diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-1909.xml')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 902 |
1 files changed, 0 insertions, 902 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml deleted file mode 100644 index 0dae49c636f..00000000000 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ /dev/null @@ -1,902 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-release-19.09"> - <title>Release 19.09 (“Loris”, 2019/10/09)</title> - - <section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-release-19.09-highlights"> - <title>Highlights</title> - - <para> - In addition to numerous new and upgraded packages, this release has the - following highlights: - </para> - - <itemizedlist> - <listitem> - <para> - End of support is planned for end of April 2020, handing over to 20.03. - </para> - </listitem> - <listitem> - <para> - Nix has been updated to 2.3; see its - <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release - notes</link>. - </para> - </listitem> - <listitem> - <para>Core version changes:</para> - <para>systemd: 239 -> 243</para> - <para>gcc: 7 -> 8</para> - <para>glibc: 2.27 (unchanged)</para> - <para>linux: 4.19 LTS (unchanged)</para> - <para>openssl: 1.0 -> 1.1</para> - </listitem> - <listitem> - <para>Desktop version changes:</para> - <para>plasma5: 5.14 -> 5.16</para> - <para>gnome3: 3.30 -> 3.32</para> - </listitem> - <listitem> - <para> - PHP now defaults to PHP 7.3, updated from 7.2. - </para> - </listitem> - <listitem> - <para> - PHP 7.1 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 19.09 release. - </para> - </listitem> - <listitem> - <para> - The binfmt module is now easier to use. Additional systems can - be added through <option>boot.binfmt.emulatedSystems</option>. - For instance, <literal>boot.binfmt.emulatedSystems = [ - "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> will - set up binfmt interpreters for each of those listed systems. - </para> - </listitem> - <listitem> - <para> - The installer now uses a less privileged <literal>nixos</literal> user whereas before we logged in as root. - To gain root privileges use <literal>sudo -i</literal> without a password. - </para> - </listitem> - <listitem> - <para> - We've updated to Xfce 4.14, which brings a new module <option>services.xserver.desktopManager.xfce4-14</option>. - If you'd like to upgrade, please switch from the <option>services.xserver.desktopManager.xfce</option> module as it - will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support - <option>thunarPlugins</option> and it isn't recommended to use <option>services.xserver.desktopManager.xfce</option> - and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading. - </para> - </listitem> - <listitem> - <para> - The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages - like games. - <itemizedlist> - <para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para> - <listitem><para><option>services.gnome3.core-os-services.enable</option></para></listitem> - <listitem><para><option>services.gnome3.core-shell.enable</option></para></listitem> - <listitem><para><option>services.gnome3.core-utilities.enable</option></para></listitem> - <listitem><para><option>services.gnome3.games.enable</option></para></listitem> - </itemizedlist> - With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually - disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications. - <option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option> - in the GNOME 3 module. - </para> - </listitem> - <listitem> - <para> - Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications - to match as close as possible to a default reference GNOME 3 experience. - </para> - - <bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead> - - <itemizedlist> - <title>Applications removed from defaults:</title> - <listitem><para><literal>accerciser</literal></para></listitem> - <listitem><para><literal>dconf-editor</literal></para></listitem> - <listitem><para><literal>evolution</literal></para></listitem> - <listitem><para><literal>gnome-documents</literal></para></listitem> - <listitem><para><literal>gnome-nettool</literal></para></listitem> - <listitem><para><literal>gnome-power-manager</literal></para></listitem> - <listitem><para><literal>gnome-todo</literal></para></listitem> - <listitem><para><literal>gnome-tweaks</literal></para></listitem> - <listitem><para><literal>gnome-usage</literal></para></listitem> - <listitem><para><literal>gucharmap</literal></para></listitem> - <listitem><para><literal>nautilus-sendto</literal></para></listitem> - <listitem><para><literal>vinagre</literal></para></listitem> - </itemizedlist> - <itemizedlist> - <title>Applications added to defaults:</title> - <listitem><para><literal>cheese</literal></para></listitem> - <listitem><para><literal>geary</literal></para></listitem> - </itemizedlist> - - <bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead> - - <itemizedlist> - <title>Applications added to defaults:</title> - <listitem><para><literal>gnome-color-manager</literal></para></listitem> - <listitem><para><literal>orca</literal></para></listitem> - </itemizedlist> - <itemizedlist> - <title>Services enabled:</title> - <listitem><para><option>services.avahi.enable</option></para></listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </section> - - <section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-release-19.09-new-services"> - <title>New Services</title> - - <para> - The following new services were added since the last release: - </para> - - <itemizedlist> - <listitem> - <para> - <literal>./programs/dwm-status.nix</literal> - </para> - </listitem> - <listitem> - <para> - The new <varname>hardware.printers</varname> module allows to declaratively configure CUPS printers - via the <varname>ensurePrinters</varname> and - <varname>ensureDefaultPrinter</varname> options. - <varname>ensurePrinters</varname> will never delete existing printers, - but will make sure that the given printers are configured as declared. - </para> - </listitem> - <listitem> - <para> - There is a new <xref linkend="opt-services.system-config-printer.enable"/> and <xref linkend="opt-programs.system-config-printer.enable"/> module - for the program of the same name. If you previously had <literal>system-config-printer</literal> enabled through some other - means you should migrate to using one of these modules. - </para> - <itemizedlist> - <para>If you're a user of the following desktopManager modules no action is needed:</para> - <listitem> - <para><option>services.xserver.desktopManager.plasma5</option></para> - </listitem> - <listitem> - <para><option>services.xserver.desktopManager.gnome3</option></para> - </listitem> - <listitem> - <para><option>services.xserver.desktopManager.pantheon</option></para> - </listitem> - <listitem> - <para><option>services.xserver.desktopManager.mate</option></para> - <para> - Note Mate uses <literal>programs.system-config-printer</literal> as it doesn't - use it as a service, but its graphical interface directly. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <xref linkend="opt-services.blueman.enable"/> has been added. - If you previously had blueman installed via <option>environment.systemPackages</option> please - migrate to using the NixOS module, as this would result in an insufficiently configured blueman. - </para> - </listitem> - </itemizedlist> - - </section> - - <section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-release-19.09-incompatibilities"> - <title>Backward Incompatibilities</title> - - <para> - When upgrading from a previous release, please be aware of the following - incompatible changes: - </para> - - <itemizedlist> - <listitem> - <para> - Buildbot no longer supports Python 2, as support was dropped upstream in - version 2.0.0. Configurations may need to be modified to make them - compatible with Python 3. - </para> - </listitem> - <listitem> - <para> - PostgreSQL now uses - <filename class="directory">/run/postgresql</filename> as its socket - directory instead of <filename class="directory">/tmp</filename>. So - if you run an application like eg. Nextcloud, where you need to use - the Unix socket path as the database host name, you need to change it - accordingly. - </para> - </listitem> - <listitem> - <para> - PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle and has been removed. - </para> - </listitem> - <listitem> - <para> - The options <option>services.prometheus.alertmanager.user</option> and - <option>services.prometheus.alertmanager.group</option> have been removed - because the alertmanager service is now using systemd's <link - xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html"> - DynamicUser mechanism</link> which obviates these options. - </para> - </listitem> - <listitem> - <para> - The NetworkManager systemd unit was renamed back from network-manager.service to - NetworkManager.service for better compatibility with other applications expecting this name. - The same applies to ModemManager where modem-manager.service is now called ModemManager.service again. - </para> - </listitem> - <listitem> - <para> - The <option>services.nzbget.configFile</option> and <option>services.nzbget.openFirewall</option> - options were removed as they are managed internally by the nzbget. The - <option>services.nzbget.dataDir</option> option hadn't actually been used by - the module for some time and so was removed as cleanup. - </para> - </listitem> - <listitem> - <para> - The <option>services.mysql.pidDir</option> option was removed, as it was only used by the wordpress - apache-httpd service to wait for mysql to have started up. - This can be accomplished by either describing a dependency on mysql.service (preferred) - or waiting for the (hardcoded) <filename>/run/mysqld/mysql.sock</filename> file to appear. - </para> - </listitem> - <listitem> - <para> - The <option>services.emby.enable</option> module has been removed, see - <option>services.jellyfin.enable</option> instead for a free software fork of Emby. - - See the Jellyfin documentation: - <link xlink:href="https://jellyfin.readthedocs.io/en/latest/administrator-docs/migrate-from-emby/"> - Migrating from Emby to Jellyfin - </link> - </para> - </listitem> - <listitem> - <para> - IPv6 Privacy Extensions are now enabled by default for undeclared - interfaces. The previous behaviour was quite misleading — even though - the default value for - <option>networking.interfaces.*.preferTempAddress</option> was - <literal>true</literal>, undeclared interfaces would not prefer temporary - addresses. Now, interfaces not mentioned in the config will prefer - temporary addresses. EUI64 addresses can still be set as preferred by - explicitly setting the option to <literal>false</literal> for the - interface in question. - </para> - </listitem> - <listitem> - <para> - Since Bittorrent Sync was superseded by Resilio Sync in 2016, the - <literal>bittorrentSync</literal>, <literal>bittorrentSync14</literal>, - and <literal>bittorrentSync16</literal> packages have been removed in - favor of <literal>resilio-sync</literal>. - </para> - <para> - The corresponding module, <option>services.btsync</option> has been - replaced by the <option>services.resilio</option> module. - </para> - </listitem> - <listitem> - <para> - The httpd service no longer attempts to start the postgresql service. If you have come to depend - on this behaviour then you can preserve the behavior with the following configuration: - <literal>systemd.services.httpd.after = [ "postgresql.service" ];</literal> - </para> - <para> - The option <option>services.httpd.extraSubservices</option> has been - marked as deprecated. You may still use this feature, but it will be - removed in a future release of NixOS. You are encouraged to convert any - httpd subservices you may have written to a full NixOS module. - </para> - <para> - Most of the httpd subservices packaged with NixOS have been replaced with - full NixOS modules including LimeSurvey, WordPress, and Zabbix. These - modules can be enabled using the <option>services.limesurvey.enable</option>, - <option>services.mediawiki.enable</option>, <option>services.wordpress.enable</option>, - and <option>services.zabbixWeb.enable</option> options. - </para> - </listitem> - <listitem> - <para> - The option <option>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnlink</option> - was renamed to <option>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnLink</option> - (capital <literal>L</literal>). This follows - <link xlink:href="https://github.com/systemd/systemd/commit/9cb8c5593443d24c19e40bfd4fc06d672f8c554c"> - upstreams renaming - </link> of the setting. - </para> - </listitem> - <listitem> - <para> - As of this release the NixOps feature <literal>autoLuks</literal> is deprecated. It no longer works - with our systemd version without manual intervention. - </para> - <para> - Whenever the usage of the module is detected the evaluation will fail with a message - explaining why and how to deal with the situation. - </para> - <para> - A new knob named <literal>nixops.enableDeprecatedAutoLuks</literal> - has been introduced to disable the eval failure and to acknowledge the notice was received and read. - If you plan on using the feature please note that it might break with subsequent updates. - </para> - <para> - Make sure you set the <literal>_netdev</literal> option for each of the file systems referring to block - devices provided by the autoLuks module. Not doing this might render the system in a - state where it doesn't boot anymore. - </para> - <para> - If you are actively using the <literal>autoLuks</literal> module please let us know in - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/62211">issue #62211</link>. - </para> - </listitem> - <listitem> - <para> - The setopt declarations will be evaluated at the end of <literal>/etc/zshrc</literal>, so any code in <xref linkend="opt-programs.zsh.interactiveShellInit" />, - <xref linkend="opt-programs.zsh.loginShellInit" /> and <xref linkend="opt-programs.zsh.promptInit" /> may break if it relies on those options being set. - </para> - </listitem> - <listitem> - <para> - The <literal>prometheus-nginx-exporter</literal> package now uses the offical exporter provided by NGINX Inc. - Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, - have a look at the <link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official repo</link>. - </para> - </listitem> - <listitem> - <para> - The <literal>shibboleth-sp</literal> package has been updated to version 3. - It is largely backward compatible, for further information refer to the - <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes">release notes</link> - and <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2">upgrade guide</link>. - </para> - <para> - Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped. - </para> - </listitem> - <listitem> - <para> - By default, prometheus exporters are now run with <literal>DynamicUser</literal> enabled. - Exporters that need a real user, now run under a seperate user and group which follow the pattern <literal><exporter-name>-exporter</literal>, instead of the previous default <literal>nobody</literal> and <literal>nogroup</literal>. - Only some exporters are affected by the latter, namely the exporters <literal>dovecot</literal>, <literal>node</literal>, <literal>postfix</literal> and <literal>varnish</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>ibus-qt</literal> package is not installed by default anymore when <xref linkend="opt-i18n.inputMethod.enabled" /> is set to <literal>ibus</literal>. - If IBus support in Qt 4.x applications is required, add the <literal>ibus-qt</literal> package to your <xref linkend="opt-environment.systemPackages" /> manually. - </para> - </listitem> - <listitem> - <para> - The CUPS Printing service now uses socket-based activation by - default, only starting when needed. The previous behavior can - be restored by setting - <option>services.cups.startWhenNeeded</option> to - <literal>false</literal>. - </para> - </listitem> - <listitem> - <para> - The <option>services.systemhealth</option> module has been removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <option>services.mantisbt</option> module has been removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - Squid 3 has been removed and the <option>squid</option> derivation now refers to Squid 4. - </para> - </listitem> - <listitem> - <para> - The <option>services.pdns-recursor.extraConfig</option> option has been replaced by - <option>services.pdns-recursor.settings</option>. The new option allows setting extra - configuration while being better type-checked and mergeable. - </para> - </listitem> - <listitem> - <para> - No service depends on <literal>keys.target</literal> anymore which is a systemd - target that indicates if all <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps keys</link> were successfully uploaded. - Instead, <literal><key-name>-key.service</literal> should be used to define - a dependency of a key in a service. The full issue behind the <literal>keys.target</literal> - dependency is described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>. - </para> - <para> - The following services are affected by this: - <itemizedlist> - <listitem><para><link linkend="opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link></para></listitem> - <listitem><para><link linkend="opt-services.nsd.enable"><literal>services.nsd</literal></link></para></listitem> - <listitem><para><link linkend="opt-services.softether.enable"><literal>services.softether</literal></link></para></listitem> - <listitem><para><link linkend="opt-services.strongswan.enable"><literal>services.strongswan</literal></link></para></listitem> - <listitem><para><link linkend="opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link></para></listitem> - <listitem><para><link linkend="opt-services.httpd.enable"><literal>services.httpd</literal></link></para></listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - The <option>security.acme.directory</option> option has been replaced by a read-only <option>security.acme.certs.<cert>.directory</option> option for each certificate you define. This will be - a subdirectory of <literal>/var/lib/acme</literal>. You can use this read-only option to figure out where the certificates are stored for a specific certificate. For example, - the <option>services.nginx.virtualhosts.<name>.enableACME</option> option will use this directory option to find the certs for the virtual host. - </para> - <para> - <option>security.acme.preDelay</option> and <option>security.acme.activationDelay</option> options have been removed. To execute a service before certificates - are provisioned or renewed add a <literal>RequiredBy=acme-${cert}.service</literal> to any service. - </para> - <para> - Furthermore, the acme module will not automatically add a dependency on <literal>lighttpd.service</literal> anymore. If you are using certficates provided by letsencrypt - for lighttpd, then you should depend on the certificate service <literal>acme-${cert}.service></literal> manually. - </para> - <para> - For nginx, the dependencies are still automatically managed when <option>services.nginx.virtualhosts.<name>.enableACME</option> is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, - instead of depending on the catch-all <literal>acme-certificates.target</literal>. This target unit was also removed from the codebase. - This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal - ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>. - </para> - </listitem> - <listitem> - <para> - The old deprecated <literal>emacs</literal> package sets have been dropped. - What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>. - </para> - </listitem> - <listitem> - <para> - <option>services.xserver.desktopManager.xterm</option> is now disabled by default if <literal>stateVersion</literal> is 19.09 or higher. - Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to - have any desktopManager enabled default. - </para> - </listitem> - <listitem> - <para> - The WeeChat plugin <literal>pkgs.weechatScripts.weechat-xmpp</literal> has been removed as it doesn't receive - any updates from upstream and depends on outdated Python2-based modules. - </para> - </listitem> - <listitem> - <para> - Old unsupported versions (<literal>logstash5</literal>, - <literal>kibana5</literal>, - <literal>filebeat5</literal>, - <literal>heartbeat5</literal>, - <literal>metricbeat5</literal>, - <literal>packetbeat5</literal>) of the ELK-stack and Elastic beats have been removed. - </para> - </listitem> - <listitem> - <para> - For NixOS 19.03, both Prometheus 1 and 2 were available to allow for - a seamless transition from version 1 to 2 with existing setups. - Because Prometheus 1 is no longer developed, it was removed. - Prometheus 2 is now configured with <literal>services.prometheus</literal>. - </para> - </listitem> - <listitem> - <para> - Citrix Receiver (<literal>citrix_receiver</literal>) has been dropped in favor of Citrix Workspace - (<literal>citrix_workspace</literal>). - </para> - </listitem> - <listitem> - <para> - The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>, - <option>services.gitlab.databasePassword</option>, - <option>services.gitlab.initialRootPassword</option>, - <option>services.gitlab.secrets.secret</option>, - <option>services.gitlab.secrets.db</option>, - <option>services.gitlab.secrets.otp</option> and - <option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>, - <option>services.gitlab.databasePasswordFile</option>, - <option>services.gitlab.initialRootPasswordFile</option>, - <option>services.gitlab.secrets.secretFile</option>, - <option>services.gitlab.secrets.dbFile</option>, - <option>services.gitlab.secrets.otpFile</option> and - <option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored - in the world-readable nix store, but means that for each option you'll have to create a file with - the same exact string, add "File" to the end of the option name, and change the definition to a - string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal> - becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the - file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>. - </para> - <para> - The state path (<option>services.gitlab.statePath</option>) now has the following restriction: - no parent directory can be owned by any other user than <literal>root</literal> or the user - specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option> - is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories - must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>. - </para> - </listitem> - <listitem> - <para> - The <option>networking.useDHCP</option> option is unsupported in combination with - <option>networking.useNetworkd</option> in anticipation of defaulting to it. - It has to be set to <literal>false</literal> and enabled per - interface with <option>networking.interfaces.<name>.useDHCP = true;</option> - </para> - </listitem> - <listitem> - <para> - The Twitter client <literal>corebird</literal> has been dropped as <link xlink:href="https://www.patreon.com/posts/corebirds-future-18921328">it is discontinued and does not work against the new Twitter API</link>. - Please use the fork <literal>cawbird</literal> instead which has been adapted to the API changes and is still maintained. - </para> - </listitem> - <listitem> - <para> - The <literal>nodejs-11_x</literal> package has been removed as it's EOLed by upstream. - </para> - </listitem> - <listitem> - <para> - Because of the systemd upgrade, - <application>systemd-timesyncd</application> will no longer work if - <option>system.stateVersion</option> is not set correctly. When - upgrading from NixOS 19.03, please make sure that - <option>system.stateVersion</option> is set to - <literal>"19.03"</literal>, or lower if the installation dates back to an - earlier version of NixOS. - </para> - </listitem> - <listitem> - <para> - Due to the short lifetime of non-LTS kernel releases package attributes like <literal>linux_5_1</literal>, - <literal>linux_5_2</literal> and <literal>linux_5_3</literal> have been removed to discourage dependence - on specific non-LTS kernel versions in stable NixOS releases. - - Going forward, versioned attributes like <literal>linux_4_9</literal> will exist for LTS versions only. - Please use <literal>linux_latest</literal> or <literal>linux_testing</literal> if you depend on non-LTS - releases. Keep in mind that <literal>linux_latest</literal> and <literal>linux_testing</literal> will - change versions under the hood during the lifetime of a stable release and might include breaking changes. - </para> - </listitem> - <listitem> - <para> - Because of the systemd upgrade, - some network interfaces might change their name. For details see - <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html#History"> - upstream docs</link> or <link xlink:href="https://github.com/NixOS/nixpkgs/issues/71086"> - our ticket</link>. - </para> - </listitem> - </itemizedlist> - </section> - - <section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-release-19.09-notable-changes"> - <title>Other Notable Changes</title> - - <itemizedlist> - <listitem> - <para> - The <option>documentation</option> module gained an option named - <option>documentation.nixos.includeAllModules</option> which makes the - generated <citerefentry> - <refentrytitle>configuration.nix</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> manual page include all options - from all NixOS modules included in a given - <literal>configuration.nix</literal> configuration file. Currently, it is - set to <literal>false</literal> by default as enabling it frequently - prevents evaluation. But the plan is to eventually have it set to - <literal>true</literal> by default. Please set it to - <literal>true</literal> now in your <literal>configuration.nix</literal> - and fix all the bugs it uncovers. - </para> - </listitem> - <listitem> - <para> - The <literal>vlc</literal> package gained support for Chromecast - streaming, enabled by default. TCP port 8010 must be open for it to work, - so something like <literal>networking.firewall.allowedTCPPorts = [ 8010 - ];</literal> may be required in your configuration. Also consider enabling - <link xlink:href="https://nixos.wiki/wiki/Accelerated_Video_Playback"> - Accelerated Video Playback</link> for better transcoding performance. - </para> - </listitem> - <listitem> - <para> - The following changes apply if the <literal>stateVersion</literal> is - changed to 19.09 or higher. For <literal>stateVersion = "19.03"</literal> - or lower the old behavior is preserved. - </para> - <itemizedlist> - <listitem> - <para> - <literal>solr.package</literal> defaults to - <literal>pkgs.solr_8</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>hunspellDicts.fr-any</literal> dictionary now ships with <literal>fr_FR.{aff,dic}</literal> - which is linked to <literal>fr-toutesvariantes.{aff,dic}</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>mysql</literal> service now runs as <literal>mysql</literal> - user. Previously, systemd did execute it as root, and mysql dropped privileges - itself. - This includes <literal>ExecStartPre=</literal> and - <literal>ExecStartPost=</literal> phases. - To accomplish that, runtime and data directory setup was delegated to - RuntimeDirectory and tmpfiles. - </para> - </listitem> - <listitem> - <para> - With the upgrade to systemd version 242 the <literal>systemd-timesyncd</literal> - service is no longer using <literal>DynamicUser=yes</literal>. In order for the - upgrade to work we rely on an activation script to move the state from the old - to the new directory. The older directory (prior <literal>19.09</literal>) was - <literal>/var/lib/private/systemd/timesync</literal>. - </para> - <para> - As long as the <literal>system.config.stateVersion</literal> is below - <literal>19.09</literal> the state folder will migrated to its proper location - (<literal>/var/lib/systemd/timesync</literal>), if required. - </para> - </listitem> - <listitem> - <para> - The package <literal>avahi</literal> is now built to look up service - definitions from <literal>/etc/avahi/services</literal> instead of its - output directory in the nix store. Accordingly the module - <option>avahi</option> now supports custom service definitions via - <option>services.avahi.extraServiceFiles</option>, which are then placed - in the aforementioned directory. See <citerefentry> - <refentrytitle>avahi.service</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> for more information on custom service definitions. - </para> - </listitem> - <listitem> - <para> - Since version 0.1.19, <literal>cargo-vendor</literal> honors package - includes that are specified in the <filename>Cargo.toml</filename> - file of Rust crates. <literal>rustPlatform.buildRustPackage</literal> uses - <literal>cargo-vendor</literal> to collect and build dependent crates. - Since this change in <literal>cargo-vendor</literal> changes the set of - vendored files for most Rust packages, the hash that use used to verify - the dependencies, <literal>cargoSha256</literal>, also changes. - </para> - <para> - The <literal>cargoSha256</literal> hashes of all in-tree derivations that - use <literal>buildRustPackage</literal> have been updated to reflect this - change. However, third-party derivations that use - <literal>buildRustPackage</literal> may have to be updated as well. - </para> - </listitem> - <listitem> - <para> - The <literal>consul</literal> package was upgraded past version <literal>1.5</literal>, - so its deprecated legacy UI is no longer available. - </para> - </listitem> - <listitem> - <para> - The default resample-method for PulseAudio has been changed from the upstream default <literal>speex-float-1</literal> - to <literal>speex-float-5</literal>. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this - so you'll need to set <option>hardware.pulseaudio.daemon.config.resample-method</option> back to <literal>speex-float-1</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>phabricator</literal> package and associated <literal>httpd.extraSubservice</literal>, as well as the - <literal>phd</literal> service have been removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>mercurial</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>trac</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs because it was unmaintained. - </para> - </listitem> - <listitem> - <para> - The <literal>foswiki</literal> package and associated <literal>httpd.extraSubservice</literal> have been removed - from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>tomcat-connector</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs. - </para> - </listitem> - <listitem> - <para> - It's now possible to change configuration in - <link linkend="opt-services.nextcloud.enable">services.nextcloud</link> after the initial deploy - since all config parameters are persisted in an additional config file generated by the module. - Previously core configuration like database parameters were set using their imperative - installer after creating <literal>/var/lib/nextcloud</literal>. - </para> - </listitem> - <listitem> - <para> - There exists now <literal>lib.forEach</literal>, which is like <literal>map</literal>, but with - arguments flipped. When mapping function body spans many lines (or has nested - <literal>map</literal>s), it is often hard to follow which list is modified. - </para> - <para> - Previous solution to this problem was either to use <literal>lib.flip map</literal> - idiom or extract that anonymous mapping function to a named one. Both can still be used - but <literal>lib.forEach</literal> is preferred over <literal>lib.flip map</literal>. - </para> - <para> - The <literal>/etc/sysctl.d/nixos.conf</literal> file containing all the options set via - <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link> was moved to - <literal>/etc/sysctl.d/60-nixos.conf</literal>, as - <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> - recommends prefixing all filenames in <literal>/etc/sysctl.d</literal> with a - two-digit number and a dash to simplify the ordering of the files. - </para> - </listitem> - <listitem> - <para> - We now install the sysctl snippets shipped with systemd. - <itemizedlist> - <para>This enables:</para> - <listitem> - <para>Loose reverse path filtering</para> - </listitem> - <listitem> - <para>Source route filtering</para> - </listitem> - <listitem> - <para> - <literal>fq_codel</literal> as a packet scheduler (this helps to fight bufferbloat) - </para> - </listitem> - </itemizedlist> - This also configures the kernel to pass core dumps to <literal>systemd-coredump</literal>, - and restricts the SysRq key combinations to the sync command only. - These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>, - and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link> - (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>). - </para> - </listitem> - <listitem> - <para> - Core dumps are now processed by <literal>systemd-coredump</literal> - by default. <literal>systemd-coredump</literal> behaviour can - still be modified via - <option>systemd.coredump.extraConfig</option>. To stick to the - old behaviour (having the kernel dump to a file called - <literal>core</literal> in the working directory), without piping - it through <literal>systemd-coredump</literal>, set - <option>systemd.coredump.enable</option> to - <literal>false</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>systemd.packages</literal> option now also supports generators and - shutdown scripts. Old <literal>systemd.generator-packages</literal> option has - been removed. - </para> - </listitem> - <listitem> - <para> - The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer. - Use <literal>rspamd</literal> in proxy mode instead. - </para> - </listitem> - <listitem> - <para> - systemd cgroup accounting via the - <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link> - option is now enabled by default. It now also enables the more recent Block IO and IP accounting - features. - </para> - </listitem> - <listitem> - <para> - We no longer enable custom font rendering settings with <option>fonts.fontconfig.penultimate.enable</option> by default. - The defaults from fontconfig are sufficient. - </para> - </listitem> - <listitem> - <para> - The <literal>crashplan</literal> package and the - <literal>crashplan</literal> service have been removed from nixpkgs due to - crashplan shutting down the service, while the <literal>crashplansb</literal> - package and <literal>crashplan-small-business</literal> service have been - removed from nixpkgs due to lack of maintainer. - </para> - <para> - The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user, - <filename class="directory">/run/redis</filename> as runtime directory and - <filename class="directory">/var/lib/redis</filename> as state directory. - Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP), - because this features causes major performance problems for Redis, - e.g. (https://redis.io/topics/latency). - </para> - </listitem> - <listitem> - <para> - Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>. - <itemizedlist> - <para>Users of the following options will have this enabled by default:</para> - <listitem> - <para><option>services.xserver.enable</option></para> - </listitem> - <listitem> - <para><option>programs.sway.enable</option></para> - </listitem> - <listitem> - <para><option>programs.way-cooler.enable</option></para> - </listitem> - <listitem> - <para><option>services.xrdp.enable</option></para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - The <literal>altcoins</literal> categorization of packages has - been removed. You now access these packages at the top level, - ie. <literal>nix-shell -p dogecoin</literal> instead of - <literal>nix-shell -p altcoins.dogecoin</literal>, etc. - </para> - </listitem> - <listitem> - <para> - Ceph has been upgraded to v14.2.1. - See the <link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release notes</link> for details. - The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. - Note: There's been some issues with python-cherrypy, which is used by the dashboard - and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch. - </para> - </listitem> - <listitem> - <para> - <literal>pkgs.weechat</literal> is now compiled against <literal>pkgs.python3</literal>. - Weechat also recommends <link xlink:href="https://weechat.org/scripts/python3/">to use Python3 - in their docs.</link> - </para> - </listitem> - </itemizedlist> - </section> -</section> |