From 1f6969dd5e579a2d4ed8ffd2dc32ba184cc4eda6 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Mon, 21 Jun 2021 19:59:44 -0500 Subject: docs: nixos release notes (w/o 2105 - separate PR) docs: nixos release notes (revise code blocks) docs: nixos release notes (fix opt links outside of code blocks) docs: nixos release notes (fix opt links inside of code blocks) went fishing with: ```console rg -A1 \ --multiline \ --multiline-dotall \ '[^]+' \ | rg linkend ``` docs: nixos release notes (prettier) docs: nixos release notes (fix zonefile codeblocks) docs: nixos release notes (restore admonition from prettier destriction) docs: nixos release notes (recreate xml files) docs: nixos release notes (fix trnslation error md -> xml) admonition with a title seem not to work docs: nixos release notes (fix code block indentation) docs: nixos release notes (diff after converting with https://github.com/NixOS/nixpkgs/pull/127270) docs: nixos release notes (fix remaingin '???') Those where not catched i a previous iteration since they didn't satisfy the then presumed search regex `#opt-.*` doc: nixos release notes make docbook/md conversion consistent --- .../from_md/release-notes/rl-1809.section.xml | 941 +++++++++++++++++++++ 1 file changed, 941 insertions(+) create mode 100644 nixos/doc/manual/from_md/release-notes/rl-1809.section.xml (limited to 'nixos/doc/manual/from_md/release-notes/rl-1809.section.xml') diff --git a/nixos/doc/manual/from_md/release-notes/rl-1809.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1809.section.xml new file mode 100644 index 00000000000..aa4637a99b6 --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-1809.section.xml @@ -0,0 +1,941 @@ +
+ Release 18.09 (<quote>Jellyfish</quote>, 2018/10/05) +
+ Highlights + + In addition to numerous new and upgraded packages, this release + has the following notable updates: + + + + + End of support is planned for end of April 2019, handing over + to 19.03. + + + + + Platform support: x86_64-linux and x86_64-darwin as always. + Support for aarch64-linux is as with the previous releases, + not equivalent to the x86-64-linux release, but with efforts + to reach parity. + + + + + Nix has been updated to 2.1; see its + release + notes. + + + + + Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → + 2.27, gcc: 7 (unchanged), systemd: 237 → 239. + + + + + Desktop version changes: gnome: 3.26 → 3.28, (KDE) + plasma-desktop: 5.12 → 5.13. + + + + + Notable changes and additions for 18.09 include: + + + + + Support for wrapping binaries using + firejail has been added through + programs.firejail.wrappedBinaries. + + + For example + + +{ + programs.firejail = { + enable = true; + wrappedBinaries = { + firefox = "${lib.getBin pkgs.firefox}/bin/firefox"; + mpv = "${lib.getBin pkgs.mpv}/bin/mpv"; + }; + }; +} + + + This will place firefox and + mpv binaries in the global path wrapped by + firejail. + + + + + User channels are now in the default + NIX_PATH, allowing users to use their + personal nix-channel defined channels in + nix-build and nix-shell + commands, as well as in imports like + import <mychannel>. + + + For example + + +$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable +$ nix-channel --update +$ nix-build '<nixpkgsunstable>' -A gitFull +$ nix run -f '<nixpkgsunstable>' gitFull +$ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' + + + +
+
+ New Services + + A curated selection of new services that were added since the last + release: + + + + + The services.cassandra module has been + reworked and was rewritten from scratch. The service has + succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of + Apache + Cassandra. + + + + + There is a new services.foundationdb module + for deploying + FoundationDB + clusters. + + + + + When enabled the iproute2 will copy the + files expected by ip route (e.g., + rt_tables) in + /etc/iproute2. This allows to write aliases + for routing tables for instance. + + + + + services.strongswan-swanctl is a modern + replacement for services.strongswan. You + can use either one of them to setup IPsec VPNs but not both at + the same time. + + + services.strongswan-swanctl uses the + swanctl + command which uses the modern + vici + Versatile IKE Configuration Interface. + The deprecated ipsec command used in + services.strongswan is using the legacy + stroke + configuration interface. + + + + + The new services.elasticsearch-curator + service periodically curates or manages, your Elasticsearch + indices and snapshots. + + + + + Every new services: + + + + + ./config/xdg/autostart.nix + + + + + ./config/xdg/icons.nix + + + + + ./config/xdg/menus.nix + + + + + ./config/xdg/mime.nix + + + + + ./hardware/brightnessctl.nix + + + + + ./hardware/onlykey.nix + + + + + ./hardware/video/uvcvideo/default.nix + + + + + ./misc/documentation.nix + + + + + ./programs/firejail.nix + + + + + ./programs/iftop.nix + + + + + ./programs/sedutil.nix + + + + + ./programs/singularity.nix + + + + + ./programs/xss-lock.nix + + + + + ./programs/zsh/zsh-autosuggestions.nix + + + + + ./services/admin/oxidized.nix + + + + + ./services/backup/duplicati.nix + + + + + ./services/backup/restic.nix + + + + + ./services/backup/restic-rest-server.nix + + + + + ./services/cluster/hadoop/default.nix + + + + + ./services/databases/aerospike.nix + + + + + ./services/databases/monetdb.nix + + + + + ./services/desktops/bamf.nix + + + + + ./services/desktops/flatpak.nix + + + + + ./services/desktops/zeitgeist.nix + + + + + ./services/development/bloop.nix + + + + + ./services/development/jupyter/default.nix + + + + + ./services/hardware/lcd.nix + + + + + ./services/hardware/undervolt.nix + + + + + ./services/misc/clipmenu.nix + + + + + ./services/misc/gitweb.nix + + + + + ./services/misc/serviio.nix + + + + + ./services/misc/safeeyes.nix + + + + + ./services/misc/sysprof.nix + + + + + ./services/misc/weechat.nix + + + + + ./services/monitoring/datadog-agent.nix + + + + + ./services/monitoring/incron.nix + + + + + ./services/networking/dnsdist.nix + + + + + ./services/networking/freeradius.nix + + + + + ./services/networking/hans.nix + + + + + ./services/networking/morty.nix + + + + + ./services/networking/ndppd.nix + + + + + ./services/networking/ocserv.nix + + + + + ./services/networking/owamp.nix + + + + + ./services/networking/quagga.nix + + + + + ./services/networking/shadowsocks.nix + + + + + ./services/networking/stubby.nix + + + + + ./services/networking/zeronet.nix + + + + + ./services/security/certmgr.nix + + + + + ./services/security/cfssl.nix + + + + + ./services/security/oauth2_proxy_nginx.nix + + + + + ./services/web-apps/virtlyst.nix + + + + + ./services/web-apps/youtrack.nix + + + + + ./services/web-servers/hitch/default.nix + + + + + ./services/web-servers/hydron.nix + + + + + ./services/web-servers/meguca.nix + + + + + ./services/web-servers/nginx/gitweb.nix + + + + + ./virtualisation/kvmgt.nix + + + + + ./virtualisation/qemu-guest-agent.nix + + + +
+
+ Backward Incompatibilities + + When upgrading from a previous release, please be aware of the + following incompatible changes: + + + + + Some licenses that were incorrectly not marked as unfree now + are. This is the case for: + + + + + cc-by-nc-sa-20: Creative Commons Attribution Non + Commercial Share Alike 2.0 + + + + + cc-by-nc-sa-25: Creative Commons Attribution Non + Commercial Share Alike 2.5 + + + + + cc-by-nc-sa-30: Creative Commons Attribution Non + Commercial Share Alike 3.0 + + + + + cc-by-nc-sa-40: Creative Commons Attribution Non + Commercial Share Alike 4.0 + + + + + cc-by-nd-30: Creative Commons Attribution-No Derivative + Works v3.00 + + + + + msrla: Microsoft Research License Agreement + + + + + + + The deprecated services.cassandra module + has seen a complete rewrite. (See above.) + + + + + lib.strict is removed. Use + builtins.seq instead. + + + + + The clementine package points now to the + free derivation. clementineFree is removed + now and clementineUnfree points to the + package which is bundled with the unfree + libspotify package. + + + + + The netcat package is now taken directly + from OpenBSD's libressl, instead of relying + on Debian's fork. The new version should be very close to the + old version, but there are some minor differences. + Importantly, flags like -b, -q, -C, and -Z are no longer + accepted by the nc command. + + + + + The services.docker-registry.extraConfig + object doesn't contain environment variables anymore. Instead + it needs to provide an object structure that can be mapped + onto the YAML configuration defined in + the + docker/distribution docs. + + + + + gnucash has changed from version 2.4 to + 3.x. If you've been using gnucash (version + 2.4) instead of gnucash26 (version 2.6) you + must open your Gnucash data file(s) with + gnucash26 and then save them to upgrade the + file format. Then you may use your data file(s) with Gnucash + 3.x. See the upgrade + documentation. + Gnucash 2.4 is still available under the attribute + gnucash24. + + + + + services.munge now runs as user (and group) + munge instead of root. Make sure the key + file is accessible to the daemon. + + + + + dockerTools.buildImage now uses + null as default value for + tag, which indicates that the nix output + hash will be used as tag. + + + + + The ELK stack: elasticsearch, + logstash and kibana has + been upgraded from 2.* to 6.3.*. The 2.* versions have been + unsupported + since last year so they have been removed. You can + still use the 5.* versions under the names + elasticsearch5, + logstash5 and kibana5. + + + The elastic beats: filebeat, + heartbeat, metricbeat + and packetbeat have had the same treatment: + they now target 6.3.* as well. The 5.* versions are available + under the names: filebeat5, + heartbeat5, metricbeat5 + and packetbeat5 + + + The ELK-6.3 stack now comes with + X-Pack + by default. Since X-Pack is licensed under the + Elastic + License the ELK packages now have an unfree license. To + use them you need to specify + allowUnfree = true; in your nixpkgs + configuration. + + + Fortunately there is also a free variant of the ELK stack + without X-Pack. The packages are available under the names: + elasticsearch-oss, + logstash-oss and + kibana-oss. + + + + + Options + boot.initrd.luks.devices.name.yubikey.ramfsMountPoint + boot.initrd.luks.devices.name.yubikey.storage.mountPoint + were removed. luksroot.nix module never + supported more than one YubiKey at a time anyway, hence those + options never had any effect. You should be able to remove + them from your config without any issues. + + + + + stdenv.system and system + in nixpkgs now refer to the host platform instead of the build + platform. For native builds this is not change, let alone a + breaking one. For cross builds, it is a breaking change, and + stdenv.buildPlatform.system can be used + instead for the old behavior. They should be using that + anyways for clarity. + + + + + Groups kvm and render + are introduced now, as systemd requires them. + + + +
+
+ Other Notable Changes + + + + dockerTools.pullImage relies on image + digest instead of image tag to download the image. The + sha256 of a pulled image has to be updated. + + + + + lib.attrNamesToStr has been deprecated. Use + more specific concatenation + (lib.concat(Map)StringsSep) instead. + + + + + lib.addErrorContextToAttrs has been + deprecated. Use builtins.addErrorContext + directly. + + + + + lib.showVal has been deprecated. Use + lib.traceSeqN instead. + + + + + lib.traceXMLVal has been deprecated. Use + lib.traceValFn builtins.toXml instead. + + + + + lib.traceXMLValMarked has been deprecated. + Use + lib.traceValFn (x: str + builtins.toXML x) + instead. + + + + + The pkgs argument to NixOS modules can now + be set directly using nixpkgs.pkgs. + Previously, only the system, + config and overlays + arguments could be used to influence pkgs. + + + + + A NixOS system can now be constructed more easily based on a + preexisting invocation of Nixpkgs. For example: + + +{ + inherit (pkgs.nixos { + boot.loader.grub.enable = false; + fileSystems."/".device = "/dev/xvda1"; + }) toplevel kernel initialRamdisk manual; +} + + + This benefits evaluation performance, lets you write Nixpkgs + packages that depend on NixOS images and is consistent with a + deployment architecture that would be centered around Nixpkgs + overlays. + + + + + lib.traceValIfNot has been deprecated. Use + if/then/else and + lib.traceValSeq instead. + + + + + lib.traceCallXml has been deprecated. + Please complain if you use the function regularly. + + + + + The attribute lib.nixpkgsVersion has been + deprecated in favor of lib.version. Please + refer to the discussion in + NixOS/nixpkgs#39416 + for further reference. + + + + + lib.recursiveUpdateUntil was not acting + according to its specification. It has been fixed to act + according to the docstring, and a test has been added. + + + + + The module for security.dhparams has two + new options now: + + + + + security.dhparams.stateless + + + + Puts the generated Diffie-Hellman parameters into the + Nix store instead of managing them in a stateful manner + in /var/lib/dhparams. + + + + + + security.dhparams.defaultBitSize + + + + The default bit size to use for the generated + Diffie-Hellman parameters. + + + + + + + The path to the actual generated parameter files should now + be queried using + config.security.dhparams.params.name.path + because it might be either in the Nix store or in a + directory configured by + security.dhparams.path. + + + + + For developers: + + + Module implementers should not set a specific bit size in + order to let users configure it by themselves if they want + to have a different bit size than the default (2048). + + + An example usage of this would be: + + +{ config, ... }: + +{ + security.dhparams.params.myservice = {}; + environment.etc."myservice.conf".text = '' + dhparams = ${config.security.dhparams.params.myservice.path} + ''; +} + + + + + + networking.networkmanager.useDnsmasq has + been deprecated. Use + networking.networkmanager.dns instead. + + + + + The Kubernetes package has been bumped to major version 1.11. + Please consult the + release + notes for details on new features and api changes. + + + + + The option + services.kubernetes.apiserver.admissionControl + was renamed to + services.kubernetes.apiserver.enableAdmissionPlugins. + + + + + Recommended way to access the Kubernetes Dashboard is via + HTTPS (TLS) Therefore; public service port for the dashboard + has changed to 443 (container port 8443) and scheme to https. + + + + + The option + services.kubernetes.apiserver.address was + renamed to + services.kubernetes.apiserver.bindAddress. + Note that the default value has changed from 127.0.0.1 to + 0.0.0.0. + + + + + The option + services.kubernetes.apiserver.publicAddress + was not used and thus has been removed. + + + + + The option + services.kubernetes.addons.dashboard.enableRBAC + was renamed to + services.kubernetes.addons.dashboard.rbac.enable. + + + + + The Kubernetes Dashboard now has only minimal RBAC permissions + by default. If dashboard cluster-admin rights are desired, set + services.kubernetes.addons.dashboard.rbac.clusterAdmin + to true. On existing clusters, in order for the revocation of + privileges to take effect, the current ClusterRoleBinding for + kubernetes-dashboard must be manually removed: + kubectl delete clusterrolebinding kubernetes-dashboard + + + + + The programs.screen module provides allows + to configure /etc/screenrc, however the + module behaved fairly counterintuitive as the config exists, + but the package wasn't available. Since 18.09 + pkgs.screen will be added to + environment.systemPackages. + + + + + The module services.networking.hostapd now + uses WPA2 by default. + + + + + s6Dns, s6Networking, + s6LinuxUtils and + s6PortableUtils renamed to + s6-dns, s6-networking, + s6-linux-utils and + s6-portable-utils respectively. + + + + + The module option nix.useSandbox is now + defaulted to true. + + + + + The config activation script of + nixos-rebuild now + reloads + all user units for each authenticated user. + + + + + The default display manager is now LightDM. To use SLiM set + services.xserver.displayManager.slim.enable + to true. + + + + + NixOS option descriptions are now automatically broken up into + individual paragraphs if the text contains two consecutive + newlines, so it's no longer necessary to use + </para><para> to start a new + paragraph. + + + + + Top-level buildPlatform, + hostPlatform, and + targetPlatform in Nixpkgs are deprecated. + Please use their equivalents in stdenv + instead: stdenv.buildPlatform, + stdenv.hostPlatform, and + stdenv.targetPlatform. + + + +
+
-- cgit 1.4.1