forked from mirrors/nixpkgs
doc,nixos/doc: unescape apostrophes
Leftovers from the CommonMark conversion.
This commit is contained in:
parent
3fc528ff7f
commit
d11832fd96
|
@ -34,4 +34,4 @@ buildContainer {
|
|||
|
||||
- `mounts` specifies additional mount points chosen by the user. By default only a minimal set of necessary filesystems are mounted into the container (e.g procfs, cgroupfs)
|
||||
|
||||
- `readonly` makes the container\'s rootfs read-only if it is set to true. The default value is false `false`.
|
||||
- `readonly` makes the container's rootfs read-only if it is set to true. The default value is false `false`.
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
## Compiling without AVX support {#compiling-without-avx-support}
|
||||
|
||||
Especially older CPUs don\'t support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
|
||||
Especially older CPUs don't support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
|
||||
|
||||
On the affected hardware errors like `Illegal instruction` will occur. In those cases AVX support needs to be disabled:
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
## Usage {#sec-pkgs-nix-gitignore-usage}
|
||||
|
||||
`pkgs.nix-gitignore` exports a number of functions, but you\'ll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
|
||||
`pkgs.nix-gitignore` exports a number of functions, but you'll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
|
||||
|
||||
```nix
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
|
@ -30,7 +30,7 @@ gitignoreSourcePure = gitignoreFilterSourcePure (_: _: true);
|
|||
gitignoreSource = gitignoreFilterSource (_: _: true);
|
||||
```
|
||||
|
||||
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it\'s blacklisted by either your filter or the gitignoreFilter.
|
||||
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it's blacklisted by either your filter or the gitignoreFilter.
|
||||
|
||||
If you want to make your own filter from scratch, you may use
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ necessary).
|
|||
|
||||
Packages in Nixpkgs sometimes provide systemd units with them, usually
|
||||
in e.g `#pkg-out#/lib/systemd/`. Putting such a package in
|
||||
`environment.systemPackages` doesn\'t make the service available to
|
||||
`environment.systemPackages` doesn't make the service available to
|
||||
users or the system.
|
||||
|
||||
In order to enable a systemd *system* service with provided upstream
|
||||
|
@ -87,9 +87,9 @@ systemd.packages = [ pkgs.packagekit ];
|
|||
|
||||
Usually NixOS modules written by the community do the above, plus take
|
||||
care of other details. If a module was written for a service you are
|
||||
interested in, you\'d probably need only to use
|
||||
interested in, you'd probably need only to use
|
||||
`services.#name#.enable = true;`. These services are defined in
|
||||
Nixpkgs\' [ `nixos/modules/` directory
|
||||
Nixpkgs' [ `nixos/modules/` directory
|
||||
](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules). In case
|
||||
the service is simple enough, the above method should work, and start
|
||||
the service on boot.
|
||||
|
@ -98,8 +98,8 @@ the service on boot.
|
|||
differently. Given a package that has a systemd unit file at
|
||||
`#pkg-out#/lib/systemd/user/`, using [](#opt-systemd.packages) will
|
||||
make you able to start the service via `systemctl --user start`, but it
|
||||
won\'t start automatically on login. However, You can imperatively
|
||||
enable it by adding the package\'s attribute to
|
||||
won't start automatically on login. However, You can imperatively
|
||||
enable it by adding the package's attribute to
|
||||
[](#opt-systemd.packages) and then do this (e.g):
|
||||
|
||||
```ShellSession
|
||||
|
@ -113,7 +113,7 @@ If you are interested in a timer file, use `timers.target.wants` instead
|
|||
of `default.target.wants` in the 1st and 2nd command.
|
||||
|
||||
Using `systemctl --user enable syncthing.service` instead of the above,
|
||||
will work, but it\'ll use the absolute path of `syncthing.service` for
|
||||
will work, but it'll use the absolute path of `syncthing.service` for
|
||||
the symlink, and this path is in `/nix/store/.../lib/systemd/user/`.
|
||||
Hence [garbage collection](#sec-nix-gc) will remove that file and you
|
||||
will wind up with a broken symlink in your systemd configuration, which
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
In some cases, it may be desirable to take advantage of commonly-used,
|
||||
predefined configurations provided by nixpkgs, but different from those
|
||||
that come as default. This is a role fulfilled by NixOS\'s Profiles,
|
||||
that come as default. This is a role fulfilled by NixOS's Profiles,
|
||||
which come as files living in `<nixpkgs/nixos/modules/profiles>`. That
|
||||
is to say, expected usage is to add them to the imports list of your
|
||||
`/etc/configuration.nix` as such:
|
||||
|
|
|
@ -30,7 +30,7 @@ to your NixOS configuration. For instance, if you remove a user from
|
|||
[](#opt-users.users) and run nixos-rebuild, the user
|
||||
account will cease to exist. Also, imperative commands for managing users and
|
||||
groups, such as useradd, are no longer available. Passwords may still be
|
||||
assigned by setting the user\'s
|
||||
assigned by setting the user's
|
||||
[hashedPassword](#opt-users.users._name_.hashedPassword) option. A
|
||||
hashed password can be generated using `mkpasswd`.
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ While X11 (see [](#sec-x11)) is still the primary display technology
|
|||
on NixOS, Wayland support is steadily improving. Where X11 separates the
|
||||
X Server and the window manager, on Wayland those are combined: a
|
||||
Wayland Compositor is like an X11 window manager, but also embeds the
|
||||
Wayland \'Server\' functionality. This means it is sufficient to install
|
||||
Wayland 'Server' functionality. This means it is sufficient to install
|
||||
a Wayland Compositor such as sway without separately enabling a Wayland
|
||||
server:
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ second password to login can be redundant.
|
|||
|
||||
To enable auto-login, you need to define your default window manager and
|
||||
desktop environment. If you wanted no desktop environment and i3 as your
|
||||
your window manager, you\'d define:
|
||||
your window manager, you'd define:
|
||||
|
||||
```nix
|
||||
services.xserver.displayManager.defaultSession = "none+i3";
|
||||
|
@ -110,7 +110,7 @@ maintained but may perform worse in some cases (like in old chipsets).
|
|||
|
||||
The second driver, `intel`, is specific to Intel GPUs, but not
|
||||
recommended by most distributions: it lacks several modern features (for
|
||||
example, it doesn\'t support Glamor) and the package hasn\'t been
|
||||
example, it doesn't support Glamor) and the package hasn't been
|
||||
officially updated since 2015.
|
||||
|
||||
The results vary depending on the hardware, so you may have to try both
|
||||
|
@ -162,7 +162,7 @@ with other kernel modules.
|
|||
|
||||
AMD provides a proprietary driver for its graphics cards that is not
|
||||
enabled by default because it's not Free Software, is often broken in
|
||||
nixpkgs and as of this writing doesn\'t offer more features or
|
||||
nixpkgs and as of this writing doesn't offer more features or
|
||||
performance. If you still want to use it anyway, you need to explicitly
|
||||
set:
|
||||
|
||||
|
@ -215,7 +215,7 @@ US layout, with an additional layer to type some greek symbols by
|
|||
pressing the right-alt key.
|
||||
|
||||
Create a file called `us-greek` with the following content (under a
|
||||
directory called `symbols`; it\'s an XKB peculiarity that will help with
|
||||
directory called `symbols`; it's an XKB peculiarity that will help with
|
||||
testing):
|
||||
|
||||
```nix
|
||||
|
@ -249,7 +249,7 @@ The name (after `extraLayouts.`) should match the one given to the
|
|||
|
||||
Applying this customization requires rebuilding several packages, and a
|
||||
broken XKB file can lead to the X session crashing at login. Therefore,
|
||||
you\'re strongly advised to **test your layout before applying it**:
|
||||
you're strongly advised to **test your layout before applying it**:
|
||||
|
||||
```ShellSession
|
||||
$ nix-shell -p xorg.xkbcomp
|
||||
|
@ -314,7 +314,7 @@ prefer to keep the layout definitions inside the NixOS configuration.
|
|||
Unfortunately, the Xorg server does not (currently) support setting a
|
||||
keymap directly but relies instead on XKB rules to select the matching
|
||||
components (keycodes, types, \...) of a layout. This means that
|
||||
components other than symbols won\'t be loaded by default. As a
|
||||
components other than symbols won't be loaded by default. As a
|
||||
workaround, you can set the keymap using `setxkbmap` at the start of the
|
||||
session with:
|
||||
|
||||
|
@ -323,7 +323,7 @@ services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media";
|
|||
```
|
||||
|
||||
If you are manually starting the X server, you should set the argument
|
||||
`-xkbdir /etc/X11/xkb`, otherwise X won\'t find your layout files. For
|
||||
`-xkbdir /etc/X11/xkb`, otherwise X won't find your layout files. For
|
||||
example with `xinit` run
|
||||
|
||||
```ShellSession
|
||||
|
|
|
@ -31,8 +31,8 @@ enabled. To enable Thunar without enabling Xfce, use the configuration
|
|||
option [](#opt-programs.thunar.enable) instead of simply adding
|
||||
`pkgs.xfce.thunar` to [](#opt-environment.systemPackages).
|
||||
|
||||
If you\'d like to add extra plugins to Thunar, add them to
|
||||
[](#opt-programs.thunar.plugins). You shouldn\'t just add them to
|
||||
If you'd like to add extra plugins to Thunar, add them to
|
||||
[](#opt-programs.thunar.plugins). You shouldn't just add them to
|
||||
[](#opt-environment.systemPackages).
|
||||
|
||||
## Troubleshooting {#sec-xfce-troubleshooting .unnumbered}
|
||||
|
|
|
@ -92,11 +92,11 @@ merging is handled.
|
|||
: A free-form attribute set.
|
||||
|
||||
::: {.warning}
|
||||
This type will be deprecated in the future because it doesn\'t
|
||||
This type will be deprecated in the future because it doesn't
|
||||
recurse into attribute sets, silently drops earlier attribute
|
||||
definitions, and doesn\'t discharge `lib.mkDefault`, `lib.mkIf`
|
||||
definitions, and doesn't discharge `lib.mkDefault`, `lib.mkIf`
|
||||
and co. For allowing arbitrary attribute sets, prefer
|
||||
`types.attrsOf types.anything` instead which doesn\'t have these
|
||||
`types.attrsOf types.anything` instead which doesn't have these
|
||||
problems.
|
||||
:::
|
||||
|
||||
|
@ -222,7 +222,7 @@ Submodules are detailed in [Submodule](#section-option-types-submodule).
|
|||
- *`specialArgs`* An attribute set of extra arguments to be passed
|
||||
to the module functions. The option `_module.args` should be
|
||||
used instead for most arguments since it allows overriding.
|
||||
*`specialArgs`* should only be used for arguments that can\'t go
|
||||
*`specialArgs`* should only be used for arguments that can't go
|
||||
through the module fixed-point, because of infinite recursion or
|
||||
other problems. An example is overriding the `lib` argument,
|
||||
because `lib` itself is used to define `_module.args`, which
|
||||
|
@ -236,7 +236,7 @@ Submodules are detailed in [Submodule](#section-option-types-submodule).
|
|||
In such a case it would allow the option to be set with
|
||||
`the-submodule.config = "value"` instead of requiring
|
||||
`the-submodule.config.config = "value"`. This is because
|
||||
only when modules *don\'t* set the `config` or `options`
|
||||
only when modules *don't* set the `config` or `options`
|
||||
keys, all keys are interpreted as option definitions in the
|
||||
`config` section. Enabling this option implicitly puts all
|
||||
attributes in the `config` section.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Modules that are imported can also be disabled. The option declarations,
|
||||
config implementation and the imports of a disabled module will be
|
||||
ignored, allowing another to take it\'s place. This can be used to
|
||||
ignored, allowing another to take its place. This can be used to
|
||||
import a set of modules from another channel while keeping the rest of
|
||||
the system on a stable release.
|
||||
|
||||
|
@ -14,7 +14,7 @@ relative to the modules path (eg. \<nixpkgs/nixos/modules> for nixos).
|
|||
This example will replace the existing postgresql module with the
|
||||
version defined in the nixos-unstable channel while keeping the rest of
|
||||
the modules and packages from the original nixos channel. This only
|
||||
overrides the module definition, this won\'t use postgresql from
|
||||
overrides the module definition, this won't use postgresql from
|
||||
nixos-unstable unless explicitly configured to do so.
|
||||
|
||||
```nix
|
||||
|
@ -35,7 +35,7 @@ nixos-unstable unless explicitly configured to do so.
|
|||
|
||||
This example shows how to define a custom module as a replacement for an
|
||||
existing module. Importing this module will disable the original module
|
||||
without having to know it\'s implementation details.
|
||||
without having to know its implementation details.
|
||||
|
||||
```nix
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
|
|
@ -9,10 +9,10 @@ can be declared. File formats can be separated into two categories:
|
|||
`{ foo = { bar = 10; }; }`. Other examples are INI, YAML and TOML.
|
||||
The following section explains the convention for these settings.
|
||||
|
||||
- Non-nix-representable ones: These can\'t be trivially mapped to a
|
||||
- Non-nix-representable ones: These can't be trivially mapped to a
|
||||
subset of Nix syntax. Most generic programming languages are in this
|
||||
group, e.g. bash, since the statement `if true; then echo hi; fi`
|
||||
doesn\'t have a trivial representation in Nix.
|
||||
doesn't have a trivial representation in Nix.
|
||||
|
||||
Currently there are no fixed conventions for these, but it is common
|
||||
to have a `configFile` option for setting the configuration file
|
||||
|
|
|
@ -19,7 +19,7 @@ $ nix-shell
|
|||
nix-shell$ make
|
||||
```
|
||||
|
||||
Once you are done making modifications to the manual, it\'s important to
|
||||
Once you are done making modifications to the manual, it's important to
|
||||
build it before committing. You can do that as follows:
|
||||
|
||||
```ShellSession
|
||||
|
|
|
@ -71,7 +71,7 @@ The meaning of each part is as follows.
|
|||
- This `imports` list enumerates the paths to other NixOS modules that
|
||||
should be included in the evaluation of the system configuration. A
|
||||
default set of modules is defined in the file `modules/module-list.nix`.
|
||||
These don\'t need to be added in the import list.
|
||||
These don't need to be added in the import list.
|
||||
|
||||
- The attribute `options` is a nested set of *option declarations*
|
||||
(described below).
|
||||
|
|
|
@ -165,7 +165,7 @@ The following methods are available on machine objects:
|
|||
`get_screen_text_variants`
|
||||
|
||||
: Return a list of different interpretations of what is currently
|
||||
visible on the machine\'s screen using optical character
|
||||
visible on the machine's screen using optical character
|
||||
recognition. The number and order of the interpretations is not
|
||||
specified and is subject to change, but if no exception is raised at
|
||||
least one will be returned.
|
||||
|
@ -177,7 +177,7 @@ The following methods are available on machine objects:
|
|||
`get_screen_text`
|
||||
|
||||
: Return a textual representation of what is currently visible on the
|
||||
machine\'s screen using optical character recognition.
|
||||
machine's screen using optical character recognition.
|
||||
|
||||
::: {.note}
|
||||
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
|
||||
|
@ -350,8 +350,8 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
|
|||
This applies to `systemctl`, `get_unit_info`, `wait_for_unit`,
|
||||
`start_job` and `stop_job`.
|
||||
|
||||
For faster dev cycles it\'s also possible to disable the code-linters
|
||||
(this shouldn\'t be committed though):
|
||||
For faster dev cycles it's also possible to disable the code-linters
|
||||
(this shouldn't be committed though):
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -370,7 +370,7 @@ For faster dev cycles it\'s also possible to disable the code-linters
|
|||
|
||||
This will produce a Nix warning at evaluation time. To fully disable the
|
||||
linter, wrap the test script in comment directives to disable the Black
|
||||
linter directly (again, don\'t commit this within the Nixpkgs
|
||||
linter directly (again, don't commit this within the Nixpkgs
|
||||
repository):
|
||||
|
||||
```nix
|
||||
|
|
|
@ -85,7 +85,7 @@ Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
|
|||
Packages in Nixpkgs sometimes provide systemd units with them,
|
||||
usually in e.g <literal>#pkg-out#/lib/systemd/</literal>. Putting
|
||||
such a package in <literal>environment.systemPackages</literal>
|
||||
doesn't make the service available to users or the system.
|
||||
doesn’t make the service available to users or the system.
|
||||
</para>
|
||||
<para>
|
||||
In order to enable a systemd <emphasis>system</emphasis> service
|
||||
|
@ -97,9 +97,9 @@ systemd.packages = [ pkgs.packagekit ];
|
|||
<para>
|
||||
Usually NixOS modules written by the community do the above, plus
|
||||
take care of other details. If a module was written for a service
|
||||
you are interested in, you'd probably need only to use
|
||||
you are interested in, you’d probably need only to use
|
||||
<literal>services.#name#.enable = true;</literal>. These services
|
||||
are defined in Nixpkgs'
|
||||
are defined in Nixpkgs’
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules">
|
||||
<literal>nixos/modules/</literal> directory </link>. In case the
|
||||
service is simple enough, the above method should work, and start
|
||||
|
@ -111,8 +111,8 @@ systemd.packages = [ pkgs.packagekit ];
|
|||
unit file at <literal>#pkg-out#/lib/systemd/user/</literal>, using
|
||||
<xref linkend="opt-systemd.packages" /> will make you able to
|
||||
start the service via <literal>systemctl --user start</literal>,
|
||||
but it won't start automatically on login. However, You can
|
||||
imperatively enable it by adding the package's attribute to
|
||||
but it won’t start automatically on login. However, You can
|
||||
imperatively enable it by adding the package’s attribute to
|
||||
<xref linkend="opt-systemd.packages" /> and then do this (e.g):
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -129,7 +129,7 @@ $ systemctl --user enable syncthing.service
|
|||
</para>
|
||||
<para>
|
||||
Using <literal>systemctl --user enable syncthing.service</literal>
|
||||
instead of the above, will work, but it'll use the absolute path
|
||||
instead of the above, will work, but it’ll use the absolute path
|
||||
of <literal>syncthing.service</literal> for the symlink, and this
|
||||
path is in <literal>/nix/store/.../lib/systemd/user/</literal>.
|
||||
Hence <link linkend="sec-nix-gc">garbage collection</link> will
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
In some cases, it may be desirable to take advantage of
|
||||
commonly-used, predefined configurations provided by nixpkgs, but
|
||||
different from those that come as default. This is a role fulfilled
|
||||
by NixOS's Profiles, which come as files living in
|
||||
by NixOS’s Profiles, which come as files living in
|
||||
<literal><nixpkgs/nixos/modules/profiles></literal>. That is
|
||||
to say, expected usage is to add them to the imports list of your
|
||||
<literal>/etc/configuration.nix</literal> as such:
|
||||
|
|
|
@ -36,7 +36,7 @@ users.users.alice = {
|
|||
<xref linkend="opt-users.users" /> and run nixos-rebuild, the user
|
||||
account will cease to exist. Also, imperative commands for managing
|
||||
users and groups, such as useradd, are no longer available.
|
||||
Passwords may still be assigned by setting the user's
|
||||
Passwords may still be assigned by setting the user’s
|
||||
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
|
||||
option. A hashed password can be generated using
|
||||
<literal>mkpasswd</literal>.
|
||||
|
|
|
@ -5,9 +5,10 @@
|
|||
display technology on NixOS, Wayland support is steadily improving.
|
||||
Where X11 separates the X Server and the window manager, on Wayland
|
||||
those are combined: a Wayland Compositor is like an X11 window
|
||||
manager, but also embeds the Wayland 'Server' functionality. This
|
||||
means it is sufficient to install a Wayland Compositor such as sway
|
||||
without separately enabling a Wayland server:
|
||||
manager, but also embeds the Wayland <quote>Server</quote>
|
||||
functionality. This means it is sufficient to install a Wayland
|
||||
Compositor such as sway without separately enabling a Wayland
|
||||
server:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
programs.sway.enable = true;
|
||||
|
|
|
@ -88,7 +88,7 @@ hardware.opengl.driSupport32Bit = true;
|
|||
<para>
|
||||
To enable auto-login, you need to define your default window
|
||||
manager and desktop environment. If you wanted no desktop
|
||||
environment and i3 as your your window manager, you'd define:
|
||||
environment and i3 as your your window manager, you’d define:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
services.xserver.displayManager.defaultSession = "none+i3";
|
||||
|
@ -122,8 +122,8 @@ services.xserver.displayManager.autoLogin.user = "alice";
|
|||
<para>
|
||||
The second driver, <literal>intel</literal>, is specific to Intel
|
||||
GPUs, but not recommended by most distributions: it lacks several
|
||||
modern features (for example, it doesn't support Glamor) and the
|
||||
package hasn't been officially updated since 2015.
|
||||
modern features (for example, it doesn’t support Glamor) and the
|
||||
package hasn’t been officially updated since 2015.
|
||||
</para>
|
||||
<para>
|
||||
The results vary depending on the hardware, so you may have to try
|
||||
|
@ -181,7 +181,7 @@ services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
|
|||
<para>
|
||||
AMD provides a proprietary driver for its graphics cards that is
|
||||
not enabled by default because it’s not Free Software, is often
|
||||
broken in nixpkgs and as of this writing doesn't offer more
|
||||
broken in nixpkgs and as of this writing doesn’t offer more
|
||||
features or performance. If you still want to use it anyway, you
|
||||
need to explicitly set:
|
||||
</para>
|
||||
|
@ -244,7 +244,7 @@ qt5.style = "gtk2";
|
|||
<para>
|
||||
Create a file called <literal>us-greek</literal> with the
|
||||
following content (under a directory called
|
||||
<literal>symbols</literal>; it's an XKB peculiarity that will help
|
||||
<literal>symbols</literal>; it’s an XKB peculiarity that will help
|
||||
with testing):
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
|
@ -279,7 +279,7 @@ services.xserver.extraLayouts.us-greek = {
|
|||
<para>
|
||||
Applying this customization requires rebuilding several packages,
|
||||
and a broken XKB file can lead to the X session crashing at login.
|
||||
Therefore, you're strongly advised to <emphasis role="strong">test
|
||||
Therefore, you’re strongly advised to <emphasis role="strong">test
|
||||
your layout before applying it</emphasis>:
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -353,7 +353,7 @@ services.xserver.extraLayouts.media = {
|
|||
Unfortunately, the Xorg server does not (currently) support
|
||||
setting a keymap directly but relies instead on XKB rules to
|
||||
select the matching components (keycodes, types, ...) of a layout.
|
||||
This means that components other than symbols won't be loaded by
|
||||
This means that components other than symbols won’t be loaded by
|
||||
default. As a workaround, you can set the keymap using
|
||||
<literal>setxkbmap</literal> at the start of the session with:
|
||||
</para>
|
||||
|
@ -363,7 +363,7 @@ services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes medi
|
|||
<para>
|
||||
If you are manually starting the X server, you should set the
|
||||
argument <literal>-xkbdir /etc/X11/xkb</literal>, otherwise X
|
||||
won't find your layout files. For example with
|
||||
won’t find your layout files. For example with
|
||||
<literal>xinit</literal> run
|
||||
</para>
|
||||
<programlisting>
|
||||
|
|
|
@ -36,8 +36,8 @@ services.picom = {
|
|||
<xref linkend="opt-environment.systemPackages" />.
|
||||
</para>
|
||||
<para>
|
||||
If you'd like to add extra plugins to Thunar, add them to
|
||||
<xref linkend="opt-programs.thunar.plugins" />. You shouldn't just
|
||||
If you’d like to add extra plugins to Thunar, add them to
|
||||
<xref linkend="opt-programs.thunar.plugins" />. You shouldn’t just
|
||||
add them to <xref linkend="opt-environment.systemPackages" />.
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -152,13 +152,13 @@
|
|||
<warning>
|
||||
<para>
|
||||
This type will be deprecated in the future because it
|
||||
doesn't recurse into attribute sets, silently drops
|
||||
earlier attribute definitions, and doesn't discharge
|
||||
doesn’t recurse into attribute sets, silently drops
|
||||
earlier attribute definitions, and doesn’t discharge
|
||||
<literal>lib.mkDefault</literal>,
|
||||
<literal>lib.mkIf</literal> and co. For allowing arbitrary
|
||||
attribute sets, prefer
|
||||
<literal>types.attrsOf types.anything</literal> instead
|
||||
which doesn't have these problems.
|
||||
which doesn’t have these problems.
|
||||
</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
|
@ -453,7 +453,7 @@
|
|||
<literal>_module.args</literal> should be used instead
|
||||
for most arguments since it allows overriding.
|
||||
<emphasis><literal>specialArgs</literal></emphasis>
|
||||
should only be used for arguments that can't go through
|
||||
should only be used for arguments that can’t go through
|
||||
the module fixed-point, because of infinite recursion or
|
||||
other problems. An example is overriding the
|
||||
<literal>lib</literal> argument, because
|
||||
|
@ -477,7 +477,7 @@
|
|||
instead of requiring
|
||||
<literal>the-submodule.config.config = "value"</literal>.
|
||||
This is because only when modules
|
||||
<emphasis>don't</emphasis> set the
|
||||
<emphasis>don’t</emphasis> set the
|
||||
<literal>config</literal> or <literal>options</literal>
|
||||
keys, all keys are interpreted as option definitions in
|
||||
the <literal>config</literal> section. Enabling this
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
<para>
|
||||
Modules that are imported can also be disabled. The option
|
||||
declarations, config implementation and the imports of a disabled
|
||||
module will be ignored, allowing another to take it's place. This
|
||||
can be used to import a set of modules from another channel while
|
||||
module will be ignored, allowing another to take its place. This can
|
||||
be used to import a set of modules from another channel while
|
||||
keeping the rest of the system on a stable release.
|
||||
</para>
|
||||
<para>
|
||||
|
@ -19,7 +19,7 @@
|
|||
This example will replace the existing postgresql module with the
|
||||
version defined in the nixos-unstable channel while keeping the rest
|
||||
of the modules and packages from the original nixos channel. This
|
||||
only overrides the module definition, this won't use postgresql from
|
||||
only overrides the module definition, this won’t use postgresql from
|
||||
nixos-unstable unless explicitly configured to do so.
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
|
@ -40,7 +40,7 @@
|
|||
<para>
|
||||
This example shows how to define a custom module as a replacement
|
||||
for an existing module. Importing this module will disable the
|
||||
original module without having to know it's implementation details.
|
||||
original module without having to know its implementation details.
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
|
|
@ -19,10 +19,10 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Non-nix-representable ones: These can't be trivially mapped to a
|
||||
Non-nix-representable ones: These can’t be trivially mapped to a
|
||||
subset of Nix syntax. Most generic programming languages are in
|
||||
this group, e.g. bash, since the statement
|
||||
<literal>if true; then echo hi; fi</literal> doesn't have a
|
||||
<literal>if true; then echo hi; fi</literal> doesn’t have a
|
||||
trivial representation in Nix.
|
||||
</para>
|
||||
<para>
|
||||
|
|
|
@ -23,7 +23,7 @@ $ nix-shell
|
|||
nix-shell$ make
|
||||
</programlisting>
|
||||
<para>
|
||||
Once you are done making modifications to the manual, it's
|
||||
Once you are done making modifications to the manual, it’s
|
||||
important to build it before committing. You can do that as
|
||||
follows:
|
||||
</para>
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
This <literal>imports</literal> list enumerates the paths to
|
||||
other NixOS modules that should be included in the evaluation of
|
||||
the system configuration. A default set of modules is defined in
|
||||
the file <literal>modules/module-list.nix</literal>. These don't
|
||||
the file <literal>modules/module-list.nix</literal>. These don’t
|
||||
need to be added in the import list.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -255,7 +255,7 @@ start_all()
|
|||
<listitem>
|
||||
<para>
|
||||
Return a list of different interpretations of what is
|
||||
currently visible on the machine's screen using optical
|
||||
currently visible on the machine’s screen using optical
|
||||
character recognition. The number and order of the
|
||||
interpretations is not specified and is subject to change,
|
||||
but if no exception is raised at least one will be returned.
|
||||
|
@ -276,7 +276,7 @@ start_all()
|
|||
<listitem>
|
||||
<para>
|
||||
Return a textual representation of what is currently visible
|
||||
on the machine's screen using optical character recognition.
|
||||
on the machine’s screen using optical character recognition.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
|
@ -630,8 +630,8 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
|
|||
<literal>stop_job</literal>.
|
||||
</para>
|
||||
<para>
|
||||
For faster dev cycles it's also possible to disable the
|
||||
code-linters (this shouldn't be committed though):
|
||||
For faster dev cycles it’s also possible to disable the
|
||||
code-linters (this shouldn’t be committed though):
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
|
@ -650,7 +650,7 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
|
|||
<para>
|
||||
This will produce a Nix warning at evaluation time. To fully
|
||||
disable the linter, wrap the test script in comment directives to
|
||||
disable the Black linter directly (again, don't commit this within
|
||||
disable the Black linter directly (again, don’t commit this within
|
||||
the Nixpkgs repository):
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
This command doesn't start/stop
|
||||
This command doesn’t start/stop
|
||||
<link linkend="opt-systemd.user.services">user services</link>
|
||||
automatically. <literal>nixos-rebuild</literal> only runs a
|
||||
<literal>daemon-reload</literal> for each user with running user
|
||||
|
@ -64,8 +64,8 @@
|
|||
<para>
|
||||
which causes the new configuration (and previous ones created using
|
||||
<literal>-p test</literal>) to show up in the GRUB submenu
|
||||
<quote>NixOS - Profile 'test'</quote>. This can be useful to
|
||||
separate test configurations from <quote>stable</quote>
|
||||
<quote>NixOS - Profile <quote>test</quote></quote>. This can be
|
||||
useful to separate test configurations from <quote>stable</quote>
|
||||
configurations.
|
||||
</para>
|
||||
<para>
|
||||
|
|
|
@ -53,7 +53,7 @@ $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell
|
|||
Switch to the NixOS channel:
|
||||
</para>
|
||||
<para>
|
||||
If you've just installed Nix on a non-NixOS distribution, you
|
||||
If you’ve just installed Nix on a non-NixOS distribution, you
|
||||
will be on the <literal>nixpkgs</literal> channel by default.
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -78,11 +78,11 @@ $ nix-channel --add https://nixos.org/channels/nixos-version nixpkgs
|
|||
Install the NixOS installation tools:
|
||||
</para>
|
||||
<para>
|
||||
You'll need <literal>nixos-generate-config</literal> and
|
||||
You’ll need <literal>nixos-generate-config</literal> and
|
||||
<literal>nixos-install</literal>, but this also makes some man
|
||||
pages and <literal>nixos-enter</literal> available, just in case
|
||||
you want to chroot into your NixOS partition. NixOS installs
|
||||
these by default, but you don't have NixOS yet..
|
||||
these by default, but you don’t have NixOS yet..
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-env -f '<nixpkgs>' -iA nixos-install-tools
|
||||
|
@ -105,7 +105,7 @@ $ nix-env -f '<nixpkgs>' -iA nixos-install-tools
|
|||
mounting steps of <xref linkend="sec-installation" />
|
||||
</para>
|
||||
<para>
|
||||
If you're about to install NixOS in place using
|
||||
If you’re about to install NixOS in place using
|
||||
<literal>NIXOS_LUSTRATE</literal> there is nothing to do for
|
||||
this step.
|
||||
</para>
|
||||
|
@ -118,14 +118,14 @@ $ nix-env -f '<nixpkgs>' -iA nixos-install-tools
|
|||
$ sudo `which nixos-generate-config` --root /mnt
|
||||
</programlisting>
|
||||
<para>
|
||||
You'll probably want to edit the configuration files. Refer to
|
||||
You’ll probably want to edit the configuration files. Refer to
|
||||
the <literal>nixos-generate-config</literal> step in
|
||||
<xref linkend="sec-installation" /> for more information.
|
||||
</para>
|
||||
<para>
|
||||
Consider setting up the NixOS bootloader to give you the ability
|
||||
to boot on your existing Linux partition. For instance, if
|
||||
you're using GRUB and your existing distribution is running
|
||||
you’re using GRUB and your existing distribution is running
|
||||
Ubuntu, you may want to add something like this to your
|
||||
<literal>configuration.nix</literal>:
|
||||
</para>
|
||||
|
@ -215,17 +215,17 @@ $ sudo `which nixos-generate-config`
|
|||
</programlisting>
|
||||
<para>
|
||||
Note that this will place the generated configuration files in
|
||||
<literal>/etc/nixos</literal>. You'll probably want to edit the
|
||||
<literal>/etc/nixos</literal>. You’ll probably want to edit the
|
||||
configuration files. Refer to the
|
||||
<literal>nixos-generate-config</literal> step in
|
||||
<xref linkend="sec-installation" /> for more information.
|
||||
</para>
|
||||
<para>
|
||||
You'll likely want to set a root password for your first boot
|
||||
using the configuration files because you won't have a chance to
|
||||
You’ll likely want to set a root password for your first boot
|
||||
using the configuration files because you won’t have a chance to
|
||||
enter a password until after you reboot. You can initialize the
|
||||
root password to an empty one with this line: (and of course
|
||||
don't forget to set one once you've rebooted or to lock the
|
||||
don’t forget to set one once you’ve rebooted or to lock the
|
||||
account with <literal>sudo passwd -l root</literal> if you use
|
||||
<literal>sudo</literal>)
|
||||
</para>
|
||||
|
@ -262,7 +262,7 @@ $ sudo chown -R 0:0 /nix
|
|||
</para>
|
||||
<para>
|
||||
<literal>/etc/NIXOS_LUSTRATE</literal> tells the NixOS bootup
|
||||
scripts to move <emphasis>everything</emphasis> that's in the
|
||||
scripts to move <emphasis>everything</emphasis> that’s in the
|
||||
root partition to <literal>/old-root</literal>. This will move
|
||||
your existing distribution out of the way in the very early
|
||||
stages of the NixOS bootup. There are exceptions (we do need to
|
||||
|
@ -294,7 +294,7 @@ $ sudo chown -R 0:0 /nix
|
|||
wiping of the existing distribution. Creating
|
||||
<literal>/etc/NIXOS_LUSTRATE</literal> can also be used on
|
||||
NixOS to remove all mutable files from your root partition
|
||||
(anything that's not in <literal>/nix</literal> or
|
||||
(anything that’s not in <literal>/nix</literal> or
|
||||
<literal>/boot</literal> gets "lustrated" on the
|
||||
next boot.
|
||||
</para>
|
||||
|
@ -307,14 +307,14 @@ $ sudo chown -R 0:0 /nix
|
|||
</para>
|
||||
</note>
|
||||
<para>
|
||||
Let's create the files:
|
||||
Let’s create the files:
|
||||
</para>
|
||||
<programlisting>
|
||||
$ sudo touch /etc/NIXOS
|
||||
$ sudo touch /etc/NIXOS_LUSTRATE
|
||||
</programlisting>
|
||||
<para>
|
||||
Let's also make sure the NixOS configuration files are kept once
|
||||
Let’s also make sure the NixOS configuration files are kept once
|
||||
we reboot on NixOS:
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -331,7 +331,7 @@ $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
|
|||
<warning>
|
||||
<para>
|
||||
Once you complete this step, your current distribution will no
|
||||
longer be bootable! If you didn't get all the NixOS
|
||||
longer be bootable! If you didn’t get all the NixOS
|
||||
configuration right, especially those settings pertaining to
|
||||
boot loading and root partition, NixOS may not be bootable
|
||||
either. Have a USB rescue device ready in case this happens.
|
||||
|
@ -349,7 +349,7 @@ sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
|
|||
<listitem>
|
||||
<para>
|
||||
If for some reason you want to revert to the old distribution,
|
||||
you'll need to boot on a USB rescue disk and do something along
|
||||
you’ll need to boot on a USB rescue disk and do something along
|
||||
these lines:
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -367,7 +367,7 @@ sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
|
|||
loader.
|
||||
</para>
|
||||
<para>
|
||||
And of course, if you're happy with NixOS and no longer need the
|
||||
And of course, if you’re happy with NixOS and no longer need the
|
||||
old distribution:
|
||||
</para>
|
||||
<programlisting>
|
||||
|
@ -376,7 +376,7 @@ sudo rm -rf /old-root
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It's also worth noting that this whole process can be automated.
|
||||
It’s also worth noting that this whole process can be automated.
|
||||
This is especially useful for Cloud VMs, where provider do not
|
||||
provide NixOS. For instance,
|
||||
<link xlink:href="https://github.com/elitak/nixos-infect">nixos-infect</link>
|
||||
|
|
|
@ -54,7 +54,7 @@ nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>'
|
|||
running Linux Distribution.
|
||||
</para>
|
||||
<para>
|
||||
Note it’s symlinks pointing elsewhere, so <literal>cd</literal> in,
|
||||
Note its symlinks pointing elsewhere, so <literal>cd</literal> in,
|
||||
and use <literal>scp * root@$destination</literal> to copy it over,
|
||||
rather than rsync.
|
||||
</para>
|
||||
|
|
|
@ -116,9 +116,9 @@ sudo dd if=<path-to-image> of=/dev/rdiskX bs=4m
|
|||
</para>
|
||||
<note>
|
||||
<para>
|
||||
Using the 'raw' <literal>rdiskX</literal> device instead of
|
||||
<literal>diskX</literal> with dd completes in minutes instead of
|
||||
hours.
|
||||
Using the <quote>raw</quote> <literal>rdiskX</literal> device
|
||||
instead of <literal>diskX</literal> with dd completes in minutes
|
||||
instead of hours.
|
||||
</para>
|
||||
</note>
|
||||
<orderedlist numeration="arabic" spacing="compact">
|
||||
|
|
|
@ -345,12 +345,12 @@ OK
|
|||
<!-- legacy anchor -->
|
||||
</para>
|
||||
<para>
|
||||
Here's an example partition scheme for UEFI, using
|
||||
Here’s an example partition scheme for UEFI, using
|
||||
<literal>/dev/sda</literal> as the device.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
You can safely ignore <literal>parted</literal>'s
|
||||
You can safely ignore <literal>parted</literal>’s
|
||||
informational message about needing to update /etc/fstab.
|
||||
</para>
|
||||
</note>
|
||||
|
@ -415,12 +415,12 @@ OK
|
|||
<!-- legacy anchor -->
|
||||
</para>
|
||||
<para>
|
||||
Here's an example partition scheme for Legacy Boot, using
|
||||
Here’s an example partition scheme for Legacy Boot, using
|
||||
<literal>/dev/sda</literal> as the device.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
You can safely ignore <literal>parted</literal>'s
|
||||
You can safely ignore <literal>parted</literal>’s
|
||||
informational message about needing to update /etc/fstab.
|
||||
</para>
|
||||
</note>
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<link xlink:href="http://hackage.haskell.org/">Hackage</link> --
|
||||
well in excess of 8,000 Haskell packages. Detailed instructions
|
||||
on how to use that infrastructure can be found in the
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User’s
|
||||
Guide to the Haskell Infrastructure</link>. Users migrating from
|
||||
an earlier release may find helpful information below, in the
|
||||
list of backwards-incompatible changes. Furthermore, we
|
||||
|
@ -464,7 +464,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Steam now doesn't need root rights to work. Instead of using
|
||||
Steam now doesn’t need root rights to work. Instead of using
|
||||
<literal>*-steam-chrootenv</literal>, you should now just run
|
||||
<literal>steam</literal>. <literal>steamChrootEnv</literal>
|
||||
package was renamed to <literal>steam</literal>, and old
|
||||
|
@ -542,7 +542,7 @@
|
|||
inconvenience is the sheer size of the Haskell package set.
|
||||
Name-based lookups are expensive, and most
|
||||
<literal>nix-env -qa</literal> operations would become much
|
||||
slower if we'd add the entire Hackage database into the top
|
||||
slower if we’d add the entire Hackage database into the top
|
||||
level attribute set. Instead, the list of Haskell packages can
|
||||
be displayed by running:
|
||||
</para>
|
||||
|
@ -566,13 +566,13 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
|
|||
<para>
|
||||
Previous versions of NixOS came with a feature called
|
||||
<literal>ghc-wrapper</literal>, a small script that allowed GHC
|
||||
to transparently pick up on libraries installed in the user's
|
||||
to transparently pick up on libraries installed in the user’s
|
||||
profile. This feature has been deprecated;
|
||||
<literal>ghc-wrapper</literal> was removed from the
|
||||
distribution. The proper way to register Haskell libraries with
|
||||
the compiler now is the
|
||||
<literal>haskellPackages.ghcWithPackages</literal> function. The
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User’s
|
||||
Guide to the Haskell Infrastructure</link> provides more
|
||||
information about this subject.
|
||||
</para>
|
||||
|
@ -593,7 +593,7 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
|
|||
have a function attribute called <literal>extension</literal>
|
||||
that users could override in their
|
||||
<literal>~/.nixpkgs/config.nix</literal> files to configure
|
||||
additional attributes, etc. That function still exists, but it's
|
||||
additional attributes, etc. That function still exists, but it’s
|
||||
now called <literal>overrides</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -748,7 +748,7 @@ in
|
|||
<literal>/etc/ssh/moduli</literal> file with respect to the
|
||||
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
|
||||
discovered in the Diffie-Hellman key exchange</link> can now
|
||||
replace OpenSSH's default version with one they generated
|
||||
replace OpenSSH’s default version with one they generated
|
||||
themselves using the new
|
||||
<literal>services.openssh.moduliFile</literal> option.
|
||||
</para>
|
||||
|
|
|
@ -403,7 +403,7 @@ nginx.override {
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>s3sync</literal> is removed, as it hasn't been
|
||||
<literal>s3sync</literal> is removed, as it hasn’t been
|
||||
developed by upstream for 4 years and only runs with ruby 1.8.
|
||||
For an actively-developer alternative look at
|
||||
<literal>tarsnap</literal> and others.
|
||||
|
@ -411,7 +411,7 @@ nginx.override {
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>ruby_1_8</literal> has been removed as it's not
|
||||
<literal>ruby_1_8</literal> has been removed as it’s not
|
||||
supported from upstream anymore and probably contains security
|
||||
issues.
|
||||
</para>
|
||||
|
@ -439,7 +439,7 @@ nginx.override {
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>Ctrl+Alt+Backspace</literal> key combination no
|
||||
longer kills the X server by default. There's a new option
|
||||
longer kills the X server by default. There’s a new option
|
||||
<literal>services.xserver.enableCtrlAltBackspace</literal>
|
||||
allowing to enable the combination again.
|
||||
</para>
|
||||
|
@ -457,7 +457,7 @@ nginx.override {
|
|||
<literal>/var/lib/postfix</literal>. Old configurations are
|
||||
migrated automatically. <literal>service.postfix</literal>
|
||||
module has also received many improvements, such as correct
|
||||
directories' access rights, new <literal>aliasFiles</literal>
|
||||
directories’ access rights, new <literal>aliasFiles</literal>
|
||||
and <literal>mapFiles</literal> options and more.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -497,7 +497,7 @@ nginx.override {
|
|||
<para>
|
||||
There are also Gutenprint improvements; in particular, a new
|
||||
option <literal>services.printing.gutenprint</literal> is added
|
||||
to enable automatic updating of Gutenprint PPMs; it's greatly
|
||||
to enable automatic updating of Gutenprint PPMs; it’s greatly
|
||||
recommended to enable it instead of adding
|
||||
<literal>gutenprint</literal> to the <literal>drivers</literal>
|
||||
list.
|
||||
|
@ -545,7 +545,7 @@ nginx.override {
|
|||
<literal>services.udev.extraRules</literal> option now writes
|
||||
rules to <literal>99-local.rules</literal> instead of
|
||||
<literal>10-local.rules</literal>. This makes all the user rules
|
||||
apply after others, so their results wouldn't be overridden by
|
||||
apply after others, so their results wouldn’t be overridden by
|
||||
anything else.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -633,7 +633,7 @@ error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be creat
|
|||
has been removed. GnuPG 2.1.x changed the way the gpg-agent
|
||||
works, and that new approach no longer requires (or even
|
||||
supports) the "start everything as a child of the
|
||||
agent" scheme we've implemented in NixOS for older
|
||||
agent" scheme we’ve implemented in NixOS for older
|
||||
versions. To configure the gpg-agent for your X session, add the
|
||||
following code to <literal>~/.bashrc</literal> or some file
|
||||
that’s sourced when your shell is started:
|
||||
|
|
|
@ -78,7 +78,7 @@
|
|||
LTS Haskell package set. That support has been dropped. The
|
||||
previously provided <literal>haskell.packages.lts-x_y</literal>
|
||||
package sets still exist in name to aviod breaking user code,
|
||||
but these package sets don't actually contain the versions
|
||||
but these package sets don’t actually contain the versions
|
||||
mandated by the corresponding LTS release. Instead, our package
|
||||
set it loosely based on the latest available LTS release, i.e.
|
||||
LTS 7.x at the time of this writing. New releases of NixOS and
|
||||
|
@ -119,7 +119,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Gitlab's maintainance script <literal>gitlab-runner</literal>
|
||||
Gitlab’s maintainance script <literal>gitlab-runner</literal>
|
||||
was removed and split up into the more clearer
|
||||
<literal>gitlab-run</literal> and <literal>gitlab-rake</literal>
|
||||
scripts, because <literal>gitlab-runner</literal> is a component
|
||||
|
@ -164,7 +164,7 @@
|
|||
<para>
|
||||
<literal>goPackages</literal> was replaced with separated Go
|
||||
applications in appropriate <literal>nixpkgs</literal>
|
||||
categories. Each Go package uses its own dependency set. There's
|
||||
categories. Each Go package uses its own dependency set. There’s
|
||||
also a new <literal>go2nix</literal> tool introduced to generate
|
||||
a Go package definition from its Go source automatically.
|
||||
</para>
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The default desktop environment now is KDE's Plasma 5. KDE 4
|
||||
The default desktop environment now is KDE’s Plasma 5. KDE 4
|
||||
has been removed
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -560,7 +560,7 @@
|
|||
Parsoid service now uses YAML configuration format.
|
||||
<literal>service.parsoid.interwikis</literal> is now called
|
||||
<literal>service.parsoid.wikis</literal> and is a list of
|
||||
either API URLs or attribute sets as specified in parsoid's
|
||||
either API URLs or attribute sets as specified in parsoid’s
|
||||
documentation.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -647,7 +647,7 @@ in
|
|||
<listitem>
|
||||
<para>
|
||||
<literal>local_recipient_maps</literal> is not set to empty
|
||||
value by Postfix service. It's an insecure default as stated
|
||||
value by Postfix service. It’s an insecure default as stated
|
||||
by Postfix documentation. Those who want to retain this
|
||||
setting need to set it via
|
||||
<literal>services.postfix.extraConfig</literal>.
|
||||
|
@ -669,7 +669,7 @@ in
|
|||
<listitem>
|
||||
<para>
|
||||
The socket handling of the <literal>services.rmilter</literal>
|
||||
module has been fixed and refactored. As rmilter doesn't
|
||||
module has been fixed and refactored. As rmilter doesn’t
|
||||
support binding to more than one socket, the options
|
||||
<literal>bindUnixSockets</literal> and
|
||||
<literal>bindInetSockets</literal> have been replaced by
|
||||
|
@ -729,7 +729,7 @@ in
|
|||
improves visual consistency and makes Java follow system font
|
||||
style, improving the situation on HighDPI displays. This has a
|
||||
cost of increased closure size; for server and other headless
|
||||
workloads it's recommended to use
|
||||
workloads it’s recommended to use
|
||||
<literal>jre_headless</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
The module option
|
||||
<literal>services.xserver.xrandrHeads</literal> now causes the
|
||||
first head specified in this list to be set as the primary
|
||||
head. Apart from that, it's now possible to also set
|
||||
head. Apart from that, it’s now possible to also set
|
||||
additional options by using an attribute set, for example:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
|
@ -543,7 +543,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Radicale's default package has changed from 1.x to 2.x.
|
||||
Radicale’s default package has changed from 1.x to 2.x.
|
||||
Instructions to migrate can be found
|
||||
<link xlink:href="http://radicale.org/1to2/"> here
|
||||
</link>. It is also possible to use the newer version by
|
||||
|
@ -582,7 +582,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>flexget</literal>'s state database cannot be upgraded
|
||||
<literal>flexget</literal>’s state database cannot be upgraded
|
||||
to its new internal format, requiring removal of any existing
|
||||
<literal>db-config.sqlite</literal> which will be
|
||||
automatically recreated.
|
||||
|
@ -590,9 +590,9 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>ipfs</literal> service now doesn't ignore the
|
||||
<literal>dataDir</literal> option anymore. If you've ever set
|
||||
this option to anything other than the default you'll have to
|
||||
The <literal>ipfs</literal> service now doesn’t ignore the
|
||||
<literal>dataDir</literal> option anymore. If you’ve ever set
|
||||
this option to anything other than the default you’ll have to
|
||||
either unset it (so the default gets used) or migrate the old
|
||||
data manually with
|
||||
</para>
|
||||
|
@ -651,16 +651,16 @@ rmdir /var/lib/ipfs/.ipfs
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>cc-wrapper</literal>'s setup-hook now exports a
|
||||
<literal>cc-wrapper</literal><quote>s setup-hook now exports a
|
||||
number of environment variables corresponding to binutils
|
||||
binaries, (e.g. <literal>LD</literal>,
|
||||
<literal>STRIP</literal>, <literal>RANLIB</literal>, etc).
|
||||
This is done to prevent packages' build systems guessing,
|
||||
which is harder to predict, especially when cross-compiling.
|
||||
However, some packages have broken due to this—their build
|
||||
systems either not supporting, or claiming to support without
|
||||
adequate testing, taking such environment variables as
|
||||
parameters.
|
||||
This is done to prevent packages</quote> build systems
|
||||
guessing, which is harder to predict, especially when
|
||||
cross-compiling. However, some packages have broken due to
|
||||
this—their build systems either not supporting, or claiming to
|
||||
support without adequate testing, taking such environment
|
||||
variables as parameters.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -688,10 +688,10 @@ rmdir /var/lib/ipfs/.ipfs
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
grsecurity/PaX support has been dropped, following upstream's
|
||||
grsecurity/PaX support has been dropped, following upstream’s
|
||||
decision to cease free support. See
|
||||
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
|
||||
upstream's announcement</link> for more information. No
|
||||
upstream’s announcement</link> for more information. No
|
||||
complete replacement for grsecurity/PaX is available
|
||||
presently.
|
||||
</para>
|
||||
|
@ -794,7 +794,7 @@ FLUSH PRIVILEGES;
|
|||
<para>
|
||||
Modules can now be disabled by using
|
||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
|
||||
disabledModules</link>, allowing another to take it's place.
|
||||
disabledModules</link>, allowing another to take it’s place.
|
||||
This can be used to import a set of modules from another
|
||||
channel while keeping the rest of the system on a stable
|
||||
release.
|
||||
|
@ -808,7 +808,7 @@ FLUSH PRIVILEGES;
|
|||
provided by fontconfig-penultimate, replacing
|
||||
fontconfig-ultimate; the new defaults are less invasive and
|
||||
provide rendering that is more consistent with other systems
|
||||
and hopefully with each font designer's intent. Some
|
||||
and hopefully with each font designer’s intent. Some
|
||||
system-wide configuration has been removed from the Fontconfig
|
||||
NixOS module where user Fontconfig settings are available.
|
||||
</para>
|
||||
|
|
|
@ -16,9 +16,9 @@
|
|||
<listitem>
|
||||
<para>
|
||||
Platform support: x86_64-linux and x86_64-darwin since release
|
||||
time (the latter isn't NixOS, really). Binaries for
|
||||
time (the latter isn’t NixOS, really). Binaries for
|
||||
aarch64-linux are available, but no channel exists yet, as
|
||||
it's waiting for some test fixes, etc.
|
||||
it’s waiting for some test fixes, etc.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -497,7 +497,7 @@
|
|||
with new types of dependencies that go with, is thoroughly
|
||||
documented in the "Specifying dependencies" section
|
||||
of the "Standard Environment" chapter of the nixpkgs
|
||||
manual. The old logic isn't but is easy to describe:
|
||||
manual. The old logic isn’t but is easy to describe:
|
||||
dependencies were propagated as the same type of dependency no
|
||||
matter what. In practice, that means that many
|
||||
<literal>propagatedNativeBuildInputs</literal> should instead
|
||||
|
@ -541,7 +541,7 @@
|
|||
Previously, if other options in the Postfix module like
|
||||
<literal>services.postfix.useSrs</literal> were set and the
|
||||
user set config options that were also set by such options,
|
||||
the resulting config wouldn't include all options that were
|
||||
the resulting config wouldn’t include all options that were
|
||||
needed. They are now merged correctly. If config options need
|
||||
to be overridden, <literal>lib.mkForce</literal> or
|
||||
<literal>lib.mkOverride</literal> can be used.
|
||||
|
@ -626,7 +626,7 @@
|
|||
if <literal>config.networking.domain</literal> is set,
|
||||
<literal>matomo.${config.networking.hostName}</literal> if
|
||||
it is not set. If you change your
|
||||
<literal>serverName</literal>, remember you'll need to
|
||||
<literal>serverName</literal>, remember you’ll need to
|
||||
update the <literal>trustedHosts[]</literal> array in
|
||||
<literal>/var/lib/matomo/config/config.ini.php</literal>
|
||||
as well.
|
||||
|
@ -793,7 +793,7 @@
|
|||
<para>
|
||||
<literal>services.btrfs.autoScrub</literal> has been added, to
|
||||
periodically check btrfs filesystems for data corruption. If
|
||||
there's a correct copy available, it will automatically repair
|
||||
there’s a correct copy available, it will automatically repair
|
||||
corrupted blocks.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -523,8 +523,8 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>netcat</literal> package is now taken directly
|
||||
from OpenBSD's <literal>libressl</literal>, instead of relying
|
||||
on Debian's fork. The new version should be very close to the
|
||||
from OpenBSD’s <literal>libressl</literal>, instead of relying
|
||||
on Debian’s fork. The new version should be very close to the
|
||||
old version, but there are some minor differences.
|
||||
Importantly, flags like -b, -q, -C, and -Z are no longer
|
||||
accepted by the nc command.
|
||||
|
@ -533,7 +533,7 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>services.docker-registry.extraConfig</literal>
|
||||
object doesn't contain environment variables anymore. Instead
|
||||
object doesn’t contain environment variables anymore. Instead
|
||||
it needs to provide an object structure that can be mapped
|
||||
onto the YAML configuration defined in
|
||||
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
|
||||
|
@ -543,7 +543,7 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
<listitem>
|
||||
<para>
|
||||
<literal>gnucash</literal> has changed from version 2.4 to
|
||||
3.x. If you've been using <literal>gnucash</literal> (version
|
||||
3.x. If you’ve been using <literal>gnucash</literal> (version
|
||||
2.4) instead of <literal>gnucash26</literal> (version 2.6) you
|
||||
must open your Gnucash data file(s) with
|
||||
<literal>gnucash26</literal> and then save them to upgrade the
|
||||
|
@ -874,7 +874,7 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
The <literal>programs.screen</literal> module provides allows
|
||||
to configure <literal>/etc/screenrc</literal>, however the
|
||||
module behaved fairly counterintuitive as the config exists,
|
||||
but the package wasn't available. Since 18.09
|
||||
but the package wasn’t available. Since 18.09
|
||||
<literal>pkgs.screen</literal> will be added to
|
||||
<literal>environment.systemPackages</literal>.
|
||||
</para>
|
||||
|
@ -920,7 +920,7 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
<para>
|
||||
NixOS option descriptions are now automatically broken up into
|
||||
individual paragraphs if the text contains two consecutive
|
||||
newlines, so it's no longer necessary to use
|
||||
newlines, so it’s no longer necessary to use
|
||||
<literal></para><para></literal> to start a new
|
||||
paragraph.
|
||||
</para>
|
||||
|
|
|
@ -29,9 +29,9 @@
|
|||
<para>
|
||||
By default,
|
||||
<literal>services.xserver.desktopManager.pantheon</literal>
|
||||
enables LightDM as a display manager, as pantheon's screen
|
||||
enables LightDM as a display manager, as pantheon’s screen
|
||||
locking implementation relies on it. Because of that it is
|
||||
recommended to leave LightDM enabled. If you'd like to
|
||||
recommended to leave LightDM enabled. If you’d like to
|
||||
disable it anyway, set
|
||||
<literal>services.xserver.displayManager.lightdm.enable</literal>
|
||||
to <literal>false</literal> and enable your preferred
|
||||
|
@ -39,8 +39,8 @@
|
|||
</para>
|
||||
</note>
|
||||
<para>
|
||||
Also note that Pantheon's LightDM greeter is not enabled by
|
||||
default, because it has numerous issues in NixOS and isn't
|
||||
Also note that Pantheon’s LightDM greeter is not enabled by
|
||||
default, because it has numerous issues in NixOS and isn’t
|
||||
optimal for use here yet.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -200,7 +200,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>ntp</literal> module now has sane default
|
||||
restrictions. If you're relying on the previous defaults,
|
||||
restrictions. If you’re relying on the previous defaults,
|
||||
which permitted all queries and commands from all
|
||||
firewall-permitted sources, you can set
|
||||
<literal>services.ntp.restrictDefault</literal> and
|
||||
|
@ -360,9 +360,9 @@
|
|||
presence of <literal>services.sssd.enable = true</literal>
|
||||
because nscd caching would interfere with
|
||||
<literal>sssd</literal> in unpredictable ways as well. Because
|
||||
we're using nscd not for caching, but for convincing glibc to
|
||||
we’re using nscd not for caching, but for convincing glibc to
|
||||
find NSS modules in the nix store instead of an absolute path,
|
||||
we have decided to disable caching globally now, as it's
|
||||
we have decided to disable caching globally now, as it’s
|
||||
usually not the behaviour the user wants and can lead to
|
||||
surprising behaviour. Furthermore, negative caching of host
|
||||
lookups is also disabled now by default. This should fix the
|
||||
|
@ -453,7 +453,7 @@
|
|||
with its control field set to <literal>sufficient</literal>
|
||||
instead of <literal>required</literal>, so that password
|
||||
managed only by later PAM password modules are being executed.
|
||||
Previously, for example, changing an LDAP account's password
|
||||
Previously, for example, changing an LDAP account’s password
|
||||
through PAM was not possible: the whole password module
|
||||
verification was exited prematurely by
|
||||
<literal>pam_unix</literal>, preventing
|
||||
|
@ -497,11 +497,11 @@
|
|||
<link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the
|
||||
last version to accept self-signed certificates</link>. As
|
||||
such, it is now recommended to use a proper certificate
|
||||
verified by a root CA (for example Let's Encrypt). The new
|
||||
verified by a root CA (for example Let’s Encrypt). The new
|
||||
<link linkend="module-services-matrix">manual chapter on
|
||||
Matrix</link> contains a working example of using nginx as a
|
||||
reverse proxy in front of <literal>matrix-synapse</literal>,
|
||||
using Let's Encrypt certificates.
|
||||
using Let’s Encrypt certificates.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -682,7 +682,7 @@
|
|||
<link xlink:href="options.html#opt-services.ndppd.enable">all
|
||||
config options</link> provided by the current upstream version
|
||||
as service options. Additionally the <literal>ndppd</literal>
|
||||
package doesn't contain the systemd unit configuration from
|
||||
package doesn’t contain the systemd unit configuration from
|
||||
upstream anymore, the unit is completely configured by the
|
||||
NixOS module now.
|
||||
</para>
|
||||
|
|
|
@ -82,13 +82,13 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
We've updated to Xfce 4.14, which brings a new module
|
||||
We’ve updated to Xfce 4.14, which brings a new module
|
||||
<literal>services.xserver.desktopManager.xfce4-14</literal>.
|
||||
If you'd like to upgrade, please switch from the
|
||||
If you’d like to upgrade, please switch from the
|
||||
<literal>services.xserver.desktopManager.xfce</literal> module
|
||||
as it will be deprecated in a future release. They're
|
||||
incompatibilities with the current Xfce module; it doesn't
|
||||
support <literal>thunarPlugins</literal> and it isn't
|
||||
as it will be deprecated in a future release. They’re
|
||||
incompatibilities with the current Xfce module; it doesn’t
|
||||
support <literal>thunarPlugins</literal> and it isn’t
|
||||
recommended to use
|
||||
<literal>services.xserver.desktopManager.xfce</literal> and
|
||||
<literal>services.xserver.desktopManager.xfce4-14</literal>
|
||||
|
@ -125,7 +125,7 @@
|
|||
</itemizedlist>
|
||||
<para>
|
||||
With these options we hope to give users finer grained control
|
||||
over their systems. Prior to this change you'd either have to
|
||||
over their systems. Prior to this change you’d either have to
|
||||
manually disable options or use
|
||||
<literal>environment.gnome3.excludePackages</literal> which
|
||||
only excluded the optional applications.
|
||||
|
@ -138,7 +138,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
Orthogonal to the previous changes to the GNOME 3 desktop
|
||||
manager module, we've updated all default services and
|
||||
manager module, we’ve updated all default services and
|
||||
applications to match as close as possible to a default
|
||||
reference GNOME 3 experience.
|
||||
</para>
|
||||
|
@ -295,7 +295,7 @@
|
|||
<literal>services.xserver.desktopManager.mate</literal>
|
||||
Note Mate uses
|
||||
<literal>programs.system-config-printer</literal> as it
|
||||
doesn't use it as a service, but its graphical interface
|
||||
doesn’t use it as a service, but its graphical interface
|
||||
directly.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -347,7 +347,7 @@
|
|||
<literal>services.prometheus.alertmanager.user</literal> and
|
||||
<literal>services.prometheus.alertmanager.group</literal> have
|
||||
been removed because the alertmanager service is now using
|
||||
systemd's
|
||||
systemd’s
|
||||
<link xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
|
||||
DynamicUser mechanism</link> which obviates these options.
|
||||
</para>
|
||||
|
@ -366,7 +366,7 @@
|
|||
The <literal>services.nzbget.configFile</literal> and
|
||||
<literal>services.nzbget.openFirewall</literal> options were
|
||||
removed as they are managed internally by the nzbget. The
|
||||
<literal>services.nzbget.dataDir</literal> option hadn't
|
||||
<literal>services.nzbget.dataDir</literal> option hadn’t
|
||||
actually been used by the module for some time and so was
|
||||
removed as cleanup.
|
||||
</para>
|
||||
|
@ -475,7 +475,7 @@
|
|||
Make sure you set the <literal>_netdev</literal> option for
|
||||
each of the file systems referring to block devices provided
|
||||
by the autoLuks module. Not doing this might render the system
|
||||
in a state where it doesn't boot anymore.
|
||||
in a state where it doesn’t boot anymore.
|
||||
</para>
|
||||
<para>
|
||||
If you are actively using the <literal>autoLuks</literal>
|
||||
|
@ -667,7 +667,7 @@
|
|||
instead of depending on the catch-all
|
||||
<literal>acme-certificates.target</literal>. This target unit
|
||||
was also removed from the codebase. This will mean nginx will
|
||||
no longer depend on certificates it isn't explicitly managing
|
||||
no longer depend on certificates it isn’t explicitly managing
|
||||
and fixes a bug with certificate renewal ordering racing with
|
||||
nginx restarting which could lead to nginx getting in a broken
|
||||
state as described at
|
||||
|
@ -687,8 +687,8 @@
|
|||
<literal>services.xserver.desktopManager.xterm</literal> is
|
||||
now disabled by default if <literal>stateVersion</literal> is
|
||||
19.09 or higher. Previously the xterm desktopManager was
|
||||
enabled when xserver was enabled, but it isn't useful for all
|
||||
people so it didn't make sense to have any desktopManager
|
||||
enabled when xserver was enabled, but it isn’t useful for all
|
||||
people so it didn’t make sense to have any desktopManager
|
||||
enabled default.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -696,7 +696,7 @@
|
|||
<para>
|
||||
The WeeChat plugin
|
||||
<literal>pkgs.weechatScripts.weechat-xmpp</literal> has been
|
||||
removed as it doesn't receive any updates from upstream and
|
||||
removed as it doesn’t receive any updates from upstream and
|
||||
depends on outdated Python2-based modules.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -744,8 +744,8 @@
|
|||
<literal>services.gitlab.secrets.dbFile</literal>,
|
||||
<literal>services.gitlab.secrets.otpFile</literal> and
|
||||
<literal>services.gitlab.secrets.jwsFile</literal>). This was
|
||||
done so that secrets aren't stored in the world-readable nix
|
||||
store, but means that for each option you'll have to create a
|
||||
done so that secrets aren’t stored in the world-readable nix
|
||||
store, but means that for each option you’ll have to create a
|
||||
file with the same exact string, add "File" to the
|
||||
end of the option name, and change the definition to a string
|
||||
pointing to the corresponding file; e.g.
|
||||
|
@ -791,7 +791,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>nodejs-11_x</literal> package has been removed as
|
||||
it's EOLed by upstream.
|
||||
it’s EOLed by upstream.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -961,7 +961,7 @@
|
|||
from the upstream default <literal>speex-float-1</literal> to
|
||||
<literal>speex-float-5</literal>. Be aware that low-powered
|
||||
ARM-based and MIPS-based boards will struggle with this so
|
||||
you'll need to set
|
||||
you’ll need to set
|
||||
<literal>hardware.pulseaudio.daemon.config.resample-method</literal>
|
||||
back to <literal>speex-float-1</literal>.
|
||||
</para>
|
||||
|
@ -1004,7 +1004,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It's now possible to change configuration in
|
||||
It’s now possible to change configuration in
|
||||
<link xlink:href="options.html#opt-services.nextcloud.enable">services.nextcloud</link>
|
||||
after the initial deploy since all config parameters are
|
||||
persisted in an additional config file generated by the
|
||||
|
@ -1178,7 +1178,7 @@
|
|||
<link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release
|
||||
notes</link> for details. The mgr dashboard as well as osds
|
||||
backed by loop-devices is no longer explicitly supported by
|
||||
the package and module. Note: There's been some issues with
|
||||
the package and module. Note: There’s been some issues with
|
||||
python-cherrypy, which is used by the dashboard and prometheus
|
||||
mgr modules (and possibly others), hence
|
||||
0000-dont-check-cherrypy-version.patch.
|
||||
|
|
|
@ -73,7 +73,7 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The graphical installer image starts the graphical session
|
||||
automatically. Before you'd be greeted by a tty and asked to
|
||||
automatically. Before you’d be greeted by a tty and asked to
|
||||
enter <literal>systemctl start display-manager</literal>. It
|
||||
is now possible to disable the display-manager from running by
|
||||
selecting the <literal>Disable display-manager</literal> quirk
|
||||
|
@ -93,7 +93,7 @@
|
|||
<link xlink:href="options.html#opt-services.xserver.desktopManager.pantheon.enable">services.xserver.desktopManager.pantheon.enable</link>,
|
||||
we now default to also use
|
||||
<link xlink:href="https://blog.elementary.io/say-hello-to-the-new-greeter/">
|
||||
Pantheon's newly designed greeter </link>. Contrary to NixOS's
|
||||
Pantheon’s newly designed greeter </link>. Contrary to NixOS’s
|
||||
usual update policy, Pantheon will receive updates during the
|
||||
cycle of NixOS 20.03 when backwards compatible.
|
||||
</para>
|
||||
|
@ -196,7 +196,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
UPower's configuration is now managed by NixOS and can be
|
||||
UPower’s configuration is now managed by NixOS and can be
|
||||
customized via <literal>services.upower</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -505,7 +505,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
|
||||
</para>
|
||||
<para>
|
||||
We already don't support the global
|
||||
We already don’t support the global
|
||||
<link xlink:href="options.html#opt-networking.useDHCP">networking.useDHCP</link>,
|
||||
<link xlink:href="options.html#opt-networking.defaultGateway">networking.defaultGateway</link>
|
||||
and
|
||||
|
@ -522,7 +522,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
The stdenv now runs all bash with <literal>set -u</literal>,
|
||||
to catch the use of undefined variables. Before, it itself
|
||||
used <literal>set -u</literal> but was careful to unset it so
|
||||
other packages' code ran as before. Now, all bash code is held
|
||||
other packages’ code ran as before. Now, all bash code is held
|
||||
to the same high standard, and the rather complex stateful
|
||||
manipulation of the options can be discarded.
|
||||
</para>
|
||||
|
@ -558,7 +558,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
<literal>xfceUnstable</literal> all now point to the latest
|
||||
Xfce 4.14 packages. And in the future NixOS releases will be
|
||||
the latest released version of Xfce available at the time of
|
||||
the release's development (if viable).
|
||||
the release’s development (if viable).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -662,7 +662,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>dump1090</literal> derivation has been changed to
|
||||
use FlightAware's dump1090 as its upstream. However, this
|
||||
use FlightAware’s dump1090 as its upstream. However, this
|
||||
version does not have an internal webserver anymore. The
|
||||
assets in the <literal>share/dump1090</literal> directory of
|
||||
the derivation can be used in conjunction with an external
|
||||
|
@ -890,7 +890,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
<listitem>
|
||||
<para>
|
||||
The<literal>services.buildkite-agent.openssh.publicKeyPath</literal>
|
||||
option has been removed, as it's not necessary to deploy
|
||||
option has been removed, as it’s not necessary to deploy
|
||||
public keys to clone private repositories.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -932,7 +932,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
The <literal>services.xserver.displayManager.auto</literal>
|
||||
module has been removed. It was only intended for use in
|
||||
internal NixOS tests, and gave the false impression of it
|
||||
being a special display manager when it's actually LightDM.
|
||||
being a special display manager when it’s actually LightDM.
|
||||
Please use the
|
||||
<literal>services.xserver.displayManager.lightdm.autoLogin</literal>
|
||||
options instead, or any other display manager in NixOS as they
|
||||
|
@ -962,13 +962,13 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
|
|||
auth required pam_succeed_if.so quiet
|
||||
</programlisting>
|
||||
<para>
|
||||
line, where default it's:
|
||||
line, where default it’s:
|
||||
</para>
|
||||
<programlisting>
|
||||
auth required pam_succeed_if.so uid >= 1000 quiet
|
||||
</programlisting>
|
||||
<para>
|
||||
not permitting users with uid's below 1000 (like root). All
|
||||
not permitting users with uid’s below 1000 (like root). All
|
||||
other display managers in NixOS are configured like this.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -1051,14 +1051,14 @@ auth required pam_succeed_if.so quiet
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>*psu</literal> versions of oraclejdk8 have been
|
||||
removed as they aren't provided by upstream anymore.
|
||||
removed as they aren’t provided by upstream anymore.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.dnscrypt-proxy</literal> module has been
|
||||
removed as it used the deprecated version of dnscrypt-proxy.
|
||||
We've added
|
||||
We’ve added
|
||||
<link xlink:href="options.html#opt-services.dnscrypt-proxy2.enable">services.dnscrypt-proxy2.enable</link>
|
||||
to use the supported version. This module supports
|
||||
configuration via the Nix attribute set
|
||||
|
@ -1093,7 +1093,7 @@ auth required pam_succeed_if.so quiet
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
sqldeveloper_18 has been removed as it's not maintained
|
||||
sqldeveloper_18 has been removed as it’s not maintained
|
||||
anymore, sqldeveloper has been updated to version
|
||||
<literal>19.4</literal>. Please note that this means that this
|
||||
means that the oraclejdk is now required. For further
|
||||
|
@ -1110,7 +1110,7 @@ auth required pam_succeed_if.so quiet
|
|||
the different lists of dependencies mashed together as one big
|
||||
list, and then partitioning into Haskell and non-Hakell
|
||||
dependencies, they work from the original many different
|
||||
dependency parameters and don't need to algorithmically
|
||||
dependency parameters and don’t need to algorithmically
|
||||
partition anything.
|
||||
</para>
|
||||
<para>
|
||||
|
@ -1123,7 +1123,7 @@ auth required pam_succeed_if.so quiet
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The gcc-snapshot-package has been removed. It's marked as
|
||||
The gcc-snapshot-package has been removed. It’s marked as
|
||||
broken for >2 years and used to point to a fairly old
|
||||
snapshot from the gcc7-branch.
|
||||
</para>
|
||||
|
@ -1158,7 +1158,7 @@ auth required pam_succeed_if.so quiet
|
|||
<listitem>
|
||||
<para>
|
||||
nextcloud has been updated to <literal>v18.0.2</literal>. This
|
||||
means that users from NixOS 19.09 can't upgrade directly since
|
||||
means that users from NixOS 19.09 can’t upgrade directly since
|
||||
you can only move one version forward and 19.09 uses
|
||||
<literal>v16.0.8</literal>.
|
||||
</para>
|
||||
|
@ -1181,7 +1181,7 @@ auth required pam_succeed_if.so quiet
|
|||
Existing setups will be detected using
|
||||
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>:
|
||||
by default, nextcloud17 will be used, but will raise a
|
||||
warning which notes that after that deploy it's
|
||||
warning which notes that after that deploy it’s
|
||||
recommended to update to the latest stable version
|
||||
(nextcloud18) by declaring the newly introduced setting
|
||||
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>.
|
||||
|
@ -1194,7 +1194,7 @@ auth required pam_succeed_if.so quiet
|
|||
get an evaluation error by default. This is done to ensure
|
||||
that our
|
||||
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>-option
|
||||
doesn't select an older version by accident. It's
|
||||
doesn’t select an older version by accident. It’s
|
||||
recommended to use pkgs.nextcloud18 or to set
|
||||
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>
|
||||
to pkgs.nextcloud explicitly.
|
||||
|
@ -1203,7 +1203,7 @@ auth required pam_succeed_if.so quiet
|
|||
</itemizedlist>
|
||||
<warning>
|
||||
<para>
|
||||
Please note that if you're coming from
|
||||
Please note that if you’re coming from
|
||||
<literal>19.03</literal> or older, you have to manually
|
||||
upgrade to <literal>19.09</literal> first to upgrade your
|
||||
server to Nextcloud v16.
|
||||
|
@ -1215,7 +1215,7 @@ auth required pam_succeed_if.so quiet
|
|||
Hydra has gained a massive performance improvement due to
|
||||
<link xlink:href="https://github.com/NixOS/hydra/pull/710">some
|
||||
database schema changes</link> by adding several IDs and
|
||||
better indexing. However, it's necessary to upgrade Hydra in
|
||||
better indexing. However, it’s necessary to upgrade Hydra in
|
||||
multiple steps:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
|
@ -1266,12 +1266,12 @@ $ hydra-backfill-ids
|
|||
<link xlink:href="options.html#opt-system.stateVersion">stateVersion</link>
|
||||
is set to <literal>20.03</literal> or greater,
|
||||
hydra-unstable will be used automatically! This will break
|
||||
your setup if you didn't run the migration.
|
||||
your setup if you didn’t run the migration.
|
||||
</para>
|
||||
</warning>
|
||||
<para>
|
||||
Please note that Hydra is currently not available with
|
||||
nixStable as this doesn't compile anymore.
|
||||
nixStable as this doesn’t compile anymore.
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
|
@ -1281,7 +1281,7 @@ $ hydra-backfill-ids
|
|||
assertion error will be thrown. To circumvent this, you need
|
||||
to set
|
||||
<link xlink:href="options.html#opt-services.hydra.package">services.hydra.package</link>
|
||||
to pkgs.hydra explicitly and make sure you know what you're
|
||||
to pkgs.hydra explicitly and make sure you know what you’re
|
||||
doing!
|
||||
</para>
|
||||
</warning>
|
||||
|
@ -1413,14 +1413,14 @@ $ hydra-backfill-ids
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
If you use <literal>sqlite3</literal> you don't need to do
|
||||
If you use <literal>sqlite3</literal> you don’t need to do
|
||||
anything.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
If you use <literal>postgresql</literal> on a different
|
||||
server, you don't need to change anything as well since
|
||||
server, you don’t need to change anything as well since
|
||||
this module was never designed to configure remote
|
||||
databases.
|
||||
</para>
|
||||
|
@ -1460,7 +1460,7 @@ $ hydra-backfill-ids
|
|||
<literal>nixos-unstable</literal> <emphasis>after</emphasis>
|
||||
the <literal>19.09</literal>-release, your database is
|
||||
misconfigured due to a regression in NixOS. For now,
|
||||
matrix-synapse will startup with a warning, but it's
|
||||
matrix-synapse will startup with a warning, but it’s
|
||||
recommended to reconfigure the database to set the values
|
||||
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal>
|
||||
to
|
||||
|
@ -1473,7 +1473,7 @@ $ hydra-backfill-ids
|
|||
<link xlink:href="options.html#opt-systemd.network.links">systemd.network.links</link>
|
||||
option is now respected even when
|
||||
<link xlink:href="options.html#opt-systemd.network.enable">systemd-networkd</link>
|
||||
is disabled. This mirrors the behaviour of systemd - It's udev
|
||||
is disabled. This mirrors the behaviour of systemd - It’s udev
|
||||
that parses <literal>.link</literal> files, not
|
||||
<literal>systemd-networkd</literal>.
|
||||
</para>
|
||||
|
@ -1486,8 +1486,8 @@ $ hydra-backfill-ids
|
|||
<para>
|
||||
Please note that mongodb has been relicensed under their own
|
||||
<link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal> sspl</literal></link>-license.
|
||||
Since it's not entirely free and not OSI-approved, it's
|
||||
listed as non-free. This means that Hydra doesn't provide
|
||||
Since it’s not entirely free and not OSI-approved, it’s
|
||||
listed as non-free. This means that Hydra doesn’t provide
|
||||
prebuilt mongodb-packages and needs to be built locally.
|
||||
</para>
|
||||
</warning>
|
||||
|
|
|
@ -722,7 +722,7 @@
|
|||
See
|
||||
<link xlink:href="https://mariadb.com/kb/en/authentication-from-mariadb-104/">Authentication
|
||||
from MariaDB 10.4</link>. unix_socket auth plugin does not use
|
||||
a password, and uses the connecting user's UID instead. When a
|
||||
a password, and uses the connecting user’s UID instead. When a
|
||||
new MariaDB data directory is initialized, two MariaDB users
|
||||
are created and can be used with new unix_socket auth plugin,
|
||||
as well as traditional mysql_native_password plugin:
|
||||
|
@ -864,7 +864,7 @@ WHERE table_schema = "zabbix" AND COLLATION_NAME = "utf8_general_
|
|||
<para>
|
||||
<literal>buildGoModule</literal> now internally creates a
|
||||
vendor directory in the source tree for downloaded modules
|
||||
instead of using go's
|
||||
instead of using go’s
|
||||
<link xlink:href="https://golang.org/cmd/go/#hdr-Module_proxy_protocol">module
|
||||
proxy protocol</link>. This storage format is simpler and
|
||||
therefore less likely to break with future versions of go. As
|
||||
|
@ -941,17 +941,17 @@ WHERE table_schema = "zabbix" AND COLLATION_NAME = "utf8_general_
|
|||
<para>
|
||||
If you used the
|
||||
<literal>boot.initrd.network.ssh.host*Key</literal> options,
|
||||
you'll get an error explaining how to convert your host keys
|
||||
you’ll get an error explaining how to convert your host keys
|
||||
and migrate to the new
|
||||
<literal>boot.initrd.network.ssh.hostKeys</literal> option.
|
||||
Otherwise, if you don't have any host keys set, you'll need to
|
||||
Otherwise, if you don’t have any host keys set, you’ll need to
|
||||
generate some; see the <literal>hostKeys</literal> option
|
||||
documentation for instructions.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Since this release there's an easy way to customize your PHP
|
||||
Since this release there’s an easy way to customize your PHP
|
||||
install to get a much smaller base PHP with only wanted
|
||||
extensions enabled. See the following snippet installing a
|
||||
smaller PHP with the extensions <literal>imagick</literal>,
|
||||
|
@ -973,7 +973,7 @@ WHERE table_schema = "zabbix" AND COLLATION_NAME = "utf8_general_
|
|||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The default <literal>php</literal> attribute hasn't lost any
|
||||
The default <literal>php</literal> attribute hasn’t lost any
|
||||
extensions. The <literal>opcache</literal> extension has been
|
||||
added. All upstream PHP extensions are available under
|
||||
php.extensions.<name?>.
|
||||
|
@ -1162,7 +1162,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
|
|||
<para>
|
||||
The <literal>systemd-networkd</literal> option
|
||||
<literal>systemd.network.networks.<name>.dhcp.CriticalConnection</literal>
|
||||
has been removed following upstream systemd's deprecation of
|
||||
has been removed following upstream systemd’s deprecation of
|
||||
the same. It is recommended to use
|
||||
<literal>systemd.network.networks.<name>.networkConfig.KeepConfiguration</literal>
|
||||
instead. See systemd.network 5 for details.
|
||||
|
@ -1174,7 +1174,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
|
|||
<literal>systemd.network.networks._name_.dhcpConfig</literal>
|
||||
has been renamed to
|
||||
<link xlink:href="options.html#opt-systemd.network.networks._name_.dhcpV4Config">systemd.network.networks.<emphasis>name</emphasis>.dhcpV4Config</link>
|
||||
following upstream systemd's documentation change. See
|
||||
following upstream systemd’s documentation change. See
|
||||
systemd.network 5 for details.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -1283,7 +1283,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
|
|||
The
|
||||
<link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
|
||||
package and NixOS module have been removed from Nixpkgs as the
|
||||
software is unmaintained and can't be built. For more
|
||||
software is unmaintained and can’t be built. For more
|
||||
information see issue
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
|
||||
</para>
|
||||
|
@ -1350,7 +1350,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Radicale's default package has changed from 2.x to 3.x. An
|
||||
Radicale’s default package has changed from 2.x to 3.x. An
|
||||
upgrade checklist can be found
|
||||
<link xlink:href="https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist">here</link>.
|
||||
You can use the newer version in the NixOS service by setting
|
||||
|
@ -1587,7 +1587,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>security.rngd</literal> service is now disabled
|
||||
by default. This choice was made because there's krngd in the
|
||||
by default. This choice was made because there’s krngd in the
|
||||
linux kernel space making it (for most usecases) functionally
|
||||
redundent.
|
||||
</para>
|
||||
|
@ -1609,13 +1609,13 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
will be EOL (end of life) within the lifetime of 20.09</link>.
|
||||
</para>
|
||||
<para>
|
||||
It's necessary to upgrade to nextcloud19:
|
||||
It’s necessary to upgrade to nextcloud19:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
From nextcloud17, you have to upgrade to nextcloud18 first
|
||||
as Nextcloud doesn't allow going multiple major revisions
|
||||
as Nextcloud doesn’t allow going multiple major revisions
|
||||
forward in a single upgrade. This is possible by setting
|
||||
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
|
||||
to nextcloud18.
|
||||
|
@ -1623,7 +1623,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
From nextcloud18, it's possible to directly upgrade to
|
||||
From nextcloud18, it’s possible to directly upgrade to
|
||||
nextcloud19 by setting
|
||||
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
|
||||
to nextcloud19.
|
||||
|
@ -1685,7 +1685,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
<listitem>
|
||||
<para>
|
||||
The notmuch package moves its emacs-related binaries and emacs
|
||||
lisp files to a separate output. They're not part of the
|
||||
lisp files to a separate output. They’re not part of the
|
||||
default <literal>out</literal> output anymore - if you relied
|
||||
on the <literal>notmuch-emacs-mua</literal> binary or the
|
||||
emacs lisp files, access them via the
|
||||
|
@ -1736,7 +1736,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The cc- and binutils-wrapper's "infix salt" and
|
||||
The cc- and binutils-wrapper’s "infix salt" and
|
||||
<literal>_BUILD_</literal> and <literal>_TARGET_</literal>
|
||||
user infixes have been replaced with with a "suffix
|
||||
salt" and suffixes and <literal>_FOR_BUILD</literal> and
|
||||
|
@ -1774,8 +1774,8 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
<literal>network-link-*</literal> units, which have been
|
||||
removed. Bringing the interface up has been moved to the
|
||||
beginning of the <literal>network-addresses-*</literal> unit.
|
||||
Note this doesn't require <literal>systemd-networkd</literal>
|
||||
- it's udev that parses <literal>.link</literal> files. Extra
|
||||
Note this doesn’t require <literal>systemd-networkd</literal>
|
||||
- it’s udev that parses <literal>.link</literal> files. Extra
|
||||
care needs to be taken in the presence of
|
||||
<link xlink:href="https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME">legacy
|
||||
udev rules</link> to rename interfaces, as MAC Address and MTU
|
||||
|
@ -1850,7 +1850,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
With this release <literal>systemd-networkd</literal> (when
|
||||
enabled through
|
||||
<link xlink:href="options.html#opt-networking.useNetworkd">networking.useNetworkd</link>)
|
||||
has it's netlink socket created through a
|
||||
has it’s netlink socket created through a
|
||||
<literal>systemd.socket</literal> unit. This gives us control
|
||||
over socket buffer sizes and other parameters. For larger
|
||||
setups where networkd has to create a lot of (virtual) devices
|
||||
|
@ -1873,7 +1873,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</para>
|
||||
<para>
|
||||
Since the actual memory requirements depend on hardware,
|
||||
timing, exact configurations etc. it isn't currently possible
|
||||
timing, exact configurations etc. it isn’t currently possible
|
||||
to infer a good default from within the NixOS module system.
|
||||
Administrators are advised to monitor the logs of
|
||||
<literal>systemd-networkd</literal> for
|
||||
|
@ -1882,7 +1882,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</para>
|
||||
<para>
|
||||
Note: Increasing the <literal>ReceiveBufferSize=</literal>
|
||||
doesn't allocate any memory. It just increases the upper bound
|
||||
doesn’t allocate any memory. It just increases the upper bound
|
||||
on the kernel side. The memory allocation depends on the
|
||||
amount of messages that are queued on the kernel side of the
|
||||
netlink socket.
|
||||
|
@ -1934,8 +1934,8 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</para>
|
||||
<para>
|
||||
If you have an existing installation, please make sure that
|
||||
you're on nextcloud18 before upgrading to nextcloud19 since
|
||||
Nextcloud doesn't support upgrades across multiple major
|
||||
you’re on nextcloud18 before upgrading to nextcloud19 since
|
||||
Nextcloud doesn’t support upgrades across multiple major
|
||||
versions.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -237,7 +237,7 @@
|
|||
installs the upstream-provided 80-iwd.link file, which sets
|
||||
the NamePolicy= for all wlan devices to "keep
|
||||
kernel", to avoid race conditions between iwd and
|
||||
networkd. If you don't want this, you can set
|
||||
networkd. If you don’t want this, you can set
|
||||
<literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -245,7 +245,7 @@
|
|||
<para>
|
||||
<literal>rubyMinimal</literal> was removed due to being unused
|
||||
and unusable. The default ruby interpreter includes JIT
|
||||
support, which makes it reference it's compiler. Since JIT
|
||||
support, which makes it reference it’s compiler. Since JIT
|
||||
support is probably needed by some Gems, it was decided to
|
||||
enable this feature with all cc references by default, and
|
||||
allow to build a Ruby derivation without references to cc, by
|
||||
|
@ -427,7 +427,7 @@
|
|||
<para>
|
||||
<link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>,
|
||||
which is off by default, had a <literal>chmod</literal> race
|
||||
condition fixed. As an aside, the parent directory's
|
||||
condition fixed. As an aside, the parent directory’s
|
||||
permissions were widened, and the key files were made
|
||||
owner-writable. This only affects newly created keys. However,
|
||||
if the exact permissions are important for your setup, read
|
||||
|
@ -527,7 +527,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
|
|||
this directory are guarded to only run if the files they
|
||||
want to manipulate do not already exist, and so will not
|
||||
re-apply their changes if the IMDS response changes.
|
||||
Examples: <literal>root</literal>'s SSH key is only added if
|
||||
Examples: <literal>root</literal>’s SSH key is only added if
|
||||
<literal>/root/.ssh/authorized_keys</literal> does not
|
||||
exist, and SSH host keys are only set from user data if they
|
||||
do not exist in <literal>/etc/ssh</literal>.
|
||||
|
@ -550,7 +550,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
|
|||
configures Privoxy, and the
|
||||
<literal>services.tor.client.privoxy.enable</literal> option
|
||||
has been removed. To enable Privoxy, and to configure it to
|
||||
use Tor's faster port, use the following configuration:
|
||||
use Tor’s faster port, use the following configuration:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
|
@ -628,7 +628,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
|
|||
exporter no longer accepts a fixed command-line parameter to
|
||||
specify the URL of the endpoint serving JSON. It now expects
|
||||
this URL to be passed as an URL parameter, when scraping the
|
||||
exporter's <literal>/probe</literal> endpoint. In the
|
||||
exporter’s <literal>/probe</literal> endpoint. In the
|
||||
prometheus scrape configuration the scrape target might look
|
||||
like this:
|
||||
</para>
|
||||
|
@ -790,7 +790,7 @@ self: super:
|
|||
for any device that the kernel recognises as an hardware RNG,
|
||||
as it will automatically run the krngd task to periodically
|
||||
collect random data from the device and mix it into the
|
||||
kernel's RNG.
|
||||
kernel’s RNG.
|
||||
</para>
|
||||
<para>
|
||||
The default SMTP port for GitLab has been changed to
|
||||
|
@ -893,7 +893,7 @@ self: super:
|
|||
<literal>services.minio.dataDir</literal> changed type to a
|
||||
list of paths, required for specifiyng multiple data
|
||||
directories for using with erasure coding. Currently, the
|
||||
service doesn't enforce nor checks the correct number of paths
|
||||
service doesn’t enforce nor checks the correct number of paths
|
||||
to correspond to minio requirements.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -910,7 +910,7 @@ self: super:
|
|||
<literal>dvorak-programmer</literal> in
|
||||
<literal>console.keyMap</literal> now instead of
|
||||
<literal>dvp</literal>. In
|
||||
<literal>services.xserver.xkbVariant</literal> it's still
|
||||
<literal>services.xserver.xkbVariant</literal> it’s still
|
||||
<literal>dvp</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -954,7 +954,7 @@ self: super:
|
|||
supported.
|
||||
</para>
|
||||
<para>
|
||||
Furthermore, Radicale's systemd unit was hardened which might
|
||||
Furthermore, Radicale’s systemd unit was hardened which might
|
||||
break some deployments. In particular, a non-default
|
||||
<literal>filesystem_folder</literal> has to be added to
|
||||
<literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal>
|
||||
|
@ -991,7 +991,7 @@ self: super:
|
|||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://www.gnuradio.org/">GNURadio</link>
|
||||
has a <literal>pkgs</literal> attribute set, and there's a
|
||||
has a <literal>pkgs</literal> attribute set, and there’s a
|
||||
<literal>gnuradio.callPackage</literal> function that extends
|
||||
<literal>pkgs</literal> with a
|
||||
<literal>mkDerivation</literal>, and a
|
||||
|
@ -1098,9 +1098,9 @@ self: super:
|
|||
<listitem>
|
||||
<para>
|
||||
The default-version of <literal>nextcloud</literal> is
|
||||
nextcloud21. Please note that it's <emphasis>not</emphasis>
|
||||
nextcloud21. Please note that it’s <emphasis>not</emphasis>
|
||||
possible to upgrade <literal>nextcloud</literal> across
|
||||
multiple major versions! This means that it's e.g. not
|
||||
multiple major versions! This means that it’s e.g. not
|
||||
possible to upgrade from nextcloud18 to nextcloud20 in a
|
||||
single deploy and most <literal>20.09</literal> users will
|
||||
have to upgrade to nextcloud20 first.
|
||||
|
@ -1122,7 +1122,7 @@ self: super:
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS now emits a deprecation warning if systemd's
|
||||
NixOS now emits a deprecation warning if systemd’s
|
||||
<literal>StartLimitInterval</literal> setting is used in a
|
||||
<literal>serviceConfig</literal> section instead of in a
|
||||
<literal>unitConfig</literal>; that setting is deprecated and
|
||||
|
@ -1255,8 +1255,8 @@ self: super:
|
|||
<listitem>
|
||||
<para>
|
||||
The <literal>services.dnscrypt-proxy2</literal> module now
|
||||
takes the upstream's example configuration and updates it with
|
||||
the user's settings. An option has been added to restore the
|
||||
takes the upstream’s example configuration and updates it with
|
||||
the user’s settings. An option has been added to restore the
|
||||
old behaviour if you prefer to declare the configuration from
|
||||
scratch.
|
||||
</para>
|
||||
|
@ -1317,7 +1317,7 @@ self: super:
|
|||
now always ensures home directory permissions to be
|
||||
<literal>0700</literal>. Permissions had previously been
|
||||
ignored for already existing home directories, possibly
|
||||
leaving them readable by others. The option's description was
|
||||
leaving them readable by others. The option’s description was
|
||||
incorrect regarding ownership management and has been
|
||||
simplified greatly.
|
||||
</para>
|
||||
|
|
|
@ -723,7 +723,7 @@ Superuser created successfully.
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>erigon</literal> ethereum node has moved it’s
|
||||
The <literal>erigon</literal> ethereum node has moved its
|
||||
database location in <literal>2021-08-03</literal>, users
|
||||
upgrading must manually move their chaindata (see
|
||||
<link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release
|
||||
|
|
|
@ -13,7 +13,7 @@ booting, and try to realise the configuration in the running system
|
|||
(e.g., by restarting system services).
|
||||
|
||||
::: {.warning}
|
||||
This command doesn\'t start/stop [user services](#opt-systemd.user.services)
|
||||
This command doesn't start/stop [user services](#opt-systemd.user.services)
|
||||
automatically. `nixos-rebuild` only runs a `daemon-reload` for each user with running
|
||||
user services.
|
||||
:::
|
||||
|
@ -51,7 +51,7 @@ GRUB 2 boot screen by giving it a different *profile name*, e.g.
|
|||
```
|
||||
|
||||
which causes the new configuration (and previous ones created using
|
||||
`-p test`) to show up in the GRUB submenu "NixOS - Profile \'test\'".
|
||||
`-p test`) to show up in the GRUB submenu "NixOS - Profile 'test'".
|
||||
This can be useful to separate test configurations from "stable"
|
||||
configurations.
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ The first steps to all these are the same:
|
|||
|
||||
1. Switch to the NixOS channel:
|
||||
|
||||
If you\'ve just installed Nix on a non-NixOS distribution, you will
|
||||
If you've just installed Nix on a non-NixOS distribution, you will
|
||||
be on the `nixpkgs` channel by default.
|
||||
|
||||
```ShellSession
|
||||
|
@ -49,10 +49,10 @@ The first steps to all these are the same:
|
|||
|
||||
1. Install the NixOS installation tools:
|
||||
|
||||
You\'ll need `nixos-generate-config` and `nixos-install`, but this
|
||||
You'll need `nixos-generate-config` and `nixos-install`, but this
|
||||
also makes some man pages and `nixos-enter` available, just in case
|
||||
you want to chroot into your NixOS partition. NixOS installs these
|
||||
by default, but you don\'t have NixOS yet..
|
||||
by default, but you don't have NixOS yet..
|
||||
|
||||
```ShellSession
|
||||
$ nix-env -f '<nixpkgs>' -iA nixos-install-tools
|
||||
|
@ -70,7 +70,7 @@ The first steps to all these are the same:
|
|||
refer to the partitioning, file-system creation, and mounting steps
|
||||
of [](#sec-installation)
|
||||
|
||||
If you\'re about to install NixOS in place using `NIXOS_LUSTRATE`
|
||||
If you're about to install NixOS in place using `NIXOS_LUSTRATE`
|
||||
there is nothing to do for this step.
|
||||
|
||||
1. Generate your NixOS configuration:
|
||||
|
@ -79,12 +79,12 @@ The first steps to all these are the same:
|
|||
$ sudo `which nixos-generate-config` --root /mnt
|
||||
```
|
||||
|
||||
You\'ll probably want to edit the configuration files. Refer to the
|
||||
You'll probably want to edit the configuration files. Refer to the
|
||||
`nixos-generate-config` step in [](#sec-installation) for more
|
||||
information.
|
||||
|
||||
Consider setting up the NixOS bootloader to give you the ability to
|
||||
boot on your existing Linux partition. For instance, if you\'re
|
||||
boot on your existing Linux partition. For instance, if you're
|
||||
using GRUB and your existing distribution is running Ubuntu, you may
|
||||
want to add something like this to your `configuration.nix`:
|
||||
|
||||
|
@ -152,15 +152,15 @@ The first steps to all these are the same:
|
|||
```
|
||||
|
||||
Note that this will place the generated configuration files in
|
||||
`/etc/nixos`. You\'ll probably want to edit the configuration files.
|
||||
`/etc/nixos`. You'll probably want to edit the configuration files.
|
||||
Refer to the `nixos-generate-config` step in
|
||||
[](#sec-installation) for more information.
|
||||
|
||||
You\'ll likely want to set a root password for your first boot using
|
||||
the configuration files because you won\'t have a chance to enter a
|
||||
You'll likely want to set a root password for your first boot using
|
||||
the configuration files because you won't have a chance to enter a
|
||||
password until after you reboot. You can initialize the root password
|
||||
to an empty one with this line: (and of course don\'t forget to set
|
||||
one once you\'ve rebooted or to lock the account with
|
||||
to an empty one with this line: (and of course don't forget to set
|
||||
one once you've rebooted or to lock the account with
|
||||
`sudo passwd -l root` if you use `sudo`)
|
||||
|
||||
```nix
|
||||
|
@ -186,7 +186,7 @@ The first steps to all these are the same:
|
|||
bootup scripts require its presence).
|
||||
|
||||
`/etc/NIXOS_LUSTRATE` tells the NixOS bootup scripts to move
|
||||
*everything* that\'s in the root partition to `/old-root`. This will
|
||||
*everything* that's in the root partition to `/old-root`. This will
|
||||
move your existing distribution out of the way in the very early
|
||||
stages of the NixOS bootup. There are exceptions (we do need to keep
|
||||
NixOS there after all), so the NixOS lustrate process will not
|
||||
|
@ -203,7 +203,7 @@ The first steps to all these are the same:
|
|||
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
|
||||
\"lustrating\" refers to the wiping of the existing distribution.
|
||||
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
|
||||
all mutable files from your root partition (anything that\'s not in
|
||||
all mutable files from your root partition (anything that's not in
|
||||
`/nix` or `/boot` gets \"lustrated\" on the next boot.
|
||||
|
||||
lustrate /ˈlʌstreɪt/ verb.
|
||||
|
@ -212,14 +212,14 @@ The first steps to all these are the same:
|
|||
ritual action.
|
||||
:::
|
||||
|
||||
Let\'s create the files:
|
||||
Let's create the files:
|
||||
|
||||
```ShellSession
|
||||
$ sudo touch /etc/NIXOS
|
||||
$ sudo touch /etc/NIXOS_LUSTRATE
|
||||
```
|
||||
|
||||
Let\'s also make sure the NixOS configuration files are kept once we
|
||||
Let's also make sure the NixOS configuration files are kept once we
|
||||
reboot on NixOS:
|
||||
|
||||
```ShellSession
|
||||
|
@ -233,7 +233,7 @@ The first steps to all these are the same:
|
|||
|
||||
::: {.warning}
|
||||
Once you complete this step, your current distribution will no
|
||||
longer be bootable! If you didn\'t get all the NixOS configuration
|
||||
longer be bootable! If you didn't get all the NixOS configuration
|
||||
right, especially those settings pertaining to boot loading and root
|
||||
partition, NixOS may not be bootable either. Have a USB rescue
|
||||
device ready in case this happens.
|
||||
|
@ -247,7 +247,7 @@ The first steps to all these are the same:
|
|||
Cross your fingers, reboot, hopefully you should get a NixOS prompt!
|
||||
|
||||
1. If for some reason you want to revert to the old distribution,
|
||||
you\'ll need to boot on a USB rescue disk and do something along
|
||||
you'll need to boot on a USB rescue disk and do something along
|
||||
these lines:
|
||||
|
||||
```ShellSession
|
||||
|
@ -264,14 +264,14 @@ The first steps to all these are the same:
|
|||
This may work as is or you might also need to reinstall the boot
|
||||
loader.
|
||||
|
||||
And of course, if you\'re happy with NixOS and no longer need the
|
||||
And of course, if you're happy with NixOS and no longer need the
|
||||
old distribution:
|
||||
|
||||
```ShellSession
|
||||
sudo rm -rf /old-root
|
||||
```
|
||||
|
||||
1. It\'s also worth noting that this whole process can be automated.
|
||||
1. It's also worth noting that this whole process can be automated.
|
||||
This is especially useful for Cloud VMs, where provider do not
|
||||
provide NixOS. For instance,
|
||||
[nixos-infect](https://github.com/elitak/nixos-infect) uses the
|
||||
|
|
|
@ -30,7 +30,7 @@ This will create a `result` directory containing the following:
|
|||
These three files are meant to be copied over to the other already running
|
||||
Linux Distribution.
|
||||
|
||||
Note it's symlinks pointing elsewhere, so `cd` in, and use
|
||||
Note its symlinks pointing elsewhere, so `cd` in, and use
|
||||
`scp * root@$destination` to copy it over, rather than rsync.
|
||||
|
||||
Once you finished copying, execute `kexec-boot` *on the destination*, and after
|
||||
|
|
|
@ -61,7 +61,7 @@ select the image, select the USB flash drive and click "Write".
|
|||
be ignored.
|
||||
|
||||
::: {.note}
|
||||
Using the \'raw\' `rdiskX` device instead of `diskX` with dd completes in
|
||||
Using the 'raw' `rdiskX` device instead of `diskX` with dd completes in
|
||||
minutes instead of hours.
|
||||
:::
|
||||
|
||||
|
|
|
@ -230,11 +230,11 @@ The recommended partition scheme differs depending if the computer uses
|
|||
#### UEFI (GPT) {#sec-installation-manual-partitioning-UEFI}
|
||||
[]{#sec-installation-partitioning-UEFI} <!-- legacy anchor -->
|
||||
|
||||
Here\'s an example partition scheme for UEFI, using `/dev/sda` as the
|
||||
Here's an example partition scheme for UEFI, using `/dev/sda` as the
|
||||
device.
|
||||
|
||||
::: {.note}
|
||||
You can safely ignore `parted`\'s informational message about needing to
|
||||
You can safely ignore `parted`'s informational message about needing to
|
||||
update /etc/fstab.
|
||||
:::
|
||||
|
||||
|
@ -279,11 +279,11 @@ Once complete, you can follow with
|
|||
#### Legacy Boot (MBR) {#sec-installation-manual-partitioning-MBR}
|
||||
[]{#sec-installation-partitioning-MBR} <!-- legacy anchor -->
|
||||
|
||||
Here\'s an example partition scheme for Legacy Boot, using `/dev/sda` as
|
||||
Here's an example partition scheme for Legacy Boot, using `/dev/sda` as
|
||||
the device.
|
||||
|
||||
::: {.note}
|
||||
You can safely ignore `parted`\'s informational message about needing to
|
||||
You can safely ignore `parted`'s informational message about needing to
|
||||
update /etc/fstab.
|
||||
:::
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
In addition to numerous new and upgraded packages, this release has the following highlights:
|
||||
|
||||
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
|
||||
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
|
||||
|
||||
- Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security.
|
||||
|
||||
|
@ -178,7 +178,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
|
|||
|
||||
- Nix now requires binary caches to be cryptographically signed. If you have unsigned binary caches that you want to continue to use, you should set `nix.requireSignedBinaryCaches = false`.
|
||||
|
||||
- Steam now doesn\'t need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
|
||||
- Steam now doesn't need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
|
||||
|
||||
- CMPlayer has been renamed to bomi upstream. Package `cmplayer` was accordingly renamed to `bomi`
|
||||
|
||||
|
@ -203,7 +203,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
|
|||
}
|
||||
```
|
||||
|
||||
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we\'d add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
|
||||
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
|
||||
|
||||
```ShellSession
|
||||
nix-env -f "<nixpkgs>" -qaP -A haskellPackages
|
||||
|
@ -217,11 +217,11 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
|
|||
|
||||
Installing Haskell _libraries_ this way, however, is no longer supported. See the next item for more details.
|
||||
|
||||
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user\'s profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
|
||||
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user's profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
|
||||
|
||||
- All Haskell builds that have been generated with version 1.x of the `cabal2nix` utility are now invalid and need to be re-generated with a current version of `cabal2nix` to function. The most recent version of this tool can be installed by running `nix-env -i cabal2nix`.
|
||||
|
||||
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it\'s now called `overrides`.
|
||||
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it's now called `overrides`.
|
||||
|
||||
- The OpenBLAS library has been updated to version `0.2.14`. Support for the `x86_64-darwin` platform was added. Dynamic architecture detection was enabled; OpenBLAS now selects microarchitecture-optimized routines at runtime, so optimal performance is achieved without the need to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages which use an optimized BLAS or LAPACK implementation.
|
||||
|
||||
|
@ -312,7 +312,7 @@ Other notable improvements:
|
|||
|
||||
- The nixos and nixpkgs channels were unified, so one _can_ use `nix-env -iA nixos.bash` instead of `nix-env -iA nixos.pkgs.bash`. See [the commit](https://github.com/NixOS/nixpkgs/commit/2cd7c1f198) for details.
|
||||
|
||||
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH\'s default version with one they generated themselves using the new `services.openssh.moduliFile` option.
|
||||
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH's default version with one they generated themselves using the new `services.openssh.moduliFile` option.
|
||||
|
||||
- A newly packaged TeX Live 2015 is provided in `pkgs.texlive`, split into 6500 nix packages. For basic user documentation see [the source](https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1). Beware of [an issue](https://github.com/NixOS/nixpkgs/issues/9757) when installing a too large package set. The plan is to deprecate and maybe delete the original TeX packages until the next release.
|
||||
|
||||
|
|
|
@ -152,19 +152,19 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
}
|
||||
```
|
||||
|
||||
- `s3sync` is removed, as it hasn\'t been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
|
||||
- `s3sync` is removed, as it hasn't been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
|
||||
|
||||
- `ruby_1_8` has been removed as it\'s not supported from upstream anymore and probably contains security issues.
|
||||
- `ruby_1_8` has been removed as it's not supported from upstream anymore and probably contains security issues.
|
||||
|
||||
- `tidy-html5` package is removed. Upstream only provided `(lib)tidy5` during development, and now they went back to `(lib)tidy` to work as a drop-in replacement of the original package that has been unmaintained for years. You can (still) use the `html-tidy` package, which got updated to a stable release from this new upstream.
|
||||
|
||||
- `extraDeviceOptions` argument is removed from `bumblebee` package. Instead there are now two separate arguments: `extraNvidiaDeviceOptions` and `extraNouveauDeviceOptions` for setting extra X11 options for nvidia and nouveau drivers, respectively.
|
||||
|
||||
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There\'s a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
|
||||
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There's a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
|
||||
|
||||
- `emacsPackagesNg` now contains all packages from the ELPA, MELPA, and MELPA Stable repositories.
|
||||
|
||||
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories\' access rights, new `aliasFiles` and `mapFiles` options and more.
|
||||
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories' access rights, new `aliasFiles` and `mapFiles` options and more.
|
||||
|
||||
- Filesystem options should now be configured as a list of strings, not a comma-separated string. The old style will continue to work, but print a warning, until the 16.09 release. An example of the new style:
|
||||
|
||||
|
@ -180,7 +180,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- CUPS, installed by `services.printing` module, now has its data directory in `/var/lib/cups`. Old configurations from `/etc/cups` are moved there automatically, but there might be problems. Also configuration options `services.printing.cupsdConf` and `services.printing.cupsdFilesConf` were removed because they had been allowing one to override configuration variables required for CUPS to work at all on NixOS. For most use cases, `services.printing.extraConf` and new option `services.printing.extraFilesConf` should be enough; if you encounter a situation when they are not, please file a bug.
|
||||
|
||||
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it\'s greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
|
||||
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it's greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
|
||||
|
||||
- `services.xserver.vaapiDrivers` has been removed. Use `hardware.opengl.extraPackages{,32}` instead. You can also specify VDPAU drivers there.
|
||||
|
||||
|
@ -202,7 +202,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
}
|
||||
```
|
||||
|
||||
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn\'t be overridden by anything else.
|
||||
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn't be overridden by anything else.
|
||||
|
||||
- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.
|
||||
|
||||
|
@ -246,7 +246,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
you should either re-run `nixos-generate-config` or manually replace `"${config.boot.kernelPackages.broadcom_sta}"` by `config.boot.kernelPackages.broadcom_sta` in your `/etc/nixos/hardware-configuration.nix`. More discussion is on [ the github issue](https://github.com/NixOS/nixpkgs/pull/12595).
|
||||
|
||||
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we\'ve implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
|
||||
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
|
||||
|
||||
```shell
|
||||
GPG_TTY=$(tty)
|
||||
|
|
|
@ -20,7 +20,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
|
||||
|
||||
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don\'t actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
|
||||
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
|
||||
|
||||
- Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`.
|
||||
|
||||
|
@ -28,7 +28,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused.
|
||||
|
||||
- Gitlab\'s maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
|
||||
- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
|
||||
|
||||
- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).
|
||||
|
||||
|
@ -38,7 +38,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `pkgs.linuxPackages.virtualbox` now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new `pkgs.virtualbox` instead.
|
||||
|
||||
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There\'s also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
|
||||
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There's also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
|
||||
|
||||
- `services.mongodb.extraConfig` configuration format was changed to YAML.
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
|
||||
|
||||
- The default desktop environment now is KDE\'s Plasma 5. KDE 4 has been removed
|
||||
- The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed
|
||||
|
||||
- The setuid wrapper functionality now supports setting capabilities.
|
||||
|
||||
|
@ -208,7 +208,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Two lone top-level dict dbs moved into `dictdDBs`. This affects: `dictdWordnet` which is now at `dictdDBs.wordnet` and `dictdWiktionary` which is now at `dictdDBs.wiktionary`
|
||||
|
||||
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid\'s documentation.
|
||||
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid's documentation.
|
||||
|
||||
- `Ntpd` was replaced by `systemd-timesyncd` as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting `services.ntp.enable` to `true`. Upstream time servers for all NTP implementations are now configured using `networking.timeServers`.
|
||||
|
||||
|
@ -260,11 +260,11 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs.
|
||||
|
||||
- `local_recipient_maps` is not set to empty value by Postfix service. It\'s an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
|
||||
- `local_recipient_maps` is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
|
||||
|
||||
- Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags `-4` and `-6` have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the `-I` flag, but by encoding the interface into the address (`ping fe80::1%eth0`).
|
||||
|
||||
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn\'t support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
|
||||
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
|
||||
|
||||
- The `fetch*` functions no longer support md5, please use sha256 instead.
|
||||
|
||||
|
@ -278,7 +278,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Module type system have a new extensible option types feature that allow to extend certain types, such as enum, through multiple option declarations of the same option across multiple modules.
|
||||
|
||||
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it\'s recommended to use `jre_headless`.
|
||||
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it's recommended to use `jre_headless`.
|
||||
|
||||
- Python 2.6 interpreter and package set have been removed.
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The user handling now keeps track of deallocated UIDs/GIDs. When a user or group is revived, this allows it to be allocated the UID/GID it had before. A consequence is that UIDs and GIDs are no longer reused.
|
||||
|
||||
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it\'s now possible to also set additional options by using an attribute set, for example:
|
||||
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it's now possible to also set additional options by using an attribute set, for example:
|
||||
|
||||
```nix
|
||||
{ services.xserver.xrandrHeads = [
|
||||
|
@ -208,7 +208,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `mysql` default `dataDir` has changed from `/var/mysql` to `/var/lib/mysql`.
|
||||
|
||||
- Radicale\'s default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
|
||||
- Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
|
||||
|
||||
- The `aiccu` package was removed. This is due to SixXS [ sunsetting](https://www.sixxs.net/main/) its IPv6 tunnel.
|
||||
|
||||
|
@ -216,9 +216,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Top-level `idea` package collection was renamed. All JetBrains IDEs are now at `jetbrains`.
|
||||
|
||||
- `flexget`\'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
|
||||
- `flexget`'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
|
||||
|
||||
- The `ipfs` service now doesn\'t ignore the `dataDir` option anymore. If you\'ve ever set this option to anything other than the default you\'ll have to either unset it (so the default gets used) or migrate the old data manually with
|
||||
- The `ipfs` service now doesn't ignore the `dataDir` option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
|
||||
|
||||
```ShellSession
|
||||
dataDir=<valueOfDataDir>
|
||||
|
@ -236,7 +236,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `wvdial` package and module were removed. This is due to the project being dead and not building with openssl 1.1.
|
||||
|
||||
- `cc-wrapper`\'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages\' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
|
||||
- `cc-wrapper`'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
|
||||
|
||||
- `services.firefox.syncserver` now runs by default as a non-root user. To accommodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details.
|
||||
|
||||
|
@ -244,7 +244,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Touchpad support should now be enabled through `libinput` as `synaptics` is now deprecated. See the option `services.xserver.libinput.enable`.
|
||||
|
||||
- grsecurity/PaX support has been dropped, following upstream\'s decision to cease free support. See [ upstream\'s announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
|
||||
- grsecurity/PaX support has been dropped, following upstream's decision to cease free support. See [ upstream's announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
|
||||
|
||||
- `services.mysql` now has declarative configuration of databases and users with the `ensureDatabases` and `ensureUsers` options.
|
||||
|
||||
|
@ -283,9 +283,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
## Other Notable Changes {#sec-release-17.09-notable-changes}
|
||||
|
||||
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it\'s place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
|
||||
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it's place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
|
||||
|
||||
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer\'s intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
|
||||
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer's intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
|
||||
|
||||
- ZFS/SPL have been updated to 0.7.0, `zfsUnstable, splUnstable` have therefore been removed.
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- End of support is planned for end of October 2018, handing over to 18.09.
|
||||
|
||||
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn\'t NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it\'s waiting for some test fixes, etc.
|
||||
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc.
|
||||
|
||||
- Nix now defaults to 2.0; see its [release notes](https://nixos.org/nix/manual/#ssec-relnotes-2.0).
|
||||
|
||||
|
@ -176,7 +176,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
|
||||
|
||||
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn\'t but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
|
||||
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
|
||||
|
||||
- `lib.addPassthru drv passthru` is removed. Use `lib.extendDerivation true passthru drv` instead.
|
||||
|
||||
|
@ -184,7 +184,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `hardware.amdHybridGraphics.disable` option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
|
||||
|
||||
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn\'t include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
|
||||
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn't include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
|
||||
|
||||
- The following changes apply if the `stateVersion` is changed to 18.03 or higher. For `stateVersion = "17.09"` or lower the old behavior is preserved.
|
||||
|
||||
|
@ -204,7 +204,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The data directory `/var/lib/piwik` was renamed to `/var/lib/matomo`. All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
|
||||
|
||||
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you\'ll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
|
||||
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you'll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
|
||||
|
||||
- The `piwik` user was renamed to `matomo`. The service will adjust ownership automatically for files in the data directory. If you use unix socket authentication, remember to give the new `matomo` user access to the database and to change the `username` to `matomo` in the `[database]` section of `/var/lib/matomo/config/config.ini.php`.
|
||||
|
||||
|
@ -250,7 +250,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The option `services.logstash.listenAddress` is now `127.0.0.1` by default. Previously the default behaviour was to listen on all interfaces.
|
||||
|
||||
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there\'s a correct copy available, it will automatically repair corrupted blocks.
|
||||
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there's a correct copy available, it will automatically repair corrupted blocks.
|
||||
|
||||
- `displayManager.lightdm.greeters.gtk.clock-format.` has been added, the clock format string (as expected by strftime, e.g. `%H:%M`) to use with the lightdm gtk greeter panel.
|
||||
|
||||
|
|
|
@ -204,11 +204,11 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `clementine` package points now to the free derivation. `clementineFree` is removed now and `clementineUnfree` points to the package which is bundled with the unfree `libspotify` package.
|
||||
|
||||
- The `netcat` package is now taken directly from OpenBSD\'s `libressl`, instead of relying on Debian\'s fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
|
||||
- The `netcat` package is now taken directly from OpenBSD's `libressl`, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
|
||||
|
||||
- The `services.docker-registry.extraConfig` object doesn\'t contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
|
||||
- The `services.docker-registry.extraConfig` object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
|
||||
|
||||
- `gnucash` has changed from version 2.4 to 3.x. If you\'ve been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
|
||||
- `gnucash` has changed from version 2.4 to 3.x. If you've been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
|
||||
|
||||
- `services.munge` now runs as user (and group) `munge` instead of root. Make sure the key file is accessible to the daemon.
|
||||
|
||||
|
@ -315,7 +315,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set `services.kubernetes.addons.dashboard.rbac.clusterAdmin` to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: `kubectl delete clusterrolebinding kubernetes-dashboard`
|
||||
|
||||
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn\'t available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
|
||||
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
|
||||
|
||||
- The module `services.networking.hostapd` now uses WPA2 by default.
|
||||
|
||||
|
@ -327,6 +327,6 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The default display manager is now LightDM. To use SLiM set `services.xserver.displayManager.slim.enable` to `true`.
|
||||
|
||||
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it\'s no longer necessary to use `</para><para>` to start a new paragraph.
|
||||
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use `</para><para>` to start a new paragraph.
|
||||
|
||||
- Top-level `buildPlatform`, `hostPlatform`, and `targetPlatform` in Nixpkgs are deprecated. Please use their equivalents in `stdenv` instead: `stdenv.buildPlatform`, `stdenv.hostPlatform`, and `stdenv.targetPlatform`.
|
||||
|
|
|
@ -11,11 +11,11 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
- Added the Pantheon desktop environment. It can be enabled through `services.xserver.desktopManager.pantheon.enable`.
|
||||
|
||||
::: {.note}
|
||||
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon\'s screen locking implementation relies on it.
|
||||
Because of that it is recommended to leave LightDM enabled. If you\'d like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
|
||||
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon's screen locking implementation relies on it.
|
||||
Because of that it is recommended to leave LightDM enabled. If you'd like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
|
||||
:::
|
||||
|
||||
Also note that Pantheon\'s LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn\'t optimal for use here yet.
|
||||
Also note that Pantheon's LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn't optimal for use here yet.
|
||||
|
||||
- A major refactoring of the Kubernetes module has been completed. Refactorings primarily focus on decoupling components and enhancing security. Two-way TLS and RBAC has been enabled by default for all components, which slightly changes the way the module is configured. See: [](#sec-kubernetes) for details.
|
||||
|
||||
|
@ -57,7 +57,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The Syncthing state and configuration data has been moved from `services.syncthing.dataDir` to the newly defined `services.syncthing.configDir`, which default to `/var/lib/syncthing/.config/syncthing`. This change makes possible to share synced directories using ACLs without Syncthing resetting the permission on every start.
|
||||
|
||||
- The `ntp` module now has sane default restrictions. If you\'re relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
|
||||
- The `ntp` module now has sane default restrictions. If you're relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
|
||||
|
||||
- Package `rabbitmq_server` is renamed to `rabbitmq-server`.
|
||||
|
||||
|
@ -91,7 +91,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device \"default\" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
|
||||
|
||||
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we\'re using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it\'s usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
|
||||
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
|
||||
|
||||
If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters.
|
||||
|
||||
|
@ -137,7 +137,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
|
||||
|
||||
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account\'s password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
|
||||
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
|
||||
|
||||
- `fish` has been upgraded to 3.0. It comes with a number of improvements and backwards incompatible changes. See the `fish` [release notes](https://github.com/fish-shell/fish-shell/releases/tag/3.0.0) for more information.
|
||||
|
||||
|
@ -145,7 +145,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- NixOS module system type `types.optionSet` and `lib.mkOption` argument `options` are deprecated. Use `types.submodule` instead. ([\#54637](https://github.com/NixOS/nixpkgs/pull/54637))
|
||||
|
||||
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let\'s Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let\'s Encrypt certificates.
|
||||
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let's Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let's Encrypt certificates.
|
||||
|
||||
- `mailutils` now works by default when `sendmail` is not in a setuid wrapper. As a consequence, the `sendmailPath` argument, having lost its main use, has been removed.
|
||||
|
||||
|
@ -191,7 +191,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
With this change application specific volumes are relative to the master volume which can be adjusted independently, whereas before they were absolute; meaning that in effect, it scaled the device-volume with the volume of the loudest application.
|
||||
:::
|
||||
|
||||
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn\'t contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
|
||||
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn't contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
|
||||
|
||||
- New installs of NixOS will default to the Redmine 4.x series unless otherwise specified in `services.redmine.package` while existing installs of NixOS will default to the Redmine 3.x series.
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The installer now uses a less privileged `nixos` user whereas before we logged in as root. To gain root privileges use `sudo -i` without a password.
|
||||
|
||||
- We\'ve updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you\'d like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They\'re incompatibilities with the current Xfce module; it doesn\'t support `thunarPlugins` and it isn\'t recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
|
||||
- We've updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you'd like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support `thunarPlugins` and it isn't recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
|
||||
|
||||
- The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages like games.
|
||||
|
||||
|
@ -46,9 +46,9 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `services.gnome3.games.enable`
|
||||
|
||||
With these options we hope to give users finer grained control over their systems. Prior to this change you\'d either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
|
||||
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
|
||||
|
||||
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we\'ve updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
|
||||
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
|
||||
|
||||
**The following changes were enacted in `services.gnome3.core-utilities.enable`**
|
||||
|
||||
|
@ -104,7 +104,7 @@ The following new services were added since the last release:
|
|||
|
||||
- `services.xserver.desktopManager.pantheon`
|
||||
|
||||
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn\'t use it as a service, but its graphical interface directly.
|
||||
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn't use it as a service, but its graphical interface directly.
|
||||
|
||||
- [services.blueman.enable](options.html#opt-services.blueman.enable) has been added. If you previously had blueman installed via `environment.systemPackages` please migrate to using the NixOS module, as this would result in an insufficiently configured blueman.
|
||||
|
||||
|
@ -118,11 +118,11 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle and has been removed.
|
||||
|
||||
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd\'s [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
|
||||
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd's [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
|
||||
|
||||
- The NetworkManager systemd unit was renamed back from network-manager.service to NetworkManager.service for better compatibility with other applications expecting this name. The same applies to ModemManager where modem-manager.service is now called ModemManager.service again.
|
||||
|
||||
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn\'t actually been used by the module for some time and so was removed as cleanup.
|
||||
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn't actually been used by the module for some time and so was removed as cleanup.
|
||||
|
||||
- The `services.mysql.pidDir` option was removed, as it was only used by the wordpress apache-httpd service to wait for mysql to have started up. This can be accomplished by either describing a dependency on mysql.service (preferred) or waiting for the (hardcoded) `/run/mysqld/mysql.sock` file to appear.
|
||||
|
||||
|
@ -148,7 +148,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
A new knob named `nixops.enableDeprecatedAutoLuks` has been introduced to disable the eval failure and to acknowledge the notice was received and read. If you plan on using the feature please note that it might break with subsequent updates.
|
||||
|
||||
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn\'t boot anymore.
|
||||
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn't boot anymore.
|
||||
|
||||
If you are actively using the `autoLuks` module please let us know in [issue \#62211](https://github.com/NixOS/nixpkgs/issues/62211).
|
||||
|
||||
|
@ -196,13 +196,13 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
|
||||
|
||||
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn\'t explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
|
||||
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
|
||||
|
||||
- The old deprecated `emacs` package sets have been dropped. What used to be called `emacsPackagesNg` is now simply called `emacsPackages`.
|
||||
|
||||
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn\'t useful for all people so it didn\'t make sense to have any desktopManager enabled default.
|
||||
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to have any desktopManager enabled default.
|
||||
|
||||
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn\'t receive any updates from upstream and depends on outdated Python2-based modules.
|
||||
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn't receive any updates from upstream and depends on outdated Python2-based modules.
|
||||
|
||||
- Old unsupported versions (`logstash5`, `kibana5`, `filebeat5`, `heartbeat5`, `metricbeat5`, `packetbeat5`) of the ELK-stack and Elastic beats have been removed.
|
||||
|
||||
|
@ -210,7 +210,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Citrix Receiver (`citrix_receiver`) has been dropped in favor of Citrix Workspace (`citrix_workspace`).
|
||||
|
||||
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren\'t stored in the world-readable nix store, but means that for each option you\'ll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
|
||||
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren't stored in the world-readable nix store, but means that for each option you'll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
|
||||
|
||||
The state path (`services.gitlab.statePath`) now has the following restriction: no parent directory can be owned by any other user than `root` or the user specified in `services.gitlab.user`; i.e. if `services.gitlab.statePath` is set to `/var/lib/gitlab/state`, `gitlab` and all parent directories must be owned by either `root` or the user specified in `services.gitlab.user`.
|
||||
|
||||
|
@ -218,7 +218,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The Twitter client `corebird` has been dropped as [it is discontinued and does not work against the new Twitter API](https://www.patreon.com/posts/corebirds-future-18921328). Please use the fork `cawbird` instead which has been adapted to the API changes and is still maintained.
|
||||
|
||||
- The `nodejs-11_x` package has been removed as it\'s EOLed by upstream.
|
||||
- The `nodejs-11_x` package has been removed as it's EOLed by upstream.
|
||||
|
||||
- Because of the systemd upgrade, systemd-timesyncd will no longer work if `system.stateVersion` is not set correctly. When upgrading from NixOS 19.03, please make sure that `system.stateVersion` is set to `"19.03"`, or lower if the installation dates back to an earlier version of NixOS.
|
||||
|
||||
|
@ -252,7 +252,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `consul` package was upgraded past version `1.5`, so its deprecated legacy UI is no longer available.
|
||||
|
||||
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you\'ll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
|
||||
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you'll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
|
||||
|
||||
- The `phabricator` package and associated `httpd.extraSubservice`, as well as the `phd` service have been removed from nixpkgs due to lack of maintainer.
|
||||
|
||||
|
@ -264,7 +264,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `tomcat-connector` `httpd.extraSubservice` has been removed from nixpkgs.
|
||||
|
||||
- It\'s now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
|
||||
- It's now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
|
||||
|
||||
- There exists now `lib.forEach`, which is like `map`, but with arguments flipped. When mapping function body spans many lines (or has nested `map`s), it is often hard to follow which list is modified.
|
||||
|
||||
|
@ -308,6 +308,6 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `altcoins` categorization of packages has been removed. You now access these packages at the top level, ie. `nix-shell -p dogecoin` instead of `nix-shell -p altcoins.dogecoin`, etc.
|
||||
|
||||
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There\'s been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
|
||||
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There's been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
|
||||
|
||||
- `pkgs.weechat` is now compiled against `pkgs.python3`. Weechat also recommends [to use Python3 in their docs.](https://weechat.org/scripts/python3/)
|
||||
|
|
|
@ -34,11 +34,11 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- Postgresql for NixOS service now defaults to v11.
|
||||
|
||||
- The graphical installer image starts the graphical session automatically. Before you\'d be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
|
||||
- The graphical installer image starts the graphical session automatically. Before you'd be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
|
||||
|
||||
- GNOME 3 has been upgraded to 3.34. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/3.34) for details.
|
||||
|
||||
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon\'s newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS\'s usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
|
||||
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon's newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS's usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
|
||||
|
||||
- By default zfs pools will now be trimmed on a weekly basis. Trimming is only done on supported devices (i.e. NVME or SSDs) and should improve throughput and lifetime of these devices. It is controlled by the `services.zfs.trim.enable` varname. The zfs scrub service (`services.zfs.autoScrub.enable`) and the zfs autosnapshot service (`services.zfs.autoSnapshot.enable`) are now only enabled if zfs is set in `config.boot.initrd.supportedFilesystems` or `config.boot.supportedFilesystems`. These lists will automatically contain zfs as soon as any zfs mountpoint is configured in `fileSystems`.
|
||||
|
||||
|
@ -77,7 +77,7 @@ The following new services were added since the last release:
|
|||
|
||||
- The kubernetes kube-proxy now supports a new hostname configuration `services.kubernetes.proxy.hostname` which has to be set if the hostname of the node should be non default.
|
||||
|
||||
- UPower\'s configuration is now managed by NixOS and can be customized via `services.upower`.
|
||||
- UPower's configuration is now managed by NixOS and can be customized via `services.upower`.
|
||||
|
||||
- To use Geary you should enable [programs.geary.enable](options.html#opt-programs.geary.enable) instead of just adding it to [environment.systemPackages](options.html#opt-environment.systemPackages). It was created so Geary could function properly outside of GNOME.
|
||||
|
||||
|
@ -187,9 +187,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `99-main.network` file was removed. Matching all network interfaces caused many breakages, see [\#18962](https://github.com/NixOS/nixpkgs/pull/18962) and [\#71106](https://github.com/NixOS/nixpkgs/pull/71106).
|
||||
|
||||
We already don\'t support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
|
||||
We already don't support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
|
||||
|
||||
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages\' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
|
||||
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
|
||||
|
||||
- The SLIM Display Manager has been removed, as it has been unmaintained since 2013. Consider migrating to a different display manager such as LightDM (current default in NixOS), SDDM, GDM, or using the startx module which uses Xinitrc.
|
||||
|
||||
|
@ -197,7 +197,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The BEAM package set has been deleted. You will only find there the different interpreters. You should now use the different build tools coming with the languages with sandbox mode disabled.
|
||||
|
||||
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release\'s development (if viable).
|
||||
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release's development (if viable).
|
||||
|
||||
- The [phpfpm](options.html#opt-services.phpfpm.pools) module now sets `PrivateTmp=true` in its systemd units for better process isolation. If you rely on `/tmp` being shared with other services, explicitly override this by setting `serviceConfig.PrivateTmp` to `false` for each phpfpm unit.
|
||||
|
||||
|
@ -221,7 +221,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The packages `openobex` and `obexftp` are no longer installed when enabling Bluetooth via `hardware.bluetooth.enable`.
|
||||
|
||||
- The `dump1090` derivation has been changed to use FlightAware\'s dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
|
||||
- The `dump1090` derivation has been changed to use FlightAware's dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
|
||||
|
||||
- The fourStore and fourStoreEndpoint modules have been removed.
|
||||
|
||||
|
@ -291,7 +291,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `services.buildkite-agent.meta-data` has been renamed to [services.buildkite-agents.\<name\>.tags](options.html#opt-services.buildkite-agents), to match upstreams naming for 3.x. Its type has also changed - it now accepts an attrset of strings.
|
||||
|
||||
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it\'s not necessary to deploy public keys to clone private repositories.
|
||||
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it's not necessary to deploy public keys to clone private repositories.
|
||||
|
||||
- `services.buildkite-agent.openssh.privateKeyPath` has been renamed to [buildkite-agents.\<name\>.privateSshKeyPath](options.html#opt-services.buildkite-agents), as the whole `openssh` now only contained that single option.
|
||||
|
||||
|
@ -301,7 +301,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The `gcc5` and `gfortran5` packages have been removed.
|
||||
|
||||
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it\'s actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
|
||||
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it's actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -325,13 +325,13 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
auth required pam_succeed_if.so quiet
|
||||
```
|
||||
|
||||
line, where default it\'s:
|
||||
line, where default it's:
|
||||
|
||||
```
|
||||
auth required pam_succeed_if.so uid >= 1000 quiet
|
||||
```
|
||||
|
||||
not permitting users with uid\'s below 1000 (like root). All other display managers in NixOS are configured like this.
|
||||
not permitting users with uid's below 1000 (like root). All other display managers in NixOS are configured like this.
|
||||
|
||||
- There have been lots of improvements to the Mailman module. As a result,
|
||||
|
||||
|
@ -357,9 +357,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Rspamd was updated to version 2.2. Read [ the upstream migration notes](https://rspamd.com/doc/migration.html#migration-to-rspamd-20) carefully. Please be especially aware that some modules were removed and the default Bayes backend is now Redis.
|
||||
|
||||
- The `*psu` versions of oraclejdk8 have been removed as they aren\'t provided by upstream anymore.
|
||||
- The `*psu` versions of oraclejdk8 have been removed as they aren't provided by upstream anymore.
|
||||
|
||||
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We\'ve added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
|
||||
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We've added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -382,13 +382,13 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `qesteidutil` has been deprecated in favor of `qdigidoc`.
|
||||
|
||||
- sqldeveloper_18 has been removed as it\'s not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
|
||||
- sqldeveloper_18 has been removed as it's not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
|
||||
|
||||
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don\'t need to algorithmically partition anything.
|
||||
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything.
|
||||
|
||||
This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a `buildDepends` or run-time Haskell dependency as a `setupDepends`, whereas things would have worked before they may not work now.
|
||||
|
||||
- The gcc-snapshot-package has been removed. It\'s marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
|
||||
- The gcc-snapshot-package has been removed. It's marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
|
||||
|
||||
- The nixos-build-vms8 -script now uses the python test-driver.
|
||||
|
||||
|
@ -398,21 +398,21 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Stand-alone usage of `Upower` now requires `services.upower.enable` instead of just installing into [environment.systemPackages](options.html#opt-environment.systemPackages).
|
||||
|
||||
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can\'t upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
|
||||
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can't upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
|
||||
|
||||
To provide a safe upgrade-path and to circumvent similar issues in the future, the following measures were taken:
|
||||
|
||||
- The pkgs.nextcloud-attribute has been removed and replaced with versioned attributes (currently pkgs.nextcloud17 and pkgs.nextcloud18). With this change major-releases can be backported without breaking stuff and to make upgrade-paths easier.
|
||||
|
||||
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it\'s recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
|
||||
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it's recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
|
||||
|
||||
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn\'t select an older version by accident. It\'s recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
|
||||
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn't select an older version by accident. It's recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
|
||||
|
||||
::: {.warning}
|
||||
Please note that if you\'re coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
|
||||
Please note that if you're coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
|
||||
:::
|
||||
|
||||
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it\'s necessary to upgrade Hydra in multiple steps:
|
||||
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it's necessary to upgrade Hydra in multiple steps:
|
||||
|
||||
- At first, an older version of Hydra needs to be deployed which adds those (nullable) columns. When having set [stateVersion ](options.html#opt-system.stateVersion) to a value older than `20.03`, this package will be selected by default from the module when upgrading. Otherwise, the package can be deployed using the following config:
|
||||
|
||||
|
@ -434,13 +434,13 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
- Deploy a newer version of Hydra to activate the DB optimizations. This can be done by using hydra-unstable. This package already includes [flake-support](https://github.com/nixos/rfcs/pull/49) and is therefore compiled against pkgs.nixFlakes.
|
||||
|
||||
::: {.warning}
|
||||
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn\'t run the migration.
|
||||
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn't run the migration.
|
||||
:::
|
||||
|
||||
Please note that Hydra is currently not available with nixStable as this doesn\'t compile anymore.
|
||||
Please note that Hydra is currently not available with nixStable as this doesn't compile anymore.
|
||||
|
||||
::: {.warning}
|
||||
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you\'re doing!
|
||||
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you're doing!
|
||||
:::
|
||||
|
||||
- The TokuDB storage engine will be disabled in mariadb 10.5. It is recommended to switch to RocksDB. See also [TokuDB](https://mariadb.com/kb/en/tokudb/).
|
||||
|
@ -478,9 +478,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
Depending on your setup, you need to incorporate one of the following changes in your setup to upgrade to 20.03:
|
||||
|
||||
- If you use `sqlite3` you don\'t need to do anything.
|
||||
- If you use `sqlite3` you don't need to do anything.
|
||||
|
||||
- If you use `postgresql` on a different server, you don\'t need to change anything as well since this module was never designed to configure remote databases.
|
||||
- If you use `postgresql` on a different server, you don't need to change anything as well since this module was never designed to configure remote databases.
|
||||
|
||||
- If you use `postgresql` and configured your synapse initially on `19.09` or older, you simply need to enable postgresql-support explicitly:
|
||||
|
||||
|
@ -496,12 +496,12 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- If you deploy a fresh matrix-synapse, you need to configure the database yourself (e.g. by using the [services.postgresql.initialScript](options.html#opt-services.postgresql.initialScript) option). An example for this can be found in the [documentation of the Matrix module](#module-services-matrix).
|
||||
|
||||
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it\'s recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
|
||||
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it's recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
|
||||
|
||||
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It\'s udev that parses `.link` files, not `systemd-networkd`.
|
||||
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It's udev that parses `.link` files, not `systemd-networkd`.
|
||||
|
||||
- mongodb has been updated to version `3.4.24`.
|
||||
|
||||
::: {.warning}
|
||||
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it\'s not entirely free and not OSI-approved, it\'s listed as non-free. This means that Hydra doesn\'t provide prebuilt mongodb-packages and needs to be built locally.
|
||||
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it's not entirely free and not OSI-approved, it's listed as non-free. This means that Hydra doesn't provide prebuilt mongodb-packages and needs to be built locally.
|
||||
:::
|
||||
|
|
|
@ -218,7 +218,7 @@ In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules we
|
|||
|
||||
When upgrading from a previous release, please be aware of the following incompatible changes:
|
||||
|
||||
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user\'s UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
|
||||
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user's UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -284,7 +284,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The [matrix-synapse](options.html#opt-services.matrix-synapse.enable) module no longer includes optional dependencies by default, they have to be added through the [plugins](options.html#opt-services.matrix-synapse.plugins) option.
|
||||
|
||||
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go\'s [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
|
||||
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go's [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
|
||||
|
||||
- Grafana is now built without support for phantomjs by default. Phantomjs support has been [deprecated in Grafana](https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/) and the phantomjs project is [currently unmaintained](https://github.com/ariya/phantomjs/issues/15344#issue-302015362). It can still be enabled by providing `phantomJsSupport = true` to the package instantiation:
|
||||
|
||||
|
@ -306,9 +306,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The initrd SSH support now uses OpenSSH rather than Dropbear to allow the use of Ed25519 keys and other OpenSSH-specific functionality. Host keys must now be in the OpenSSH format, and at least one pre-generated key must be specified.
|
||||
|
||||
If you used the `boot.initrd.network.ssh.host*Key` options, you\'ll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don\'t have any host keys set, you\'ll need to generate some; see the `hostKeys` option documentation for instructions.
|
||||
If you used the `boot.initrd.network.ssh.host*Key` options, you'll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don't have any host keys set, you'll need to generate some; see the `hostKeys` option documentation for instructions.
|
||||
|
||||
- Since this release there\'s an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
|
||||
- Since this release there's an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -325,7 +325,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
}
|
||||
```
|
||||
|
||||
The default `php` attribute hasn\'t lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
|
||||
The default `php` attribute hasn't lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
|
||||
|
||||
All PHP `config` flags have been removed for the following reasons:
|
||||
|
||||
|
@ -418,9 +418,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
The default value for [services.httpd.mpm](options.html#opt-services.httpd.mpm) has been changed from `prefork` to `event`. Along with this change the default value for [services.httpd.virtualHosts.\<name\>.http2](options.html#opt-services.httpd.virtualHosts) has been set to `true`.
|
||||
|
||||
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd\'s deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
|
||||
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd's deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
|
||||
|
||||
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd\'s documentation change. See systemd.network 5 for details.
|
||||
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd's documentation change. See systemd.network 5 for details.
|
||||
|
||||
- In the `picom` module, several options that accepted floating point numbers encoded as strings (for example [services.picom.activeOpacity](options.html#opt-services.picom.activeOpacity)) have been changed to the (relatively) new native `float` type. To migrate your configuration simply remove the quotes around the numbers.
|
||||
|
||||
|
@ -440,7 +440,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The GRUB specific option `boot.loader.grub.extraInitrd` has been replaced with the generic option `boot.initrd.secrets`. This option creates a secondary initrd from the specified files, rather than using a manually created initrd file. Due to an existing bug with `boot.loader.grub.extraInitrd`, it is not possible to directly boot an older generation that used that option. It is still possible to rollback to that generation if the required initrd file has not been deleted.
|
||||
|
||||
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can\'t be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
|
||||
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can't be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
|
||||
|
||||
- In the `resilio` module, [services.resilio.httpListenAddr](options.html#opt-services.resilio.httpListenAddr) has been changed to listen to `[::1]` instead of `0.0.0.0`.
|
||||
|
||||
|
@ -456,7 +456,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Update servers first, then clients.
|
||||
|
||||
- Radicale\'s default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
|
||||
- Radicale's default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
|
||||
|
||||
- `udpt` experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml. The new configuration documentation can be found at [the official website](https://naim94a.github.io/udpt/config.html) and example configuration is packaged in `${udpt}/share/udpt/udpt.toml`.
|
||||
|
||||
|
@ -552,17 +552,17 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`.
|
||||
|
||||
- The `security.rngd` service is now disabled by default. This choice was made because there\'s krngd in the linux kernel space making it (for most usecases) functionally redundent.
|
||||
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent.
|
||||
|
||||
- The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed.
|
||||
|
||||
- The package nextcloud17 has been removed and nextcloud18 was marked as insecure since both of them will [ will be EOL (end of life) within the lifetime of 20.09](https://docs.nextcloud.com/server/19/admin_manual/release_schedule.html).
|
||||
|
||||
It\'s necessary to upgrade to nextcloud19:
|
||||
It's necessary to upgrade to nextcloud19:
|
||||
|
||||
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn\'t allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
|
||||
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn't allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
|
||||
|
||||
- From nextcloud18, it\'s possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
|
||||
- From nextcloud18, it's possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
|
||||
|
||||
- The GNOME desktop manager no longer default installs gnome3.epiphany. It was chosen to do this as it has a usability breaking issue (see issue [\#98819](https://github.com/NixOS/nixpkgs/issues/98819)) that makes it unsuitable to be a default app.
|
||||
|
||||
|
@ -578,7 +578,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `services.journald.rateLimitBurst` was updated from `1000` to `10000` to follow the new upstream systemd default.
|
||||
|
||||
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They\'re not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
|
||||
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They're not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
|
||||
|
||||
- Device tree overlay support was improved in [\#79370](https://github.com/NixOS/nixpkgs/pull/79370) and now uses [hardware.deviceTree.kernelPackage](options.html#opt-hardware.deviceTree.kernelPackage) instead of `hardware.deviceTree.base`. [hardware.deviceTree.overlays](options.html#opt-hardware.deviceTree.overlays) configuration was extended to support `.dts` files with symbols. Device trees can now be filtered by setting [hardware.deviceTree.filter](options.html#opt-hardware.deviceTree.filter) option.
|
||||
|
||||
|
@ -590,7 +590,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
Please note that Rust packages utilizing a custom build/install procedure (e.g. by using a `Makefile`) or test suites that rely on the structure of the `target/` directory may break due to those assumptions. For further information, please read the Rust section in the Nixpkgs manual.
|
||||
|
||||
- The cc- and binutils-wrapper\'s \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||
- The cc- and binutils-wrapper's \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||
|
||||
- Additional Git documentation (HTML and text files) is now available via the `git-doc` package.
|
||||
|
||||
|
@ -598,7 +598,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer. To login through ssh, either a password or an ssh key must be set for the root user or the nixos user.
|
||||
|
||||
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn\'t require `systemd-networkd` - it\'s udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
|
||||
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn't require `systemd-networkd` - it's udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
|
||||
|
||||
- Grafana received a major update to version 7.x. A plugin is now needed for image rendering support, and plugins must now be signed by default. More information can be found [in the Grafana documentation](https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0).
|
||||
|
||||
|
@ -624,15 +624,15 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
to get the previous behavior of listening on all network interfaces.
|
||||
|
||||
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it\'s netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
|
||||
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it's netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
|
||||
|
||||
On a machine with \>100 virtual interfaces (e.g., wireguard tunnels, VLANs, ...), that all have to be brought up during system startup, the receive buffer size will spike for a brief period. Eventually some of the message will be dropped since there is not enough (permitted) buffer space available.
|
||||
|
||||
By having `systemd-networkd` start with a netlink socket created by `systemd` we can configure the `ReceiveBufferSize=` parameter in the socket options (i.e. `systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize`) without recompiling `systemd-networkd`.
|
||||
|
||||
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn\'t currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
|
||||
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn't currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
|
||||
|
||||
Note: Increasing the `ReceiveBufferSize=` doesn\'t allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
|
||||
Note: Increasing the `ReceiveBufferSize=` doesn't allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
|
||||
|
||||
- Specifying [mailboxes](options.html#opt-services.dovecot2.mailboxes) in the dovecot2 module as a list is deprecated and will break eval in 21.05. Instead, an attribute-set should be specified where the `name` should be the key of the attribute.
|
||||
|
||||
|
@ -662,7 +662,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- nextcloud has been updated to [v19](https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/).
|
||||
|
||||
If you have an existing installation, please make sure that you\'re on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn\'t support upgrades across multiple major versions.
|
||||
If you have an existing installation, please make sure that you're on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn't support upgrades across multiple major versions.
|
||||
|
||||
- The `nixos-run-vms` script now deletes the previous run machines states on test startup. You can use the `--keep-vm-state` flag to match the previous behaviour and keep the same VM state between different test runs.
|
||||
|
||||
|
|
|
@ -68,9 +68,9 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- If the `services.dbus` module is enabled, then the user D-Bus session is now always socket activated. The associated options `services.dbus.socketActivated` and `services.xserver.startDbusSession` have therefore been removed and you will receive a warning if they are present in your configuration. This change makes the user D-Bus session available also for non-graphical logins.
|
||||
|
||||
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don\'t want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
|
||||
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don't want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
|
||||
|
||||
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it\'s compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
|
||||
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it's compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
|
||||
|
||||
- Setting `services.openssh.authorizedKeysFiles` now also affects which keys `security.pam.enableSSHAgentAuth` will use. WARNING: If you are using these options in combination do make sure that any key paths you use are present in `services.openssh.authorizedKeysFiles`!
|
||||
|
||||
|
@ -130,7 +130,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `vim` and `neovim` switched to Python 3, dropping all Python 2 support.
|
||||
|
||||
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory\'s permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
|
||||
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory's permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
|
||||
|
||||
- [boot.zfs.forceImportAll](options.html#opt-boot.zfs.forceImportAll) previously did nothing, but has been fixed. However its default has been changed to `false` to preserve the existing default behaviour. If you have this explicitly set to `true`, please note that your non-root pools will now be forcibly imported.
|
||||
|
||||
|
@ -157,12 +157,12 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
- Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and restarting the instance will now cause it to fetch and apply the new user data.
|
||||
|
||||
::: {.warning}
|
||||
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`\'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
|
||||
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
|
||||
:::
|
||||
|
||||
- The `rspamd` services is now sandboxed. It is run as a dynamic user instead of root, so secrets and other files may have to be moved or their permissions may have to be fixed. The sockets are now located in `/run/rspamd` instead of `/run`.
|
||||
|
||||
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor\'s faster port, use the following configuration:
|
||||
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor's faster port, use the following configuration:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
@ -181,7 +181,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- The fish-foreign-env package has been replaced with fishPlugins.foreign-env, in which the fish functions have been relocated to the `vendor_functions.d` directory to be loaded automatically.
|
||||
|
||||
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter\'s `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
|
||||
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter's `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
|
||||
|
||||
```
|
||||
http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint
|
||||
|
@ -230,7 +230,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
Additionally, packages flashplayer and hal-flash were removed along with the `services.flashpolicyd` module.
|
||||
|
||||
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel\'s RNG.
|
||||
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel's RNG.
|
||||
|
||||
The default SMTP port for GitLab has been changed to `25` from its previous default of `465`. If you depended on this default, you should now set the [services.gitlab.smtp.port](options.html#opt-services.gitlab.smtp.port) option.
|
||||
|
||||
|
@ -272,11 +272,11 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`.
|
||||
|
||||
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn\'t enforce nor checks the correct number of paths to correspond to minio requirements.
|
||||
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
|
||||
|
||||
- All CUDA toolkit versions prior to CUDA 10 have been removed.
|
||||
|
||||
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it\'s still `dvp`.
|
||||
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it's still `dvp`.
|
||||
|
||||
- The babeld service is now being run as an unprivileged user. To achieve that the module configures `skip-kernel-setup true` and takes care of setting forwarding and rp_filter sysctls by itself as well as for each interface in `services.babeld.interfaces`.
|
||||
|
||||
|
@ -286,7 +286,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- Instead of determining `services.radicale.package` automatically based on `system.stateVersion`, the latest version is always used because old versions are not officially supported.
|
||||
|
||||
Furthermore, Radicale\'s systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
|
||||
Furthermore, Radicale's systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
|
||||
|
||||
- In the `security.acme` module, use of `--reuse-key` parameter for Lego has been removed. It was introduced for HKPK, but this security feature is now deprecated. It is a better security practice to rotate key pairs instead of always keeping the same. If you need to keep this parameter, you can add it back using `extraLegoRenewFlags` as an option for the appropriate certificate.
|
||||
|
||||
|
@ -294,7 +294,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- `stdenv.lib` has been deprecated and will break eval in 21.11. Please use `pkgs.lib` instead. See [\#108938](https://github.com/NixOS/nixpkgs/issues/108938) for details.
|
||||
|
||||
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there\'s a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
|
||||
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there's a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
|
||||
|
||||
- [Privoxy](https://www.privoxy.org/) has been updated to version 3.0.32 (See [announcement](https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html)). Compared to the previous release, Privoxy has gained support for HTTPS inspection (still experimental), Brotli decompression, several new filters and lots of bug fixes, including security ones. In addition, the package is now built with compression and external filters support, which were previously disabled.
|
||||
|
||||
|
@ -316,13 +316,13 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
If this option is disabled, default MTA config becomes not set and you should set the options in `services.mailman.settings.mta` according to the desired configuration as described in [Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html).
|
||||
|
||||
- The default-version of `nextcloud` is nextcloud21. Please note that it\'s _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it\'s e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
|
||||
- The default-version of `nextcloud` is nextcloud21. Please note that it's _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it's e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
|
||||
|
||||
The package can be manually upgraded by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud21.
|
||||
|
||||
- The setting [services.redis.bind](options.html#opt-services.redis.bind) defaults to `127.0.0.1` now, making Redis listen on the loopback interface only, and not all public network interfaces.
|
||||
|
||||
- NixOS now emits a deprecation warning if systemd\'s `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
|
||||
- NixOS now emits a deprecation warning if systemd's `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
|
||||
|
||||
All services should use [systemd.services._name_.startLimitIntervalSec](options.html#opt-systemd.services._name_.startLimitIntervalSec) or `StartLimitIntervalSec` in [systemd.services._name_.unitConfig](options.html#opt-systemd.services._name_.unitConfig) instead.
|
||||
|
||||
|
@ -357,7 +357,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
`services.unbound.forwardAddresses` and `services.unbound.allowedAccess` have also been changed to use the new settings interface. You can follow the instructions when executing `nixos-rebuild` to upgrade your configuration to use the new interface.
|
||||
|
||||
- The `services.dnscrypt-proxy2` module now takes the upstream\'s example configuration and updates it with the user\'s settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
|
||||
- The `services.dnscrypt-proxy2` module now takes the upstream's example configuration and updates it with the user's settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
|
||||
|
||||
- NixOS now defaults to the unified cgroup hierarchy (cgroupsv2). See the [Fedora Article for 31](https://www.redhat.com/sysadmin/fedora-31-control-group-v2) for details on why this is desirable, and how it impacts containers.
|
||||
|
||||
|
@ -371,7 +371,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
|||
|
||||
- In the ACME module, the data used to build the hash for the account directory has changed to accommodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
|
||||
|
||||
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly.
|
||||
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option's description was incorrect regarding ownership management and has been simplified greatly.
|
||||
|
||||
- When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those.
|
||||
|
||||
|
|
|
@ -235,7 +235,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `erigon` ethereum node has moved to a new database format in `2021-05-04`, and requires a full resync
|
||||
|
||||
- The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
|
||||
- The `erigon` ethereum node has moved its database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
|
||||
|
||||
- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of
|
||||
```nix
|
||||
|
|
Loading…
Reference in a new issue