<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09">
<title>Release 18.09 (“Jellyfish”, 2018/10/05)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release has the
following notable updates:
</para>
<itemizedlist>
<listitem>
<para>
End of support is planned for end of April 2019, handing over to 19.03.
</para>
</listitem>
<listitem>
<para>
Platform support: x86_64-linux and x86_64-darwin as always. Support for
aarch64-linux is as with the previous releases, not equivalent to the
x86-64-linux release, but with efforts to reach parity.
</para>
</listitem>
<listitem>
<para>
Nix has been updated to 2.1; see its
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release
notes</link>.
</para>
</listitem>
<listitem>
<para>
Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 2.27, gcc: 7
(unchanged), systemd: 237 → 239.
</para>
</listitem>
<listitem>
<para>
Desktop version changes: gnome: 3.26 → 3.28, (KDE) plasma-desktop: 5.12
→ 5.13.
</para>
</listitem>
</itemizedlist>
<para>
Notable changes and additions for 18.09 include:
</para>
<itemizedlist>
<listitem>
<para>
Support for wrapping binaries using <literal>firejail</literal> has been
added through <varname>programs.firejail.wrappedBinaries</varname>.
</para>
<para>
For example
</para>
<programlisting>
programs.firejail = {
enable = true;
wrappedBinaries = {
firefox = "${lib.getBin pkgs.firefox}/bin/firefox";
mpv = "${lib.getBin pkgs.mpv}/bin/mpv";
};
};
</programlisting>
<para>
This will place <literal>firefox</literal> and <literal>mpv</literal>
binaries in the global path wrapped by firejail.
</para>
</listitem>
<listitem>
<para>
User channels are now in the default <literal>NIX_PATH</literal>, allowing
users to use their personal <command>nix-channel</command> defined
channels in <command>nix-build</command> and <command>nix-shell</command>
commands, as well as in imports like <code>import
<mychannel></code>.
</para>
<para>
For example
</para>
<programlisting>
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable
$ nix-channel --update
$ nix-build '<nixpkgsunstable>' -A gitFull
$ nix run -f '<nixpkgsunstable>' gitFull
$ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
</programlisting>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09-new-services">
<title>New Services</title>
<para>
A curated selection of new services that were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
The <varname>services.cassandra</varname> module has been reworked and was
rewritten from scratch. The service has succeeding tests for the versions
2.1, 2.2, 3.0 and 3.11 of
<link
xlink:href="https://cassandra.apache.org/">Apache
Cassandra</link>.
</para>
</listitem>
<listitem>
<para>
There is a new <varname>services.foundationdb</varname> module for
deploying
<link xlink:href="https://www.foundationdb.org">FoundationDB</link>
clusters.
</para>
</listitem>
<listitem>
<para>
When enabled the <literal>iproute2</literal> will copy the files expected
by ip route (e.g., <filename>rt_tables</filename>) in
<filename>/etc/iproute2</filename>. This allows to write aliases for
routing tables for instance.
</para>
</listitem>
<listitem>
<para>
<varname>services.strongswan-swanctl</varname> is a modern replacement for
<varname>services.strongswan</varname>. You can use either one of them to
setup IPsec VPNs but not both at the same time.
</para>
<para>
<varname>services.strongswan-swanctl</varname> uses the
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
command which uses the modern
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
<emphasis>Versatile IKE Configuration Interface</emphasis>. The deprecated
<literal>ipsec</literal> command used in
<varname>services.strongswan</varname> is using the legacy
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke
configuration interface</link>.
</para>
</listitem>
<listitem>
<para>
The new <varname>services.elasticsearch-curator</varname> service
periodically curates or manages, your Elasticsearch indices and snapshots.
</para>
</listitem>
</itemizedlist>
<para>
Every new services:
</para>
<itemizedlist>
<listitem>
<para>
<literal>./config/xdg/autostart.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/icons.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/menus.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/mime.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/brightnessctl.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/onlykey.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/video/uvcvideo/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./misc/documentation.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/firejail.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/iftop.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/sedutil.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/singularity.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/xss-lock.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/zsh/zsh-autosuggestions.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/admin/oxidized.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/duplicati.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/restic.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/restic-rest-server.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/cluster/hadoop/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/databases/aerospike.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/databases/monetdb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/bamf.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/flatpak.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/zeitgeist.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/development/bloop.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/development/jupyter/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/hardware/lcd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/hardware/undervolt.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/clipmenu.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/gitweb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/serviio.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/safeeyes.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/sysprof.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/weechat.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/monitoring/datadog-agent.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/monitoring/incron.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/dnsdist.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/freeradius.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/hans.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/morty.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/ndppd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/ocserv.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/owamp.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/quagga.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/shadowsocks.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/stubby.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/zeronet.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/certmgr.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/cfssl.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/oauth2_proxy_nginx.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-apps/virtlyst.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-apps/youtrack.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/hitch/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/hydron.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/meguca.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/nginx/gitweb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./virtualisation/kvmgt.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./virtualisation/qemu-guest-agent.nix</literal>
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
Some licenses that were incorrectly not marked as unfree now are. This is
the case for:
<itemizedlist>
<listitem>
<para>
cc-by-nc-sa-20: Creative Commons Attribution Non Commercial Share Alike
2.0
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-25: Creative Commons Attribution Non Commercial Share Alike
2.5
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-30: Creative Commons Attribution Non Commercial Share Alike
3.0
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-40: Creative Commons Attribution Non Commercial Share Alike
4.0
</para>
</listitem>
<listitem>
<para>
cc-by-nd-30: Creative Commons Attribution-No Derivative Works v3.00
</para>
</listitem>
<listitem>
<para>
msrla: Microsoft Research License Agreement
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The deprecated <varname>services.cassandra</varname> module has seen a
complete rewrite. (See above.)
</para>
</listitem>
<listitem>
<para>
<literal>lib.strict</literal> is removed. Use
<literal>builtins.seq</literal> instead.
</para>
</listitem>
<listitem>
<para>
The <literal>clementine</literal> package points now to the free
derivation. <literal>clementineFree</literal> is removed now and
<literal>clementineUnfree</literal> points to the package which is bundled
with the unfree <literal>libspotify</literal> package.
</para>
</listitem>
<listitem>
<para>
The <literal>netcat</literal> package is now taken directly from OpenBSD's
<literal>libressl</literal>, instead of relying on Debian's fork. The new
version should be very close to the old version, but there are some minor
differences. Importantly, flags like -b, -q, -C, and -Z are no longer
accepted by the nc command.
</para>
</listitem>
<listitem>
<para>
The <varname>services.docker-registry.extraConfig</varname> object doesn't
contain environment variables anymore. Instead it needs to provide an
object structure that can be mapped onto the YAML configuration defined in
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
<varname>docker/distribution</varname> docs</link>.
</para>
</listitem>
<listitem>
<para>
<literal>gnucash</literal> has changed from version 2.4 to 3.x. If you've
been using <literal>gnucash</literal> (version 2.4) instead of
<literal>gnucash26</literal> (version 2.6) you must open your Gnucash data
file(s) with <literal>gnucash26</literal> and then save them to upgrade
the file format. Then you may use your data file(s) with Gnucash 3.x. See
the upgrade
<link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>.
Gnucash 2.4 is still available under the attribute
<literal>gnucash24</literal>.
</para>
</listitem>
<listitem>
<para>
<varname>services.munge</varname> now runs as user (and group)
<literal>munge</literal> instead of root. Make sure the key file is
accessible to the daemon.
</para>
</listitem>
<listitem>
<para>
<varname>dockerTools.buildImage</varname> now uses <literal>null</literal>
as default value for <varname>tag</varname>, which indicates that the nix
output hash will be used as tag.
</para>
</listitem>
<listitem>
<para>
The ELK stack: <varname>elasticsearch</varname>,
<varname>logstash</varname> and <varname>kibana</varname> has been
upgraded from 2.* to 6.3.*. The 2.* versions have been
<link xlink:href="https://www.elastic.co/support/eol">unsupported since
last year</link> so they have been removed. You can still use the 5.*
versions under the names <varname>elasticsearch5</varname>,
<varname>logstash5</varname> and <varname>kibana5</varname>.
</para>
<para>
The elastic beats: <varname>filebeat</varname>,
<varname>heartbeat</varname>, <varname>metricbeat</varname> and
<varname>packetbeat</varname> have had the same treatment: they now target
6.3.* as well. The 5.* versions are available under the names:
<varname>filebeat5</varname>, <varname>heartbeat5</varname>,
<varname>metricbeat5</varname> and <varname>packetbeat5</varname>
</para>
<para>
The ELK-6.3 stack now comes with
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by
default</link>. Since X-Pack is licensed under the
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic
License</link> the ELK packages now have an unfree license. To use them
you need to specify <literal>allowUnfree = true;</literal> in your nixpkgs
configuration.
</para>
<para>
Fortunately there is also a free variant of the ELK stack without X-Pack.
The packages are available under the names:
<varname>elasticsearch-oss</varname>, <varname>logstash-oss</varname> and
<varname>kibana-oss</varname>.
</para>
</listitem>
<listitem>
<para>
Options
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal>
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal>
were removed. <literal>luksroot.nix</literal> module never supported more
than one YubiKey at a time anyway, hence those options never had any
effect. You should be able to remove them from your config without any
issues.
</para>
</listitem>
<listitem>
<para>
<literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs
now refer to the host platform instead of the build platform. For native
builds this is not change, let alone a breaking one. For cross builds, it
is a breaking change, and <literal>stdenv.buildPlatform.system</literal>
can be used instead for the old behavior. They should be using that
anyways for clarity.
</para>
</listitem>
<listitem>
<para>
Groups <literal>kvm</literal> and <literal>render</literal> are introduced
now, as systemd requires them.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
<literal>dockerTools.pullImage</literal> relies on image digest instead of
image tag to download the image. The <literal>sha256</literal> of a pulled
image has to be updated.
</para>
</listitem>
<listitem>
<para>
<literal>lib.attrNamesToStr</literal> has been deprecated. Use more
specific concatenation (<literal>lib.concat(Map)StringsSep</literal>)
instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.addErrorContextToAttrs</literal> has been deprecated. Use
<literal>builtins.addErrorContext</literal> directly.
</para>
</listitem>
<listitem>
<para>
<literal>lib.showVal</literal> has been deprecated. Use
<literal>lib.traceSeqN</literal> instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceXMLVal</literal> has been deprecated. Use
<literal>lib.traceValFn builtins.toXml</literal> instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceXMLValMarked</literal> has been deprecated. Use
<literal>lib.traceValFn (x: str + builtins.toXML x)</literal> instead.
</para>
</listitem>
<listitem>
<para>
The <literal>pkgs</literal> argument to NixOS modules can now be set
directly using <literal>nixpkgs.pkgs</literal>. Previously, only the
<literal>system</literal>, <literal>config</literal> and
<literal>overlays</literal> arguments could be used to influence
<literal>pkgs</literal>.
</para>
</listitem>
<listitem>
<para>
A NixOS system can now be constructed more easily based on a preexisting
invocation of Nixpkgs. For example:
<programlisting>
inherit (pkgs.nixos {
boot.loader.grub.enable = false;
fileSystems."/".device = "/dev/xvda1";
}) toplevel kernel initialRamdisk manual;
</programlisting>
This benefits evaluation performance, lets you write Nixpkgs packages that
depend on NixOS images and is consistent with a deployment architecture
that would be centered around Nixpkgs overlays.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceValIfNot</literal> has been deprecated. Use
<literal>if/then/else</literal> and <literal>lib.traceValSeq</literal>
instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceCallXml</literal> has been deprecated. Please complain
if you use the function regularly.
</para>
</listitem>
<listitem>
<para>
The attribute <literal>lib.nixpkgsVersion</literal> has been deprecated in
favor of <literal>lib.version</literal>. Please refer to the discussion in
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link>
for further reference.
</para>
</listitem>
<listitem>
<para>
<literal>lib.recursiveUpdateUntil</literal> was not acting according to
its specification. It has been fixed to act according to the docstring,
and a test has been added.
</para>
</listitem>
<listitem>
<para>
The module for <option>security.dhparams</option> has two new options now:
</para>
<variablelist>
<varlistentry>
<term>
<option>security.dhparams.stateless</option>
</term>
<listitem>
<para>
Puts the generated Diffie-Hellman parameters into the Nix store instead
of managing them in a stateful manner in
<filename class="directory">/var/lib/dhparams</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>security.dhparams.defaultBitSize</option>
</term>
<listitem>
<para>
The default bit size to use for the generated Diffie-Hellman
parameters.
</para>
</listitem>
</varlistentry>
</variablelist>
<note>
<para>
The path to the actual generated parameter files should now be queried
using
<literal>config.security.dhparams.params.<replaceable>name</replaceable>.path</literal>
because it might be either in the Nix store or in a directory configured
by <option>security.dhparams.path</option>.
</para>
</note>
<note>
<title>For developers:</title>
<para>
Module implementers should not set a specific bit size in order to let
users configure it by themselves if they want to have a different bit
size than the default (2048).
</para>
<para>
An example usage of this would be:
<programlisting>
{ config, ... }:
{
security.dhparams.params.myservice = {};
environment.etc."myservice.conf".text = ''
dhparams = ${config.security.dhparams.params.myservice.path}
'';
}
</programlisting>
</para>
</note>
</listitem>
<listitem>
<para>
<literal>networking.networkmanager.useDnsmasq</literal> has been
deprecated. Use <literal>networking.networkmanager.dns</literal> instead.
</para>
</listitem>
<listitem>
<para>
The Kubernetes package has been bumped to major version 1.11. Please
consult the
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release
notes</link> for details on new features and api changes.
</para>
</listitem>
<listitem>
<para>
The option
<varname>services.kubernetes.apiserver.admissionControl</varname> was
renamed to
<varname>services.kubernetes.apiserver.enableAdmissionPlugins</varname>.
</para>
</listitem>
<listitem>
<para>
Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS)
Therefore; public service port for the dashboard has changed to 443
(container port 8443) and scheme to https.
</para>
</listitem>
<listitem>
<para>
The option <varname>services.kubernetes.apiserver.address</varname> was
renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>.
Note that the default value has changed from 127.0.0.1 to 0.0.0.0.
</para>
</listitem>
<listitem>
<para>
The option <varname>services.kubernetes.apiserver.publicAddress</varname>
was not used and thus has been removed.
</para>
</listitem>
<listitem>
<para>
The option
<varname>services.kubernetes.addons.dashboard.enableRBAC</varname> was
renamed to
<varname>services.kubernetes.addons.dashboard.rbac.enable</varname>.
</para>
</listitem>
<listitem>
<para>
The Kubernetes Dashboard now has only minimal RBAC permissions by default.
If dashboard cluster-admin rights are desired, set
<varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname>
to true. On existing clusters, in order for the revocation of privileges
to take effect, the current ClusterRoleBinding for kubernetes-dashboard
must be manually removed: <literal>kubectl delete clusterrolebinding
kubernetes-dashboard</literal>
</para>
</listitem>
<listitem>
<para>
The <varname>programs.screen</varname> module provides allows to configure
<literal>/etc/screenrc</literal>, however the module behaved fairly
counterintuitive as the config exists, but the package wasn't available.
Since 18.09 <literal>pkgs.screen</literal> will be added to
<literal>environment.systemPackages</literal>.
</para>
</listitem>
<listitem>
<para>
The module <option>services.networking.hostapd</option> now uses WPA2 by
default.
</para>
</listitem>
<listitem>
<para>
<varname>s6Dns</varname>, <varname>s6Networking</varname>,
<varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname>
renamed to <varname>s6-dns</varname>, <varname>s6-networking</varname>,
<varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname>
respectively.
</para>
</listitem>
<listitem>
<para>
The module option <option>nix.useSandbox</option> is now defaulted to
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The config activation script of <literal>nixos-rebuild</literal> now
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link>
all user units for each authenticated user.
</para>
</listitem>
<listitem>
<para>
The default display manager is now LightDM. To use SLiM set
<literal>services.xserver.displayManager.slim.enable</literal> to
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
NixOS option descriptions are now automatically broken up into individual
paragraphs if the text contains two consecutive newlines, so it's no
longer necessary to use <code></para><para></code> to start a
new paragraph.
</para>
</listitem>
<listitem>
<para>
Top-level <literal>buildPlatform</literal>,
<literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in
Nixpkgs are deprecated. Please use their equivalents in
<literal>stdenv</literal> instead:
<literal>stdenv.buildPlatform</literal>,
<literal>stdenv.hostPlatform</literal>, and
<literal>stdenv.targetPlatform</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>