diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1709.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-1709.section.xml | 922 |
1 files changed, 0 insertions, 922 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1709.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1709.section.xml deleted file mode 100644 index 849ec868c78..00000000000 --- a/nixos/doc/manual/from_md/release-notes/rl-1709.section.xml +++ /dev/null @@ -1,922 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-17.09"> - <title>Release 17.09 (<quote>Hummingbird</quote>, 2017/09/??)</title> - <section xml:id="sec-release-17.09-highlights"> - <title>Highlights</title> - <para> - In addition to numerous new and upgraded packages, this release - has the following highlights: - </para> - <itemizedlist> - <listitem> - <para> - The GNOME version is now 3.24. KDE Plasma was upgraded to - 5.10, KDE Applications to 17.08.1 and KDE Frameworks to 5.37. - </para> - </listitem> - <listitem> - <para> - The user handling now keeps track of deallocated UIDs/GIDs. - When a user or group is revived, this allows it to be - allocated the UID/GID it had before. A consequence is that - UIDs and GIDs are no longer reused. - </para> - </listitem> - <listitem> - <para> - The module option - <literal>services.xserver.xrandrHeads</literal> now causes the - first head specified in this list to be set as the primary - head. Apart from that, it’s now possible to also set - additional options by using an attribute set, for example: - </para> - <programlisting language="nix"> -{ services.xserver.xrandrHeads = [ - "HDMI-0" - { - output = "DVI-0"; - primary = true; - monitorConfig = '' - Option "Rotate" "right" - ''; - } - ]; -} -</programlisting> - <para> - This will set the <literal>DVI-0</literal> output to be the - primary head, even though <literal>HDMI-0</literal> is the - first head in the list. - </para> - </listitem> - <listitem> - <para> - The handling of SSL in the <literal>services.nginx</literal> - module has been cleaned up, renaming the misnamed - <literal>enableSSL</literal> to <literal>onlySSL</literal> - which reflects its original intention. This is not to be used - with the already existing <literal>forceSSL</literal> which - creates a second non-SSL virtual host redirecting to the SSL - virtual host. This by chance had worked earlier due to - specific implementation details. In case you had specified - both please remove the <literal>enableSSL</literal> option to - keep the previous behaviour. - </para> - <para> - Another <literal>addSSL</literal> option has been introduced - to configure both a non-SSL virtual host and an SSL virtual - host with the same configuration. - </para> - <para> - Options to configure <literal>resolver</literal> options and - <literal>upstream</literal> blocks have been introduced. See - their information for further details. - </para> - <para> - The <literal>port</literal> option has been replaced by a more - generic <literal>listen</literal> option which makes it - possible to specify multiple addresses, ports and SSL configs - dependant on the new SSL handling mentioned above. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-17.09-new-services"> - <title>New Services</title> - <para> - The following new services were added since the last release: - </para> - <itemizedlist> - <listitem> - <para> - <literal>config/fonts/fontconfig-penultimate.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>config/fonts/fontconfig-ultimate.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>config/terminfo.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>hardware/sensor/iio.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>hardware/nitrokey.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>hardware/raid/hpsa.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs/browserpass.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs/gnupg.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs/qt5ct.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs/slock.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs/thefuck.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>security/auditd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>security/lock-kernel-modules.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>service-managers/docker.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>service-managers/trivial.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/admin/salt/master.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/admin/salt/minion.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/audio/slimserver.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/cluster/kubernetes/default.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/cluster/kubernetes/dns.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/cluster/kubernetes/dashboard.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/continuous-integration/hail.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/databases/clickhouse.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/databases/postage.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/desktops/gnome3/gnome-disks.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/desktops/gnome3/gpaste.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/logging/SystemdJournal2Gelf.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/logging/heartbeat.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/logging/journalwatch.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/logging/syslogd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/mail/mailhog.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/mail/nullmailer.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/airsonic.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/autorandr.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/exhibitor.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/fstrim.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/gollum.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/irkerd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/jackett.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/radarr.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/misc/snapper.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/monitoring/osquery.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/monitoring/prometheus/collectd-exporter.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/network-filesystems/kbfs.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/dnscache.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/fireqos.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/iwd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/keepalived/default.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/keybase.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/lldpd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/matterbridge.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/squid.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/tinydns.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/networking/xrdp.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/shibboleth-sp.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/sks.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/sshguard.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/torify.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/usbguard.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/security/vault.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/system/earlyoom.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/system/saslauthd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/web-apps/nexus.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/web-apps/pgpkeyserver-lite.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/web-apps/piwik.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/web-servers/lighttpd/collectd.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/web-servers/minio.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/x11/display-managers/xpra.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services/x11/xautolock.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>tasks/filesystems/bcachefs.nix</literal> - </para> - </listitem> - <listitem> - <para> - <literal>tasks/powertop.nix</literal> - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-17.09-incompatibilities"> - <title>Backward Incompatibilities</title> - <para> - When upgrading from a previous release, please be aware of the - following incompatible changes: - </para> - <itemizedlist> - <listitem> - <para> - <emphasis role="strong">In an Qemu-based virtualization - environment, the network interface names changed from i.e. - <literal>enp0s3</literal> to - <literal>ens3</literal>.</emphasis> - </para> - <para> - This is due to a kernel configuration change. The new naming - is consistent with those of other Linux distributions with - systemd. See - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link> - for more information. - </para> - <para> - A machine is affected if the <literal>virt-what</literal> tool - either returns <literal>qemu</literal> or - <literal>kvm</literal> <emphasis>and</emphasis> has interface - names used in any part of its NixOS configuration, in - particular if a static network configuration with - <literal>networking.interfaces</literal> is used. - </para> - <para> - Before rebooting affected machines, please ensure: - </para> - <itemizedlist> - <listitem> - <para> - Change the interface names in your NixOS configuration. - The first interface will be called - <literal>ens3</literal>, the second one - <literal>ens8</literal> and starting from there - incremented by 1. - </para> - </listitem> - <listitem> - <para> - After changing the interface names, rebuild your system - with <literal>nixos-rebuild boot</literal> to activate the - new configuration after a reboot. If you switch to the new - configuration right away you might lose network - connectivity! If using <literal>nixops</literal>, deploy - with <literal>nixops deploy --force-reboot</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The following changes apply if the - <literal>stateVersion</literal> is changed to 17.09 or higher. - For <literal>stateVersion = "17.03"</literal> or - lower the old behavior is preserved. - </para> - <itemizedlist> - <listitem> - <para> - The <literal>postgres</literal> default version was - changed from 9.5 to 9.6. - </para> - </listitem> - <listitem> - <para> - The <literal>postgres</literal> superuser name has changed - from <literal>root</literal> to - <literal>postgres</literal> to more closely follow what - other Linux distributions are doing. - </para> - </listitem> - <listitem> - <para> - The <literal>postgres</literal> default - <literal>dataDir</literal> has changed from - <literal>/var/db/postgres</literal> to - <literal>/var/lib/postgresql/$psqlSchema</literal> where - $psqlSchema is 9.6 for example. - </para> - </listitem> - <listitem> - <para> - The <literal>mysql</literal> default - <literal>dataDir</literal> has changed from - <literal>/var/mysql</literal> to - <literal>/var/lib/mysql</literal>. - </para> - </listitem> - <listitem> - <para> - Radicale’s default package has changed from 1.x to 2.x. - Instructions to migrate can be found - <link xlink:href="http://radicale.org/1to2/"> here - </link>. It is also possible to use the newer version by - setting the <literal>package</literal> to - <literal>radicale2</literal>, which is done automatically - when <literal>stateVersion</literal> is 17.09 or higher. - The <literal>extraArgs</literal> option has been added to - allow passing the data migration arguments specified in - the instructions; see the <literal>radicale.nix</literal> - NixOS test for an example migration. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>aiccu</literal> package was removed. This is due - to SixXS <link xlink:href="https://www.sixxs.net/main/"> - sunsetting</link> its IPv6 tunnel. - </para> - </listitem> - <listitem> - <para> - The <literal>fanctl</literal> package and - <literal>fan</literal> module have been removed due to the - developers not upstreaming their iproute2 patches and lagging - with compatibility to recent iproute2 versions. - </para> - </listitem> - <listitem> - <para> - Top-level <literal>idea</literal> package collection was - renamed. All JetBrains IDEs are now at - <literal>jetbrains</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>flexget</literal>’s state database cannot be upgraded - to its new internal format, requiring removal of any existing - <literal>db-config.sqlite</literal> which will be - automatically recreated. - </para> - </listitem> - <listitem> - <para> - The <literal>ipfs</literal> service now doesn’t ignore the - <literal>dataDir</literal> option anymore. If you’ve ever set - this option to anything other than the default you’ll have to - either unset it (so the default gets used) or migrate the old - data manually with - </para> - <programlisting> -dataDir=<valueOfDataDir> -mv /var/lib/ipfs/.ipfs/* $dataDir -rmdir /var/lib/ipfs/.ipfs -</programlisting> - </listitem> - <listitem> - <para> - The <literal>caddy</literal> service was previously using an - extra <literal>.caddy</literal> directory in the data - directory specified with the <literal>dataDir</literal> - option. The contents of the <literal>.caddy</literal> - directory are now expected to be in the - <literal>dataDir</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>ssh-agent</literal> user service is not started - by default anymore. Use - <literal>programs.ssh.startAgent</literal> to enable it if - needed. There is also a new - <literal>programs.gnupg.agent</literal> module that creates a - <literal>gpg-agent</literal> user service. It can also serve - as a SSH agent if <literal>enableSSHSupport</literal> is set. - </para> - </listitem> - <listitem> - <para> - The - <literal>services.tinc.networks.<name>.listenAddress</literal> - option had a misleading name that did not correspond to its - behavior. It now correctly defines the ip to listen for - incoming connections on. To keep the previous behaviour, use - <literal>services.tinc.networks.<name>.bindToAddress</literal> - instead. Refer to the description of the options for more - details. - </para> - </listitem> - <listitem> - <para> - <literal>tlsdate</literal> package and module were removed. - This is due to the project being dead and not building with - openssl 1.1. - </para> - </listitem> - <listitem> - <para> - <literal>wvdial</literal> package and module were removed. - This is due to the project being dead and not building with - openssl 1.1. - </para> - </listitem> - <listitem> - <para> - <literal>cc-wrapper</literal><quote>s setup-hook now exports a - number of environment variables corresponding to binutils - binaries, (e.g. <literal>LD</literal>, - <literal>STRIP</literal>, <literal>RANLIB</literal>, etc). - This is done to prevent packages</quote> build systems - guessing, which is harder to predict, especially when - cross-compiling. However, some packages have broken due to - this—their build systems either not supporting, or claiming to - support without adequate testing, taking such environment - variables as parameters. - </para> - </listitem> - <listitem> - <para> - <literal>services.firefox.syncserver</literal> now runs by - default as a non-root user. To accommodate this change, the - default sqlite database location has also been changed. - Migration should work automatically. Refer to the description - of the options for more details. - </para> - </listitem> - <listitem> - <para> - The <literal>compiz</literal> window manager and package was - removed. The system support had been broken for several years. - </para> - </listitem> - <listitem> - <para> - Touchpad support should now be enabled through - <literal>libinput</literal> as <literal>synaptics</literal> is - now deprecated. See the option - <literal>services.xserver.libinput.enable</literal>. - </para> - </listitem> - <listitem> - <para> - grsecurity/PaX support has been dropped, following upstream’s - decision to cease free support. See - <link xlink:href="https://grsecurity.net/passing_the_baton.php"> - upstream’s announcement</link> for more information. No - complete replacement for grsecurity/PaX is available - presently. - </para> - </listitem> - <listitem> - <para> - <literal>services.mysql</literal> now has declarative - configuration of databases and users with the - <literal>ensureDatabases</literal> and - <literal>ensureUsers</literal> options. - </para> - <para> - These options will never delete existing databases and users, - especially not when the value of the options are changed. - </para> - <para> - The MySQL users will be identified using - <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/"> - Unix socket authentication</link>. This authenticates the Unix - user with the same name only, and that without the need for a - password. - </para> - <para> - If you have previously created a MySQL <literal>root</literal> - user <emphasis>with a password</emphasis>, you will need to - add <literal>root</literal> user for unix socket - authentication before using the new options. This can be done - by running the following SQL script: - </para> - <programlisting language="SQL"> -CREATE USER 'root'@'%' IDENTIFIED BY ''; -GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; -FLUSH PRIVILEGES; - --- Optionally, delete the password-authenticated user: --- DROP USER 'root'@'localhost'; -</programlisting> - </listitem> - <listitem> - <para> - <literal>services.mysqlBackup</literal> now works by default - without any user setup, including for users other than - <literal>mysql</literal>. - </para> - <para> - By default, the <literal>mysql</literal> user is no longer the - user which performs the backup. Instead a system account - <literal>mysqlbackup</literal> is used. - </para> - <para> - The <literal>mysqlBackup</literal> service is also now using - systemd timers instead of <literal>cron</literal>. - </para> - <para> - Therefore, the <literal>services.mysqlBackup.period</literal> - option no longer exists, and has been replaced with - <literal>services.mysqlBackup.calendar</literal>, which is in - the format of - <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events">systemd.time(7)</link>. - </para> - <para> - If you expect to be sent an e-mail when the backup fails, - consider using a script which monitors the systemd journal for - errors. Regretfully, at present there is no built-in - functionality for this. - </para> - <para> - You can check that backups still work by running - <literal>systemctl start mysql-backup</literal> then - <literal>systemctl status mysql-backup</literal>. - </para> - </listitem> - <listitem> - <para> - Templated systemd services e.g - <literal>container@name</literal> are now handled currectly - when switching to a new configuration, resulting in them being - reloaded. - </para> - </listitem> - <listitem> - <para> - Steam: the <literal>newStdcpp</literal> parameter was removed - and should not be needed anymore. - </para> - </listitem> - <listitem> - <para> - Redis has been updated to version 4 which mandates a cluster - mass-restart, due to changes in the network handling, in order - to ensure compatibility with networks NATing traffic. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-17.09-notable-changes"> - <title>Other Notable Changes</title> - <itemizedlist> - <listitem> - <para> - Modules can now be disabled by using - <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules"> - disabledModules</link>, allowing another to take it’s place. - This can be used to import a set of modules from another - channel while keeping the rest of the system on a stable - release. - </para> - </listitem> - <listitem> - <para> - Updated to FreeType 2.7.1, including a new TrueType engine. - The new engine replaces the Infinality engine which was the - default in NixOS. The default font rendering settings are now - provided by fontconfig-penultimate, replacing - fontconfig-ultimate; the new defaults are less invasive and - provide rendering that is more consistent with other systems - and hopefully with each font designer’s intent. Some - system-wide configuration has been removed from the Fontconfig - NixOS module where user Fontconfig settings are available. - </para> - </listitem> - <listitem> - <para> - ZFS/SPL have been updated to 0.7.0, - <literal>zfsUnstable, splUnstable</literal> have therefore - been removed. - </para> - </listitem> - <listitem> - <para> - The <literal>time.timeZone</literal> option now allows the - value <literal>null</literal> in addition to timezone strings. - This value allows changing the timezone of a system - imperatively using - <literal>timedatectl set-timezone</literal>. The default - timezone is still UTC. - </para> - </listitem> - <listitem> - <para> - Nixpkgs overlays may now be specified with a file as well as a - directory. The value of - <literal><nixpkgs-overlays></literal> may be a file, and - <literal>~/.config/nixpkgs/overlays.nix</literal> can be used - instead of the <literal>~/.config/nixpkgs/overlays</literal> - directory. - </para> - <para> - See the overlays chapter of the Nixpkgs manual for more - details. - </para> - </listitem> - <listitem> - <para> - Definitions for <literal>/etc/hosts</literal> can now be - specified declaratively with - <literal>networking.hosts</literal>. - </para> - </listitem> - <listitem> - <para> - Two new options have been added to the installer loader, in - addition to the default having changed. The kernel log - verbosity has been lowered to the upstream default for the - default options, in order to not spam the console when e.g. - joining a network. - </para> - <para> - This therefore leads to adding a new <literal>debug</literal> - option to set the log level to the previous verbose mode, to - make debugging easier, but still accessible easily. - </para> - <para> - Additionally a <literal>copytoram</literal> option has been - added, which makes it possible to remove the install medium - after booting. This allows tethering from your phone after - booting from it. - </para> - </listitem> - <listitem> - <para> - <literal>services.gitlab-runner.configOptions</literal> has - been added to specify the configuration of gitlab-runners - declaratively. - </para> - </listitem> - <listitem> - <para> - <literal>services.jenkins.plugins</literal> has been added to - install plugins easily, this can be generated with - jenkinsPlugins2nix. - </para> - </listitem> - <listitem> - <para> - <literal>services.postfix.config</literal> has been added to - specify the main.cf with NixOS options. Additionally other - options have been added to the postfix module and has been - improved further. - </para> - </listitem> - <listitem> - <para> - The GitLab package and module have been updated to the latest - 10.0 release. - </para> - </listitem> - <listitem> - <para> - The <literal>systemd-boot</literal> boot loader now lists the - NixOS version, kernel version and build date of all bootable - generations. - </para> - </listitem> - <listitem> - <para> - The dnscrypt-proxy service now defaults to using a random - upstream resolver, selected from the list of public - non-logging resolvers with DNSSEC support. Existing - configurations can be migrated to this mode of operation by - omitting the - <literal>services.dnscrypt-proxy.resolverName</literal> option - or setting it to <literal>"random"</literal>. - </para> - </listitem> - </itemizedlist> - </section> -</section> |