diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/from_md')
7 files changed, 671 insertions, 34 deletions
diff --git a/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml index 0eeffae628e1..554705e2e424 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/option-declarations.section.xml @@ -215,21 +215,22 @@ lib.mkOption { manager backend (sddm, gdm ...). </para> <para> - There are two approach to this module structure: + There are two approaches we could take with this module + structure: </para> <itemizedlist> <listitem> <para> - Managing the display managers independently by adding an - enable option to every display manager module backend. - (NixOS) + Configuring the display managers independently by adding + an enable option to every display manager module + backend. (NixOS) </para> </listitem> <listitem> <para> - Managing the display managers in the central module by - adding an option to select which display manager backend - to use. + Configuring the display managers in the central module + by adding an option to select which display manager + backend to use. </para> </listitem> </itemizedlist> @@ -238,16 +239,16 @@ lib.mkOption { </para> <para> Making backends independent can quickly become hard to - manage. For display managers, there can be only one enabled - at a time, but the type system can not enforce this - restriction as there is no relation between each backend + manage. For display managers, there can only be one enabled + at a time, but the type system cannot enforce this + restriction as there is no relation between each backend’s <literal>enable</literal> option. As a result, this - restriction has to be done explicitely by adding assertions + restriction has to be done explicitly by adding assertions in each display manager backend module. </para> <para> - On the other hand, managing the display managers backends in - the central module will require to change the central module + On the other hand, managing the display manager backends in + the central module will require changing the central module option every time a new backend is added or removed. </para> <para> @@ -268,7 +269,7 @@ lib.mkOption { <para> As a result, <literal>displayManager.enable</literal> option values can be added without changing the main service module - file and the type system automatically enforce that there + file and the type system automatically enforces that there can only be a single display manager enabled. </para> <anchor xml:id="ex-option-declaration-eot-service" /> diff --git a/nixpkgs/nixos/doc/manual/from_md/development/option-types.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/option-types.section.xml index 76ffb6f837c3..444729292702 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/option-types.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/option-types.section.xml @@ -30,10 +30,10 @@ </term> <listitem> <para> - A filesystem path, defined as anything that when coerced to - a string starts with a slash. Even if derivations can be - considered as path, the more specific - <literal>types.package</literal> should be preferred. + A filesystem path is anything that starts with a slash when + coerced to a string. Even if derivations can be considered + as paths, the more specific <literal>types.package</literal> + should be preferred. </para> </listitem> </varlistentry> @@ -43,7 +43,9 @@ </term> <listitem> <para> - A derivation or a store path. + A top-level store path. This can be an attribute set + pointing to a store path, like a derivation or a flake + input. </para> </listitem> </varlistentry> @@ -94,6 +96,39 @@ </varlistentry> <varlistentry> <term> + <literal>types.raw</literal> + </term> + <listitem> + <para> + A type which doesn’t do any checking, merging or nested + evaluation. It accepts a single arbitrary value that is not + recursed into, making it useful for values coming from + outside the module system, such as package sets or arbitrary + data. Options of this type are still evaluated according to + priorities and conditionals, so <literal>mkForce</literal>, + <literal>mkIf</literal> and co. still work on the option + value itself, but not for any value nested within it. This + type should only be used when checking, merging and nested + evaluation are not desirable. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <literal>types.optionType</literal> + </term> + <listitem> + <para> + The type of an option’s type. Its merging operation ensures + that nested options have the correct file location + annotated, and that if possible, multiple option definitions + are correctly merged together. The main use case is as the + type of the <literal>_module.freeformType</literal> option. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <literal>types.attrs</literal> </term> <listitem> diff --git a/nixpkgs/nixos/doc/manual/from_md/development/settings-options.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/settings-options.section.xml index c9430b77579c..746011a2d075 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/settings-options.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/settings-options.section.xml @@ -137,6 +137,97 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <literal>pkgs.formats.elixirConf { elixir ? pkgs.elixir }</literal> + </term> + <listitem> + <para> + A function taking an attribute set with values + </para> + <variablelist> + <varlistentry> + <term> + <literal>elixir</literal> + </term> + <listitem> + <para> + The Elixir package which will be used to format the + generated output + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + It returns a set with Elixir-Config-specific attributes + <literal>type</literal>, <literal>lib</literal>, and + <literal>generate</literal> as specified + <link linkend="pkgs-formats-result">below</link>. + </para> + <para> + The <literal>lib</literal> attribute contains functions to + be used in settings, for generating special Elixir values: + </para> + <variablelist> + <varlistentry> + <term> + <literal>mkRaw elixirCode</literal> + </term> + <listitem> + <para> + Outputs the given string as raw Elixir code + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <literal>mkGetEnv { envVariable, fallback ? null }</literal> + </term> + <listitem> + <para> + Makes the configuration fetch an environment variable + at runtime + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <literal>mkAtom atom</literal> + </term> + <listitem> + <para> + Outputs the given string as an Elixir atom, instead of + the default Elixir binary string. Note: lowercase + atoms still needs to be prefixed with + <literal>:</literal> + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <literal>mkTuple array</literal> + </term> + <listitem> + <para> + Outputs the given array as an Elixir tuple, instead of + the default Elixir list + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <literal>mkMap attrset</literal> + </term> + <listitem> + <para> + Outputs the given attribute set as an Elixir map, + instead of the default Elixir keyword list + </para> + </listitem> + </varlistentry> + </variablelist> + </listitem> + </varlistentry> </variablelist> <para xml:id="pkgs-formats-result"> These functions all return an attribute set with these values: @@ -154,6 +245,19 @@ </varlistentry> <varlistentry> <term> + <literal>lib</literal> + </term> + <listitem> + <para> + Utility functions for convenience, or special interactions + with the format. This attribute is optional. It may contain + inside a <literal>types</literal> attribute containing types + specific to this format. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <literal>generate</literal> <emphasis><literal>filename jsonValue</literal></emphasis> </term> diff --git a/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml b/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml index a6a654042f6f..4c980e1213a8 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/unit-handling.section.xml @@ -38,8 +38,9 @@ <emphasis role="strong">reload</emphasis> the unit. The NixOS module system allows setting these triggers with the option <link linkend="opt-systemd.services">systemd.services.<name>.reloadTriggers</link>. - If the unit files differ in any way, the following actions are - performed: + There are some additional keys in the <literal>[Unit]</literal> + section that are ignored as well. If the unit files differ in + any way, the following actions are performed: </para> <itemizedlist> <listitem> @@ -71,6 +72,11 @@ <literal>[Service]</literal> section is set to <literal>true</literal> (exposed via <link linkend="opt-systemd.services">systemd.services.<name>.reloadIfChanged</link>). + A little exception is done for units that were deactivated + in the meantime, for example because they require a unit + that got stopped before. These are + <emphasis role="strong">start</emphasis>ed instead of + reloaded. </para> </listitem> <listitem> @@ -88,9 +94,10 @@ </listitem> <listitem> <para> - The rest of the behavior is decided whether the unit has + Further behavior depends on the unit having <literal>X-StopIfChanged</literal> in the - <literal>[Service]</literal> section set (exposed via + <literal>[Service]</literal> section set to + <literal>true</literal> (exposed via <link linkend="opt-systemd.services">systemd.services.<name>.stopIfChanged</link>). This is set to <literal>true</literal> by default and must be explicitly turned off if not wanted. If the flag is @@ -100,17 +107,22 @@ is <emphasis role="strong">restart</emphasis>ed. The goal of the flag is to make sure that the new unit never runs in the old environment which is still in place before the - activation script is run. + activation script is run. This behavior is different when + the service is socket-activated, as outlined in the + following steps. </para> </listitem> <listitem> <para> The last thing that is taken into account is whether the - unit is a service and socket-activated. Due to a bug, this - is currently only done when - <literal>X-StopIfChanged</literal> is set. If the unit is - socket-activated, the socket is stopped and started, and the - service is stopped and to be started by socket activation. + unit is a service and socket-activated. If + <literal>X-StopIfChanged</literal> is + <emphasis role="strong">not</emphasis> set, the service is + <emphasis role="strong">restart</emphasis>ed with the + others. If it is set, both the service and the socket are + <emphasis role="strong">stop</emphasis>ped and the socket is + <emphasis role="strong">start</emphasis>ed, leaving socket + activation to start the service when it’s needed. </para> </listitem> </itemizedlist> diff --git a/nixpkgs/nixos/doc/manual/from_md/development/writing-modules.chapter.xml b/nixpkgs/nixos/doc/manual/from_md/development/writing-modules.chapter.xml index e33c24f4f12c..367731eda090 100644 --- a/nixpkgs/nixos/doc/manual/from_md/development/writing-modules.chapter.xml +++ b/nixpkgs/nixos/doc/manual/from_md/development/writing-modules.chapter.xml @@ -122,6 +122,25 @@ services) and <literal>systemd.timers</literal> (the list of commands to be executed periodically by <literal>systemd</literal>). </para> + <para> + Care must be taken when writing systemd services using + <literal>Exec*</literal> directives. By default systemd performs + substitution on <literal>%<char></literal> specifiers in these + directives, expands environment variables from + <literal>$FOO</literal> and <literal>${FOO}</literal>, splits + arguments on whitespace, and splits commands on + <literal>;</literal>. All of these must be escaped to avoid + unexpected substitution or splitting when interpolating into an + <literal>Exec*</literal> directive, e.g. when using an + <literal>extraArgs</literal> option to pass additional arguments to + the service. The functions + <literal>utils.escapeSystemdExecArg</literal> and + <literal>utils.escapeSystemdExecArgs</literal> are provided for + this, see <link linkend="exec-escaping-example">Example: Escaping in + Exec directives</link> for an example. When using these functions + system environment substitution should <emphasis>not</emphasis> be + disabled explicitly. + </para> <anchor xml:id="locate-example" /> <para> <emphasis role="strong">Example: NixOS Module for the @@ -184,6 +203,36 @@ in { }; } </programlisting> + <anchor xml:id="exec-escaping-example" /> + <para> + <emphasis role="strong">Example: Escaping in Exec + directives</emphasis> + </para> + <programlisting language="bash"> +{ config, lib, pkgs, utils, ... }: + +with lib; + +let + cfg = config.services.echo; + echoAll = pkgs.writeScript "echo-all" '' + #! ${pkgs.runtimeShell} + for s in "$@"; do + printf '%s\n' "$s" + done + ''; + args = [ "a%Nything" "lang=\${LANG}" ";" "/bin/sh -c date" ]; +in { + systemd.services.echo = + { description = "Echo to the journal"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + serviceConfig.ExecStart = '' + ${echoAll} ${utils.escapeSystemdExecArgs args} + ''; + }; +} +</programlisting> <xi:include href="option-declarations.section.xml" /> <xi:include href="option-types.section.xml" /> <xi:include href="option-def.section.xml" /> diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 59da373f38e1..b61a0268dee2 100644 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -26,8 +26,36 @@ </listitem> <listitem> <para> - <literal>iptables</literal> now uses - <literal>nf_tables</literal> backend. + <literal>iptables</literal> is now using + <literal>nf_tables</literal> under the hood, by using + <literal>iptables-nft</literal>, similar to + <link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link> + and + <link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>. + This means, <literal>ip[6]tables</literal>, + <literal>arptables</literal> and <literal>ebtables</literal> + commands will actually show rules from some specific tables in + the <literal>nf_tables</literal> kernel subsystem. In case + you’re migrating from an older release without rebooting, + there might be cases where you end up with iptable rules + configured both in the legacy <literal>iptables</literal> + kernel backend, as well as in the <literal>nf_tables</literal> + backend. This can lead to confusing firewall behaviour. An + <literal>iptables-save</literal> after switching will complain + about <quote>iptables-legacy tables present</quote>. It’s + probably best to reboot after the upgrade, or manually + removing all legacy iptables rules (via the + <literal>iptables-legacy</literal> package). + </para> + </listitem> + <listitem> + <para> + systemd got an <literal>nftables</literal> backend, and + configures (networkd) rules in their own + <literal>io.systemd.*</literal> tables. Check + <literal>nft list ruleset</literal> to see these rules, not + <literal>iptables-save</literal> (which only shows + <literal>iptables</literal>-created rules. </para> </listitem> <listitem> @@ -1429,6 +1457,17 @@ Superuser created successfully. knob. </para> </listitem> + <listitem> + <para> + <literal>/usr</literal> will always be included in the initial + ramdisk. See the + <literal>fileSystems.<name>.neededForBoot</literal> + option. If any files exist under <literal>/usr</literal> + (which is not typical for NixOS), they will be included in the + initial ramdisk, increasing its size to a possibly problematic + extent. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-notable-changes"> diff --git a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 4acdcd7d60f9..d3a944533ab7 100644 --- a/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixpkgs/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -50,6 +50,18 @@ granular distinction between reloads and restarts. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://kops.sigs.k8s.io"><literal>kops</literal></link> + defaults to 1.22.4, which will enable + <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">Instance + Metadata Service Version 2</link> and require tokens on new + clusters with Kubernetes 1.22. This will increase security by + default, but may break some types of workloads. See the + <link xlink:href="https://kops.sigs.k8s.io/releases/1.22-notes/">release + notes</link> for details. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-new-services"> @@ -98,7 +110,7 @@ <link xlink:href="https://frrouting.org/">FRRouting</link>, a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as - <link linkend="opt-services.ffr.babel.enable">services.frr</link> + <link linkend="opt-services.frr.babel.enable">services.frr</link> </para> </listitem> <listitem> @@ -110,6 +122,13 @@ </listitem> <listitem> <para> + <link xlink:href="https://snowflake.torproject.org/">snowflake-proxy</link>, + a system to defeat internet censorship. Available as + <link xlink:href="options.html#opt-services.snowflake-proxy.enable">services.snowflake-proxy</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://ergo.chat">ergochat</link>, a modern IRC with IRCv3 features. Available as <link xlink:href="options.html#opt-services.ergochat.enable">services.ergochat</link>. @@ -124,6 +143,13 @@ </listitem> <listitem> <para> + <link xlink:href="https://github.com/postgres/pgadmin4">pgadmin4</link>, + an admin interface for the PostgreSQL database. Available at + <link xlink:href="options.html#opt-services.pgadmin.enable">services.pgadmin</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>, an easy to use tool to change the mapping of your input device buttons. Available at @@ -147,6 +173,15 @@ </listitem> <listitem> <para> + <link xlink:href="https://www.scorchworks.com/K40whisperer/k40whisperer.html">K40-Whisperer</link>, + a program to control cheap Chinese laser cutters. Available as + <link xlink:href="options.html#opt-programs.k4-whisperer.enable">programs.k40-whisperer.enable</link>. + Users must add themselves to the <literal>k40</literal> group + to be able to access the device. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/mgumz/mtr-exporter">mtr-exporter</link>, a Prometheus exporter for mtr metrics. Available as <link xlink:href="options.html#opt-services.mtr-exporter.enable">services.mtr-exporter</link>. @@ -154,6 +189,14 @@ </listitem> <listitem> <para> + <link xlink:href="https://github.com/prometheus-pve/prometheus-pve-exporter">prometheus-pve-exporter</link>, + a tool that exposes information from the Proxmox VE API for + use by Prometheus. Available as + <link xlink:href="options.html#opt-services.prometheus.exporters.pve">services.prometheus.exporters.pve</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://tetrd.app">tetrd</link>, share your internet connection from your device to your PC and vice versa through a USB cable. Available at @@ -196,7 +239,7 @@ <para> <link xlink:href="https://moosefs.com">moosefs</link>, fault tolerant petabyte distributed file system. Available as - <link linkend="opt-services.moosefs">moosefs</link>. + <link linkend="opt-services.moosefs.client.enable">moosefs</link>. </para> </listitem> <listitem> @@ -208,6 +251,17 @@ </listitem> <listitem> <para> + <link xlink:href="https://github.com/rfjakob/systembus-notify">systembus-notify</link>, + allow system level notifications to reach the users. Available + as + <link xlink:href="opt-services.systembus-notify.enable">services.systembus-notify</link>. + Please keep in mind that this service should only be enabled + on machines with fully trusted users, as any local user is + able to DoS user sessions by spamming notifications. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>, an online collaborative spreadsheet. Available as <link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>. @@ -215,6 +269,13 @@ </listitem> <listitem> <para> + <link xlink:href="https://nbd.sourceforge.io/">nbd</link>, a + Network Block Device server. Available as + <link xlink:href="options.html#opt-services.nbd.server.enable">services.nbd</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://timetagger.app">timetagger</link>, an open source time-tracker with an intuitive user experience and powerful reporting. @@ -331,6 +392,20 @@ </listitem> <listitem> <para> + <literal>services.k3s.enable</literal> no longer implies + <literal>systemd.enableUnifiedCgroupHierarchy = false</literal>, + and will default to the <quote>systemd</quote> cgroup driver + when using <literal>services.k3s.docker = true</literal>. This + change may require a reboot to take effect, and k3s may not be + able to run if the boot cgroup hierarchy does not match its + configuration. The previous behavior may be retained by + explicitly setting + <literal>systemd.enableUnifiedCgroupHierarchy = false</literal> + in your configuration. + </para> + </listitem> + <listitem> + <para> The DHCP server (<literal>services.dhcpd4</literal>, <literal>services.dhcpd6</literal>) has been hardened. The service is now using the systemd’s @@ -355,6 +430,116 @@ </listitem> <listitem> <para> + The <literal>matrix-synapse</literal> service + (<literal>services.matrix-synapse</literal>) has been + converted to use the <literal>settings</literal> option + defined in RFC42. This means that options that are part of + your <literal>homeserver.yaml</literal> configuration, and + that were specified at the top-level of the module + (<literal>services.matrix-synapse</literal>) now need to be + moved into + <literal>services.matrix-synapse.settings</literal>. And while + not all options you may use are defined in there, they are + still supported, because you can set arbitrary values in this + freeform type. + </para> + <para> + An example to make the required migration clearer: + </para> + <para> + Before: + </para> + <programlisting language="bash"> +{ + services.matrix-synapse = { + enable = true; + + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut"; + macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l"; + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = ""; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + + }; +} +</programlisting> + <para> + After: + </para> + <programlisting language="bash"> +{ + services.matrix-synapse = { + enable = true; + + # this attribute set holds all values that go into your homeserver.yaml configuration + # See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for + # possible values. + settings = { + server_name = "example.com"; + public_baseurl = "https://example.com:8448"; + + enable_registration = false; + # pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead + + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem"; + + listeners = [ { + port = 8448; + bind_address = [ + "::" + "0.0.0.0" + ]; + type = "http"; + tls = true; + resources = [ { + names = [ "client" ]; + compress = true; + } { + names = [ "federation" ]; + compress = false; + } ]; + } ]; + }; + + extraConfigFiles = [ + /run/keys/matrix-synapse/secrets.yaml + ]; + }; +} +</programlisting> + <para> + The secrets in your original config should be migrated into a + YAML file that is included via + <literal>extraConfigFiles</literal>. + </para> + <para> + Additionally a few option defaults have been synced up with + upstream default values, for example the + <literal>max_upload_size</literal> grew from + <literal>10M</literal> to <literal>50M</literal>. + </para> + </listitem> + <listitem> + <para> The MoinMoin wiki engine (<literal>services.moinmoin</literal>) has been removed, because Python 2 is being retired from nixpkgs. @@ -539,6 +724,21 @@ </listitem> <listitem> <para> + The F-PROT antivirus (<literal>fprot</literal> package) and + its service module were removed because it reached + <link xlink:href="https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam">end-of-life</link>. + </para> + </listitem> + <listitem> + <para> + <literal>bird1</literal> and its modules + <literal>services.bird</literal> as well as + <literal>services.bird6</literal> have been removed. Upgrade + to <literal>services.bird2</literal>. + </para> + </listitem> + <listitem> + <para> The options <literal>networking.interfaces.<name>.ipv4.routes</literal> and @@ -594,6 +794,18 @@ </listitem> <listitem> <para> + The <literal>dendrite</literal> package has been upgraded from + 0.5.1 to + <link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.5">0.6.5</link>. + Instances configured with split sqlite databases, which has + been the default in NixOS, require merging of the federation + sender and signing key databases. See upstream + <link xlink:href="https://github.com/matrix-org/dendrite/releases/tag/v0.6.0">release + notes</link> on version 0.6.0 for details on database changes. + </para> + </listitem> + <listitem> + <para> The existing <literal>pkgs.opentelemetry-collector</literal> has been moved to <literal>pkgs.opentelemetry-collector-contrib</literal> to @@ -608,6 +820,13 @@ </listitem> <listitem> <para> + <literal>pkgs.pgadmin</literal> now refers to + <literal>pkgs.pgadmin4</literal>. If you still need pgadmin3, + use <literal>pkgs.pgadmin3</literal>. + </para> + </listitem> + <listitem> + <para> <literal>pkgs.noto-fonts-cjk</literal> is now deprecated in favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and <literal>pkgs.noto-fonts-cjk-serif</literal> because they each @@ -620,6 +839,58 @@ </listitem> <listitem> <para> + <literal>pkgs.epgstation</literal> has been upgraded from v1 + to v2, resulting in incompatible changes in the database + scheme and configuration format. + </para> + </listitem> + <listitem> + <para> + Some top-level settings under + <link linkend="opt-services.epgstation.enable">services.epgstation</link> + is now deprecated because it was redudant due to the same + options being present in + <link linkend="opt-services.epgstation.settings">services.epgstation.settings</link>. + </para> + </listitem> + <listitem> + <para> + The option <literal>services.epgstation.basicAuth</literal> + was removed because basic authentication support was dropped + by upstream. + </para> + </listitem> + <listitem> + <para> + The option + <link linkend="opt-services.epgstation.database.passwordFile">services.epgstation.database.passwordFile</link> + no longer has a default value. Make sure to set this option + explicitly before upgrading. Change the database password if + necessary. + </para> + </listitem> + <listitem> + <para> + The + <link linkend="opt-services.epgstation.settings">services.epgstation.settings</link> + option now expects options for <literal>config.yml</literal> + in EPGStation v2. + </para> + </listitem> + <listitem> + <para> + Existing data for the + <link linkend="opt-services.epgstation.enable">services.epgstation</link> + module would have to be backed up prior to the upgrade. To + back up exising data to + <literal>/tmp/epgstation.bak</literal>, run + <literal>sudo -u epgstation epgstation run backup /tmp/epgstation.bak</literal>. + To import that data after to the upgrade, run + <literal>sudo -u epgstation epgstation run v1migrate /tmp/epgstation.bak</literal> + </para> + </listitem> + <listitem> + <para> <literal>switch-to-configuration</literal> (the script that is run when running <literal>nixos-rebuild switch</literal> for example) has been reworked @@ -716,6 +987,83 @@ <link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>). </para> </listitem> + <listitem> + <para> + <literal>services.pipewire.enable</literal> will default to + enabling the WirePlumber session manager instead of + pipewire-media-session. pipewire-media-session is deprecated + by upstream and not recommended, but can still be manually + enabled by setting + <literal>services.pipewire.media-session.enable</literal> to + <literal>true</literal> and + <literal>services.pipewire.wireplumber.enable</literal> to + <literal>false</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.makeDesktopItem</literal> has been refactored to + provide a more idiomatic API. Specifically: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + All valid options as of FDO Desktop Entry specification + version 1.4 can now be passed in as explicit arguments + </para> + </listitem> + <listitem> + <para> + <literal>exec</literal> can now be null, for entries that + are not of type Application + </para> + </listitem> + <listitem> + <para> + <literal>mimeType</literal> argument is renamed to + <literal>mimeTypes</literal> for consistency + </para> + </listitem> + <listitem> + <para> + <literal>mimeTypes</literal>, + <literal>categories</literal>, + <literal>implements</literal>, + <literal>keywords</literal>, <literal>onlyShowIn</literal> + and <literal>notShowIn</literal> take lists of strings + instead of one string with semicolon separators + </para> + </listitem> + <listitem> + <para> + <literal>extraDesktopEntries</literal> renamed to + <literal>extraConfig</literal> for consistency + </para> + </listitem> + <listitem> + <para> + Actions should now be provided as an attrset + <literal>actions</literal>, the <literal>Actions</literal> + line will be autogenerated. + </para> + </listitem> + <listitem> + <para> + <literal>extraEntries</literal> is removed. + </para> + </listitem> + <listitem> + <para> + Additional validation is added both at eval time and at + build time. + </para> + </listitem> + </itemizedlist> + <para> + See the <literal>vscode</literal> package for a more detailed + example. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-notable-changes"> @@ -826,6 +1174,12 @@ </listitem> <listitem> <para> + <literal>programs.zsh.autosuggestions.strategy</literal> now + takes a list of strings instead of a string. + </para> + </listitem> + <listitem> + <para> The <literal>services.unifi.openPorts</literal> option default value of <literal>true</literal> is now deprecated and will be changed to <literal>false</literal> in 22.11. Configurations @@ -919,6 +1273,16 @@ </listitem> <listitem> <para> + The <literal>element-desktop</literal> package now has an + <literal>useKeytar</literal> option (defaults to + <literal>true</literal>), which allows disabling + <literal>keytar</literal> and in turn + <literal>libsecret</literal> usage (which binds to native + credential managers / keychain libraries). + </para> + </listitem> + <listitem> + <para> The option <literal>services.thelounge.plugins</literal> has been added to allow installing plugins for The Lounge. Plugins can be found in @@ -934,6 +1298,14 @@ </listitem> <listitem> <para> + It is now possible to specify wordlists to include as handy to + access environment variables using the + <literal>config.environment.wordlist</literal> configuration + options. + </para> + </listitem> + <listitem> + <para> The <literal>services.mbpfan</literal> module was converted to a <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC @@ -972,6 +1344,13 @@ </listitem> <listitem> <para> + <literal>services.logrotate.enable</literal> now defaults to + true if any rotate path has been defined, and some paths have + been added by default. + </para> + </listitem> + <listitem> + <para> The <literal>zrepl</literal> package has been updated from 0.4.0 to 0.5: </para> @@ -1008,8 +1387,18 @@ </listitem> <listitem> <para> + The <literal>pomerium-cli</literal> command has been moved out + of the <literal>pomerium</literal> package into the + <literal>pomerium-cli</literal> package, following upstream’s + repository split. If you are using the + <literal>pomerium-cli</literal> command, you should now + install the <literal>pomerium-cli</literal> package. + </para> + </listitem> + <listitem> + <para> The option - <link linkend="opt-services.networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link> + <link linkend="opt-networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link> was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. See @@ -1026,6 +1415,14 @@ <literal>tmux</literal>. </para> </listitem> + <listitem> + <para> + The polkit service, available at + <literal>security.polkit.enable</literal>, is now disabled by + default. It will automatically be enabled through services and + desktop environments as needed. + </para> + </listitem> </itemizedlist> </section> </section> |