Merge remote-tracking branch 'nixpkgs/nixos-unstable'

14 files changed, 344 insertions, 35 deletions

diff --git a/nixpkgs/nixos/doc/manual/Makefile b/nixpkgs/nixos/doc/manual/Makefile
index b86a76005753..b2b6481b20c7 100644
--- a/nixpkgs/nixos/doc/manual/Makefile
+++ b/nixpkgs/nixos/doc/manual/Makefile
@@ -1,5 +1,5 @@
 .PHONY: all
-all: manual-combined.xml format
+all: manual-combined.xml
 
 .PHONY: debug
 debug: generated manual-combined.xml
diff --git a/nixpkgs/nixos/doc/manual/configuration/config-file.xml b/nixpkgs/nixos/doc/manual/configuration/config-file.xml
index 7ccb5b3664ea..19cfb57920df 100644
--- a/nixpkgs/nixos/doc/manual/configuration/config-file.xml
+++ b/nixpkgs/nixos/doc/manual/configuration/config-file.xml
@@ -16,9 +16,10 @@
   The first line (<literal>{ config, pkgs, ... }:</literal>) denotes that this
   is actually a function that takes at least the two arguments
   <varname>config</varname> and <varname>pkgs</varname>. (These are explained
-  later.) The function returns a <emphasis>set</emphasis> of option definitions
-  (<literal>{ <replaceable>...</replaceable> }</literal>). These definitions
-  have the form <literal><replaceable>name</replaceable> =
+  later, in chapter <xref linkend="sec-writing-modules" />) The function returns
+  a <emphasis>set</emphasis> of option definitions (<literal>{
+  <replaceable>...</replaceable> }</literal>). These definitions have the form
+  <literal><replaceable>name</replaceable> =
   <replaceable>value</replaceable></literal>, where
   <replaceable>name</replaceable> is the name of an option and
   <replaceable>value</replaceable> is its value. For example,
diff --git a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml
index 405a50a9e430..d8654d71ac00 100644
--- a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml
+++ b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml
@@ -26,7 +26,11 @@ Enter passphrase for /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: ***
 
 <prompt># </prompt>mkfs.ext4 /dev/mapper/<replaceable>crypted</replaceable>
 </screen>
-  To ensure that this file system is automatically mounted at boot time as
+  The LUKS volume should be automatically picked up by
+  <command>nixos-generate-config</command>, but you might want to verify that your
+  <filename>hardware-configuration.nix</filename> looks correct.
+
+  To manually ensure that the system is automatically mounted at boot time as
   <filename>/</filename>, add the following to
   <filename>configuration.nix</filename>:
 <programlisting>
diff --git a/nixpkgs/nixos/doc/manual/configuration/networking.xml b/nixpkgs/nixos/doc/manual/configuration/networking.xml
index 02cf811e0bd3..8369e9c9c852 100644
--- a/nixpkgs/nixos/doc/manual/configuration/networking.xml
+++ b/nixpkgs/nixos/doc/manual/configuration/networking.xml
@@ -15,5 +15,6 @@
  <xi:include href="firewall.xml" />
  <xi:include href="wireless.xml" />
  <xi:include href="ad-hoc-network-config.xml" />
+ <xi:include href="renaming-interfaces.xml" />
 <!-- TODO: OpenVPN, NAT -->
 </chapter>
diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml
index 04fa1643d0fd..9c70cf352041 100644
--- a/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml
+++ b/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml
@@ -16,6 +16,6 @@
   On images where the installation media also becomes an installation target,
   copying over <literal>configuration.nix</literal> should be disabled by
   setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
-  For example, this is done in <literal>sd-image-aarch64.nix</literal>.
+  For example, this is done in <literal>sd-image-aarch64-installer.nix</literal>.
  </para>
 </section>
diff --git a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.xml b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.xml
new file mode 100644
index 000000000000..d760bb3a4dac
--- /dev/null
+++ b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.xml
@@ -0,0 +1,67 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         version="5.0"
+         xml:id="sec-rename-ifs">
+ <title>Renaming network interfaces</title>
+
+ <para>
+  NixOS uses the udev
+  <link xlink:href="https://systemd.io/PREDICTABLE_INTERFACE_NAMES/">predictable naming scheme</link>
+  to assign names to network interfaces. This means that by default
+  cards are not given the traditional names like
+  <literal>eth0</literal> or <literal>eth1</literal>, whose order can
+  change unpredictably across reboots. Instead, relying on physical
+  locations and firmware information, the scheme produces names like
+  <literal>ens1</literal>, <literal>enp2s0</literal>, etc.
+ </para>
+
+ <para>
+  These names are predictable but less memorable and not necessarily
+  stable: for example installing new hardware or changing firmware
+  settings can result in a
+  <link xlink:href="https://github.com/systemd/systemd/issues/3715#issue-165347602">name change</link>.
+  If this is undesirable, for example if you have a single ethernet
+  card, you can revert to the traditional scheme by setting
+  <xref linkend="opt-networking.usePredictableInterfaceNames"/> to
+  <literal>false</literal>.
+ </para>
+
+ <section xml:id="sec-custom-ifnames">
+  <title>Assigning custom names</title>
+  <para>
+   In case there are multiple interfaces of the same type, it’s better to
+   assign custom names based on the device hardware address. For
+   example, we assign the name <literal>wan</literal> to the interface
+   with MAC address <literal>52:54:00:12:01:01</literal> using a
+   netword link unit:
+  </para>
+  <programlisting>
+ <link linkend="opt-systemd.network.links">systemd.network.links."10-wan"</link> = {
+   matchConfig.MACAddress = "52:54:00:12:01:01";
+   linkConfig.Name = "wan";
+ };
+  </programlisting>
+  <para>
+   Note that links are directly read by udev, <emphasis>not networkd</emphasis>,
+   and will work even if networkd is disabled.
+  </para>
+  <para>
+   Alternatively, we can use a plain old udev rule:
+  </para>
+  <programlisting>
+ <link linkend="opt-services.udev.initrdRules">services.udev.initrdRules</link> = ''
+  SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \
+  ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan"
+ '';
+  </programlisting>
+
+  <warning><para>
+   The rule must be installed in the initrd using
+   <literal>services.udev.initrdRules</literal>, not the usual
+   <literal>services.udev.extraRules</literal> option. This is to avoid race
+   conditions with other programs controlling the interface.
+  </para></warning>
+ </section>
+
+</section>
diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml
index dd879702d7dc..a499f0080d70 100644
--- a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml
@@ -150,7 +150,6 @@
 <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy390" ];
 <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy340" ];
 <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy304" ];
-<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy173" ];
 </programlisting>
    You may need to reboot after enabling this driver to prevent a clash with
    other kernel modules.
@@ -159,21 +158,16 @@
  <simplesect xml:id="sec-x11--graphics-cards-amd">
   <title>Proprietary AMD drivers</title>
   <para>
-   AMD provides a proprietary driver for its graphics cards that has better 3D
-   performance than the X.org drivers. It is not enabled by default because
-   it’s not free software. You can enable it as follows:
+   AMD provides a proprietary driver for its graphics cards that is not
+   enabled by default because it’s not Free Software, is often broken
+   in nixpkgs and as of this writing doesn't offer more features or
+   performance. If you still want to use it anyway, you need to explicitly set:
 <programlisting>
-<xref linkend="opt-services.xserver.videoDrivers"/> = [ "ati_unfree" ];
+<xref linkend="opt-services.xserver.videoDrivers"/> = [ "amdgpu-pro" ];
 </programlisting>
    You will need to reboot after enabling this driver to prevent a clash with
    other kernel modules.
   </para>
-  <note>
-  <para>
-   For recent AMD GPUs you most likely want to keep either the defaults
-   or <literal>"amdgpu"</literal> (both free).
-  </para>
-  </note>
  </simplesect>
  <simplesect xml:id="sec-x11-touchpads">
   <title>Touchpads</title>
diff --git a/nixpkgs/nixos/doc/manual/development/writing-documentation.xml b/nixpkgs/nixos/doc/manual/development/writing-documentation.xml
index 32e00544ceff..89fab6665616 100644
--- a/nixpkgs/nixos/doc/manual/development/writing-documentation.xml
+++ b/nixpkgs/nixos/doc/manual/development/writing-documentation.xml
@@ -25,7 +25,8 @@
 
 <screen>
 <prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual
-<prompt>$ </prompt>make
+<prompt>$ </prompt>nix-shell
+<prompt>nix-shell$ </prompt>make
 </screen>
 
   <para>
diff --git a/nixpkgs/nixos/doc/manual/development/writing-modules.xml b/nixpkgs/nixos/doc/manual/development/writing-modules.xml
index d244356dbed1..fad4637f51f0 100644
--- a/nixpkgs/nixos/doc/manual/development/writing-modules.xml
+++ b/nixpkgs/nixos/doc/manual/development/writing-modules.xml
@@ -74,7 +74,10 @@ linkend="sec-configuration-syntax"/>, we saw the following structure
    <callout arearefs='module-syntax-1'>
     <para>
      This line makes the current Nix expression a function. The variable
-     <varname>pkgs</varname> contains Nixpkgs, while <varname>config</varname>
+     <varname>pkgs</varname> contains Nixpkgs (by default, it takes the
+     <varname>nixpkgs</varname> entry of <envar>NIX_PATH</envar>, see the <link
+     xlink:href="https://nixos.org/manual/nix/stable/#sec-common-env">Nix
+     manual</link> for further details), while <varname>config</varname>
      contains the full system configuration. This line can be omitted if there
      is no reference to <varname>pkgs</varname> and <varname>config</varname>
      inside the module.
diff --git a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml
index cab4c067e0d3..5f70f74d5d90 100644
--- a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml
+++ b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -449,5 +449,16 @@ import ./make-test-python.nix {
     '';
 }
 </programlisting>
+  This will produce a Nix warning at evaluation time. To fully disable the
+  linter, wrap the test script in comment directives to disable the Black linter
+  directly (again, don't commit this within the Nixpkgs repository):
+<programlisting>
+  testScript =
+    ''
+      # fmt: off
+      <replaceable>Python code…</replaceable>
+      # fmt: on
+    '';
+</programlisting>
  </para>
 </section>
diff --git a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml
index 4957b700946e..019e5098a8e2 100644
--- a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml
+++ b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml
@@ -83,17 +83,12 @@
   VirtualBox settings (Machine / Settings / Shared Folders, then click on the
   "Add" icon). Add the following to the
   <literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you do
-  not add <literal>"nofail"</literal>, the system will not boot properly. The
-  same goes for disabling <literal>rngd</literal> which is normally used to get
-  randomness but this does not work in virtual machines.
+  not add <literal>"nofail"</literal>, the system will not boot properly.
  </para>
 
 <programlisting>
 { config, pkgs, ...} :
 {
-  security.rngd.enable = false; // otherwise vm will not boot
-  ...
-
   fileSystems."/virtualboxshare" = {
     fsType = "vboxsf";
     device = "nameofthesharedfolder";
diff --git a/nixpkgs/nixos/doc/manual/installation/installing.xml b/nixpkgs/nixos/doc/manual/installation/installing.xml
index bedeb7ccfa8e..02f6bd6bed4e 100644
--- a/nixpkgs/nixos/doc/manual/installation/installing.xml
+++ b/nixpkgs/nixos/doc/manual/installation/installing.xml
@@ -374,7 +374,7 @@
         You may want to look at the options starting with
         <option><link linkend="opt-boot.loader.efi.canTouchEfiVariables">boot.loader.efi</link></option>
         and
-        <option><link linkend="opt-boot.loader.systemd-boot.enable">boot.loader.systemd</link></option>
+        <option><link linkend="opt-boot.loader.systemd-boot.enable">boot.loader.systemd-boot</link></option>
         as well.
        </para>
       </listitem>
diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml
index a6cff1a8faed..49446afdead4 100644
--- a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml
@@ -1019,6 +1019,14 @@ systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
    </listitem>
    <listitem>
     <para>
+      The syntax of the PostgreSQL configuration file is now checked at build
+      time. If your configuration includes a file inaccessible inside the build
+      sandbox, set <varname>services.postgresql.checkConfig</varname> to
+        <literal>false</literal>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
       The rkt module has been removed, it was archived by upstream.
     </para>
    </listitem>
diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2105.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2105.xml
index 6dd14d6051e4..b5290b374f9d 100644
--- a/nixpkgs/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2105.xml
@@ -24,19 +24,63 @@
     </para>
    </listitem>
    <listitem>
+    <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
+   </listitem>
+   <listitem>
     <para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para>
    </listitem>
    <listitem>
     <para>
      <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
-     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finnally</link>
+     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
      packaged, along with a rewrite to the Nix expressions, allowing users to
      override the features upstream supports selecting to compile or not to.
      Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
      now point to an externally wrapped by default derivations, that allow you to
      also add `extraPythonPackages` to the Python interpreter used by GNURadio.
      Missing environmental variables needed for operational GUI were also added
-     (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#7547</link>).
+     (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
+     <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
+     function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
+     <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
+     defined with <code>gnuradio.callPackage</code> and some packages that depend
+     on gnuradio are defined with this as well.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
+     to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
+     Compared to the previous release, Privoxy has gained support for HTTPS
+     inspection (still experimental), Brotli decompression, several new filters
+     and lots of bug fixes, including security ones. In addition, the package
+     is now built with compression and external filters support, which were
+     previously disabled.
+    </para>
+    <para>
+     Regarding the NixOS module, new options for HTTPS inspection have been added
+     and <option>services.privoxy.extraConfig</option> has been replaced by the new
+     <xref linkend="opt-services.privoxy.settings"/>
+     (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
+     for the motivation).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Python optimizations were disabled again. Builds with optimizations enabled
+     are not reproducible. Optimizations can now be enabled with an option.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.0 "Matrix". See
+     the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
+     further details.
     </para>
    </listitem>
   </itemizedlist>
@@ -74,6 +118,16 @@
        <xref linkend="opt-services.samba-wsdd.enable" /> Web Services Dynamic Discovery host daemon
      </para>
    </listitem>
+   <listitem>
+     <para>
+       <link xlink:href="https://www.discourse.org/">Discourse</link>, a
+       modern and open source discussion platform.
+     </para>
+     <para>
+       See the <link linkend="module-services-discourse">Discourse
+       section of the NixOS manual</link> for more information.
+     </para>
+   </listitem>
   </itemizedlist>
 
  </section>
@@ -91,6 +145,27 @@
   </para>
 
   <itemizedlist>
+   <listitem>
+    <para>
+     If you are using <option>services.udev.extraRules</option> to assign
+     custom names to network interfaces, this may stop working due to a change
+     in the initialisation of dhcpcd and systemd networkd. To avoid this, either
+     move them to <option>services.udev.initrdRules</option> or see the new
+     <link linkend="sec-custom-ifnames">Assigning custom names</link> section
+     of the NixOS manual for an example using networkd links.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <option>security.hideProcessInformation</option> module has been removed.
+     It was broken since the switch to cgroups-v2.
+    </para>
+   </listitem>
+    <listitem>
+      <para>
+        The <literal>systemConfig</literal> kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them.
+      </para>
+    </listitem>
     <listitem>
       <para>
         <literal>systemd-journal2gelf</literal> no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub issue</link>.
@@ -179,7 +254,7 @@
    </listitem>
    <listitem>
      <para>
-       xfsprogs was update from 4.19 to 5.10. It now enables reflink support by default on filesystem creation.
+       xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation.
        Support for reflinks was added with an experimental status to kernel 4.9 and deemed stable in kernel 4.16.
        If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than those, you need to format them
        with <literal>mkfs.xfs -m reflink=0</literal>.
@@ -494,6 +569,95 @@ self: super:
      <varname>services.flashpolicyd</varname> module.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The <literal>security.rngd</literal> module has been removed.
+      It was disabled by default in 20.09 as it was functionally redundant
+      with krngd in the linux kernel. It is not necessary for any device that the kernel recognises
+      as an hardware RNG, as it will automatically run the krngd task to periodically collect random
+      data from the device and mix it into the kernel's RNG.
+    </para>
+    <para>
+      The default SMTP port for GitLab has been changed to
+      <literal>25</literal> from its previous default of
+      <literal>465</literal>. If you depended on this default, you
+      should now set the <xref linkend="opt-services.gitlab.smtp.port" />
+      option.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The default version of ImageMagick has been updated from 6 to 7.
+     You can use <package>imagemagick6</package>,
+     <package>imagemagick6_light</package>, and
+     <package>imagemagick6Big</package> if you need the older version.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <xref linkend="opt-services.xserver.videoDrivers" /> no longer uses the deprecated <literal>cirrus</literal> and <literal>vesa</literal> device dependent X drivers by default. It also enables both <literal>amdgpu</literal> and <literal>nouveau</literal> drivers by default now.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>kindlegen</literal> package is gone, because it is no longer supported or hosted by Amazon. Sadly, its replacement, Kindle Previewer, has no Linux support. However, there are other ways to generate MOBI files. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/96439">the discussion</link> for more info.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+      The <package>apacheKafka</package> packages are now built with
+      version-matched JREs. Versions 2.6 and above, the ones that recommend it,
+      use jdk11, while versions below remain on jdk8. The NixOS service has
+      been adjusted to start the service using the same version as the package,
+      adjustable with the new
+      <link linkend="opt-services.apache-kafka.jre">services.apache-kafka.jre</link>
+      option. Furthermore, the default list of
+      <link linkend="opt-services.apache-kafka.jvmOptions">services.apache-kafka.jvmOptions</link>
+      have been removed. You should set your own according to the
+      <link xlink:href="https://kafka.apache.org/documentation/#java">upstream documentation</link>
+      for your Kafka version.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <package>kodi</package> package has been modified to allow concise addon management. Consider
+     the following configuration from previous releases of NixOS to install <package>kodi</package>,
+     including the <package>kodiPackages.inputstream-adaptive</package> and <package>kodiPackages.vfs-sftp</package>
+     addons:
+
+     <programlisting>
+environment.systemPackages = [
+  pkgs.kodi
+];
+
+nixpkgs.config.kodi = {
+  enableInputStreamAdaptive = true;
+  enableVFSSFTP = true;
+};
+     </programlisting>
+
+     All Kodi <literal>config</literal> flags have been removed, and as a result the above configuration
+     should now be written as:
+
+     <programlisting>
+environment.systemPackages = [
+  (pkgs.kodi.withPackages (p: with p; [
+    inputstream-adaptive
+    vfs-sftp
+  ]))
+];
+     </programlisting>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <option>environment.defaultPackages</option> now includes the nano package.
+     If <package>pkgs.nano</package> is not added to the list,
+     make sure another editor is installed and the <literal>EDITOR</literal>
+     environment variable is set to it.
+     Environment variables can be set using <option>environment.variables</option>.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 
@@ -528,14 +692,16 @@ self: super:
    </listitem>
    <listitem>
     <para>
-     The default-version of <literal>nextcloud</literal> is <package>nextcloud20</package>.
+     The default-version of <literal>nextcloud</literal> is <package>nextcloud21</package>.
      Please note that it's <emphasis>not</emphasis> possible to upgrade <literal>nextcloud</literal>
      across multiple major versions! This means that it's e.g. not possible to upgrade
-     from <package>nextcloud18</package> to <package>nextcloud20</package> in a single deploy.
+     from <package>nextcloud18</package> to <package>nextcloud20</package> in a single deploy and
+     most <literal>20.09</literal> users will have to upgrade to <package>nextcloud20</package>
+     first.
     </para>
     <para>
      The package can be manually upgraded by setting <xref linkend="opt-services.nextcloud.package" />
-     to <package>nextcloud20</package>.
+     to <package>nextcloud21</package>.
     </para>
    </listitem>
    <listitem>
@@ -587,8 +753,8 @@ self: super:
     </para>
 
     <para>
-     Aditionally to the much stricter runtime environmet the
-     <literal>/dev/urandom</literal> mount lines we previously had in the code (that would
+     Additionally to the much stricter runtime environment the
+     <literal>/dev/urandom</literal> mount lines we previously had in the code (that
      randomly failed during the stop-phase) have been removed as systemd will take care of those for us.
     </para>
 
@@ -676,7 +842,7 @@ self: super:
    <listitem>
     <para>
      Platforms, like <varname>stdenv.hostPlatform</varname>, no longer have a <varname>platform</varname> attribute.
-     It has been (mostly) flattoned away:
+     It has been (mostly) flattened away:
     </para>
     <itemizedlist>
      <listitem><para><varname>platform.gcc</varname> is now <varname>gcc</varname></para></listitem>
@@ -700,6 +866,64 @@ self: super:
      terminology has been deprecated and should be replaced with Far/Near in the configuration file.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     The nix-gc service now accepts randomizedDelaySec (default: 0) and persistent (default: true) parameters.
+     By default nix-gc will now run immediately if it would have been triggered at least
+     once during the time when the timer was inactive.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>rustPlatform.buildRustPackage</literal> function is split into several hooks:
+     <package>cargoSetupHook</package> to set up vendoring for Cargo-based projects,
+     <package>cargoBuildHook</package> to build a project using Cargo,
+     <package>cargoInstallHook</package> to install a project using Cargo, and
+     <package>cargoCheckHook</package> to run tests in Cargo-based projects. With this change,
+     mixed-language projects can use the relevant hooks within builders other than
+     <literal>buildRustPackage</literal>. However, these changes also required several API changes to
+     <literal>buildRustPackage</literal> itself:
+
+     <itemizedlist>
+      <listitem>
+       <para>
+        The <literal>target</literal> argument was removed. Instead, <literal>buildRustPackage</literal>
+        will always use the same target as the C/C++ compiler that is used.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        The <literal>cargoParallelTestThreads</literal> argument was removed. Parallel tests are
+        now disabled through <literal>dontUseCargoParallelTests</literal>.
+       </para>
+      </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>rustPlatform.maturinBuildHook</literal> hook was added. This hook can be used
+     with <literal>buildPythonPackage</literal> to build Python packages that are written in Rust
+     and use Maturin as their build tool.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Kubernetes has <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated docker</link> as container runtime.
+     As a consequence, the Kubernetes module now has support for configuration of custom remote container runtimes and enables containerd by default.
+     Note that containerd is more strict regarding container image OCI-compliance.
+     As an example, images with CMD or ENTRYPOINT defined as strings (not lists) will fail on containerd, while working fine on docker.
+     Please test your setup and container images with containerd prior to upgrading.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The GitLab module now has support for automatic backups. A
+     schedule can be set with the
+     <link linkend="opt-services.gitlab.backup.startAt">services.gitlab.backup.startAt</link>
+     option.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>