diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-01-03 23:55:00 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-02-19 11:03:39 +0000 |
| commit | f4cf97a04cd5d0b86aa46baec9fb228a8f671c03 (patch) | |
| tree | 28192415ff39a661d0001563bf81cc93fa25d16d /nixpkgs/nixos/doc | |
| parent | f8422837c9bde058e8f2de37702e7e94b2226040 (diff) | |
| parent | 18c84ea816348e2a098390101b92d1e39a9dbd45 (diff) | |
| download | nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.gz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.bz2 nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.lz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.xz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.zst nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.zip | |
Merge commit '18c84ea816348e2a098390101b92d1e39a9dbd45'
Conflicts: nixpkgs/nixos/modules/misc/documentation.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/interpreters/ruby/patchsets.nix nixpkgs/pkgs/development/libraries/boehm-gc/7.6.6.nix nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix nixpkgs/pkgs/servers/mail/mailman/web.nix nixpkgs/pkgs/top-level/aliases.nix nixpkgs/pkgs/top-level/all-packages.nix nixpkgs/pkgs/top-level/impure.nix
Diffstat (limited to 'nixpkgs/nixos/doc')
19 files changed, 1101 insertions, 84 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md b/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md index fb2090b31d84..c9140d0869c7 100644 --- a/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md +++ b/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md @@ -58,5 +58,5 @@ a while to finish. ## NixOS Boot Entries {#sect-nixos-gc-boot-entries} If your `/boot` partition runs out of space, after clearing old profiles -you must rebuild your system with `nixos-rebuild` to update the `/boot` -partition and clear space. +you must rebuild your system with `nixos-rebuild boot` or `nixos-rebuild +switch` to update the `/boot` partition and clear space. diff --git a/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md b/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md index 273672fc10ca..0d9d4017ed81 100644 --- a/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md +++ b/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md @@ -9,7 +9,7 @@ containers.database = { config = { config, pkgs, ... }: { services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql_9_6; + services.postgresql.package = pkgs.postgresql_10; }; }; ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md index b124e8303fee..18390c959b24 100644 --- a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md @@ -26,7 +26,7 @@ we assign the name `wan` to the interface with MAC address ```nix systemd.network.links."10-wan" = { - matchConfig.MACAddress = "52:54:00:12:01:01"; + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; linkConfig.Name = "wan"; }; ``` diff --git a/nixpkgs/nixos/doc/manual/default.nix b/nixpkgs/nixos/doc/manual/default.nix index 151743d9fb58..31b6da01c6bd 100644 --- a/nixpkgs/nixos/doc/manual/default.nix +++ b/nixpkgs/nixos/doc/manual/default.nix @@ -161,7 +161,7 @@ let in rec { inherit generatedSources; - inherit (optionsDoc) optionsJSON optionsXML optionsDocBook; + inherit (optionsDoc) optionsJSON optionsDocBook; # Generate the NixOS manual. manualHTML = runCommand "nixos-manual-html" diff --git a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md index 8471e7608af9..d9749d37da79 100644 --- a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md +++ b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md @@ -159,6 +159,17 @@ The following methods are available on machine objects: `execute` : Execute a shell command, returning a list `(status, stdout)`. + If the command detaches, it must close stdout, as `execute` will wait + for this to consume all output reliably. This can be achieved by + redirecting stdout to stderr `>&2`, to `/dev/console`, `/dev/null` or + a file. Examples of detaching commands are `sleep 365d &`, where the + shell forks a new process that can write to stdout and `xclip -i`, where + the `xclip` command itself forks without closing stdout. + Takes an optional parameter `check_return` that defaults to `True`. + Setting this parameter to `False` will not check for the return code + and return -1 instead. This can be used for commands that shut down + the VM and would therefore break the pipe that would be used for + retrieving the return code. `succeed` @@ -174,6 +185,9 @@ The following methods are available on machine objects: - Dereferencing unset variables fail the command. + - It will wait for stdout to be closed. See `execute` for the + implications. + `fail` : Like `succeed`, but raising an exception if the command returns a zero diff --git a/nixpkgs/nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml b/nixpkgs/nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml index 0ca98dd6e510..4243d2bf53f9 100644 --- a/nixpkgs/nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml +++ b/nixpkgs/nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml @@ -64,7 +64,8 @@ $ nix-store --optimise <para> If your <literal>/boot</literal> partition runs out of space, after clearing old profiles you must rebuild your system with - <literal>nixos-rebuild</literal> to update the + <literal>nixos-rebuild boot</literal> or + <literal>nixos-rebuild switch</literal> to update the <literal>/boot</literal> partition and clear space. </para> </section> diff --git a/nixpkgs/nixos/doc/manual/from_md/administration/declarative-containers.section.xml b/nixpkgs/nixos/doc/manual/from_md/administration/declarative-containers.section.xml index a918314a2723..7b35520d567b 100644 --- a/nixpkgs/nixos/doc/manual/from_md/administration/declarative-containers.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/administration/declarative-containers.section.xml @@ -11,7 +11,7 @@ containers.database = { config = { config, pkgs, ... }: { services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql_9_6; + services.postgresql.package = pkgs.postgresql_10; }; }; </programlisting> diff --git a/nixpkgs/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml b/nixpkgs/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml index 1c32e30b3f85..88c9e624c82f 100644 --- a/nixpkgs/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml @@ -32,7 +32,7 @@ </para> <programlisting language="bash"> systemd.network.links."10-wan" = { - matchConfig.MACAddress = "52:54:00:12:01:01"; + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; linkConfig.Name = "wan"; }; </programlisting> diff --git a/nixpkgs/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml index 83a96d5bb224..0d523681b639 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml @@ -266,7 +266,23 @@ start_all() <listitem> <para> Execute a shell command, returning a list - <literal>(status, stdout)</literal>. + <literal>(status, stdout)</literal>. If the command detaches, + it must close stdout, as <literal>execute</literal> will wait + for this to consume all output reliably. This can be achieved + by redirecting stdout to stderr <literal>>&2</literal>, + to <literal>/dev/console</literal>, + <literal>/dev/null</literal> or a file. Examples of detaching + commands are <literal>sleep 365d &</literal>, where the + shell forks a new process that can write to stdout and + <literal>xclip -i</literal>, where the + <literal>xclip</literal> command itself forks without closing + stdout. Takes an optional parameter + <literal>check_return</literal> that defaults to + <literal>True</literal>. Setting this parameter to + <literal>False</literal> will not check for the return code + and return -1 instead. This can be used for commands that shut + down the VM and would therefore break the pipe that would be + used for retrieving the return code. </para> </listitem> </varlistentry> @@ -300,6 +316,12 @@ start_all() Dereferencing unset variables fail the command. </para> </listitem> + <listitem> + <para> + It will wait for stdout to be closed. See + <literal>execute</literal> for the implications. + </para> + </listitem> </itemizedlist> </listitem> </varlistentry> diff --git a/nixpkgs/nixos/doc/manual/from_md/installation/installing.chapter.xml b/nixpkgs/nixos/doc/manual/from_md/installation/installing.chapter.xml index 91ab71682977..db073fa83965 100644 --- a/nixpkgs/nixos/doc/manual/from_md/installation/installing.chapter.xml +++ b/nixpkgs/nixos/doc/manual/from_md/installation/installing.chapter.xml @@ -25,8 +25,11 @@ <para> You are logged-in automatically as <literal>nixos</literal>. The <literal>nixos</literal> user account has an empty password so you - can use <literal>sudo</literal> without a password. + can use <literal>sudo</literal> without a password: </para> + <programlisting> +$ sudo -i +</programlisting> <para> If you downloaded the graphical ISO image, you can run <literal>systemctl start display-manager</literal> to start the diff --git a/nixpkgs/nixos/doc/manual/from_md/installation/upgrading.chapter.xml b/nixpkgs/nixos/doc/manual/from_md/installation/upgrading.chapter.xml index c0c5a2190fb2..e3b77d4c3650 100644 --- a/nixpkgs/nixos/doc/manual/from_md/installation/upgrading.chapter.xml +++ b/nixpkgs/nixos/doc/manual/from_md/installation/upgrading.chapter.xml @@ -12,7 +12,7 @@ <listitem> <para> <emphasis>Stable channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.05"><literal>nixos-21.05</literal></link>. + <link xlink:href="https://nixos.org/channels/nixos-21.11"><literal>nixos-21.11</literal></link>. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), @@ -33,7 +33,7 @@ <listitem> <para> <emphasis>Small channels</emphasis>, such as - <link xlink:href="https://nixos.org/channels/nixos-21.05-small"><literal>nixos-21.05-small</literal></link> + <link xlink:href="https://nixos.org/channels/nixos-21.11-small"><literal>nixos-21.11-small</literal></link> or <link xlink:href="https://nixos.org/channels/nixos-unstable-small"><literal>nixos-unstable-small</literal></link>. These are identical to the stable and unstable channels @@ -60,8 +60,8 @@ <para> When you first install NixOS, you’re automatically subscribed to the NixOS channel that corresponds to your installation source. For - instance, if you installed from a 21.05 ISO, you will be subscribed - to the <literal>nixos-21.05</literal> channel. To see which NixOS + instance, if you installed from a 21.11 ISO, you will be subscribed + to the <literal>nixos-21.11</literal> channel. To see which NixOS channel you’re subscribed to, run the following as root: </para> <programlisting> @@ -76,17 +76,17 @@ nixos https://nixos.org/channels/nixos-unstable </programlisting> <para> (Be sure to include the <literal>nixos</literal> parameter at the - end.) For instance, to use the NixOS 21.05 stable channel: + end.) For instance, to use the NixOS 21.11 stable channel: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.05 nixos +# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos </programlisting> <para> If you have a server, you may want to use the <quote>small</quote> channel instead: </para> <programlisting> -# nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos +# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos </programlisting> <para> And if you want to live on the bleeding edge: @@ -146,7 +146,7 @@ system.autoUpgrade.allowReboot = true; also specify a channel explicitly, e.g. </para> <programlisting language="bash"> -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.05; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; </programlisting> </section> </chapter> diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index f3a5db5fb1c8..6b706e4aeaa1 100644 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1,9 +1,5 @@ <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-21.11"> - <title>Release 21.11 (“?”, 2021.11/??)</title> - <para> - In addition to numerous new and upgraded packages, this release has - the following highlights: - </para> + <title>Release 21.11 (“Porcupine”, 2021/11/30)</title> <itemizedlist spacing="compact"> <listitem> <para> @@ -14,15 +10,34 @@ </itemizedlist> <section xml:id="sec-release-21.11-highlights"> <title>Highlights</title> + <para> + In addition to numerous new and upgraded packages, this release + has the following highlights: + </para> <itemizedlist> <listitem> <para> + Nix has been updated to version 2.4, reference its + <link xlink:href="https://discourse.nixos.org/t/nix-2-4-released/15822">release + notes</link> for more information on what has changed. The + previous version of Nix, 2.3.16, remains available for the + time being in the <literal>nix_2_3</literal> package. + </para> + </listitem> + <listitem> + <para> + <literal>iptables</literal> now uses + <literal>nf_tables</literal> backend. + </para> + </listitem> + <listitem> + <para> PHP now defaults to PHP 8.0, updated from 7.4. </para> </listitem> <listitem> <para> - kOps now defaults to 1.21.1, which uses containerd as the + kops now defaults to 1.21.1, which uses containerd as the default runtime. </para> </listitem> @@ -46,13 +61,36 @@ </listitem> <listitem> <para> - Activation scripts can now opt int to be run when running - <literal>nixos-rebuild dry-activate</literal> and detect the - dry activation by reading <literal>$NIXOS_ACTION</literal>. - This allows activation scripts to output what they would - change if the activation was really run. The users/modules - activation script supports this and outputs some of is - actions. + Improvements have been made to the Hadoop module and package: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + HDFS and YARN now support production-ready highly + available deployments with automatic failover. + </para> + </listitem> + <listitem> + <para> + Hadoop now defaults to Hadoop 3, updated from 2. + </para> + </listitem> + <listitem> + <para> + JournalNode, ZKFS and HTTPFS services have been added. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + Activation scripts can now, optionally, be run during a + <literal>nixos-rebuild dry-activate</literal> and can detect + the dry activation by reading + <literal>$NIXOS_ACTION</literal>. This allows activation + scripts to output what they would change if the activation was + really run. The users/modules activation script supports this + and outputs some of is actions. </para> </listitem> <listitem> @@ -83,7 +121,8 @@ which introduced some breaking changes to the experimental OCI manifest format. See <link xlink:href="https://github.com/helm/community/blob/main/hips/hip-0006.md">HIP - 6</link> for more details. + 6</link> for more details. <literal>helmfile</literal> also + defaults to 0.141.0, which is the minimum compatible version. </para> </listitem> <listitem> @@ -93,6 +132,81 @@ Notes</link> for details. </para> </listitem> + <listitem> + <para> + LXD support was greatly improved: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + building LXD images from configurations is now directly + possible with just nixpkgs + </para> + </listitem> + <listitem> + <para> + hydra is now building nixOS LXD images that can be used + standalone with full nixos-rebuild support + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + OpenSSH was updated to version 8.8p1 + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + This breaks connections to old SSH daemons as ssh-rsa host + keys and ssh-rsa public keys that were signed with SHA-1 + are disabled by default now + </para> + </listitem> + <listitem> + <para> + These can be re-enabled, see the + <link xlink:href="https://www.openssh.com/txt/release-8.8">OpenSSH + changelog</link> for details + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + ORY Kratos was updated to version 0.8.0-alpha.3 + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + This release requires you to run SQL migrations. Please, + as always, create a backup of your database first! + </para> + </listitem> + <listitem> + <para> + The SDKs are now generated with tag v0alpha2 to reflect + that some signatures have changed in a breaking fashion. + Please update your imports from v0alpha1 to v0alpha2. + </para> + </listitem> + <listitem> + <para> + The SMTPS scheme used in courier config URL with + cleartext/StartTLS/TLS SMTP connection types is now only + supporting implicit TLS. For StartTLS and cleartext SMTP, + please use the SMTP scheme instead. + </para> + </listitem> + <listitem> + <para> + for more details, see + <link xlink:href="https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1">Release + Notes</link>. + </para> + </listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-new-services"> @@ -131,16 +245,32 @@ </listitem> <listitem> <para> + <link xlink:href="https://github.com/jitsi/jibri">Jibri</link>, + a service for recording or streaming a Jitsi Meet conference. + Available as + <link xlink:href="options.html#opt-services.jibri.enable">services.jibri</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs 2nd generation DHCP and DDNS server suite. Available at - <link xlink:href="options.html#opt-services.kea">services.kea</link>. + <link xlink:href="options.html#opt-services.kea.dhcp4">services.kea</link>. </para> </listitem> <listitem> <para> <link xlink:href="https://owncast.online/">owncast</link>, self-hosted video live streaming solution. Available at - <link xlink:href="options.html#opt-services.owncast">services.owncast</link>. + <link xlink:href="options.html#opt-services.owncast.enable">services.owncast</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://joinpeertube.org/">PeerTube</link>, + developed by Framasoft, is the free and decentralized + alternative to video platforms. Available at + <link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>. </para> </listitem> <listitem> @@ -356,6 +486,53 @@ <link linkend="opt-services.multipath.enable">services.multipath</link>. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://www.seafile.com/en/home/">seafile</link>, + an open source file syncing & sharing software. Available + as + <link xlink:href="options.html#opt-services.seafile.enable">services.seafile</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/mchehab/rasdaemon">rasdaemon</link>, + a hardware error logging daemon. Available as + <link linkend="opt-hardware.rasdaemon.enable">hardware.rasdaemon</link>. + </para> + </listitem> + <listitem> + <para> + <literal>code-server</literal>-module now available + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/xmrig/xmrig">xmrig</link>, + a high performance, open source, cross platform RandomX, + KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and + RandomX benchmark. + </para> + </listitem> + <listitem> + <para> + Auto nice daemons + <link xlink:href="https://github.com/Nefelim4ag/Ananicy">ananicy</link> + and + <link xlink:href="https://gitlab.com/ananicy-cpp/ananicy-cpp/">ananicy-cpp</link>. + Available as + <link linkend="opt-services.ananicy.enable">services.ananicy</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/prometheus-community/smartctl_exporter">smartctl_exporter</link>, + a Prometheus exporter for + <link xlink:href="https://en.wikipedia.org/wiki/S.M.A.R.T.">S.M.A.R.T.</link> + data. Available as + <link xlink:href="options.html#opt-services.prometheus.exporters.smartctl.enable">services.prometheus.exporters.smartctl</link>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-incompatibilities"> @@ -363,6 +540,24 @@ <itemizedlist> <listitem> <para> + The NixOS VM test framework, + <literal>pkgs.nixosTest</literal>/<literal>make-test-python.nix</literal>, + now requires detaching commands such as + <literal>succeed("foo &")</literal> and + <literal>succeed("foo | xclip -i")</literal> to + close stdout. This can be done with a redirect such as + <literal>succeed("foo >&2 &")</literal>. + This breaking change was necessitated by a race condition + causing tests to fail or hang. It applies to all methods that + invoke commands on the nodes, including + <literal>execute</literal>, <literal>succeed</literal>, + <literal>fail</literal>, + <literal>wait_until_succeeds</literal>, + <literal>wait_until_fails</literal>. + </para> + </listitem> + <listitem> + <para> The <literal>services.wakeonlan</literal> option was removed, and replaced with <literal>networking.interfaces.<name>.wakeOnLan</literal>. @@ -380,6 +575,14 @@ </listitem> <listitem> <para> + Since <literal>iptables</literal> now uses + <literal>nf_tables</literal> backend and + <literal>ipset</literal> doesn’t support it, some applications + (ferm, shorewall, firehol) may have limited functionality. + </para> + </listitem> + <listitem> + <para> The <literal>paperless</literal> module and package have been removed. All users should migrate to the successor <literal>paperless-ng</literal> instead. The Paperless project @@ -465,7 +668,7 @@ Superuser created successfully. <listitem> <para> The <literal>staticjinja</literal> package has been upgraded - from 1.0.4 to 4.1.0 + from 1.0.4 to 4.1.1 </para> </listitem> <listitem> @@ -526,6 +729,17 @@ Superuser created successfully. </listitem> <listitem> <para> + <literal>ihatemoney</literal> has been updated to version + 5.1.1 + (<link xlink:href="https://github.com/spiral-project/ihatemoney/blob/5.1.1/CHANGELOG.rst">release + notes</link>). If you serve ihatemoney by HTTP rather than + HTTPS, you must set + <link xlink:href="options.html#opt-services.ihatemoney.secureCookie">services.ihatemoney.secureCookie</link> + to <literal>false</literal>. + </para> + </listitem> + <listitem> + <para> PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release. </para> @@ -1128,6 +1342,84 @@ Superuser created successfully. would be parsed as 3 parameters. </para> </listitem> + <listitem> + <para> + <literal>nix.daemonNiceLevel</literal> and + <literal>nix.daemonIONiceLevel</literal> have been removed in + favour of the new options + <link xlink:href="options.html#opt-nix.daemonCPUSchedPolicy"><literal>nix.daemonCPUSchedPolicy</literal></link>, + <link xlink:href="options.html#opt-nix.daemonIOSchedClass"><literal>nix.daemonIOSchedClass</literal></link> + and + <link xlink:href="options.html#opt-nix.daemonIOSchedPriority"><literal>nix.daemonIOSchedPriority</literal></link>. + Please refer to the options documentation and the + <literal>sched(7)</literal> and + <literal>ioprio_set(2)</literal> man pages for guidance on how + to use them. + </para> + </listitem> + <listitem> + <para> + The <literal>coursier</literal> package’s binary was renamed + from <literal>coursier</literal> to <literal>cs</literal>. + Completions which haven’t worked for a while should now work + with the renamed binary. To keep using + <literal>coursier</literal>, you can create a shell alias. + </para> + </listitem> + <listitem> + <para> + The <literal>services.mosquitto</literal> module has been + rewritten to support multiple listeners and per-listener + configuration. Module configurations from previous releases + will no longer work and must be updated. + </para> + </listitem> + <listitem> + <para> + The <literal>fluidsynth_1</literal> attribute has been + removed, as this legacy version is no longer needed in + nixpkgs. The actively maintained 2.x series is available as + <literal>fluidsynth</literal> unchanged. + </para> + </listitem> + <listitem> + <para> + Nextcloud 20 (<literal>pkgs.nextcloud20</literal>) has been + dropped because it was EOLed by upstream in 2021-10. + </para> + </listitem> + <listitem> + <para> + The <literal>virtualisation.pathsInNixDB</literal> option was + renamed + <link xlink:href="options.html#opt-virtualisation.additionalPaths"><literal>virtualisation.additionalPaths</literal></link>. + </para> + </listitem> + <listitem> + <para> + The <literal>services.ddclient.password</literal> option was + removed, and replaced with + <literal>services.ddclient.passwordFile</literal>. + </para> + </listitem> + <listitem> + <para> + The default GNAT version has been changed: The + <literal>gnat</literal> attribute now points to + <literal>gnat11</literal> instead of <literal>gnat9</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>retroArchCores</literal> has been removed. This means + that using <literal>nixpkgs.config.retroarch</literal> to + customize RetroArch cores is not supported anymore. Instead, + use package overrides, for example: + <literal>retroarch.override { cores = with libretro; [ citra snes9x ]; };</literal>. + Also, <literal>retroarchFull</literal> derivation is available + for those who want to have all RetroArch cores available. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-notable-changes"> @@ -1151,25 +1443,31 @@ Superuser created successfully. <para> In NixOS virtual machines (QEMU), the <literal>virtualisation</literal> module has been updated with - new options to configure: + new options: </para> <itemizedlist spacing="compact"> <listitem> <para> - IPv4 port forwarding - (<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>virtualisation.forwardPorts</literal></link>), + <link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>forwardPorts</literal></link> + to configure IPv4 port forwarding, </para> </listitem> <listitem> <para> - shared host directories - (<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>virtualisation.sharedDirectories</literal></link>), + <link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>sharedDirectories</literal></link> + to set up shared host directories, </para> </listitem> <listitem> <para> - screen resolution - (<link xlink:href="options.html#opt-virtualisation.resolution"><literal>virtualisation.resolution</literal></link>). + <link xlink:href="options.html#opt-virtualisation.resolution"><literal>resolution</literal></link> + to set the screen resolution, + </para> + </listitem> + <listitem> + <para> + <link xlink:href="options.html#opt-virtualisation.useNixStoreImage"><literal>useNixStoreImage</literal></link> + to use a disk image for the Nix store instead of 9P. </para> </listitem> </itemizedlist> @@ -1425,6 +1723,23 @@ Superuser created successfully. <listitem> <para> The + <link xlink:href="options.html#opt-services.smokeping.host">services.smokeping.host</link> + option was added and defaulted to + <literal>localhost</literal>. Before, + <literal>smokeping</literal> listened to all interfaces by + default. NixOS defaults generally aim to provide + non-Internet-exposed defaults for databases and internal + monitoring tools, see e.g. + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/100192">#100192</link>. + Further, the systemd service for <literal>smokeping</literal> + got reworked defaults for increased operational stability, see + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/144127">PR + #144127</link> for details. + </para> + </listitem> + <listitem> + <para> + The <link xlink:href="options.html#opt-services.syncoid.enable">services.syncoid.enable</link> module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets @@ -1556,15 +1871,6 @@ Superuser created successfully. </listitem> <listitem> <para> - Changing systemd <literal>.socket</literal> units now restarts - them and stops the service that is activated by them. - Additionally, services with - <literal>stopOnChange = false</literal> don’t break anymore - when they are socket-activated. - </para> - </listitem> - <listitem> - <para> The <literal>virtualisation.libvirtd</literal> module has been refactored and updated with new options: </para> @@ -1595,6 +1901,143 @@ Superuser created successfully. </listitem> </itemizedlist> </listitem> + <listitem> + <para> + The <literal>cawbird</literal> Twitter client now uses its own + API keys to count as different application than upstream + builds. This is done to evade application-level rate limiting. + While existing accounts continue to work, users may want to + remove and re-register their account in the client to enjoy a + better user experience and benefit from this change. + </para> + </listitem> + <listitem> + <para> + A new option + <literal>services.prometheus.enableReload</literal> has been + added which can be enabled to reload the prometheus service + when its config file changes instead of restarting. + </para> + </listitem> + <listitem> + <para> + The option + <literal>services.prometheus.environmentFile</literal> has + been removed since it was causing + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/126083">issues</link> + and Prometheus now has native support for secret files, i.e. + <literal>basic_auth.password_file</literal> and + <literal>authorization.credentials_file</literal>. + </para> + </listitem> + <listitem> + <para> + Dokuwiki now supports caddy! However + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + the nginx option has been removed, in the new + configuration, please use the + <literal>dokuwiki.webserver = "nginx"</literal> + instead. + </para> + </listitem> + <listitem> + <para> + The <quote>${hostname}</quote> option has been deprecated, + please use + <literal>dokuwiki.sites = [ "${hostname}" ]</literal> + instead + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + The + <link xlink:href="options.html#opt-services.unifi.enable">services.unifi</link> + module has been reworked, solving a number of issues. This + leads to several user facing changes: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + The <literal>services.unifi.dataDir</literal> option is + removed and the data is now always located under + <literal>/var/lib/unifi/data</literal>. This is done to + make better use of systemd state direcotiry and thus + making the service restart more reliable. + </para> + </listitem> + <listitem> + <para> + The unifi logs can now be found under: + <literal>/var/log/unifi</literal> instead of + <literal>/var/lib/unifi/logs</literal>. + </para> + </listitem> + <listitem> + <para> + The unifi run directory can now be found under: + <literal>/run/unifi</literal> instead of + <literal>/var/lib/unifi/run</literal>. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> + <literal>security.pam.services.<name>.makeHomeDir</literal> + now uses <literal>umask=0077</literal> instead of + <literal>umask=0022</literal> when creating the home + directory. + </para> + </listitem> + <listitem> + <para> + Loki has had another release. Some default values have been + changed for the configuration and some configuration options + have been renamed. For more details, please check + <link xlink:href="https://grafana.com/docs/loki/latest/upgrading/#240">the + upgrade guide</link>. + </para> + </listitem> + <listitem> + <para> + <literal>julia</literal> now refers to + <literal>julia-stable</literal> instead of + <literal>julia-lts</literal>. In practice this means it has + been upgraded from <literal>1.0.4</literal> to + <literal>1.5.4</literal>. + </para> + </listitem> + <listitem> + <para> + RetroArch has been upgraded from version + <literal>1.8.5</literal> to <literal>1.9.13.2</literal>. Since + the previous release was quite old, if you’re having issues + after the upgrade, please delete your + <literal>$XDG_CONFIG_HOME/retroarch/retroarch.cfg</literal> + file. + </para> + </listitem> + <listitem> + <para> + hydrus has been upgraded from version <literal>438</literal> + to <literal>463</literal>. Since upgrading between releases + this old is advised against, be sure to have a backup of your + data before upgrading. For details, see + <link xlink:href="https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates">the + hydrus manual</link>. + </para> + </listitem> + <listitem> + <para> + More jdk and jre versions are now exposed via + <literal>java-packages.compiler</literal>. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml new file mode 100644 index 000000000000..4a2e86a60b92 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -0,0 +1,315 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.05"> + <title>Release 22.05 (“Quokka”, 2022.05/??)</title> + <para> + In addition to numerous new and upgraded packages, this release has + the following highlights: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + Support is planned until the end of December 2022, handing over + to 22.11. + </para> + </listitem> + </itemizedlist> + <section xml:id="sec-release-22.05-highlights"> + <title>Highlights</title> + <itemizedlist> + <listitem> + <para> + <literal>security.acme.defaults</literal> has been added to + simplify configuring settings for many certificates at once. + This also opens up the the option to use DNS-01 validation + when using <literal>enableACME</literal> on web server virtual + hosts (e.g. + <literal>services.nginx.virtualHosts.*.enableACME</literal>). + </para> + </listitem> + <listitem> + <para> + PHP 8.1 is now available + </para> + </listitem> + <listitem> + <para> + Mattermost has been updated to version 6.2. Migrations may + take a while, see the + <link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade + notes</link>. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.05-new-services"> + <title>New Services</title> + <itemizedlist> + <listitem> + <para> + <link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>, + the Intel SGX Architectural Enclave Service Manager. Available + as + <link linkend="opt-services.aesmd.enable">services.aesmd</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://docs.docker.com/engine/security/rootless/">rootless + Docker</link>, a <literal>systemd --user</literal> Docker + service which runs without root permissions. Available as + <link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>, + a lightweight shipper for forwarding and centralizing log + data. Available as + <link linkend="opt-services.filebeat.enable">services.filebeat</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>, + a web interface for the PowerDNS server. Available at + <link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://maddy.email">maddy</link>, a + composable all-in-one mail server. Available as + <link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://tetrd.app">tetrd</link>, share your + internet connection from your device to your PC and vice versa + through a USB cable. Available at + <link linkend="opt-services.tetrd.enable">services.tetrd</link>. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.05-incompatibilities"> + <title>Backward Incompatibilities</title> + <itemizedlist> + <listitem> + <para> + <literal>pkgs.ghc</literal> now refers to + <literal>pkgs.targetPackages.haskellPackages.ghc</literal>. + This <emphasis>only</emphasis> makes a difference if you are + cross-compiling and will ensure that + <literal>pkgs.ghc</literal> always runs on the host platform + and compiles for the target platform (similar to + <literal>pkgs.gcc</literal> for example). + <literal>haskellPackages.ghc</literal> still behaves as + before, running on the build platform and compiling for the + host platform (similar to <literal>stdenv.cc</literal>). This + means you don’t have to adjust your derivations if you use + <literal>haskellPackages.callPackage</literal>, but when using + <literal>pkgs.callPackage</literal> and taking + <literal>ghc</literal> as an input, you should now use + <literal>buildPackages.ghc</literal> instead to ensure cross + compilation keeps working (or switch to + <literal>haskellPackages.callPackage</literal>). + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.emacsPackages.orgPackages</literal> is removed + because org elpa is deprecated. The packages in the top level + of <literal>pkgs.emacsPackages</literal>, such as org and + org-contrib, refer to the ones in + <literal>pkgs.emacsPackages.elpaPackages</literal> and + <literal>pkgs.emacsPackages.nongnuPackages</literal> where the + new versions will release. + </para> + </listitem> + <listitem> + <para> + <literal>services.kubernetes.addons.dashboard</literal> was + removed due to it being an outdated version. + </para> + </listitem> + <listitem> + <para> + The MoinMoin wiki engine + (<literal>services.moinmoin</literal>) has been removed, + because Python 2 is being retired from nixpkgs. + </para> + </listitem> + <listitem> + <para> + The <literal>wafHook</literal> hook now honors + <literal>NIX_BUILD_CORES</literal> when + <literal>enableParallelBuilding</literal> is not set + explicitly. Packages can restore the old behaviour by setting + <literal>enableParallelBuilding=false</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.claws-mail-gtk2</literal>, representing Claws + Mail’s older release version three, was removed in order to + get rid of Python 2. Please switch to + <literal>claws-mail</literal>, which is Claws Mail’s latest + release based on GTK+3 and Python 3. + </para> + </listitem> + <listitem> + <para> + The <literal>writers.writePython2</literal> and corresponding + <literal>writers.writePython2Bin</literal> convenience + functions to create executable Python 2 scripts in the store + were removed in preparation of removal of the Python 2 + interpreter. Scripts have to be converted to Python 3 for use + with <literal>writers.writePython3</literal> or + <literal>writers.writePyPy2</literal> needs to be used. + </para> + </listitem> + <listitem> + <para> + If you previously used + <literal>/etc/docker/daemon.json</literal>, you need to + incorporate the changes into the new option + <literal>virtualisation.docker.daemon.settings</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>autorestic</literal> package has been upgraded + from 1.3.0 to 1.5.0 which introduces breaking changes in + config file, check + <link xlink:href="https://autorestic.vercel.app/migration/1.4_1.5">their + migration guide</link> for more details. + </para> + </listitem> + <listitem> + <para> + For <literal>pkgs.python3.pkgs.ipython</literal>, its direct + dependency + <literal>pkgs.python3.pkgs.matplotlib-inline</literal> (which + is really an adapter to integrate matplotlib in ipython if it + is installed) does not depend on + <literal>pkgs.python3.pkgs.matplotlib</literal> anymore. This + is closer to a non-Nix install of ipython. This has the added + benefit to reduce the closure size of + <literal>ipython</literal> from ~400MB to ~160MB (including + ~100MB for python itself). + </para> + </listitem> + <listitem> + <para> + <literal>documentation.man</literal> has been refactored to + support choosing a man implementation other than GNU’s + <literal>man-db</literal>. For this, + <literal>documentation.man.manualPages</literal> has been + renamed to + <literal>documentation.man.man-db.manualPages</literal>. If + you want to use the new alternative man implementation + <literal>mandoc</literal>, add + <literal>documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }</literal> + to your configuration. + </para> + </listitem> + </itemizedlist> + </section> + <section xml:id="sec-release-22.05-notable-changes"> + <title>Other Notable Changes</title> + <itemizedlist> + <listitem> + <para> + The option + <link linkend="opt-services.redis.servers">services.redis.servers</link> + was added to support per-application + <literal>redis-server</literal> which is more secure since + Redis databases are only mere key prefixes without any + configuration or ACL of their own. Backward-compatibility is + preserved by mapping old + <literal>services.redis.settings</literal> to + <literal>services.redis.servers."".settings</literal>, + but you are strongly encouraged to name each + <literal>redis-server</literal> instance after the application + using it, instead of keeping that nameless one. Except for the + nameless + <literal>services.redis.servers.""</literal> still + accessible at <literal>127.0.0.1:6379</literal>, and to the + members of the Unix group <literal>redis</literal> through the + Unix socket <literal>/run/redis/redis.sock</literal>, all + other <literal>services.redis.servers.${serverName}</literal> + are only accessible by default to the members of the Unix + group <literal>redis-${serverName}</literal> through the Unix + socket <literal>/run/redis-${serverName}/redis.sock</literal>. + </para> + </listitem> + <listitem> + <para> + The + <literal>writers.writePyPy2</literal>/<literal>writers.writePyPy3</literal> + and corresponding + <literal>writers.writePyPy2Bin</literal>/<literal>writers.writePyPy3Bin</literal> + convenience functions to create executable Python 2/3 scripts + using the PyPy interpreter were added. + </para> + </listitem> + <listitem> + <para> + The <literal>influxdb2</literal> package was split into + <literal>influxdb2-server</literal> and + <literal>influxdb2-cli</literal>, matching the split that took + place upstream. A combined <literal>influxdb2</literal> + package is still provided in this release for backwards + compatibilty, but will be removed at a later date. + </para> + </listitem> + <listitem> + <para> + The <literal>services.unifi.openPorts</literal> option default + value of <literal>true</literal> is now deprecated and will be + changed to <literal>false</literal> in 22.11. Configurations + using this default will print a warning when rebuilt. + </para> + </listitem> + <listitem> + <para> + <literal>security.acme</literal> certificates will now + correctly check for CA revokation before reaching their + minimum age. + </para> + </listitem> + <listitem> + <para> + Removing domains from + <literal>security.acme.certs._name_.extraDomainNames</literal> + will now correctly remove those domains during rebuild/renew. + </para> + </listitem> + <listitem> + <para> + The option + <link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link> + was added, decoupling the setting of + <literal>SSH_ASKPASS</literal> from + <literal>services.xserver.enable</literal>. This allows easy + usage in non-X11 environments, e.g. Wayland. + </para> + </listitem> + <listitem> + <para> + The <literal>services.stubby</literal> module was converted to + a + <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link> + configuration. + </para> + </listitem> + <listitem> + <para> + The option <literal>services.duplicati.dataDir</literal> has + been added to allow changing the location of duplicati’s + files. + </para> + </listitem> + </itemizedlist> + </section> +</section> diff --git a/nixpkgs/nixos/doc/manual/installation/installing.chapter.md b/nixpkgs/nixos/doc/manual/installation/installing.chapter.md index a0823b51e9cb..def4f37fbcaa 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/installing.chapter.md @@ -15,7 +15,10 @@ finished booting, it should have detected most of your hardware. The NixOS manual is available by running `nixos-help`. You are logged-in automatically as `nixos`. The `nixos` user account has -an empty password so you can use `sudo` without a password. +an empty password so you can use `sudo` without a password: +```ShellSession +$ sudo -i +``` If you downloaded the graphical ISO image, you can run `systemctl start display-manager` to start the desktop environment. If you want diff --git a/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md b/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md index b7903b9d3cbb..faeefc4451dc 100644 --- a/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md @@ -6,7 +6,7 @@ expressions and associated binaries. The NixOS channels are updated automatically from NixOS's Git repository after certain tests have passed and all packages have been built. These channels are: -- *Stable channels*, such as [`nixos-21.05`](https://nixos.org/channels/nixos-21.05). +- *Stable channels*, such as [`nixos-21.11`](https://nixos.org/channels/nixos-21.11). These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not @@ -19,7 +19,7 @@ passed and all packages have been built. These channels are: radical changes between channel updates. It's not recommended for production systems. -- *Small channels*, such as [`nixos-21.05-small`](https://nixos.org/channels/nixos-21.05-small) +- *Small channels*, such as [`nixos-21.11-small`](https://nixos.org/channels/nixos-21.11-small) or [`nixos-unstable-small`](https://nixos.org/channels/nixos-unstable-small). These are identical to the stable and unstable channels described above, except that they contain fewer binary packages. This means they get updated @@ -38,8 +38,8 @@ newest supported stable release. When you first install NixOS, you're automatically subscribed to the NixOS channel that corresponds to your installation source. For -instance, if you installed from a 21.05 ISO, you will be subscribed to -the `nixos-21.05` channel. To see which NixOS channel you're subscribed +instance, if you installed from a 21.11 ISO, you will be subscribed to +the `nixos-21.11` channel. To see which NixOS channel you're subscribed to, run the following as root: ```ShellSession @@ -54,16 +54,16 @@ To switch to a different NixOS channel, do ``` (Be sure to include the `nixos` parameter at the end.) For instance, to -use the NixOS 21.05 stable channel: +use the NixOS 21.11 stable channel: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.05 nixos +# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos ``` If you have a server, you may want to use the "small" channel instead: ```ShellSession -# nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos +# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos ``` And if you want to live on the bleeding edge: @@ -114,5 +114,5 @@ the new generation contains a different kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. ```nix -system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.05; +system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11; ``` diff --git a/nixpkgs/nixos/doc/manual/man-nixos-install.xml b/nixpkgs/nixos/doc/manual/man-nixos-install.xml index 91542d37cbd5..eb6680b65677 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-install.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-install.xml @@ -69,9 +69,14 @@ </arg> <arg> - <arg choice='plain'> - <option>--no-root-passwd</option> - </arg> + <group choice='req'> + <arg choice='plain'> + <option>--no-root-password</option> + </arg> + <arg choice='plain'> + <option>--no-root-passwd</option> + </arg> + </group> </arg> <arg> @@ -157,7 +162,7 @@ <listitem> <para> It prompts you for a password for the root account (unless - <option>--no-root-passwd</option> is specified). + <option>--no-root-password</option> is specified). </para> </listitem> </itemizedlist> diff --git a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml index 0e0ea5d74b0b..6c7fc57f8d83 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml @@ -535,12 +535,8 @@ </para> <para> - If <option>--build-host</option> is not explicitly specified, - <option>--build-host</option> will implicitly be set to the same value as - <option>--target-host</option>. So, if you only specify - <option>--target-host</option> both building and activation will take - place remotely (and no build artifacts will be copied to the local - machine). + If <option>--build-host</option> is not explicitly specified, building + will take place locally. </para> <para> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md index c1958b3a6bd4..48adc4ad33cb 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2111.section.md @@ -1,14 +1,18 @@ -# Release 21.11 (“?”, 2021.11/??) {#sec-release-21.11} - -In addition to numerous new and upgraded packages, this release has the following highlights: +# Release 21.11 (“Porcupine”, 2021/11/30) {#sec-release-21.11} - Support is planned until the end of June 2022, handing over to 22.05. ## Highlights {#sec-release-21.11-highlights} +In addition to numerous new and upgraded packages, this release has the following highlights: + +- Nix has been updated to version 2.4, reference its [release notes](https://discourse.nixos.org/t/nix-2-4-released/15822) for more information on what has changed. The previous version of Nix, 2.3.16, remains available for the time being in the `nix_2_3` package. + +- `iptables` now uses `nf_tables` backend. + - PHP now defaults to PHP 8.0, updated from 7.4. -- kOps now defaults to 1.21.1, which uses containerd as the default runtime. +- kops now defaults to 1.21.1, which uses containerd as the default runtime. - `python3` now defaults to Python 3.9, updated from Python 3.8. @@ -16,7 +20,12 @@ In addition to numerous new and upgraded packages, this release has the followin - spark now defaults to spark 3, updated from 2. A [migration guide](https://spark.apache.org/docs/latest/core-migration-guide.html#upgrading-from-core-24-to-30) is available. -- Activation scripts can now opt int to be run when running `nixos-rebuild dry-activate` and detect the dry activation by reading `$NIXOS_ACTION`. +- Improvements have been made to the Hadoop module and package: + - HDFS and YARN now support production-ready highly available deployments with automatic failover. + - Hadoop now defaults to Hadoop 3, updated from 2. + - JournalNode, ZKFS and HTTPFS services have been added. + +- Activation scripts can now, optionally, be run during a `nixos-rebuild dry-activate` and can detect the dry activation by reading `$NIXOS_ACTION`. This allows activation scripts to output what they would change if the activation was really run. The users/modules activation script supports this and outputs some of is actions. @@ -29,9 +38,24 @@ In addition to numerous new and upgraded packages, this release has the followin - Pantheon desktop has been updated to version 6. Due to changes of screen locker, if locking doesn't work for you, please try `gsettings set org.gnome.desktop.lockdown disable-lock-screen false`. - `kubernetes-helm` now defaults to 3.7.0, which introduced some breaking changes to the experimental OCI manifest format. See [HIP 6](https://github.com/helm/community/blob/main/hips/hip-0006.md) for more details. + `helmfile` also defaults to 0.141.0, which is the minimum compatible version. - GNOME has been upgraded to 41. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/41.0/) for details. +- LXD support was greatly improved: + - building LXD images from configurations is now directly possible with just nixpkgs + - hydra is now building nixOS LXD images that can be used standalone with full nixos-rebuild support + +- OpenSSH was updated to version 8.8p1 + - This breaks connections to old SSH daemons as ssh-rsa host keys and ssh-rsa public keys that were signed with SHA-1 are disabled by default now + - These can be re-enabled, see the [OpenSSH changelog](https://www.openssh.com/txt/release-8.8) for details + +- ORY Kratos was updated to version 0.8.0-alpha.3 + - This release requires you to run SQL migrations. Please, as always, create a backup of your database first! + - The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2. + - The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. + - for more details, see [Release Notes](https://github.com/ory/kratos/releases/tag/v0.8.0-alpha.1). + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). @@ -42,9 +66,13 @@ In addition to numerous new and upgraded packages, this release has the followin - [geoipupdate](https://github.com/maxmind/geoipupdate), a GeoIP database updater from MaxMind. Available as [services.geoipupdate](options.html#opt-services.geoipupdate.enable). -- [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea). +- [Jibri](https://github.com/jitsi/jibri), a service for recording or streaming a Jitsi Meet conference. Available as [services.jibri](options.html#opt-services.jibri.enable). + +- [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea.dhcp4). -- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast). +- [owncast](https://owncast.online/), self-hosted video live streaming solution. Available at [services.owncast](options.html#opt-services.owncast.enable). + +- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable). - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). @@ -109,13 +137,31 @@ In addition to numerous new and upgraded packages, this release has the followin - [multipath](https://github.com/opensvc/multipath-tools), the device mapper multipath (DM-MP) daemon. Available as [services.multipath](#opt-services.multipath.enable). +- [seafile](https://www.seafile.com/en/home/), an open source file syncing & sharing software. Available as [services.seafile](options.html#opt-services.seafile.enable). + +- [rasdaemon](https://github.com/mchehab/rasdaemon), a hardware error logging daemon. Available as [hardware.rasdaemon](#opt-hardware.rasdaemon.enable). + +- `code-server`-module now available + +- [xmrig](https://github.com/xmrig/xmrig), a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and RandomX benchmark. + +- Auto nice daemons [ananicy](https://github.com/Nefelim4ag/Ananicy) and [ananicy-cpp](https://gitlab.com/ananicy-cpp/ananicy-cpp/). Available as [services.ananicy](#opt-services.ananicy.enable). + +- [smartctl_exporter](https://github.com/prometheus-community/smartctl_exporter), a Prometheus exporter for [S.M.A.R.T.](https://en.wikipedia.org/wiki/S.M.A.R.T.) data. Available as [services.prometheus.exporters.smartctl](options.html#opt-services.prometheus.exporters.smartctl.enable). + ## Backward Incompatibilities {#sec-release-21.11-incompatibilities} +- The NixOS VM test framework, `pkgs.nixosTest`/`make-test-python.nix`, now requires detaching commands such as `succeed("foo &")` and `succeed("foo | xclip -i")` to close stdout. + This can be done with a redirect such as `succeed("foo >&2 &")`. This breaking change was necessitated by a race condition causing tests to fail or hang. + It applies to all methods that invoke commands on the nodes, including `execute`, `succeed`, `fail`, `wait_until_succeeds`, `wait_until_fails`. + - The `services.wakeonlan` option was removed, and replaced with `networking.interfaces.<name>.wakeOnLan`. - The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set. This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe. +- Since `iptables` now uses `nf_tables` backend and `ipset` doesn't support it, some applications (ferm, shorewall, firehol) may have limited functionality. + - The `paperless` module and package have been removed. All users should migrate to the successor `paperless-ng` instead. The Paperless project [has been archived](https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4) @@ -166,7 +212,7 @@ In addition to numerous new and upgraded packages, this release has the followin Superuser created successfully. ``` -- The `staticjinja` package has been upgraded from 1.0.4 to 4.1.0 +- The `staticjinja` package has been upgraded from 1.0.4 to 4.1.1 - Firefox v91 does not support addons with invalid signature anymore. Firefox ESR needs to be used for nix addon support. @@ -195,6 +241,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable). +- `ihatemoney` has been updated to version 5.1.1 ([release notes](https://github.com/spiral-project/ihatemoney/blob/5.1.1/CHANGELOG.rst)). If you serve ihatemoney by HTTP rather than HTTPS, you must set [services.ihatemoney.secureCookie](options.html#opt-services.ihatemoney.secureCookie) to `false`. + - PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release. - Those making use of `buildBazelPackage` will need to regenerate the fetch hashes (preferred), or set `fetchConfigured = false;`. @@ -348,16 +396,38 @@ In addition to numerous new and upgraded packages, this release has the followin - `boot.kernelParams` now only accepts one command line parameter per string. This change is aimed to reduce common mistakes like "param = 12", which would be parsed as 3 parameters. +- `nix.daemonNiceLevel` and `nix.daemonIONiceLevel` have been removed in favour of the new options [`nix.daemonCPUSchedPolicy`](options.html#opt-nix.daemonCPUSchedPolicy), [`nix.daemonIOSchedClass`](options.html#opt-nix.daemonIOSchedClass) and [`nix.daemonIOSchedPriority`](options.html#opt-nix.daemonIOSchedPriority). Please refer to the options documentation and the `sched(7)` and `ioprio_set(2)` man pages for guidance on how to use them. + +- The `coursier` package's binary was renamed from `coursier` to `cs`. Completions which haven't worked for a while should now work with the renamed binary. To keep using `coursier`, you can create a shell alias. + +- The `services.mosquitto` module has been rewritten to support multiple listeners and per-listener configuration. + Module configurations from previous releases will no longer work and must be updated. + +- The `fluidsynth_1` attribute has been removed, as this legacy version is no longer needed in nixpkgs. The actively maintained 2.x series is available as `fluidsynth` unchanged. + +- Nextcloud 20 (`pkgs.nextcloud20`) has been dropped because it was EOLed by upstream in 2021-10. + +- The `virtualisation.pathsInNixDB` option was renamed + [`virtualisation.additionalPaths`](options.html#opt-virtualisation.additionalPaths). + +- The `services.ddclient.password` option was removed, and replaced with `services.ddclient.passwordFile`. + +- The default GNAT version has been changed: The `gnat` attribute now points to `gnat11` + instead of `gnat9`. + +- `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available. + ## Other Notable Changes {#sec-release-21.11-notable-changes} - The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set. In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched. -- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure: - - IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)), - - shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)), - - screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)). +- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options: + - [`forwardPorts`](options.html#opt-virtualisation.forwardPorts) to configure IPv4 port forwarding, + - [`sharedDirectories`](options.html#opt-virtualisation.sharedDirectories) to set up shared host directories, + - [`resolution`](options.html#opt-virtualisation.resolution) to set the screen resolution, + - [`useNixStoreImage`](options.html#opt-virtualisation.useNixStoreImage) to use a disk image for the Nix store instead of 9P. In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance. @@ -419,6 +489,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The [networking.wireless.iwd](options.html#opt-networking.wireless.iwd.enable) module has a new [networking.wireless.iwd.settings](options.html#opt-networking.wireless.iwd.settings) option. +- The [services.smokeping.host](options.html#opt-services.smokeping.host) option was added and defaulted to `localhost`. Before, `smokeping` listened to all interfaces by default. NixOS defaults generally aim to provide non-Internet-exposed defaults for databases and internal monitoring tools, see e.g. [#100192](https://github.com/NixOS/nixpkgs/issues/100192). Further, the systemd service for `smokeping` got reworked defaults for increased operational stability, see [PR #144127](https://github.com/NixOS/nixpkgs/pull/144127) for details. + - The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up. - Zfs: `latestCompatibleLinuxPackages` is now exported on the zfs package. One can use `boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;` to always track the latest compatible kernel with a given version of zfs. @@ -450,9 +522,34 @@ In addition to numerous new and upgraded packages, this release has the followin - `networking.sits` now supports Foo-over-UDP encapsulation. -- Changing systemd `.socket` units now restarts them and stops the service that is activated by them. Additionally, services with `stopOnChange = false` don't break anymore when they are socket-activated. - - The `virtualisation.libvirtd` module has been refactored and updated with new options: - `virtualisation.libvirtd.qemu*` options (e.g.: `virtualisation.libvirtd.qemuRunAsRoot`) were moved to [`virtualisation.libvirtd.qemu`](options.html#opt-virtualisation.libvirtd.qemu) submodule, - software TPM1/TPM2 support (e.g.: Windows 11 guests) ([`virtualisation.libvirtd.qemu.swtpm`](options.html#opt-virtualisation.libvirtd.qemu.swtpm)), - custom OVMF package (e.g.: `pkgs.OVMFFull` with HTTP, CSM and Secure Boot support) ([`virtualisation.libvirtd.qemu.ovmf.package`](options.html#opt-virtualisation.libvirtd.qemu.ovmf.package)). + +- The `cawbird` Twitter client now uses its own API keys to count as different application than upstream builds. This is done to evade application-level rate limiting. While existing accounts continue to work, users may want to remove and re-register their account in the client to enjoy a better user experience and benefit from this change. + +- A new option `services.prometheus.enableReload` has been added which can be enabled to reload the prometheus service when its config file changes instead of restarting. + +- The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files, i.e. `basic_auth.password_file` and `authorization.credentials_file`. + +- Dokuwiki now supports caddy! However + - the nginx option has been removed, in the new configuration, please use the `dokuwiki.webserver = "nginx"` instead. + - The "${hostname}" option has been deprecated, please use `dokuwiki.sites = [ "${hostname}" ]` instead + +- The [services.unifi](options.html#opt-services.unifi.enable) module has been reworked, solving a number of issues. This leads to several user facing changes: + - The `services.unifi.dataDir` option is removed and the data is now always located under `/var/lib/unifi/data`. This is done to make better use of systemd state direcotiry and thus making the service restart more reliable. + - The unifi logs can now be found under: `/var/log/unifi` instead of `/var/lib/unifi/logs`. + - The unifi run directory can now be found under: `/run/unifi` instead of `/var/lib/unifi/run`. + +- `security.pam.services.<name>.makeHomeDir` now uses `umask=0077` instead of `umask=0022` when creating the home directory. + +- Loki has had another release. Some default values have been changed for the configuration and some configuration options have been renamed. For more details, please check [the upgrade guide](https://grafana.com/docs/loki/latest/upgrading/#240). + +- `julia` now refers to `julia-stable` instead of `julia-lts`. In practice this means it has been upgraded from `1.0.4` to `1.5.4`. + +- RetroArch has been upgraded from version `1.8.5` to `1.9.13.2`. Since the previous release was quite old, if you're having issues after the upgrade, please delete your `$XDG_CONFIG_HOME/retroarch/retroarch.cfg` file. + +- hydrus has been upgraded from version `438` to `463`. Since upgrading between releases this old is advised against, be sure to have a backup of your data before upgrading. For details, see [the hydrus manual](https://hydrusnetwork.github.io/hydrus/help/getting_started_installing.html#big_updates). + +- More jdk and jre versions are now exposed via `java-packages.compiler`. diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md new file mode 100644 index 000000000000..2a062d0573b5 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md @@ -0,0 +1,118 @@ +# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05} + +In addition to numerous new and upgraded packages, this release has the following highlights: + +- Support is planned until the end of December 2022, handing over to 22.11. + +## Highlights {#sec-release-22.05-highlights} + +- `security.acme.defaults` has been added to simplify configuring + settings for many certificates at once. This also opens up the + the option to use DNS-01 validation when using `enableACME` on + web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`). + +- PHP 8.1 is now available + +- Mattermost has been updated to version 6.2. Migrations may take a while, + see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release). + +## New Services {#sec-release-22.05-new-services} + +- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable). +- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable). + +- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable). + +- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). + +- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). + +- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable). + +## Backward Incompatibilities {#sec-release-22.05-incompatibilities} + +- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. + This *only* makes a difference if you are cross-compiling and will + ensure that `pkgs.ghc` always runs on the host platform and compiles + for the target platform (similar to `pkgs.gcc` for example). + `haskellPackages.ghc` still behaves as before, running on the build + platform and compiling for the host platform (similar to `stdenv.cc`). + This means you don't have to adjust your derivations if you use + `haskellPackages.callPackage`, but when using `pkgs.callPackage` and + taking `ghc` as an input, you should now use `buildPackages.ghc` + instead to ensure cross compilation keeps working (or switch to + `haskellPackages.callPackage`). + +- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated. + The packages in the top level of `pkgs.emacsPackages`, such as org and + org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and + `pkgs.emacsPackages.nongnuPackages` where the new versions will release. + +- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version. + +- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs. + +- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`. + +- `pkgs.claws-mail-gtk2`, representing Claws Mail's older release version three, was removed in order to get rid of Python 2. + Please switch to `claws-mail`, which is Claws Mail's latest release based on GTK+3 and Python 3. + +- The `writers.writePython2` and corresponding `writers.writePython2Bin` convenience functions to create executable Python 2 scripts in the store were removed in preparation of removal of the Python 2 interpreter. + Scripts have to be converted to Python 3 for use with `writers.writePython3` or `writers.writePyPy2` needs to be used. + +- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`. + +- The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details. + +- For `pkgs.python3.pkgs.ipython`, its direct dependency `pkgs.python3.pkgs.matplotlib-inline` + (which is really an adapter to integrate matplotlib in ipython if it is installed) does + not depend on `pkgs.python3.pkgs.matplotlib` anymore. + This is closer to a non-Nix install of ipython. + This has the added benefit to reduce the closure size of `ipython` from ~400MB to ~160MB + (including ~100MB for python itself). + +- `documentation.man` has been refactored to support choosing a man implementation other than GNU's `man-db`. For this, `documentation.man.manualPages` has been renamed to `documentation.man.man-db.manualPages`. If you want to use the new alternative man implementation `mandoc`, add `documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }` to your configuration. + +## Other Notable Changes {#sec-release-22.05-notable-changes} + +- The option [services.redis.servers](#opt-services.redis.servers) was added + to support per-application `redis-server` which is more secure since Redis databases + are only mere key prefixes without any configuration or ACL of their own. + Backward-compatibility is preserved by mapping old `services.redis.settings` + to `services.redis.servers."".settings`, but you are strongly encouraged + to name each `redis-server` instance after the application using it, + instead of keeping that nameless one. + Except for the nameless `services.redis.servers.""` + still accessible at `127.0.0.1:6379`, + and to the members of the Unix group `redis` + through the Unix socket `/run/redis/redis.sock`, + all other `services.redis.servers.${serverName}` + are only accessible by default + to the members of the Unix group `redis-${serverName}` + through the Unix socket `/run/redis-${serverName}/redis.sock`. + +- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added. + +- The `influxdb2` package was split into `influxdb2-server` and + `influxdb2-cli`, matching the split that took place upstream. A + combined `influxdb2` package is still provided in this release for + backwards compatibilty, but will be removed at a later date. + +- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11. + Configurations using this default will print a warning when rebuilt. + +- `security.acme` certificates will now correctly check for CA + revokation before reaching their minimum age. + +- Removing domains from `security.acme.certs._name_.extraDomainNames` + will now correctly remove those domains during rebuild/renew. + +- The option + [programs.ssh.enableAskPassword](#opt-programs.ssh.enableAskPassword) was + added, decoupling the setting of `SSH_ASKPASS` from + `services.xserver.enable`. This allows easy usage in non-X11 environments, + e.g. Wayland. + +- The `services.stubby` module was converted to a [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration. + +- The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files. |