to crashplan shutting down the service, while the crashplansb package and crashplan-small-business service have been removed from nixpkgs due to lack of maintainer. + The crashplan package and the + crashplan service have been removed from nixpkgs due to + crashplan shutting down the service, while the crashplansb + package and crashplan-small-business service have been + removed from nixpkgs due to lack of maintainer. - The redis module was hardcoded to use the redis user, /run/redis as runtime directory and /var/lib/redis as state directory. Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP), because this features causes major performance problems for Redis, e.g. (https://redis.io/topics/latency). + The redis module was hardcoded to use the redis user, + /run/redis as runtime directory and + /var/lib/redis as state directory. + Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for Redis, + e.g. (https://redis.io/topics/latency). Using adds a default emoji font noto-fonts-emoji. - - Users of the following options will have this enabled by default: - + Users of the following options will have this enabled by default: - - - + - - - + - - - + - - - + - - The altcoins categorization of packages has been removed. You now access these packages at the top level, ie. nix-shell -p dogecoin instead of nix-shell -p altcoins.dogecoin, etc. - + + The altcoins categorization of packages has + been removed. You now access these packages at the top level, + ie. nix-shell -p dogecoin instead of + nix-shell -p altcoins.dogecoin, etc. + - - Ceph has been upgraded to v14.2.1. See the release notes for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There's been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch. - - - - - pkgs.weechat is now compiled against pkgs.python3. Weechat also recommends to use Python3 in their docs. - - + + Ceph has been upgraded to v14.2.1. + See the release notes for details. + The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. + Note: There's been some issues with python-cherrypy, which is used by the dashboard + and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch. + + + + + pkgs.weechat is now compiled against pkgs.python3. + Weechat also recommends to use Python3 + in their docs. + + diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index f10c0afd1db4..c84bc8dbb379 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -13,7 +13,8 @@ Highlights - In addition to numerous new and upgraded packages, this release has the following highlights: + In addition to numerous new and upgraded packages, this release has the + following highlights: @@ -41,6 +42,7 @@ +
Backward Incompatibilities - When upgrading from a previous release, please be aware of the following incompatible changes: + When upgrading from a previous release, please be aware of the following + incompatible changes: diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index 830ef88d6d9a..117482fb0d57 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -5,7 +5,11 @@ xml:id="module-services-input-methods"> Input Methods - Input methods are an operating system component that allows any data, such as keyboard strokes or mouse movements, to be received as input. In this way users can enter characters and symbols not found on their input devices. Using an input method is obligatory for any language that has more graphemes than there are keys on the keyboard. + Input methods are an operating system component that allows any data, such as + keyboard strokes or mouse movements, to be received as input. In this way + users can enter characters and symbols not found on their input devices. + Using an input method is obligatory for any language that has more graphemes + than there are keys on the keyboard. The following input methods are available in NixOS: @@ -36,7 +40,8 @@ IBus - IBus is an Intelligent Input Bus. It provides full featured and user friendly input method user interface. + IBus is an Intelligent Input Bus. It provides full featured and user + friendly input method user interface. @@ -51,7 +56,8 @@ i18n.inputMethod = { - i18n.inputMethod.ibus.engines is optional and can be used to add extra IBus engines. + i18n.inputMethod.ibus.engines is optional and can be used + to add extra IBus engines. @@ -61,7 +67,8 @@ i18n.inputMethod = { - Anthy (ibus-engines.anthy): Anthy is a system for Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + Anthy (ibus-engines.anthy): Anthy is a system for + Japanese input method. It converts Hiragana text to Kana Kanji mixed text. @@ -71,22 +78,28 @@ i18n.inputMethod = { - m17n (ibus-engines.m17n): m17n is an input method that uses input methods and corresponding icons in the m17n database. + m17n (ibus-engines.m17n): m17n is an input method that + uses input methods and corresponding icons in the m17n database. - mozc (ibus-engines.mozc): A Japanese input method from Google. + mozc (ibus-engines.mozc): A Japanese input method from + Google. - Table (ibus-engines.table): An input method that load tables of input methods. + Table (ibus-engines.table): An input method that load + tables of input methods. - table-others (ibus-engines.table-others): Various table-based input methods. To use this, and any other table-based input methods, it must appear in the list of engines along with table. For example: + table-others (ibus-engines.table-others): Various + table-based input methods. To use this, and any other table-based input + methods, it must appear in the list of engines along with + table. For example: ibus.engines = with pkgs.ibus-engines; [ table table-others ]; @@ -95,13 +108,22 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; - To use any input method, the package must be added in the configuration, as shown above, and also (after running nixos-rebuild) the input method must be added from IBus' preference dialog. + To use any input method, the package must be added in the configuration, as + shown above, and also (after running nixos-rebuild) the + input method must be added from IBus' preference dialog. Troubleshooting - If IBus works in some applications but not others, a likely cause of this is that IBus is depending on a different version of glib to what the applications are depending on. This can be checked by running nix-store -q --requisites <path> | grep glib, where <path> is the path of either IBus or an application in the Nix store. The glib packages must match exactly. If they do not, uninstalling and reinstalling the application is a likely fix. + If IBus works in some applications but not others, a likely cause of this + is that IBus is depending on a different version of glib + to what the applications are depending on. This can be checked by running + nix-store -q --requisites <path> | grep glib, + where <path> is the path of either IBus or an + application in the Nix store. The glib packages must + match exactly. If they do not, uninstalling and reinstalling the + application is a likely fix.
@@ -109,7 +131,8 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; Fcitx - Fcitx is an input method framework with extension support. It has three built-in Input Method Engine, Pinyin, QuWei and Table-based input methods. + Fcitx is an input method framework with extension support. It has three + built-in Input Method Engine, Pinyin, QuWei and Table-based input methods. @@ -124,7 +147,8 @@ i18n.inputMethod = { - i18n.inputMethod.fcitx.engines is optional and can be used to add extra Fcitx engines. + i18n.inputMethod.fcitx.engines is optional and can be + used to add extra Fcitx engines. @@ -134,12 +158,15 @@ i18n.inputMethod = { - Anthy (fcitx-engines.anthy): Anthy is a system for Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + Anthy (fcitx-engines.anthy): Anthy is a system for + Japanese input method. It converts Hiragana text to Kana Kanji mixed text. - Chewing (fcitx-engines.chewing): Chewing is an intelligent Zhuyin input method. It is one of the most popular input methods among Traditional Chinese Unix users. + Chewing (fcitx-engines.chewing): Chewing is an + intelligent Zhuyin input method. It is one of the most popular input + methods among Traditional Chinese Unix users. @@ -154,17 +181,20 @@ i18n.inputMethod = { - m17n (fcitx-engines.m17n): m17n is an input method that uses input methods and corresponding icons in the m17n database. + m17n (fcitx-engines.m17n): m17n is an input method that + uses input methods and corresponding icons in the m17n database. - mozc (fcitx-engines.mozc): A Japanese input method from Google. + mozc (fcitx-engines.mozc): A Japanese input method from + Google. - table-others (fcitx-engines.table-others): Various table-based input methods. + table-others (fcitx-engines.table-others): Various + table-based input methods. @@ -173,7 +203,9 @@ i18n.inputMethod = { Nabi - Nabi is an easy to use Korean X input method. It allows you to enter phonetic Korean characters (hangul) and pictographic Korean characters (hanja). + Nabi is an easy to use Korean X input method. It allows you to enter + phonetic Korean characters (hangul) and pictographic Korean characters + (hanja). @@ -190,7 +222,8 @@ i18n.inputMethod = { Uim - Uim (short for "universal input method") is a multilingual input method framework. Applications can use it through so-called bridges. + Uim (short for "universal input method") is a multilingual input method + framework. Applications can use it through so-called bridges. @@ -204,7 +237,8 @@ i18n.inputMethod = { - Note: The option can be used to choose uim toolbar. + Note: The option can be + used to choose uim toolbar. diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 0a0150441554..a2a8e8ef7522 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -174,8 +174,10 @@ in boot.postBootCommands = '' # On the first boot do some maintenance tasks if [ -f /nix-path-registration ]; then + set -euo pipefail + set -x # Figure out device names for the boot device and root filesystem. - rootPart=$(readlink -f /dev/disk/by-label/NIXOS_SD) + rootPart=$(${pkgs.utillinux}/bin/findmnt -n -o SOURCE /) bootDevice=$(lsblk -npo PKNAME $rootPart) # Resize the root partition and the filesystem to fit the disk diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fb8453f1d537..775cc05aa0a9 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -938,6 +938,7 @@ ./virtualisation/anbox.nix ./virtualisation/container-config.nix ./virtualisation/containers.nix + ./virtualisation/cri-o.nix ./virtualisation/docker.nix ./virtualisation/docker-containers.nix ./virtualisation/ecs-agent.nix diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml index 871abddca4c3..c63201628dbd 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/doc.xml @@ -8,25 +8,37 @@ Digital Bitbox is a hardware wallet and second-factor authenticator. - The digitalbitbox programs module may be installed by setting programs.digitalbitbox to true in a manner similar to + The digitalbitbox programs module may be installed by + setting programs.digitalbitbox to true + in a manner similar to = true; - and bundles the digitalbitbox package (see ), which contains the dbb-app and dbb-cli binaries, along with the hardware module (see ) which sets up the necessary udev rules to access the device. + and bundles the digitalbitbox package (see + ), which contains the + dbb-app and dbb-cli binaries, along + with the hardware module (see + ) which sets up the + necessary udev rules to access the device. - Enabling the digitalbitbox module is pretty much the easiest way to get a Digital Bitbox device working on your system. + Enabling the digitalbitbox module is pretty much the easiest way to get a + Digital Bitbox device working on your system. - For more information, see . + For more information, see + .
Package - The binaries, dbb-app (a GUI tool) and dbb-cli (a CLI tool), are available through the digitalbitbox package which could be installed as follows: + The binaries, dbb-app (a GUI tool) and + dbb-cli (a CLI tool), are available through the + digitalbitbox package which could be installed as + follows: = [ pkgs.digitalbitbox @@ -38,14 +50,17 @@ Hardware - The digitalbitbox hardware package enables the udev rules for Digital Bitbox devices and may be installed as follows: + The digitalbitbox hardware package enables the udev rules for Digital Bitbox + devices and may be installed as follows: = true; - In order to alter the udev rules, one may provide different values for the udevRule51 and udevRule52 attributes by means of overriding as follows: + In order to alter the udev rules, one may provide different values for the + udevRule51 and udevRule52 attributes + by means of overriding as follows: programs.digitalbitbox = { enable = true; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index a0370f90a41f..8fc8c22c6d76 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -5,19 +5,24 @@ xml:id="module-program-plotinus"> Plotinus - Source: modules/programs/plotinus.nix + Source: + modules/programs/plotinus.nix - Upstream documentation: + Upstream documentation: + Plotinus is a searchable command palette in every modern GTK application. - When in a GTK 3 application and Plotinus is enabled, you can press Ctrl+Shift+P to open the command palette. The command palette provides a searchable list of of all menu items in the application. + When in a GTK 3 application and Plotinus is enabled, you can press + Ctrl+Shift+P to open the command palette. The command + palette provides a searchable list of of all menu items in the application. - To enable Plotinus, add the following to your configuration.nix: + To enable Plotinus, add the following to your + configuration.nix: = true; diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index c5202d818c9f..568c2de65576 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -5,13 +5,18 @@ xml:id="module-programs-zsh-ohmyzsh"> Oh my ZSH - oh-my-zsh is a framework to manage your ZSH configuration including completion scripts for several CLI tools or custom prompt themes. + oh-my-zsh is a + framework to manage your ZSH + configuration including completion scripts for several CLI tools or custom + prompt themes.
Basic usage - The module uses the oh-my-zsh package with all available features. The initial setup using Nix expressions is fairly similar to the configuration format of oh-my-zsh. + The module uses the oh-my-zsh package with all available + features. The initial setup using Nix expressions is fairly similar to the + configuration format of oh-my-zsh. { programs.zsh.ohMyZsh = { @@ -21,18 +26,25 @@ }; } - For a detailed explanation of these arguments please refer to the oh-my-zsh docs. + For a detailed explanation of these arguments please refer to the + oh-my-zsh + docs. - The expression generates the needed configuration and writes it into your /etc/zshrc. + The expression generates the needed configuration and writes it into your + /etc/zshrc.
Custom additions - Sometimes third-party or custom scripts such as a modified theme may be needed. oh-my-zsh provides the ZSH_CUSTOM environment variable for this which points to a directory with additional scripts. + Sometimes third-party or custom scripts such as a modified theme may be + needed. oh-my-zsh provides the + ZSH_CUSTOM + environment variable for this which points to a directory with additional + scripts. @@ -48,11 +60,16 @@ Custom environments - There are several extensions for oh-my-zsh packaged in nixpkgs. One of them is nix-zsh-completions which bundles completion scripts and a plugin for oh-my-zsh. + There are several extensions for oh-my-zsh packaged in + nixpkgs. One of them is + nix-zsh-completions + which bundles completion scripts and a plugin for + oh-my-zsh. - Rather than using a single mutable path for ZSH_CUSTOM, it's also possible to generate this path from a list of Nix packages: + Rather than using a single mutable path for ZSH_CUSTOM, + it's also possible to generate this path from a list of Nix packages: { pkgs, ... }: { @@ -62,34 +79,53 @@ ]; } - Internally a single store path will be created using buildEnv. Please refer to the docs of buildEnv for further reference. + Internally a single store path will be created using + buildEnv. Please refer to the docs of + buildEnv + for further reference. - Please keep in mind that this is not compatible with programs.zsh.ohMyZsh.custom as it requires an immutable store path while custom shall remain mutable! An evaluation failure will be thrown if both custom and customPkgs are set. + Please keep in mind that this is not compatible with + programs.zsh.ohMyZsh.custom as it requires an immutable + store path while custom shall remain mutable! An + evaluation failure will be thrown if both custom and + customPkgs are set.
Package your own customizations - If third-party customizations (e.g. new themes) are supposed to be added to oh-my-zsh there are several pitfalls to keep in mind: + If third-party customizations (e.g. new themes) are supposed to be added to + oh-my-zsh there are several pitfalls to keep in mind: - To comply with the default structure of ZSH the entire output needs to be written to $out/share/zsh. + To comply with the default structure of ZSH the entire + output needs to be written to $out/share/zsh. - Completion scripts are supposed to be stored at $out/share/zsh/site-functions. This directory is part of the fpath and the package should be compatible with pure ZSH setups. The module will automatically link the contents of site-functions to completions directory in the proper store path. + Completion scripts are supposed to be stored at + $out/share/zsh/site-functions. This directory is part + of the + fpath + and the package should be compatible with pure ZSH + setups. The module will automatically link the contents of + site-functions to completions directory in the proper + store path. - The plugins directory needs the structure pluginname/pluginname.plugin.zsh as structured in the upstream repo. + The plugins directory needs the structure + pluginname/pluginname.plugin.zsh as structured in the + upstream + repo. diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 182d6e0cd516..9d0a1995e0ff 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -5,13 +5,19 @@ xml:id="module-security-acme"> SSL/TLS Certificates with ACME - NixOS supports automatic domain validation & certificate retrieval and renewal using the ACME protocol. This is currently only implemented by and for Let's Encrypt. The alternative ACME client simp_le is used under the hood. + NixOS supports automatic domain validation & certificate retrieval and + renewal using the ACME protocol. This is currently only implemented by and + for Let's Encrypt. The alternative ACME client simp_le is + used under the hood.
Prerequisites - You need to have a running HTTP server for verification. The server must have a webroot defined that can serve .well-known/acme-challenge. This directory must be writeable by the user that will run the ACME client. + You need to have a running HTTP server for verification. The server must + have a webroot defined that can serve + .well-known/acme-challenge. This directory must be + writeable by the user that will run the ACME client. @@ -39,7 +45,9 @@ http { Configuring - To enable ACME certificate retrieval & renewal for a certificate for foo.example.com, add the following in your configuration.nix: + To enable ACME certificate retrieval & renewal for a certificate for + foo.example.com, add the following in your + configuration.nix: ."foo.example.com" = { webroot = "/var/www/challenges"; @@ -49,18 +57,26 @@ http { - The private key key.pem and certificate fullchain.pem will be put into /var/lib/acme/foo.example.com. + The private key key.pem and certificate + fullchain.pem will be put into + /var/lib/acme/foo.example.com. - - Refer to for all available configuration options for the security.acme module. + Refer to for all available configuration + options for the security.acme + module.
Using ACME certificates in Nginx - NixOS supports fetching ACME certificates for you by setting enableACME = true; in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For foo.example.com the config would look like. + NixOS supports fetching ACME certificates for you by setting + enableACME + = true; in a virtualHost config. We first create self-signed + placeholder certificates in place of the real ACME certs. The placeholder + certs are overwritten when the ACME certs arrive. For + foo.example.com the config would look like. diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml index 979d0215ab34..5a17cb1da412 100644 --- a/nixos/modules/security/hidepid.xml +++ b/nixos/modules/security/hidepid.xml @@ -9,13 +9,18 @@ = true; - ensures that access to process information is restricted to the owning user. This implies, among other things, that command-line arguments remain private. Unless your deployment relies on unprivileged users being able to inspect the process information of other users, this option should be safe to enable. + ensures that access to process information is restricted to the owning user. + This implies, among other things, that command-line arguments remain private. + Unless your deployment relies on unprivileged users being able to inspect the + process information of other users, this option should be safe to enable. - Members of the proc group are exempt from process information hiding. + Members of the proc group are exempt from process + information hiding. - To allow a service foo to run without process information hiding, set + To allow a service foo to run without process + information hiding, set systemd.services.foo.serviceConfig.SupplementaryGroups = [ "proc" ]; diff --git a/nixos/modules/services/audio/spotifyd.nix b/nixos/modules/services/audio/spotifyd.nix index e3556b2559c2..4b74e7532795 100644 --- a/nixos/modules/services/audio/spotifyd.nix +++ b/nixos/modules/services/audio/spotifyd.nix @@ -28,7 +28,7 @@ in after = [ "network-online.target" "sound.target" ]; description = "spotifyd, a Spotify playing daemon"; serviceConfig = { - ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --cache_path /var/cache/spotifyd --config ${spotifydConf}"; + ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --cache-path /var/cache/spotifyd --config-path ${spotifydConf}"; Restart = "always"; RestartSec = 12; DynamicUser = true; diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index 33adfee35260..b0b1ebeab45f 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -5,10 +5,12 @@ xml:id="module-services-foundationdb"> FoundationDB - Source: modules/services/databases/foundationdb.nix + Source: + modules/services/databases/foundationdb.nix - Upstream documentation: + Upstream documentation: + Maintainer: Austin Seipp @@ -17,13 +19,15 @@ Available version(s): 5.1.x, 5.2.x, 6.0.x - FoundationDB (or "FDB") is an open source, distributed, transactional key-value store. + FoundationDB (or "FDB") is an open source, distributed, transactional + key-value store.
Configuring and basic setup - To enable FoundationDB, add the following to your configuration.nix: + To enable FoundationDB, add the following to your + configuration.nix: services.foundationdb.enable = true; services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x @@ -31,11 +35,18 @@ services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x - The option is required, and must always be specified. Due to the fact FoundationDB network protocols and on-disk storage formats may change between (major) versions, and upgrades must be explicitly handled by the user, you must always manually specify this yourself so that the NixOS module will use the proper version. Note that minor, bugfix releases are always compatible. + The option is required, and + must always be specified. Due to the fact FoundationDB network protocols and + on-disk storage formats may change between (major) versions, and upgrades + must be explicitly handled by the user, you must always manually specify + this yourself so that the NixOS module will use the proper version. Note + that minor, bugfix releases are always compatible. - After running nixos-rebuild, you can verify whether FoundationDB is running by executing fdbcli (which is added to ): + After running nixos-rebuild, you can verify whether + FoundationDB is running by executing fdbcli (which is + added to ): $ sudo -u foundationdb fdbcli Using cluster file `/etc/foundationdb/fdb.cluster'. @@ -66,7 +77,11 @@ Cluster: - You can also write programs using the available client libraries. For example, the following Python program can be run in order to grab the cluster status, as a quick example. (This example uses nix-shell shebang support to automatically supply the necessary Python modules). + You can also write programs using the available client libraries. For + example, the following Python program can be run in order to grab the + cluster status, as a quick example. (This example uses + nix-shell shebang support to automatically supply the + necessary Python modules). a@link> cat fdb-status.py #! /usr/bin/env nix-shell @@ -96,56 +111,91 @@ FoundationDB available: True - FoundationDB is run under the foundationdb user and group by default, but this may be changed in the NixOS configuration. The systemd unit foundationdb.service controls the fdbmonitor process. + FoundationDB is run under the foundationdb user and group + by default, but this may be changed in the NixOS configuration. The systemd + unit foundationdb.service controls the + fdbmonitor process. - By default, the NixOS module for FoundationDB creates a single SSD-storage based database for development and basic usage. This storage engine is designed for SSDs and will perform poorly on HDDs; however it can handle far more data than the alternative "memory" engine and is a better default choice for most deployments. (Note that you can change the storage backend on-the-fly for a given FoundationDB cluster using fdbcli.) + By default, the NixOS module for FoundationDB creates a single SSD-storage + based database for development and basic usage. This storage engine is + designed for SSDs and will perform poorly on HDDs; however it can handle far + more data than the alternative "memory" engine and is a better default + choice for most deployments. (Note that you can change the storage backend + on-the-fly for a given FoundationDB cluster using + fdbcli.) - Furthermore, only 1 server process and 1 backup agent are started in the default configuration. See below for more on scaling to increase this. + Furthermore, only 1 server process and 1 backup agent are started in the + default configuration. See below for more on scaling to increase this. - FoundationDB stores all data for all server processes under /var/lib/foundationdb. You can override this using , e.g. + FoundationDB stores all data for all server processes under + /var/lib/foundationdb. You can override this using + , e.g. services.foundationdb.dataDir = "/data/fdb"; - Similarly, logs are stored under /var/log/foundationdb by default, and there is a corresponding as well. + Similarly, logs are stored under /var/log/foundationdb + by default, and there is a corresponding + as well.
Scaling processes and backup agents - Scaling the number of server processes is quite easy; simply specify to be the number of FoundationDB worker processes that should be started on the machine. + Scaling the number of server processes is quite easy; simply specify + to be the number of + FoundationDB worker processes that should be started on the machine. - FoundationDB worker processes typically require 4GB of RAM per-process at minimum for good performance, so this option is set to 1 by default since the maximum amount of RAM is unknown. You're advised to abide by this restriction, so pick a number of processes so that each has 4GB or more. + FoundationDB worker processes typically require 4GB of RAM per-process at + minimum for good performance, so this option is set to 1 by default since + the maximum amount of RAM is unknown. You're advised to abide by this + restriction, so pick a number of processes so that each has 4GB or more. - A similar option exists in order to scale backup agent processes, . Backup agents are not as performance/RAM sensitive, so feel free to experiment with the number of available backup processes. + A similar option exists in order to scale backup agent processes, + . Backup agents are + not as performance/RAM sensitive, so feel free to experiment with the number + of available backup processes.
Clustering - FoundationDB on NixOS works similarly to other Linux systems, so this section will be brief. Please refer to the full FoundationDB documentation for more on clustering. + FoundationDB on NixOS works similarly to other Linux systems, so this + section will be brief. Please refer to the full FoundationDB documentation + for more on clustering. - FoundationDB organizes clusters using a set of coordinators, which are just specially-designated worker processes. By default, every installation of FoundationDB on NixOS will start as its own individual cluster, with a single coordinator: the first worker process on localhost. + FoundationDB organizes clusters using a set of + coordinators, which are just specially-designated + worker processes. By default, every installation of FoundationDB on NixOS + will start as its own individual cluster, with a single coordinator: the + first worker process on localhost. - Coordinators are specified globally using the /etc/foundationdb/fdb.cluster file, which all servers and client applications will use to find and join coordinators. Note that this file can not be managed by NixOS so easily: FoundationDB is designed so that it will rewrite the file at runtime for all clients and nodes when cluster coordinators change, with clients transparently handling this without intervention. It is fundamentally a mutable file, and you should not try to manage it in any way in NixOS. + Coordinators are specified globally using the + /etc/foundationdb/fdb.cluster file, which all servers and + client applications will use to find and join coordinators. Note that this + file can not be managed by NixOS so easily: + FoundationDB is designed so that it will rewrite the file at runtime for all + clients and nodes when cluster coordinators change, with clients + transparently handling this without intervention. It is fundamentally a + mutable file, and you should not try to manage it in any way in NixOS. @@ -166,7 +216,9 @@ services.foundationdb.dataDir = "/data/fdb"; - A node must already be a member of the cluster in order to properly be promoted to a coordinator, so you must always add it first if you wish to promote it. + A node must already be a member of the cluster in order to properly be + promoted to a coordinator, so you must always add it first if you wish to + promote it. @@ -181,26 +233,37 @@ services.foundationdb.dataDir = "/data/fdb"; - Copy the /etc/foundationdb/fdb.cluster file from this server to all the other servers. Restart FoundationDB on all of these other servers, so they join the cluster. + Copy the /etc/foundationdb/fdb.cluster file from this + server to all the other servers. Restart FoundationDB on all of these + other servers, so they join the cluster. - All of these servers are now connected and working together in the cluster, under the chosen coordinator. + All of these servers are now connected and working together in the + cluster, under the chosen coordinator. - At this point, you can add as many nodes as you want by just repeating the above steps. By default there will still be a single coordinator: you can use fdbcli to change this and add new coordinators. + At this point, you can add as many nodes as you want by just repeating the + above steps. By default there will still be a single coordinator: you can + use fdbcli to change this and add new coordinators. - As a convenience, FoundationDB can automatically assign coordinators based on the redundancy mode you wish to achieve for the cluster. Once all the nodes have been joined, simply set the replication policy, and then issue the coordinators auto command + As a convenience, FoundationDB can automatically assign coordinators based + on the redundancy mode you wish to achieve for the cluster. Once all the + nodes have been joined, simply set the replication policy, and then issue + the coordinators auto command - For example, assuming we have 3 nodes available, we can enable double redundancy mode, then auto-select coordinators. For double redundancy, 3 coordinators is ideal: therefore FoundationDB will make every node a coordinator automatically: + For example, assuming we have 3 nodes available, we can enable double + redundancy mode, then auto-select coordinators. For double redundancy, 3 + coordinators is ideal: therefore FoundationDB will make + every node a coordinator automatically: @@ -209,33 +272,58 @@ services.foundationdb.dataDir = "/data/fdb"; - This will transparently update all the servers within seconds, and appropriately rewrite the fdb.cluster file, as well as informing all client processes to do the same. + This will transparently update all the servers within seconds, and + appropriately rewrite the fdb.cluster file, as well as + informing all client processes to do the same.
Client connectivity - By default, all clients must use the current fdb.cluster file to access a given FoundationDB cluster. This file is located by default in /etc/foundationdb/fdb.cluster on all machines with the FoundationDB service enabled, so you may copy the active one from your cluster to a new node in order to connect, if it is not part of the cluster. + By default, all clients must use the current fdb.cluster + file to access a given FoundationDB cluster. This file is located by default + in /etc/foundationdb/fdb.cluster on all machines with the + FoundationDB service enabled, so you may copy the active one from your + cluster to a new node in order to connect, if it is not part of the cluster.
Client authorization and TLS - By default, any user who can connect to a FoundationDB process with the correct cluster configuration can access anything. FoundationDB uses a pluggable design to transport security, and out of the box it supports a LibreSSL-based plugin for TLS support. This plugin not only does in-flight encryption, but also performs client authorization based on the given endpoint's certificate chain. For example, a FoundationDB server may be configured to only accept client connections over TLS, where the client TLS certificate is from organization Acme Co in the Research and Development unit. + By default, any user who can connect to a FoundationDB process with the + correct cluster configuration can access anything. FoundationDB uses a + pluggable design to transport security, and out of the box it supports a + LibreSSL-based plugin for TLS support. This plugin not only does in-flight + encryption, but also performs client authorization based on the given + endpoint's certificate chain. For example, a FoundationDB server may be + configured to only accept client connections over TLS, where the client TLS + certificate is from organization Acme Co in the + Research and Development unit. - Configuring TLS with FoundationDB is done using the options in order to control the peer verification string, as well as the certificate and its private key. + Configuring TLS with FoundationDB is done using the + options in order to control the + peer verification string, as well as the certificate and its private key. - Note that the certificate and its private key must be accessible to the FoundationDB user account that the server runs under. These files are also NOT managed by NixOS, as putting them into the store may reveal private information. + Note that the certificate and its private key must be accessible to the + FoundationDB user account that the server runs under. These files are also + NOT managed by NixOS, as putting them into the store may reveal private + information. - After you have a key and certificate file in place, it is not enough to simply set the NixOS module options -- you must also configure the fdb.cluster file to specify that a given set of coordinators use TLS. This is as simple as adding the suffix :tls to your cluster coordinator configuration, after the port number. For example, assuming you have a coordinator on localhost with the default configuration, simply specifying: + After you have a key and certificate file in place, it is not enough to + simply set the NixOS module options -- you must also configure the + fdb.cluster file to specify that a given set of + coordinators use TLS. This is as simple as adding the suffix + :tls to your cluster coordinator configuration, after the + port number. For example, assuming you have a coordinator on localhost with + the default configuration, simply specifying: @@ -250,19 +338,36 @@ XXXXXX:XXXXXX@127.0.0.1:4500:tls Backups and Disaster Recovery - The usual rules for doing FoundationDB backups apply on NixOS as written in the FoundationDB manual. However, one important difference is the security profile for NixOS: by default, the foundationdb systemd unit uses Linux namespaces to restrict write access to the system, except for the log directory, data directory, and the /etc/foundationdb/ directory. This is enforced by default and cannot be disabled. + The usual rules for doing FoundationDB backups apply on NixOS as written in + the FoundationDB manual. However, one important difference is the security + profile for NixOS: by default, the foundationdb systemd + unit uses Linux namespaces to restrict write access to + the system, except for the log directory, data directory, and the + /etc/foundationdb/ directory. This is enforced by default + and cannot be disabled. - However, a side effect of this is that the fdbbackup command doesn't work properly for local filesystem backups: FoundationDB uses a server process alongside the database processes to perform backups and copy the backups to the filesystem. As a result, this process is put under the restricted namespaces above: the backup process can only write to a limited number of paths. + However, a side effect of this is that the fdbbackup + command doesn't work properly for local filesystem backups: FoundationDB + uses a server process alongside the database processes to perform backups + and copy the backups to the filesystem. As a result, this process is put + under the restricted namespaces above: the backup process can only write to + a limited number of paths. - In order to allow flexible backup locations on local disks, the FoundationDB NixOS module supports a option. This option takes a list of paths, and adds them to the systemd unit, allowing the processes inside the service to write (and read) the specified directories. + In order to allow flexible backup locations on local disks, the FoundationDB + NixOS module supports a + option. This + option takes a list of paths, and adds them to the systemd unit, allowing + the processes inside the service to write (and read) the specified + directories. - For example, to create backups in /opt/fdb-backups, first set up the paths in the module options: + For example, to create backups in /opt/fdb-backups, first + set up the paths in the module options: @@ -270,7 +375,11 @@ services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; - Restart the FoundationDB service, and it will now be able to write to this directory (even if it does not yet exist.) Note: this path must exist before restarting the unit. Otherwise, systemd will not include it in the private FoundationDB namespace (and it will not add it dynamically at runtime). + Restart the FoundationDB service, and it will now be able to write to this + directory (even if it does not yet exist.) Note: this path + must exist before restarting the unit. Otherwise, + systemd will not include it in the private FoundationDB namespace (and it + will not add it dynamically at runtime). @@ -286,13 +395,17 @@ services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; Known limitations - The FoundationDB setup for NixOS should currently be considered beta. FoundationDB is not new software, but the NixOS compilation and integration has only undergone fairly basic testing of all the available functionality. + The FoundationDB setup for NixOS should currently be considered beta. + FoundationDB is not new software, but the NixOS compilation and integration + has only undergone fairly basic testing of all the available functionality. - There is no way to specify individual parameters for individual fdbserver processes. Currently, all server processes inherit all the global fdbmonitor settings. + There is no way to specify individual parameters for individual + fdbserver processes. Currently, all server processes + inherit all the global fdbmonitor settings. @@ -311,14 +424,20 @@ services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; Options - NixOS's FoundationDB module allows you to configure all of the most relevant configuration options for fdbmonitor, matching it quite closely. A complete list of options for the FoundationDB module may be found here. You should also read the FoundationDB documentation as well. + NixOS's FoundationDB module allows you to configure all of the most relevant + configuration options for fdbmonitor, matching it quite + closely. A complete list of options for the FoundationDB module may be found + here. You should + also read the FoundationDB documentation as well.
Full documentation - FoundationDB is a complex piece of software, and requires careful administration to properly use. Full documentation for administration can be found here: . + FoundationDB is a complex piece of software, and requires careful + administration to properly use. Full documentation for administration can be + found here: .
diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index dc1bfb125a75..72d4a8249a32 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -7,10 +7,12 @@ - Source: modules/services/databases/postgresql.nix + Source: + modules/services/databases/postgresql.nix - Upstream documentation: + Upstream documentation: + @@ -21,12 +23,18 @@ Configuring - To enable PostgreSQL, add the following to your configuration.nix: + To enable PostgreSQL, add the following to your + configuration.nix: = true; = pkgs.postgresql_11; - Note that you are required to specify the desired version of PostgreSQL (e.g. pkgs.postgresql_11). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for such as the most recent release of PostgreSQL. + Note that you are required to specify the desired version of PostgreSQL + (e.g. pkgs.postgresql_11). Since upgrading your + PostgreSQL version requires a database dump and reload (see below), NixOS + cannot provide a default value for + such as the most recent + release of PostgreSQL. - By default, PostgreSQL stores its databases in /var/lib/postgresql/$psqlSchema. You can override this using , e.g. + By default, PostgreSQL stores its databases in + /var/lib/postgresql/$psqlSchema. You can override this using + , e.g. = "/data/postgresql"; @@ -60,14 +70,18 @@ Type "help" for help. Options - A complete list of options for the PostgreSQL module may be found here. + A complete list of options for the PostgreSQL module may be found + here.
Plugins - Plugins collection for each PostgreSQL version can be accessed with .pkgs. For example, for pkgs.postgresql_11 package, its plugin collection is accessed by pkgs.postgresql_11.pkgs: + Plugins collection for each PostgreSQL version can be accessed with + .pkgs. For example, for + pkgs.postgresql_11 package, its plugin collection is + accessed by pkgs.postgresql_11.pkgs: $ nix repl '<nixpkgs>' @@ -84,9 +98,8 @@ postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga ... - - To add plugins via NixOS configuration, set services.postgresql.extraPlugins: + To add plugins via NixOS configuration, set services.postgresql.extraPlugins: = pkgs.postgresql_11; = with pkgs.postgresql_11.pkgs; [ @@ -95,9 +108,10 @@ postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga ]; - - You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function .withPackages. For example, creating a custom PostgreSQL package in an overlay can look like: + You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using + function .withPackages. For example, creating a custom + PostgreSQL package in an overlay can look like: self: super: { postgresql_custom = self.postgresql_11.withPackages (ps: [ @@ -107,9 +121,8 @@ self: super: { } - - Here's a recipe on how to override a particular plugin through an overlay: + Here's a recipe on how to override a particular plugin through an overlay: self: super: { postgresql_11 = super.postgresql_11.override { this = self.postgresql_11; } // { diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 3b2ccd12cf59..8f080b250228 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -5,33 +5,44 @@ xml:id="module-services-flatpak"> Flatpak - Source: modules/services/desktop/flatpak.nix + Source: + modules/services/desktop/flatpak.nix - Upstream documentation: + Upstream documentation: + - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. + Flatpak is a system for building, distributing, and running sandboxed desktop + applications on Linux. - To enable Flatpak, add the following to your configuration.nix: + To enable Flatpak, add the following to your + configuration.nix: = true; - For the sandboxed apps to work correctly, desktop integration portals need to be installed. If you run GNOME, this will be handled automatically for you; in other cases, you will need to add something like the following to your configuration.nix: + For the sandboxed apps to work correctly, desktop integration portals need to + be installed. If you run GNOME, this will be handled automatically for you; + in other cases, you will need to add something like the following to your + configuration.nix: = [ pkgs.xdg-desktop-portal-gtk ]; - Then, you will need to add a repository, for example, Flathub, either using the following commands: + Then, you will need to add a repository, for example, + Flathub, + either using the following commands: $ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo $ flatpak update - or by opening the repository file in GNOME Software. + or by opening the + repository + file in GNOME Software. Finally, you can search and install programs: diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 0213b8971c25..03483f69fa2f 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -12,26 +12,41 @@ Adam Hoese @adisbladis --> - Emacs is an extensible, customizable, self-documenting real-time display editor — and more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. + Emacs is an + extensible, customizable, self-documenting real-time display editor — and + more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp + programming language with extensions to support text editing. - Emacs runs within a graphical desktop environment using the X Window System, but works equally well on a text terminal. Under macOS, a "Mac port" edition is available, which uses Apple's native GUI frameworks. + Emacs runs within a graphical desktop environment using the X Window System, + but works equally well on a text terminal. Under + macOS, a "Mac port" edition is available, which + uses Apple's native GUI frameworks. - Nixpkgs provides a superior environment for running Emacs. It's simple to create custom builds by overriding the default packages. Chaotic collections of Emacs Lisp code and extensions can be brought under control using declarative package management. NixOS even provides a systemd user service for automatically starting the Emacs daemon. + Nixpkgs provides a superior environment for + running Emacs. It's simple to create custom builds + by overriding the default packages. Chaotic collections of Emacs Lisp code + and extensions can be brought under control using declarative package + management. NixOS even provides a + systemd user service for automatically starting the Emacs + daemon.
Installing <application>Emacs</application> - Emacs can be installed in the normal way for Nix (see ). In addition, a NixOS service can be enabled. + Emacs can be installed in the normal way for Nix (see + ). In addition, a NixOS + service can be enabled.
The Different Releases of Emacs - Nixpkgs defines several basic Emacs packages. The following are attributes belonging to the pkgs set: + Nixpkgs defines several basic Emacs packages. + The following are attributes belonging to the pkgs set: @@ -42,8 +57,10 @@ - The latest stable version of Emacs 25 using the GTK 2 widget toolkit. + The latest stable version of Emacs 25 using the + GTK 2 + widget toolkit. @@ -66,7 +83,8 @@ - Emacs 25 with the "Mac port" patches, providing a more native look and feel under macOS. + Emacs 25 with the "Mac port" patches, providing a more native look and + feel under macOS. @@ -74,7 +92,12 @@ - If those aren't suitable, then the following imitation Emacs editors are also available in Nixpkgs: Zile, mg, Yi, jmacs. + If those aren't suitable, then the following imitation Emacs editors are + also available in Nixpkgs: + Zile, + mg, + Yi, + jmacs.
@@ -82,20 +105,36 @@ Adding Packages to Emacs - Emacs includes an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more. + Emacs includes an entire ecosystem of functionality beyond text editing, + including a project planner, mail and news reader, debugger interface, + calendar, and more. - Most extensions are gotten with the Emacs packaging system (package.el) from Emacs Lisp Package Archive (ELPA), MELPA, MELPA Stable, and Org ELPA. Nixpkgs is regularly updated to mirror all these archives. + Most extensions are gotten with the Emacs packaging system + (package.el) from + Emacs Lisp Package Archive + (ELPA), + MELPA, + MELPA Stable, and + Org ELPA. Nixpkgs is + regularly updated to mirror all these archives. - Under NixOS, you can continue to use package-list-packages and package-install to install packages. You can also declare the set of Emacs packages you need using the derivations from Nixpkgs. The rest of this section discusses declarative installation of Emacs packages through nixpkgs. + Under NixOS, you can continue to use + package-list-packages and + package-install to install packages. You can also + declare the set of Emacs packages you need using the derivations from + Nixpkgs. The rest of this section discusses declarative installation of + Emacs packages through nixpkgs. - The first step to declare the list of packages you want in your Emacs installation is to create a dedicated derivation. This can be done in a dedicated emacs.nix file such as: + The first step to declare the list of packages you want in your Emacs + installation is to create a dedicated derivation. This can be done in a + dedicated emacs.nix file such as: Nix expression to build Emacs with packages (<filename>emacs.nix</filename>) @@ -137,27 +176,36 @@ in - The first non-comment line in this file ({ pkgs ? ... }) indicates that the whole file represents a function. + The first non-comment line in this file ({ pkgs ? ... + }) indicates that the whole file represents a function. - The let expression below defines a myEmacs binding pointing to the current stable version of Emacs. This binding is here to separate the choice of the Emacs binary from the specification of the required packages. + The let expression below defines a + myEmacs binding pointing to the current stable + version of Emacs. This binding is here to separate the choice of the + Emacs binary from the specification of the required packages. - This generates an emacsWithPackages function. It takes a single argument: a function from a package set to a list of packages (the packages that will be available in Emacs). + This generates an emacsWithPackages function. It + takes a single argument: a function from a package set to a list of + packages (the packages that will be available in Emacs). - The rest of the file specifies the list of packages to install. In the example, two packages (magit and zerodark-theme) are taken from MELPA stable. + The rest of the file specifies the list of packages to install. In the + example, two packages (magit and + zerodark-theme) are taken from MELPA stable. - Two packages (undo-tree and zoom-frm) are taken from MELPA. + Two packages (undo-tree and + zoom-frm) are taken from MELPA. @@ -167,14 +215,17 @@ in - notmuch is taken from a nixpkgs derivation which contains an Emacs mode. + notmuch is taken from a nixpkgs derivation which + contains an Emacs mode. - The result of this configuration will be an emacs command which launches Emacs with all of your chosen packages in the load-path. + The result of this configuration will be an emacs + command which launches Emacs with all of your chosen packages in the + load-path. @@ -183,17 +234,23 @@ in $ nix-build emacs.nix $ ./result/bin/emacs -q - and then typing M-x package-initialize. Check that you can use all the packages you want in this Emacs instance. For example, try switching to the zerodark theme through M-x load-theme <RET> zerodark <RET> y. + and then typing M-x package-initialize. Check that you + can use all the packages you want in this Emacs instance. For example, try + switching to the zerodark theme through M-x load-theme <RET> + zerodark <RET> y. - A few popular extensions worth checking out are: auctex, company, edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile, and yasnippet. + A few popular extensions worth checking out are: auctex, company, + edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile, + and yasnippet. - The list of available packages in the various ELPA repositories can be seen with the following commands: + The list of available packages in the various ELPA repositories can be seen + with the following commands: Querying Emacs packages " -qaP -A emacsPackages.orgPackages - If you are on NixOS, you can install this particular Emacs for all users by adding it to the list of system packages (see ). Simply modify your file configuration.nix to make it contain: + If you are on NixOS, you can install this particular Emacs for all users by + adding it to the list of system packages (see + ). Simply modify your file + configuration.nix to make it contain: Custom Emacs in <filename>configuration.nix</filename> " -qaP -A emacsPackages.orgPackages - In this case, the next nixos-rebuild switch will take care of adding your emacs to the PATH environment variable (see ). + In this case, the next nixos-rebuild switch will take + care of adding your emacs to the PATH + environment variable (see ). - If you are not on NixOS or want to install this particular Emacs only for yourself, you can do so by adding it to your ~/.config/nixpkgs/config.nix (see Nixpkgs manual): + If you are not on NixOS or want to install this particular Emacs only for + yourself, you can do so by adding it to your + ~/.config/nixpkgs/config.nix (see + Nixpkgs + manual): Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename> - In this case, the next nix-env -f '<nixpkgs>' -iA myemacs will take care of adding your emacs to the PATH environment variable. + In this case, the next nix-env -f '<nixpkgs>' -iA + myemacs will take care of adding your emacs to the + PATH environment variable.
@@ -251,7 +319,12 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides Advanced Emacs Configuration - If you want, you can tweak the Emacs package itself from your emacs.nix. For example, if you want to have a GTK 3-based Emacs instead of the default GTK 2-based binary and remove the automatically generated emacs.desktop (useful is you only use emacsclient), you can change your file emacs.nix in this way: + If you want, you can tweak the Emacs package itself from your + emacs.nix. For example, if you want to have a + GTK 3-based Emacs instead of the default GTK 2-based binary and remove the + automatically generated emacs.desktop (useful is you + only use emacsclient), you can change your file + emacs.nix in this way: @@ -275,7 +348,8 @@ in [...] - After building this file as shown in , you will get an GTK 3-based Emacs binary pre-loaded with your favorite packages. + After building this file as shown in , you + will get an GTK 3-based Emacs binary pre-loaded with your favorite packages.
@@ -283,18 +357,23 @@ in [...] Running Emacs as a Service - NixOS provides an optional systemd service which launches Emacs daemon with the user's login session. + NixOS provides an optional + systemd service which launches + + Emacs daemon with the user's login session. - Source: modules/services/editors/emacs.nix + Source: + modules/services/editors/emacs.nix
Enabling the Service - To install and enable the systemd user service for Emacs daemon, add the following to your configuration.nix: + To install and enable the systemd user service for Emacs + daemon, add the following to your configuration.nix: = true; = import /home/cassou/.emacs.d { pkgs = pkgs; }; @@ -302,11 +381,16 @@ in [...] - The services.emacs.package option allows a custom derivation to be used, for example, one created by emacsWithPackages. + The services.emacs.package option allows a custom + derivation to be used, for example, one created by + emacsWithPackages. - Ensure that the Emacs server is enabled for your user's Emacs configuration, either by customizing the server-mode variable, or by adding (server-start) to ~/.emacs.d/init.el. + Ensure that the Emacs server is enabled for your user's Emacs + configuration, either by customizing the server-mode + variable, or by adding (server-start) to + ~/.emacs.d/init.el. @@ -324,7 +408,9 @@ in [...] Starting the client - Ensure that the emacs server is enabled, either by customizing the server-mode variable, or by adding (server-start) to ~/.emacs. + Ensure that the emacs server is enabled, either by customizing the + server-mode variable, or by adding + (server-start) to ~/.emacs. @@ -343,15 +429,23 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal - If is true, the EDITOR variable will be set to a wrapper script which launches emacsclient. + If is + true, the EDITOR variable will be set + to a wrapper script which launches emacsclient. - Any setting of EDITOR in the shell config files will override services.emacs.defaultEditor. To make sure EDITOR refers to the Emacs wrapper script, remove any existing EDITOR assignment from .profile, .bashrc, .zshenv or any other shell config file. + Any setting of EDITOR in the shell config files will + override services.emacs.defaultEditor. To make sure + EDITOR refers to the Emacs wrapper script, remove any + existing EDITOR assignment from + .profile, .bashrc, + .zshenv or any other shell config file. - If you have formed certain bad habits when editing files, these can be corrected with a shell alias to the wrapper script: + If you have formed certain bad habits when editing files, these can be + corrected with a shell alias to the wrapper script: alias vi=$EDITOR
@@ -360,7 +454,10 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal Per-User Enabling of the Service - In general, systemd user services are globally enabled by symlinks in /etc/systemd/user. In the case where Emacs daemon is not wanted for all users, it is possible to install the service but not globally enable it: + In general, systemd user services are globally enabled + by symlinks in /etc/systemd/user. In the case where + Emacs daemon is not wanted for all users, it is possible to install the + service but not globally enable it: = false; = true; @@ -368,9 +465,11 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal - To enable the systemd user service for just the currently logged in user, run: + To enable the systemd user service for just the + currently logged in user, run: systemctl --user enable emacs - This will add the symlink ~/.config/systemd/user/emacs.service. + This will add the symlink + ~/.config/systemd/user/emacs.service.
@@ -378,7 +477,8 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal Configuring Emacs - The Emacs init file should be changed to load the extension packages at startup: + The Emacs init file should be changed to load the extension packages at + startup: Package initialization in <filename>.emacs</filename> - After the declarative emacs package configuration has been tested, previously downloaded packages can be cleaned up by removing ~/.emacs.d/elpa (do make a backup first, in case you forgot a package). + After the declarative emacs package configuration has been tested, + previously downloaded packages can be cleaned up by removing + ~/.emacs.d/elpa (do make a backup first, in case you + forgot a package).