diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml')
-rw-r--r-- | nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml | 1197 |
1 files changed, 0 insertions, 1197 deletions
diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml deleted file mode 100644 index 83cd649f4ea0..000000000000 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1909.section.xml +++ /dev/null @@ -1,1197 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-19.09"> - <title>Release 19.09 (<quote>Loris</quote>, 2019/10/09)</title> - <section xml:id="sec-release-19.09-highlights"> - <title>Highlights</title> - <para> - In addition to numerous new and upgraded packages, this release - has the following highlights: - </para> - <itemizedlist> - <listitem> - <para> - End of support is planned for end of April 2020, handing over - to 20.03. - </para> - </listitem> - <listitem> - <para> - Nix has been updated to 2.3; see its - <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release - notes</link>. - </para> - </listitem> - <listitem> - <para> - Core version changes: - </para> - <para> - systemd: 239 -> 243 - </para> - <para> - gcc: 7 -> 8 - </para> - <para> - glibc: 2.27 (unchanged) - </para> - <para> - linux: 4.19 LTS (unchanged) - </para> - <para> - openssl: 1.0 -> 1.1 - </para> - </listitem> - <listitem> - <para> - Desktop version changes: - </para> - <para> - plasma5: 5.14 -> 5.16 - </para> - <para> - gnome3: 3.30 -> 3.32 - </para> - </listitem> - <listitem> - <para> - PHP now defaults to PHP 7.3, updated from 7.2. - </para> - </listitem> - <listitem> - <para> - PHP 7.1 is no longer supported due to upstream not supporting - this version for the entire lifecycle of the 19.09 release. - </para> - </listitem> - <listitem> - <para> - The binfmt module is now easier to use. Additional systems can - be added through - <literal>boot.binfmt.emulatedSystems</literal>. For instance, - <literal>boot.binfmt.emulatedSystems = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ];</literal> - will set up binfmt interpreters for each of those listed - systems. - </para> - </listitem> - <listitem> - <para> - The installer now uses a less privileged - <literal>nixos</literal> user whereas before we logged in as - root. To gain root privileges use <literal>sudo -i</literal> - without a password. - </para> - </listitem> - <listitem> - <para> - We've updated to Xfce 4.14, which brings a new module - <literal>services.xserver.desktopManager.xfce4-14</literal>. - If you'd like to upgrade, please switch from the - <literal>services.xserver.desktopManager.xfce</literal> module - as it will be deprecated in a future release. They're - incompatibilities with the current Xfce module; it doesn't - support <literal>thunarPlugins</literal> and it isn't - recommended to use - <literal>services.xserver.desktopManager.xfce</literal> and - <literal>services.xserver.desktopManager.xfce4-14</literal> - simultaneously or to downgrade from Xfce 4.14 after upgrading. - </para> - </listitem> - <listitem> - <para> - The GNOME 3 desktop manager module sports an interface to - enable/disable core services, applications, and optional GNOME - packages like games. - </para> - <itemizedlist> - <listitem> - <para> - <literal>services.gnome3.core-os-services.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.gnome3.core-shell.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.gnome3.core-utilities.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.gnome3.games.enable</literal> - </para> - </listitem> - </itemizedlist> - <para> - With these options we hope to give users finer grained control - over their systems. Prior to this change you'd either have to - manually disable options or use - <literal>environment.gnome3.excludePackages</literal> which - only excluded the optional applications. - <literal>environment.gnome3.excludePackages</literal> is now - unguarded, it can exclude any package installed with - <literal>environment.systemPackages</literal> in the GNOME 3 - module. - </para> - </listitem> - <listitem> - <para> - Orthogonal to the previous changes to the GNOME 3 desktop - manager module, we've updated all default services and - applications to match as close as possible to a default - reference GNOME 3 experience. - </para> - <para> - <emphasis role="strong">The following changes were enacted in - <literal>services.gnome3.core-utilities.enable</literal></emphasis> - </para> - <itemizedlist> - <listitem> - <para> - <literal>accerciser</literal> - </para> - </listitem> - <listitem> - <para> - <literal>dconf-editor</literal> - </para> - </listitem> - <listitem> - <para> - <literal>evolution</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-documents</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-nettool</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-power-manager</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-todo</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-tweaks</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gnome-usage</literal> - </para> - </listitem> - <listitem> - <para> - <literal>gucharmap</literal> - </para> - </listitem> - <listitem> - <para> - <literal>nautilus-sendto</literal> - </para> - </listitem> - <listitem> - <para> - <literal>vinagre</literal> - </para> - </listitem> - <listitem> - <para> - <literal>cheese</literal> - </para> - </listitem> - <listitem> - <para> - <literal>geary</literal> - </para> - </listitem> - </itemizedlist> - <para> - <emphasis role="strong">The following changes were enacted in - <literal>services.gnome3.core-shell.enable</literal></emphasis> - </para> - <itemizedlist> - <listitem> - <para> - <literal>gnome-color-manager</literal> - </para> - </listitem> - <listitem> - <para> - <literal>orca</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.avahi.enable</literal> - </para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-19.09-new-services"> - <title>New Services</title> - <para> - The following new services were added since the last release: - </para> - <itemizedlist> - <listitem> - <para> - <literal>./programs/dwm-status.nix</literal> - </para> - </listitem> - <listitem> - <para> - The new <literal>hardware.printers</literal> module allows to - declaratively configure CUPS printers via the - <literal>ensurePrinters</literal> and - <literal>ensureDefaultPrinter</literal> options. - <literal>ensurePrinters</literal> will never delete existing - printers, but will make sure that the given printers are - configured as declared. - </para> - </listitem> - <listitem> - <para> - There is a new - <link xlink:href="options.html#opt-services.system-config-printer.enable">services.system-config-printer.enable</link> - and - <link xlink:href="options.html#opt-programs.system-config-printer.enable">programs.system-config-printer.enable</link> - module for the program of the same name. If you previously had - <literal>system-config-printer</literal> enabled through some - other means you should migrate to using one of these modules. - </para> - <itemizedlist> - <listitem> - <para> - <literal>services.xserver.desktopManager.plasma5</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.xserver.desktopManager.gnome3</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.xserver.desktopManager.pantheon</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.xserver.desktopManager.mate</literal> - Note Mate uses - <literal>programs.system-config-printer</literal> as it - doesn't use it as a service, but its graphical interface - directly. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.blueman.enable">services.blueman.enable</link> - has been added. If you previously had blueman installed via - <literal>environment.systemPackages</literal> please migrate - to using the NixOS module, as this would result in an - insufficiently configured blueman. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-19.09-incompatibilities"> - <title>Backward Incompatibilities</title> - <para> - When upgrading from a previous release, please be aware of the - following incompatible changes: - </para> - <itemizedlist> - <listitem> - <para> - Buildbot no longer supports Python 2, as support was dropped - upstream in version 2.0.0. Configurations may need to be - modified to make them compatible with Python 3. - </para> - </listitem> - <listitem> - <para> - PostgreSQL now uses <literal>/run/postgresql</literal> as its - socket directory instead of <literal>/tmp</literal>. So if you - run an application like eg. Nextcloud, where you need to use - the Unix socket path as the database host name, you need to - change it accordingly. - </para> - </listitem> - <listitem> - <para> - PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle - and has been removed. - </para> - </listitem> - <listitem> - <para> - The options - <literal>services.prometheus.alertmanager.user</literal> and - <literal>services.prometheus.alertmanager.group</literal> have - been removed because the alertmanager service is now using - systemd's - <link xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html"> - DynamicUser mechanism</link> which obviates these options. - </para> - </listitem> - <listitem> - <para> - The NetworkManager systemd unit was renamed back from - network-manager.service to NetworkManager.service for better - compatibility with other applications expecting this name. The - same applies to ModemManager where modem-manager.service is - now called ModemManager.service again. - </para> - </listitem> - <listitem> - <para> - The <literal>services.nzbget.configFile</literal> and - <literal>services.nzbget.openFirewall</literal> options were - removed as they are managed internally by the nzbget. The - <literal>services.nzbget.dataDir</literal> option hadn't - actually been used by the module for some time and so was - removed as cleanup. - </para> - </listitem> - <listitem> - <para> - The <literal>services.mysql.pidDir</literal> option was - removed, as it was only used by the wordpress apache-httpd - service to wait for mysql to have started up. This can be - accomplished by either describing a dependency on - mysql.service (preferred) or waiting for the (hardcoded) - <literal>/run/mysqld/mysql.sock</literal> file to appear. - </para> - </listitem> - <listitem> - <para> - The <literal>services.emby.enable</literal> module has been - removed, see <literal>services.jellyfin.enable</literal> - instead for a free software fork of Emby. See the Jellyfin - documentation: - <link xlink:href="https://jellyfin.readthedocs.io/en/latest/administrator-docs/migrate-from-emby/"> - Migrating from Emby to Jellyfin </link> - </para> - </listitem> - <listitem> - <para> - IPv6 Privacy Extensions are now enabled by default for - undeclared interfaces. The previous behaviour was quite - misleading — even though the default value for - <literal>networking.interfaces.*.preferTempAddress</literal> - was <literal>true</literal>, undeclared interfaces would not - prefer temporary addresses. Now, interfaces not mentioned in - the config will prefer temporary addresses. EUI64 addresses - can still be set as preferred by explicitly setting the option - to <literal>false</literal> for the interface in question. - </para> - </listitem> - <listitem> - <para> - Since Bittorrent Sync was superseded by Resilio Sync in 2016, - the <literal>bittorrentSync</literal>, - <literal>bittorrentSync14</literal>, and - <literal>bittorrentSync16</literal> packages have been removed - in favor of <literal>resilio-sync</literal>. - </para> - <para> - The corresponding module, <literal>services.btsync</literal> - has been replaced by the <literal>services.resilio</literal> - module. - </para> - </listitem> - <listitem> - <para> - The httpd service no longer attempts to start the postgresql - service. If you have come to depend on this behaviour then you - can preserve the behavior with the following configuration: - <literal>systemd.services.httpd.after = [ "postgresql.service" ];</literal> - </para> - <para> - The option <literal>services.httpd.extraSubservices</literal> - has been marked as deprecated. You may still use this feature, - but it will be removed in a future release of NixOS. You are - encouraged to convert any httpd subservices you may have - written to a full NixOS module. - </para> - <para> - Most of the httpd subservices packaged with NixOS have been - replaced with full NixOS modules including LimeSurvey, - WordPress, and Zabbix. These modules can be enabled using the - <literal>services.limesurvey.enable</literal>, - <literal>services.mediawiki.enable</literal>, - <literal>services.wordpress.enable</literal>, and - <literal>services.zabbixWeb.enable</literal> options. - </para> - </listitem> - <listitem> - <para> - The option - <literal>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnlink</literal> - was renamed to - <literal>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnLink</literal> - (capital <literal>L</literal>). This follows - <link xlink:href="https://github.com/systemd/systemd/commit/9cb8c5593443d24c19e40bfd4fc06d672f8c554c"> - upstreams renaming </link> of the setting. - </para> - </listitem> - <listitem> - <para> - As of this release the NixOps feature - <literal>autoLuks</literal> is deprecated. It no longer works - with our systemd version without manual intervention. - </para> - <para> - Whenever the usage of the module is detected the evaluation - will fail with a message explaining why and how to deal with - the situation. - </para> - <para> - A new knob named - <literal>nixops.enableDeprecatedAutoLuks</literal> has been - introduced to disable the eval failure and to acknowledge the - notice was received and read. If you plan on using the feature - please note that it might break with subsequent updates. - </para> - <para> - Make sure you set the <literal>_netdev</literal> option for - each of the file systems referring to block devices provided - by the autoLuks module. Not doing this might render the system - in a state where it doesn't boot anymore. - </para> - <para> - If you are actively using the <literal>autoLuks</literal> - module please let us know in - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/62211">issue - #62211</link>. - </para> - </listitem> - <listitem> - <para> - The setopt declarations will be evaluated at the end of - <literal>/etc/zshrc</literal>, so any code in - <link xlink:href="options.html#opt-programs.zsh.interactiveShellInit">programs.zsh.interactiveShellInit</link>, - <link xlink:href="options.html#opt-programs.zsh.loginShellInit">programs.zsh.loginShellInit</link> - and - <link xlink:href="options.html#opt-programs.zsh.promptInit">programs.zsh.promptInit</link> - may break if it relies on those options being set. - </para> - </listitem> - <listitem> - <para> - The <literal>prometheus-nginx-exporter</literal> package now - uses the offical exporter provided by NGINX Inc. Its metrics - are differently structured and are incompatible to the old - ones. For information about the metrics, have a look at the - <link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official - repo</link>. - </para> - </listitem> - <listitem> - <para> - The <literal>shibboleth-sp</literal> package has been updated - to version 3. It is largely backward compatible, for further - information refer to the - <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes">release - notes</link> and - <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2">upgrade - guide</link>. - </para> - <para> - Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has - been dropped. - </para> - </listitem> - <listitem> - <para> - By default, prometheus exporters are now run with - <literal>DynamicUser</literal> enabled. Exporters that need a - real user, now run under a seperate user and group which - follow the pattern - <literal><exporter-name>-exporter</literal>, instead of - the previous default <literal>nobody</literal> and - <literal>nogroup</literal>. Only some exporters are affected - by the latter, namely the exporters - <literal>dovecot</literal>, <literal>node</literal>, - <literal>postfix</literal> and <literal>varnish</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>ibus-qt</literal> package is not installed by - default anymore when - <link xlink:href="options.html#opt-i18n.inputMethod.enabled">i18n.inputMethod.enabled</link> - is set to <literal>ibus</literal>. If IBus support in Qt 4.x - applications is required, add the <literal>ibus-qt</literal> - package to your - <link xlink:href="options.html#opt-environment.systemPackages">environment.systemPackages</link> - manually. - </para> - </listitem> - <listitem> - <para> - The CUPS Printing service now uses socket-based activation by - default, only starting when needed. The previous behavior can - be restored by setting - <literal>services.cups.startWhenNeeded</literal> to - <literal>false</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>services.systemhealth</literal> module has been - removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>services.mantisbt</literal> module has been - removed from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - Squid 3 has been removed and the <literal>squid</literal> - derivation now refers to Squid 4. - </para> - </listitem> - <listitem> - <para> - The <literal>services.pdns-recursor.extraConfig</literal> - option has been replaced by - <literal>services.pdns-recursor.settings</literal>. The new - option allows setting extra configuration while being better - type-checked and mergeable. - </para> - </listitem> - <listitem> - <para> - No service depends on <literal>keys.target</literal> anymore - which is a systemd target that indicates if all - <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps - keys</link> were successfully uploaded. Instead, - <literal><key-name>-key.service</literal> should be used - to define a dependency of a key in a service. The full issue - behind the <literal>keys.target</literal> dependency is - described at - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>. - </para> - <para> - The following services are affected by this: - </para> - <itemizedlist> - <listitem> - <para> - <link xlink:href="options.html#opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.nsd.enable"><literal>services.nsd</literal></link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.softether.enable"><literal>services.softether</literal></link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.strongswan.enable"><literal>services.strongswan</literal></link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link> - </para> - </listitem> - <listitem> - <para> - <link xlink:href="options.html#opt-services.httpd.enable"><literal>services.httpd</literal></link> - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>security.acme.directory</literal> option has been - replaced by a read-only - <literal>security.acme.certs.<cert>.directory</literal> - option for each certificate you define. This will be a - subdirectory of <literal>/var/lib/acme</literal>. You can use - this read-only option to figure out where the certificates are - stored for a specific certificate. For example, the - <literal>services.nginx.virtualhosts.<name>.enableACME</literal> - option will use this directory option to find the certs for - the virtual host. - </para> - <para> - <literal>security.acme.preDelay</literal> and - <literal>security.acme.activationDelay</literal> options have - been removed. To execute a service before certificates are - provisioned or renewed add a - <literal>RequiredBy=acme-${cert}.service</literal> to any - service. - </para> - <para> - Furthermore, the acme module will not automatically add a - dependency on <literal>lighttpd.service</literal> anymore. If - you are using certficates provided by letsencrypt for - lighttpd, then you should depend on the certificate service - <literal>acme-${cert}.service></literal> manually. - </para> - <para> - For nginx, the dependencies are still automatically managed - when - <literal>services.nginx.virtualhosts.<name>.enableACME</literal> - is enabled just like before. What changed is that nginx now - directly depends on the specific certificates that it needs, - instead of depending on the catch-all - <literal>acme-certificates.target</literal>. This target unit - was also removed from the codebase. This will mean nginx will - no longer depend on certificates it isn't explicitly managing - and fixes a bug with certificate renewal ordering racing with - nginx restarting which could lead to nginx getting in a broken - state as described at - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>. - </para> - </listitem> - <listitem> - <para> - The old deprecated <literal>emacs</literal> package sets have - been dropped. What used to be called - <literal>emacsPackagesNg</literal> is now simply called - <literal>emacsPackages</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>services.xserver.desktopManager.xterm</literal> is - now disabled by default if <literal>stateVersion</literal> is - 19.09 or higher. Previously the xterm desktopManager was - enabled when xserver was enabled, but it isn't useful for all - people so it didn't make sense to have any desktopManager - enabled default. - </para> - </listitem> - <listitem> - <para> - The WeeChat plugin - <literal>pkgs.weechatScripts.weechat-xmpp</literal> has been - removed as it doesn't receive any updates from upstream and - depends on outdated Python2-based modules. - </para> - </listitem> - <listitem> - <para> - Old unsupported versions (<literal>logstash5</literal>, - <literal>kibana5</literal>, <literal>filebeat5</literal>, - <literal>heartbeat5</literal>, <literal>metricbeat5</literal>, - <literal>packetbeat5</literal>) of the ELK-stack and Elastic - beats have been removed. - </para> - </listitem> - <listitem> - <para> - For NixOS 19.03, both Prometheus 1 and 2 were available to - allow for a seamless transition from version 1 to 2 with - existing setups. Because Prometheus 1 is no longer developed, - it was removed. Prometheus 2 is now configured with - <literal>services.prometheus</literal>. - </para> - </listitem> - <listitem> - <para> - Citrix Receiver (<literal>citrix_receiver</literal>) has been - dropped in favor of Citrix Workspace - (<literal>citrix_workspace</literal>). - </para> - </listitem> - <listitem> - <para> - The <literal>services.gitlab</literal> module has had its - literal secret options - (<literal>services.gitlab.smtp.password</literal>, - <literal>services.gitlab.databasePassword</literal>, - <literal>services.gitlab.initialRootPassword</literal>, - <literal>services.gitlab.secrets.secret</literal>, - <literal>services.gitlab.secrets.db</literal>, - <literal>services.gitlab.secrets.otp</literal> and - <literal>services.gitlab.secrets.jws</literal>) replaced by - file-based versions - (<literal>services.gitlab.smtp.passwordFile</literal>, - <literal>services.gitlab.databasePasswordFile</literal>, - <literal>services.gitlab.initialRootPasswordFile</literal>, - <literal>services.gitlab.secrets.secretFile</literal>, - <literal>services.gitlab.secrets.dbFile</literal>, - <literal>services.gitlab.secrets.otpFile</literal> and - <literal>services.gitlab.secrets.jwsFile</literal>). This was - done so that secrets aren't stored in the world-readable nix - store, but means that for each option you'll have to create a - file with the same exact string, add "File" to the - end of the option name, and change the definition to a string - pointing to the corresponding file; e.g. - <literal>services.gitlab.databasePassword = "supersecurepassword"</literal> - becomes - <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> - where the file <literal>secret_file</literal> contains the - string <literal>supersecurepassword</literal>. - </para> - <para> - The state path (<literal>services.gitlab.statePath</literal>) - now has the following restriction: no parent directory can be - owned by any other user than <literal>root</literal> or the - user specified in <literal>services.gitlab.user</literal>; - i.e. if <literal>services.gitlab.statePath</literal> is set to - <literal>/var/lib/gitlab/state</literal>, - <literal>gitlab</literal> and all parent directories must be - owned by either <literal>root</literal> or the user specified - in <literal>services.gitlab.user</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>networking.useDHCP</literal> option is - unsupported in combination with - <literal>networking.useNetworkd</literal> in anticipation of - defaulting to it. It has to be set to <literal>false</literal> - and enabled per interface with - <literal>networking.interfaces.<name>.useDHCP = true;</literal> - </para> - </listitem> - <listitem> - <para> - The Twitter client <literal>corebird</literal> has been - dropped as - <link xlink:href="https://www.patreon.com/posts/corebirds-future-18921328">it - is discontinued and does not work against the new Twitter - API</link>. Please use the fork <literal>cawbird</literal> - instead which has been adapted to the API changes and is still - maintained. - </para> - </listitem> - <listitem> - <para> - The <literal>nodejs-11_x</literal> package has been removed as - it's EOLed by upstream. - </para> - </listitem> - <listitem> - <para> - Because of the systemd upgrade, systemd-timesyncd will no - longer work if <literal>system.stateVersion</literal> is not - set correctly. When upgrading from NixOS 19.03, please make - sure that <literal>system.stateVersion</literal> is set to - <literal>"19.03"</literal>, or lower if the - installation dates back to an earlier version of NixOS. - </para> - </listitem> - <listitem> - <para> - Due to the short lifetime of non-LTS kernel releases package - attributes like <literal>linux_5_1</literal>, - <literal>linux_5_2</literal> and <literal>linux_5_3</literal> - have been removed to discourage dependence on specific non-LTS - kernel versions in stable NixOS releases. Going forward, - versioned attributes like <literal>linux_4_9</literal> will - exist for LTS versions only. Please use - <literal>linux_latest</literal> or - <literal>linux_testing</literal> if you depend on non-LTS - releases. Keep in mind that <literal>linux_latest</literal> - and <literal>linux_testing</literal> will change versions - under the hood during the lifetime of a stable release and - might include breaking changes. - </para> - </listitem> - <listitem> - <para> - Because of the systemd upgrade, some network interfaces might - change their name. For details see - <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html#History"> - upstream docs</link> or - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/71086"> - our ticket</link>. - </para> - </listitem> - </itemizedlist> - </section> - <section xml:id="sec-release-19.09-notable-changes"> - <title>Other Notable Changes</title> - <itemizedlist> - <listitem> - <para> - The <literal>documentation</literal> module gained an option - named <literal>documentation.nixos.includeAllModules</literal> - which makes the generated configuration.nix 5 manual page - include all options from all NixOS modules included in a given - <literal>configuration.nix</literal> configuration file. - Currently, it is set to <literal>false</literal> by default as - enabling it frequently prevents evaluation. But the plan is to - eventually have it set to <literal>true</literal> by default. - Please set it to <literal>true</literal> now in your - <literal>configuration.nix</literal> and fix all the bugs it - uncovers. - </para> - </listitem> - <listitem> - <para> - The <literal>vlc</literal> package gained support for - Chromecast streaming, enabled by default. TCP port 8010 must - be open for it to work, so something like - <literal>networking.firewall.allowedTCPPorts = [ 8010 ];</literal> - may be required in your configuration. Also consider enabling - <link xlink:href="https://nixos.wiki/wiki/Accelerated_Video_Playback"> - Accelerated Video Playback</link> for better transcoding - performance. - </para> - </listitem> - <listitem> - <para> - The following changes apply if the - <literal>stateVersion</literal> is changed to 19.09 or higher. - For <literal>stateVersion = "19.03"</literal> or - lower the old behavior is preserved. - </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - <literal>solr.package</literal> defaults to - <literal>pkgs.solr_8</literal>. - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>hunspellDicts.fr-any</literal> dictionary now - ships with <literal>fr_FR.{aff,dic}</literal> which is linked - to <literal>fr-toutesvariantes.{aff,dic}</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>mysql</literal> service now runs as - <literal>mysql</literal> user. Previously, systemd did execute - it as root, and mysql dropped privileges itself. This includes - <literal>ExecStartPre=</literal> and - <literal>ExecStartPost=</literal> phases. To accomplish that, - runtime and data directory setup was delegated to - RuntimeDirectory and tmpfiles. - </para> - </listitem> - <listitem> - <para> - With the upgrade to systemd version 242 the - <literal>systemd-timesyncd</literal> service is no longer - using <literal>DynamicUser=yes</literal>. In order for the - upgrade to work we rely on an activation script to move the - state from the old to the new directory. The older directory - (prior <literal>19.09</literal>) was - <literal>/var/lib/private/systemd/timesync</literal>. - </para> - <para> - As long as the <literal>system.config.stateVersion</literal> - is below <literal>19.09</literal> the state folder will - migrated to its proper location - (<literal>/var/lib/systemd/timesync</literal>), if required. - </para> - </listitem> - <listitem> - <para> - The package <literal>avahi</literal> is now built to look up - service definitions from - <literal>/etc/avahi/services</literal> instead of its output - directory in the nix store. Accordingly the module - <literal>avahi</literal> now supports custom service - definitions via - <literal>services.avahi.extraServiceFiles</literal>, which are - then placed in the aforementioned directory. See - avahi.service5 for more information on custom service - definitions. - </para> - </listitem> - <listitem> - <para> - Since version 0.1.19, <literal>cargo-vendor</literal> honors - package includes that are specified in the - <literal>Cargo.toml</literal> file of Rust crates. - <literal>rustPlatform.buildRustPackage</literal> uses - <literal>cargo-vendor</literal> to collect and build dependent - crates. Since this change in <literal>cargo-vendor</literal> - changes the set of vendored files for most Rust packages, the - hash that use used to verify the dependencies, - <literal>cargoSha256</literal>, also changes. - </para> - <para> - The <literal>cargoSha256</literal> hashes of all in-tree - derivations that use <literal>buildRustPackage</literal> have - been updated to reflect this change. However, third-party - derivations that use <literal>buildRustPackage</literal> may - have to be updated as well. - </para> - </listitem> - <listitem> - <para> - The <literal>consul</literal> package was upgraded past - version <literal>1.5</literal>, so its deprecated legacy UI is - no longer available. - </para> - </listitem> - <listitem> - <para> - The default resample-method for PulseAudio has been changed - from the upstream default <literal>speex-float-1</literal> to - <literal>speex-float-5</literal>. Be aware that low-powered - ARM-based and MIPS-based boards will struggle with this so - you'll need to set - <literal>hardware.pulseaudio.daemon.config.resample-method</literal> - back to <literal>speex-float-1</literal>. - </para> - </listitem> - <listitem> - <para> - The <literal>phabricator</literal> package and associated - <literal>httpd.extraSubservice</literal>, as well as the - <literal>phd</literal> service have been removed from nixpkgs - due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>mercurial</literal> - <literal>httpd.extraSubservice</literal> has been removed from - nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>trac</literal> - <literal>httpd.extraSubservice</literal> has been removed from - nixpkgs because it was unmaintained. - </para> - </listitem> - <listitem> - <para> - The <literal>foswiki</literal> package and associated - <literal>httpd.extraSubservice</literal> have been removed - from nixpkgs due to lack of maintainer. - </para> - </listitem> - <listitem> - <para> - The <literal>tomcat-connector</literal> - <literal>httpd.extraSubservice</literal> has been removed from - nixpkgs. - </para> - </listitem> - <listitem> - <para> - It's now possible to change configuration in - <link xlink:href="options.html#opt-services.nextcloud.enable">services.nextcloud</link> - after the initial deploy since all config parameters are - persisted in an additional config file generated by the - module. Previously core configuration like database parameters - were set using their imperative installer after creating - <literal>/var/lib/nextcloud</literal>. - </para> - </listitem> - <listitem> - <para> - There exists now <literal>lib.forEach</literal>, which is like - <literal>map</literal>, but with arguments flipped. When - mapping function body spans many lines (or has nested - <literal>map</literal>s), it is often hard to follow which - list is modified. - </para> - <para> - Previous solution to this problem was either to use - <literal>lib.flip map</literal> idiom or extract that - anonymous mapping function to a named one. Both can still be - used but <literal>lib.forEach</literal> is preferred over - <literal>lib.flip map</literal>. - </para> - <para> - The <literal>/etc/sysctl.d/nixos.conf</literal> file - containing all the options set via - <link xlink:href="options.html#opt-boot.kernel.sysctl">boot.kernel.sysctl</link> - was moved to <literal>/etc/sysctl.d/60-nixos.conf</literal>, - as sysctl.d5 recommends prefixing all filenames in - <literal>/etc/sysctl.d</literal> with a two-digit number and a - dash to simplify the ordering of the files. - </para> - </listitem> - <listitem> - <para> - We now install the sysctl snippets shipped with systemd. - </para> - <itemizedlist> - <listitem> - <para> - Loose reverse path filtering - </para> - </listitem> - <listitem> - <para> - Source route filtering - </para> - </listitem> - <listitem> - <para> - <literal>fq_codel</literal> as a packet scheduler (this - helps to fight bufferbloat) - </para> - </listitem> - </itemizedlist> - <para> - This also configures the kernel to pass core dumps to - <literal>systemd-coredump</literal>, and restricts the SysRq - key combinations to the sync command only. These sysctl - snippets can be found in - <literal>/etc/sysctl.d/50-*.conf</literal>, and overridden via - <link xlink:href="options.html#opt-boot.kernel.sysctl">boot.kernel.sysctl</link> - (which will place the parameters in - <literal>/etc/sysctl.d/60-nixos.conf</literal>). - </para> - </listitem> - <listitem> - <para> - Core dumps are now processed by - <literal>systemd-coredump</literal> by default. - <literal>systemd-coredump</literal> behaviour can still be - modified via <literal>systemd.coredump.extraConfig</literal>. - To stick to the old behaviour (having the kernel dump to a - file called <literal>core</literal> in the working directory), - without piping it through <literal>systemd-coredump</literal>, - set <literal>systemd.coredump.enable</literal> to - <literal>false</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>systemd.packages</literal> option now also supports - generators and shutdown scripts. Old - <literal>systemd.generator-packages</literal> option has been - removed. - </para> - </listitem> - <listitem> - <para> - The <literal>rmilter</literal> package was removed with - associated module and options due deprecation by upstream - developer. Use <literal>rspamd</literal> in proxy mode - instead. - </para> - </listitem> - <listitem> - <para> - systemd cgroup accounting via the - <link xlink:href="options.html#opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link> - option is now enabled by default. It now also enables the more - recent Block IO and IP accounting features. - </para> - </listitem> - <listitem> - <para> - We no longer enable custom font rendering settings with - <literal>fonts.fontconfig.penultimate.enable</literal> by - default. The defaults from fontconfig are sufficient. - </para> - </listitem> - <listitem> - <para> - The <literal>crashplan</literal> package and the - <literal>crashplan</literal> service have been removed from - nixpkgs due to crashplan shutting down the service, while the - <literal>crashplansb</literal> package and - <literal>crashplan-small-business</literal> service have been - removed from nixpkgs due to lack of maintainer. - </para> - <para> - The - <link xlink:href="options.html#opt-services.redis.enable">redis - module</link> was hardcoded to use the - <literal>redis</literal> user, <literal>/run/redis</literal> - as runtime directory and <literal>/var/lib/redis</literal> as - state directory. Note that the NixOS module for Redis now - disables kernel support for Transparent Huge Pages (THP), - because this features causes major performance problems for - Redis, e.g. (https://redis.io/topics/latency). - </para> - </listitem> - <listitem> - <para> - Using <literal>fonts.enableDefaultFonts</literal> adds a - default emoji font <literal>noto-fonts-emoji</literal>. - </para> - <itemizedlist> - <listitem> - <para> - <literal>services.xserver.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs.sway.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>programs.way-cooler.enable</literal> - </para> - </listitem> - <listitem> - <para> - <literal>services.xrdp.enable</literal> - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para> - The <literal>altcoins</literal> categorization of packages has - been removed. You now access these packages at the top level, - ie. <literal>nix-shell -p dogecoin</literal> instead of - <literal>nix-shell -p altcoins.dogecoin</literal>, etc. - </para> - </listitem> - <listitem> - <para> - Ceph has been upgraded to v14.2.1. See the - <link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release - notes</link> for details. The mgr dashboard as well as osds - backed by loop-devices is no longer explicitly supported by - the package and module. Note: There's been some issues with - python-cherrypy, which is used by the dashboard and prometheus - mgr modules (and possibly others), hence - 0000-dont-check-cherrypy-version.patch. - </para> - </listitem> - <listitem> - <para> - <literal>pkgs.weechat</literal> is now compiled against - <literal>pkgs.python3</literal>. Weechat also recommends - <link xlink:href="https://weechat.org/scripts/python3/">to use - Python3 in their docs.</link> - </para> - </listitem> - </itemizedlist> - </section> -</section> |