diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1909.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-1909.section.xml | 1197 |
1 files changed, 1197 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml new file mode 100644 index 00000000000..83cd649f4ea --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml @@ -0,0 +1,1197 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-19.09"> + <title>Release 19.09 (<quote>Loris</quote>, 2019/10/09)</title> + <section xml:id="sec-release-19.09-highlights"> + <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> + <itemizedlist> + <listitem> + <para> + End of support is planned for end of April 2020, handing over + to 20.03. + </para> + </listitem> + <listitem> + <para> + Nix has been updated to 2.3; see its + <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release + notes</link>. + </para> + </listitem> + <listitem> + <para> + Core version changes: + </para> + <para> + systemd: 239 -> 243 + </para> + <para> + gcc: 7 -> 8 + </para> + <para> + glibc: 2.27 (unchanged) + </para> + <para> + linux: 4.19 LTS (unchanged) + </para> + <para> + openssl: 1.0 -> 1.1 + </para> + </listitem> + <listitem> + <para> + Desktop version changes: + </para> + <para> + plasma5: 5.14 -> 5.16 + </para> + <para> + gnome3: 3.30 -> 3.32 + </para> + </listitem> + <listitem> + <para> + PHP now defaults to PHP 7.3, updated from 7.2. + </para> + </listitem> + <listitem> + <para> + PHP 7.1 is no longer supported due to upstream not supporting + this version for the entire lifecycle of the 19.09 release. + </para> + </listitem> + <listitem> + <para> + The binfmt module is now easier to use. Additional systems can + be added through + <literal>boot.binfmt.emulatedSystems</literal>. For instance, + <literal>boot.binfmt.emulatedSystems = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> + will set up binfmt interpreters for each of those listed + systems. + </para> + </listitem> + <listitem> + <para> + The installer now uses a less privileged + <literal>nixos</literal> user whereas before we logged in as + root. To gain root privileges use <literal>sudo -i</literal> + without a password. + </para> + </listitem> + <listitem> + <para> + We've updated to Xfce 4.14, which brings a new module + <literal>services.xserver.desktopManager.xfce4-14</literal>. + If you'd like to upgrade, please switch from the + <literal>services.xserver.desktopManager.xfce</literal> module + as it will be deprecated in a future release. They're + incompatibilities with the current Xfce module; it doesn't + support <literal>thunarPlugins</literal> and it isn't + recommended to use + <literal>services.xserver.desktopManager.xfce</literal> and + <literal>services.xserver.desktopManager.xfce4-14</literal> + simultaneously or to downgrade from Xfce 4.14 after upgrading. + </para> + </listitem> + <listitem> + <para> + The GNOME 3 desktop manager module sports an interface to + enable/disable core services, applications, and optional GNOME + packages like games. + </para> + <itemizedlist> + <listitem> + <para> + <literal>services.gnome3.core-os-services.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.gnome3.core-shell.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.gnome3.core-utilities.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.gnome3.games.enable</literal> + </para> + </listitem> + </itemizedlist> + <para> + With these options we hope to give users finer grained control + over their systems. Prior to this change you'd either have to + manually disable options or use + <literal>environment.gnome3.excludePackages</literal> which + only excluded the optional applications. + <literal>environment.gnome3.excludePackages</literal> is now + unguarded, it can exclude any package installed with + <literal>environment.systemPackages</literal> in the GNOME 3 + module. + </para> + </listitem> + <listitem> + <para> + Orthogonal to the previous changes to the GNOME 3 desktop + manager module, we've updated all default services and + applications to match as close as possible to a default + reference GNOME 3 experience. + </para> + <para> + <emphasis role="strong">The following changes were enacted in + <literal>services.gnome3.core-utilities.enable</literal></emphasis> + </para> + <itemizedlist> + <listitem> + <para> + <literal>accerciser</literal> + </para> + </listitem> + <listitem> + <para> + <literal>dconf-editor</literal> + </para> + </listitem> + <listitem> + <para> + <literal>evolution</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-documents</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-nettool</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-power-manager</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-todo</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-tweaks</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gnome-usage</literal> + </para> + </listitem> + <listitem> + <para> + <literal>gucharmap</literal> + </para> + </listitem> + <listitem> + <para> + <literal>nautilus-sendto</literal> + </para> + </listitem> + <listitem> + <para> + <literal>vinagre</literal> + </para> + </listitem> + <listitem> + <para> + <literal>cheese</literal> + </para> + </listitem> + <listitem> + <para> + <literal>geary</literal> + </para> + </listitem> + </itemizedlist> + <para> + <emphasis role="strong">The following changes were enacted in + <literal>services.gnome3.core-shell.enable</literal></emphasis> + </para> + <itemizedlist> + <listitem> + <para> + <literal>gnome-color-manager</literal> + </para> + </listitem> + <listitem> + <para> + <literal>orca</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.avahi.enable</literal> + </para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-19.09-new-services"> + <title>New Services</title> + <para> + The following new services were added since the last release: + </para> + <itemizedlist> + <listitem> + <para> + <literal>./programs/dwm-status.nix</literal> + </para> + </listitem> + <listitem> + <para> + The new <literal>hardware.printers</literal> module allows to + declaratively configure CUPS printers via the + <literal>ensurePrinters</literal> and + <literal>ensureDefaultPrinter</literal> options. + <literal>ensurePrinters</literal> will never delete existing + printers, but will make sure that the given printers are + configured as declared. + </para> + </listitem> + <listitem> + <para> + There is a new + <link xlink:href="options.html#opt-services.system-config-printer.enable">services.system-config-printer.enable</link> + and + <link xlink:href="options.html#opt-programs.system-config-printer.enable">programs.system-config-printer.enable</link> + module for the program of the same name. If you previously had + <literal>system-config-printer</literal> enabled through some + other means you should migrate to using one of these modules. + </para> + <itemizedlist> + <listitem> + <para> + <literal>services.xserver.desktopManager.plasma5</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.desktopManager.gnome3</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.desktopManager.pantheon</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.desktopManager.mate</literal> + Note Mate uses + <literal>programs.system-config-printer</literal> as it + doesn't use it as a service, but its graphical interface + directly. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.blueman.enable">services.blueman.enable</link> + has been added. If you previously had blueman installed via + <literal>environment.systemPackages</literal> please migrate + to using the NixOS module, as this would result in an + insufficiently configured blueman. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-19.09-incompatibilities"> + <title>Backward Incompatibilities</title> + <para> + When upgrading from a previous release, please be aware of the + following incompatible changes: + </para> + <itemizedlist> + <listitem> + <para> + Buildbot no longer supports Python 2, as support was dropped + upstream in version 2.0.0. Configurations may need to be + modified to make them compatible with Python 3. + </para> + </listitem> + <listitem> + <para> + PostgreSQL now uses <literal>/run/postgresql</literal> as its + socket directory instead of <literal>/tmp</literal>. So if you + run an application like eg. Nextcloud, where you need to use + the Unix socket path as the database host name, you need to + change it accordingly. + </para> + </listitem> + <listitem> + <para> + PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle + and has been removed. + </para> + </listitem> + <listitem> + <para> + The options + <literal>services.prometheus.alertmanager.user</literal> and + <literal>services.prometheus.alertmanager.group</literal> have + been removed because the alertmanager service is now using + systemd's + <link xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html"> + DynamicUser mechanism</link> which obviates these options. + </para> + </listitem> + <listitem> + <para> + The NetworkManager systemd unit was renamed back from + network-manager.service to NetworkManager.service for better + compatibility with other applications expecting this name. The + same applies to ModemManager where modem-manager.service is + now called ModemManager.service again. + </para> + </listitem> + <listitem> + <para> + The <literal>services.nzbget.configFile</literal> and + <literal>services.nzbget.openFirewall</literal> options were + removed as they are managed internally by the nzbget. The + <literal>services.nzbget.dataDir</literal> option hadn't + actually been used by the module for some time and so was + removed as cleanup. + </para> + </listitem> + <listitem> + <para> + The <literal>services.mysql.pidDir</literal> option was + removed, as it was only used by the wordpress apache-httpd + service to wait for mysql to have started up. This can be + accomplished by either describing a dependency on + mysql.service (preferred) or waiting for the (hardcoded) + <literal>/run/mysqld/mysql.sock</literal> file to appear. + </para> + </listitem> + <listitem> + <para> + The <literal>services.emby.enable</literal> module has been + removed, see <literal>services.jellyfin.enable</literal> + instead for a free software fork of Emby. See the Jellyfin + documentation: + <link xlink:href="https://jellyfin.readthedocs.io/en/latest/administrator-docs/migrate-from-emby/"> + Migrating from Emby to Jellyfin </link> + </para> + </listitem> + <listitem> + <para> + IPv6 Privacy Extensions are now enabled by default for + undeclared interfaces. The previous behaviour was quite + misleading — even though the default value for + <literal>networking.interfaces.*.preferTempAddress</literal> + was <literal>true</literal>, undeclared interfaces would not + prefer temporary addresses. Now, interfaces not mentioned in + the config will prefer temporary addresses. EUI64 addresses + can still be set as preferred by explicitly setting the option + to <literal>false</literal> for the interface in question. + </para> + </listitem> + <listitem> + <para> + Since Bittorrent Sync was superseded by Resilio Sync in 2016, + the <literal>bittorrentSync</literal>, + <literal>bittorrentSync14</literal>, and + <literal>bittorrentSync16</literal> packages have been removed + in favor of <literal>resilio-sync</literal>. + </para> + <para> + The corresponding module, <literal>services.btsync</literal> + has been replaced by the <literal>services.resilio</literal> + module. + </para> + </listitem> + <listitem> + <para> + The httpd service no longer attempts to start the postgresql + service. If you have come to depend on this behaviour then you + can preserve the behavior with the following configuration: + <literal>systemd.services.httpd.after = [ "postgresql.service" ];</literal> + </para> + <para> + The option <literal>services.httpd.extraSubservices</literal> + has been marked as deprecated. You may still use this feature, + but it will be removed in a future release of NixOS. You are + encouraged to convert any httpd subservices you may have + written to a full NixOS module. + </para> + <para> + Most of the httpd subservices packaged with NixOS have been + replaced with full NixOS modules including LimeSurvey, + WordPress, and Zabbix. These modules can be enabled using the + <literal>services.limesurvey.enable</literal>, + <literal>services.mediawiki.enable</literal>, + <literal>services.wordpress.enable</literal>, and + <literal>services.zabbixWeb.enable</literal> options. + </para> + </listitem> + <listitem> + <para> + The option + <literal>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnlink</literal> + was renamed to + <literal>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnLink</literal> + (capital <literal>L</literal>). This follows + <link xlink:href="https://github.com/systemd/systemd/commit/9cb8c5593443d24c19e40bfd4fc06d672f8c554c"> + upstreams renaming </link> of the setting. + </para> + </listitem> + <listitem> + <para> + As of this release the NixOps feature + <literal>autoLuks</literal> is deprecated. It no longer works + with our systemd version without manual intervention. + </para> + <para> + Whenever the usage of the module is detected the evaluation + will fail with a message explaining why and how to deal with + the situation. + </para> + <para> + A new knob named + <literal>nixops.enableDeprecatedAutoLuks</literal> has been + introduced to disable the eval failure and to acknowledge the + notice was received and read. If you plan on using the feature + please note that it might break with subsequent updates. + </para> + <para> + Make sure you set the <literal>_netdev</literal> option for + each of the file systems referring to block devices provided + by the autoLuks module. Not doing this might render the system + in a state where it doesn't boot anymore. + </para> + <para> + If you are actively using the <literal>autoLuks</literal> + module please let us know in + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/62211">issue + #62211</link>. + </para> + </listitem> + <listitem> + <para> + The setopt declarations will be evaluated at the end of + <literal>/etc/zshrc</literal>, so any code in + <link xlink:href="options.html#opt-programs.zsh.interactiveShellInit">programs.zsh.interactiveShellInit</link>, + <link xlink:href="options.html#opt-programs.zsh.loginShellInit">programs.zsh.loginShellInit</link> + and + <link xlink:href="options.html#opt-programs.zsh.promptInit">programs.zsh.promptInit</link> + may break if it relies on those options being set. + </para> + </listitem> + <listitem> + <para> + The <literal>prometheus-nginx-exporter</literal> package now + uses the offical exporter provided by NGINX Inc. Its metrics + are differently structured and are incompatible to the old + ones. For information about the metrics, have a look at the + <link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official + repo</link>. + </para> + </listitem> + <listitem> + <para> + The <literal>shibboleth-sp</literal> package has been updated + to version 3. It is largely backward compatible, for further + information refer to the + <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes">release + notes</link> and + <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2">upgrade + guide</link>. + </para> + <para> + Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has + been dropped. + </para> + </listitem> + <listitem> + <para> + By default, prometheus exporters are now run with + <literal>DynamicUser</literal> enabled. Exporters that need a + real user, now run under a seperate user and group which + follow the pattern + <literal><exporter-name>-exporter</literal>, instead of + the previous default <literal>nobody</literal> and + <literal>nogroup</literal>. Only some exporters are affected + by the latter, namely the exporters + <literal>dovecot</literal>, <literal>node</literal>, + <literal>postfix</literal> and <literal>varnish</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>ibus-qt</literal> package is not installed by + default anymore when + <link xlink:href="options.html#opt-i18n.inputMethod.enabled">i18n.inputMethod.enabled</link> + is set to <literal>ibus</literal>. If IBus support in Qt 4.x + applications is required, add the <literal>ibus-qt</literal> + package to your + <link xlink:href="options.html#opt-environment.systemPackages">environment.systemPackages</link> + manually. + </para> + </listitem> + <listitem> + <para> + The CUPS Printing service now uses socket-based activation by + default, only starting when needed. The previous behavior can + be restored by setting + <literal>services.cups.startWhenNeeded</literal> to + <literal>false</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>services.systemhealth</literal> module has been + removed from nixpkgs due to lack of maintainer. + </para> + </listitem> + <listitem> + <para> + The <literal>services.mantisbt</literal> module has been + removed from nixpkgs due to lack of maintainer. + </para> + </listitem> + <listitem> + <para> + Squid 3 has been removed and the <literal>squid</literal> + derivation now refers to Squid 4. + </para> + </listitem> + <listitem> + <para> + The <literal>services.pdns-recursor.extraConfig</literal> + option has been replaced by + <literal>services.pdns-recursor.settings</literal>. The new + option allows setting extra configuration while being better + type-checked and mergeable. + </para> + </listitem> + <listitem> + <para> + No service depends on <literal>keys.target</literal> anymore + which is a systemd target that indicates if all + <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps + keys</link> were successfully uploaded. Instead, + <literal><key-name>-key.service</literal> should be used + to define a dependency of a key in a service. The full issue + behind the <literal>keys.target</literal> dependency is + described at + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>. + </para> + <para> + The following services are affected by this: + </para> + <itemizedlist> + <listitem> + <para> + <link xlink:href="options.html#opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.nsd.enable"><literal>services.nsd</literal></link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.softether.enable"><literal>services.softether</literal></link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.strongswan.enable"><literal>services.strongswan</literal></link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link> + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-services.httpd.enable"><literal>services.httpd</literal></link> + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The <literal>security.acme.directory</literal> option has been + replaced by a read-only + <literal>security.acme.certs.<cert>.directory</literal> + option for each certificate you define. This will be a + subdirectory of <literal>/var/lib/acme</literal>. You can use + this read-only option to figure out where the certificates are + stored for a specific certificate. For example, the + <literal>services.nginx.virtualhosts.<name>.enableACME</literal> + option will use this directory option to find the certs for + the virtual host. + </para> + <para> + <literal>security.acme.preDelay</literal> and + <literal>security.acme.activationDelay</literal> options have + been removed. To execute a service before certificates are + provisioned or renewed add a + <literal>RequiredBy=acme-${cert}.service</literal> to any + service. + </para> + <para> + Furthermore, the acme module will not automatically add a + dependency on <literal>lighttpd.service</literal> anymore. If + you are using certficates provided by letsencrypt for + lighttpd, then you should depend on the certificate service + <literal>acme-${cert}.service></literal> manually. + </para> + <para> + For nginx, the dependencies are still automatically managed + when + <literal>services.nginx.virtualhosts.<name>.enableACME</literal> + is enabled just like before. What changed is that nginx now + directly depends on the specific certificates that it needs, + instead of depending on the catch-all + <literal>acme-certificates.target</literal>. This target unit + was also removed from the codebase. This will mean nginx will + no longer depend on certificates it isn't explicitly managing + and fixes a bug with certificate renewal ordering racing with + nginx restarting which could lead to nginx getting in a broken + state as described at + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>. + </para> + </listitem> + <listitem> + <para> + The old deprecated <literal>emacs</literal> package sets have + been dropped. What used to be called + <literal>emacsPackagesNg</literal> is now simply called + <literal>emacsPackages</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.desktopManager.xterm</literal> is + now disabled by default if <literal>stateVersion</literal> is + 19.09 or higher. Previously the xterm desktopManager was + enabled when xserver was enabled, but it isn't useful for all + people so it didn't make sense to have any desktopManager + enabled default. + </para> + </listitem> + <listitem> + <para> + The WeeChat plugin + <literal>pkgs.weechatScripts.weechat-xmpp</literal> has been + removed as it doesn't receive any updates from upstream and + depends on outdated Python2-based modules. + </para> + </listitem> + <listitem> + <para> + Old unsupported versions (<literal>logstash5</literal>, + <literal>kibana5</literal>, <literal>filebeat5</literal>, + <literal>heartbeat5</literal>, <literal>metricbeat5</literal>, + <literal>packetbeat5</literal>) of the ELK-stack and Elastic + beats have been removed. + </para> + </listitem> + <listitem> + <para> + For NixOS 19.03, both Prometheus 1 and 2 were available to + allow for a seamless transition from version 1 to 2 with + existing setups. Because Prometheus 1 is no longer developed, + it was removed. Prometheus 2 is now configured with + <literal>services.prometheus</literal>. + </para> + </listitem> + <listitem> + <para> + Citrix Receiver (<literal>citrix_receiver</literal>) has been + dropped in favor of Citrix Workspace + (<literal>citrix_workspace</literal>). + </para> + </listitem> + <listitem> + <para> + The <literal>services.gitlab</literal> module has had its + literal secret options + (<literal>services.gitlab.smtp.password</literal>, + <literal>services.gitlab.databasePassword</literal>, + <literal>services.gitlab.initialRootPassword</literal>, + <literal>services.gitlab.secrets.secret</literal>, + <literal>services.gitlab.secrets.db</literal>, + <literal>services.gitlab.secrets.otp</literal> and + <literal>services.gitlab.secrets.jws</literal>) replaced by + file-based versions + (<literal>services.gitlab.smtp.passwordFile</literal>, + <literal>services.gitlab.databasePasswordFile</literal>, + <literal>services.gitlab.initialRootPasswordFile</literal>, + <literal>services.gitlab.secrets.secretFile</literal>, + <literal>services.gitlab.secrets.dbFile</literal>, + <literal>services.gitlab.secrets.otpFile</literal> and + <literal>services.gitlab.secrets.jwsFile</literal>). This was + done so that secrets aren't stored in the world-readable nix + store, but means that for each option you'll have to create a + file with the same exact string, add "File" to the + end of the option name, and change the definition to a string + pointing to the corresponding file; e.g. + <literal>services.gitlab.databasePassword = "supersecurepassword"</literal> + becomes + <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> + where the file <literal>secret_file</literal> contains the + string <literal>supersecurepassword</literal>. + </para> + <para> + The state path (<literal>services.gitlab.statePath</literal>) + now has the following restriction: no parent directory can be + owned by any other user than <literal>root</literal> or the + user specified in <literal>services.gitlab.user</literal>; + i.e. if <literal>services.gitlab.statePath</literal> is set to + <literal>/var/lib/gitlab/state</literal>, + <literal>gitlab</literal> and all parent directories must be + owned by either <literal>root</literal> or the user specified + in <literal>services.gitlab.user</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>networking.useDHCP</literal> option is + unsupported in combination with + <literal>networking.useNetworkd</literal> in anticipation of + defaulting to it. It has to be set to <literal>false</literal> + and enabled per interface with + <literal>networking.interfaces.<name>.useDHCP = true;</literal> + </para> + </listitem> + <listitem> + <para> + The Twitter client <literal>corebird</literal> has been + dropped as + <link xlink:href="https://www.patreon.com/posts/corebirds-future-18921328">it + is discontinued and does not work against the new Twitter + API</link>. Please use the fork <literal>cawbird</literal> + instead which has been adapted to the API changes and is still + maintained. + </para> + </listitem> + <listitem> + <para> + The <literal>nodejs-11_x</literal> package has been removed as + it's EOLed by upstream. + </para> + </listitem> + <listitem> + <para> + Because of the systemd upgrade, systemd-timesyncd will no + longer work if <literal>system.stateVersion</literal> is not + set correctly. When upgrading from NixOS 19.03, please make + sure that <literal>system.stateVersion</literal> is set to + <literal>"19.03"</literal>, or lower if the + installation dates back to an earlier version of NixOS. + </para> + </listitem> + <listitem> + <para> + Due to the short lifetime of non-LTS kernel releases package + attributes like <literal>linux_5_1</literal>, + <literal>linux_5_2</literal> and <literal>linux_5_3</literal> + have been removed to discourage dependence on specific non-LTS + kernel versions in stable NixOS releases. Going forward, + versioned attributes like <literal>linux_4_9</literal> will + exist for LTS versions only. Please use + <literal>linux_latest</literal> or + <literal>linux_testing</literal> if you depend on non-LTS + releases. Keep in mind that <literal>linux_latest</literal> + and <literal>linux_testing</literal> will change versions + under the hood during the lifetime of a stable release and + might include breaking changes. + </para> + </listitem> + <listitem> + <para> + Because of the systemd upgrade, some network interfaces might + change their name. For details see + <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html#History"> + upstream docs</link> or + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/71086"> + our ticket</link>. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-19.09-notable-changes"> + <title>Other Notable Changes</title> + <itemizedlist> + <listitem> + <para> + The <literal>documentation</literal> module gained an option + named <literal>documentation.nixos.includeAllModules</literal> + which makes the generated configuration.nix 5 manual page + include all options from all NixOS modules included in a given + <literal>configuration.nix</literal> configuration file. + Currently, it is set to <literal>false</literal> by default as + enabling it frequently prevents evaluation. But the plan is to + eventually have it set to <literal>true</literal> by default. + Please set it to <literal>true</literal> now in your + <literal>configuration.nix</literal> and fix all the bugs it + uncovers. + </para> + </listitem> + <listitem> + <para> + The <literal>vlc</literal> package gained support for + Chromecast streaming, enabled by default. TCP port 8010 must + be open for it to work, so something like + <literal>networking.firewall.allowedTCPPorts = [ 8010 ];</literal> + may be required in your configuration. Also consider enabling + <link xlink:href="https://nixos.wiki/wiki/Accelerated_Video_Playback"> + Accelerated Video Playback</link> for better transcoding + performance. + </para> + </listitem> + <listitem> + <para> + The following changes apply if the + <literal>stateVersion</literal> is changed to 19.09 or higher. + For <literal>stateVersion = "19.03"</literal> or + lower the old behavior is preserved. + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>solr.package</literal> defaults to + <literal>pkgs.solr_8</literal>. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The <literal>hunspellDicts.fr-any</literal> dictionary now + ships with <literal>fr_FR.{aff,dic}</literal> which is linked + to <literal>fr-toutesvariantes.{aff,dic}</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>mysql</literal> service now runs as + <literal>mysql</literal> user. Previously, systemd did execute + it as root, and mysql dropped privileges itself. This includes + <literal>ExecStartPre=</literal> and + <literal>ExecStartPost=</literal> phases. To accomplish that, + runtime and data directory setup was delegated to + RuntimeDirectory and tmpfiles. + </para> + </listitem> + <listitem> + <para> + With the upgrade to systemd version 242 the + <literal>systemd-timesyncd</literal> service is no longer + using <literal>DynamicUser=yes</literal>. In order for the + upgrade to work we rely on an activation script to move the + state from the old to the new directory. The older directory + (prior <literal>19.09</literal>) was + <literal>/var/lib/private/systemd/timesync</literal>. + </para> + <para> + As long as the <literal>system.config.stateVersion</literal> + is below <literal>19.09</literal> the state folder will + migrated to its proper location + (<literal>/var/lib/systemd/timesync</literal>), if required. + </para> + </listitem> + <listitem> + <para> + The package <literal>avahi</literal> is now built to look up + service definitions from + <literal>/etc/avahi/services</literal> instead of its output + directory in the nix store. Accordingly the module + <literal>avahi</literal> now supports custom service + definitions via + <literal>services.avahi.extraServiceFiles</literal>, which are + then placed in the aforementioned directory. See + avahi.service5 for more information on custom service + definitions. + </para> + </listitem> + <listitem> + <para> + Since version 0.1.19, <literal>cargo-vendor</literal> honors + package includes that are specified in the + <literal>Cargo.toml</literal> file of Rust crates. + <literal>rustPlatform.buildRustPackage</literal> uses + <literal>cargo-vendor</literal> to collect and build dependent + crates. Since this change in <literal>cargo-vendor</literal> + changes the set of vendored files for most Rust packages, the + hash that use used to verify the dependencies, + <literal>cargoSha256</literal>, also changes. + </para> + <para> + The <literal>cargoSha256</literal> hashes of all in-tree + derivations that use <literal>buildRustPackage</literal> have + been updated to reflect this change. However, third-party + derivations that use <literal>buildRustPackage</literal> may + have to be updated as well. + </para> + </listitem> + <listitem> + <para> + The <literal>consul</literal> package was upgraded past + version <literal>1.5</literal>, so its deprecated legacy UI is + no longer available. + </para> + </listitem> + <listitem> + <para> + The default resample-method for PulseAudio has been changed + from the upstream default <literal>speex-float-1</literal> to + <literal>speex-float-5</literal>. Be aware that low-powered + ARM-based and MIPS-based boards will struggle with this so + you'll need to set + <literal>hardware.pulseaudio.daemon.config.resample-method</literal> + back to <literal>speex-float-1</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>phabricator</literal> package and associated + <literal>httpd.extraSubservice</literal>, as well as the + <literal>phd</literal> service have been removed from nixpkgs + due to lack of maintainer. + </para> + </listitem> + <listitem> + <para> + The <literal>mercurial</literal> + <literal>httpd.extraSubservice</literal> has been removed from + nixpkgs due to lack of maintainer. + </para> + </listitem> + <listitem> + <para> + The <literal>trac</literal> + <literal>httpd.extraSubservice</literal> has been removed from + nixpkgs because it was unmaintained. + </para> + </listitem> + <listitem> + <para> + The <literal>foswiki</literal> package and associated + <literal>httpd.extraSubservice</literal> have been removed + from nixpkgs due to lack of maintainer. + </para> + </listitem> + <listitem> + <para> + The <literal>tomcat-connector</literal> + <literal>httpd.extraSubservice</literal> has been removed from + nixpkgs. + </para> + </listitem> + <listitem> + <para> + It's now possible to change configuration in + <link xlink:href="options.html#opt-services.nextcloud.enable">services.nextcloud</link> + after the initial deploy since all config parameters are + persisted in an additional config file generated by the + module. Previously core configuration like database parameters + were set using their imperative installer after creating + <literal>/var/lib/nextcloud</literal>. + </para> + </listitem> + <listitem> + <para> + There exists now <literal>lib.forEach</literal>, which is like + <literal>map</literal>, but with arguments flipped. When + mapping function body spans many lines (or has nested + <literal>map</literal>s), it is often hard to follow which + list is modified. + </para> + <para> + Previous solution to this problem was either to use + <literal>lib.flip map</literal> idiom or extract that + anonymous mapping function to a named one. Both can still be + used but <literal>lib.forEach</literal> is preferred over + <literal>lib.flip map</literal>. + </para> + <para> + The <literal>/etc/sysctl.d/nixos.conf</literal> file + containing all the options set via + <link xlink:href="options.html#opt-boot.kernel.sysctl">boot.kernel.sysctl</link> + was moved to <literal>/etc/sysctl.d/60-nixos.conf</literal>, + as sysctl.d5 recommends prefixing all filenames in + <literal>/etc/sysctl.d</literal> with a two-digit number and a + dash to simplify the ordering of the files. + </para> + </listitem> + <listitem> + <para> + We now install the sysctl snippets shipped with systemd. + </para> + <itemizedlist> + <listitem> + <para> + Loose reverse path filtering + </para> + </listitem> + <listitem> + <para> + Source route filtering + </para> + </listitem> + <listitem> + <para> + <literal>fq_codel</literal> as a packet scheduler (this + helps to fight bufferbloat) + </para> + </listitem> + </itemizedlist> + <para> + This also configures the kernel to pass core dumps to + <literal>systemd-coredump</literal>, and restricts the SysRq + key combinations to the sync command only. These sysctl + snippets can be found in + <literal>/etc/sysctl.d/50-*.conf</literal>, and overridden via + <link xlink:href="options.html#opt-boot.kernel.sysctl">boot.kernel.sysctl</link> + (which will place the parameters in + <literal>/etc/sysctl.d/60-nixos.conf</literal>). + </para> + </listitem> + <listitem> + <para> + Core dumps are now processed by + <literal>systemd-coredump</literal> by default. + <literal>systemd-coredump</literal> behaviour can still be + modified via <literal>systemd.coredump.extraConfig</literal>. + To stick to the old behaviour (having the kernel dump to a + file called <literal>core</literal> in the working directory), + without piping it through <literal>systemd-coredump</literal>, + set <literal>systemd.coredump.enable</literal> to + <literal>false</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>systemd.packages</literal> option now also supports + generators and shutdown scripts. Old + <literal>systemd.generator-packages</literal> option has been + removed. + </para> + </listitem> + <listitem> + <para> + The <literal>rmilter</literal> package was removed with + associated module and options due deprecation by upstream + developer. Use <literal>rspamd</literal> in proxy mode + instead. + </para> + </listitem> + <listitem> + <para> + systemd cgroup accounting via the + <link xlink:href="options.html#opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link> + option is now enabled by default. It now also enables the more + recent Block IO and IP accounting features. + </para> + </listitem> + <listitem> + <para> + We no longer enable custom font rendering settings with + <literal>fonts.fontconfig.penultimate.enable</literal> by + default. The defaults from fontconfig are sufficient. + </para> + </listitem> + <listitem> + <para> + The <literal>crashplan</literal> package and the + <literal>crashplan</literal> service have been removed from + nixpkgs due to crashplan shutting down the service, while the + <literal>crashplansb</literal> package and + <literal>crashplan-small-business</literal> service have been + removed from nixpkgs due to lack of maintainer. + </para> + <para> + The + <link xlink:href="options.html#opt-services.redis.enable">redis + module</link> was hardcoded to use the + <literal>redis</literal> user, <literal>/run/redis</literal> + as runtime directory and <literal>/var/lib/redis</literal> as + state directory. Note that the NixOS module for Redis now + disables kernel support for Transparent Huge Pages (THP), + because this features causes major performance problems for + Redis, e.g. (https://redis.io/topics/latency). + </para> + </listitem> + <listitem> + <para> + Using <literal>fonts.enableDefaultFonts</literal> adds a + default emoji font <literal>noto-fonts-emoji</literal>. + </para> + <itemizedlist> + <listitem> + <para> + <literal>services.xserver.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>programs.sway.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>programs.way-cooler.enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services.xrdp.enable</literal> + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The <literal>altcoins</literal> categorization of packages has + been removed. You now access these packages at the top level, + ie. <literal>nix-shell -p dogecoin</literal> instead of + <literal>nix-shell -p altcoins.dogecoin</literal>, etc. + </para> + </listitem> + <listitem> + <para> + Ceph has been upgraded to v14.2.1. See the + <link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release + notes</link> for details. The mgr dashboard as well as osds + backed by loop-devices is no longer explicitly supported by + the package and module. Note: There's been some issues with + python-cherrypy, which is used by the dashboard and prometheus + mgr modules (and possibly others), hence + 0000-dont-check-cherrypy-version.patch. + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.weechat</literal> is now compiled against + <literal>pkgs.python3</literal>. Weechat also recommends + <link xlink:href="https://weechat.org/scripts/python3/">to use + Python3 in their docs.</link> + </para> + </listitem> + </itemizedlist> + </section> +</section> |