696 lines
22 KiB
XML
696 lines
22 KiB
XML
|
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.03">
|
|||
|
<title>Release 16.03 (<quote>Emu</quote>, 2016/03/31)</title>
|
|||
|
<para>
|
|||
|
In addition to numerous new and upgraded packages, this release has
|
|||
|
the following highlights:
|
|||
|
</para>
|
|||
|
<itemizedlist>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Systemd 229, bringing
|
|||
|
<link xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
|
|||
|
improvements</link> over 217.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Linux 4.4 (was 3.18).
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
GCC 5.3 (was 4.9). Note that GCC 5
|
|||
|
<link xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
|
|||
|
the C++ ABI in an incompatible way</link>; this may cause
|
|||
|
problems if you try to link objects compiled with different
|
|||
|
versions of GCC.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Glibc 2.23 (was 2.21).
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Binutils 2.26 (was 2.23.1). See #909
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Improved support for ensuring
|
|||
|
<link xlink:href="https://reproducible-builds.org/">bitwise
|
|||
|
reproducible builds</link>. For example,
|
|||
|
<literal>stdenv</literal> now sets the environment variable
|
|||
|
<literal>SOURCE_DATE_EPOCH</literal> to a deterministic value,
|
|||
|
and Nix has
|
|||
|
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
|
|||
|
an option</link> to repeat a build a number of times to test
|
|||
|
determinism. An ongoing project, the goal of exact
|
|||
|
reproducibility is to allow binaries to be verified
|
|||
|
independently (e.g., a user might only trust binaries that
|
|||
|
appear in three independent binary caches).
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Perl 5.22.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
</itemizedlist>
|
|||
|
<para>
|
|||
|
The following new services were added since the last release:
|
|||
|
</para>
|
|||
|
<itemizedlist>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/monitoring/longview.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>hardware/video/webcam/facetimehd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>i18n/input-method/default.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>i18n/input-method/fcitx.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>i18n/input-method/ibus.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>i18n/input-method/nabi.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>i18n/input-method/uim.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>programs/fish.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>security/acme.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>security/audit.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>security/oath.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/hardware/irqbalance.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/mail/dspam.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/mail/opendkim.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/mail/postsrsd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/mail/rspamd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/mail/rmilter.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/autofs.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/bepasty.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/calibre-server.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/cfdyndns.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/gammu-smsd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/mathics.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/matrix-synapse.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/misc/octoprint.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/monitoring/hdaps.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/monitoring/heapster.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/monitoring/longview.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/network-filesystems/netatalk.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/network-filesystems/xtreemfs.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/autossh.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/dnschain.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/gale.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/miniupnpd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/namecoind.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/ostinato.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/pdnsd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/shairport-sync.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/networking/supplicant.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/search/kibana.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/security/haka.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/security/physlock.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/web-apps/pump.io.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/x11/hardware/libinput.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services/x11/window-managers/windowlab.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>system/boot/initrd-network.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>system/boot/initrd-ssh.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>system/boot/loader/loader.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>system/boot/networkd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>system/boot/resolved.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>virtualisation/lxd.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>virtualisation/rkt.nix</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
</itemizedlist>
|
|||
|
<para>
|
|||
|
When upgrading from a previous release, please be aware of the
|
|||
|
following incompatible changes:
|
|||
|
</para>
|
|||
|
<itemizedlist>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
We no longer produce graphical ISO images and VirtualBox images
|
|||
|
for <literal>i686-linux</literal>. A minimal ISO image is still
|
|||
|
provided.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Firefox and similar browsers are now <emphasis>wrapped by
|
|||
|
default</emphasis>. The package and attribute names are plain
|
|||
|
<literal>firefox</literal> or <literal>midori</literal>, etc.
|
|||
|
Backward-compatibility attributes were set up, but note that
|
|||
|
<literal>nix-env -u</literal> will <emphasis>not</emphasis>
|
|||
|
update your current <literal>firefox-with-plugins</literal>; you
|
|||
|
have to uninstall it and install <literal>firefox</literal>
|
|||
|
instead.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>wmiiSnap</literal> has been replaced with
|
|||
|
<literal>wmii_hg</literal>, but
|
|||
|
<literal>services.xserver.windowManager.wmii.enable</literal>
|
|||
|
has been updated respectively so this only affects you if you
|
|||
|
have explicitly installed <literal>wmiiSnap</literal>.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>jobs</literal> NixOS option has been removed. It served
|
|||
|
as compatibility layer between Upstart jobs and SystemD
|
|||
|
services. All services have been rewritten to use
|
|||
|
<literal>systemd.services</literal>
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>wmiimenu</literal> is removed, as it has been removed
|
|||
|
by the developers upstream. Use <literal>wimenu</literal> from
|
|||
|
the <literal>wmii-hg</literal> package.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Gitit is no longer automatically added to the module list in
|
|||
|
NixOS and as such there will not be any manual entries for it.
|
|||
|
You will need to add an import statement to your NixOS
|
|||
|
configuration in order to use it, e.g.
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
{
|
|||
|
imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
will include the Gitit service configuration options.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>nginx</literal> does not accept flags for enabling and
|
|||
|
disabling modules anymore. Instead it accepts
|
|||
|
<literal>modules</literal> argument, which is a list of modules
|
|||
|
to be built in. All modules now reside in
|
|||
|
<literal>nginxModules</literal> set. Example configuration:
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
nginx.override {
|
|||
|
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>s3sync</literal> is removed, as it hasn't been
|
|||
|
developed by upstream for 4 years and only runs with ruby 1.8.
|
|||
|
For an actively-developer alternative look at
|
|||
|
<literal>tarsnap</literal> and others.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>ruby_1_8</literal> has been removed as it's not
|
|||
|
supported from upstream anymore and probably contains security
|
|||
|
issues.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>tidy-html5</literal> package is removed. Upstream only
|
|||
|
provided <literal>(lib)tidy5</literal> during development, and
|
|||
|
now they went back to <literal>(lib)tidy</literal> to work as a
|
|||
|
drop-in replacement of the original package that has been
|
|||
|
unmaintained for years. You can (still) use the
|
|||
|
<literal>html-tidy</literal> package, which got updated to a
|
|||
|
stable release from this new upstream.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>extraDeviceOptions</literal> argument is removed from
|
|||
|
<literal>bumblebee</literal> package. Instead there are now two
|
|||
|
separate arguments: <literal>extraNvidiaDeviceOptions</literal>
|
|||
|
and <literal>extraNouveauDeviceOptions</literal> for setting
|
|||
|
extra X11 options for nvidia and nouveau drivers, respectively.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
The <literal>Ctrl+Alt+Backspace</literal> key combination no
|
|||
|
longer kills the X server by default. There's a new option
|
|||
|
<literal>services.xserver.enableCtrlAltBackspace</literal>
|
|||
|
allowing to enable the combination again.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>emacsPackagesNg</literal> now contains all packages
|
|||
|
from the ELPA, MELPA, and MELPA Stable repositories.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Data directory for Postfix MTA server is moved from
|
|||
|
<literal>/var/postfix</literal> to
|
|||
|
<literal>/var/lib/postfix</literal>. Old configurations are
|
|||
|
migrated automatically. <literal>service.postfix</literal>
|
|||
|
module has also received many improvements, such as correct
|
|||
|
directories' access rights, new <literal>aliasFiles</literal>
|
|||
|
and <literal>mapFiles</literal> options and more.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Filesystem options should now be configured as a list of
|
|||
|
strings, not a comma-separated string. The old style will
|
|||
|
continue to work, but print a warning, until the 16.09 release.
|
|||
|
An example of the new style:
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
{
|
|||
|
fileSystems."/example" = {
|
|||
|
device = "/dev/sdc";
|
|||
|
fsType = "btrfs";
|
|||
|
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
|
|||
|
};
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
CUPS, installed by <literal>services.printing</literal> module,
|
|||
|
now has its data directory in <literal>/var/lib/cups</literal>.
|
|||
|
Old configurations from <literal>/etc/cups</literal> are moved
|
|||
|
there automatically, but there might be problems. Also
|
|||
|
configuration options
|
|||
|
<literal>services.printing.cupsdConf</literal> and
|
|||
|
<literal>services.printing.cupsdFilesConf</literal> were removed
|
|||
|
because they had been allowing one to override configuration
|
|||
|
variables required for CUPS to work at all on NixOS. For most
|
|||
|
use cases, <literal>services.printing.extraConf</literal> and
|
|||
|
new option <literal>services.printing.extraFilesConf</literal>
|
|||
|
should be enough; if you encounter a situation when they are
|
|||
|
not, please file a bug.
|
|||
|
</para>
|
|||
|
<para>
|
|||
|
There are also Gutenprint improvements; in particular, a new
|
|||
|
option <literal>services.printing.gutenprint</literal> is added
|
|||
|
to enable automatic updating of Gutenprint PPMs; it's greatly
|
|||
|
recommended to enable it instead of adding
|
|||
|
<literal>gutenprint</literal> to the <literal>drivers</literal>
|
|||
|
list.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services.xserver.vaapiDrivers</literal> has been
|
|||
|
removed. Use
|
|||
|
<literal>hardware.opengl.extraPackages{,32}</literal> instead.
|
|||
|
You can also specify VDPAU drivers there.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>programs.ibus</literal> moved to
|
|||
|
<literal>i18n.inputMethod.ibus</literal>. The option
|
|||
|
<literal>programs.ibus.plugins</literal> changed to
|
|||
|
<literal>i18n.inputMethod.ibus.engines</literal> and the option
|
|||
|
to enable ibus changed from
|
|||
|
<literal>programs.ibus.enable</literal> to
|
|||
|
<literal>i18n.inputMethod.enabled</literal>.
|
|||
|
<literal>i18n.inputMethod.enabled</literal> should be set to the
|
|||
|
used input method name, <literal>"ibus"</literal> for
|
|||
|
ibus. An example of the new style:
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
{
|
|||
|
i18n.inputMethod.enabled = "ibus";
|
|||
|
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
That is equivalent to the old version:
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
{
|
|||
|
programs.ibus.enable = true;
|
|||
|
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>services.udev.extraRules</literal> option now writes
|
|||
|
rules to <literal>99-local.rules</literal> instead of
|
|||
|
<literal>10-local.rules</literal>. This makes all the user rules
|
|||
|
apply after others, so their results wouldn't be overriden by
|
|||
|
anything else.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Large parts of the <literal>services.gitlab</literal> module has
|
|||
|
been been rewritten. There are new configuration options
|
|||
|
available. The <literal>stateDir</literal> option was renamned
|
|||
|
to <literal>statePath</literal> and the
|
|||
|
<literal>satellitesDir</literal> option was removed. Please
|
|||
|
review the currently available options.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
The option
|
|||
|
<literal>services.nsd.zones.<name>.data</literal> no
|
|||
|
longer interpret the dollar sign ($) as a shell variable, as
|
|||
|
such it should not be escaped anymore. Thus the following zone
|
|||
|
data:
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
$ORIGIN example.com.
|
|||
|
$TTL 1800
|
|||
|
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
Should modified to look like the actual file expected by nsd:
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
$ORIGIN example.com.
|
|||
|
$TTL 1800
|
|||
|
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
|
|||
|
</programlisting>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>service.syncthing.dataDir</literal> options now has to
|
|||
|
point to exact folder where syncthing is writing to. Example
|
|||
|
configuration should look something like:
|
|||
|
</para>
|
|||
|
<programlisting language="bash">
|
|||
|
{
|
|||
|
services.syncthing = {
|
|||
|
enable = true;
|
|||
|
dataDir = "/home/somebody/.syncthing";
|
|||
|
user = "somebody";
|
|||
|
};
|
|||
|
}
|
|||
|
</programlisting>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>networking.firewall.allowPing</literal> is now enabled
|
|||
|
by default. Users are encouraged to configure an appropriate
|
|||
|
rate limit for their machines using the Kernel interface at
|
|||
|
<literal>/proc/sys/net/ipv4/icmp_ratelimit</literal> and
|
|||
|
<literal>/proc/sys/net/ipv6/icmp/ratelimit</literal> or using
|
|||
|
the firewall itself, i.e. by setting the NixOS option
|
|||
|
<literal>networking.firewall.pingLimit</literal>.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Systems with some broadcom cards used to result into a generated
|
|||
|
config that is no longer accepted. If you get errors like
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
you should either re-run
|
|||
|
<literal>nixos-generate-config</literal> or manually replace
|
|||
|
<literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
|
|||
|
by <literal>config.boot.kernelPackages.broadcom_sta</literal> in
|
|||
|
your <literal>/etc/nixos/hardware-configuration.nix</literal>.
|
|||
|
More discussion is on
|
|||
|
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
|
|||
|
the github issue</link>.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
The <literal>services.xserver.startGnuPGAgent</literal> option
|
|||
|
has been removed. GnuPG 2.1.x changed the way the gpg-agent
|
|||
|
works, and that new approach no longer requires (or even
|
|||
|
supports) the "start everything as a child of the
|
|||
|
agent" scheme we've implemented in NixOS for older
|
|||
|
versions. To configure the gpg-agent for your X session, add the
|
|||
|
following code to <literal>~/.bashrc</literal> or some file
|
|||
|
that’s sourced when your shell is started:
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
GPG_TTY=$(tty)
|
|||
|
export GPG_TTY
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
If you want to use gpg-agent for SSH, too, add the following to
|
|||
|
your session initialization (e.g.
|
|||
|
<literal>displayManager.sessionCommands</literal>)
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
gpg-connect-agent /bye
|
|||
|
unset SSH_AGENT_PID
|
|||
|
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
and make sure that
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
enable-ssh-support
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
is included in your <literal>~/.gnupg/gpg-agent.conf</literal>.
|
|||
|
You will need to use <literal>ssh-add</literal> to re-add your
|
|||
|
ssh keys. If gpg’s automatic transformation of the private keys
|
|||
|
to the new format fails, you will need to re-import your private
|
|||
|
keyring as well:
|
|||
|
</para>
|
|||
|
<programlisting>
|
|||
|
gpg --import ~/.gnupg/secring.gpg
|
|||
|
</programlisting>
|
|||
|
<para>
|
|||
|
The <literal>gpg-agent(1)</literal> man page has more details
|
|||
|
about this subject, i.e. in the "EXAMPLES" section.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
</itemizedlist>
|
|||
|
<para>
|
|||
|
Other notable improvements:
|
|||
|
</para>
|
|||
|
<itemizedlist>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
<literal>ejabberd</literal> module is brought back and now works
|
|||
|
on NixOS.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
<listitem>
|
|||
|
<para>
|
|||
|
Input method support was improved. New NixOS modules (fcitx,
|
|||
|
nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and
|
|||
|
table-other) and ibus engines (hangul and m17n) have been added.
|
|||
|
</para>
|
|||
|
</listitem>
|
|||
|
</itemizedlist>
|
|||
|
</section>
|