nixpkgs-suyu/nixos/doc/manual/from_md/release-notes/rl-1809.section.xml
David Arnold 1f6969dd5e
docs: nixos release notes (w/o 2105 - separate PR)
docs: nixos release notes (revise code blocks)

docs: nixos release notes (fix opt links outside of code blocks)

docs: nixos release notes (fix opt links inside of code blocks)

went fishing with:

```console
rg -A1 \
   --multiline \
   --multiline-dotall \
   '<programlisting>[^</programlisting>]+' \
| rg linkend
```

docs: nixos release notes (prettier)

docs: nixos release notes (fix zonefile codeblocks)

docs: nixos release notes (restore admonition from prettier destriction)

docs: nixos release notes (recreate xml files)

docs: nixos release notes (fix trnslation error md -> xml)

admonition with a title seem not to work

docs: nixos release notes (fix code block indentation)

docs: nixos release notes (diff after converting with https://github.com/NixOS/nixpkgs/pull/127270)

docs: nixos release notes (fix remaingin '???')

Those where not catched i a previous iteration since they didn't satisfy
the then presumed search regex `#opt-.*`

doc: nixos release notes make docbook/md conversion consistent
2021-06-22 09:52:13 -05:00

941 lines
31 KiB
XML

<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-18.09">
<title>Release 18.09 (<quote>Jellyfish</quote>, 2018/10/05)</title>
<section xml:id="sec-release-18.09-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release
has the following notable updates:
</para>
<itemizedlist>
<listitem>
<para>
End of support is planned for end of April 2019, handing over
to 19.03.
</para>
</listitem>
<listitem>
<para>
Platform support: x86_64-linux and x86_64-darwin as always.
Support for aarch64-linux is as with the previous releases,
not equivalent to the x86-64-linux release, but with efforts
to reach parity.
</para>
</listitem>
<listitem>
<para>
Nix has been updated to 2.1; see its
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release
notes</link>.
</para>
</listitem>
<listitem>
<para>
Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 →
2.27, gcc: 7 (unchanged), systemd: 237 → 239.
</para>
</listitem>
<listitem>
<para>
Desktop version changes: gnome: 3.26 → 3.28, (KDE)
plasma-desktop: 5.12 → 5.13.
</para>
</listitem>
</itemizedlist>
<para>
Notable changes and additions for 18.09 include:
</para>
<itemizedlist>
<listitem>
<para>
Support for wrapping binaries using
<literal>firejail</literal> has been added through
<literal>programs.firejail.wrappedBinaries</literal>.
</para>
<para>
For example
</para>
<programlisting language="bash">
{
programs.firejail = {
enable = true;
wrappedBinaries = {
firefox = &quot;${lib.getBin pkgs.firefox}/bin/firefox&quot;;
mpv = &quot;${lib.getBin pkgs.mpv}/bin/mpv&quot;;
};
};
}
</programlisting>
<para>
This will place <literal>firefox</literal> and
<literal>mpv</literal> binaries in the global path wrapped by
firejail.
</para>
</listitem>
<listitem>
<para>
User channels are now in the default
<literal>NIX_PATH</literal>, allowing users to use their
personal <literal>nix-channel</literal> defined channels in
<literal>nix-build</literal> and <literal>nix-shell</literal>
commands, as well as in imports like
<literal>import &lt;mychannel&gt;</literal>.
</para>
<para>
For example
</para>
<programlisting>
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable
$ nix-channel --update
$ nix-build '&lt;nixpkgsunstable&gt;' -A gitFull
$ nix run -f '&lt;nixpkgsunstable&gt;' gitFull
$ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</programlisting>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-18.09-new-services">
<title>New Services</title>
<para>
A curated selection of new services that were added since the last
release:
</para>
<itemizedlist>
<listitem>
<para>
The <literal>services.cassandra</literal> module has been
reworked and was rewritten from scratch. The service has
succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of
<link xlink:href="https://cassandra.apache.org/">Apache
Cassandra</link>.
</para>
</listitem>
<listitem>
<para>
There is a new <literal>services.foundationdb</literal> module
for deploying
<link xlink:href="https://www.foundationdb.org">FoundationDB</link>
clusters.
</para>
</listitem>
<listitem>
<para>
When enabled the <literal>iproute2</literal> will copy the
files expected by ip route (e.g.,
<literal>rt_tables</literal>) in
<literal>/etc/iproute2</literal>. This allows to write aliases
for routing tables for instance.
</para>
</listitem>
<listitem>
<para>
<literal>services.strongswan-swanctl</literal> is a modern
replacement for <literal>services.strongswan</literal>. You
can use either one of them to setup IPsec VPNs but not both at
the same time.
</para>
<para>
<literal>services.strongswan-swanctl</literal> uses the
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
command which uses the modern
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
<emphasis>Versatile IKE Configuration Interface</emphasis>.
The deprecated <literal>ipsec</literal> command used in
<literal>services.strongswan</literal> is using the legacy
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke
configuration interface</link>.
</para>
</listitem>
<listitem>
<para>
The new <literal>services.elasticsearch-curator</literal>
service periodically curates or manages, your Elasticsearch
indices and snapshots.
</para>
</listitem>
</itemizedlist>
<para>
Every new services:
</para>
<itemizedlist>
<listitem>
<para>
<literal>./config/xdg/autostart.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/icons.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/menus.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./config/xdg/mime.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/brightnessctl.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/onlykey.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./hardware/video/uvcvideo/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./misc/documentation.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/firejail.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/iftop.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/sedutil.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/singularity.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/xss-lock.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./programs/zsh/zsh-autosuggestions.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/admin/oxidized.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/duplicati.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/restic.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/backup/restic-rest-server.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/cluster/hadoop/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/databases/aerospike.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/databases/monetdb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/bamf.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/flatpak.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/desktops/zeitgeist.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/development/bloop.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/development/jupyter/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/hardware/lcd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/hardware/undervolt.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/clipmenu.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/gitweb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/serviio.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/safeeyes.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/sysprof.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/misc/weechat.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/monitoring/datadog-agent.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/monitoring/incron.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/dnsdist.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/freeradius.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/hans.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/morty.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/ndppd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/ocserv.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/owamp.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/quagga.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/shadowsocks.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/stubby.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/networking/zeronet.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/certmgr.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/cfssl.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/security/oauth2_proxy_nginx.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-apps/virtlyst.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-apps/youtrack.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/hitch/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/hydron.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/meguca.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./services/web-servers/nginx/gitweb.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./virtualisation/kvmgt.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>./virtualisation/qemu-guest-agent.nix</literal>
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-18.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the
following incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
Some licenses that were incorrectly not marked as unfree now
are. This is the case for:
</para>
<itemizedlist>
<listitem>
<para>
cc-by-nc-sa-20: Creative Commons Attribution Non
Commercial Share Alike 2.0
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-25: Creative Commons Attribution Non
Commercial Share Alike 2.5
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-30: Creative Commons Attribution Non
Commercial Share Alike 3.0
</para>
</listitem>
<listitem>
<para>
cc-by-nc-sa-40: Creative Commons Attribution Non
Commercial Share Alike 4.0
</para>
</listitem>
<listitem>
<para>
cc-by-nd-30: Creative Commons Attribution-No Derivative
Works v3.00
</para>
</listitem>
<listitem>
<para>
msrla: Microsoft Research License Agreement
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The deprecated <literal>services.cassandra</literal> module
has seen a complete rewrite. (See above.)
</para>
</listitem>
<listitem>
<para>
<literal>lib.strict</literal> is removed. Use
<literal>builtins.seq</literal> instead.
</para>
</listitem>
<listitem>
<para>
The <literal>clementine</literal> package points now to the
free derivation. <literal>clementineFree</literal> is removed
now and <literal>clementineUnfree</literal> points to the
package which is bundled with the unfree
<literal>libspotify</literal> package.
</para>
</listitem>
<listitem>
<para>
The <literal>netcat</literal> package is now taken directly
from OpenBSD's <literal>libressl</literal>, instead of relying
on Debian's fork. The new version should be very close to the
old version, but there are some minor differences.
Importantly, flags like -b, -q, -C, and -Z are no longer
accepted by the nc command.
</para>
</listitem>
<listitem>
<para>
The <literal>services.docker-registry.extraConfig</literal>
object doesn't contain environment variables anymore. Instead
it needs to provide an object structure that can be mapped
onto the YAML configuration defined in
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
<literal>docker/distribution</literal> docs</link>.
</para>
</listitem>
<listitem>
<para>
<literal>gnucash</literal> has changed from version 2.4 to
3.x. If you've been using <literal>gnucash</literal> (version
2.4) instead of <literal>gnucash26</literal> (version 2.6) you
must open your Gnucash data file(s) with
<literal>gnucash26</literal> and then save them to upgrade the
file format. Then you may use your data file(s) with Gnucash
3.x. See the upgrade
<link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>.
Gnucash 2.4 is still available under the attribute
<literal>gnucash24</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>services.munge</literal> now runs as user (and group)
<literal>munge</literal> instead of root. Make sure the key
file is accessible to the daemon.
</para>
</listitem>
<listitem>
<para>
<literal>dockerTools.buildImage</literal> now uses
<literal>null</literal> as default value for
<literal>tag</literal>, which indicates that the nix output
hash will be used as tag.
</para>
</listitem>
<listitem>
<para>
The ELK stack: <literal>elasticsearch</literal>,
<literal>logstash</literal> and <literal>kibana</literal> has
been upgraded from 2.* to 6.3.*. The 2.* versions have been
<link xlink:href="https://www.elastic.co/support/eol">unsupported
since last year</link> so they have been removed. You can
still use the 5.* versions under the names
<literal>elasticsearch5</literal>,
<literal>logstash5</literal> and <literal>kibana5</literal>.
</para>
<para>
The elastic beats: <literal>filebeat</literal>,
<literal>heartbeat</literal>, <literal>metricbeat</literal>
and <literal>packetbeat</literal> have had the same treatment:
they now target 6.3.* as well. The 5.* versions are available
under the names: <literal>filebeat5</literal>,
<literal>heartbeat5</literal>, <literal>metricbeat5</literal>
and <literal>packetbeat5</literal>
</para>
<para>
The ELK-6.3 stack now comes with
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack
by default</link>. Since X-Pack is licensed under the
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic
License</link> the ELK packages now have an unfree license. To
use them you need to specify
<literal>allowUnfree = true;</literal> in your nixpkgs
configuration.
</para>
<para>
Fortunately there is also a free variant of the ELK stack
without X-Pack. The packages are available under the names:
<literal>elasticsearch-oss</literal>,
<literal>logstash-oss</literal> and
<literal>kibana-oss</literal>.
</para>
</listitem>
<listitem>
<para>
Options
<literal>boot.initrd.luks.devices.name.yubikey.ramfsMountPoint</literal>
<literal>boot.initrd.luks.devices.name.yubikey.storage.mountPoint</literal>
were removed. <literal>luksroot.nix</literal> module never
supported more than one YubiKey at a time anyway, hence those
options never had any effect. You should be able to remove
them from your config without any issues.
</para>
</listitem>
<listitem>
<para>
<literal>stdenv.system</literal> and <literal>system</literal>
in nixpkgs now refer to the host platform instead of the build
platform. For native builds this is not change, let alone a
breaking one. For cross builds, it is a breaking change, and
<literal>stdenv.buildPlatform.system</literal> can be used
instead for the old behavior. They should be using that
anyways for clarity.
</para>
</listitem>
<listitem>
<para>
Groups <literal>kvm</literal> and <literal>render</literal>
are introduced now, as systemd requires them.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-18.09-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
<literal>dockerTools.pullImage</literal> relies on image
digest instead of image tag to download the image. The
<literal>sha256</literal> of a pulled image has to be updated.
</para>
</listitem>
<listitem>
<para>
<literal>lib.attrNamesToStr</literal> has been deprecated. Use
more specific concatenation
(<literal>lib.concat(Map)StringsSep</literal>) instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.addErrorContextToAttrs</literal> has been
deprecated. Use <literal>builtins.addErrorContext</literal>
directly.
</para>
</listitem>
<listitem>
<para>
<literal>lib.showVal</literal> has been deprecated. Use
<literal>lib.traceSeqN</literal> instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceXMLVal</literal> has been deprecated. Use
<literal>lib.traceValFn builtins.toXml</literal> instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceXMLValMarked</literal> has been deprecated.
Use
<literal>lib.traceValFn (x: str + builtins.toXML x)</literal>
instead.
</para>
</listitem>
<listitem>
<para>
The <literal>pkgs</literal> argument to NixOS modules can now
be set directly using <literal>nixpkgs.pkgs</literal>.
Previously, only the <literal>system</literal>,
<literal>config</literal> and <literal>overlays</literal>
arguments could be used to influence <literal>pkgs</literal>.
</para>
</listitem>
<listitem>
<para>
A NixOS system can now be constructed more easily based on a
preexisting invocation of Nixpkgs. For example:
</para>
<programlisting language="bash">
{
inherit (pkgs.nixos {
boot.loader.grub.enable = false;
fileSystems.&quot;/&quot;.device = &quot;/dev/xvda1&quot;;
}) toplevel kernel initialRamdisk manual;
}
</programlisting>
<para>
This benefits evaluation performance, lets you write Nixpkgs
packages that depend on NixOS images and is consistent with a
deployment architecture that would be centered around Nixpkgs
overlays.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceValIfNot</literal> has been deprecated. Use
<literal>if/then/else</literal> and
<literal>lib.traceValSeq</literal> instead.
</para>
</listitem>
<listitem>
<para>
<literal>lib.traceCallXml</literal> has been deprecated.
Please complain if you use the function regularly.
</para>
</listitem>
<listitem>
<para>
The attribute <literal>lib.nixpkgsVersion</literal> has been
deprecated in favor of <literal>lib.version</literal>. Please
refer to the discussion in
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link>
for further reference.
</para>
</listitem>
<listitem>
<para>
<literal>lib.recursiveUpdateUntil</literal> was not acting
according to its specification. It has been fixed to act
according to the docstring, and a test has been added.
</para>
</listitem>
<listitem>
<para>
The module for <literal>security.dhparams</literal> has two
new options now:
</para>
<variablelist>
<varlistentry>
<term>
<literal>security.dhparams.stateless</literal>
</term>
<listitem>
<para>
Puts the generated Diffie-Hellman parameters into the
Nix store instead of managing them in a stateful manner
in <literal>/var/lib/dhparams</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>security.dhparams.defaultBitSize</literal>
</term>
<listitem>
<para>
The default bit size to use for the generated
Diffie-Hellman parameters.
</para>
</listitem>
</varlistentry>
</variablelist>
<note>
<para>
The path to the actual generated parameter files should now
be queried using
<literal>config.security.dhparams.params.name.path</literal>
because it might be either in the Nix store or in a
directory configured by
<literal>security.dhparams.path</literal>.
</para>
</note>
<note>
<para>
<emphasis role="strong">For developers:</emphasis>
</para>
<para>
Module implementers should not set a specific bit size in
order to let users configure it by themselves if they want
to have a different bit size than the default (2048).
</para>
<para>
An example usage of this would be:
</para>
<programlisting language="bash">
{ config, ... }:
{
security.dhparams.params.myservice = {};
environment.etc.&quot;myservice.conf&quot;.text = ''
dhparams = ${config.security.dhparams.params.myservice.path}
'';
}
</programlisting>
</note>
</listitem>
<listitem>
<para>
<literal>networking.networkmanager.useDnsmasq</literal> has
been deprecated. Use
<literal>networking.networkmanager.dns</literal> instead.
</para>
</listitem>
<listitem>
<para>
The Kubernetes package has been bumped to major version 1.11.
Please consult the
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release
notes</link> for details on new features and api changes.
</para>
</listitem>
<listitem>
<para>
The option
<literal>services.kubernetes.apiserver.admissionControl</literal>
was renamed to
<literal>services.kubernetes.apiserver.enableAdmissionPlugins</literal>.
</para>
</listitem>
<listitem>
<para>
Recommended way to access the Kubernetes Dashboard is via
HTTPS (TLS) Therefore; public service port for the dashboard
has changed to 443 (container port 8443) and scheme to https.
</para>
</listitem>
<listitem>
<para>
The option
<literal>services.kubernetes.apiserver.address</literal> was
renamed to
<literal>services.kubernetes.apiserver.bindAddress</literal>.
Note that the default value has changed from 127.0.0.1 to
0.0.0.0.
</para>
</listitem>
<listitem>
<para>
The option
<literal>services.kubernetes.apiserver.publicAddress</literal>
was not used and thus has been removed.
</para>
</listitem>
<listitem>
<para>
The option
<literal>services.kubernetes.addons.dashboard.enableRBAC</literal>
was renamed to
<literal>services.kubernetes.addons.dashboard.rbac.enable</literal>.
</para>
</listitem>
<listitem>
<para>
The Kubernetes Dashboard now has only minimal RBAC permissions
by default. If dashboard cluster-admin rights are desired, set
<literal>services.kubernetes.addons.dashboard.rbac.clusterAdmin</literal>
to true. On existing clusters, in order for the revocation of
privileges to take effect, the current ClusterRoleBinding for
kubernetes-dashboard must be manually removed:
<literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal>
</para>
</listitem>
<listitem>
<para>
The <literal>programs.screen</literal> module provides allows
to configure <literal>/etc/screenrc</literal>, however the
module behaved fairly counterintuitive as the config exists,
but the package wasn't available. Since 18.09
<literal>pkgs.screen</literal> will be added to
<literal>environment.systemPackages</literal>.
</para>
</listitem>
<listitem>
<para>
The module <literal>services.networking.hostapd</literal> now
uses WPA2 by default.
</para>
</listitem>
<listitem>
<para>
<literal>s6Dns</literal>, <literal>s6Networking</literal>,
<literal>s6LinuxUtils</literal> and
<literal>s6PortableUtils</literal> renamed to
<literal>s6-dns</literal>, <literal>s6-networking</literal>,
<literal>s6-linux-utils</literal> and
<literal>s6-portable-utils</literal> respectively.
</para>
</listitem>
<listitem>
<para>
The module option <literal>nix.useSandbox</literal> is now
defaulted to <literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The config activation script of
<literal>nixos-rebuild</literal> now
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link>
all user units for each authenticated user.
</para>
</listitem>
<listitem>
<para>
The default display manager is now LightDM. To use SLiM set
<literal>services.xserver.displayManager.slim.enable</literal>
to <literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
NixOS option descriptions are now automatically broken up into
individual paragraphs if the text contains two consecutive
newlines, so it's no longer necessary to use
<literal>&lt;/para&gt;&lt;para&gt;</literal> to start a new
paragraph.
</para>
</listitem>
<listitem>
<para>
Top-level <literal>buildPlatform</literal>,
<literal>hostPlatform</literal>, and
<literal>targetPlatform</literal> in Nixpkgs are deprecated.
Please use their equivalents in <literal>stdenv</literal>
instead: <literal>stdenv.buildPlatform</literal>,
<literal>stdenv.hostPlatform</literal>, and
<literal>stdenv.targetPlatform</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>