diff options
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/configuration/gpu-accel.xml | 88 | ||||
| -rw-r--r-- | nixos/doc/manual/development/writing-nixos-tests.xml | 6 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 180 |
3 files changed, 264 insertions, 10 deletions
diff --git a/nixos/doc/manual/configuration/gpu-accel.xml b/nixos/doc/manual/configuration/gpu-accel.xml index 0aa629cce98..9928121a56e 100644 --- a/nixos/doc/manual/configuration/gpu-accel.xml +++ b/nixos/doc/manual/configuration/gpu-accel.xml @@ -100,6 +100,35 @@ ROCR_EXT_DIR=`nix-build '<nixpkgs>' --no-out-link -A rocm-runtime-ext`/lib Image support Yes</screen> </para> </section> + + <section xml:id="sec-gpu-accel-opencl-intel"> + <title>Intel</title> + + <para> + <link + xlink:href="https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8">Intel + Gen8 and later GPUs</link> are supported by the Intel NEO OpenCL + runtime that is provided by the + <package>intel-compute-runtime</package> package. For Gen7 GPUs, + the deprecated Beignet runtime can be used, which is provided + by the <package>beignet</package> package. The proprietary Intel + OpenCL runtime, in the <package>intel-ocl</package> package, is + an alternative for Gen7 GPUs. + </para> + + <para> + The <package>intel-compute-runtime</package>, <package>beignet</package>, + or <package>intel-ocl</package> package can be added to + <xref linkend="opt-hardware.opengl.extraPackages"/> to enable OpenCL + support. For example, for Gen8 and later GPUs, the following + configuration can be used: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + intel-compute-runtime +];</programlisting> + + </para> + </section> </section> <section xml:id="sec-gpu-accel-vulkan"> @@ -190,4 +219,63 @@ GPU1: </para> </section> </section> + + <section xml:id="sec-gpu-accel-common-issues"> + <title>Common issues</title> + + <section xml:id="sec-gpu-accel-common-issues-permissions"> + <title>User permissions</title> + + <para> + Except where noted explicitly, it should not be necessary to + adjust user permissions to use these acceleration APIs. In the default + configuration, GPU devices have world-read/write permissions + (<filename>/dev/dri/renderD*</filename>) or are tagged as + <code>uaccess</code> (<filename>/dev/dri/card*</filename>). The + access control lists of devices with the <varname>uaccess</varname> + tag will be updated automatically when a user logs in through + <command>systemd-logind</command>. For example, if the user + <emphasis>jane</emphasis> is logged in, the access control list + should look as follows: + + <screen><prompt>$</prompt> getfacl /dev/dri/card0 +# file: dev/dri/card0 +# owner: root +# group: video +user::rw- +user:jane:rw- +group::rw- +mask::rw- +other::---</screen> + + If you disabled (this functionality of) <command>systemd-logind</command>, + you may need to add the user to the <code>video</code> group and + log in again. + </para> + </section> + + <section xml:id="sec-gpu-accel-common-issues-mixing-nixpkgs"> + <title>Mixing different versions of nixpkgs</title> + + <para> + The <emphasis>Installable Client Driver</emphasis> (ICD) + mechanism used by OpenCL and Vulkan loads runtimes into its address + space using <code>dlopen</code>. Mixing an ICD loader mechanism and + runtimes from different version of nixpkgs may not work. For example, + if the ICD loader uses an older version of <package>glibc</package> + than the runtime, the runtime may not be loadable due to + missing symbols. Unfortunately, the loader will generally be quiet + about such issues. + </para> + + <para> + If you suspect that you are running into library version mismatches + between an ICL loader and a runtime, you could run an application with + the <code>LD_DEBUG</code> variable set to get more diagnostic + information. For example, OpenCL can be tested with + <code>LD_DEBUG=files clinfo</code>, which should report missing + symbols. + </para> + </section> + </section> </chapter> diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml index d9dc3cd5e2a..74ab23605b3 100644 --- a/nixos/doc/manual/development/writing-nixos-tests.xml +++ b/nixos/doc/manual/development/writing-nixos-tests.xml @@ -216,12 +216,12 @@ start_all() </varlistentry> <varlistentry> <term> - <methodname>send_keys</methodname> + <methodname>send_key</methodname> </term> <listitem> <para> Simulate pressing keys on the virtual keyboard, e.g., - <literal>send_keys("ctrl-alt-delete")</literal>. + <literal>send_key("ctrl-alt-delete")</literal>. </para> </listitem> </varlistentry> @@ -232,7 +232,7 @@ start_all() <listitem> <para> Simulate typing a sequence of characters on the virtual keyboard, e.g., - <literal>send_keys("foobar\n")</literal> will type the string + <literal>send_chars("foobar\n")</literal> will type the string <literal>foobar</literal> followed by the Enter key. </para> </listitem> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index e03a5f5ce5c..7a06c06fed1 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -44,6 +44,11 @@ </listitem> <listitem> <para> + PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release. + </para> + </listitem> + <listitem> + <para> Python 3 now defaults to Python 3.8 instead of 3.7. </para> </listitem> @@ -109,6 +114,17 @@ systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only"; systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ]; </programlisting> </para> + <para> + The MySQL service no longer runs its <literal>systemd</literal> service startup script as <literal>root</literal> anymore. A dedicated non <literal>root</literal> + super user account is required for operation. This means users with an existing MySQL or MariaDB database server are required to run the following SQL statements + as a super admin user before upgrading: +<programlisting> +CREATE USER IF NOT EXISTS 'mysql'@'localhost' identified with unix_socket; +GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; +</programlisting> + If you use MySQL instead of MariaDB please replace <literal>unix_socket</literal> with <literal>auth_socket</literal>. If you have changed the value of <xref linkend="opt-services.mysql.user"/> + from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead. + </para> </listitem> <listitem> <para> @@ -135,6 +151,11 @@ systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ]; The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds. </para> </listitem> + <listitem> + <para> + Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project. + </para> + </listitem> </itemizedlist> </section> @@ -518,6 +539,46 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; <listitem> <para> In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>. + </para> + </listitem> + <listitem> + <para> + Users of <link xlink:href="http://openafs.org">OpenAFS 1.6</link> must + upgrade their services to OpenAFS 1.8! In this release, the OpenAFS package + version 1.6.24 is marked broken but can be used during transition to + OpenAFS 1.8.x. Use the options + <option>services.openafsClient.packages.module</option>, + <option>services.openafsClient.packages.programs</option> and + <option>services.openafsServer.package</option> to select a different + OpenAFS package. OpenAFS 1.6 will be removed in the next release. The + package <literal>openafs</literal> and the service options will then + silently point to the OpenAFS 1.8 release. + </para> + <para> + See also the OpenAFS <link + xlink:href="http://docs.openafs.org/AdminGuide/index.html">Administrator + Guide</link> for instructions. Beware of the following when updating + servers: + <itemizedlist> + <listitem> + <para> + The storage format of the server key has changed and the key must be converted before running the new release. + </para> + </listitem> + <listitem> + <para> + When updating multiple database servers, turn off the database servers + from the highest IP down to the lowest with resting periods in + between. Start up in reverse order. Do not concurrently run database + servers working with different OpenAFS releases! + </para> + </listitem> + <listitem> + <para> + Update servers first, then clients. + </para> + </listitem> + </itemizedlist> </para> </listitem> <listitem> @@ -544,27 +605,90 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; to be used for every display-manager in NixOS. </para> </listitem> - <listitem> + <listitem> <para> The <literal>bitcoind</literal> module has changed to multi-instance, using submodules. - Therefore, it is now mandatory to name each instance, e.g.: + Therefore, it is now mandatory to name each instance. + To use this new multi-instance config with an existing bitcoind data directory and user, + you have to adjust the original config, e.g.: +<programlisting> + services.bitcoind = { + enable = true; + extraConfig = "..."; + ... + }; +</programlisting> + To something similar: +<programlisting> + services.bitcoind.mainnet = { + enable = true; + dataDir = "/var/lib/bitcoind"; + user = "bitcoin"; + extraConfig = "..."; + ... + }; +</programlisting> + The key settings are: + <itemizedlist> + <listitem> + <para> + <literal>dataDir</literal> - to continue using the same data directory. + </para> + </listitem> + <listitem> + <para> + <literal>user</literal> - to continue using the same user so that bitcoind maintains access to its files. + </para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + Graylog introduced a change in the LDAP server certificate validation behaviour for version 3.3.3 which might break existing setups. + When updating Graylog from a version before 3.3.3 make sure to check the Graylog <link xlink:href="https://www.graylog.org/post/announcing-graylog-v3-3-3">release info</link> for information on how to avoid the issue. + </para> + </listitem> + <listitem> + <para> + The <literal>dokuwiki</literal> module has changed to multi-instance, using submodules. + Therefore, it is now mandatory to name each instance. Moreover, forcing SSL by default has been dropped, so + <literal>nginx.forceSSL</literal> and <literal>nginx.enableACME</literal> are no longer set to <literal>true</literal>. + To continue using your service with the original SSL settings, you have to adjust the original config, e.g.: <programlisting> -services.bitcoind = { +services.dokuwiki = { enable = true; + ... }; </programlisting> - requires a name now: + To something similar: <programlisting> -services.bitcoind."example-mainnet" = { +services.dokuwiki."mywiki" = { enable = true; + nginx = { + forceSSL = true; + enableACME = true; + }; + ... }; </programlisting> + The base package has also been upgraded to the 2020-07-29 "Hogfather" release. Plugins might be incompatible or require upgrading. </para> </listitem> <listitem> <para> - Graylog introduced a change in the LDAP server certificate validation behaviour for version 3.3.3 which might break existing setups. - When updating Graylog from a version before 3.3.3 make sure to check the Graylog <link xlink:href="https://www.graylog.org/post/announcing-graylog-v3-3-3">release info</link> for information on how to avoid the issue. + The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your + <xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.09</literal> or below + should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly + set this value to maintain compatibility: +<programlisting> +services.postgresql.dataDir = "/var/db/postgresql"; +</programlisting> + </para> + </listitem> + <listitem> + <para> + The USBGuard module now removes options and instead hardcodes values for <literal>IPCAccessControlFiles</literal>, <literal>ruleFiles</literal>, and <literal>auditFilePath</literal>. Audit logs can be found in the journal. </para> </listitem> </itemizedlist> @@ -604,6 +728,11 @@ services.bitcoind."example-mainnet" = { </listitem> <listitem> <para> + <literal>buildGoModule</literal> <literal>doCheck</literal> now defaults to <literal>true</literal>. + </para> + </listitem> + <listitem> + <para> Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal> mode for the <literal>checkPhase</literal> by default. </para> @@ -661,6 +790,37 @@ services.bitcoind."example-mainnet" = { </listitem> <listitem> <para> + The <literal>services.transmission</literal> module + was enhanced with the new options: + <xref linkend="opt-services.transmission.credentialsFile"/>, + <xref linkend="opt-services.transmission.openFirewall"/>, + and <xref linkend="opt-services.transmission.performanceNetParameters"/>. + </para> + <para> + <literal>transmission-daemon</literal> is now started with additional systemd sandbox/hardening options for better security. + Please <link xlink:href="https://github.com/NixOS/nixpkgs/issues">report</link> + any use case where this is not working well. + In particular, the <literal>RootDirectory</literal> option newly set + forbids uploading or downloading a torrent outside of the default directory + configured at <link linkend="opt-services.transmission.settings">settings.download-dir</link>. + If you really need Transmission to access other directories, + you must include those directories into the <literal>BindPaths</literal> of the service: +<programlisting> +systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ]; +</programlisting> + </para> + <para> + Also, connection to the RPC (Remote Procedure Call) of <literal>transmission-daemon</literal> + is now only available on the local network interface by default. + Use: +<programlisting> +services.transmission.settings.rpc-bind-address = "0.0.0.0"; +</programlisting> + to get the previous behavior of listening on all network interfaces. + </para> + </listitem> + <listitem> + <para> With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>) has it's netlink socket created through a <literal>systemd.socket</literal> unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) @@ -741,6 +901,12 @@ services.bitcoind."example-mainnet" = { There are no functional changes, however this may require updating some configurations to use correct types for all attributes. </para> </listitem> + <listitem> + <para> + The <literal>fontconfig</literal> module stopped generating fontconfig 2.10.x config and cache. + Fontconfig 2.10.x was removed from Nixpkgs - it hasn't been used in any nixpkgs package anymore. + </para> + </listitem> </itemizedlist> </section> </section> |