Merge branch 'master' into docker-registry-enhancements

author: Robin Gloster <mail@glob.in> 2018-05-02 13:12:57 +0200
committer: GitHub <noreply@github.com> 2018-05-02 13:12:57 +0200
commit: fe9096ef09f325d31186dcc8ed70cba805db9a01 (patch)
tree: 0716433968e4e098e802870e983477b63c7ba3e9 /nixos/doc/manual/release-notes
parent: afd3136e8efe2cbd477cb6db7be5ad7b2eb7efc6 (diff)
parent: 78f09c9102aca07e7f837fbc1ca8394b59bb741e (diff)
download: nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.gz
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.bz2
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.lz
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.xz
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.zst
nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.zip
11 files changed, 4290 insertions, 2563 deletions
diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml
index b7f9fab44f3b..94f176186b6e 100644
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@@ -3,21 +3,19 @@
           xmlns:xi="http://www.w3.org/2001/XInclude"
           version="5.0"
           xml:id="ch-release-notes">
-
-<title>Release Notes</title>
-
-<para>This section lists the release notes for each stable version of NixOS
-and current unstable revision.</para>
-
-<xi:include href="rl-1809.xml" />
-<xi:include href="rl-1803.xml" />
-<xi:include href="rl-1709.xml" />
-<xi:include href="rl-1703.xml" />
-<xi:include href="rl-1609.xml" />
-<xi:include href="rl-1603.xml" />
-<xi:include href="rl-1509.xml" />
-<xi:include href="rl-1412.xml" />
-<xi:include href="rl-1404.xml" />
-<xi:include href="rl-1310.xml" />
-
+ <title>Release Notes</title>
+ <para>
+  This section lists the release notes for each stable version of NixOS and
+  current unstable revision.
+ </para>
+ <xi:include href="rl-1809.xml" />
+ <xi:include href="rl-1803.xml" />
+ <xi:include href="rl-1709.xml" />
+ <xi:include href="rl-1703.xml" />
+ <xi:include href="rl-1609.xml" />
+ <xi:include href="rl-1603.xml" />
+ <xi:include href="rl-1509.xml" />
+ <xi:include href="rl-1412.xml" />
+ <xi:include href="rl-1404.xml" />
+ <xi:include href="rl-1310.xml" />
 </appendix>
diff --git a/nixos/doc/manual/release-notes/rl-1310.xml b/nixos/doc/manual/release-notes/rl-1310.xml
index 583912d70738..248bab70c36b 100644
--- a/nixos/doc/manual/release-notes/rl-1310.xml
+++ b/nixos/doc/manual/release-notes/rl-1310.xml
@@ -3,9 +3,9 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-13.10">
+ <title>Release 13.10 (“Aardvark”, 2013/10/31)</title>
 
-<title>Release 13.10 (“Aardvark”, 2013/10/31)</title>
-
-<para>This is the first stable release branch of NixOS.</para>
-
+ <para>
+  This is the first stable release branch of NixOS.
+ </para>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1404.xml b/nixos/doc/manual/release-notes/rl-1404.xml
index 137caf14cba2..8d8cea4303a3 100644
--- a/nixos/doc/manual/release-notes/rl-1404.xml
+++ b/nixos/doc/manual/release-notes/rl-1404.xml
@@ -3,158 +3,177 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-14.04">
-
-<title>Release 14.04 (“Baboon”, 2014/04/30)</title>
-
-<para>This is the second stable release branch of NixOS.  In addition
-to numerous new and upgraded packages and modules, this release has
-the following highlights:
-
-<itemizedlist>
-
-  <listitem><para>Installation on UEFI systems is now supported.  See
-  <xref linkend="sec-installation"/> for
-  details.</para></listitem>
-
-  <listitem><para>Systemd has been updated to version 212, which has
-  <link xlink:href="http://cgit.freedesktop.org/systemd/systemd/plain/NEWS?id=v212">numerous
-  improvements</link>. NixOS now automatically starts systemd user
-  instances when you log in. You can define global user units through
-  the <option>systemd.unit.*</option> options.</para></listitem>
-
-  <listitem><para>NixOS is now based on Glibc 2.19 and GCC
-  4.8.</para></listitem>
-
-  <listitem><para>The default Linux kernel has been updated to
-  3.12.</para></listitem>
-
-  <listitem><para>KDE has been updated to 4.12.</para></listitem>
-
-  <listitem><para>GNOME 3.10 experimental support has been added.</para></listitem>
-
-  <listitem><para>Nix has been updated to 1.7 (<link
-  xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>).</para></listitem>
-
-  <listitem><para>NixOS now supports fully declarative management of
-  users and groups. If you set <option>users.mutableUsers</option> to
-  <literal>false</literal>, then the contents of
-  <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
-  will be <link
+ <title>Release 14.04 (“Baboon”, 2014/04/30)</title>
+
+ <para>
+  This is the second stable release branch of NixOS. In addition to numerous
+  new and upgraded packages and modules, this release has the following
+  highlights:
+  <itemizedlist>
+   <listitem>
+    <para>
+     Installation on UEFI systems is now supported. See
+     <xref linkend="sec-installation"/> for details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Systemd has been updated to version 212, which has
+     <link xlink:href="http://cgit.freedesktop.org/systemd/systemd/plain/NEWS?id=v212">numerous
+     improvements</link>. NixOS now automatically starts systemd user instances
+     when you log in. You can define global user units through the
+     <option>systemd.unit.*</option> options.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     NixOS is now based on Glibc 2.19 and GCC 4.8.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The default Linux kernel has been updated to 3.12.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     KDE has been updated to 4.12.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     GNOME 3.10 experimental support has been added.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Nix has been updated to 1.7
+     (<link
+  xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     NixOS now supports fully declarative management of users and groups. If
+     you set <option>users.mutableUsers</option> to <literal>false</literal>,
+     then the contents of <filename>/etc/passwd</filename> and
+     <filename>/etc/group</filename> will be
+     <link
   xlink:href="https://www.usenix.org/legacy/event/lisa02/tech/full_papers/traugott/traugott_html/">congruent</link>
-  to your NixOS configuration. For instance, if you remove a user from
-  <option>users.extraUsers</option> and run
-  <command>nixos-rebuild</command>, the user account will cease to
-  exist. Also, imperative commands for managing users and groups, such
-  as <command>useradd</command>, are no longer available. If
-  <option>users.mutableUsers</option> is <literal>true</literal> (the
-  default), then behaviour is unchanged from NixOS
-  13.10.</para></listitem>
-
-  <listitem><para>NixOS now has basic container support, meaning you
-  can easily run a NixOS instance as a container in a NixOS host
-  system. These containers are suitable for testing and
-  experimentation but not production use, since they’re not fully
-  isolated from the host. See <xref linkend="ch-containers"/> for
-  details.</para></listitem>
-
-  <listitem><para>Systemd units provided by packages can now be
-  overridden from the NixOS configuration. For instance, if a package
-  <literal>foo</literal> provides systemd units, you can say:
-
+     to your NixOS configuration. For instance, if you remove a user from
+     <option>users.extraUsers</option> and run
+     <command>nixos-rebuild</command>, the user account will cease to exist.
+     Also, imperative commands for managing users and groups, such as
+     <command>useradd</command>, are no longer available. If
+     <option>users.mutableUsers</option> is <literal>true</literal> (the
+     default), then behaviour is unchanged from NixOS 13.10.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     NixOS now has basic container support, meaning you can easily run a NixOS
+     instance as a container in a NixOS host system. These containers are
+     suitable for testing and experimentation but not production use, since
+     they’re not fully isolated from the host. See
+     <xref linkend="ch-containers"/> for details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Systemd units provided by packages can now be overridden from the NixOS
+     configuration. For instance, if a package <literal>foo</literal> provides
+     systemd units, you can say:
 <programlisting>
 systemd.packages = [ pkgs.foo ];
 </programlisting>
-
-  to enable those units. You can then set or override unit options in
-  the usual way, e.g.
-
+     to enable those units. You can then set or override unit options in the
+     usual way, e.g.
 <programlisting>
 systemd.services.foo.wantedBy = [ "multi-user.target" ];
 systemd.services.foo.serviceConfig.MemoryLimit = "512M";
 </programlisting>
-
-  </para></listitem>
-
-</itemizedlist>
-
-</para>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-<itemizedlist>
-
-  <listitem><para>Nixpkgs no longer exposes unfree packages by
-  default. If your NixOS configuration requires unfree packages from
-  Nixpkgs, you need to enable support for them explicitly by setting:
-
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
+
+ <para>
+  When upgrading from a previous release, please be aware of the following
+  incompatible changes:
+  <itemizedlist>
+   <listitem>
+    <para>
+     Nixpkgs no longer exposes unfree packages by default. If your NixOS
+     configuration requires unfree packages from Nixpkgs, you need to enable
+     support for them explicitly by setting:
 <programlisting>
 nixpkgs.config.allowUnfree = true;
 </programlisting>
-
-  Otherwise, you get an error message such as:
-
+     Otherwise, you get an error message such as:
 <screen>
 error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’
   has an unfree license, refusing to evaluate
 </screen>
-
-  </para></listitem>
-
-  <listitem><para>The Adobe Flash player is no longer enabled by
-  default in the Firefox and Chromium wrappers. To enable it, you must
-  set:
-
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The Adobe Flash player is no longer enabled by default in the Firefox and
+     Chromium wrappers. To enable it, you must set:
 <programlisting>
 nixpkgs.config.allowUnfree = true;
 nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox
 nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium
 </programlisting>
-
-  </para></listitem>
-
-  <listitem><para>The firewall is now enabled by default. If you don’t
-  want this, you need to disable it explicitly:
-
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The firewall is now enabled by default. If you don’t want this, you need
+     to disable it explicitly:
 <programlisting>
 networking.firewall.enable = false;
 </programlisting>
-
-  </para></listitem>
-
-  <listitem><para>The option
-  <option>boot.loader.grub.memtest86</option> has been renamed to
-  <option>boot.loader.grub.memtest86.enable</option>.</para></listitem>
-
-  <listitem><para>The <literal>mysql55</literal> service has been
-  merged into the <literal>mysql</literal> service, which no longer
-  sets a default for the option
-  <option>services.mysql.package</option>.</para></listitem>
-
-  <listitem><para>Package variants are now differentiated by suffixing
-  the name, rather than the version. For instance,
-  <filename>sqlite-3.8.4.3-interactive</filename> is now called
-  <filename>sqlite-interactive-3.8.4.3</filename>. This ensures that
-  <literal>nix-env -i sqlite</literal> is unambiguous, and that
-  <literal>nix-env -u</literal> won’t “upgrade”
-  <literal>sqlite</literal> to <literal>sqlite-interactive</literal>
-  or vice versa. Notably, this change affects the Firefox wrapper
-  (which provides plugins), as it is now called
-  <literal>firefox-wrapper</literal>. So when using
-  <command>nix-env</command>, you should do <literal>nix-env -e
-  firefox; nix-env -i firefox-wrapper</literal> if you want to keep
-  using the wrapper. This change does not affect declarative package
-  management, since attribute names like
-  <literal>pkgs.firefoxWrapper</literal> were already
-  unambiguous.</para></listitem>
-
-  <listitem><para>The symlink <filename>/etc/ca-bundle.crt</filename>
-  is gone. Programs should instead use the environment variable
-  <envar>OPENSSL_X509_CERT_FILE</envar> (which points to
-  <filename>/etc/ssl/certs/ca-bundle.crt</filename>).</para></listitem>
-
-</itemizedlist>
-
-</para>
-
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The option <option>boot.loader.grub.memtest86</option> has been renamed to
+     <option>boot.loader.grub.memtest86.enable</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>mysql55</literal> service has been merged into the
+     <literal>mysql</literal> service, which no longer sets a default for the
+     option <option>services.mysql.package</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Package variants are now differentiated by suffixing the name, rather than
+     the version. For instance, <filename>sqlite-3.8.4.3-interactive</filename>
+     is now called <filename>sqlite-interactive-3.8.4.3</filename>. This
+     ensures that <literal>nix-env -i sqlite</literal> is unambiguous, and that
+     <literal>nix-env -u</literal> won’t “upgrade”
+     <literal>sqlite</literal> to <literal>sqlite-interactive</literal> or vice
+     versa. Notably, this change affects the Firefox wrapper (which provides
+     plugins), as it is now called <literal>firefox-wrapper</literal>. So when
+     using <command>nix-env</command>, you should do <literal>nix-env -e
+     firefox; nix-env -i firefox-wrapper</literal> if you want to keep using
+     the wrapper. This change does not affect declarative package management,
+     since attribute names like <literal>pkgs.firefoxWrapper</literal> were
+     already unambiguous.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The symlink <filename>/etc/ca-bundle.crt</filename> is gone. Programs
+     should instead use the environment variable
+     <envar>OPENSSL_X509_CERT_FILE</envar> (which points to
+     <filename>/etc/ssl/certs/ca-bundle.crt</filename>).
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1412.xml b/nixos/doc/manual/release-notes/rl-1412.xml
index 42b51cd4a8ef..4d93aa644c1d 100644
--- a/nixos/doc/manual/release-notes/rl-1412.xml
+++ b/nixos/doc/manual/release-notes/rl-1412.xml
@@ -3,175 +3,465 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-14.12">
+ <title>Release 14.12 (“Caterpillar”, 2014/12/30)</title>
 
-<title>Release 14.12 (“Caterpillar”, 2014/12/30)</title>
+ <para>
+  In addition to numerous new and upgraded packages, this release has the
+  following highlights:
+  <itemizedlist>
+   <listitem>
+    <para>
+     Systemd has been updated to version 217, which has numerous
+     <link xlink:href="http://lists.freedesktop.org/archives/systemd-devel/2014-October/024662.html">improvements.</link>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="http://thread.gmane.org/gmane.linux.distributions.nixos/15165">
+     Nix has been updated to 1.8.</link>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     NixOS is now based on Glibc 2.20.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     KDE has been updated to 4.14.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The default Linux kernel has been updated to 3.14.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     If <option>users.mutableUsers</option> is enabled (the default), changes
+     made to the declaration of a user or group will be correctly realised when
+     running <command>nixos-rebuild</command>. For instance, removing a user
+     specification from <filename>configuration.nix</filename> will cause the
+     actual user account to be deleted. If <option>users.mutableUsers</option>
+     is disabled, it is no longer necessary to specify UIDs or GIDs; if
+     omitted, they are allocated dynamically.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 
-<para>In addition to numerous new and upgraded packages, this release has the following highlights:
+ <para>
+  Following new services were added since the last release:
+  <itemizedlist>
+   <listitem>
+    <para>
+     <literal>atftpd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>bosun</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>bspwm</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>chronos</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>collectd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>consul</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>cpuminer-cryptonight</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>crashplan</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>dnscrypt-proxy</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>docker-registry</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>docker</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>etcd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>fail2ban</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>fcgiwrap</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>fleet</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>fluxbox</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gdm</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>geoclue2</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gitlab</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gitolite</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gnome3.gnome-documents</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gnome3.gnome-online-miners</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gnome3.gvfs</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>gnome3.seahorse</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hbase</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i2pd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>influxdb</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>kubernetes</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>liquidsoap</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>lxc</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>mailpile</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>mesos</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>mlmmj</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>monetdb</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>mopidy</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>neo4j</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>nsd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>openntpd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>opentsdb</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>openvswitch</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>parallels-guest</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>peerflix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>phd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>polipo</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>prosody</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>radicale</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>redmine</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>riemann</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>scollector</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>seeks</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>siproxd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>strongswan</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tcsd</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>teamspeak3</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>thermald</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>torque/mrom</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>torque/server</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>uhub</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>unifi</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>znc</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>zookeeper</literal>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 
-<itemizedlist>
-
-<listitem><para>Systemd has been updated to version 217, which has numerous
-<link xlink:href="http://lists.freedesktop.org/archives/systemd-devel/2014-October/024662.html">improvements.</link></para></listitem>
-
-<listitem><para><link xlink:href="http://thread.gmane.org/gmane.linux.distributions.nixos/15165">
-Nix has been updated to 1.8.</link></para></listitem>
-
-<listitem><para>NixOS is now based on Glibc 2.20.</para></listitem>
-
-<listitem><para>KDE has been updated to 4.14.</para></listitem>
-
-<listitem><para>The default Linux kernel has been updated to 3.14.</para></listitem>
-
-<listitem><para>If <option>users.mutableUsers</option> is enabled (the
-default), changes made to the declaration of a user or group will be
-correctly realised when running <command>nixos-rebuild</command>. For
-instance, removing a user specification from
-<filename>configuration.nix</filename> will cause the actual user
-account to be deleted. If <option>users.mutableUsers</option> is
-disabled, it is no longer necessary to specify UIDs or GIDs; if
-omitted, they are allocated dynamically.</para></listitem>
-
-</itemizedlist></para>
-
-<para>Following new services were added since the last release:
-
-<itemizedlist>
-<listitem><para><literal>atftpd</literal></para></listitem>
-<listitem><para><literal>bosun</literal></para></listitem>
-<listitem><para><literal>bspwm</literal></para></listitem>
-<listitem><para><literal>chronos</literal></para></listitem>
-<listitem><para><literal>collectd</literal></para></listitem>
-<listitem><para><literal>consul</literal></para></listitem>
-<listitem><para><literal>cpuminer-cryptonight</literal></para></listitem>
-<listitem><para><literal>crashplan</literal></para></listitem>
-<listitem><para><literal>dnscrypt-proxy</literal></para></listitem>
-<listitem><para><literal>docker-registry</literal></para></listitem>
-<listitem><para><literal>docker</literal></para></listitem>
-<listitem><para><literal>etcd</literal></para></listitem>
-<listitem><para><literal>fail2ban</literal></para></listitem>
-<listitem><para><literal>fcgiwrap</literal></para></listitem>
-<listitem><para><literal>fleet</literal></para></listitem>
-<listitem><para><literal>fluxbox</literal></para></listitem>
-<listitem><para><literal>gdm</literal></para></listitem>
-<listitem><para><literal>geoclue2</literal></para></listitem>
-<listitem><para><literal>gitlab</literal></para></listitem>
-<listitem><para><literal>gitolite</literal></para></listitem>
-<listitem><para><literal>gnome3.gnome-documents</literal></para></listitem>
-<listitem><para><literal>gnome3.gnome-online-miners</literal></para></listitem>
-<listitem><para><literal>gnome3.gvfs</literal></para></listitem>
-<listitem><para><literal>gnome3.seahorse</literal></para></listitem>
-<listitem><para><literal>hbase</literal></para></listitem>
-<listitem><para><literal>i2pd</literal></para></listitem>
-<listitem><para><literal>influxdb</literal></para></listitem>
-<listitem><para><literal>kubernetes</literal></para></listitem>
-<listitem><para><literal>liquidsoap</literal></para></listitem>
-<listitem><para><literal>lxc</literal></para></listitem>
-<listitem><para><literal>mailpile</literal></para></listitem>
-<listitem><para><literal>mesos</literal></para></listitem>
-<listitem><para><literal>mlmmj</literal></para></listitem>
-<listitem><para><literal>monetdb</literal></para></listitem>
-<listitem><para><literal>mopidy</literal></para></listitem>
-<listitem><para><literal>neo4j</literal></para></listitem>
-<listitem><para><literal>nsd</literal></para></listitem>
-<listitem><para><literal>openntpd</literal></para></listitem>
-<listitem><para><literal>opentsdb</literal></para></listitem>
-<listitem><para><literal>openvswitch</literal></para></listitem>
-<listitem><para><literal>parallels-guest</literal></para></listitem>
-<listitem><para><literal>peerflix</literal></para></listitem>
-<listitem><para><literal>phd</literal></para></listitem>
-<listitem><para><literal>polipo</literal></para></listitem>
-<listitem><para><literal>prosody</literal></para></listitem>
-<listitem><para><literal>radicale</literal></para></listitem>
-<listitem><para><literal>redmine</literal></para></listitem>
-<listitem><para><literal>riemann</literal></para></listitem>
-<listitem><para><literal>scollector</literal></para></listitem>
-<listitem><para><literal>seeks</literal></para></listitem>
-<listitem><para><literal>siproxd</literal></para></listitem>
-<listitem><para><literal>strongswan</literal></para></listitem>
-<listitem><para><literal>tcsd</literal></para></listitem>
-<listitem><para><literal>teamspeak3</literal></para></listitem>
-<listitem><para><literal>thermald</literal></para></listitem>
-<listitem><para><literal>torque/mrom</literal></para></listitem>
-<listitem><para><literal>torque/server</literal></para></listitem>
-<listitem><para><literal>uhub</literal></para></listitem>
-<listitem><para><literal>unifi</literal></para></listitem>
-<listitem><para><literal>znc</literal></para></listitem>
-<listitem><para><literal>zookeeper</literal></para></listitem>
-</itemizedlist>
-</para>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-<itemizedlist>
-
-<listitem><para>The default version of Apache httpd is now 2.4. If
-you use the <option>extraConfig</option> option to pass literal
-Apache configuration text, you may need to update it — see <link
+ <para>
+  When upgrading from a previous release, please be aware of the following
+  incompatible changes:
+  <itemizedlist>
+   <listitem>
+    <para>
+     The default version of Apache httpd is now 2.4. If you use the
+     <option>extraConfig</option> option to pass literal Apache configuration
+     text, you may need to update it — see
+     <link
 xlink:href="http://httpd.apache.org/docs/2.4/upgrading.html">Apache’s
-documentation</link> for details. If you wish to continue to use
-httpd 2.2, add the following line to your NixOS configuration:
-
+     documentation</link> for details. If you wish to continue to use httpd
+     2.2, add the following line to your NixOS configuration:
 <programlisting>
 services.httpd.package = pkgs.apacheHttpd_2_2;
 </programlisting>
-
-</para></listitem>
-
-<listitem><para>PHP 5.3 has been removed because it is no longer
-supported by the PHP project. A <link
-xlink:href="http://php.net/migration54">migration guide</link> is
-available.</para></listitem>
-
-<listitem><para>The host side of a container virtual Ethernet pair
-is now called <literal>ve-<replaceable>container-name</replaceable></literal>
-rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
-
-<listitem><para>GNOME 3.10 support has been dropped. The default GNOME version is now 3.12.</para></listitem>
-
-<listitem><para>VirtualBox has been upgraded to 4.3.20 release. Users
-may be required to run <command>rm -rf /tmp/.vbox*</command>. The line
-<literal>imports = [ &lt;nixpkgs/nixos/modules/programs/virtualbox.nix&gt; ]</literal> is
-no longer necessary, use <literal>services.virtualboxHost.enable =
-true</literal> instead.
-</para>
-<para>Also, hardening mode is now enabled by default, which means that unless you want to use
-USB support, you no longer need to be a member of the <literal>vboxusers</literal> group.
-</para></listitem>
-
-<listitem><para>Chromium has been updated to 39.0.2171.65. <option>enablePepperPDF</option> is now enabled by default.
-<literal>chromium*Wrapper</literal> packages no longer exist, because upstream removed NSAPI support.
-<literal>chromium-stable</literal> has been renamed to <literal>chromium</literal>.
-</para></listitem>
-
-<listitem><para>Python packaging documentation is now part of nixpkgs manual. To override
-the python packages available to a custom python you now use <literal>pkgs.pythonFull.buildEnv.override</literal>
-instead of <literal>pkgs.pythonFull.override</literal>.
-</para></listitem>
-
-<listitem><para><literal>boot.resumeDevice = "8:6"</literal> is no longer supported. Most users will
-want to leave it undefined, which takes the swap partitions automatically. There is an evaluation
-assertion to ensure that the string starts with a slash.
-</para></listitem>
-
-<listitem><para>The system-wide default timezone for NixOS installations
-changed from <literal>CET</literal> to <literal>UTC</literal>. To choose
-a different timezone for your system, configure
-<literal>time.timeZone</literal> in
-<literal>configuration.nix</literal>. A fairly complete list of possible
-values for that setting is available at <link
-xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>.</para></listitem>
-
-<listitem><para>GNU screen has been updated to 4.2.1, which breaks
-the ability to connect to sessions created by older versions of
-screen.</para></listitem>
-
-<listitem><para>The Intel GPU driver was updated to the 3.x prerelease
-version (used by most distributions) and supports DRI3
-now.</para></listitem>
-
-</itemizedlist>
-
-</para>
-
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     PHP 5.3 has been removed because it is no longer supported by the PHP
+     project. A <link
+xlink:href="http://php.net/migration54">migration
+     guide</link> is available.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The host side of a container virtual Ethernet pair is now called
+     <literal>ve-<replaceable>container-name</replaceable></literal> rather
+     than <literal>c-<replaceable>container-name</replaceable></literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     GNOME 3.10 support has been dropped. The default GNOME version is now
+     3.12.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     VirtualBox has been upgraded to 4.3.20 release. Users may be required to
+     run <command>rm -rf /tmp/.vbox*</command>. The line <literal>imports = [
+     &lt;nixpkgs/nixos/modules/programs/virtualbox.nix&gt; ]</literal> is no
+     longer necessary, use <literal>services.virtualboxHost.enable =
+     true</literal> instead.
+    </para>
+    <para>
+     Also, hardening mode is now enabled by default, which means that unless
+     you want to use USB support, you no longer need to be a member of the
+     <literal>vboxusers</literal> group.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Chromium has been updated to 39.0.2171.65.
+     <option>enablePepperPDF</option> is now enabled by default.
+     <literal>chromium*Wrapper</literal> packages no longer exist, because
+     upstream removed NSAPI support. <literal>chromium-stable</literal> has
+     been renamed to <literal>chromium</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Python packaging documentation is now part of nixpkgs manual. To override
+     the python packages available to a custom python you now use
+     <literal>pkgs.pythonFull.buildEnv.override</literal> instead of
+     <literal>pkgs.pythonFull.override</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>boot.resumeDevice = "8:6"</literal> is no longer supported. Most
+     users will want to leave it undefined, which takes the swap partitions
+     automatically. There is an evaluation assertion to ensure that the string
+     starts with a slash.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The system-wide default timezone for NixOS installations changed from
+     <literal>CET</literal> to <literal>UTC</literal>. To choose a different
+     timezone for your system, configure <literal>time.timeZone</literal> in
+     <literal>configuration.nix</literal>. A fairly complete list of possible
+     values for that setting is available at
+     <link
+xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     GNU screen has been updated to 4.2.1, which breaks the ability to connect
+     to sessions created by older versions of screen.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The Intel GPU driver was updated to the 3.x prerelease version (used by
+     most distributions) and supports DRI3 now.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml
index 6c1c46844ccb..e500c9d63422 100644
--- a/nixos/doc/manual/release-notes/rl-1509.xml
+++ b/nixos/doc/manual/release-notes/rl-1509.xml
@@ -3,375 +3,640 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-15.09">
+ <title>Release 15.09 (“Dingo”, 2015/09/30)</title>
 
-<title>Release 15.09 (“Dingo”, 2015/09/30)</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights:</para>
-
-<itemizedlist>
+ <para>
+  In addition to numerous new and upgraded packages, this release has the
+  following highlights:
+ </para>
 
+ <itemizedlist>
   <listitem>
-    <para>The <link xlink:href="http://haskell.org/">Haskell</link>
-    packages infrastructure has been re-designed from the ground up
-    (&quot;Haskell NG&quot;). NixOS now distributes the latest version
-    of every single package registered on <link
-    xlink:href="http://hackage.haskell.org/">Hackage</link> -- well in
-    excess of 8,000 Haskell packages. Detailed instructions on how to
-    use that infrastructure can be found in the <link
+   <para>
+    The <link xlink:href="http://haskell.org/">Haskell</link> packages
+    infrastructure has been re-designed from the ground up (&quot;Haskell
+    NG&quot;). NixOS now distributes the latest version of every single package
+    registered on
+    <link
+    xlink:href="http://hackage.haskell.org/">Hackage</link> -- well
+    in excess of 8,000 Haskell packages. Detailed instructions on how to use
+    that infrastructure can be found in the
+    <link
     xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
-    Guide to the Haskell Infrastructure</link>. Users migrating from an
-    earlier release may find helpful information below, in the list of
-    backwards-incompatible changes. Furthermore, we distribute 51(!)
-    additional Haskell package sets that provide every single <link
+    Guide to the Haskell Infrastructure</link>. Users migrating from an earlier
+    release may find helpful information below, in the list of
+    backwards-incompatible changes. Furthermore, we distribute 51(!) additional
+    Haskell package sets that provide every single
+    <link
     xlink:href="http://www.stackage.org/">LTS Haskell</link> release
-    since version 0.0 as well as the most recent <link
+    since version 0.0 as well as the most recent
+    <link
     xlink:href="http://www.stackage.org/">Stackage Nightly</link>
-    snapshot. The announcement <link
+    snapshot. The announcement
+    <link
     xlink:href="https://nixos.org/nix-dev/2015-September/018138.html">&quot;Full
-    Stackage Support in Nixpkgs&quot;</link> gives additional
-    details.</para>
+    Stackage Support in Nixpkgs&quot;</link> gives additional details.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Nix has been updated to version 1.10, which among other
-    improvements enables cryptographic signatures on binary caches for
-    improved security.</para>
+   <para>
+    Nix has been updated to version 1.10, which among other improvements
+    enables cryptographic signatures on binary caches for improved security.
+   </para>
   </listitem>
-
   <listitem>
-    <para>You can now keep your NixOS system up to date automatically
-    by setting
-
+   <para>
+    You can now keep your NixOS system up to date automatically by setting
 <programlisting>
 system.autoUpgrade.enable = true;
 </programlisting>
-
-    This will cause the system to periodically check for updates in
-    your current channel and run <command>nixos-rebuild</command>.</para>
+    This will cause the system to periodically check for updates in your
+    current channel and run <command>nixos-rebuild</command>.
+   </para>
   </listitem>
-
   <listitem>
-    <para>This release is based on Glibc 2.21, GCC 4.9 and Linux
-    3.18.</para>
+   <para>
+    This release is based on Glibc 2.21, GCC 4.9 and Linux 3.18.
+   </para>
   </listitem>
-
   <listitem>
-    <para>GNOME has been upgraded to 3.16.
-    </para>
+   <para>
+    GNOME has been upgraded to 3.16.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Xfce has been upgraded to 4.12.
-    </para>
+   <para>
+    Xfce has been upgraded to 4.12.
+   </para>
   </listitem>
-
   <listitem>
-    <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
-      Plasma 5.3.2 and Applications 15.04.3.
-      KDE 4 has been updated to kdelibs-4.14.10.
-    </para>
+   <para>
+    KDE 5 has been upgraded to KDE Frameworks 5.10, Plasma 5.3.2 and
+    Applications 15.04.3. KDE 4 has been updated to kdelibs-4.14.10.
+   </para>
   </listitem>
-
   <listitem>
-    <para>E19 has been upgraded to 0.16.8.15.
-    </para>
+   <para>
+    E19 has been upgraded to 0.16.8.15.
+   </para>
   </listitem>
+ </itemizedlist>
 
-</itemizedlist>
-
-
-<para>The following new services were added since the last release:
-
+ <para>
+  The following new services were added since the last release:
   <itemizedlist>
-    <listitem><para><literal>services/mail/exim.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/apache-kafka.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/canto-daemon.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/confd.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/devmon.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/gitit.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/ihaskell.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/mbpfan.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/mediatomb.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/mwlib.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/parsoid.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/plex.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/ripple-rest.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/ripple-data-api.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/subsonic.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/sundtek.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/cadvisor.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/das_watchdog.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/grafana.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/riemann-tools.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/teamviewer.nix</literal></para></listitem>
-    <listitem><para><literal>services/network-filesystems/u9fs.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/aiccu.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/asterisk.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/bird.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/charybdis.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/docker-registry-server.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/fan.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/firefox/sync-server.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/gateone.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/heyefi.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/i2p.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/lambdabot.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/mstpd.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/nix-serve.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/nylon.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/racoon.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/skydns.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/shout.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/softether.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/sslh.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/tinc.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/tlsdated.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/tox-bootstrapd.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/tvheadend.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/zerotierone.nix</literal></para></listitem>
-    <listitem><para><literal>services/scheduling/marathon.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/fprintd.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/hologram.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/munge.nix</literal></para></listitem>
-    <listitem><para><literal>services/system/cloud-init.nix</literal></para></listitem>
-    <listitem><para><literal>services/web-servers/shellinabox.nix</literal></para></listitem>
-    <listitem><para><literal>services/web-servers/uwsgi.nix</literal></para></listitem>
-    <listitem><para><literal>services/x11/unclutter.nix</literal></para></listitem>
-    <listitem><para><literal>services/x11/display-managers/sddm.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/coredump.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/loader/generic-extlinux-compatible</literal></para></listitem>
-    <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/timesyncd.nix</literal></para></listitem>
-    <listitem><para><literal>tasks/filesystems/exfat.nix</literal></para></listitem>
-    <listitem><para><literal>tasks/filesystems/ntfs.nix</literal></para></listitem>
-    <listitem><para><literal>tasks/filesystems/vboxsf.nix</literal></para></listitem>
-    <listitem><para><literal>virtualisation/virtualbox-host.nix</literal></para></listitem>
-    <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem>
-    <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/exim.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/apache-kafka.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/canto-daemon.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/confd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/devmon.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/gitit.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/ihaskell.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/mbpfan.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/mediatomb.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/mwlib.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/parsoid.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/plex.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/ripple-rest.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/ripple-data-api.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/subsonic.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/sundtek.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/cadvisor.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/das_watchdog.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/grafana.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/riemann-tools.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/teamviewer.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/u9fs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/aiccu.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/asterisk.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/bird.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/charybdis.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/docker-registry-server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/fan.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/firefox/sync-server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/gateone.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/heyefi.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/i2p.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/lambdabot.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/mstpd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/nix-serve.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/nylon.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/racoon.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/skydns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/shout.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/softether.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/sslh.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/tinc.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/tlsdated.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/tox-bootstrapd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/tvheadend.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/zerotierone.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/scheduling/marathon.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/fprintd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/hologram.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/munge.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/system/cloud-init.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-servers/shellinabox.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-servers/uwsgi.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/unclutter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/display-managers/sddm.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/coredump.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/loader/loader.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/loader/generic-extlinux-compatible</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/networkd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/resolved.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/timesyncd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tasks/filesystems/exfat.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tasks/filesystems/ntfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tasks/filesystems/vboxsf.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/virtualbox-host.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/vmware-guest.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/xen-dom0.nix</literal>
+    </para>
+   </listitem>
   </itemizedlist>
-</para>
-
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-<itemizedlist>
-
-<listitem><para><command>sshd</command> no longer supports DSA and ECDSA
-host keys by default. If you have existing systems with such host keys
-and want to continue to use them, please set
+ </para>
 
+ <para>
+  When upgrading from a previous release, please be aware of the following
+  incompatible changes:
+  <itemizedlist>
+   <listitem>
+    <para>
+     <command>sshd</command> no longer supports DSA and ECDSA host keys by
+     default. If you have existing systems with such host keys and want to
+     continue to use them, please set
 <programlisting>
 system.stateVersion = "14.12";
 </programlisting>
-
-The new option <option>system.stateVersion</option> ensures that
-certain configuration changes that could break existing systems (such
-as the <command>sshd</command> host key setting) will maintain
-compatibility with the specified NixOS release. NixOps sets the state
-version of existing deployments automatically.</para></listitem>
-
-<listitem><para><command>cron</command> is no longer enabled by
-default, unless you have a non-empty
-<option>services.cron.systemCronJobs</option>. To force
-<command>cron</command> to be enabled, set
-<option>services.cron.enable = true</option>.</para></listitem>
-
-<listitem><para>Nix now requires binary caches to be cryptographically
-signed. If you have unsigned binary caches that you want to continue
-to use, you should set <option>nix.requireSignedBinaryCaches =
-false</option>.</para></listitem>
-
-<listitem><para>Steam now doesn't need root rights to work. Instead of using
-<literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
-<literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,
-and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
-</para></listitem>
-
-<listitem><para>CMPlayer has been renamed to bomi upstream. Package
-<literal>cmplayer</literal> was accordingly renamed to
-<literal>bomi</literal> </para></listitem>
-
-<listitem><para>Atom Shell has been renamed to Electron upstream.  Package <literal>atom-shell</literal>
-was accordingly renamed to <literal>electron</literal>
-</para></listitem>
-
-<listitem><para>Elm is not released on Hackage anymore. You should now use <literal>elmPackages.elm</literal>
-which contains the latest Elm platform.</para></listitem>
-
-<listitem>
-  <para>The CUPS printing service has been updated to version
-  <literal>2.0.2</literal>.  Furthermore its systemd service has been
-  renamed to <literal>cups.service</literal>.</para>
-
-  <para>Local printers are no longer shared or advertised by
-  default. This behavior can be changed by enabling
-  <option>services.printing.defaultShared</option> or
-  <option>services.printing.browsing</option> respectively.</para>
-</listitem>
-
-<listitem>
-  <para>
-    The VirtualBox host and guest options have been named more
-    consistently. They can now found in
-    <option>virtualisation.virtualbox.host.*</option> instead of
-    <option>services.virtualboxHost.*</option> and
-    <option>virtualisation.virtualbox.guest.*</option> instead of
-    <option>services.virtualboxGuest.*</option>.
-  </para>
-
-  <para>
-    Also, there now is support for the <literal>vboxsf</literal> file
-    system using the <option>fileSystems</option> configuration
-    attribute. An example of how this can be used in a configuration:
-
+     The new option <option>system.stateVersion</option> ensures that certain
+     configuration changes that could break existing systems (such as the
+     <command>sshd</command> host key setting) will maintain compatibility with
+     the specified NixOS release. NixOps sets the state version of existing
+     deployments automatically.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <command>cron</command> is no longer enabled by default, unless you have a
+     non-empty <option>services.cron.systemCronJobs</option>. To force
+     <command>cron</command> to be enabled, set <option>services.cron.enable =
+     true</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Nix now requires binary caches to be cryptographically signed. If you have
+     unsigned binary caches that you want to continue to use, you should set
+     <option>nix.requireSignedBinaryCaches = false</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Steam now doesn't need root rights to work. Instead of using
+     <literal>*-steam-chrootenv</literal>, you should now just run
+     <literal>steam</literal>. <literal>steamChrootEnv</literal> package was
+     renamed to <literal>steam</literal>, and old <literal>steam</literal>
+     package -- to <literal>steamOriginal</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     CMPlayer has been renamed to bomi upstream. Package
+     <literal>cmplayer</literal> was accordingly renamed to
+     <literal>bomi</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Atom Shell has been renamed to Electron upstream. Package
+     <literal>atom-shell</literal> was accordingly renamed to
+     <literal>electron</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Elm is not released on Hackage anymore. You should now use
+     <literal>elmPackages.elm</literal> which contains the latest Elm platform.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The CUPS printing service has been updated to version
+     <literal>2.0.2</literal>. Furthermore its systemd service has been renamed
+     to <literal>cups.service</literal>.
+    </para>
+    <para>
+     Local printers are no longer shared or advertised by default. This
+     behavior can be changed by enabling
+     <option>services.printing.defaultShared</option> or
+     <option>services.printing.browsing</option> respectively.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The VirtualBox host and guest options have been named more consistently.
+     They can now found in <option>virtualisation.virtualbox.host.*</option>
+     instead of <option>services.virtualboxHost.*</option> and
+     <option>virtualisation.virtualbox.guest.*</option> instead of
+     <option>services.virtualboxGuest.*</option>.
+    </para>
+    <para>
+     Also, there now is support for the <literal>vboxsf</literal> file system
+     using the <option>fileSystems</option> configuration attribute. An example
+     of how this can be used in a configuration:
 <programlisting>
 fileSystems."/shiny" = {
   device = "myshinysharedfolder";
   fsType = "vboxsf";
 };
 </programlisting>
-
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    &quot;<literal>nix-env -qa</literal>&quot; no longer discovers
-    Haskell packages by name. The only packages visible in the global
-    scope are <literal>ghc</literal>, <literal>cabal-install</literal>,
-    and <literal>stack</literal>, but all other packages are hidden. The
-    reason for this inconvenience is the sheer size of the Haskell
-    package set. Name-based lookups are expensive, and most
-    <literal>nix-env -qa</literal> operations would become much slower
-    if we'd add the entire Hackage database into the top level attribute
-    set. Instead, the list of Haskell packages can be displayed by
-    running:
-  </para>
-  <programlisting>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     &quot;<literal>nix-env -qa</literal>&quot; no longer discovers Haskell
+     packages by name. The only packages visible in the global scope are
+     <literal>ghc</literal>, <literal>cabal-install</literal>, and
+     <literal>stack</literal>, but all other packages are hidden. The reason
+     for this inconvenience is the sheer size of the Haskell package set.
+     Name-based lookups are expensive, and most <literal>nix-env -qa</literal>
+     operations would become much slower if we'd add the entire Hackage
+     database into the top level attribute set. Instead, the list of Haskell
+     packages can be displayed by running:
+    </para>
+<programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
 </programlisting>
-  <para>
-    Executable programs written in Haskell can be installed with:
-  </para>
-  <programlisting>
+    <para>
+     Executable programs written in Haskell can be installed with:
+    </para>
+<programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.pandoc
 </programlisting>
-  <para>
-    Installing Haskell <emphasis>libraries</emphasis> this way, however, is no
-    longer supported. See the next item for more details.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    Previous versions of NixOS came with a feature called
-    <literal>ghc-wrapper</literal>, a small script that allowed GHC to
-    transparently pick up on libraries installed in the user's profile. This
-    feature has been deprecated; <literal>ghc-wrapper</literal> was removed
-    from the distribution. The proper way to register Haskell libraries with
-    the compiler now is the <literal>haskellPackages.ghcWithPackages</literal>
-    function. The <link
+    <para>
+     Installing Haskell <emphasis>libraries</emphasis> this way, however, is no
+     longer supported. See the next item for more details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Previous versions of NixOS came with a feature called
+     <literal>ghc-wrapper</literal>, a small script that allowed GHC to
+     transparently pick up on libraries installed in the user's profile. This
+     feature has been deprecated; <literal>ghc-wrapper</literal> was removed
+     from the distribution. The proper way to register Haskell libraries with
+     the compiler now is the <literal>haskellPackages.ghcWithPackages</literal>
+     function. The
+     <link
     xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
-    Guide to the Haskell Infrastructure</link> provides more information about
-    this subject.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    All Haskell builds that have been generated with version 1.x of
-    the <literal>cabal2nix</literal> utility are now invalid and need
-    to be re-generated with a current version of
-    <literal>cabal2nix</literal> to function. The most recent version
-    of this tool can be installed by running
-    <literal>nix-env -i cabal2nix</literal>.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    The <literal>haskellPackages</literal> set in Nixpkgs used to have a
-    function attribute called <literal>extension</literal> that users
-    could override in their <literal>~/.nixpkgs/config.nix</literal>
-    files to configure additional attributes, etc. That function still
-    exists, but it's now called <literal>overrides</literal>.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    The OpenBLAS library has been updated to version
-    <literal>0.2.14</literal>. Support for the
-    <literal>x86_64-darwin</literal> platform was added. Dynamic
-    architecture detection was enabled; OpenBLAS now selects
-    microarchitecture-optimized routines at runtime, so optimal
-    performance is achieved without the need to rebuild OpenBLAS
-    locally. OpenBLAS has replaced ATLAS in most packages which use an
-    optimized BLAS or LAPACK implementation.
- </para>
-</listitem>
-
-<listitem>
-  <para>
-    The <literal>phpfpm</literal> is now using the default PHP version
-    (<literal>pkgs.php</literal>) instead of PHP 5.4 (<literal>pkgs.php54</literal>).
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    The <literal>locate</literal> service no longer indexes the Nix store
-    by default, preventing packages with potentially numerous versions from
-    cluttering the output. Indexing the store can be activated by setting
-    <option>services.locate.includeStore = true</option>.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    The Nix expression search path (<envar>NIX_PATH</envar>) no longer
-    contains <filename>/etc/nixos/nixpkgs</filename> by default. You
-    can override <envar>NIX_PATH</envar> by setting
-    <option>nix.nixPath</option>.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    Python 2.6 has been marked as broken (as it no longer receives
-    security updates from upstream).
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    Any use of module arguments such as <varname>pkgs</varname> to access
-    library functions, or to define <literal>imports</literal> attributes
-    will now lead to an infinite loop at the time of the evaluation.
-  </para>
-
-  <para>
-    In case of an infinite loop, use the <command>--show-trace</command>
-    command line argument and read the line just above the error message.
-
+     Guide to the Haskell Infrastructure</link> provides more information about
+     this subject.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     All Haskell builds that have been generated with version 1.x of the
+     <literal>cabal2nix</literal> utility are now invalid and need to be
+     re-generated with a current version of <literal>cabal2nix</literal> to
+     function. The most recent version of this tool can be installed by running
+     <literal>nix-env -i cabal2nix</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>haskellPackages</literal> set in Nixpkgs used to have a
+     function attribute called <literal>extension</literal> that users could
+     override in their <literal>~/.nixpkgs/config.nix</literal> files to
+     configure additional attributes, etc. That function still exists, but it's
+     now called <literal>overrides</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The OpenBLAS library has been updated to version
+     <literal>0.2.14</literal>. Support for the
+     <literal>x86_64-darwin</literal> platform was added. Dynamic architecture
+     detection was enabled; OpenBLAS now selects microarchitecture-optimized
+     routines at runtime, so optimal performance is achieved without the need
+     to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages
+     which use an optimized BLAS or LAPACK implementation.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>phpfpm</literal> is now using the default PHP version
+     (<literal>pkgs.php</literal>) instead of PHP 5.4
+     (<literal>pkgs.php54</literal>).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>locate</literal> service no longer indexes the Nix store by
+     default, preventing packages with potentially numerous versions from
+     cluttering the output. Indexing the store can be activated by setting
+     <option>services.locate.includeStore = true</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The Nix expression search path (<envar>NIX_PATH</envar>) no longer
+     contains <filename>/etc/nixos/nixpkgs</filename> by default. You can
+     override <envar>NIX_PATH</envar> by setting <option>nix.nixPath</option>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Python 2.6 has been marked as broken (as it no longer receives security
+     updates from upstream).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Any use of module arguments such as <varname>pkgs</varname> to access
+     library functions, or to define <literal>imports</literal> attributes will
+     now lead to an infinite loop at the time of the evaluation.
+    </para>
+    <para>
+     In case of an infinite loop, use the <command>--show-trace</command>
+     command line argument and read the line just above the error message.
 <screen>
 $ nixos-rebuild build --show-trace
 …
 while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix":
 infinite recursion encountered
 </screen>
-  </para>
-
-
-  <para>
-    Any use of <literal>pkgs.lib</literal>, should be replaced by
-    <varname>lib</varname>, after adding it as argument of the module.  The
-    following module
-
+    </para>
+    <para>
+     Any use of <literal>pkgs.lib</literal>, should be replaced by
+     <varname>lib</varname>, after adding it as argument of the module. The
+     following module
 <programlisting>
 { config, pkgs, ... }:
 
@@ -384,9 +649,7 @@ with pkgs.lib;
   config = mkIf config.foo { … };
 }
 </programlisting>
-
-   should be modified to look like:
-
+     should be modified to look like:
 <programlisting>
 { config, pkgs, lib, ... }:
 
@@ -399,13 +662,11 @@ with lib;
   config = mkIf config.foo { <replaceable>option definition</replaceable> };
 }
 </programlisting>
-  </para>
-
-  <para>
-    When <varname>pkgs</varname> is used to download other projects to
-    import their modules, and only in such cases, it should be replaced by
-    <literal>(import &lt;nixpkgs&gt; {})</literal>.  The following module
-
+    </para>
+    <para>
+     When <varname>pkgs</varname> is used to download other projects to import
+     their modules, and only in such cases, it should be replaced by
+     <literal>(import &lt;nixpkgs&gt; {})</literal>. The following module
 <programlisting>
 { config, pkgs, ... }:
 
@@ -420,9 +681,7 @@ in
   imports = [ "${myProject}/module.nix" ];
 }
 </programlisting>
-
-    should be modified to look like:
-
+     should be modified to look like:
 <programlisting>
 { config, pkgs, ... }:
 
@@ -437,55 +696,55 @@ in
   imports = [ "${myProject}/module.nix" ];
 }
 </programlisting>
-  </para>
-
-</listitem>
-
-</itemizedlist>
-</para>
-
-
-<para>Other notable improvements:
-
-<itemizedlist>
-
-  <listitem><para>The nixos and nixpkgs channels were unified,
-    so one <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
-    instead of <literal>nix-env -iA nixos.pkgs.bash</literal>.
-    See <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the commit</link> for details.
-  </para></listitem>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 
-  <listitem>
+ <para>
+  Other notable improvements:
+  <itemizedlist>
+   <listitem>
     <para>
-      Users running an SSH server who worry about the quality of their
-      <literal>/etc/ssh/moduli</literal> file with respect to the
-      <link
+     The nixos and nixpkgs channels were unified, so one
+     <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
+     instead of <literal>nix-env -iA nixos.pkgs.bash</literal>. See
+     <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the
+     commit</link> for details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Users running an SSH server who worry about the quality of their
+     <literal>/etc/ssh/moduli</literal> file with respect to the
+     <link
       xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
-      discovered in the Diffie-Hellman key exchange</link> can now
-      replace OpenSSH's default version with one they generated
-      themselves using the new
-      <option>services.openssh.moduliFile</option> option.
-      </para>
-  </listitem>
-
-  <listitem> <para>
-    A newly packaged TeX Live 2015 is provided in <literal>pkgs.texlive</literal>,
-    split into 6500 nix packages. For basic user documentation see
-    <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1"
-      >the source</link>.
-    Beware of <link xlink:href="https://github.com/NixOS/nixpkgs/issues/9757"
-      >an issue</link> when installing a too large package set.
-
-    The plan is to deprecate and maybe delete the original TeX packages
-    until the next release.
-  </para> </listitem>
-
-  <listitem><para>
-    <option>buildEnv.env</option> on all Python interpreters
-    is now available for nix-shell interoperability.
-  </para> </listitem>
-</itemizedlist>
-
-</para>
-
+     discovered in the Diffie-Hellman key exchange</link> can now replace
+     OpenSSH's default version with one they generated themselves using the new
+     <option>services.openssh.moduliFile</option> option.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     A newly packaged TeX Live 2015 is provided in
+     <literal>pkgs.texlive</literal>, split into 6500 nix packages. For basic
+     user documentation see
+     <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1"
+      >the
+     source</link>. Beware of
+     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/9757"
+      >an
+     issue</link> when installing a too large package set. The plan is to
+     deprecate and maybe delete the original TeX packages until the next
+     release.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <option>buildEnv.env</option> on all Python interpreters is now available
+     for nix-shell interoperability.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml
index 7279dd058270..9b512c4b1e58 100644
--- a/nixos/doc/manual/release-notes/rl-1603.xml
+++ b/nixos/doc/manual/release-notes/rl-1603.xml
@@ -3,250 +3,471 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-16.03">
+ <title>Release 16.03 (“Emu”, 2016/03/31)</title>
 
-<title>Release 16.03 (“Emu”, 2016/03/31)</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights:</para>
-
-<itemizedlist>
+ <para>
+  In addition to numerous new and upgraded packages, this release has the
+  following highlights:
+ </para>
 
+ <itemizedlist>
   <listitem>
-    <para>Systemd 229, bringing <link
+   <para>
+    Systemd 229, bringing
+    <link
     xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
-    improvements</link> over 217.</para>
+    improvements</link> over 217.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Linux 4.4 (was 3.18).</para>
+   <para>
+    Linux 4.4 (was 3.18).
+   </para>
   </listitem>
-
   <listitem>
-    <para>GCC 5.3 (was 4.9). Note that GCC 5 <link
+   <para>
+    GCC 5.3 (was 4.9). Note that GCC 5
+    <link
     xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
-    the C++ ABI in an incompatible way</link>; this may cause problems
-    if you try to link objects compiled with different versions of
-    GCC.</para>
+    the C++ ABI in an incompatible way</link>; this may cause problems if you
+    try to link objects compiled with different versions of GCC.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Glibc 2.23 (was 2.21).</para>
+   <para>
+    Glibc 2.23 (was 2.21).
+   </para>
   </listitem>
-
   <listitem>
-    <para>Binutils 2.26 (was 2.23.1). See #909</para>
+   <para>
+    Binutils 2.26 (was 2.23.1). See #909
+   </para>
   </listitem>
-
   <listitem>
-    <para>Improved support for ensuring <link
-    xlink:href="https://reproducible-builds.org/">bitwise reproducible
-    builds</link>. For example, <literal>stdenv</literal> now sets the
-    environment variable <envar
+   <para>
+    Improved support for ensuring
+    <link
+    xlink:href="https://reproducible-builds.org/">bitwise
+    reproducible builds</link>. For example, <literal>stdenv</literal> now sets
+    the environment variable
+    <envar
     xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar>
-    to a deterministic value, and Nix has <link
+    to a deterministic value, and Nix has
+    <link
     xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
-    an option</link> to repeat a build a number of times to test
-    determinism. An ongoing project, the goal of exact reproducibility
-    is to allow binaries to be verified independently (e.g., a user
-    might only trust binaries that appear in three independent binary
-    caches).</para>
+    an option</link> to repeat a build a number of times to test determinism.
+    An ongoing project, the goal of exact reproducibility is to allow binaries
+    to be verified independently (e.g., a user might only trust binaries that
+    appear in three independent binary caches).
+   </para>
   </listitem>
-
   <listitem>
-    <para>Perl 5.22.</para>
+   <para>
+    Perl 5.22.
+   </para>
   </listitem>
+ </itemizedlist>
 
-</itemizedlist>
-
-<para>The following new services were added since the last release:
-
+ <para>
+  The following new services were added since the last release:
   <itemizedlist>
-    <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
-    <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem>
-    <listitem><para><literal>i18n/input-method/default.nix</literal></para></listitem>
-    <listitem><para><literal>i18n/input-method/fcitx.nix</literal></para></listitem>
-    <listitem><para><literal>i18n/input-method/ibus.nix</literal></para></listitem>
-    <listitem><para><literal>i18n/input-method/nabi.nix</literal></para></listitem>
-    <listitem><para><literal>i18n/input-method/uim.nix</literal></para></listitem>
-    <listitem><para><literal>programs/fish.nix</literal></para></listitem>
-    <listitem><para><literal>security/acme.nix</literal></para></listitem>
-    <listitem><para><literal>security/audit.nix</literal></para></listitem>
-    <listitem><para><literal>security/oath.nix</literal></para></listitem>
-    <listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem>
-    <listitem><para><literal>services/mail/dspam.nix</literal></para></listitem>
-    <listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem>
-    <listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem>
-    <listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem>
-    <listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/autofs.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/mathics.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem>
-    <listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem>
-    <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
-    <listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem>
-    <listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/autossh.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/gale.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem>
-    <listitem><para><literal>services/search/kibana.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/haka.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/physlock.nix</literal></para></listitem>
-    <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
-    <listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem>
-    <listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
-    <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
-    <listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem>
-    <listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/longview.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/video/webcam/facetimehd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i18n/input-method/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i18n/input-method/fcitx.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i18n/input-method/ibus.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i18n/input-method/nabi.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>i18n/input-method/uim.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/fish.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/acme.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/audit.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/oath.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/hardware/irqbalance.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/dspam.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/opendkim.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/postsrsd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/rspamd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/rmilter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/autofs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/bepasty.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/calibre-server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/cfdyndns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/gammu-smsd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/mathics.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/matrix-synapse.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/octoprint.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/hdaps.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/heapster.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/longview.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/netatalk.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/xtreemfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/autossh.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/dnschain.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/gale.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/miniupnpd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/namecoind.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/ostinato.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/pdnsd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/shairport-sync.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/supplicant.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/search/kibana.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/haka.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/physlock.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/pump.io.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/hardware/libinput.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/window-managers/windowlab.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/initrd-network.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/initrd-ssh.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/loader/loader.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/networkd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/resolved.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/lxd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/rkt.nix</literal>
+    </para>
+   </listitem>
   </itemizedlist>
-</para>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
+ </para>
 
-<itemizedlist>
+ <para>
+  When upgrading from a previous release, please be aware of the following
+  incompatible changes:
+ </para>
 
+ <itemizedlist>
   <listitem>
-    <para>We no longer produce graphical ISO images and VirtualBox
-    images for <literal>i686-linux</literal>. A minimal ISO image is
-    still provided.</para>
+   <para>
+    We no longer produce graphical ISO images and VirtualBox images for
+    <literal>i686-linux</literal>. A minimal ISO image is still provided.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
-    The package and attribute names are plain <literal>firefox</literal>
-    or <literal>midori</literal>, etc.  Backward-compatibility attributes were set up,
-    but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
-    your current <literal>firefox-with-plugins</literal>;
-    you have to uninstall it and install <literal>firefox</literal> instead.</para>
+   <para>
+    Firefox and similar browsers are now <emphasis>wrapped by
+    default</emphasis>. The package and attribute names are plain
+    <literal>firefox</literal> or <literal>midori</literal>, etc.
+    Backward-compatibility attributes were set up, but note that
+    <command>nix-env -u</command> will <emphasis>not</emphasis> update your
+    current <literal>firefox-with-plugins</literal>; you have to uninstall it
+    and install <literal>firefox</literal> instead.
+   </para>
   </listitem>
-
   <listitem>
-    <para><command>wmiiSnap</command> has been replaced with
+   <para>
+    <command>wmiiSnap</command> has been replaced with
     <command>wmii_hg</command>, but
-    <command>services.xserver.windowManager.wmii.enable</command> has
-    been updated respectively so this only affects you if you have
-    explicitly installed <command>wmiiSnap</command>.
-    </para>
+    <command>services.xserver.windowManager.wmii.enable</command> has been
+    updated respectively so this only affects you if you have explicitly
+    installed <command>wmiiSnap</command>.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>jobs</literal> NixOS option has been removed. It served as
+   <para>
+    <literal>jobs</literal> NixOS option has been removed. It served as
     compatibility layer between Upstart jobs and SystemD services. All services
-    have been rewritten to use <literal>systemd.services</literal></para>
+    have been rewritten to use <literal>systemd.services</literal>
+   </para>
   </listitem>
-
   <listitem>
-    <para><command>wmiimenu</command> is removed, as it has been
-    removed by the developers upstream. Use <command>wimenu</command>
-    from the <command>wmii-hg</command> package.</para>
+   <para>
+    <command>wmiimenu</command> is removed, as it has been removed by the
+    developers upstream. Use <command>wimenu</command> from the
+    <command>wmii-hg</command> package.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Gitit is no longer automatically added to the module list in
-    NixOS and as such there will not be any manual entries for it. You
-    will need to add an import statement to your NixOS configuration
-    in order to use it, e.g.
-
+   <para>
+    Gitit is no longer automatically added to the module list in NixOS and as
+    such there will not be any manual entries for it. You will need to add an
+    import statement to your NixOS configuration in order to use it, e.g.
 <programlisting><![CDATA[
 {
   imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
 }
 ]]></programlisting>
-
-    will include the Gitit service configuration options.</para>
+    will include the Gitit service configuration options.
+   </para>
   </listitem>
-
   <listitem>
-    <para><command>nginx</command> does not accept flags for enabling and
-    disabling modules anymore. Instead it accepts <literal>modules</literal>
-    argument, which is a list of modules to be built in. All modules now
-    reside in <literal>nginxModules</literal> set. Example configuration:
-
+   <para>
+    <command>nginx</command> does not accept flags for enabling and disabling
+    modules anymore. Instead it accepts <literal>modules</literal> argument,
+    which is a list of modules to be built in. All modules now reside in
+    <literal>nginxModules</literal> set. Example configuration:
 <programlisting><![CDATA[
 nginx.override {
   modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
 }
 ]]></programlisting>
-    </para>
+   </para>
   </listitem>
-
   <listitem>
-    <para><command>s3sync</command> is removed, as it hasn't been
-    developed by upstream for 4 years and only runs with ruby 1.8.
-    For an actively-developer alternative look at
-    <command>tarsnap</command> and others.
-    </para>
+   <para>
+    <command>s3sync</command> is removed, as it hasn't been developed by
+    upstream for 4 years and only runs with ruby 1.8. For an actively-developer
+    alternative look at <command>tarsnap</command> and others.
+   </para>
   </listitem>
-
   <listitem>
-    <para><command>ruby_1_8</command> has been removed as it's not
-    supported from upstream anymore and probably contains security
-    issues.
-    </para>
+   <para>
+    <command>ruby_1_8</command> has been removed as it's not supported from
+    upstream anymore and probably contains security issues.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>tidy-html5</literal> package is removed.
-    Upstream only provided <literal>(lib)tidy5</literal> during development,
-    and now they went back to <literal>(lib)tidy</literal> to work as a drop-in
-    replacement of the original package that has been unmaintained for years.
-    You can (still) use the <literal>html-tidy</literal> package, which got updated
-    to a stable release from this new upstream.</para>
+   <para>
+    <literal>tidy-html5</literal> package is removed. Upstream only provided
+    <literal>(lib)tidy5</literal> during development, and now they went back to
+    <literal>(lib)tidy</literal> to work as a drop-in replacement of the
+    original package that has been unmaintained for years. You can (still) use
+    the <literal>html-tidy</literal> package, which got updated to a stable
+    release from this new upstream.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>extraDeviceOptions</literal> argument is removed
-    from <literal>bumblebee</literal> package. Instead there are
-    now two separate arguments: <literal>extraNvidiaDeviceOptions</literal>
-    and <literal>extraNouveauDeviceOptions</literal> for setting
-    extra X11 options for nvidia and nouveau drivers, respectively.
-    </para>
+   <para>
+    <literal>extraDeviceOptions</literal> argument is removed from
+    <literal>bumblebee</literal> package. Instead there are now two separate
+    arguments: <literal>extraNvidiaDeviceOptions</literal> and
+    <literal>extraNouveauDeviceOptions</literal> for setting extra X11 options
+    for nvidia and nouveau drivers, respectively.
+   </para>
   </listitem>
-
   <listitem>
-    <para>The <literal>Ctrl+Alt+Backspace</literal> key combination
-    no longer kills the X server by default.
-    There's a new option <option>services.xserver.enableCtrlAltBackspace</option>
-    allowing to enable the combination again.
-    </para>
+   <para>
+    The <literal>Ctrl+Alt+Backspace</literal> key combination no longer kills
+    the X server by default. There's a new option
+    <option>services.xserver.enableCtrlAltBackspace</option> allowing to enable
+    the combination again.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>emacsPackagesNg</literal> now contains all packages
-    from the ELPA, MELPA, and MELPA Stable repositories.
-    </para>
+   <para>
+    <literal>emacsPackagesNg</literal> now contains all packages from the ELPA,
+    MELPA, and MELPA Stable repositories.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Data directory for Postfix MTA server is moved from
+   <para>
+    Data directory for Postfix MTA server is moved from
     <filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>.
-    Old configurations are migrated automatically. <literal>service.postfix</literal>
-    module has also received many improvements, such as correct directories' access
-    rights, new <literal>aliasFiles</literal> and <literal>mapFiles</literal>
-    options and more.</para>
+    Old configurations are migrated automatically.
+    <literal>service.postfix</literal> module has also received many
+    improvements, such as correct directories' access rights, new
+    <literal>aliasFiles</literal> and <literal>mapFiles</literal> options and
+    more.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Filesystem options should now be configured as a list of strings, not
-    a comma-separated string. The old style will continue to work, but print a
+   <para>
+    Filesystem options should now be configured as a list of strings, not a
+    comma-separated string. The old style will continue to work, but print a
     warning, until the 16.09 release. An example of the new style:
-
 <programlisting>
 fileSystems."/example" = {
   device = "/dev/sdc";
@@ -254,103 +475,103 @@ fileSystems."/example" = {
   options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
 };
 </programlisting>
-    </para>
+   </para>
   </listitem>
-
   <listitem>
-    <para>CUPS, installed by <literal>services.printing</literal> module, now
-    has its data directory in <filename>/var/lib/cups</filename>. Old
-    configurations from <filename>/etc/cups</filename> are moved there
-    automatically, but there might be problems. Also configuration options
+   <para>
+    CUPS, installed by <literal>services.printing</literal> module, now has its
+    data directory in <filename>/var/lib/cups</filename>. Old configurations
+    from <filename>/etc/cups</filename> are moved there automatically, but
+    there might be problems. Also configuration options
     <literal>services.printing.cupsdConf</literal> and
-    <literal>services.printing.cupsdFilesConf</literal> were removed
-    because they had been allowing one to override configuration variables
-    required for CUPS to work at all on NixOS. For most use cases,
+    <literal>services.printing.cupsdFilesConf</literal> were removed because
+    they had been allowing one to override configuration variables required for
+    CUPS to work at all on NixOS. For most use cases,
     <literal>services.printing.extraConf</literal> and new option
-    <literal>services.printing.extraFilesConf</literal> should be enough;
-    if you encounter a situation when they are not, please file a bug.</para>
-
-    <para>There are also Gutenprint improvements; in particular, a new option
-    <literal>services.printing.gutenprint</literal> is added to enable automatic
-    updating of Gutenprint PPMs; it's greatly recommended to enable it instead
-    of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use
-    <literal>hardware.opengl.extraPackages{,32}</literal> instead. You can
-    also specify VDPAU drivers there.</para>
-  </listitem>
-
-  <listitem>
-    <para>
-    <literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>.
-    The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal>
-    and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to
+    <literal>services.printing.extraFilesConf</literal> should be enough; if
+    you encounter a situation when they are not, please file a bug.
+   </para>
+   <para>
+    There are also Gutenprint improvements; in particular, a new option
+    <literal>services.printing.gutenprint</literal> is added to enable
+    automatic updating of Gutenprint PPMs; it's greatly recommended to enable
+    it instead of adding <literal>gutenprint</literal> to the
+    <literal>drivers</literal> list.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    <literal>services.xserver.vaapiDrivers</literal> has been removed. Use
+    <literal>hardware.opengl.extraPackages{,32}</literal> instead. You can also
+    specify VDPAU drivers there.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    <literal>programs.ibus</literal> moved to
+    <literal>i18n.inputMethod.ibus</literal>. The option
+    <literal>programs.ibus.plugins</literal> changed to
+    <literal>i18n.inputMethod.ibus.engines</literal> and the option to enable
+    ibus changed from <literal>programs.ibus.enable</literal> to
     <literal>i18n.inputMethod.enabled</literal>.
-    <literal>i18n.inputMethod.enabled</literal> should be set to the used input method name,
-    <literal>"ibus"</literal> for ibus.
-    An example of the new style:
-
+    <literal>i18n.inputMethod.enabled</literal> should be set to the used input
+    method name, <literal>"ibus"</literal> for ibus. An example of the new
+    style:
 <programlisting>
 i18n.inputMethod.enabled = "ibus";
 i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
 </programlisting>
-
-That is equivalent to the old version:
-
+    That is equivalent to the old version:
 <programlisting>
 programs.ibus.enable = true;
 programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
 </programlisting>
-
-    </para>
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>services.udev.extraRules</literal> option now writes rules
-    to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>.
-    This makes all the user rules apply after others, so their results wouldn't be
-    overriden by anything else.</para>
+   <para>
+    <literal>services.udev.extraRules</literal> option now writes rules to
+    <filename>99-local.rules</filename> instead of
+    <filename>10-local.rules</filename>. This makes all the user rules apply
+    after others, so their results wouldn't be overriden by anything else.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Large parts of the <literal>services.gitlab</literal> module has been
-    been rewritten. There are new configuration options available. The
+   <para>
+    Large parts of the <literal>services.gitlab</literal> module has been been
+    rewritten. There are new configuration options available. The
     <literal>stateDir</literal> option was renamned to
-    <literal>statePath</literal> and the <literal>satellitesDir</literal> option
-    was removed. Please review the currently available options.</para>
+    <literal>statePath</literal> and the <literal>satellitesDir</literal>
+    option was removed. Please review the currently available options.
+   </para>
   </listitem>
-
   <listitem>
-    <para>
-    The option <option>services.nsd.zones.&lt;name&gt;.data</option> no
-    longer interpret the dollar sign ($) as a shell variable, as such it
-    should not be escaped anymore.  Thus the following zone data:
-    </para>
-    <programlisting>
+   <para>
+    The option <option>services.nsd.zones.&lt;name&gt;.data</option> no longer
+    interpret the dollar sign ($) as a shell variable, as such it should not be
+    escaped anymore. Thus the following zone data:
+   </para>
+<programlisting>
 \$ORIGIN example.com.
 \$TTL 1800
 @       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
     </programlisting>
-    <para>
+   <para>
     Should modified to look like the actual file expected by nsd:
-    </para>
-    <programlisting>
+   </para>
+<programlisting>
 $ORIGIN example.com.
 $TTL 1800
 @       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
     </programlisting>
   </listitem>
-
   <listitem>
-    <para>
-    <literal>service.syncthing.dataDir</literal> options now has to point
-    to exact folder where syncthing is writing to. Example configuration should
+   <para>
+    <literal>service.syncthing.dataDir</literal> options now has to point to
+    exact folder where syncthing is writing to. Example configuration should
     look something like:
-    </para>
-    <programlisting>
+   </para>
+<programlisting>
 services.syncthing = {
     enable = true;
     dataDir = "/home/somebody/.syncthing";
@@ -358,76 +579,73 @@ services.syncthing = {
 };
     </programlisting>
   </listitem>
-
-  <listitem>
-    <para>
-      <literal>networking.firewall.allowPing</literal> is now enabled by
-      default. Users are encouraged to configure an appropriate rate limit for
-      their machines using the Kernel interface at
-      <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
-      <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
-      firewall itself, i.e. by setting the NixOS option
-      <literal>networking.firewall.pingLimit</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Systems with some broadcom cards used to result into a generated config
-      that is no longer accepted. If you get errors like
-      <screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen>
-      you should either re-run <command>nixos-generate-config</command> or manually replace
-      <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
-      by
-      <literal>config.boot.kernelPackages.broadcom_sta</literal>
-      in your <filename>/etc/nixos/hardware-configuration.nix</filename>.
-      More discussion is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
-      the github issue</link>.
-    </para>
-  </listitem>
-
   <listitem>
-    <para>
-      The <literal>services.xserver.startGnuPGAgent</literal> option has been removed.
-      GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
-      longer requires (or even supports) the "start everything as a child of the
-      agent" scheme we've implemented in NixOS for older versions.
-      To configure the gpg-agent for your X session, add the following code to
-      <filename>~/.bashrc</filename> or some file that’s sourced when your shell is started:
-    <programlisting>
+   <para>
+    <literal>networking.firewall.allowPing</literal> is now enabled by default.
+    Users are encouraged to configure an appropriate rate limit for their
+    machines using the Kernel interface at
+    <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
+    <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
+    firewall itself, i.e. by setting the NixOS option
+    <literal>networking.firewall.pingLimit</literal>.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Systems with some broadcom cards used to result into a generated config
+    that is no longer accepted. If you get errors like
+<screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen>
+    you should either re-run <command>nixos-generate-config</command> or
+    manually replace
+    <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal> by
+    <literal>config.boot.kernelPackages.broadcom_sta</literal> in your
+    <filename>/etc/nixos/hardware-configuration.nix</filename>. More discussion
+    is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595"> the
+    github issue</link>.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    The <literal>services.xserver.startGnuPGAgent</literal> option has been
+    removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new
+    approach no longer requires (or even supports) the "start everything as a
+    child of the agent" scheme we've implemented in NixOS for older versions.
+    To configure the gpg-agent for your X session, add the following code to
+    <filename>~/.bashrc</filename> or some file that’s sourced when your
+    shell is started:
+<programlisting>
 GPG_TTY=$(tty)
 export GPG_TTY
     </programlisting>
-      If you want to use gpg-agent for SSH, too, add the following to your session
-      initialization (e.g. <literal>displayManager.sessionCommands</literal>)
-    <programlisting>
+    If you want to use gpg-agent for SSH, too, add the following to your
+    session initialization (e.g.
+    <literal>displayManager.sessionCommands</literal>)
+<programlisting>
 gpg-connect-agent /bye
 unset SSH_AGENT_PID
 export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
     </programlisting>
-      and make sure that
-    <programlisting>
+    and make sure that
+<programlisting>
 enable-ssh-support
     </programlisting>
-      is included in your <filename>~/.gnupg/gpg-agent.conf</filename>.
-      You will need to use <command>ssh-add</command> to re-add your ssh keys.
-      If gpg’s automatic transformation of the private keys to the new format fails,
-      you will need to re-import your private keyring as well:
-    <programlisting>
+    is included in your <filename>~/.gnupg/gpg-agent.conf</filename>. You will
+    need to use <command>ssh-add</command> to re-add your ssh keys. If gpg’s
+    automatic transformation of the private keys to the new format fails, you
+    will need to re-import your private keyring as well:
+<programlisting>
 gpg --import ~/.gnupg/secring.gpg
     </programlisting>
-    The <command>gpg-agent(1)</command> man page has more details about this subject,
-    i.e. in the "EXAMPLES" section.
-    </para>
+    The <command>gpg-agent(1)</command> man page has more details about this
+    subject, i.e. in the "EXAMPLES" section.
+   </para>
   </listitem>
-</itemizedlist>
-
-
-<para>Other notable improvements:
+ </itemizedlist>
 
-<itemizedlist>
-
-  <!--
+ <para>
+  Other notable improvements:
+  <itemizedlist>
+<!--
   <listitem>
     <para>The <command>command-not-found</command> hook was extended.
     Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
@@ -436,18 +654,18 @@ gpg --import ~/.gnupg/secring.gpg
     <command>nix-shell</command> (without installing anything).</para>
   </listitem>
   -->
-
-  <listitem>
-    <para><literal>ejabberd</literal> module is brought back and now works on
-    NixOS.</para>
-  </listitem>
-
-  <listitem>
-    <para>Input method support was improved. New NixOS modules (fcitx, nabi and uim),
-    fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
-    have been added.</para>
-  </listitem>
-
-</itemizedlist></para>
-
+   <listitem>
+    <para>
+     <literal>ejabberd</literal> module is brought back and now works on NixOS.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Input method support was improved. New NixOS modules (fcitx, nabi and
+     uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus
+     engines (hangul and m17n) have been added.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml
index 893f894f42fe..4a2343edc970 100644
--- a/nixos/doc/manual/release-notes/rl-1609.xml
+++ b/nixos/doc/manual/release-notes/rl-1609.xml
@@ -3,237 +3,275 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-16.09">
+ <title>Release 16.09 (“Flounder”, 2016/09/30)</title>
 
-<title>Release 16.09 (“Flounder”, 2016/09/30)</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
-
-<itemizedlist>
+ <para>
+  In addition to numerous new and upgraded packages, this release has the
+  following highlights:
+ </para>
 
+ <itemizedlist>
   <listitem>
-    <para>Many NixOS configurations and Nix packages now use
-    significantly less disk space, thanks to the <link
+   <para>
+    Many NixOS configurations and Nix packages now use significantly less disk
+    space, thanks to the
+    <link
     xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive
-    work on closure size reduction</link>. For example, the closure
-    size of a minimal NixOS container went down from ~424 MiB in 16.03
-    to ~212 MiB in 16.09, while the closure size of Firefox went from
-    ~651 MiB to ~259 MiB.</para>
+    work on closure size reduction</link>. For example, the closure size of a
+    minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in
+    16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB.
+   </para>
   </listitem>
-
   <listitem>
-    <para>To improve security, packages are now <link
+   <para>
+    To improve security, packages are now
+    <link
     xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built
-    using various hardening features</link>. See the Nixpkgs manual
-    for more information.</para>
+    using various hardening features</link>. See the Nixpkgs manual for more
+    information.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Support for PXE netboot.  See <xref
-    linkend="sec-booting-from-pxe" /> for documentation.</para>
+   <para>
+    Support for PXE netboot. See <xref
+    linkend="sec-booting-from-pxe" />
+    for documentation.
+   </para>
   </listitem>
-
   <listitem>
-    <para>X.org server 1.18. If you use the
-    <literal>ati_unfree</literal> driver, 1.17 is still used due to an
-    ABI incompatibility.</para>
+   <para>
+    X.org server 1.18. If you use the <literal>ati_unfree</literal> driver,
+    1.17 is still used due to an ABI incompatibility.
+   </para>
   </listitem>
-
   <listitem>
-    <para>This release is based on Glibc 2.24, GCC 5.4.0 and systemd
-    231. The default Linux kernel remains 4.4.</para>
+   <para>
+    This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default
+    Linux kernel remains 4.4.
+   </para>
   </listitem>
+ </itemizedlist>
 
-</itemizedlist>
-
-<para>The following new services were added since the last release:</para>
+ <para>
+  The following new services were added since the last release:
+ </para>
 
-<itemizedlist>
-  <listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
-</itemizedlist>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
+ <itemizedlist>
+  <listitem>
+   <para>
+    <literal>(this will get automatically generated at release time)</literal>
+   </para>
+  </listitem>
+ </itemizedlist>
 
-<itemizedlist>
+ <para>
+  When upgrading from a previous release, please be aware of the following
+  incompatible changes:
+ </para>
 
+ <itemizedlist>
   <listitem>
-    <para>A large number of packages have been converted to use the multiple outputs feature
-      of Nix to greatly reduce the amount of required disk space, as
-      mentioned above. This may require changes
-      to any custom packages to make them build again; see the relevant chapter in the
-      Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions
-      related to multiple-output packages
-      <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were changed</link>
-      late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
-    </para>
+   <para>
+    A large number of packages have been converted to use the multiple outputs
+    feature of Nix to greatly reduce the amount of required disk space, as
+    mentioned above. This may require changes to any custom packages to make
+    them build again; see the relevant chapter in the Nixpkgs manual for more
+    information. (Additional caveat to packagers: some packaging conventions
+    related to multiple-output packages
+    <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were
+    changed</link> late (August 2016) in the release cycle and differ from the
+    initial introduction of multiple outputs.)
+   </para>
   </listitem>
-
   <listitem>
-    <para>Previous versions of Nixpkgs had support for all versions of the LTS
+   <para>
+    Previous versions of Nixpkgs had support for all versions of the LTS
     Haskell package set. That support has been dropped. The previously provided
     <literal>haskell.packages.lts-x_y</literal> package sets still exist in
     name to aviod breaking user code, but these package sets don't actually
     contain the versions mandated by the corresponding LTS release. Instead,
     our package set it loosely based on the latest available LTS release, i.e.
     LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will
-    drop those old names entirely. <link
+    drop those old names entirely.
+    <link
     xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The
     motivation for this change</link> has been discussed at length on the
-    <literal>nix-dev</literal> mailing list and in <link
-    xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github issue
-    #14897</link>. Development strategies for Haskell hackers who want to rely
-    on Nix and NixOS have been described in <link
+    <literal>nix-dev</literal> mailing list and in
+    <link
+    xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github
+    issue #14897</link>. Development strategies for Haskell hackers who want to
+    rely on Nix and NixOS have been described in
+    <link
     xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another
-    nix-dev article</link>.</para>
+    nix-dev article</link>.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Shell aliases for systemd sub-commands
-    <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were dropped</link>:
-    <command>start</command>, <command>stop</command>,
-    <command>restart</command>, <command>status</command>.</para>
+   <para>
+    Shell aliases for systemd sub-commands
+    <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were
+    dropped</link>: <command>start</command>, <command>stop</command>,
+    <command>restart</command>, <command>status</command>.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default
-    behavior of Redis 3.2</para>
+   <para>
+    Redis now binds to 127.0.0.1 only instead of listening to all network
+    interfaces. This is the default behavior of Redis 3.2
+   </para>
   </listitem>
-
   <listitem>
-    <para>
-      <literal>/var/empty</literal> is now immutable. Activation script runs <command>chattr +i</command>
-      to forbid any modifications inside the folder. See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365">
-      the pull request</link> for what bugs this caused.
-    </para>
+   <para>
+    <literal>/var/empty</literal> is now immutable. Activation script runs
+    <command>chattr +i</command> to forbid any modifications inside the folder.
+    See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365"> the
+    pull request</link> for what bugs this caused.
+   </para>
   </listitem>
-
   <listitem>
-    <para>Gitlab's maintainance script
-    <command>gitlab-runner</command> was removed and split up into the
-    more clearer <command>gitlab-run</command> and
+   <para>
+    Gitlab's maintainance script <command>gitlab-runner</command> was removed
+    and split up into the more clearer <command>gitlab-run</command> and
     <command>gitlab-rake</command> scripts, because
-    <command>gitlab-runner</command> is a component of Gitlab
-    CI.</para>
+    <command>gitlab-runner</command> is a component of Gitlab CI.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>services.xserver.libinput.accelProfile</literal> default
-    changed from <literal>flat</literal> to <literal>adaptive</literal>,
-    as per <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79">
-    official documentation</link>.</para>
+   <para>
+    <literal>services.xserver.libinput.accelProfile</literal> default changed
+    from <literal>flat</literal> to <literal>adaptive</literal>, as per
+    <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79">
+    official documentation</link>.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>fonts.fontconfig.ultimate.rendering</literal> was removed
-    because our presets were obsolete for some time. New presets are hardcoded
-    into FreeType; you can select a preset via <literal>fonts.fontconfig.ultimate.preset</literal>.
-    You can customize those presets via ordinary environment variables, using
-    <literal>environment.variables</literal>.</para>
+   <para>
+    <literal>fonts.fontconfig.ultimate.rendering</literal> was removed because
+    our presets were obsolete for some time. New presets are hardcoded into
+    FreeType; you can select a preset via
+    <literal>fonts.fontconfig.ultimate.preset</literal>. You can customize
+    those presets via ordinary environment variables, using
+    <literal>environment.variables</literal>.
+   </para>
   </listitem>
-
   <listitem>
-    <para>The <literal>audit</literal> service is no longer enabled by default.
-    Use <literal>security.audit.enable = true</literal> to explicitly enable it.</para>
+   <para>
+    The <literal>audit</literal> service is no longer enabled by default. Use
+    <literal>security.audit.enable = true</literal> to explicitly enable it.
+   </para>
   </listitem>
-
   <listitem>
-    <para>
-      <literal>pkgs.linuxPackages.virtualbox</literal> now contains only the
-      kernel modules instead of the VirtualBox user space binaries.
-      If you want to reference the user space binaries, you have to use the new
-      <literal>pkgs.virtualbox</literal> instead.
-    </para>
+   <para>
+    <literal>pkgs.linuxPackages.virtualbox</literal> now contains only the
+    kernel modules instead of the VirtualBox user space binaries. If you want
+    to reference the user space binaries, you have to use the new
+    <literal>pkgs.virtualbox</literal> instead.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>goPackages</literal> was replaced with separated Go
-    applications in appropriate <literal>nixpkgs</literal>
-    categories. Each Go package uses its own dependency set. There's
-    also a new <literal>go2nix</literal> tool introduced to generate a
-    Go package definition from its Go source automatically.</para>
+   <para>
+    <literal>goPackages</literal> was replaced with separated Go applications
+    in appropriate <literal>nixpkgs</literal> categories. Each Go package uses
+    its own dependency set. There's also a new <literal>go2nix</literal> tool
+    introduced to generate a Go package definition from its Go source
+    automatically.
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>services.mongodb.extraConfig</literal> configuration format
-    was changed to YAML.</para>
+   <para>
+    <literal>services.mongodb.extraConfig</literal> configuration format was
+    changed to YAML.
+   </para>
   </listitem>
-
   <listitem>
-    <para>
-      PHP has been upgraded to 7.0
-    </para>
+   <para>
+    PHP has been upgraded to 7.0
+   </para>
   </listitem>
-</itemizedlist>
-
-
-<para>Other notable improvements:</para>
-
-<itemizedlist>
+ </itemizedlist>
 
-  <listitem><para>Revamped grsecurity/PaX support.  There is now only a single
-  general-purpose distribution kernel and the configuration interface has been
-  streamlined.  Desktop users should be able to simply set
-  <programlisting>security.grsecurity.enable = true</programlisting> to get
-  a reasonably secure system without having to sacrifice too much
-  functionality.
-  </para></listitem>
+ <para>
+  Other notable improvements:
+ </para>
 
-  <listitem><para>Special filesystems, like <literal>/proc</literal>,
-  <literal>/run</literal> and others, now have the same mount options
-  as recommended by systemd and are unified across different places in
-  NixOS.  Mount options are updated during <command>nixos-rebuild
-  switch</command> if possible. One benefit from this is improved
-  security — most such filesystems are now mounted with
-  <literal>noexec</literal>, <literal>nodev</literal> and/or
-  <literal>nosuid</literal> options.</para></listitem>
-
-  <listitem><para>The reverse path filter was interfering with DHCPv4 server
-  operation in the past. An exception for DHCPv4 and a new option to log
-  packets that were dropped due to the reverse path filter was added
-  (<literal>networking.firewall.logReversePathDrops</literal>) for easier
-  debugging.</para></listitem>
-
-  <listitem><para>Containers configuration within
-  <literal>containers.&lt;name&gt;.config</literal> is <link
+ <itemizedlist>
+  <listitem>
+   <para>
+    Revamped grsecurity/PaX support. There is now only a single general-purpose
+    distribution kernel and the configuration interface has been streamlined.
+    Desktop users should be able to simply set
+<programlisting>security.grsecurity.enable = true</programlisting>
+    to get a reasonably secure system without having to sacrifice too much
+    functionality.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Special filesystems, like <literal>/proc</literal>, <literal>/run</literal>
+    and others, now have the same mount options as recommended by systemd and
+    are unified across different places in NixOS. Mount options are updated
+    during <command>nixos-rebuild switch</command> if possible. One benefit
+    from this is improved security — most such filesystems are now mounted
+    with <literal>noexec</literal>, <literal>nodev</literal> and/or
+    <literal>nosuid</literal> options.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    The reverse path filter was interfering with DHCPv4 server operation in the
+    past. An exception for DHCPv4 and a new option to log packets that were
+    dropped due to the reverse path filter was added
+    (<literal>networking.firewall.logReversePathDrops</literal>) for easier
+    debugging.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Containers configuration within
+    <literal>containers.&lt;name&gt;.config</literal> is
+    <link
   xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now
-  properly typed and checked</link>. In particular, partial
-  configurations are merged correctly.</para></listitem>
-
+    properly typed and checked</link>. In particular, partial configurations
+    are merged correctly.
+   </para>
+  </listitem>
   <listitem>
-    <para>The directory container setuid wrapper programs,
-    <filename>/var/setuid-wrappers</filename>, <link
+   <para>
+    The directory container setuid wrapper programs,
+    <filename>/var/setuid-wrappers</filename>,
+    <link
     xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now
-    updated atomically to prevent failures if the switch to a new
-    configuration is interrupted.</link></para>
+    updated atomically to prevent failures if the switch to a new configuration
+    is interrupted.</link>
+   </para>
   </listitem>
-
   <listitem>
-    <para><literal>services.xserver.startGnuPGAgent</literal>
-      has been removed due to GnuPG 2.1.x bump. See <link
+   <para>
+    <literal>services.xserver.startGnuPGAgent</literal> has been removed due to
+    GnuPG 2.1.x bump. See
+    <link
         xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c">
-        how to achieve similar behavior</link>. You might need to
-      <literal>pkill gpg-agent</literal> after the upgrade
-      to prevent a stale agent being in the way.
-    </para>
+    how to achieve similar behavior</link>. You might need to <literal>pkill
+    gpg-agent</literal> after the upgrade to prevent a stale agent being in the
+    way.
+   </para>
   </listitem>
-
-  <listitem><para>
+  <listitem>
+   <para>
     <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147">
-    Declarative users could share the uid due to the bug in
-    the script handling conflict resolution.
-    </link>
-  </para></listitem>
-
-  <listitem><para>
+    Declarative users could share the uid due to the bug in the script handling
+    conflict resolution. </link>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
     Gummi boot has been replaced using systemd-boot.
-  </para></listitem>
-
-  <listitem><para>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
     Hydra package and NixOS module were added for convenience.
-  </para></listitem>
-
-</itemizedlist>
-
-
+   </para>
+  </listitem>
+ </itemizedlist>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 6147b9830137..6ca79e2bc00d 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -3,259 +3,588 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.03">
+ <title>Release 17.03 (“Gorilla”, 2017/03/31)</title>
 
-<title>Release 17.03 (“Gorilla”, 2017/03/31)</title>
-
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.03-highlights">
+  <title>Highlights</title>
 
-<title>Highlights</title>
+  <para>
+   In addition to numerous new and upgraded packages, this release has the
+   following highlights:
+  </para>
 
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
-
-<itemizedlist>
-  <listitem>
-    <para>Nixpkgs is now extensible through overlays. See the <link
+  <itemizedlist>
+   <listitem>
+    <para>
+     Nixpkgs is now extensible through overlays. See the
+     <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">Nixpkgs
-    manual</link> for more information.</para>
-  </listitem>
-
-  <listitem>
-    <para>This release is based on Glibc 2.25, GCC 5.4.0 and systemd
-    232. The default Linux kernel is 4.9 and Nix is at 1.11.8.</para>
-  </listitem>
-
-  <listitem>
-    <para>The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed</para>
-  </listitem>
-
-  <listitem>
-    <para>The setuid wrapper functionality now supports setting
-    capabilities.</para>
-  </listitem>
-
-  <listitem>
-    <para>X.org server uses branch 1.19. Due to ABI incompatibilities,
-      <literal>ati_unfree</literal> keeps forcing 1.17
-      and <literal>amdgpu-pro</literal> starts forcing 1.18.</para>
-  </listitem>
-
-  <listitem>
+     manual</link> for more information.
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      Cross compilation has been rewritten. See the nixpkgs manual for
-      details. The most obvious breaking change is that in derivations there is no
-      <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> are now
-      cross by default, not native.
+     This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The
+     default Linux kernel is 4.9 and Nix is at 1.11.8.
     </para>
-  </listitem>
-
-  <listitem>
-    <para>The <literal>overridePackages</literal> function has been rewritten
-    to be replaced by <link
+   </listitem>
+   <listitem>
+    <para>
+     The default desktop environment now is KDE's Plasma 5. KDE 4 has been
+     removed
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The setuid wrapper functionality now supports setting capabilities.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     X.org server uses branch 1.19. Due to ABI incompatibilities,
+     <literal>ati_unfree</literal> keeps forcing 1.17 and
+     <literal>amdgpu-pro</literal> starts forcing 1.18.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Cross compilation has been rewritten. See the nixpkgs manual for details.
+     The most obvious breaking change is that in derivations there is no
+     <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> are now
+     cross by default, not native.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>overridePackages</literal> function has been rewritten to be
+     replaced by
+     <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
-    overlays</link></para>
-  </listitem>
-
-  <listitem>
-    <para>Packages in nixpkgs can be marked as insecure through listed
-    vulnerabilities. See the <link
+     overlays</link>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Packages in nixpkgs can be marked as insecure through listed
+     vulnerabilities. See the
+     <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-allow-insecure">Nixpkgs
-    manual</link> for more information.</para>
-  </listitem>
-
-  <listitem>
-    <para>PHP now defaults to PHP 7.1</para>
-  </listitem>
-
-</itemizedlist>
+     manual</link> for more information.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     PHP now defaults to PHP 7.1
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.03-new-services">
+  <title>New Services</title>
 
-<title>New Services</title>
+  <para>
+   The following new services were added since the last release:
+  </para>
 
-<para>The following new services were added since the last release:</para>
-
-<itemizedlist>
-  <listitem><para><literal>hardware/ckb.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/mcelog.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/usb-wwan.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/video/capture/mwprocapture.nix</literal></para></listitem>
-  <listitem><para><literal>programs/adb.nix</literal></para></listitem>
-  <listitem><para><literal>programs/chromium.nix</literal></para></listitem>
-  <listitem><para><literal>programs/gphoto2.nix</literal></para></listitem>
-  <listitem><para><literal>programs/java.nix</literal></para></listitem>
-  <listitem><para><literal>programs/mtr.nix</literal></para></listitem>
-  <listitem><para><literal>programs/oblogout.nix</literal></para></listitem>
-  <listitem><para><literal>programs/vim.nix</literal></para></listitem>
-  <listitem><para><literal>programs/wireshark.nix</literal></para></listitem>
-  <listitem><para><literal>security/dhparams.nix</literal></para></listitem>
-  <listitem><para><literal>services/audio/ympd.nix</literal></para></listitem>
-  <listitem><para><literal>services/computing/boinc/client.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/buildbot/master.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/buildbot/worker.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/gitlab-runner.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/riak-cs.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/stanchion.nix</literal></para></listitem>
-  <listitem><para><literal>services/desktops/gnome3/gnome-terminal-server.nix</literal></para></listitem>
-  <listitem><para><literal>services/editors/infinoted.nix</literal></para></listitem>
-  <listitem><para><literal>services/hardware/illum.nix</literal></para></listitem>
-  <listitem><para><literal>services/hardware/trezord.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/journalbeat.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/offlineimap.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/postgrey.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/couchpotato.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/docker-registry.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/errbot.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/geoip-updater.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/gogs.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/leaps.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/nix-optimise.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/ssm-agent.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/sssd.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/arbtt.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/netdata.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/default.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/alertmanager.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/blackbox-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/json-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/nginx-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/node-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/snmp-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/unifi-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/varnish-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/sysstat.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/telegraf.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/vnstat.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/cachefilesd.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/glusterfs.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/ipfs.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/dante.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/dnscrypt-wrapper.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/fakeroute.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/flannel.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/htpdate.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/miredo.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/nftables.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/powerdns.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/pdns-recursor.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/quagga.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/redsocks.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/wireguard.nix</literal></para></listitem>
-  <listitem><para><literal>services/system/cgmanager.nix</literal></para></listitem>
-  <listitem><para><literal>services/torrent/opentracker.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/confluence.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/crowd.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/jira.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/frab.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/nixbot.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/selfoss.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/quassel-webserver.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/unclutter-xfixes.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/urxvtd.nix</literal></para></listitem>
-  <listitem><para><literal>system/boot/systemd-nspawn.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/ecs-agent.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/lxcfs.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/openstack/keystone.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/openstack/glance.nix</literal></para></listitem>
-</itemizedlist>
+  <itemizedlist>
+   <listitem>
+    <para>
+     <literal>hardware/ckb.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/mcelog.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/usb-wwan.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/video/capture/mwprocapture.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/adb.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/chromium.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/gphoto2.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/java.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/mtr.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/oblogout.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/vim.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/wireshark.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/dhparams.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/audio/ympd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/computing/boinc/client.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/continuous-integration/buildbot/master.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/continuous-integration/buildbot/worker.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/continuous-integration/gitlab-runner.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/databases/riak-cs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/databases/stanchion.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/desktops/gnome3/gnome-terminal-server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/editors/infinoted.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/hardware/illum.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/hardware/trezord.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/logging/journalbeat.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/offlineimap.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/postgrey.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/couchpotato.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/docker-registry.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/errbot.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/geoip-updater.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/gogs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/leaps.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/nix-optimise.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/ssm-agent.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/sssd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/arbtt.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/netdata.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/alertmanager.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/blackbox-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/json-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/nginx-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/node-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/snmp-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/unifi-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/varnish-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/sysstat.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/telegraf.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/vnstat.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/cachefilesd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/glusterfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/ipfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/dante.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/dnscrypt-wrapper.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/fakeroute.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/flannel.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/htpdate.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/miredo.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/nftables.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/powerdns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/pdns-recursor.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/quagga.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/redsocks.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/wireguard.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/system/cgmanager.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/torrent/opentracker.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/atlassian/confluence.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/atlassian/crowd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/atlassian/jira.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/frab.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/nixbot.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/selfoss.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/quassel-webserver.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/unclutter-xfixes.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/urxvtd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>system/boot/systemd-nspawn.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/ecs-agent.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/lxcfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/openstack/keystone.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>virtualisation/openstack/glance.nix</literal>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.03-incompatibilities">
+  <title>Backward Incompatibilities</title>
 
-<title>Backward Incompatibilities</title>
+  <para>
+   When upgrading from a previous release, please be aware of the following
+   incompatible changes:
+  </para>
 
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
-
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      Derivations have no <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> 
-      and are now cross by default, not native.
+     Derivations have no <literal>.nativeDrv</literal> nor
+     <literal>.crossDrv</literal> and are now cross by default, not native.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>stdenv.overrides</literal> is now expected to take <literal>self</literal>
-      and <literal>super</literal> arguments. See <literal>lib.trivial.extends</literal>
-      for what those parameters represent.
+     <literal>stdenv.overrides</literal> is now expected to take
+     <literal>self</literal> and <literal>super</literal> arguments. See
+     <literal>lib.trivial.extends</literal> for what those parameters
+     represent.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>ansible</literal> now defaults to ansible version 2 as version 1
-      has been removed due to a serious <link
+     <literal>ansible</literal> now defaults to ansible version 2 as version 1
+     has been removed due to a serious
+     <link
       xlink:href="https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt">
-      vulnerability</link> unpatched by upstream.
+     vulnerability</link> unpatched by upstream.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>gnome</literal> alias has been removed along with
-      <literal>gtk</literal>, <literal>gtkmm</literal> and several others.
-      Now you need to use versioned attributes, like <literal>gnome3</literal>.
+     <literal>gnome</literal> alias has been removed along with
+     <literal>gtk</literal>, <literal>gtkmm</literal> and several others. Now
+     you need to use versioned attributes, like <literal>gnome3</literal>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The attribute name of the Radicale daemon has been changed from
-      <literal>pythonPackages.radicale</literal> to
-      <literal>radicale</literal>.
+     The attribute name of the Radicale daemon has been changed from
+     <literal>pythonPackages.radicale</literal> to <literal>radicale</literal>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>stripHash</literal> bash function in <literal>stdenv</literal>
-      changed according to its documentation; it now outputs the stripped name to
-      <literal>stdout</literal> instead of putting it in the variable
-      <literal>strippedName</literal>.
+     The <literal>stripHash</literal> bash function in
+     <literal>stdenv</literal> changed according to its documentation; it now
+     outputs the stripped name to <literal>stdout</literal> instead of putting
+     it in the variable <literal>strippedName</literal>.
     </para>
-  </listitem>
-
-  <listitem>
-    <para>PHP now scans for extra configuration .ini files in /etc/php.d
-    instead of /etc. This prevents accidentally loading non-PHP .ini files
-    that may be in /etc.
+   </listitem>
+   <listitem>
+    <para>
+     PHP now scans for extra configuration .ini files in /etc/php.d instead of
+     /etc. This prevents accidentally loading non-PHP .ini files that may be in
+     /etc.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Two lone top-level dict dbs moved into <literal>dictdDBs</literal>. This
-      affects: <literal>dictdWordnet</literal> which is now at
-      <literal>dictdDBs.wordnet</literal> and <literal>dictdWiktionary</literal>
-      which is now at <literal>dictdDBs.wiktionary</literal>
+     Two lone top-level dict dbs moved into <literal>dictdDBs</literal>. This
+     affects: <literal>dictdWordnet</literal> which is now at
+     <literal>dictdDBs.wordnet</literal> and <literal>dictdWiktionary</literal>
+     which is now at <literal>dictdDBs.wiktionary</literal>
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Parsoid service now uses YAML configuration format.
+     Parsoid service now uses YAML configuration format.
      <literal>service.parsoid.interwikis</literal> is now called
      <literal>service.parsoid.wikis</literal> and is a list of either API URLs
      or attribute sets as specified in parsoid's documentation.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
      <literal>Ntpd</literal> was replaced by
      <literal>systemd-timesyncd</literal> as the default service to synchronize
@@ -263,14 +592,12 @@ following incompatible changes:</para>
      setting <literal>services.ntp.enable</literal> to <literal>true</literal>.
      Upstream time servers for all NTP implementations are now configured using
      <literal>networking.timeServers</literal>.
-   </para>
-  </listitem>
-
-  <listitem>
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      <literal>service.nylon</literal> is now declared using named instances.
-      As an example:
-
+     <literal>service.nylon</literal> is now declared using named instances. As
+     an example:
 <programlisting>
   services.nylon = {
     enable = true;
@@ -279,9 +606,7 @@ following incompatible changes:</para>
     port = 5912;
   };
 </programlisting>
-
-      should be replaced with:
-
+     should be replaced with:
 <programlisting>
   services.nylon.myvpn = {
     enable = true;
@@ -290,225 +615,203 @@ following incompatible changes:</para>
     port = 5912;
   };
 </programlisting>
-
-      this enables you to declare a SOCKS proxy for each uplink.
-
+     this enables you to declare a SOCKS proxy for each uplink.
     </para>
-  </listitem>
-
-  <listitem>
-    <para><literal>overridePackages</literal> function no longer exists.
-    It is replaced by <link
+   </listitem>
+   <listitem>
+    <para>
+     <literal>overridePackages</literal> function no longer exists. It is
+     replaced by
+     <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
-    overlays</link>. For example, the following code:
-
+     overlays</link>. For example, the following code:
 <programlisting>
   let
     pkgs = import &lt;nixpkgs&gt; {};
   in
     pkgs.overridePackages (self: super: ...)
 </programlisting>
-
-    should be replaced by:
-
+     should be replaced by:
 <programlisting>
   let
     pkgs = import &lt;nixpkgs&gt; {};
   in
     import pkgs.path { overlays = [(self: super: ...)]; }
 </programlisting>
-
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Autoloading connection tracking helpers is now disabled by default.
-      This default was also changed in the Linux kernel and is considered
-      insecure if not configured properly in your firewall. If you need
-      connection tracking helpers (i.e. for active FTP) please enable
-      <literal>networking.firewall.autoLoadConntrackHelpers</literal> and
-      tune <literal>networking.firewall.connectionTrackingModules</literal>
-      to suit your needs.
-    </para>
-  </listitem>
-
-  <listitem>
+     Autoloading connection tracking helpers is now disabled by default. This
+     default was also changed in the Linux kernel and is considered insecure if
+     not configured properly in your firewall. If you need connection tracking
+     helpers (i.e. for active FTP) please enable
+     <literal>networking.firewall.autoLoadConntrackHelpers</literal> and tune
+     <literal>networking.firewall.connectionTrackingModules</literal> to suit
+     your needs.
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      <literal>local_recipient_maps</literal> is not set to empty value by
-      Postfix service. It's an insecure default as stated by Postfix
-      documentation. Those who want to retain this setting need to set it via
-      <literal>services.postfix.extraConfig</literal>.
+     <literal>local_recipient_maps</literal> is not set to empty value by
+     Postfix service. It's an insecure default as stated by Postfix
+     documentation. Those who want to retain this setting need to set it via
+     <literal>services.postfix.extraConfig</literal>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-    Iputils no longer provide ping6 and traceroute6. The functionality of
-    these tools has been integrated into ping and traceroute respectively. To
-    enforce an address family the new flags <literal>-4</literal> and
-    <literal>-6</literal> have been added. One notable incompatibility is that
-    specifying an interface (for link-local IPv6 for instance) is no longer done
-    with the <literal>-I</literal> flag, but by encoding the interface into the
-    address (<literal>ping fe80::1%eth0</literal>).
-    </para>
-  </listitem>
-
-  <listitem>
+     Iputils no longer provide ping6 and traceroute6. The functionality of
+     these tools has been integrated into ping and traceroute respectively. To
+     enforce an address family the new flags <literal>-4</literal> and
+     <literal>-6</literal> have been added. One notable incompatibility is that
+     specifying an interface (for link-local IPv6 for instance) is no longer
+     done with the <literal>-I</literal> flag, but by encoding the interface
+     into the address (<literal>ping fe80::1%eth0</literal>).
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      The socket handling of the <literal>services.rmilter</literal> module
-      has been fixed and refactored. As rmilter doesn't support binding to
-      more than one socket, the options <literal>bindUnixSockets</literal>
-      and <literal>bindInetSockets</literal> have been replaced by
-      <literal>services.rmilter.bindSocket.*</literal>. The default is still
-      a unix socket in <literal>/run/rmilter/rmilter.sock</literal>. Refer to
-      the options documentation for more information.
-    </para>
-  </listitem>
-
-  <listitem>
+     The socket handling of the <literal>services.rmilter</literal> module has
+     been fixed and refactored. As rmilter doesn't support binding to more than
+     one socket, the options <literal>bindUnixSockets</literal> and
+     <literal>bindInetSockets</literal> have been replaced by
+     <literal>services.rmilter.bindSocket.*</literal>. The default is still a
+     unix socket in <literal>/run/rmilter/rmilter.sock</literal>. Refer to the
+     options documentation for more information.
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>fetch*</literal> functions no longer support md5,
-      please use sha256 instead.
+     The <literal>fetch*</literal> functions no longer support md5, please use
+     sha256 instead.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The dnscrypt-proxy module interface has been streamlined around the
-      <option>extraArgs</option> option. Where possible, legacy option
-      declarations are mapped to <option>extraArgs</option> but will emit
-      warnings. The <option>resolverList</option> has been outright
-      removed: to use an unlisted resolver, use the
-      <option>customResolver</option> option.
-    </para>
-  </listitem>
-
-  <listitem>
+     The dnscrypt-proxy module interface has been streamlined around the
+     <option>extraArgs</option> option. Where possible, legacy option
+     declarations are mapped to <option>extraArgs</option> but will emit
+     warnings. The <option>resolverList</option> has been outright removed: to
+     use an unlisted resolver, use the <option>customResolver</option> option.
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      torbrowser now stores local state under
-      <filename>~/.local/share/tor-browser</filename> by default. Any
-      browser profile data from the old location,
-      <filename>~/.torbrowser4</filename>, must be migrated manually.
+     torbrowser now stores local state under
+     <filename>~/.local/share/tor-browser</filename> by default. Any browser
+     profile data from the old location, <filename>~/.torbrowser4</filename>,
+     must be migrated manually.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The ihaskell, monetdb, offlineimap and sitecopy services have been removed.
+     The ihaskell, monetdb, offlineimap and sitecopy services have been
+     removed.
     </para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.03-notable-changes">
+  <title>Other Notable Changes</title>
 
-<title>Other Notable Changes</title>
-
-<itemizedlist>
-
-  <listitem>
-    <para>Module type system have a new extensible option types feature that
-      allow to extend certain types, such as enum, through multiple option
-      declarations of the same option across multiple modules.
-    </para>
-  </listitem>
-
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      <literal>jre</literal> now defaults to GTK+ UI by default. This
-      improves visual consistency and makes Java follow system font style,
-      improving the situation on HighDPI displays. This has a cost of increased
-      closure size; for server and other headless workloads it's recommended to
-      use <literal>jre_headless</literal>.
+     Module type system have a new extensible option types feature that allow
+     to extend certain types, such as enum, through multiple option
+     declarations of the same option across multiple modules.
     </para>
-  </listitem>
-
-  <listitem>
-    <para>Python 2.6 interpreter and package set have been removed.</para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>jre</literal> now defaults to GTK+ UI by default. This improves
+     visual consistency and makes Java follow system font style, improving the
+     situation on HighDPI displays. This has a cost of increased closure size;
+     for server and other headless workloads it's recommended to use
+     <literal>jre_headless</literal>.
+    </para>
+   </listitem>
+   <listitem>
     <para>
-      The Python 2.7 interpreter does not use modules anymore. Instead, all
-      CPython interpreters now include the whole standard library except for `tkinter`,
-      which is available in the Python package set.
+     Python 2.6 interpreter and package set have been removed.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
-      Minor modifications had to be made to the interpreters in order to generate
-      deterministic bytecode. This has security implications and is relevant for
-      those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual
-      for details.
+     The Python 2.7 interpreter does not use modules anymore. Instead, all
+     CPython interpreters now include the whole standard library except for
+     `tkinter`, which is available in the Python package set.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The Python package sets now use a fixed-point combinator and the sets are
-      available as attributes of the interpreters.
+     Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
+     Minor modifications had to be made to the interpreters in order to
+     generate deterministic bytecode. This has security implications and is
+     relevant for those using Python in a <literal>nix-shell</literal>. See the
+     Nixpkgs manual for details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The Python package sets now use a fixed-point combinator and the sets are
+     available as attributes of the interpreters.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The Python function <literal>buildPythonPackage</literal> has been improved and can be
-      used to build from Setuptools source, Flit source, and precompiled Wheels.
+     The Python function <literal>buildPythonPackage</literal> has been
+     improved and can be used to build from Setuptools source, Flit source, and
+     precompiled Wheels.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      When adding new or updating current Python libraries, the expressions should be put
-      in separate files in <literal>pkgs/development/python-modules</literal> and
-      called from <literal>python-packages.nix</literal>.
+     When adding new or updating current Python libraries, the expressions
+     should be put in separate files in
+     <literal>pkgs/development/python-modules</literal> and called from
+     <literal>python-packages.nix</literal>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The dnscrypt-proxy service supports synchronizing the list of public
-      resolvers without working DNS resolution. This fixes issues caused by the
-      resolver list becoming outdated. It also improves the viability of
-      DNSCrypt only configurations.
+     The dnscrypt-proxy service supports synchronizing the list of public
+     resolvers without working DNS resolution. This fixes issues caused by the
+     resolver list becoming outdated. It also improves the viability of
+     DNSCrypt only configurations.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Containers using bridged networking no longer lose their connection after
-      changes to the host networking.
+     Containers using bridged networking no longer lose their connection after
+     changes to the host networking.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      ZFS supports pool auto scrubbing.
+     ZFS supports pool auto scrubbing.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The bind DNS utilities (e.g. dig) have been split into their own output and
-      are now also available in <literal>pkgs.dnsutils</literal> and it is no longer
-      necessary to pull in all of <literal>bind</literal> to use them.
+     The bind DNS utilities (e.g. dig) have been split into their own output
+     and are now also available in <literal>pkgs.dnsutils</literal> and it is
+     no longer necessary to pull in all of <literal>bind</literal> to use them.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Per-user configuration was moved from <filename>~/.nixpkgs</filename> to
-      <filename>~/.config/nixpkgs</filename>. The former is still valid for
-      <filename>config.nix</filename> for backwards compatibility.
+     Per-user configuration was moved from <filename>~/.nixpkgs</filename> to
+     <filename>~/.config/nixpkgs</filename>. The former is still valid for
+     <filename>config.nix</filename> for backwards compatibility.
     </para>
-  </listitem>
-</itemizedlist>
-</section>
+   </listitem>
+  </itemizedlist>
+ </section>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml
index 66f7b01db72a..795c51d2923d 100644
--- a/nixos/doc/manual/release-notes/rl-1709.xml
+++ b/nixos/doc/manual/release-notes/rl-1709.xml
@@ -3,40 +3,40 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.09">
+ <title>Release 17.09 (“Hummingbird”, 2017/09/??)</title>
 
-<title>Release 17.09 (“Hummingbird”, 2017/09/??)</title>
-
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.09-highlights">
+  <title>Highlights</title>
 
-<title>Highlights</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
+  <para>
+   In addition to numerous new and upgraded packages, this release has the
+   following highlights:
+  </para>
 
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10,
-      KDE Applications to 17.08.1 and KDE Frameworks to 5.37.
+     The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE
+     Applications to 17.08.1 and KDE Frameworks to 5.37.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The user handling now keeps track of deallocated UIDs/GIDs. When a user
-      or group is revived, this allows it to be allocated the UID/GID it had before.
-      A consequence is that UIDs and GIDs are no longer reused.
+     The user handling now keeps track of deallocated UIDs/GIDs. When a user or
+     group is revived, this allows it to be allocated the UID/GID it had
+     before. A consequence is that UIDs and GIDs are no longer reused.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The module option <option>services.xserver.xrandrHeads</option> now
-      causes the first head specified in this list to be set as the primary
-      head. Apart from that, it's now possible to also set additional options
-      by using an attribute set, for example:
+     The module option <option>services.xserver.xrandrHeads</option> now causes
+     the first head specified in this list to be set as the primary head. Apart
+     from that, it's now possible to also set additional options by using an
+     attribute set, for example:
 <programlisting>
 { services.xserver.xrandrHeads = [
     "HDMI-0"
@@ -50,365 +50,664 @@ has the following highlights: </para>
   ];
 }
 </programlisting>
-      This will set the <literal>DVI-0</literal> output to be the primary head,
-      even though <literal>HDMI-0</literal> is the first head in the list.
+     This will set the <literal>DVI-0</literal> output to be the primary head,
+     even though <literal>HDMI-0</literal> is the first head in the list.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The handling of SSL in the <literal>services.nginx</literal> module has
-      been cleaned up, renaming the misnamed <literal>enableSSL</literal> to
-      <literal>onlySSL</literal> which reflects its original intention. This
-      is not to be used with the already existing <literal>forceSSL</literal>
-      which creates a second non-SSL virtual host redirecting to the SSL
-      virtual host. This by chance had worked earlier due to specific
-      implementation details. In case you had specified both please remove
-      the <literal>enableSSL</literal> option to keep the previous behaviour.
+     The handling of SSL in the <literal>services.nginx</literal> module has
+     been cleaned up, renaming the misnamed <literal>enableSSL</literal> to
+     <literal>onlySSL</literal> which reflects its original intention. This is
+     not to be used with the already existing <literal>forceSSL</literal> which
+     creates a second non-SSL virtual host redirecting to the SSL virtual host.
+     This by chance had worked earlier due to specific implementation details.
+     In case you had specified both please remove the
+     <literal>enableSSL</literal> option to keep the previous behaviour.
     </para>
     <para>
-      Another <literal>addSSL</literal> option has been introduced to configure
-      both a non-SSL virtual host and an SSL virtual host with the same
-      configuration.
+     Another <literal>addSSL</literal> option has been introduced to configure
+     both a non-SSL virtual host and an SSL virtual host with the same
+     configuration.
     </para>
     <para>
-      Options to configure <literal>resolver</literal> options and
-      <literal>upstream</literal> blocks have been introduced. See their information
-      for further details.
+     Options to configure <literal>resolver</literal> options and
+     <literal>upstream</literal> blocks have been introduced. See their
+     information for further details.
     </para>
     <para>
-      The <literal>port</literal> option has been replaced by a more generic
-      <literal>listen</literal> option which makes it possible to specify
-      multiple addresses, ports and SSL configs dependant on the new SSL
-      handling mentioned above.
+     The <literal>port</literal> option has been replaced by a more generic
+     <literal>listen</literal> option which makes it possible to specify
+     multiple addresses, ports and SSL configs dependant on the new SSL
+     handling mentioned above.
     </para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.09-new-services">
+  <title>New Services</title>
 
-<title>New Services</title>
-
-<para>The following new services were added since the last release:</para>
+  <para>
+   The following new services were added since the last release:
+  </para>
 
-<itemizedlist>
-  <listitem><para><literal>config/fonts/fontconfig-penultimate.nix</literal></para></listitem>
-  <listitem><para><literal>config/fonts/fontconfig-ultimate.nix</literal></para></listitem>
-  <listitem><para><literal>config/terminfo.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/sensor/iio.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/nitrokey.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/raid/hpsa.nix</literal></para></listitem>
-  <listitem><para><literal>programs/browserpass.nix</literal></para></listitem>
-  <listitem><para><literal>programs/gnupg.nix</literal></para></listitem>
-  <listitem><para><literal>programs/qt5ct.nix</literal></para></listitem>
-  <listitem><para><literal>programs/slock.nix</literal></para></listitem>
-  <listitem><para><literal>programs/thefuck.nix</literal></para></listitem>
-  <listitem><para><literal>security/auditd.nix</literal></para></listitem>
-  <listitem><para><literal>security/lock-kernel-modules.nix</literal></para></listitem>
-  <listitem><para><literal>service-managers/docker.nix</literal></para></listitem>
-  <listitem><para><literal>service-managers/trivial.nix</literal></para></listitem>
-  <listitem><para><literal>services/admin/salt/master.nix</literal></para></listitem>
-  <listitem><para><literal>services/admin/salt/minion.nix</literal></para></listitem>
-  <listitem><para><literal>services/audio/slimserver.nix</literal></para></listitem>
-  <listitem><para><literal>services/cluster/kubernetes/default.nix</literal></para></listitem>
-  <listitem><para><literal>services/cluster/kubernetes/dns.nix</literal></para></listitem>
-  <listitem><para><literal>services/cluster/kubernetes/dashboard.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/hail.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/clickhouse.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/postage.nix</literal></para></listitem>
-  <listitem><para><literal>services/desktops/gnome3/gnome-disks.nix</literal></para></listitem>
-  <listitem><para><literal>services/desktops/gnome3/gpaste.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/SystemdJournal2Gelf.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/heartbeat.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/journalwatch.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/syslogd.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/mailhog.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/nullmailer.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/airsonic.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/autorandr.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/exhibitor.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/fstrim.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/gollum.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/irkerd.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/jackett.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/radarr.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/snapper.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/osquery.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/collectd-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/kbfs.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/dnscache.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/fireqos.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/iwd.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/keepalived/default.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/keybase.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/lldpd.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/matterbridge.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/squid.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/tinydns.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/xrdp.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/shibboleth-sp.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/sks.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/sshguard.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/torify.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/usbguard.nix</literal></para></listitem>
-  <listitem><para><literal>services/security/vault.nix</literal></para></listitem>
-  <listitem><para><literal>services/system/earlyoom.nix</literal></para></listitem>
-  <listitem><para><literal>services/system/saslauthd.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/nexus.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/pgpkeyserver-lite.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/piwik.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-servers/lighttpd/collectd.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-servers/minio.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/display-managers/xpra.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/xautolock.nix</literal></para></listitem>
-  <listitem><para><literal>tasks/filesystems/bcachefs.nix</literal></para></listitem>
-  <listitem><para><literal>tasks/powertop.nix</literal></para></listitem>
-</itemizedlist>
+  <itemizedlist>
+   <listitem>
+    <para>
+     <literal>config/fonts/fontconfig-penultimate.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>config/fonts/fontconfig-ultimate.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>config/terminfo.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/sensor/iio.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/nitrokey.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>hardware/raid/hpsa.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/browserpass.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/gnupg.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/qt5ct.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/slock.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>programs/thefuck.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/auditd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>security/lock-kernel-modules.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>service-managers/docker.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>service-managers/trivial.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/admin/salt/master.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/admin/salt/minion.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/audio/slimserver.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/cluster/kubernetes/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/cluster/kubernetes/dns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/cluster/kubernetes/dashboard.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/continuous-integration/hail.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/databases/clickhouse.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/databases/postage.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/desktops/gnome3/gnome-disks.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/desktops/gnome3/gpaste.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/logging/SystemdJournal2Gelf.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/logging/heartbeat.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/logging/journalwatch.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/logging/syslogd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/mailhog.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/mail/nullmailer.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/airsonic.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/autorandr.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/exhibitor.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/fstrim.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/gollum.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/irkerd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/jackett.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/radarr.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/misc/snapper.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/osquery.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/collectd-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/network-filesystems/kbfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/dnscache.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/fireqos.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/iwd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/keepalived/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/keybase.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/lldpd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/matterbridge.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/squid.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/tinydns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/networking/xrdp.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/shibboleth-sp.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/sks.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/sshguard.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/torify.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/usbguard.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/security/vault.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/system/earlyoom.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/system/saslauthd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/nexus.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/pgpkeyserver-lite.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-apps/piwik.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-servers/lighttpd/collectd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/web-servers/minio.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/display-managers/xpra.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services/x11/xautolock.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tasks/filesystems/bcachefs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>tasks/powertop.nix</literal>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.09-incompatibilities">
+  <title>Backward Incompatibilities</title>
 
-<title>Backward Incompatibilities</title>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
+  <para>
+   When upgrading from a previous release, please be aware of the following
+   incompatible changes:
+  </para>
 
-<itemizedlist>
-  <listitem>
-    <para>
-        <emphasis role="strong">
-            In an Qemu-based virtualization environment, the network interface
-            names changed from i.e. <literal>enp0s3</literal> to
-            <literal>ens3</literal>.
-        </emphasis>
-    </para>
-    <para>
-        This is due to a kernel configuration change. The new naming
-        is consistent with those of other Linux distributions with
-        systemd. See
-        <link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link>
-        for more information.
-    </para>
-    <para>
-        A machine is affected if the <literal>virt-what</literal> tool
-        either returns <literal>qemu</literal> or
-        <literal>kvm</literal> <emphasis>and</emphasis> has
-        interface names used in any part of its NixOS configuration,
-        in particular if a static network configuration with
-        <literal>networking.interfaces</literal> is used.
-    </para>
-    <para>
-        Before rebooting affected machines, please ensure:
-        <itemizedlist>
-          <listitem>
-            <para>
-              Change the interface names in your NixOS configuration.
-              The first interface will be called <literal>ens3</literal>,
-              the second one <literal>ens8</literal> and starting from there
-              incremented by 1.
-            </para>
-          </listitem>
-          <listitem>
-            <para>
-              After changing the interface names, rebuild your system with
-              <literal>nixos-rebuild boot</literal> to activate the new
-              configuration after a reboot. If you switch to the new
-              configuration right away you might lose network connectivity!
-              If using <literal>nixops</literal>, deploy with
-              <literal>nixops deploy --force-reboot</literal>.
-            </para>
-          </listitem>
-        </itemizedlist>
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The following changes apply if the <literal>stateVersion</literal> is changed to 17.09 or higher.
-      For <literal>stateVersion = "17.03"</literal> or lower the old behavior is preserved.
+  <itemizedlist>
+   <listitem>
+    <para>
+     <emphasis role="strong"> In an Qemu-based virtualization environment, the
+     network interface names changed from i.e. <literal>enp0s3</literal> to
+     <literal>ens3</literal>. </emphasis>
     </para>
-    <itemizedlist>
-      <listitem>
-        <para>
-          The <literal>postgres</literal> default version was changed from 9.5 to 9.6.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          The <literal>postgres</literal> superuser name has changed from <literal>root</literal> to <literal>postgres</literal> to more closely follow what other Linux distributions are doing.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          The <literal>postgres</literal> default <literal>dataDir</literal> has changed from <literal>/var/db/postgres</literal> to <literal>/var/lib/postgresql/$psqlSchema</literal> where $psqlSchema is 9.6 for example.
-        </para>
-      </listitem>
+    <para>
+     This is due to a kernel configuration change. The new naming is consistent
+     with those of other Linux distributions with systemd. See
+     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link>
+     for more information.
+    </para>
+    <para>
+     A machine is affected if the <literal>virt-what</literal> tool either
+     returns <literal>qemu</literal> or <literal>kvm</literal>
+     <emphasis>and</emphasis> has interface names used in any part of its NixOS
+     configuration, in particular if a static network configuration with
+     <literal>networking.interfaces</literal> is used.
+    </para>
+    <para>
+     Before rebooting affected machines, please ensure:
+     <itemizedlist>
       <listitem>
-        <para>
-          The <literal>mysql</literal> default <literal>dataDir</literal> has changed from <literal>/var/mysql</literal> to <literal>/var/lib/mysql</literal>.
-        </para>
+       <para>
+        Change the interface names in your NixOS configuration. The first
+        interface will be called <literal>ens3</literal>, the second one
+        <literal>ens8</literal> and starting from there incremented by 1.
+       </para>
       </listitem>
       <listitem>
-        <para>
-          Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found <link xlink:href="http://radicale.org/1to2/"> here </link>. It is also possible to use the newer version by setting the <literal>package</literal> to <literal>radicale2</literal>, which is done automatically when <literal>stateVersion</literal> is 17.09 or higher. The <literal>extraArgs</literal> option has been added to allow passing the data migration arguments specified in the instructions; see the <filename xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/radicale.nix">radicale.nix</filename> NixOS test for an example migration.
-        </para>
+       <para>
+        After changing the interface names, rebuild your system with
+        <literal>nixos-rebuild boot</literal> to activate the new configuration
+        after a reboot. If you switch to the new configuration right away you
+        might lose network connectivity! If using <literal>nixops</literal>,
+        deploy with <literal>nixops deploy --force-reboot</literal>.
+       </para>
       </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The following changes apply if the <literal>stateVersion</literal> is
+     changed to 17.09 or higher. For <literal>stateVersion = "17.03"</literal>
+     or lower the old behavior is preserved.
+    </para>
+    <itemizedlist>
+     <listitem>
+      <para>
+       The <literal>postgres</literal> default version was changed from 9.5 to
+       9.6.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       The <literal>postgres</literal> superuser name has changed from
+       <literal>root</literal> to <literal>postgres</literal> to more closely
+       follow what other Linux distributions are doing.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       The <literal>postgres</literal> default <literal>dataDir</literal> has
+       changed from <literal>/var/db/postgres</literal> to
+       <literal>/var/lib/postgresql/$psqlSchema</literal> where $psqlSchema is
+       9.6 for example.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       The <literal>mysql</literal> default <literal>dataDir</literal> has
+       changed from <literal>/var/mysql</literal> to
+       <literal>/var/lib/mysql</literal>.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       Radicale's default package has changed from 1.x to 2.x. Instructions to
+       migrate can be found <link xlink:href="http://radicale.org/1to2/"> here
+       </link>. It is also possible to use the newer version by setting the
+       <literal>package</literal> to <literal>radicale2</literal>, which is
+       done automatically when <literal>stateVersion</literal> is 17.09 or
+       higher. The <literal>extraArgs</literal> option has been added to allow
+       passing the data migration arguments specified in the instructions; see
+       the
+       <filename xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/radicale.nix">radicale.nix</filename>
+       NixOS test for an example migration.
+      </para>
+     </listitem>
     </itemizedlist>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>aiccu</literal> package was removed. This is due to SixXS
-      <link xlink:href="https://www.sixxs.net/main/"> sunsetting</link> its IPv6 tunnel.
+     The <literal>aiccu</literal> package was removed. This is due to SixXS
+     <link xlink:href="https://www.sixxs.net/main/"> sunsetting</link> its IPv6
+     tunnel.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>fanctl</literal> package and <literal>fan</literal> module
-      have been removed due to the developers not upstreaming their iproute2
-      patches and lagging with compatibility to recent iproute2 versions.
+     The <literal>fanctl</literal> package and <literal>fan</literal> module
+     have been removed due to the developers not upstreaming their iproute2
+     patches and lagging with compatibility to recent iproute2 versions.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Top-level <literal>idea</literal> package collection was renamed.
-      All JetBrains IDEs are now at <literal>jetbrains</literal>.
+     Top-level <literal>idea</literal> package collection was renamed. All
+     JetBrains IDEs are now at <literal>jetbrains</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>flexget</literal>'s state database cannot be upgraded to its
-      new internal format, requiring removal of any existing
-      <literal>db-config.sqlite</literal> which will be automatically recreated.
+     <literal>flexget</literal>'s state database cannot be upgraded to its new
+     internal format, requiring removal of any existing
+     <literal>db-config.sqlite</literal> which will be automatically recreated.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>ipfs</literal> service now doesn't ignore the <literal>dataDir</literal> option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
+     The <literal>ipfs</literal> service now doesn't ignore the
+     <literal>dataDir</literal> option anymore. If you've ever set this option
+     to anything other than the default you'll have to either unset it (so the
+     default gets used) or migrate the old data manually with
 <programlisting>
 dataDir=&lt;valueOfDataDir&gt;
 mv /var/lib/ipfs/.ipfs/* $dataDir
 rmdir /var/lib/ipfs/.ipfs
 </programlisting>
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>caddy</literal> service was previously using an extra
-      <literal>.caddy</literal> directory in the data directory specified
-      with the <literal>dataDir</literal> option. The contents of the
-      <literal>.caddy</literal> directory are now expected to be in the
-      <literal>dataDir</literal>.
+     The <literal>caddy</literal> service was previously using an extra
+     <literal>.caddy</literal> directory in the data directory specified with
+     the <literal>dataDir</literal> option. The contents of the
+     <literal>.caddy</literal> directory are now expected to be in the
+     <literal>dataDir</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>ssh-agent</literal> user service is not started by default
-      anymore. Use <literal>programs.ssh.startAgent</literal> to enable it if
-      needed. There is also a new <literal>programs.gnupg.agent</literal>
-      module that creates a <literal>gpg-agent</literal> user service. It can
-      also serve as a SSH agent if <literal>enableSSHSupport</literal> is set.
+     The <literal>ssh-agent</literal> user service is not started by default
+     anymore. Use <literal>programs.ssh.startAgent</literal> to enable it if
+     needed. There is also a new <literal>programs.gnupg.agent</literal> module
+     that creates a <literal>gpg-agent</literal> user service. It can also
+     serve as a SSH agent if <literal>enableSSHSupport</literal> is set.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>services.tinc.networks.&lt;name&gt;.listenAddress</literal>
-      option had a misleading name that did not correspond to its behavior. It
-      now correctly defines the ip to listen for incoming connections on. To
-      keep the previous behaviour, use
-      <literal>services.tinc.networks.&lt;name&gt;.bindToAddress</literal>
-      instead. Refer to the description of the options for more details.
+     The <literal>services.tinc.networks.&lt;name&gt;.listenAddress</literal>
+     option had a misleading name that did not correspond to its behavior. It
+     now correctly defines the ip to listen for incoming connections on. To
+     keep the previous behaviour, use
+     <literal>services.tinc.networks.&lt;name&gt;.bindToAddress</literal>
+     instead. Refer to the description of the options for more details.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>tlsdate</literal> package and module were removed. This is due to the project
-      being dead and not building with openssl 1.1.
+     <literal>tlsdate</literal> package and module were removed. This is due to
+     the project being dead and not building with openssl 1.1.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>wvdial</literal> package and module were removed. This is due to the project
-      being dead and not building with openssl 1.1.
+     <literal>wvdial</literal> package and module were removed. This is due to
+     the project being dead and not building with openssl 1.1.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>cc-wrapper</literal>'s setup-hook now exports a number of
-      environment variables corresponding to binutils binaries,
-      (e.g. <envar>LD</envar>, <envar>STRIP</envar>, <envar>RANLIB</envar>,
-      etc). This is done to prevent packages' build systems guessing, which is
-      harder to predict, especially when cross-compiling. However, some packages
-      have broken due to this—their build systems either not supporting, or
-      claiming to support without adequate testing, taking such environment
-      variables as parameters.
+     <literal>cc-wrapper</literal>'s setup-hook now exports a number of
+     environment variables corresponding to binutils binaries, (e.g.
+     <envar>LD</envar>, <envar>STRIP</envar>, <envar>RANLIB</envar>, etc). This
+     is done to prevent packages' build systems guessing, which is harder to
+     predict, especially when cross-compiling. However, some packages have
+     broken due to this—their build systems either not supporting, or
+     claiming to support without adequate testing, taking such environment
+     variables as parameters.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.firefox.syncserver</literal> now runs by default as a
-      non-root user. To accomodate this change, the default sqlite database
-      location has also been changed. Migration should work automatically.
-      Refer to the description of the options for more details.
+     <literal>services.firefox.syncserver</literal> now runs by default as a
+     non-root user. To accomodate this change, the default sqlite database
+     location has also been changed. Migration should work automatically. Refer
+     to the description of the options for more details.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>compiz</literal> window manager and package was
-      removed. The system support had been broken for several years.
+     The <literal>compiz</literal> window manager and package was removed. The
+     system support had been broken for several years.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Touchpad support should now be enabled through
-      <literal>libinput</literal> as <literal>synaptics</literal> is
-      now deprecated. See the option
-      <literal>services.xserver.libinput.enable</literal>.
+     Touchpad support should now be enabled through <literal>libinput</literal>
+     as <literal>synaptics</literal> is now deprecated. See the option
+     <literal>services.xserver.libinput.enable</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      grsecurity/PaX support has been dropped, following upstream's
-      decision to cease free support.  See
-      <link xlink:href="https://grsecurity.net/passing_the_baton.php">
-      upstream's announcement</link> for more information.
-      No complete replacement for grsecurity/PaX is available presently.
+     grsecurity/PaX support has been dropped, following upstream's decision to
+     cease free support. See
+     <link xlink:href="https://grsecurity.net/passing_the_baton.php">
+     upstream's announcement</link> for more information. No complete
+     replacement for grsecurity/PaX is available presently.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.mysql</literal> now has declarative
-      configuration of databases and users with the <literal>ensureDatabases</literal> and
-      <literal>ensureUsers</literal> options.
+     <literal>services.mysql</literal> now has declarative configuration of
+     databases and users with the <literal>ensureDatabases</literal> and
+     <literal>ensureUsers</literal> options.
     </para>
-
     <para>
-      These options will never delete existing databases and users,
-      especially not when the value of the options are changed.
+     These options will never delete existing databases and users, especially
+     not when the value of the options are changed.
     </para>
-
     <para>
-      The MySQL users will be identified using
-      <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
-        Unix socket authentication</link>. This authenticates the
-        Unix user with the same name only, and that without the need
-        for a password.
+     The MySQL users will be identified using
+     <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
+     Unix socket authentication</link>. This authenticates the Unix user with
+     the same name only, and that without the need for a password.
     </para>
-
     <para>
-      If you have previously created a MySQL <literal>root</literal>
-      user <emphasis>with a password</emphasis>, you will need to add
-      <literal>root</literal> user for unix socket authentication
-      before using the new options. This can be done by running the
-      following SQL script:
-
+     If you have previously created a MySQL <literal>root</literal> user
+     <emphasis>with a password</emphasis>, you will need to add
+     <literal>root</literal> user for unix socket authentication before using
+     the new options. This can be done by running the following SQL script:
 <programlisting language="sql">
 CREATE USER 'root'@'%' IDENTIFIED BY '';
 GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
@@ -418,194 +717,183 @@ FLUSH PRIVILEGES;
 -- DROP USER 'root'@'localhost';
 </programlisting>
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.mysqlBackup</literal> now works by default
-      without any user setup, including for users other than
-      <literal>mysql</literal>.
+     <literal>services.mysqlBackup</literal> now works by default without any
+     user setup, including for users other than <literal>mysql</literal>.
     </para>
-
     <para>
-      By default, the <literal>mysql</literal> user is no longer the
-      user which performs the backup. Instead a system account
-      <literal>mysqlbackup</literal> is used.
+     By default, the <literal>mysql</literal> user is no longer the user which
+     performs the backup. Instead a system account
+     <literal>mysqlbackup</literal> is used.
     </para>
-
     <para>
-      The <literal>mysqlBackup</literal> service is also now using
-      systemd timers instead of <literal>cron</literal>.
+     The <literal>mysqlBackup</literal> service is also now using systemd
+     timers instead of <literal>cron</literal>.
     </para>
-
     <para>
-      Therefore, the <literal>services.mysqlBackup.period</literal>
-      option no longer exists, and has been replaced with
-      <literal>services.mysqlBackup.calendar</literal>, which is in
-      the format of <link
+     Therefore, the <literal>services.mysqlBackup.period</literal> option no
+     longer exists, and has been replaced with
+     <literal>services.mysqlBackup.calendar</literal>, which is in the format
+     of
+     <link
       xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events">systemd.time(7)</link>.
     </para>
-
     <para>
-      If you expect to be sent an e-mail when the backup fails,
-      consider using a script which monitors the systemd journal for
-      errors. Regretfully, at present there is no built-in
-      functionality for this.
+     If you expect to be sent an e-mail when the backup fails, consider using a
+     script which monitors the systemd journal for errors. Regretfully, at
+     present there is no built-in functionality for this.
     </para>
-
     <para>
-      You can check that backups still work by running
-      <command>systemctl start mysql-backup</command> then
-      <command>systemctl status mysql-backup</command>.
+     You can check that backups still work by running <command>systemctl start
+     mysql-backup</command> then <command>systemctl status
+     mysql-backup</command>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Templated systemd services e.g <literal>container@name</literal> are
-      now handled currectly when switching to a new configuration, resulting
-      in them being reloaded.
+     Templated systemd services e.g <literal>container@name</literal> are now
+     handled currectly when switching to a new configuration, resulting in them
+     being reloaded.
     </para>
-  </listitem>
-
-  <listitem>
-    <para>Steam: the <literal>newStdcpp</literal> parameter
-    was removed and should not be needed anymore.</para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Redis has been updated to version 4 which mandates a cluster
-      mass-restart, due to changes in the network handling, in order
-      to ensure compatibility with networks NATing traffic.
+     Steam: the <literal>newStdcpp</literal> parameter was removed and should
+     not be needed anymore.
     </para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+   <listitem>
+    <para>
+     Redis has been updated to version 4 which mandates a cluster mass-restart,
+     due to changes in the network handling, in order to ensure compatibility
+     with networks NATing traffic.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-17.09-notable-changes">
+  <title>Other Notable Changes</title>
 
-<title>Other Notable Changes</title>
-
-<itemizedlist>
-
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      Modules can now be disabled by using <link
+     Modules can now be disabled by using
+     <link
       xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
-      disabledModules</link>, allowing another to take it's place.  This can be
-      used to import a set of modules from another channel while keeping the
-      rest of the system on a stable release.
+     disabledModules</link>, allowing another to take it's place. This can be
+     used to import a set of modules from another channel while keeping the
+     rest of the system on a stable release.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Updated to FreeType 2.7.1, including a new TrueType engine.
-      The new engine replaces the Infinality engine which was the default in
-      NixOS. The default font rendering settings are now provided by
-      fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults
-      are less invasive and provide rendering that is more consistent with
-      other systems and hopefully with each font designer's intent. Some
-      system-wide configuration has been removed from the Fontconfig NixOS
-      module where user Fontconfig settings are available.
+     Updated to FreeType 2.7.1, including a new TrueType engine. The new engine
+     replaces the Infinality engine which was the default in NixOS. The default
+     font rendering settings are now provided by fontconfig-penultimate,
+     replacing fontconfig-ultimate; the new defaults are less invasive and
+     provide rendering that is more consistent with other systems and hopefully
+     with each font designer's intent. Some system-wide configuration has been
+     removed from the Fontconfig NixOS module where user Fontconfig settings
+     are available.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      ZFS/SPL have been updated to 0.7.0, <literal>zfsUnstable, splUnstable</literal>
-      have therefore been removed.
+     ZFS/SPL have been updated to 0.7.0, <literal>zfsUnstable,
+     splUnstable</literal> have therefore been removed.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <option>time.timeZone</option> option now allows the value
-      <literal>null</literal> in addition to timezone strings. This value
-      allows changing the timezone of a system imperatively using
-      <command>timedatectl set-timezone</command>. The default timezone
-      is still UTC.
+     The <option>time.timeZone</option> option now allows the value
+     <literal>null</literal> in addition to timezone strings. This value allows
+     changing the timezone of a system imperatively using <command>timedatectl
+     set-timezone</command>. The default timezone is still UTC.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Nixpkgs overlays may now be specified with a file as well as a directory. The
-      value of <literal>&lt;nixpkgs-overlays></literal> may be a file, and
-      <filename>~/.config/nixpkgs/overlays.nix</filename> can be used instead of the
-      <filename>~/.config/nixpkgs/overlays</filename> directory.
+     Nixpkgs overlays may now be specified with a file as well as a directory.
+     The value of <literal>&lt;nixpkgs-overlays></literal> may be a file, and
+     <filename>~/.config/nixpkgs/overlays.nix</filename> can be used instead of
+     the <filename>~/.config/nixpkgs/overlays</filename> directory.
     </para>
     <para>
-      See the overlays chapter of the Nixpkgs manual for more details.
+     See the overlays chapter of the Nixpkgs manual for more details.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Definitions for <filename>/etc/hosts</filename> can now be specified
-      declaratively with <literal>networking.hosts</literal>.
+     Definitions for <filename>/etc/hosts</filename> can now be specified
+     declaratively with <literal>networking.hosts</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Two new options have been added to the installer loader, in addition
-      to the default having changed. The kernel log verbosity has been lowered
-      to the upstream default for the default options, in order to not spam
-      the console when e.g. joining a network.
+     Two new options have been added to the installer loader, in addition to
+     the default having changed. The kernel log verbosity has been lowered to
+     the upstream default for the default options, in order to not spam the
+     console when e.g. joining a network.
     </para>
     <para>
-      This therefore leads to adding a new <literal>debug</literal> option
-      to set the log level to the previous verbose mode, to make debugging
-      easier, but still accessible easily.
+     This therefore leads to adding a new <literal>debug</literal> option to
+     set the log level to the previous verbose mode, to make debugging easier,
+     but still accessible easily.
     </para>
     <para>
-      Additionally a <literal>copytoram</literal> option has been added,
-      which makes it possible to remove the install medium after booting.
-      This allows tethering from your phone after booting from it.
+     Additionally a <literal>copytoram</literal> option has been added, which
+     makes it possible to remove the install medium after booting. This allows
+     tethering from your phone after booting from it.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.gitlab-runner.configOptions</literal> has been added
-      to specify the configuration of gitlab-runners declaratively.
+     <literal>services.gitlab-runner.configOptions</literal> has been added to
+     specify the configuration of gitlab-runners declaratively.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.jenkins.plugins</literal> has been added
-      to install plugins easily, this can be generated with jenkinsPlugins2nix.
+     <literal>services.jenkins.plugins</literal> has been added to install
+     plugins easily, this can be generated with jenkinsPlugins2nix.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>services.postfix.config</literal> has been added
-      to specify the main.cf with NixOS options. Additionally other options
-      have been added to the postfix module and has been improved further.
+     <literal>services.postfix.config</literal> has been added to specify the
+     main.cf with NixOS options. Additionally other options have been added to
+     the postfix module and has been improved further.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The GitLab package and module have been updated to the latest 10.0
-      release.
+     The GitLab package and module have been updated to the latest 10.0
+     release.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>systemd-boot</literal> boot loader now lists the NixOS
-      version, kernel version and build date of all bootable generations.
+     The <literal>systemd-boot</literal> boot loader now lists the NixOS
+     version, kernel version and build date of all bootable generations.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The dnscrypt-proxy service now defaults to using a random upstream resolver,
-      selected from the list of public non-logging resolvers with DNSSEC support.
-      Existing configurations can be migrated to this mode of operation by
-      omitting the <option>services.dnscrypt-proxy.resolverName</option> option
-      or setting it to <literal>"random"</literal>.
+     The dnscrypt-proxy service now defaults to using a random upstream
+     resolver, selected from the list of public non-logging resolvers with
+     DNSSEC support. Existing configurations can be migrated to this mode of
+     operation by omitting the
+     <option>services.dnscrypt-proxy.resolverName</option> option or setting it
+     to <literal>"random"</literal>.
     </para>
-  </listitem>
-
-</itemizedlist>
-
-</section>
+   </listitem>
+  </itemizedlist>
+ </section>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index 9221c2951ed2..c14679eea071 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -3,532 +3,822 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.03">
+ <title>Release 18.03 (“Impala”, 2018/04/04)</title>
 
-<title>Release 18.03 (“Impala”, 2018/04/04)</title>
-
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.03-highlights">
+  <title>Highlights</title>
 
-<title>Highlights</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
-
-<itemizedlist>
+  <para>
+   In addition to numerous new and upgraded packages, this release has the
+   following highlights:
+  </para>
 
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      End of support is planned for end of October 2018, handing over to 18.09.
+     End of support is planned for end of October 2018, handing over to 18.09.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really).
-      Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc.
+     Platform support: x86_64-linux and x86_64-darwin since release time (the
+     latter isn't NixOS, really). Binaries for aarch64-linux are available, but
+     no channel exists yet, as it's waiting for some test fixes, etc.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Nix now defaults to 2.0; see its
-      <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.0">release notes</link>.
+     Nix now defaults to 2.0; see its
+     <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.0">release
+     notes</link>.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237.
+     Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 ->
+     7, systemd: 234 -> 237.
     </para>
-  </listitem>
-
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12.
+     Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10
+     -> 5.12.
     </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes
-      have been made to the infrastructure involved:
-      <itemizedlist>
-        <listitem>
-          <para>
-            <literal>libmysql</literal> has been deprecated, please use <literal>mysql.connector-c</literal>
-            instead, a compatibility passthru has been added to the MySQL packages.
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            The <literal>mysql57</literal> package has a new <literal>static</literal> output containing
-            the static libraries including <literal>libmysqld.a</literal>
-          </para>
-        </listitem>
-      </itemizedlist>
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>PHP now defaults to PHP 7.2, updated from 7.1.</para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+   <listitem>
+    <para>
+     MariaDB 10.2, updated from 10.1, is now the default MySQL implementation.
+     While upgrading a few changes have been made to the infrastructure
+     involved:
+     <itemizedlist>
+      <listitem>
+       <para>
+        <literal>libmysql</literal> has been deprecated, please use
+        <literal>mysql.connector-c</literal> instead, a compatibility passthru
+        has been added to the MySQL packages.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The <literal>mysql57</literal> package has a new
+        <literal>static</literal> output containing the static libraries
+        including <literal>libmysqld.a</literal>
+       </para>
+      </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     PHP now defaults to PHP 7.2, updated from 7.1.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.03-new-services">
+  <title>New Services</title>
 
-<title>New Services</title>
-
-<para>The following new services were added since the last release:</para>
+  <para>
+   The following new services were added since the last release:
+  </para>
 
-<itemizedlist>
-  <listitem><para><literal>./config/krb5/default.nix</literal></para></listitem>
-  <listitem><para><literal>./hardware/digitalbitbox.nix</literal></para></listitem>
-  <listitem><para><literal>./misc/label.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/ccache.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/criu.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/digitalbitbox/default.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/less.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/npm.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/plotinus.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/rootston.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/systemtap.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/sway.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/udevil.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/way-cooler.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/yabar.nix</literal></para></listitem>
-  <listitem><para><literal>./programs/zsh/zsh-autoenv.nix</literal></para></listitem>
-  <listitem><para><literal>./services/backup/borgbackup.nix</literal></para></listitem>
-  <listitem><para><literal>./services/backup/crashplan-small-business.nix</literal></para></listitem>
-  <listitem><para><literal>./services/desktops/dleyna-renderer.nix</literal></para></listitem>
-  <listitem><para><literal>./services/desktops/dleyna-server.nix</literal></para></listitem>
-  <listitem><para><literal>./services/desktops/pipewire.nix</literal></para></listitem>
-  <listitem><para><literal>./services/desktops/gnome3/chrome-gnome-shell.nix</literal></para></listitem>
-  <listitem><para><literal>./services/desktops/gnome3/tracker-miners.nix</literal></para></listitem>
-  <listitem><para><literal>./services/hardware/fwupd.nix</literal></para></listitem>
-  <listitem><para><literal>./services/hardware/interception-tools.nix</literal></para></listitem>
-  <listitem><para><literal>./services/hardware/u2f.nix</literal></para></listitem>
-  <listitem><para><literal>./services/hardware/usbmuxd.nix</literal></para></listitem>
-  <listitem><para><literal>./services/mail/clamsmtp.nix</literal></para></listitem>
-  <listitem><para><literal>./services/mail/dkimproxy-out.nix</literal></para></listitem>
-  <listitem><para><literal>./services/mail/pfix-srsd.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/gitea.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/home-assistant.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/ihaskell.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/logkeys.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/novacomd.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/osrm.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/plexpy.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/pykms.nix</literal></para></listitem>
-  <listitem><para><literal>./services/misc/tzupdate.nix</literal></para></listitem>
-  <listitem><para><literal>./services/monitoring/fusion-inventory.nix</literal></para></listitem>
-  <listitem><para><literal>./services/monitoring/prometheus/exporters.nix</literal></para></listitem>
-  <listitem><para><literal>./services/network-filesystems/beegfs.nix</literal></para></listitem>
-  <listitem><para><literal>./services/network-filesystems/davfs2.nix</literal></para></listitem>
-  <listitem><para><literal>./services/network-filesystems/openafs/client.nix</literal></para></listitem>
-  <listitem><para><literal>./services/network-filesystems/openafs/server.nix</literal></para></listitem>
-  <listitem><para><literal>./services/network-filesystems/ceph.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/aria2.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/monero.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/nghttpx/default.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/nixops-dns.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/rxe.nix</literal></para></listitem>
-  <listitem><para><literal>./services/networking/stunnel.nix</literal></para></listitem>
-  <listitem><para><literal>./services/web-apps/matomo.nix</literal></para></listitem>
-  <listitem><para><literal>./services/web-apps/restya-board.nix</literal></para></listitem>
-  <listitem><para><literal>./services/web-servers/mighttpd2.nix</literal></para></listitem>
-  <listitem><para><literal>./services/x11/fractalart.nix</literal></para></listitem>
-  <listitem><para><literal>./system/boot/binfmt.nix</literal></para></listitem>
-  <listitem><para><literal>./system/boot/grow-partition.nix</literal></para></listitem>
-  <listitem><para><literal>./tasks/filesystems/ecryptfs.nix</literal></para></listitem>
-  <listitem><para><literal>./virtualisation/hyperv-guest.nix</literal></para></listitem>
-</itemizedlist>
+  <itemizedlist>
+   <listitem>
+    <para>
+     <literal>./config/krb5/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./hardware/digitalbitbox.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./misc/label.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/ccache.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/criu.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/digitalbitbox/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/less.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/npm.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/plotinus.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/rootston.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/systemtap.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/sway.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/udevil.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/way-cooler.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/yabar.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./programs/zsh/zsh-autoenv.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/backup/borgbackup.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/backup/crashplan-small-business.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/desktops/dleyna-renderer.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/desktops/dleyna-server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/desktops/pipewire.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/desktops/gnome3/chrome-gnome-shell.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/desktops/gnome3/tracker-miners.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/hardware/fwupd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/hardware/interception-tools.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/hardware/u2f.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/hardware/usbmuxd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/mail/clamsmtp.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/mail/dkimproxy-out.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/mail/pfix-srsd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/gitea.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/home-assistant.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/ihaskell.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/logkeys.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/novacomd.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/osrm.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/plexpy.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/pykms.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/misc/tzupdate.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/monitoring/fusion-inventory.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/monitoring/prometheus/exporters.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/network-filesystems/beegfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/network-filesystems/davfs2.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/network-filesystems/openafs/client.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/network-filesystems/openafs/server.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/network-filesystems/ceph.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/aria2.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/monero.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/nghttpx/default.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/nixops-dns.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/rxe.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/networking/stunnel.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/web-apps/matomo.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/web-apps/restya-board.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/web-servers/mighttpd2.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./services/x11/fractalart.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./system/boot/binfmt.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./system/boot/grow-partition.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./tasks/filesystems/ecryptfs.nix</literal>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>./virtualisation/hyperv-guest.nix</literal>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.03-incompatibilities">
+  <title>Backward Incompatibilities</title>
 
-<title>Backward Incompatibilities</title>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
-
-<itemizedlist>
-  <listitem>
-    <para>
-      <literal>sound.enable</literal> now defaults to false.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      Dollar signs in options under <option>services.postfix</option> are
-      passed verbatim to Postfix, which will interpret them as the beginning of
-      a parameter expression. This was already true for string-valued options
-      in the previous release, but not for list-valued options. If you need to
-      pass literal dollar signs through Postfix, double them.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The <literal>postage</literal> package (for web-based PostgreSQL
-      administration) has been renamed to <literal>pgmanage</literal>. The
-      corresponding module has also been renamed. To migrate please rename all
-      <option>services.postage</option> options to
-      <option>services.pgmanage</option>.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      Package attributes starting with a digit have been prefixed with an
-      underscore sign. This is to avoid quoting in the configuration and
-      other issues with command-line tools like <literal>nix-env</literal>.
-      The change affects the following packages:
-      <itemizedlist>
-        <listitem>
-          <para><literal>2048-in-terminal</literal> → <literal>_2048-in-terminal</literal></para>
-        </listitem>
-        <listitem>
-          <para><literal>90secondportraits</literal> → <literal>_90secondportraits</literal></para>
-        </listitem>
-        <listitem>
-          <para><literal>2bwm</literal> → <literal>_2bwm</literal></para>
-        </listitem>
-        <listitem>
-          <para><literal>389-ds-base</literal> → <literal>_389-ds-base</literal></para>
-        </listitem>
-      </itemizedlist>
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      <emphasis role="strong">
-        The OpenSSH service no longer enables support for DSA keys by default,
-        which could cause a system lock out. Update your keys or, unfavorably,
-        re-enable DSA support manually.
-      </emphasis>
-    </para>
+  <para>
+   When upgrading from a previous release, please be aware of the following
+   incompatible changes:
+  </para>
 
+  <itemizedlist>
+   <listitem>
     <para>
-      DSA support was
-      <link xlink:href="https://www.openssh.com/legacy.html">deprecated in OpenSSH 7.0</link>,
-      due to it being too weak. To re-enable support, add
-      <literal>PubkeyAcceptedKeyTypes +ssh-dss</literal> to the end of your
-      <option>services.openssh.extraConfig</option>.
+     <literal>sound.enable</literal> now defaults to false.
     </para>
-
+   </listitem>
+   <listitem>
     <para>
-      After updating the keys to be stronger, anyone still on a pre-17.03
-      version is safe to jump to 17.03, as vetted
-      <link xlink:href="https://search.nix.gsc.io/?q=stateVersion">here</link>.
+     Dollar signs in options under <option>services.postfix</option> are passed
+     verbatim to Postfix, which will interpret them as the beginning of a
+     parameter expression. This was already true for string-valued options in
+     the previous release, but not for list-valued options. If you need to pass
+     literal dollar signs through Postfix, double them.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>openssh</literal> package
-      now includes Kerberos support by default;
-      the <literal>openssh_with_kerberos</literal> package
-      is now a deprecated alias.
-      If you do not want Kerberos support,
-      you can do <literal>openssh.override { withKerberos = false; }</literal>.
-      Note, this also applies to the <literal>openssh_hpn</literal> package.
+     The <literal>postage</literal> package (for web-based PostgreSQL
+     administration) has been renamed to <literal>pgmanage</literal>. The
+     corresponding module has also been renamed. To migrate please rename all
+     <option>services.postage</option> options to
+     <option>services.pgmanage</option>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>cc-wrapper</literal> has been split in two; there is now also a <literal>bintools-wrapper</literal>.
-      The most commonly used files in <filename>nix-support</filename> are now split between the two wrappers.
-      Some commonly used ones, like <filename>nix-support/dynamic-linker</filename>, are duplicated for backwards compatability, even though they rightly belong only in <literal>bintools-wrapper</literal>.
-      Other more obscure ones are just moved.
+     Package attributes starting with a digit have been prefixed with an
+     underscore sign. This is to avoid quoting in the configuration and other
+     issues with command-line tools like <literal>nix-env</literal>. The change
+     affects the following packages:
+     <itemizedlist>
+      <listitem>
+       <para>
+        <literal>2048-in-terminal</literal> →
+        <literal>_2048-in-terminal</literal>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <literal>90secondportraits</literal> →
+        <literal>_90secondportraits</literal>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <literal>2bwm</literal> → <literal>_2bwm</literal>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <literal>389-ds-base</literal> → <literal>_389-ds-base</literal>
+       </para>
+      </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <emphasis role="strong"> The OpenSSH service no longer enables support for
+     DSA keys by default, which could cause a system lock out. Update your keys
+     or, unfavorably, re-enable DSA support manually. </emphasis>
+    </para>
+    <para>
+     DSA support was
+     <link xlink:href="https://www.openssh.com/legacy.html">deprecated in
+     OpenSSH 7.0</link>, due to it being too weak. To re-enable support, add
+     <literal>PubkeyAcceptedKeyTypes +ssh-dss</literal> to the end of your
+     <option>services.openssh.extraConfig</option>.
+    </para>
+    <para>
+     After updating the keys to be stronger, anyone still on a pre-17.03
+     version is safe to jump to 17.03, as vetted
+     <link xlink:href="https://search.nix.gsc.io/?q=stateVersion">here</link>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>openssh</literal> package now includes Kerberos support by
+     default; the <literal>openssh_with_kerberos</literal> package is now a
+     deprecated alias. If you do not want Kerberos support, you can do
+     <literal>openssh.override { withKerberos = false; }</literal>. Note, this
+     also applies to the <literal>openssh_hpn</literal> package.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>cc-wrapper</literal> has been split in two; there is now also a
+     <literal>bintools-wrapper</literal>. The most commonly used files in
+     <filename>nix-support</filename> are now split between the two wrappers.
+     Some commonly used ones, like
+     <filename>nix-support/dynamic-linker</filename>, are duplicated for
+     backwards compatability, even though they rightly belong only in
+     <literal>bintools-wrapper</literal>. Other more obscure ones are just
+     moved.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The propagation logic has been changed. The new logic, along with new
+     types of dependencies that go with, is thoroughly documented in the
+     "Specifying dependencies" section of the "Standard Environment" chapter of
+     the nixpkgs manual.
+<!-- That's <xref linkend="ssec-stdenv-attributes"> were we to merge the manuals. -->
+     The old logic isn't but is easy to describe: dependencies were propagated
+     as the same type of dependency no matter what. In practice, that means
+     that many <function>propagatedNativeBuildInputs</function> should instead
+     be <function>propagatedBuildInputs</function>. Thankfully, that was and is
+     the least used type of dependency. Also, it means that some
+     <function>propagatedBuildInputs</function> should instead be
+     <function>depsTargetTargetPropagated</function>. Other types dependencies
+     should be unaffected.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>lib.addPassthru drv passthru</literal> is removed. Use
+     <literal>lib.extendDerivation true passthru drv</literal> instead.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>memcached</literal> service no longer accept dynamic socket
+     paths via <option>services.memcached.socket</option>. Unix sockets can be
+     still enabled by <option>services.memcached.enableUnixSocket</option> and
+     will be accessible at <literal>/run/memcached/memcached.sock</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <varname>hardware.amdHybridGraphics.disable</varname> option was
+     removed for lack of a maintainer. If you still need this module, you may
+     wish to include a copy of it from an older version of nixos in your
+     imports.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The merging of config options for
+     <varname>services.postfix.config</varname> was buggy. Previously, if other
+     options in the Postfix module like
+     <varname>services.postfix.useSrs</varname> were set and the user set
+     config options that were also set by such options, the resulting config
+     wouldn't include all options that were needed. They are now merged
+     correctly. If config options need to be overridden,
+     <literal>lib.mkForce</literal> or <literal>lib.mkOverride</literal> can be
+     used.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The following changes apply if the <literal>stateVersion</literal> is
+     changed to 18.03 or higher. For <literal>stateVersion = "17.09"</literal>
+     or lower the old behavior is preserved.
     </para>
-  </listitem>
-  <listitem>
+    <itemizedlist>
+     <listitem>
+      <para>
+       <literal>matrix-synapse</literal> uses postgresql by default instead of
+       sqlite. Migration instructions can be found
+       <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite">
+       here </link>.
+      </para>
+     </listitem>
+    </itemizedlist>
+   </listitem>
+   <listitem>
     <para>
-      The propagation logic has been changed.
-      The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual.
-      <!-- That's <xref linkend="ssec-stdenv-attributes"> were we to merge the manuals. -->
-      The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what.
-      In practice, that means that many <function>propagatedNativeBuildInputs</function> should instead be  <function>propagatedBuildInputs</function>.
-      Thankfully, that was and is the least used type of dependency.
-      Also, it means that some <function>propagatedBuildInputs</function> should instead be <function>depsTargetTargetPropagated</function>.
-      Other types dependencies should be unaffected.
+     The <literal>jid</literal> package has been removed, due to maintenance
+     overhead of a go package having non-versioned dependencies.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.addPassthru drv passthru</literal> is removed.  Use <literal>lib.extendDerivation true passthru drv</literal> instead.
+     When using <option>services.xserver.libinput</option> (enabled by default
+     in GNOME), it now handles all input devices, not just touchpads. As a
+     result, you might need to re-evaluate any custom Xorg configuration. In
+     particular, <literal>Option "XkbRules" "base"</literal> may result in
+     broken keyboard layout.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>memcached</literal> service no longer accept dynamic socket
-      paths via <option>services.memcached.socket</option>. Unix sockets can be
-      still enabled by <option>services.memcached.enableUnixSocket</option> and
-      will be accessible at <literal>/run/memcached/memcached.sock</literal>.
+     The <literal>attic</literal> package was removed. A maintained fork called
+     <link xlink:href="https://www.borgbackup.org/">Borg</link> should be used
+     instead. Migration instructions can be found
+     <link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <varname>hardware.amdHybridGraphics.disable</varname> option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
+     The Piwik analytics software was renamed to Matomo:
+     <itemizedlist>
+      <listitem>
+       <para>
+        The package <literal>pkgs.piwik</literal> was renamed to
+        <literal>pkgs.matomo</literal>.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The service <literal>services.piwik</literal> was renamed to
+        <literal>services.matomo</literal>.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The data directory <filename>/var/lib/piwik</filename> was renamed to
+        <filename>/var/lib/matomo</filename>. All files will be moved
+        automatically on first startup, but you might need to adjust your
+        backup scripts.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The default <option>serverName</option> for the nginx configuration
+        changed from <literal>piwik.${config.networking.hostName}</literal> to
+        <literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
+        if <option>config.networking.domain</option> is set,
+        <literal>matomo.${config.networking.hostName}</literal> if it is not
+        set. If you change your <option>serverName</option>, remember you'll
+        need to update the <literal>trustedHosts[]</literal> array in
+        <filename>/var/lib/matomo/config/config.ini.php</filename> as well.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The <literal>piwik</literal> user was renamed to
+        <literal>matomo</literal>. The service will adjust ownership
+        automatically for files in the data directory. If you use unix socket
+        authentication, remember to give the new <literal>matomo</literal> user
+        access to the database and to change the <literal>username</literal> to
+        <literal>matomo</literal> in the <literal>[database]</literal> section
+        of <filename>/var/lib/matomo/config/config.ini.php</filename>.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        If you named your database `piwik`, you might want to rename it to
+        `matomo` to keep things clean, but this is neither enforced nor
+        required.
+       </para>
+      </listitem>
+     </itemizedlist>
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The merging of config options for <varname>services.postfix.config</varname>
-      was buggy. Previously, if other options in the Postfix module like
-      <varname>services.postfix.useSrs</varname> were set and the user set config
-      options that were also set by such options, the resulting config wouldn't
-      include all options that were needed. They are now merged correctly. If
-      config options need to be overridden, <literal>lib.mkForce</literal> or
-      <literal>lib.mkOverride</literal> can be used.
+     <literal>nodejs-4_x</literal> is end-of-life.
+     <literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and
+     <literal>nodePackages_4_x</literal> are removed.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The following changes apply if the <literal>stateVersion</literal> is changed to 18.03 or higher.
-      For <literal>stateVersion = "17.09"</literal> or lower the old behavior is preserved.
+     The <literal>pump.io</literal> NixOS module was removed. It is now
+     maintained as an
+     <link xlink:href="https://github.com/rvl/pump.io-nixos">external
+     module</link>.
     </para>
-    <itemizedlist>
+   </listitem>
+   <listitem>
+    <para>
+     The Prosody XMPP server has received a major update. The following modules
+     were renamed:
+     <itemizedlist>
       <listitem>
-        <para>
-          <literal>matrix-synapse</literal> uses postgresql by default instead of sqlite.
-          Migration instructions can be found <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite"> here </link>.
-        </para>
+       <para>
+        <option>services.prosody.modules.httpserver</option> is now
+        <option>services.prosody.modules.http_files</option>
+       </para>
       </listitem>
-    </itemizedlist>
-  </listitem>
-  <listitem>
-    <para>
-      The <literal>jid</literal> package has been removed, due to maintenance
-      overhead of a go package having non-versioned dependencies.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      When using <option>services.xserver.libinput</option> (enabled by default in GNOME),
-      it now handles all input devices, not just touchpads. As a result, you might need to
-      re-evaluate any custom Xorg configuration. In particular,
-      <literal>Option "XkbRules" "base"</literal> may result in broken keyboard layout.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The <literal>attic</literal> package was removed. A maintained fork called
-      <link xlink:href="https://www.borgbackup.org/">Borg</link> should be used instead.
-      Migration instructions can be found
-      <link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The Piwik analytics software was renamed to Matomo:
-      <itemizedlist>
-        <listitem>
-          <para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
-        </listitem>
-        <listitem>
-          <para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
-        </listitem>
-        <listitem>
-          <para>
-            The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
-            All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            The default <option>serverName</option> for the nginx configuration changed from
-            <literal>piwik.${config.networking.hostName}</literal> to
-            <literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
-            if <option>config.networking.domain</option> is set,
-            <literal>matomo.${config.networking.hostName}</literal> if it is not set.
-            If you change your <option>serverName</option>, remember you'll need to update the
-            <literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
-            as well.
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
-            The service will adjust ownership automatically for files in the data directory.
-            If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
-            access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
-            in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
-            but this is neither enforced nor required.
-          </para>
-        </listitem>
-      </itemizedlist>
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      <literal>nodejs-4_x</literal> is end-of-life.
-      <literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The <literal>pump.io</literal> NixOS module was removed.
-      It is now maintained as an
-      <link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The Prosody XMPP server has received a major update. The following modules were renamed:
-      <itemizedlist>
-        <listitem>
-          <para>
-            <option>services.prosody.modules.httpserver</option> is now <option>services.prosody.modules.http_files</option>
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            <option>services.prosody.modules.console</option> is now <option>services.prosody.modules.admin_telnet</option>
-          </para>
-        </listitem>
-      </itemizedlist>
+      <listitem>
+       <para>
+        <option>services.prosody.modules.console</option> is now
+        <option>services.prosody.modules.admin_telnet</option>
+       </para>
+      </listitem>
+     </itemizedlist>
     </para>
-
     <para>
-      Many new modules are now core modules, most notably <option>services.prosody.modules.carbons</option>
-      and <option>services.prosody.modules.mam</option>.
+     Many new modules are now core modules, most notably
+     <option>services.prosody.modules.carbons</option> and
+     <option>services.prosody.modules.mam</option>.
     </para>
-
     <para>
-      The better-performing <literal>libevent</literal> backend is now enabled by default.
+     The better-performing <literal>libevent</literal> backend is now enabled
+     by default.
     </para>
-
     <para>
-      <literal>withCommunityModules</literal> now passes through the modules to <option>services.prosody.extraModules</option>.
-      Use <literal>withOnlyInstalledCommunityModules</literal> for modules that should not be enabled directly, e.g <literal>lib_ldap</literal>.
+     <literal>withCommunityModules</literal> now passes through the modules to
+     <option>services.prosody.extraModules</option>. Use
+     <literal>withOnlyInstalledCommunityModules</literal> for modules that
+     should not be enabled directly, e.g <literal>lib_ldap</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      All prometheus exporter modules are now defined as submodules.
-      The exporters are configured using <literal>services.prometheus.exporters</literal>.
+     All prometheus exporter modules are now defined as submodules. The
+     exporters are configured using
+     <literal>services.prometheus.exporters</literal>.
     </para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.03-notable-changes">
+  <title>Other Notable Changes</title>
 
-<title>Other Notable Changes</title>
-
-<itemizedlist>
-  <listitem>
-    <para>
-      ZNC option <option>services.znc.mutable</option> now defaults to
-      <literal>true</literal>. That means that old configuration is not
-      overwritten by default when update to the znc options are made.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The option <option>networking.wireless.networks.&lt;name&gt;.auth</option>
-      has been added for wireless networks with WPA-Enterprise authentication.
-      There is also a new <option>extraConfig</option> option to directly
-      configure <literal>wpa_supplicant</literal> and <option>hidden</option>
-      to connect to hidden networks.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      In the module <option>networking.interfaces.&lt;name&gt;</option> the
-      following options have been removed:
-      <itemizedlist>
-        <listitem>
-          <para><option>ipAddress</option></para>
-        </listitem>
-        <listitem>
-          <para><option>ipv6Address</option></para>
-        </listitem>
-        <listitem>
-          <para><option>prefixLength</option></para>
-        </listitem>
-        <listitem>
-          <para><option>ipv6PrefixLength</option></para>
-        </listitem>
-        <listitem>
-          <para><option>subnetMask</option></para>
-        </listitem>
-      </itemizedlist>
-      To assign static addresses to an interface the options
-      <option>ipv4.addresses</option> and <option>ipv6.addresses</option>
-      should be used instead.
-      The options <option>ip4</option> and <option>ip6</option> have been
-      renamed to <option>ipv4.addresses</option> <option>ipv6.addresses</option>
-      respectively.
-      The new options <option>ipv4.routes</option> and <option>ipv6.routes</option>
-      have been added to set up static routing.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      The option <option>services.logstash.listenAddress</option> is now <literal>127.0.0.1</literal> by default.
-      Previously the default behaviour was to listen on all interfaces.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      <literal>services.btrfs.autoScrub</literal> has been added, to
-      periodically check btrfs filesystems for data corruption.
-      If there's a correct copy available, it will automatically repair
-      corrupted blocks.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      <literal>displayManager.lightdm.greeters.gtk.clock-format.</literal>
-      has been added, the clock format string (as expected by
-      strftime, e.g. <literal>%H:%M</literal>) to use with the lightdm
-      gtk greeter panel.
-    </para>
-    <para>
-      If set to null the default clock format is used.
-    </para>
-  </listitem>
-  <listitem>
-    <para>
-      <literal>displayManager.lightdm.greeters.gtk.indicators</literal>
-      has been added, a list of allowed indicator modules to use with
-      the lightdm gtk greeter panel.
-    </para>
-    <para>
-      Built-in indicators include <literal>~a11y</literal>,
-      <literal>~language</literal>, <literal>~session</literal>,
-      <literal>~power</literal>, <literal>~clock</literal>,
-      <literal>~host</literal>, <literal>~spacer</literal>. Unity
-      indicators can be represented by short name
-      (e.g. <literal>sound</literal>, <literal>power</literal>),
-      service file name, or absolute path.
-    </para>
-    <para>
-      If set to <literal>null</literal> the default indicators are
-      used.
-    </para>
-    <para>
-      In order to have the previous default configuration add
+  <itemizedlist>
+   <listitem>
+    <para>
+     ZNC option <option>services.znc.mutable</option> now defaults to
+     <literal>true</literal>. That means that old configuration is not
+     overwritten by default when update to the znc options are made.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The option <option>networking.wireless.networks.&lt;name&gt;.auth</option>
+     has been added for wireless networks with WPA-Enterprise authentication.
+     There is also a new <option>extraConfig</option> option to directly
+     configure <literal>wpa_supplicant</literal> and <option>hidden</option> to
+     connect to hidden networks.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     In the module <option>networking.interfaces.&lt;name&gt;</option> the
+     following options have been removed:
+     <itemizedlist>
+      <listitem>
+       <para>
+        <option>ipAddress</option>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <option>ipv6Address</option>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <option>prefixLength</option>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <option>ipv6PrefixLength</option>
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <option>subnetMask</option>
+       </para>
+      </listitem>
+     </itemizedlist>
+     To assign static addresses to an interface the options
+     <option>ipv4.addresses</option> and <option>ipv6.addresses</option> should
+     be used instead. The options <option>ip4</option> and <option>ip6</option>
+     have been renamed to <option>ipv4.addresses</option>
+     <option>ipv6.addresses</option> respectively. The new options
+     <option>ipv4.routes</option> and <option>ipv6.routes</option> have been
+     added to set up static routing.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The option <option>services.logstash.listenAddress</option> is now
+     <literal>127.0.0.1</literal> by default. Previously the default behaviour
+     was to listen on all interfaces.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>services.btrfs.autoScrub</literal> has been added, to
+     periodically check btrfs filesystems for data corruption. If there's a
+     correct copy available, it will automatically repair corrupted blocks.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>displayManager.lightdm.greeters.gtk.clock-format.</literal> has
+     been added, the clock format string (as expected by strftime, e.g.
+     <literal>%H:%M</literal>) to use with the lightdm gtk greeter panel.
+    </para>
+    <para>
+     If set to null the default clock format is used.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <literal>displayManager.lightdm.greeters.gtk.indicators</literal> has been
+     added, a list of allowed indicator modules to use with the lightdm gtk
+     greeter panel.
+    </para>
+    <para>
+     Built-in indicators include <literal>~a11y</literal>,
+     <literal>~language</literal>, <literal>~session</literal>,
+     <literal>~power</literal>, <literal>~clock</literal>,
+     <literal>~host</literal>, <literal>~spacer</literal>. Unity indicators can
+     be represented by short name (e.g. <literal>sound</literal>,
+     <literal>power</literal>), service file name, or absolute path.
+    </para>
+    <para>
+     If set to <literal>null</literal> the default indicators are used.
+    </para>
+    <para>
+     In order to have the previous default configuration add
 <programlisting>
   services.xserver.displayManager.lightdm.greeters.gtk.indicators = [
     "~host" "~spacer"
@@ -539,24 +829,27 @@ following incompatible changes:</para>
     "~power"
   ];
 </programlisting>
-      to your <literal>configuration.nix</literal>.
+     to your <literal>configuration.nix</literal>.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The NixOS test driver supports user services declared by <literal>systemd.user.services</literal>.
-      The methods <literal>waitForUnit</literal>, <literal>getUnitInfo</literal>, <literal>startJob</literal>
-      and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
+     The NixOS test driver supports user services declared by
+     <literal>systemd.user.services</literal>. The methods
+     <literal>waitForUnit</literal>, <literal>getUnitInfo</literal>,
+     <literal>startJob</literal> and <literal>stopJob</literal> provide an
+     optional <literal>$user</literal> argument for that purpose.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
-      completion for the Nix command line tools by installing the
-      <link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
+     Enabling bash completion on NixOS,
+     <literal>programs.bash.enableCompletion</literal>, will now also enable
+     completion for the Nix command line tools by installing the
+     <link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link>
+     package.
     </para>
-  </listitem>
-</itemizedlist>
-
-</section>
+   </listitem>
+  </itemizedlist>
+ </section>
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index 5ff5caaf2554..2fd7b7709797 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -3,144 +3,165 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.09">
+ <title>Release 18.09 (“Jellyfish”, 2018/09/??)</title>
 
-<title>Release 18.09 (“Jellyfish”, 2018/09/??)</title>
-
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.09-highlights">
+  <title>Highlights</title>
 
-<title>Highlights</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
+  <para>
+   In addition to numerous new and upgraded packages, this release has the
+   following highlights:
+  </para>
 
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      TODO
+     User channels are now in the default <literal>NIX_PATH</literal>, allowing
+     users to use their personal <command>nix-channel</command> defined
+     channels in <command>nix-build</command> and <command>nix-shell</command>
+     commands, as well as in imports like <code>import
+     &lt;mychannel&gt;</code>.
     </para>
-  </listitem>
-
-</itemizedlist>
-
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+    <para>
+     For example
+    </para>
+<programlisting>
+$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable
+$ nix-channel --update
+$ nix-build '&lt;nixpkgsunstable&gt;' -A gitFull
+$ nix run -f '&lt;nixpkgsunstable&gt;' gitFull
+$ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
+</programlisting>
+   </listitem>
+  </itemizedlist>
+ </section>
+
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.09-new-services">
+  <title>New Services</title>
 
-<title>New Services</title>
-
-<para>The following new services were added since the last release:</para>
+  <para>
+   The following new services were added since the last release:
+  </para>
 
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para></para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.09-incompatibilities">
+  <title>Backward Incompatibilities</title>
 
-<title>Backward Incompatibilities</title>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
+  <para>
+   When upgrading from a previous release, please be aware of the following
+   incompatible changes:
+  </para>
 
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      <literal>lib.strict</literal> is removed. Use <literal>builtins.seq</literal> instead.
+     <literal>lib.strict</literal> is removed. Use
+     <literal>builtins.seq</literal> instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>clementine</literal> package points now to the free derivation.
-      <literal>clementineFree</literal> is removed now and <literal>clementineUnfree</literal>
-      points to the package which is bundled with the unfree <literal>libspotify</literal> package.
+     The <literal>clementine</literal> package points now to the free
+     derivation. <literal>clementineFree</literal> is removed now and
+     <literal>clementineUnfree</literal> points to the package which is bundled
+     with the unfree <literal>libspotify</literal> package.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <literal>netcat</literal> package is now taken directly from OpenBSD's
-      <literal>libressl</literal>, instead of relying on Debian's fork. The new
-      version should be very close to the old version, but there are some minor
-      differences. Importantly, flags like -b, -q, -C, and -Z are no longer
-      accepted by the nc command.
+     The <literal>netcat</literal> package is now taken directly from OpenBSD's
+     <literal>libressl</literal>, instead of relying on Debian's fork. The new
+     version should be very close to the old version, but there are some minor
+     differences. Importantly, flags like -b, -q, -C, and -Z are no longer
+     accepted by the nc command.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      The <varname>services.docker-registry.extraConfig</varname> object doesn't contain
-      environment variables anymore. Instead it needs to provide an object structure
-      that can be mapped onto the YAML configuration defined in <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the <varname>docker/distribution</varname> docs</link>.
+     The <varname>services.docker-registry.extraConfig</varname> object doesn't contain
+     environment variables anymore. Instead it needs to provide an object structure
+     that can be mapped onto the YAML configuration defined in <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the <varname>docker/distribution</varname> docs</link>.
     </para>
-  </listitem>
-</itemizedlist>
+   </listitem>
+  </itemizedlist>
+ </section>
 
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
+ <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-18.09-notable-changes">
+  <title>Other Notable Changes</title>
 
-<title>Other Notable Changes</title>
-
-<itemizedlist>
-  <listitem>
+  <itemizedlist>
+   <listitem>
     <para>
-      <literal>lib.attrNamesToStr</literal> has been deprecated. Use
-      more specific concatenation (<literal>lib.concat(Map)StringsSep</literal>)
-      instead.
+     <literal>lib.attrNamesToStr</literal> has been deprecated. Use more
+     specific concatenation (<literal>lib.concat(Map)StringsSep</literal>)
+     instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.addErrorContextToAttrs</literal> has been deprecated. Use
-      <literal>builtins.addErrorContext</literal> directly.
+     <literal>lib.addErrorContextToAttrs</literal> has been deprecated. Use
+     <literal>builtins.addErrorContext</literal> directly.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.showVal</literal> has been deprecated. Use
-      <literal>lib.traceSeqN</literal> instead.
+     <literal>lib.showVal</literal> has been deprecated. Use
+     <literal>lib.traceSeqN</literal> instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.traceXMLVal</literal> has been deprecated. Use
-      <literal>lib.traceValFn builtins.toXml</literal> instead.
+     <literal>lib.traceXMLVal</literal> has been deprecated. Use
+     <literal>lib.traceValFn builtins.toXml</literal> instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.traceXMLValMarked</literal> has been deprecated. Use
-      <literal>lib.traceValFn (x: str + builtins.toXML x)</literal> instead.
+     <literal>lib.traceXMLValMarked</literal> has been deprecated. Use
+     <literal>lib.traceValFn (x: str + builtins.toXML x)</literal> instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.traceValIfNot</literal> has been deprecated. Use
-      <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal>
-      instead.
+     <literal>lib.traceValIfNot</literal> has been deprecated. Use
+     <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal>
+     instead.
     </para>
-  </listitem>
-  <listitem>
+   </listitem>
+   <listitem>
     <para>
-      <literal>lib.traceCallXml</literal> has been deprecated. Please complain
-      if you use the function regularly.
+     <literal>lib.traceCallXml</literal> has been deprecated. Please complain
+     if you use the function regularly.
     </para>
-  </listitem>
-</itemizedlist>
-
-</section>
+    <para>
+     The attribute <literal>lib.nixpkgsVersion</literal> has been deprecated in
+     favor of <literal>lib.version</literal>. Please refer to the discussion in
+     <link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link>
+     for further reference.
+    </para>
+   </listitem>
+  </itemizedlist>
+ </section>
 </section>
author	Robin Gloster <mail@glob.in>	2018-05-02 13:12:57 +0200
committer	GitHub <noreply@github.com>	2018-05-02 13:12:57 +0200
commit	fe9096ef09f325d31186dcc8ed70cba805db9a01 (patch)
tree	0716433968e4e098e802870e983477b63c7ba3e9 /nixos/doc/manual/release-notes
parent	afd3136e8efe2cbd477cb6db7be5ad7b2eb7efc6 (diff)
parent	78f09c9102aca07e7f837fbc1ca8394b59bb741e (diff)
download	nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.gz nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.bz2 nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.lz nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.xz nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.tar.zst nixlib-fe9096ef09f325d31186dcc8ed70cba805db9a01.zip