1f6969dd5e
docs: nixos release notes (revise code blocks) docs: nixos release notes (fix opt links outside of code blocks) docs: nixos release notes (fix opt links inside of code blocks) went fishing with: ```console rg -A1 \ --multiline \ --multiline-dotall \ '<programlisting>[^</programlisting>]+' \ | rg linkend ``` docs: nixos release notes (prettier) docs: nixos release notes (fix zonefile codeblocks) docs: nixos release notes (restore admonition from prettier destriction) docs: nixos release notes (recreate xml files) docs: nixos release notes (fix trnslation error md -> xml) admonition with a title seem not to work docs: nixos release notes (fix code block indentation) docs: nixos release notes (diff after converting with https://github.com/NixOS/nixpkgs/pull/127270) docs: nixos release notes (fix remaingin '???') Those where not catched i a previous iteration since they didn't satisfy the then presumed search regex `#opt-.*` doc: nixos release notes make docbook/md conversion consistent
941 lines
31 KiB
XML
941 lines
31 KiB
XML
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-18.09">
|
|
<title>Release 18.09 (<quote>Jellyfish</quote>, 2018/10/05)</title>
|
|
<section xml:id="sec-release-18.09-highlights">
|
|
<title>Highlights</title>
|
|
<para>
|
|
In addition to numerous new and upgraded packages, this release
|
|
has the following notable updates:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
End of support is planned for end of April 2019, handing over
|
|
to 19.03.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Platform support: x86_64-linux and x86_64-darwin as always.
|
|
Support for aarch64-linux is as with the previous releases,
|
|
not equivalent to the x86-64-linux release, but with efforts
|
|
to reach parity.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Nix has been updated to 2.1; see its
|
|
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release
|
|
notes</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 →
|
|
2.27, gcc: 7 (unchanged), systemd: 237 → 239.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Desktop version changes: gnome: 3.26 → 3.28, (KDE)
|
|
plasma-desktop: 5.12 → 5.13.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
Notable changes and additions for 18.09 include:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Support for wrapping binaries using
|
|
<literal>firejail</literal> has been added through
|
|
<literal>programs.firejail.wrappedBinaries</literal>.
|
|
</para>
|
|
<para>
|
|
For example
|
|
</para>
|
|
<programlisting language="bash">
|
|
{
|
|
programs.firejail = {
|
|
enable = true;
|
|
wrappedBinaries = {
|
|
firefox = "${lib.getBin pkgs.firefox}/bin/firefox";
|
|
mpv = "${lib.getBin pkgs.mpv}/bin/mpv";
|
|
};
|
|
};
|
|
}
|
|
</programlisting>
|
|
<para>
|
|
This will place <literal>firefox</literal> and
|
|
<literal>mpv</literal> binaries in the global path wrapped by
|
|
firejail.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
User channels are now in the default
|
|
<literal>NIX_PATH</literal>, allowing users to use their
|
|
personal <literal>nix-channel</literal> defined channels in
|
|
<literal>nix-build</literal> and <literal>nix-shell</literal>
|
|
commands, as well as in imports like
|
|
<literal>import <mychannel></literal>.
|
|
</para>
|
|
<para>
|
|
For example
|
|
</para>
|
|
<programlisting>
|
|
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable
|
|
$ nix-channel --update
|
|
$ nix-build '<nixpkgsunstable>' -A gitFull
|
|
$ nix run -f '<nixpkgsunstable>' gitFull
|
|
$ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|
</programlisting>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-18.09-new-services">
|
|
<title>New Services</title>
|
|
<para>
|
|
A curated selection of new services that were added since the last
|
|
release:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.cassandra</literal> module has been
|
|
reworked and was rewritten from scratch. The service has
|
|
succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of
|
|
<link xlink:href="https://cassandra.apache.org/">Apache
|
|
Cassandra</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
There is a new <literal>services.foundationdb</literal> module
|
|
for deploying
|
|
<link xlink:href="https://www.foundationdb.org">FoundationDB</link>
|
|
clusters.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
When enabled the <literal>iproute2</literal> will copy the
|
|
files expected by ip route (e.g.,
|
|
<literal>rt_tables</literal>) in
|
|
<literal>/etc/iproute2</literal>. This allows to write aliases
|
|
for routing tables for instance.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.strongswan-swanctl</literal> is a modern
|
|
replacement for <literal>services.strongswan</literal>. You
|
|
can use either one of them to setup IPsec VPNs but not both at
|
|
the same time.
|
|
</para>
|
|
<para>
|
|
<literal>services.strongswan-swanctl</literal> uses the
|
|
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
|
|
command which uses the modern
|
|
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
|
|
<emphasis>Versatile IKE Configuration Interface</emphasis>.
|
|
The deprecated <literal>ipsec</literal> command used in
|
|
<literal>services.strongswan</literal> is using the legacy
|
|
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke
|
|
configuration interface</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The new <literal>services.elasticsearch-curator</literal>
|
|
service periodically curates or manages, your Elasticsearch
|
|
indices and snapshots.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
Every new services:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>./config/xdg/autostart.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./config/xdg/icons.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./config/xdg/menus.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./config/xdg/mime.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./hardware/brightnessctl.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./hardware/onlykey.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./hardware/video/uvcvideo/default.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./misc/documentation.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/firejail.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/iftop.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/sedutil.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/singularity.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/xss-lock.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./programs/zsh/zsh-autosuggestions.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/admin/oxidized.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/backup/duplicati.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/backup/restic.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/backup/restic-rest-server.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/cluster/hadoop/default.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/databases/aerospike.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/databases/monetdb.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/desktops/bamf.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/desktops/flatpak.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/desktops/zeitgeist.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/development/bloop.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/development/jupyter/default.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/hardware/lcd.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/hardware/undervolt.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/clipmenu.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/gitweb.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/serviio.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/safeeyes.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/sysprof.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/misc/weechat.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/monitoring/datadog-agent.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/monitoring/incron.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/dnsdist.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/freeradius.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/hans.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/morty.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/ndppd.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/ocserv.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/owamp.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/quagga.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/shadowsocks.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/stubby.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/networking/zeronet.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/security/certmgr.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/security/cfssl.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/security/oauth2_proxy_nginx.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-apps/virtlyst.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-apps/youtrack.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-servers/hitch/default.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-servers/hydron.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-servers/meguca.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./services/web-servers/nginx/gitweb.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./virtualisation/kvmgt.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>./virtualisation/qemu-guest-agent.nix</literal>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-18.09-incompatibilities">
|
|
<title>Backward Incompatibilities</title>
|
|
<para>
|
|
When upgrading from a previous release, please be aware of the
|
|
following incompatible changes:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Some licenses that were incorrectly not marked as unfree now
|
|
are. This is the case for:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
cc-by-nc-sa-20: Creative Commons Attribution Non
|
|
Commercial Share Alike 2.0
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
cc-by-nc-sa-25: Creative Commons Attribution Non
|
|
Commercial Share Alike 2.5
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
cc-by-nc-sa-30: Creative Commons Attribution Non
|
|
Commercial Share Alike 3.0
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
cc-by-nc-sa-40: Creative Commons Attribution Non
|
|
Commercial Share Alike 4.0
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
cc-by-nd-30: Creative Commons Attribution-No Derivative
|
|
Works v3.00
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
msrla: Microsoft Research License Agreement
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The deprecated <literal>services.cassandra</literal> module
|
|
has seen a complete rewrite. (See above.)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.strict</literal> is removed. Use
|
|
<literal>builtins.seq</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>clementine</literal> package points now to the
|
|
free derivation. <literal>clementineFree</literal> is removed
|
|
now and <literal>clementineUnfree</literal> points to the
|
|
package which is bundled with the unfree
|
|
<literal>libspotify</literal> package.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>netcat</literal> package is now taken directly
|
|
from OpenBSD's <literal>libressl</literal>, instead of relying
|
|
on Debian's fork. The new version should be very close to the
|
|
old version, but there are some minor differences.
|
|
Importantly, flags like -b, -q, -C, and -Z are no longer
|
|
accepted by the nc command.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>services.docker-registry.extraConfig</literal>
|
|
object doesn't contain environment variables anymore. Instead
|
|
it needs to provide an object structure that can be mapped
|
|
onto the YAML configuration defined in
|
|
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
|
|
<literal>docker/distribution</literal> docs</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>gnucash</literal> has changed from version 2.4 to
|
|
3.x. If you've been using <literal>gnucash</literal> (version
|
|
2.4) instead of <literal>gnucash26</literal> (version 2.6) you
|
|
must open your Gnucash data file(s) with
|
|
<literal>gnucash26</literal> and then save them to upgrade the
|
|
file format. Then you may use your data file(s) with Gnucash
|
|
3.x. See the upgrade
|
|
<link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>.
|
|
Gnucash 2.4 is still available under the attribute
|
|
<literal>gnucash24</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.munge</literal> now runs as user (and group)
|
|
<literal>munge</literal> instead of root. Make sure the key
|
|
file is accessible to the daemon.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>dockerTools.buildImage</literal> now uses
|
|
<literal>null</literal> as default value for
|
|
<literal>tag</literal>, which indicates that the nix output
|
|
hash will be used as tag.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The ELK stack: <literal>elasticsearch</literal>,
|
|
<literal>logstash</literal> and <literal>kibana</literal> has
|
|
been upgraded from 2.* to 6.3.*. The 2.* versions have been
|
|
<link xlink:href="https://www.elastic.co/support/eol">unsupported
|
|
since last year</link> so they have been removed. You can
|
|
still use the 5.* versions under the names
|
|
<literal>elasticsearch5</literal>,
|
|
<literal>logstash5</literal> and <literal>kibana5</literal>.
|
|
</para>
|
|
<para>
|
|
The elastic beats: <literal>filebeat</literal>,
|
|
<literal>heartbeat</literal>, <literal>metricbeat</literal>
|
|
and <literal>packetbeat</literal> have had the same treatment:
|
|
they now target 6.3.* as well. The 5.* versions are available
|
|
under the names: <literal>filebeat5</literal>,
|
|
<literal>heartbeat5</literal>, <literal>metricbeat5</literal>
|
|
and <literal>packetbeat5</literal>
|
|
</para>
|
|
<para>
|
|
The ELK-6.3 stack now comes with
|
|
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack
|
|
by default</link>. Since X-Pack is licensed under the
|
|
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic
|
|
License</link> the ELK packages now have an unfree license. To
|
|
use them you need to specify
|
|
<literal>allowUnfree = true;</literal> in your nixpkgs
|
|
configuration.
|
|
</para>
|
|
<para>
|
|
Fortunately there is also a free variant of the ELK stack
|
|
without X-Pack. The packages are available under the names:
|
|
<literal>elasticsearch-oss</literal>,
|
|
<literal>logstash-oss</literal> and
|
|
<literal>kibana-oss</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Options
|
|
<literal>boot.initrd.luks.devices.name.yubikey.ramfsMountPoint</literal>
|
|
<literal>boot.initrd.luks.devices.name.yubikey.storage.mountPoint</literal>
|
|
were removed. <literal>luksroot.nix</literal> module never
|
|
supported more than one YubiKey at a time anyway, hence those
|
|
options never had any effect. You should be able to remove
|
|
them from your config without any issues.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>stdenv.system</literal> and <literal>system</literal>
|
|
in nixpkgs now refer to the host platform instead of the build
|
|
platform. For native builds this is not change, let alone a
|
|
breaking one. For cross builds, it is a breaking change, and
|
|
<literal>stdenv.buildPlatform.system</literal> can be used
|
|
instead for the old behavior. They should be using that
|
|
anyways for clarity.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Groups <literal>kvm</literal> and <literal>render</literal>
|
|
are introduced now, as systemd requires them.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="sec-release-18.09-notable-changes">
|
|
<title>Other Notable Changes</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>dockerTools.pullImage</literal> relies on image
|
|
digest instead of image tag to download the image. The
|
|
<literal>sha256</literal> of a pulled image has to be updated.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.attrNamesToStr</literal> has been deprecated. Use
|
|
more specific concatenation
|
|
(<literal>lib.concat(Map)StringsSep</literal>) instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.addErrorContextToAttrs</literal> has been
|
|
deprecated. Use <literal>builtins.addErrorContext</literal>
|
|
directly.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.showVal</literal> has been deprecated. Use
|
|
<literal>lib.traceSeqN</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.traceXMLVal</literal> has been deprecated. Use
|
|
<literal>lib.traceValFn builtins.toXml</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.traceXMLValMarked</literal> has been deprecated.
|
|
Use
|
|
<literal>lib.traceValFn (x: str + builtins.toXML x)</literal>
|
|
instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>pkgs</literal> argument to NixOS modules can now
|
|
be set directly using <literal>nixpkgs.pkgs</literal>.
|
|
Previously, only the <literal>system</literal>,
|
|
<literal>config</literal> and <literal>overlays</literal>
|
|
arguments could be used to influence <literal>pkgs</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A NixOS system can now be constructed more easily based on a
|
|
preexisting invocation of Nixpkgs. For example:
|
|
</para>
|
|
<programlisting language="bash">
|
|
{
|
|
inherit (pkgs.nixos {
|
|
boot.loader.grub.enable = false;
|
|
fileSystems."/".device = "/dev/xvda1";
|
|
}) toplevel kernel initialRamdisk manual;
|
|
}
|
|
</programlisting>
|
|
<para>
|
|
This benefits evaluation performance, lets you write Nixpkgs
|
|
packages that depend on NixOS images and is consistent with a
|
|
deployment architecture that would be centered around Nixpkgs
|
|
overlays.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.traceValIfNot</literal> has been deprecated. Use
|
|
<literal>if/then/else</literal> and
|
|
<literal>lib.traceValSeq</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.traceCallXml</literal> has been deprecated.
|
|
Please complain if you use the function regularly.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The attribute <literal>lib.nixpkgsVersion</literal> has been
|
|
deprecated in favor of <literal>lib.version</literal>. Please
|
|
refer to the discussion in
|
|
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link>
|
|
for further reference.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.recursiveUpdateUntil</literal> was not acting
|
|
according to its specification. It has been fixed to act
|
|
according to the docstring, and a test has been added.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The module for <literal>security.dhparams</literal> has two
|
|
new options now:
|
|
</para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>
|
|
<literal>security.dhparams.stateless</literal>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Puts the generated Diffie-Hellman parameters into the
|
|
Nix store instead of managing them in a stateful manner
|
|
in <literal>/var/lib/dhparams</literal>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<literal>security.dhparams.defaultBitSize</literal>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
The default bit size to use for the generated
|
|
Diffie-Hellman parameters.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
<note>
|
|
<para>
|
|
The path to the actual generated parameter files should now
|
|
be queried using
|
|
<literal>config.security.dhparams.params.name.path</literal>
|
|
because it might be either in the Nix store or in a
|
|
directory configured by
|
|
<literal>security.dhparams.path</literal>.
|
|
</para>
|
|
</note>
|
|
<note>
|
|
<para>
|
|
<emphasis role="strong">For developers:</emphasis>
|
|
</para>
|
|
<para>
|
|
Module implementers should not set a specific bit size in
|
|
order to let users configure it by themselves if they want
|
|
to have a different bit size than the default (2048).
|
|
</para>
|
|
<para>
|
|
An example usage of this would be:
|
|
</para>
|
|
<programlisting language="bash">
|
|
{ config, ... }:
|
|
|
|
{
|
|
security.dhparams.params.myservice = {};
|
|
environment.etc."myservice.conf".text = ''
|
|
dhparams = ${config.security.dhparams.params.myservice.path}
|
|
'';
|
|
}
|
|
</programlisting>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>networking.networkmanager.useDnsmasq</literal> has
|
|
been deprecated. Use
|
|
<literal>networking.networkmanager.dns</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The Kubernetes package has been bumped to major version 1.11.
|
|
Please consult the
|
|
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release
|
|
notes</link> for details on new features and api changes.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option
|
|
<literal>services.kubernetes.apiserver.admissionControl</literal>
|
|
was renamed to
|
|
<literal>services.kubernetes.apiserver.enableAdmissionPlugins</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Recommended way to access the Kubernetes Dashboard is via
|
|
HTTPS (TLS) Therefore; public service port for the dashboard
|
|
has changed to 443 (container port 8443) and scheme to https.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option
|
|
<literal>services.kubernetes.apiserver.address</literal> was
|
|
renamed to
|
|
<literal>services.kubernetes.apiserver.bindAddress</literal>.
|
|
Note that the default value has changed from 127.0.0.1 to
|
|
0.0.0.0.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option
|
|
<literal>services.kubernetes.apiserver.publicAddress</literal>
|
|
was not used and thus has been removed.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option
|
|
<literal>services.kubernetes.addons.dashboard.enableRBAC</literal>
|
|
was renamed to
|
|
<literal>services.kubernetes.addons.dashboard.rbac.enable</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The Kubernetes Dashboard now has only minimal RBAC permissions
|
|
by default. If dashboard cluster-admin rights are desired, set
|
|
<literal>services.kubernetes.addons.dashboard.rbac.clusterAdmin</literal>
|
|
to true. On existing clusters, in order for the revocation of
|
|
privileges to take effect, the current ClusterRoleBinding for
|
|
kubernetes-dashboard must be manually removed:
|
|
<literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>programs.screen</literal> module provides allows
|
|
to configure <literal>/etc/screenrc</literal>, however the
|
|
module behaved fairly counterintuitive as the config exists,
|
|
but the package wasn't available. Since 18.09
|
|
<literal>pkgs.screen</literal> will be added to
|
|
<literal>environment.systemPackages</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The module <literal>services.networking.hostapd</literal> now
|
|
uses WPA2 by default.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>s6Dns</literal>, <literal>s6Networking</literal>,
|
|
<literal>s6LinuxUtils</literal> and
|
|
<literal>s6PortableUtils</literal> renamed to
|
|
<literal>s6-dns</literal>, <literal>s6-networking</literal>,
|
|
<literal>s6-linux-utils</literal> and
|
|
<literal>s6-portable-utils</literal> respectively.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The module option <literal>nix.useSandbox</literal> is now
|
|
defaulted to <literal>true</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The config activation script of
|
|
<literal>nixos-rebuild</literal> now
|
|
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link>
|
|
all user units for each authenticated user.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The default display manager is now LightDM. To use SLiM set
|
|
<literal>services.xserver.displayManager.slim.enable</literal>
|
|
to <literal>true</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
NixOS option descriptions are now automatically broken up into
|
|
individual paragraphs if the text contains two consecutive
|
|
newlines, so it's no longer necessary to use
|
|
<literal></para><para></literal> to start a new
|
|
paragraph.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Top-level <literal>buildPlatform</literal>,
|
|
<literal>hostPlatform</literal>, and
|
|
<literal>targetPlatform</literal> in Nixpkgs are deprecated.
|
|
Please use their equivalents in <literal>stdenv</literal>
|
|
instead: <literal>stdenv.buildPlatform</literal>,
|
|
<literal>stdenv.hostPlatform</literal>, and
|
|
<literal>stdenv.targetPlatform</literal>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</section>
|