tjh.dev
Merge pull request #207150 from ncfavier/doc-minor
authored by
Naïm Favier
and committed by
GitHub
23d58dae
f73cdf02
+1
-1
doc/builders/images/ocitools.section.md
+1
-1
doc/builders/images/ocitools.section.md
···
34
34
35
35
- `mounts` specifies additional mount points chosen by the user. By default only a minimal set of necessary filesystems are mounted into the container (e.g procfs, cgroupfs)
36
36
37
-
- `readonly` makes the container\'s rootfs read-only if it is set to true. The default value is false `false`.
37
+
- `readonly` makes the container's rootfs read-only if it is set to true. The default value is false `false`.
+1
-1
doc/builders/packages/dlib.section.md
+1
-1
doc/builders/packages/dlib.section.md
···
4
4
5
5
## Compiling without AVX support {#compiling-without-avx-support}
6
6
7
-
Especially older CPUs don\'t support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
7
+
Especially older CPUs don't support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
8
8
9
9
On the affected hardware errors like `Illegal instruction` will occur. In those cases AVX support needs to be disabled:
10
10
+1
-1
doc/contributing/submitting-changes.chapter.md
+1
-1
doc/contributing/submitting-changes.chapter.md
···
199
199
200
200
### Meets Nixpkgs contribution standards {#submitting-changes-contribution-standards}
201
201
202
-
The last checkbox is fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). The contributing document has detailed information on standards the Nix community has for commit messages, reviews, licensing of contributions you make to the project, etc\... Everyone should read and understand the standards the community has for contributing before submitting a pull request.
202
+
The last checkbox is fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md). The contributing document has detailed information on standards the Nix community has for commit messages, reviews, licensing of contributions you make to the project, etc... Everyone should read and understand the standards the community has for contributing before submitting a pull request.
203
203
204
204
## Hotfixing pull requests {#submitting-changes-hotfixing-pull-requests}
205
205
+2
-2
doc/functions/nix-gitignore.section.md
+2
-2
doc/functions/nix-gitignore.section.md
···
4
4
5
5
## Usage {#sec-pkgs-nix-gitignore-usage}
6
6
7
-
`pkgs.nix-gitignore` exports a number of functions, but you\'ll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
7
+
`pkgs.nix-gitignore` exports a number of functions, but you'll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
8
8
9
9
```nix
10
10
{ pkgs ? import <nixpkgs> {} }:
···
30
30
gitignoreSource = gitignoreFilterSource (_: _: true);
31
31
```
32
32
33
-
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it\'s blacklisted by either your filter or the gitignoreFilter.
33
+
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it's blacklisted by either your filter or the gitignoreFilter.
34
34
35
35
If you want to make your own filter from scratch, you may use
36
36
+1
-1
doc/using/configuration.chapter.md
+1
-1
doc/using/configuration.chapter.md
···
73
73
}
74
74
```
75
75
76
-
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program *ought* to work on a certain platform, but doesn't, the platform should be included in `meta.platforms`, but marked as broken with e.g. `meta.broken = !hostPlatform.isWindows`. Of course, this begs the question of what \"ought\" means exactly. That is left to the package maintainer.
76
+
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program *ought* to work on a certain platform, but doesn't, the platform should be included in `meta.platforms`, but marked as broken with e.g. `meta.broken = !hostPlatform.isWindows`. Of course, this begs the question of what "ought" means exactly. That is left to the package maintainer.
77
77
78
78
## Installing unfree packages {#sec-allow-unfree}
79
79
+6
-6
nixos/doc/manual/administration/service-mgmt.chapter.md
+6
-6
nixos/doc/manual/administration/service-mgmt.chapter.md
···
75
75
76
76
Packages in Nixpkgs sometimes provide systemd units with them, usually
77
77
in e.g `#pkg-out#/lib/systemd/`. Putting such a package in
78
-
`environment.systemPackages` doesn\'t make the service available to
78
+
`environment.systemPackages` doesn't make the service available to
79
79
users or the system.
80
80
81
81
In order to enable a systemd *system* service with provided upstream
···
87
87
88
88
Usually NixOS modules written by the community do the above, plus take
89
89
care of other details. If a module was written for a service you are
90
-
interested in, you\'d probably need only to use
90
+
interested in, you'd probably need only to use
91
91
`services.#name#.enable = true;`. These services are defined in
92
-
Nixpkgs\' [ `nixos/modules/` directory
92
+
Nixpkgs' [ `nixos/modules/` directory
93
93
](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules). In case
94
94
the service is simple enough, the above method should work, and start
95
95
the service on boot.
···
98
98
differently. Given a package that has a systemd unit file at
99
99
`#pkg-out#/lib/systemd/user/`, using [](#opt-systemd.packages) will
100
100
make you able to start the service via `systemctl --user start`, but it
101
-
won\'t start automatically on login. However, You can imperatively
102
-
enable it by adding the package\'s attribute to
101
+
won't start automatically on login. However, You can imperatively
102
+
enable it by adding the package's attribute to
103
103
[](#opt-systemd.packages) and then do this (e.g):
104
104
105
105
```ShellSession
···
113
113
of `default.target.wants` in the 1st and 2nd command.
114
114
115
115
Using `systemctl --user enable syncthing.service` instead of the above,
116
-
will work, but it\'ll use the absolute path of `syncthing.service` for
116
+
will work, but it'll use the absolute path of `syncthing.service` for
117
117
the symlink, and this path is in `/nix/store/.../lib/systemd/user/`.
118
118
Hence [garbage collection](#sec-nix-gc) will remove that file and you
119
119
will wind up with a broken symlink in your systemd configuration, which
+1
-1
nixos/doc/manual/configuration/kubernetes.chapter.md
+1
-1
nixos/doc/manual/configuration/kubernetes.chapter.md
+1
-1
nixos/doc/manual/configuration/profiles.chapter.md
+1
-1
nixos/doc/manual/configuration/profiles.chapter.md
···
2
2
3
3
In some cases, it may be desirable to take advantage of commonly-used,
4
4
predefined configurations provided by nixpkgs, but different from those
5
-
that come as default. This is a role fulfilled by NixOS\'s Profiles,
5
+
that come as default. This is a role fulfilled by NixOS's Profiles,
6
6
which come as files living in `<nixpkgs/nixos/modules/profiles>`. That
7
7
is to say, expected usage is to add them to the imports list of your
8
8
`/etc/configuration.nix` as such:
+1
-1
nixos/doc/manual/configuration/user-mgmt.chapter.md
+1
-1
nixos/doc/manual/configuration/user-mgmt.chapter.md
···
30
30
[](#opt-users.users) and run nixos-rebuild, the user
31
31
account will cease to exist. Also, imperative commands for managing users and
32
32
groups, such as useradd, are no longer available. Passwords may still be
33
-
assigned by setting the user\'s
33
+
assigned by setting the user's
34
34
[hashedPassword](#opt-users.users._name_.hashedPassword) option. A
35
35
hashed password can be generated using `mkpasswd`.
36
36
+1
-1
nixos/doc/manual/configuration/wayland.chapter.md
+1
-1
nixos/doc/manual/configuration/wayland.chapter.md
···
4
4
on NixOS, Wayland support is steadily improving. Where X11 separates the
5
5
X Server and the window manager, on Wayland those are combined: a
6
6
Wayland Compositor is like an X11 window manager, but also embeds the
7
-
Wayland \'Server\' functionality. This means it is sufficient to install
7
+
Wayland 'Server' functionality. This means it is sufficient to install
8
8
a Wayland Compositor such as sway without separately enabling a Wayland
9
9
server:
10
10
+8
-8
nixos/doc/manual/configuration/x-windows.chapter.md
+8
-8
nixos/doc/manual/configuration/x-windows.chapter.md
···
81
81
82
82
To enable auto-login, you need to define your default window manager and
83
83
desktop environment. If you wanted no desktop environment and i3 as your
84
-
your window manager, you\'d define:
84
+
your window manager, you'd define:
85
85
86
86
```nix
87
87
services.xserver.displayManager.defaultSession = "none+i3";
···
110
110
111
111
The second driver, `intel`, is specific to Intel GPUs, but not
112
112
recommended by most distributions: it lacks several modern features (for
113
-
example, it doesn\'t support Glamor) and the package hasn\'t been
113
+
example, it doesn't support Glamor) and the package hasn't been
114
114
officially updated since 2015.
115
115
116
116
The results vary depending on the hardware, so you may have to try both
···
162
162
163
163
AMD provides a proprietary driver for its graphics cards that is not
164
164
enabled by default because it's not Free Software, is often broken in
165
-
nixpkgs and as of this writing doesn\'t offer more features or
165
+
nixpkgs and as of this writing doesn't offer more features or
166
166
performance. If you still want to use it anyway, you need to explicitly
167
167
set:
168
168
···
215
215
pressing the right-alt key.
216
216
217
217
Create a file called `us-greek` with the following content (under a
218
-
directory called `symbols`; it\'s an XKB peculiarity that will help with
218
+
directory called `symbols`; it's an XKB peculiarity that will help with
219
219
testing):
220
220
221
221
```nix
···
249
249
250
250
Applying this customization requires rebuilding several packages, and a
251
251
broken XKB file can lead to the X session crashing at login. Therefore,
252
-
you\'re strongly advised to **test your layout before applying it**:
252
+
you're strongly advised to **test your layout before applying it**:
253
253
254
254
```ShellSession
255
255
$ nix-shell -p xorg.xkbcomp
···
313
313
314
314
Unfortunately, the Xorg server does not (currently) support setting a
315
315
keymap directly but relies instead on XKB rules to select the matching
316
-
components (keycodes, types, \...) of a layout. This means that
317
-
components other than symbols won\'t be loaded by default. As a
316
+
components (keycodes, types, ...) of a layout. This means that
317
+
components other than symbols won't be loaded by default. As a
318
318
workaround, you can set the keymap using `setxkbmap` at the start of the
319
319
session with:
320
320
···
323
323
```
324
324
325
325
If you are manually starting the X server, you should set the argument
326
-
`-xkbdir /etc/X11/xkb`, otherwise X won\'t find your layout files. For
326
+
`-xkbdir /etc/X11/xkb`, otherwise X won't find your layout files. For
327
327
example with `xinit` run
328
328
329
329
```ShellSession
+3
-3
nixos/doc/manual/configuration/xfce.chapter.md
+3
-3
nixos/doc/manual/configuration/xfce.chapter.md
···
31
31
option [](#opt-programs.thunar.enable) instead of simply adding
32
32
`pkgs.xfce.thunar` to [](#opt-environment.systemPackages).
33
33
34
-
If you\'d like to add extra plugins to Thunar, add them to
35
-
[](#opt-programs.thunar.plugins). You shouldn\'t just add them to
34
+
If you'd like to add extra plugins to Thunar, add them to
35
+
[](#opt-programs.thunar.plugins). You shouldn't just add them to
36
36
[](#opt-environment.systemPackages).
37
37
38
38
## Troubleshooting {#sec-xfce-troubleshooting .unnumbered}
···
46
46
```
47
47
48
48
This is caused by some needed GNOME services not running. This is all
49
-
fixed by enabling \"Launch GNOME services on startup\" in the Advanced
49
+
fixed by enabling "Launch GNOME services on startup" in the Advanced
50
50
tab of the Session and Startup settings panel. Alternatively, you can
51
51
run this command to do the same thing.
52
52
+1
-1
nixos/doc/manual/development/option-declarations.section.md
+1
-1
nixos/doc/manual/development/option-declarations.section.md
···
149
149
150
150
As an example, we will take the case of display managers. There is a
151
151
central display manager module for generic display manager options and a
152
-
module file per display manager backend (sddm, gdm \...).
152
+
module file per display manager backend (sddm, gdm ...).
153
153
154
154
There are two approaches we could take with this module structure:
155
155
+6
-6
nixos/doc/manual/development/option-types.section.md
+6
-6
nixos/doc/manual/development/option-types.section.md
···
92
92
: A free-form attribute set.
93
93
94
94
::: {.warning}
95
-
This type will be deprecated in the future because it doesn\'t
95
+
This type will be deprecated in the future because it doesn't
96
96
recurse into attribute sets, silently drops earlier attribute
97
-
definitions, and doesn\'t discharge `lib.mkDefault`, `lib.mkIf`
97
+
definitions, and doesn't discharge `lib.mkDefault`, `lib.mkIf`
98
98
and co. For allowing arbitrary attribute sets, prefer
99
-
`types.attrsOf types.anything` instead which doesn\'t have these
99
+
`types.attrsOf types.anything` instead which doesn't have these
100
100
problems.
101
101
:::
102
102
···
222
222
- *`specialArgs`* An attribute set of extra arguments to be passed
223
223
to the module functions. The option `_module.args` should be
224
224
used instead for most arguments since it allows overriding.
225
-
*`specialArgs`* should only be used for arguments that can\'t go
225
+
*`specialArgs`* should only be used for arguments that can't go
226
226
through the module fixed-point, because of infinite recursion or
227
227
other problems. An example is overriding the `lib` argument,
228
228
because `lib` itself is used to define `_module.args`, which
···
236
236
In such a case it would allow the option to be set with
237
237
`the-submodule.config = "value"` instead of requiring
238
238
`the-submodule.config.config = "value"`. This is because
239
-
only when modules *don\'t* set the `config` or `options`
239
+
only when modules *don't* set the `config` or `options`
240
240
keys, all keys are interpreted as option definitions in the
241
241
`config` section. Enabling this option implicitly puts all
242
242
attributes in the `config` section.
···
324
324
: Type *`t1`* or type *`t2`*, e.g. `with types; either int str`.
325
325
Multiple definitions cannot be merged.
326
326
327
-
`types.oneOf` \[ *`t1 t2`* \... \]
327
+
`types.oneOf` \[ *`t1 t2`* ... \]
328
328
329
329
: Type *`t1`* or type *`t2`* and so forth, e.g.
330
330
`with types; oneOf [ int str bool ]`. Multiple definitions cannot be
+3
-3
nixos/doc/manual/development/replace-modules.section.md
+3
-3
nixos/doc/manual/development/replace-modules.section.md
···
2
2
3
3
Modules that are imported can also be disabled. The option declarations,
4
4
config implementation and the imports of a disabled module will be
5
-
ignored, allowing another to take it\'s place. This can be used to
5
+
ignored, allowing another to take its place. This can be used to
6
6
import a set of modules from another channel while keeping the rest of
7
7
the system on a stable release.
8
8
···
14
14
This example will replace the existing postgresql module with the
15
15
version defined in the nixos-unstable channel while keeping the rest of
16
16
the modules and packages from the original nixos channel. This only
17
-
overrides the module definition, this won\'t use postgresql from
17
+
overrides the module definition, this won't use postgresql from
18
18
nixos-unstable unless explicitly configured to do so.
19
19
20
20
```nix
···
35
35
36
36
This example shows how to define a custom module as a replacement for an
37
37
existing module. Importing this module will disable the original module
38
-
without having to know it\'s implementation details.
38
+
without having to know its implementation details.
39
39
40
40
```nix
41
41
{ config, lib, pkgs, ... }:
+3
-3
nixos/doc/manual/development/settings-options.section.md
+3
-3
nixos/doc/manual/development/settings-options.section.md
···
9
9
`{ foo = { bar = 10; }; }`. Other examples are INI, YAML and TOML.
10
10
The following section explains the convention for these settings.
11
11
12
-
- Non-nix-representable ones: These can\'t be trivially mapped to a
12
+
- Non-nix-representable ones: These can't be trivially mapped to a
13
13
subset of Nix syntax. Most generic programming languages are in this
14
14
group, e.g. bash, since the statement `if true; then echo hi; fi`
15
-
doesn\'t have a trivial representation in Nix.
15
+
doesn't have a trivial representation in Nix.
16
16
17
17
Currently there are no fixed conventions for these, but it is common
18
18
to have a `configFile` option for setting the configuration file
···
24
24
an `extraConfig` option of type `lines` to allow arbitrary text
25
25
after the autogenerated part of the file.
26
26
27
-
## Nix-representable Formats (JSON, YAML, TOML, INI, \...) {#sec-settings-nix-representable}
27
+
## Nix-representable Formats (JSON, YAML, TOML, INI, ...) {#sec-settings-nix-representable}
28
28
29
29
By convention, formats like this are handled with a generic `settings`
30
30
option, representing the full program configuration as a Nix value. The
+1
-1
nixos/doc/manual/development/writing-documentation.chapter.md
+1
-1
nixos/doc/manual/development/writing-documentation.chapter.md
+1
-1
nixos/doc/manual/development/writing-modules.chapter.md
+1
-1
nixos/doc/manual/development/writing-modules.chapter.md
···
71
71
- This `imports` list enumerates the paths to other NixOS modules that
72
72
should be included in the evaluation of the system configuration. A
73
73
default set of modules is defined in the file `modules/module-list.nix`.
74
-
These don\'t need to be added in the import list.
74
+
These don't need to be added in the import list.
75
75
76
76
- The attribute `options` is a nested set of *option declarations*
77
77
(described below).
+5
-5
nixos/doc/manual/development/writing-nixos-tests.section.md
+5
-5
nixos/doc/manual/development/writing-nixos-tests.section.md
···
165
165
`get_screen_text_variants`
166
166
167
167
: Return a list of different interpretations of what is currently
168
-
visible on the machine\'s screen using optical character
168
+
visible on the machine's screen using optical character
169
169
recognition. The number and order of the interpretations is not
170
170
specified and is subject to change, but if no exception is raised at
171
171
least one will be returned.
···
177
177
`get_screen_text`
178
178
179
179
: Return a textual representation of what is currently visible on the
180
-
machine\'s screen using optical character recognition.
180
+
machine's screen using optical character recognition.
181
181
182
182
::: {.note}
183
183
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
···
350
350
This applies to `systemctl`, `get_unit_info`, `wait_for_unit`,
351
351
`start_job` and `stop_job`.
352
352
353
-
For faster dev cycles it\'s also possible to disable the code-linters
354
-
(this shouldn\'t be committed though):
353
+
For faster dev cycles it's also possible to disable the code-linters
354
+
(this shouldn't be committed though):
355
355
356
356
```nix
357
357
{
···
370
370
371
371
This will produce a Nix warning at evaluation time. To fully disable the
372
372
linter, wrap the test script in comment directives to disable the Black
373
-
linter directly (again, don\'t commit this within the Nixpkgs
373
+
linter directly (again, don't commit this within the Nixpkgs
374
374
repository):
375
375
376
376
```nix
+1
-1
nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml
+1
-1
nixos/doc/manual/from_md/administration/cleaning-store.chapter.xml
+2
-2
nixos/doc/manual/from_md/administration/container-networking.section.xml
+2
-2
nixos/doc/manual/from_md/administration/container-networking.section.xml
···
31
31
address. This can be accomplished using the following configuration
32
32
on the host:
33
33
</para>
34
-
<programlisting language="bash">
34
+
<programlisting language="nix">
35
35
networking.nat.enable = true;
36
36
networking.nat.internalInterfaces = ["ve-+"];
37
37
networking.nat.externalInterface = "eth0";
···
45
45
If you are using Network Manager, you need to explicitly prevent it
46
46
from managing container interfaces:
47
47
</para>
48
-
<programlisting language="bash">
48
+
<programlisting language="nix">
49
49
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
50
50
</programlisting>
51
51
<para>
+2
-2
nixos/doc/manual/from_md/administration/control-groups.chapter.xml
+2
-2
nixos/doc/manual/from_md/administration/control-groups.chapter.xml
···
42
42
process would get 1/1001 of the cgroup’s CPU time.) You can limit a
43
43
service’s CPU share in <literal>configuration.nix</literal>:
44
44
</para>
45
-
<programlisting language="bash">
45
+
<programlisting language="nix">
46
46
systemd.services.httpd.serviceConfig.CPUShares = 512;
47
47
</programlisting>
48
48
<para>
···
57
57
<literal>configuration.nix</literal>; for instance, to limit
58
58
<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap):
59
59
</para>
60
-
<programlisting language="bash">
60
+
<programlisting language="nix">
61
61
systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
62
62
</programlisting>
63
63
<para>
+2
-2
nixos/doc/manual/from_md/administration/declarative-containers.section.xml
+2
-2
nixos/doc/manual/from_md/administration/declarative-containers.section.xml
···
6
6
following specifies that there shall be a container named
7
7
<literal>database</literal> running PostgreSQL:
8
8
</para>
9
-
<programlisting language="bash">
9
+
<programlisting language="nix">
10
10
containers.database =
11
11
{ config =
12
12
{ config, pkgs, ... }:
···
29
29
However, they cannot change the network configuration. You can give
30
30
a container its own network as follows:
31
31
</para>
32
-
<programlisting language="bash">
32
+
<programlisting language="nix">
33
33
containers.database = {
34
34
privateNetwork = true;
35
35
hostAddress = "192.168.100.10";
+7
-7
nixos/doc/manual/from_md/administration/service-mgmt.chapter.xml
+7
-7
nixos/doc/manual/from_md/administration/service-mgmt.chapter.xml
···
85
85
Packages in Nixpkgs sometimes provide systemd units with them,
86
86
usually in e.g <literal>#pkg-out#/lib/systemd/</literal>. Putting
87
87
such a package in <literal>environment.systemPackages</literal>
88
-
doesn't make the service available to users or the system.
88
+
doesn’t make the service available to users or the system.
89
89
</para>
90
90
<para>
91
91
In order to enable a systemd <emphasis>system</emphasis> service
92
92
with provided upstream package, use (e.g):
93
93
</para>
94
-
<programlisting language="bash">
94
+
<programlisting language="nix">
95
95
systemd.packages = [ pkgs.packagekit ];
96
96
</programlisting>
97
97
<para>
98
98
Usually NixOS modules written by the community do the above, plus
99
99
take care of other details. If a module was written for a service
100
-
you are interested in, you'd probably need only to use
100
+
you are interested in, you’d probably need only to use
101
101
<literal>services.#name#.enable = true;</literal>. These services
102
-
are defined in Nixpkgs'
102
+
are defined in Nixpkgs’
103
103
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules">
104
104
<literal>nixos/modules/</literal> directory </link>. In case the
105
105
service is simple enough, the above method should work, and start
···
111
111
unit file at <literal>#pkg-out#/lib/systemd/user/</literal>, using
112
112
<xref linkend="opt-systemd.packages" /> will make you able to
113
113
start the service via <literal>systemctl --user start</literal>,
114
-
but it won't start automatically on login. However, You can
115
-
imperatively enable it by adding the package's attribute to
114
+
but it won’t start automatically on login. However, You can
115
+
imperatively enable it by adding the package’s attribute to
116
116
<xref linkend="opt-systemd.packages" /> and then do this (e.g):
117
117
</para>
118
118
<programlisting>
···
129
129
</para>
130
130
<para>
131
131
Using <literal>systemctl --user enable syncthing.service</literal>
132
-
instead of the above, will work, but it'll use the absolute path
132
+
instead of the above, will work, but it’ll use the absolute path
133
133
of <literal>syncthing.service</literal> for the symlink, and this
134
134
path is in <literal>/nix/store/.../lib/systemd/user/</literal>.
135
135
Hence <link linkend="sec-nix-gc">garbage collection</link> will
+4
-4
nixos/doc/manual/from_md/configuration/abstractions.section.xml
+4
-4
nixos/doc/manual/from_md/configuration/abstractions.section.xml
···
4
4
If you find yourself repeating yourself over and over, it’s time to
5
5
abstract. Take, for instance, this Apache HTTP Server configuration:
6
6
</para>
7
-
<programlisting language="bash">
7
+
<programlisting language="nix">
8
8
{
9
9
services.httpd.virtualHosts =
10
10
{ "blog.example.org" = {
···
29
29
the only difference is the document root directories. To prevent
30
30
this duplication, we can use a <literal>let</literal>:
31
31
</para>
32
-
<programlisting language="bash">
32
+
<programlisting language="nix">
33
33
let
34
34
commonConfig =
35
35
{ adminAddr = "alice@example.org";
···
55
55
You can write a <literal>let</literal> wherever an expression is
56
56
allowed. Thus, you also could have written:
57
57
</para>
58
-
<programlisting language="bash">
58
+
<programlisting language="nix">
59
59
{
60
60
services.httpd.virtualHosts =
61
61
let commonConfig = ...; in
···
74
74
of different virtual hosts, all with identical configuration except
75
75
for the document root. This can be done as follows:
76
76
</para>
77
-
<programlisting language="bash">
77
+
<programlisting language="nix">
78
78
{
79
79
services.httpd.virtualHosts =
80
80
let
+1
-1
nixos/doc/manual/from_md/configuration/ad-hoc-network-config.section.xml
+1
-1
nixos/doc/manual/from_md/configuration/ad-hoc-network-config.section.xml
···
7
7
network configuration not covered by the existing NixOS modules. For
8
8
instance, to statically configure an IPv6 address:
9
9
</para>
10
-
<programlisting language="bash">
10
+
<programlisting language="nix">
11
11
networking.localCommands =
12
12
''
13
13
ip -6 addr add 2001:610:685:1::1/64 dev eth0
+5
-5
nixos/doc/manual/from_md/configuration/adding-custom-packages.section.xml
+5
-5
nixos/doc/manual/from_md/configuration/adding-custom-packages.section.xml
···
28
28
manual. Finally, you add it to
29
29
<xref linkend="opt-environment.systemPackages" />, e.g.
30
30
</para>
31
-
<programlisting language="bash">
31
+
<programlisting language="nix">
32
32
environment.systemPackages = [ pkgs.my-package ];
33
33
</programlisting>
34
34
<para>
···
45
45
Hello</link> package directly in
46
46
<literal>configuration.nix</literal>:
47
47
</para>
48
-
<programlisting language="bash">
48
+
<programlisting language="nix">
49
49
environment.systemPackages =
50
50
let
51
51
my-hello = with pkgs; stdenv.mkDerivation rec {
···
62
62
Of course, you can also move the definition of
63
63
<literal>my-hello</literal> into a separate Nix expression, e.g.
64
64
</para>
65
-
<programlisting language="bash">
65
+
<programlisting language="nix">
66
66
environment.systemPackages = [ (import ./my-hello.nix) ];
67
67
</programlisting>
68
68
<para>
69
69
where <literal>my-hello.nix</literal> contains:
70
70
</para>
71
-
<programlisting language="bash">
71
+
<programlisting language="nix">
72
72
with import <nixpkgs> {}; # bring all of Nixpkgs into scope
73
73
74
74
stdenv.mkDerivation rec {
···
98
98
need to install <literal>appimage-run</literal>: add to
99
99
<literal>/etc/nixos/configuration.nix</literal>
100
100
</para>
101
-
<programlisting language="bash">
101
+
<programlisting language="nix">
102
102
environment.systemPackages = [ pkgs.appimage-run ];
103
103
</programlisting>
104
104
<para>
+11
-11
nixos/doc/manual/from_md/configuration/config-file.section.xml
+11
-11
nixos/doc/manual/from_md/configuration/config-file.section.xml
···
3
3
<para>
4
4
The NixOS configuration file generally looks like this:
5
5
</para>
6
-
<programlisting language="bash">
6
+
<programlisting language="nix">
7
7
{ config, pkgs, ... }:
8
8
9
9
{ option definitions
···
21
21
the name of an option and <literal>value</literal> is its value. For
22
22
example,
23
23
</para>
24
-
<programlisting language="bash">
24
+
<programlisting language="nix">
25
25
{ config, pkgs, ... }:
26
26
27
27
{ services.httpd.enable = true;
···
44
44
<literal>true</literal>. This means that the example above can also
45
45
be written as:
46
46
</para>
47
-
<programlisting language="bash">
47
+
<programlisting language="nix">
48
48
{ config, pkgs, ... }:
49
49
50
50
{ services = {
···
96
96
<para>
97
97
Strings are enclosed in double quotes, e.g.
98
98
</para>
99
-
<programlisting language="bash">
99
+
<programlisting language="nix">
100
100
networking.hostName = "dexter";
101
101
</programlisting>
102
102
<para>
···
107
107
Multi-line strings can be enclosed in <emphasis>double single
108
108
quotes</emphasis>, e.g.
109
109
</para>
110
-
<programlisting language="bash">
110
+
<programlisting language="nix">
111
111
networking.extraHosts =
112
112
''
113
113
127.0.0.2 other-localhost
···
135
135
These can be <literal>true</literal> or
136
136
<literal>false</literal>, e.g.
137
137
</para>
138
-
<programlisting language="bash">
138
+
<programlisting language="nix">
139
139
networking.firewall.enable = true;
140
140
networking.firewall.allowPing = false;
141
141
</programlisting>
···
149
149
<para>
150
150
For example,
151
151
</para>
152
-
<programlisting language="bash">
152
+
<programlisting language="nix">
153
153
boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;
154
154
</programlisting>
155
155
<para>
···
171
171
Sets were introduced above. They are name/value pairs enclosed
172
172
in braces, as in the option definition
173
173
</para>
174
-
<programlisting language="bash">
174
+
<programlisting language="nix">
175
175
fileSystems."/boot" =
176
176
{ device = "/dev/sda1";
177
177
fsType = "ext4";
···
189
189
The important thing to note about lists is that list elements
190
190
are separated by whitespace, like this:
191
191
</para>
192
-
<programlisting language="bash">
192
+
<programlisting language="nix">
193
193
boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
194
194
</programlisting>
195
195
<para>
196
196
List elements can be any other type, e.g. sets:
197
197
</para>
198
-
<programlisting language="bash">
198
+
<programlisting language="nix">
199
199
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
200
200
</programlisting>
201
201
</listitem>
···
211
211
through the function argument <literal>pkgs</literal>. Typical
212
212
uses:
213
213
</para>
214
-
<programlisting language="bash">
214
+
<programlisting language="nix">
215
215
environment.systemPackages =
216
216
[ pkgs.thunderbird
217
217
pkgs.emacs
+3
-3
nixos/doc/manual/from_md/configuration/customizing-packages.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/customizing-packages.section.xml
···
22
22
a dependency on GTK 2. If you want to build it against GTK 3, you
23
23
can specify that as follows:
24
24
</para>
25
-
<programlisting language="bash">
25
+
<programlisting language="nix">
26
26
environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
27
27
</programlisting>
28
28
<para>
···
46
46
the package, such as the source code. For instance, if you want to
47
47
override the source code of Emacs, you can say:
48
48
</para>
49
-
<programlisting language="bash">
49
+
<programlisting language="nix">
50
50
environment.systemPackages = [
51
51
(pkgs.emacs.overrideAttrs (oldAttrs: {
52
52
name = "emacs-25.0-pre";
···
72
72
everything depend on your customised instance, you can apply a
73
73
<emphasis>global</emphasis> override as follows:
74
74
</para>
75
-
<programlisting language="bash">
75
+
<programlisting language="nix">
76
76
nixpkgs.config.packageOverrides = pkgs:
77
77
{ emacs = pkgs.emacs.override { gtk = pkgs.gtk3; };
78
78
};
+1
-1
nixos/doc/manual/from_md/configuration/declarative-packages.section.xml
+1
-1
nixos/doc/manual/from_md/configuration/declarative-packages.section.xml
···
7
7
adding the following line to <literal>configuration.nix</literal>
8
8
enables the Mozilla Thunderbird email application:
9
9
</para>
10
-
<programlisting language="bash">
10
+
<programlisting language="nix">
11
11
environment.systemPackages = [ pkgs.thunderbird ];
12
12
</programlisting>
13
13
<para>
+1
-1
nixos/doc/manual/from_md/configuration/file-systems.chapter.xml
+1
-1
nixos/doc/manual/from_md/configuration/file-systems.chapter.xml
···
7
7
<literal>/dev/disk/by-label/data</literal> onto the mount point
8
8
<literal>/data</literal>:
9
9
</para>
10
-
<programlisting language="bash">
10
+
<programlisting language="nix">
11
11
fileSystems."/data" =
12
12
{ device = "/dev/disk/by-label/data";
13
13
fsType = "ext4";
+3
-3
nixos/doc/manual/from_md/configuration/firewall.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/firewall.section.xml
···
6
6
both IPv4 and IPv6 traffic. It is enabled by default. It can be
7
7
disabled as follows:
8
8
</para>
9
-
<programlisting language="bash">
9
+
<programlisting language="nix">
10
10
networking.firewall.enable = false;
11
11
</programlisting>
12
12
<para>
13
13
If the firewall is enabled, you can open specific TCP ports to the
14
14
outside world:
15
15
</para>
16
-
<programlisting language="bash">
16
+
<programlisting language="nix">
17
17
networking.firewall.allowedTCPPorts = [ 80 443 ];
18
18
</programlisting>
19
19
<para>
···
26
26
<para>
27
27
To open ranges of TCP ports:
28
28
</para>
29
-
<programlisting language="bash">
29
+
<programlisting language="nix">
30
30
networking.firewall.allowedTCPPortRanges = [
31
31
{ from = 4000; to = 4007; }
32
32
{ from = 8000; to = 8010; }
+5
-5
nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml
+5
-5
nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml
···
62
62
<xref linkend="opt-hardware.opengl.extraPackages" /> enables
63
63
OpenCL support:
64
64
</para>
65
-
<programlisting language="bash">
65
+
<programlisting language="nix">
66
66
hardware.opengl.extraPackages = [
67
67
rocm-opencl-icd
68
68
];
···
85
85
enable OpenCL support. For example, for Gen8 and later GPUs, the
86
86
following configuration can be used:
87
87
</para>
88
-
<programlisting language="bash">
88
+
<programlisting language="nix">
89
89
hardware.opengl.extraPackages = [
90
90
intel-compute-runtime
91
91
];
···
162
162
makes amdvlk the default driver and hides radv and lavapipe from
163
163
the device list. A specific driver can be forced as follows:
164
164
</para>
165
-
<programlisting language="bash">
165
+
<programlisting language="nix">
166
166
hardware.opengl.extraPackages = [
167
167
pkgs.amdvlk
168
168
];
···
206
206
Modern Intel GPUs use the iHD driver, which can be installed
207
207
with:
208
208
</para>
209
-
<programlisting language="bash">
209
+
<programlisting language="nix">
210
210
hardware.opengl.extraPackages = [
211
211
intel-media-driver
212
212
];
···
215
215
Older Intel GPUs use the i965 driver, which can be installed
216
216
with:
217
217
</para>
218
-
<programlisting language="bash">
218
+
<programlisting language="nix">
219
219
hardware.opengl.extraPackages = [
220
220
vaapiIntel
221
221
];
+3
-3
nixos/doc/manual/from_md/configuration/ipv4-config.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/ipv4-config.section.xml
···
6
6
interfaces. However, you can configure an interface manually as
7
7
follows:
8
8
</para>
9
-
<programlisting language="bash">
9
+
<programlisting language="nix">
10
10
networking.interfaces.eth0.ipv4.addresses = [ {
11
11
address = "192.168.1.2";
12
12
prefixLength = 24;
···
16
16
Typically you’ll also want to set a default gateway and set of name
17
17
servers:
18
18
</para>
19
-
<programlisting language="bash">
19
+
<programlisting language="nix">
20
20
networking.defaultGateway = "192.168.1.1";
21
21
networking.nameservers = [ "8.8.8.8" ];
22
22
</programlisting>
···
32
32
The host name is set using
33
33
<xref linkend="opt-networking.hostName" />:
34
34
</para>
35
-
<programlisting language="bash">
35
+
<programlisting language="nix">
36
36
networking.hostName = "cartman";
37
37
</programlisting>
38
38
<para>
+4
-4
nixos/doc/manual/from_md/configuration/ipv6-config.section.xml
+4
-4
nixos/doc/manual/from_md/configuration/ipv6-config.section.xml
···
10
10
<xref linkend="opt-networking.interfaces._name_.tempAddress" />. You
11
11
can disable IPv6 support globally by setting:
12
12
</para>
13
-
<programlisting language="bash">
13
+
<programlisting language="nix">
14
14
networking.enableIPv6 = false;
15
15
</programlisting>
16
16
<para>
17
17
You can disable IPv6 on a single interface using a normal sysctl (in
18
18
this example, we use interface <literal>eth0</literal>):
19
19
</para>
20
-
<programlisting language="bash">
20
+
<programlisting language="nix">
21
21
boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
22
22
</programlisting>
23
23
<para>
24
24
As with IPv4 networking interfaces are automatically configured via
25
25
DHCPv6. You can configure an interface manually:
26
26
</para>
27
-
<programlisting language="bash">
27
+
<programlisting language="nix">
28
28
networking.interfaces.eth0.ipv6.addresses = [ {
29
29
address = "fe00:aa:bb:cc::2";
30
30
prefixLength = 64;
···
34
34
For configuring a gateway, optionally with explicitly specified
35
35
interface:
36
36
</para>
37
-
<programlisting language="bash">
37
+
<programlisting language="nix">
38
38
networking.defaultGateway6 = {
39
39
address = "fe00::1";
40
40
interface = "enp0s3";
+6
-6
nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml
+6
-6
nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml
···
10
10
way is to enable and configure cluster components appropriately by
11
11
hand:
12
12
</para>
13
-
<programlisting language="bash">
13
+
<programlisting language="nix">
14
14
services.kubernetes = {
15
15
apiserver.enable = true;
16
16
controllerManager.enable = true;
···
21
21
};
22
22
</programlisting>
23
23
<para>
24
-
Another way is to assign cluster roles ("master" and/or
25
-
"node") to the host. This enables apiserver,
24
+
Another way is to assign cluster roles (<quote>master</quote> and/or
25
+
<quote>node</quote>) to the host. This enables apiserver,
26
26
controllerManager, scheduler, addonManager, kube-proxy and etcd:
27
27
</para>
28
-
<programlisting language="bash">
28
+
<programlisting language="nix">
29
29
services.kubernetes.roles = [ "master" ];
30
30
</programlisting>
31
31
<para>
32
32
While this will enable the kubelet and kube-proxy only:
33
33
</para>
34
-
<programlisting language="bash">
34
+
<programlisting language="nix">
35
35
services.kubernetes.roles = [ "node" ];
36
36
</programlisting>
37
37
<para>
38
38
Assigning both the master and node roles is usable if you want a
39
39
single node Kubernetes cluster for dev or testing purposes:
40
40
</para>
41
-
<programlisting language="bash">
41
+
<programlisting language="nix">
42
42
services.kubernetes.roles = [ "master" "node" ];
43
43
</programlisting>
44
44
<para>
+9
-9
nixos/doc/manual/from_md/configuration/linux-kernel.chapter.xml
+9
-9
nixos/doc/manual/from_md/configuration/linux-kernel.chapter.xml
···
5
5
option <literal>boot.kernelPackages</literal>. For instance, this
6
6
selects the Linux 3.10 kernel:
7
7
</para>
8
-
<programlisting language="bash">
8
+
<programlisting language="nix">
9
9
boot.kernelPackages = pkgs.linuxKernel.packages.linux_3_10;
10
10
</programlisting>
11
11
<para>
···
48
48
<xref linkend="sec-customising-packages" />). For instance, to
49
49
enable support for the kernel debugger KGDB:
50
50
</para>
51
-
<programlisting language="bash">
51
+
<programlisting language="nix">
52
52
nixpkgs.config.packageOverrides = pkgs: pkgs.lib.recursiveUpdate pkgs {
53
53
linuxKernel.kernels.linux_5_10 = pkgs.linuxKernel.kernels.linux_5_10.override {
54
54
extraConfig = ''
···
69
69
automatically by <literal>udev</literal>. You can force a module to
70
70
be loaded via <xref linkend="opt-boot.kernelModules" />, e.g.
71
71
</para>
72
-
<programlisting language="bash">
72
+
<programlisting language="nix">
73
73
boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
74
74
</programlisting>
75
75
<para>
···
77
77
root file system), you can use
78
78
<xref linkend="opt-boot.initrd.kernelModules" />:
79
79
</para>
80
-
<programlisting language="bash">
80
+
<programlisting language="nix">
81
81
boot.initrd.kernelModules = [ "cifs" ];
82
82
</programlisting>
83
83
<para>
···
88
88
Kernel runtime parameters can be set through
89
89
<xref linkend="opt-boot.kernel.sysctl" />, e.g.
90
90
</para>
91
-
<programlisting language="bash">
91
+
<programlisting language="nix">
92
92
boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120;
93
93
</programlisting>
94
94
<para>
···
101
101
You can customize the default kernel configuration by overriding
102
102
the arguments for your kernel package:
103
103
</para>
104
-
<programlisting language="bash">
104
+
<programlisting language="nix">
105
105
pkgs.linux_latest.override {
106
106
ignoreConfigErrors = true;
107
107
autoModules = false;
···
126
126
<para>
127
127
To use your custom kernel package in your NixOS configuration, set
128
128
</para>
129
-
<programlisting language="bash">
129
+
<programlisting language="nix">
130
130
boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel;
131
131
</programlisting>
132
132
<para>
···
139
139
a kernel that uses it with
140
140
<literal>pkgs.linuxManualConfig</literal>:
141
141
</para>
142
-
<programlisting language="bash">
142
+
<programlisting language="nix">
143
143
let
144
144
baseKernel = pkgs.linux_latest;
145
145
in pkgs.linuxManualConfig {
···
198
198
available kernel version <emphasis>that is supported by
199
199
ZFS</emphasis> like this:
200
200
</para>
201
-
<programlisting language="bash">
201
+
<programlisting language="nix">
202
202
{
203
203
boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
204
204
}
+4
-4
nixos/doc/manual/from_md/configuration/luks-file-systems.section.xml
+4
-4
nixos/doc/manual/from_md/configuration/luks-file-systems.section.xml
···
30
30
at boot time as <literal>/</literal>, add the following to
31
31
<literal>configuration.nix</literal>:
32
32
</para>
33
-
<programlisting language="bash">
33
+
<programlisting language="nix">
34
34
boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";
35
35
fileSystems."/".device = "/dev/mapper/crypted";
36
36
</programlisting>
···
39
39
located on an encrypted partition, it is necessary to add the
40
40
following grub option:
41
41
</para>
42
-
<programlisting language="bash">
42
+
<programlisting language="nix">
43
43
boot.loader.grub.enableCryptodisk = true;
44
44
</programlisting>
45
45
<section xml:id="sec-luks-file-systems-fido2">
···
67
67
compatible key, add the following to
68
68
<literal>configuration.nix</literal>:
69
69
</para>
70
-
<programlisting language="bash">
70
+
<programlisting language="nix">
71
71
boot.initrd.luks.fido2Support = true;
72
72
boot.initrd.luks.devices."/dev/sda2".fido2.credential = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7";
73
73
</programlisting>
···
77
77
protected, such as
78
78
<link xlink:href="https://trezor.io/">Trezor</link>.
79
79
</para>
80
-
<programlisting language="bash">
80
+
<programlisting language="nix">
81
81
boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true;
82
82
</programlisting>
83
83
</section>
+6
-6
nixos/doc/manual/from_md/configuration/modularity.section.xml
+6
-6
nixos/doc/manual/from_md/configuration/modularity.section.xml
···
14
14
other modules by including them from
15
15
<literal>configuration.nix</literal>, e.g.:
16
16
</para>
17
-
<programlisting language="bash">
17
+
<programlisting language="nix">
18
18
{ config, pkgs, ... }:
19
19
20
20
{ imports = [ ./vpn.nix ./kde.nix ];
···
28
28
<literal>vpn.nix</literal> and <literal>kde.nix</literal>. The
29
29
latter might look like this:
30
30
</para>
31
-
<programlisting language="bash">
31
+
<programlisting language="nix">
32
32
{ config, pkgs, ... }:
33
33
34
34
{ services.xserver.enable = true;
···
50
50
you want it to appear first, you can use
51
51
<literal>mkBefore</literal>:
52
52
</para>
53
-
<programlisting language="bash">
53
+
<programlisting language="nix">
54
54
boot.kernelModules = mkBefore [ "kvm-intel" ];
55
55
</programlisting>
56
56
<para>
···
70
70
When that happens, it’s possible to force one definition take
71
71
precedence over the others:
72
72
</para>
73
-
<programlisting language="bash">
73
+
<programlisting language="nix">
74
74
services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org";
75
75
</programlisting>
76
76
<para>
···
93
93
<xref linkend="opt-services.xserver.enable" /> is set to
94
94
<literal>true</literal> somewhere else:
95
95
</para>
96
-
<programlisting language="bash">
96
+
<programlisting language="nix">
97
97
{ config, pkgs, ... }:
98
98
99
99
{ environment.systemPackages =
···
137
137
below would have the same effect as importing a file which sets
138
138
those options.
139
139
</para>
140
-
<programlisting language="bash">
140
+
<programlisting language="nix">
141
141
{ config, pkgs, ... }:
142
142
143
143
let netConfig = hostName: {
+3
-3
nixos/doc/manual/from_md/configuration/network-manager.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/network-manager.section.xml
···
4
4
To facilitate network configuration, some desktop environments use
5
5
NetworkManager. You can enable NetworkManager by setting:
6
6
</para>
7
-
<programlisting language="bash">
7
+
<programlisting language="nix">
8
8
networking.networkmanager.enable = true;
9
9
</programlisting>
10
10
<para>
···
15
15
All users that should have permission to change network settings
16
16
must belong to the <literal>networkmanager</literal> group:
17
17
</para>
18
-
<programlisting language="bash">
18
+
<programlisting language="nix">
19
19
users.users.alice.extraGroups = [ "networkmanager" ];
20
20
</programlisting>
21
21
<para>
···
36
36
used together if desired. To do this you need to instruct
37
37
NetworkManager to ignore those interfaces like:
38
38
</para>
39
-
<programlisting language="bash">
39
+
<programlisting language="nix">
40
40
networking.networkmanager.unmanaged = [
41
41
"*" "except:type:wwan" "except:type:gsm"
42
42
];
+2
-2
nixos/doc/manual/from_md/configuration/profiles.chapter.xml
+2
-2
nixos/doc/manual/from_md/configuration/profiles.chapter.xml
···
4
4
In some cases, it may be desirable to take advantage of
5
5
commonly-used, predefined configurations provided by nixpkgs, but
6
6
different from those that come as default. This is a role fulfilled
7
-
by NixOS's Profiles, which come as files living in
7
+
by NixOS’s Profiles, which come as files living in
8
8
<literal><nixpkgs/nixos/modules/profiles></literal>. That is
9
9
to say, expected usage is to add them to the imports list of your
10
10
<literal>/etc/configuration.nix</literal> as such:
11
11
</para>
12
-
<programlisting language="bash">
12
+
<programlisting language="nix">
13
13
imports = [
14
14
<nixpkgs/nixos/modules/profiles/profile-name.nix>
15
15
];
+2
-2
nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml
+2
-2
nixos/doc/manual/from_md/configuration/renaming-interfaces.section.xml
···
30
30
the interface with MAC address
31
31
<literal>52:54:00:12:01:01</literal> using a netword link unit:
32
32
</para>
33
-
<programlisting language="bash">
33
+
<programlisting language="nix">
34
34
systemd.network.links."10-wan" = {
35
35
matchConfig.PermanentMACAddress = "52:54:00:12:01:01";
36
36
linkConfig.Name = "wan";
···
43
43
<para>
44
44
Alternatively, we can use a plain old udev rule:
45
45
</para>
46
-
<programlisting language="bash">
46
+
<programlisting language="nix">
47
47
services.udev.initrdRules = ''
48
48
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \
49
49
ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan"
+2
-2
nixos/doc/manual/from_md/configuration/ssh.section.xml
+2
-2
nixos/doc/manual/from_md/configuration/ssh.section.xml
···
3
3
<para>
4
4
Secure shell (SSH) access to your machine can be enabled by setting:
5
5
</para>
6
-
<programlisting language="bash">
6
+
<programlisting language="nix">
7
7
services.openssh.enable = true;
8
8
</programlisting>
9
9
<para>
···
16
16
You can declaratively specify authorised RSA/DSA public keys for a
17
17
user as follows:
18
18
</para>
19
-
<programlisting language="bash">
19
+
<programlisting language="nix">
20
20
users.users.alice.openssh.authorizedKeys.keys =
21
21
[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
22
22
</programlisting>
+3
-3
nixos/doc/manual/from_md/configuration/sshfs-file-systems.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/sshfs-file-systems.section.xml
···
54
54
<link linkend="opt-fileSystems">fileSystems</link> option. Here’s
55
55
a typical setup:
56
56
</para>
57
-
<programlisting language="bash">
57
+
<programlisting language="nix">
58
58
{
59
59
system.fsPackages = [ pkgs.sshfs ];
60
60
···
80
80
well, for example you can change the default SSH port or specify a
81
81
jump proxy:
82
82
</para>
83
-
<programlisting language="bash">
83
+
<programlisting language="nix">
84
84
{
85
85
options =
86
86
[ "ProxyJump=bastion@example.com"
···
92
92
It’s also possible to change the <literal>ssh</literal> command
93
93
used by SSHFS to connect to the server. For example:
94
94
</para>
95
-
<programlisting language="bash">
95
+
<programlisting language="nix">
96
96
{
97
97
options =
98
98
[ (builtins.replaceStrings [" "] ["\\040"]
+3
-3
nixos/doc/manual/from_md/configuration/subversion.chapter.xml
+3
-3
nixos/doc/manual/from_md/configuration/subversion.chapter.xml
···
25
25
Apache HTTP, setting
26
26
<xref linkend="opt-services.httpd.adminAddr" /> appropriately:
27
27
</para>
28
-
<programlisting language="bash">
28
+
<programlisting language="nix">
29
29
services.httpd.enable = true;
30
30
services.httpd.adminAddr = ...;
31
31
networking.firewall.allowedTCPPorts = [ 80 443 ];
···
40
40
<literal>.authz</literal> file describing access permission, and
41
41
<literal>AuthUserFile</literal> to the password file.
42
42
</para>
43
-
<programlisting language="bash">
43
+
<programlisting language="nix">
44
44
services.httpd.extraModules = [
45
45
# note that order is *super* important here
46
46
{ name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; }
···
106
106
<literal>ACCESS_FILE</literal> will look something like the
107
107
following:
108
108
</para>
109
-
<programlisting language="bash">
109
+
<programlisting language="nix">
110
110
[/]
111
111
* = r
112
112
+4
-4
nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml
+4
-4
nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml
···
7
7
states that a user account named <literal>alice</literal> shall
8
8
exist:
9
9
</para>
10
-
<programlisting language="bash">
10
+
<programlisting language="nix">
11
11
users.users.alice = {
12
12
isNormalUser = true;
13
13
home = "/home/alice";
···
36
36
<xref linkend="opt-users.users" /> and run nixos-rebuild, the user
37
37
account will cease to exist. Also, imperative commands for managing
38
38
users and groups, such as useradd, are no longer available.
39
-
Passwords may still be assigned by setting the user's
39
+
Passwords may still be assigned by setting the user’s
40
40
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
41
41
option. A hashed password can be generated using
42
42
<literal>mkpasswd</literal>.
···
45
45
A user ID (uid) is assigned automatically. You can also specify a
46
46
uid manually by adding
47
47
</para>
48
-
<programlisting language="bash">
48
+
<programlisting language="nix">
49
49
uid = 1000;
50
50
</programlisting>
51
51
<para>
···
55
55
Groups can be specified similarly. The following states that a group
56
56
named <literal>students</literal> shall exist:
57
57
</para>
58
-
<programlisting language="bash">
58
+
<programlisting language="nix">
59
59
users.groups.students.gid = 1000;
60
60
</programlisting>
61
61
<para>
+6
-5
nixos/doc/manual/from_md/configuration/wayland.chapter.xml
+6
-5
nixos/doc/manual/from_md/configuration/wayland.chapter.xml
···
5
5
display technology on NixOS, Wayland support is steadily improving.
6
6
Where X11 separates the X Server and the window manager, on Wayland
7
7
those are combined: a Wayland Compositor is like an X11 window
8
-
manager, but also embeds the Wayland 'Server' functionality. This
9
-
means it is sufficient to install a Wayland Compositor such as sway
10
-
without separately enabling a Wayland server:
8
+
manager, but also embeds the Wayland <quote>Server</quote>
9
+
functionality. This means it is sufficient to install a Wayland
10
+
Compositor such as sway without separately enabling a Wayland
11
+
server:
11
12
</para>
12
-
<programlisting language="bash">
13
+
<programlisting language="nix">
13
14
programs.sway.enable = true;
14
15
</programlisting>
15
16
<para>
···
21
22
be able to share your screen, you might want to activate this
22
23
option:
23
24
</para>
24
-
<programlisting language="bash">
25
+
<programlisting language="nix">
25
26
xdg.portal.wlr.enable = true;
26
27
</programlisting>
27
28
<para>
+3
-3
nixos/doc/manual/from_md/configuration/wireless.section.xml
+3
-3
nixos/doc/manual/from_md/configuration/wireless.section.xml
···
9
9
<para>
10
10
NixOS will start wpa_supplicant for you if you enable this setting:
11
11
</para>
12
-
<programlisting language="bash">
12
+
<programlisting language="nix">
13
13
networking.wireless.enable = true;
14
14
</programlisting>
15
15
<para>
16
16
NixOS lets you specify networks for wpa_supplicant declaratively:
17
17
</para>
18
-
<programlisting language="bash">
18
+
<programlisting language="nix">
19
19
networking.wireless.networks = {
20
20
echelon = { # SSID with no spaces or special characters
21
21
psk = "abcdefgh";
···
49
49
psk=dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435
50
50
}
51
51
</programlisting>
52
-
<programlisting language="bash">
52
+
<programlisting language="nix">
53
53
networking.wireless.networks = {
54
54
echelon = {
55
55
pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435";
+32
-32
nixos/doc/manual/from_md/configuration/x-windows.chapter.xml
+32
-32
nixos/doc/manual/from_md/configuration/x-windows.chapter.xml
···
4
4
The X Window System (X11) provides the basis of NixOS’ graphical
5
5
user interface. It can be enabled as follows:
6
6
</para>
7
-
<programlisting language="bash">
7
+
<programlisting language="nix">
8
8
services.xserver.enable = true;
9
9
</programlisting>
10
10
<para>
···
13
13
and <literal>intel</literal>). You can also specify a driver
14
14
manually, e.g.
15
15
</para>
16
-
<programlisting language="bash">
16
+
<programlisting language="nix">
17
17
services.xserver.videoDrivers = [ "r128" ];
18
18
</programlisting>
19
19
<para>
···
25
25
<literal>xterm</literal> window. Thus you should pick one or more of
26
26
the following lines:
27
27
</para>
28
-
<programlisting language="bash">
28
+
<programlisting language="nix">
29
29
services.xserver.desktopManager.plasma5.enable = true;
30
30
services.xserver.desktopManager.xfce.enable = true;
31
31
services.xserver.desktopManager.gnome.enable = true;
···
42
42
LightDM. You can select an alternative one by picking one of the
43
43
following lines:
44
44
</para>
45
-
<programlisting language="bash">
45
+
<programlisting language="nix">
46
46
services.xserver.displayManager.sddm.enable = true;
47
47
services.xserver.displayManager.gdm.enable = true;
48
48
</programlisting>
49
49
<para>
50
50
You can set the keyboard layout (and optionally the layout variant):
51
51
</para>
52
-
<programlisting language="bash">
52
+
<programlisting language="nix">
53
53
services.xserver.layout = "de";
54
54
services.xserver.xkbVariant = "neo";
55
55
</programlisting>
···
57
57
The X server is started automatically at boot time. If you don’t
58
58
want this to happen, you can set:
59
59
</para>
60
-
<programlisting language="bash">
60
+
<programlisting language="nix">
61
61
services.xserver.autorun = false;
62
62
</programlisting>
63
63
<para>
···
70
70
On 64-bit systems, if you want OpenGL for 32-bit programs such as in
71
71
Wine, you should also set the following:
72
72
</para>
73
-
<programlisting language="bash">
73
+
<programlisting language="nix">
74
74
hardware.opengl.driSupport32Bit = true;
75
75
</programlisting>
76
76
<section xml:id="sec-x11-auto-login">
···
88
88
<para>
89
89
To enable auto-login, you need to define your default window
90
90
manager and desktop environment. If you wanted no desktop
91
-
environment and i3 as your your window manager, you'd define:
91
+
environment and i3 as your your window manager, you’d define:
92
92
</para>
93
-
<programlisting language="bash">
93
+
<programlisting language="nix">
94
94
services.xserver.displayManager.defaultSession = "none+i3";
95
95
</programlisting>
96
96
<para>
97
97
Every display manager in NixOS supports auto-login, here is an
98
98
example using lightdm for a user <literal>alice</literal>:
99
99
</para>
100
-
<programlisting language="bash">
100
+
<programlisting language="nix">
101
101
services.xserver.displayManager.lightdm.enable = true;
102
102
services.xserver.displayManager.autoLogin.enable = true;
103
103
services.xserver.displayManager.autoLogin.user = "alice";
···
122
122
<para>
123
123
The second driver, <literal>intel</literal>, is specific to Intel
124
124
GPUs, but not recommended by most distributions: it lacks several
125
-
modern features (for example, it doesn't support Glamor) and the
126
-
package hasn't been officially updated since 2015.
125
+
modern features (for example, it doesn’t support Glamor) and the
126
+
package hasn’t been officially updated since 2015.
127
127
</para>
128
128
<para>
129
129
The results vary depending on the hardware, so you may have to try
···
131
131
<xref linkend="opt-services.xserver.videoDrivers" /> to set one.
132
132
The recommended configuration for modern systems is:
133
133
</para>
134
-
<programlisting language="bash">
134
+
<programlisting language="nix">
135
135
services.xserver.videoDrivers = [ "modesetting" ];
136
136
</programlisting>
137
137
<para>
138
138
If you experience screen tearing no matter what, this
139
139
configuration was reported to resolve the issue:
140
140
</para>
141
-
<programlisting language="bash">
141
+
<programlisting language="nix">
142
142
services.xserver.videoDrivers = [ "intel" ];
143
143
services.xserver.deviceSection = ''
144
144
Option "DRI" "2"
···
159
159
enabled by default because it’s not free software. You can enable
160
160
it as follows:
161
161
</para>
162
-
<programlisting language="bash">
162
+
<programlisting language="nix">
163
163
services.xserver.videoDrivers = [ "nvidia" ];
164
164
</programlisting>
165
165
<para>
166
166
Or if you have an older card, you may have to use one of the
167
167
legacy drivers:
168
168
</para>
169
-
<programlisting language="bash">
169
+
<programlisting language="nix">
170
170
services.xserver.videoDrivers = [ "nvidiaLegacy390" ];
171
171
services.xserver.videoDrivers = [ "nvidiaLegacy340" ];
172
172
services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
···
181
181
<para>
182
182
AMD provides a proprietary driver for its graphics cards that is
183
183
not enabled by default because it’s not Free Software, is often
184
-
broken in nixpkgs and as of this writing doesn't offer more
184
+
broken in nixpkgs and as of this writing doesn’t offer more
185
185
features or performance. If you still want to use it anyway, you
186
186
need to explicitly set:
187
187
</para>
188
-
<programlisting language="bash">
188
+
<programlisting language="nix">
189
189
services.xserver.videoDrivers = [ "amdgpu-pro" ];
190
190
</programlisting>
191
191
<para>
···
199
199
Support for Synaptics touchpads (found in many laptops such as the
200
200
Dell Latitude series) can be enabled as follows:
201
201
</para>
202
-
<programlisting language="bash">
202
+
<programlisting language="nix">
203
203
services.xserver.libinput.enable = true;
204
204
</programlisting>
205
205
<para>
206
206
The driver has many options (see <xref linkend="ch-options" />).
207
207
For instance, the following disables tap-to-click behavior:
208
208
</para>
209
-
<programlisting language="bash">
209
+
<programlisting language="nix">
210
210
services.xserver.libinput.touchpad.tapping = false;
211
211
</programlisting>
212
212
<para>
···
222
222
applications look similar to GTK ones, you can use the following
223
223
configuration:
224
224
</para>
225
-
<programlisting language="bash">
225
+
<programlisting language="nix">
226
226
qt5.enable = true;
227
227
qt5.platformTheme = "gtk2";
228
228
qt5.style = "gtk2";
···
244
244
<para>
245
245
Create a file called <literal>us-greek</literal> with the
246
246
following content (under a directory called
247
-
<literal>symbols</literal>; it's an XKB peculiarity that will help
247
+
<literal>symbols</literal>; it’s an XKB peculiarity that will help
248
248
with testing):
249
249
</para>
250
-
<programlisting language="bash">
250
+
<programlisting language="nix">
251
251
xkb_symbols "us-greek"
252
252
{
253
253
include "us(basic)" // includes the base US keys
···
263
263
<para>
264
264
A minimal layout specification must include the following:
265
265
</para>
266
-
<programlisting language="bash">
266
+
<programlisting language="nix">
267
267
services.xserver.extraLayouts.us-greek = {
268
268
description = "US layout with alt-gr greek";
269
269
languages = [ "eng" ];
···
279
279
<para>
280
280
Applying this customization requires rebuilding several packages,
281
281
and a broken XKB file can lead to the X session crashing at login.
282
-
Therefore, you're strongly advised to <emphasis role="strong">test
282
+
Therefore, you’re strongly advised to <emphasis role="strong">test
283
283
your layout before applying it</emphasis>:
284
284
</para>
285
285
<programlisting>
···
312
312
interest, then create a <literal>media-key</literal> file to hold
313
313
the keycodes definitions
314
314
</para>
315
-
<programlisting language="bash">
315
+
<programlisting language="nix">
316
316
xkb_keycodes "media"
317
317
{
318
318
<volUp> = 123;
···
322
322
<para>
323
323
Now use the newly define keycodes in <literal>media-sym</literal>:
324
324
</para>
325
-
<programlisting language="bash">
325
+
<programlisting language="nix">
326
326
xkb_symbols "media"
327
327
{
328
328
key.type = "ONE_LEVEL";
···
333
333
<para>
334
334
As before, to install the layout do
335
335
</para>
336
-
<programlisting language="bash">
336
+
<programlisting language="nix">
337
337
services.xserver.extraLayouts.media = {
338
338
description = "Multimedia keys remapping";
339
339
languages = [ "eng" ];
···
352
352
<para>
353
353
Unfortunately, the Xorg server does not (currently) support
354
354
setting a keymap directly but relies instead on XKB rules to
355
-
select the matching components (keycodes, types, ...) of a layout.
356
-
This means that components other than symbols won't be loaded by
355
+
select the matching components (keycodes, types, …) of a layout.
356
+
This means that components other than symbols won’t be loaded by
357
357
default. As a workaround, you can set the keymap using
358
358
<literal>setxkbmap</literal> at the start of the session with:
359
359
</para>
360
-
<programlisting language="bash">
360
+
<programlisting language="nix">
361
361
services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media";
362
362
</programlisting>
363
363
<para>
364
364
If you are manually starting the X server, you should set the
365
365
argument <literal>-xkbdir /etc/X11/xkb</literal>, otherwise X
366
-
won't find your layout files. For example with
366
+
won’t find your layout files. For example with
367
367
<literal>xinit</literal> run
368
368
</para>
369
369
<programlisting>
+8
-7
nixos/doc/manual/from_md/configuration/xfce.chapter.xml
+8
-7
nixos/doc/manual/from_md/configuration/xfce.chapter.xml
···
3
3
<para>
4
4
To enable the Xfce Desktop Environment, set
5
5
</para>
6
-
<programlisting language="bash">
6
+
<programlisting language="nix">
7
7
services.xserver.desktopManager.xfce.enable = true;
8
8
services.xserver.displayManager.defaultSession = "xfce";
9
9
</programlisting>
···
11
11
Optionally, <emphasis>picom</emphasis> can be enabled for nice
12
12
graphical effects, some example settings:
13
13
</para>
14
-
<programlisting language="bash">
14
+
<programlisting language="nix">
15
15
services.picom = {
16
16
enable = true;
17
17
fade = true;
···
36
36
<xref linkend="opt-environment.systemPackages" />.
37
37
</para>
38
38
<para>
39
-
If you'd like to add extra plugins to Thunar, add them to
40
-
<xref linkend="opt-programs.thunar.plugins" />. You shouldn't just
39
+
If you’d like to add extra plugins to Thunar, add them to
40
+
<xref linkend="opt-programs.thunar.plugins" />. You shouldn’t just
41
41
add them to <xref linkend="opt-environment.systemPackages" />.
42
42
</para>
43
43
</section>
···
54
54
</programlisting>
55
55
<para>
56
56
This is caused by some needed GNOME services not running. This is
57
-
all fixed by enabling "Launch GNOME services on startup"
58
-
in the Advanced tab of the Session and Startup settings panel.
59
-
Alternatively, you can run this command to do the same thing.
57
+
all fixed by enabling <quote>Launch GNOME services on
58
+
startup</quote> in the Advanced tab of the Session and Startup
59
+
settings panel. Alternatively, you can run this command to do the
60
+
same thing.
60
61
</para>
61
62
<programlisting>
62
63
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
+1
-1
nixos/doc/manual/from_md/development/activation-script.section.xml
+1
-1
nixos/doc/manual/from_md/development/activation-script.section.xml
···
22
22
these dependencies into account and order the snippets accordingly.
23
23
As a simple example:
24
24
</para>
25
-
<programlisting language="bash">
25
+
<programlisting language="nix">
26
26
system.activationScripts.my-activation-script = {
27
27
deps = [ "etc" ];
28
28
# supportsDryActivation = true;
+2
-2
nixos/doc/manual/from_md/development/assertions.section.xml
+2
-2
nixos/doc/manual/from_md/development/assertions.section.xml
···
18
18
<para>
19
19
This is an example of using <literal>warnings</literal>.
20
20
</para>
21
-
<programlisting language="bash">
21
+
<programlisting language="nix">
22
22
{ config, lib, ... }:
23
23
{
24
24
config = lib.mkIf config.services.foo.enable {
···
42
42
assertion is useful to prevent such a broken system from being
43
43
built.
44
44
</para>
45
-
<programlisting language="bash">
45
+
<programlisting language="nix">
46
46
{ config, lib, ... }:
47
47
{
48
48
config = lib.mkIf config.services.syslogd.enable {
+1
-1
nixos/doc/manual/from_md/development/bootspec.chapter.xml
+1
-1
nixos/doc/manual/from_md/development/bootspec.chapter.xml
···
43
43
<literal>/etc/os-release</literal> in order to bake it into a
44
44
unified kernel image:
45
45
</para>
46
-
<programlisting language="bash">
46
+
<programlisting language="nix">
47
47
{ config, lib, ... }: {
48
48
boot.bootspec.extensions = {
49
49
"org.secureboot.osRelease" = config.environment.etc."os-release".source;
+3
-3
nixos/doc/manual/from_md/development/freeform-modules.section.xml
+3
-3
nixos/doc/manual/from_md/development/freeform-modules.section.xml
···
30
30
type-checked <literal>settings</literal> attribute</link> for a more
31
31
complete example.
32
32
</para>
33
-
<programlisting language="bash">
33
+
<programlisting language="nix">
34
34
{ lib, config, ... }: {
35
35
36
36
options.settings = lib.mkOption {
···
52
52
<para>
53
53
And the following shows what such a module then allows
54
54
</para>
55
-
<programlisting language="bash">
55
+
<programlisting language="nix">
56
56
{
57
57
# Not a declared option, but the freeform type allows this
58
58
settings.logLevel = "debug";
···
72
72
Freeform attributes cannot depend on other attributes of the same
73
73
set without infinite recursion:
74
74
</para>
75
-
<programlisting language="bash">
75
+
<programlisting language="nix">
76
76
{
77
77
# This throws infinite recursion encountered
78
78
settings.logLevel = lib.mkIf (config.settings.port == 80) "debug";
+4
-4
nixos/doc/manual/from_md/development/importing-modules.section.xml
+4
-4
nixos/doc/manual/from_md/development/importing-modules.section.xml
···
4
4
Sometimes NixOS modules need to be used in configuration but exist
5
5
outside of Nixpkgs. These modules can be imported:
6
6
</para>
7
-
<programlisting language="bash">
7
+
<programlisting language="nix">
8
8
{ config, lib, pkgs, ... }:
9
9
10
10
{
···
23
23
Nixpkgs NixOS modules. Like any NixOS module, this module can import
24
24
additional modules:
25
25
</para>
26
-
<programlisting language="bash">
26
+
<programlisting language="nix">
27
27
# ./module-list/default.nix
28
28
[
29
29
./example-module1
30
30
./example-module2
31
31
]
32
32
</programlisting>
33
-
<programlisting language="bash">
33
+
<programlisting language="nix">
34
34
# ./extra-module/default.nix
35
35
{ imports = import ./module-list.nix; }
36
36
</programlisting>
37
-
<programlisting language="bash">
37
+
<programlisting language="nix">
38
38
# NIXOS_EXTRA_MODULE_PATH=/absolute/path/to/extra-module
39
39
{ config, lib, pkgs, ... }:
40
40
+1
-1
nixos/doc/manual/from_md/development/meta-attributes.section.xml
+1
-1
nixos/doc/manual/from_md/development/meta-attributes.section.xml
+9
-9
nixos/doc/manual/from_md/development/option-declarations.section.xml
+9
-9
nixos/doc/manual/from_md/development/option-declarations.section.xml
···
6
6
hasn’t been declared in any module. An option declaration generally
7
7
looks like this:
8
8
</para>
9
-
<programlisting language="bash">
9
+
<programlisting language="nix">
10
10
options = {
11
11
name = mkOption {
12
12
type = type specification;
···
127
127
For example:
128
128
</para>
129
129
<anchor xml:id="ex-options-declarations-util-mkEnableOption-magic" />
130
-
<programlisting language="bash">
130
+
<programlisting language="nix">
131
131
lib.mkEnableOption "magic"
132
132
# is like
133
133
lib.mkOption {
···
142
142
<para>
143
143
Usage:
144
144
</para>
145
-
<programlisting language="bash">
145
+
<programlisting language="nix">
146
146
mkPackageOption pkgs "name" { default = [ "path" "in" "pkgs" ]; example = "literal example"; }
147
147
</programlisting>
148
148
<para>
···
177
177
Examples:
178
178
</para>
179
179
<anchor xml:id="ex-options-declarations-util-mkPackageOption-hello" />
180
-
<programlisting language="bash">
180
+
<programlisting language="nix">
181
181
lib.mkPackageOption pkgs "hello" { }
182
182
# is like
183
183
lib.mkOption {
···
188
188
}
189
189
</programlisting>
190
190
<anchor xml:id="ex-options-declarations-util-mkPackageOption-ghc" />
191
-
<programlisting language="bash">
191
+
<programlisting language="nix">
192
192
lib.mkPackageOption pkgs "GHC" {
193
193
default = [ "ghc" ];
194
194
example = "pkgs.haskell.packages.ghc92.ghc.withPackages (hkgs: [ hkgs.primes ])";
···
222
222
As an example, we will take the case of display managers.
223
223
There is a central display manager module for generic
224
224
display manager options and a module file per display
225
-
manager backend (sddm, gdm ...).
225
+
manager backend (sddm, gdm …).
226
226
</para>
227
227
<para>
228
228
There are two approaches we could take with this module
···
287
287
<emphasis role="strong">Example: Extensible type placeholder
288
288
in the service module</emphasis>
289
289
</para>
290
-
<programlisting language="bash">
290
+
<programlisting language="nix">
291
291
services.xserver.displayManager.enable = mkOption {
292
292
description = "Display manager to use";
293
293
type = with types; nullOr (enum [ ]);
···
299
299
<literal>services.xserver.displayManager.enable</literal> in
300
300
the <literal>gdm</literal> module</emphasis>
301
301
</para>
302
-
<programlisting language="bash">
302
+
<programlisting language="nix">
303
303
services.xserver.displayManager.enable = mkOption {
304
304
type = with types; nullOr (enum [ "gdm" ]);
305
305
};
···
310
310
<literal>services.xserver.displayManager.enable</literal> in
311
311
the <literal>sddm</literal> module</emphasis>
312
312
</para>
313
-
<programlisting language="bash">
313
+
<programlisting language="nix">
314
314
services.xserver.displayManager.enable = mkOption {
315
315
type = with types; nullOr (enum [ "sddm" ]);
316
316
};
+8
-8
nixos/doc/manual/from_md/development/option-def.section.xml
+8
-8
nixos/doc/manual/from_md/development/option-def.section.xml
···
4
4
Option definitions are generally straight-forward bindings of values
5
5
to option names, like
6
6
</para>
7
-
<programlisting language="bash">
7
+
<programlisting language="nix">
8
8
config = {
9
9
services.httpd.enable = true;
10
10
};
···
21
21
another option, you may need to use <literal>mkIf</literal>.
22
22
Consider, for instance:
23
23
</para>
24
-
<programlisting language="bash">
24
+
<programlisting language="nix">
25
25
config = if config.services.httpd.enable then {
26
26
environment.systemPackages = [ ... ];
27
27
...
···
34
34
value being constructed here. After all, you could also write the
35
35
clearly circular and contradictory:
36
36
</para>
37
-
<programlisting language="bash">
37
+
<programlisting language="nix">
38
38
config = if config.services.httpd.enable then {
39
39
services.httpd.enable = false;
40
40
} else {
···
44
44
<para>
45
45
The solution is to write:
46
46
</para>
47
-
<programlisting language="bash">
47
+
<programlisting language="nix">
48
48
config = mkIf config.services.httpd.enable {
49
49
environment.systemPackages = [ ... ];
50
50
...
···
55
55
of the conditional to be <quote>pushed down</quote> into the
56
56
individual definitions, as if you had written:
57
57
</para>
58
-
<programlisting language="bash">
58
+
<programlisting language="nix">
59
59
config = {
60
60
environment.systemPackages = if config.services.httpd.enable then [ ... ] else [];
61
61
...
···
72
72
option defaults have priority 1500. You can specify an explicit
73
73
priority by using <literal>mkOverride</literal>, e.g.
74
74
</para>
75
-
<programlisting language="bash">
75
+
<programlisting language="nix">
76
76
services.openssh.enable = mkOverride 10 false;
77
77
</programlisting>
78
78
<para>
···
94
94
<literal>mkOrder 500</literal> and
95
95
<literal>mkOrder 1500</literal>, respectively. As an example,
96
96
</para>
97
-
<programlisting language="bash">
97
+
<programlisting language="nix">
98
98
hardware.firmware = mkBefore [ myFirmware ];
99
99
</programlisting>
100
100
<para>
···
117
117
to be merged together as if they were declared in separate
118
118
modules. This can be done using <literal>mkMerge</literal>:
119
119
</para>
120
-
<programlisting language="bash">
120
+
<programlisting language="nix">
121
121
config = mkMerge
122
122
[ # Unconditional stuff.
123
123
{ environment.systemPackages = [ ... ];
+17
-17
nixos/doc/manual/from_md/development/option-types.section.xml
+17
-17
nixos/doc/manual/from_md/development/option-types.section.xml
···
81
81
<para>
82
82
Two definitions of this type like
83
83
</para>
84
-
<programlisting language="bash">
84
+
<programlisting language="nix">
85
85
{
86
86
str = lib.mkDefault "foo";
87
87
pkg.hello = pkgs.hello;
88
88
fun.fun = x: x + 1;
89
89
}
90
90
</programlisting>
91
-
<programlisting language="bash">
91
+
<programlisting language="nix">
92
92
{
93
93
str = lib.mkIf true "bar";
94
94
pkg.gcc = pkgs.gcc;
···
98
98
<para>
99
99
will get merged to
100
100
</para>
101
-
<programlisting language="bash">
101
+
<programlisting language="nix">
102
102
{
103
103
str = "bar";
104
104
pkg.gcc = pkgs.gcc;
···
152
152
<warning>
153
153
<para>
154
154
This type will be deprecated in the future because it
155
-
doesn't recurse into attribute sets, silently drops
156
-
earlier attribute definitions, and doesn't discharge
155
+
doesn’t recurse into attribute sets, silently drops
156
+
earlier attribute definitions, and doesn’t discharge
157
157
<literal>lib.mkDefault</literal>,
158
158
<literal>lib.mkIf</literal> and co. For allowing arbitrary
159
159
attribute sets, prefer
160
160
<literal>types.attrsOf types.anything</literal> instead
161
-
which doesn't have these problems.
161
+
which doesn’t have these problems.
162
162
</para>
163
163
</warning>
164
164
</listitem>
···
453
453
<literal>_module.args</literal> should be used instead
454
454
for most arguments since it allows overriding.
455
455
<emphasis><literal>specialArgs</literal></emphasis>
456
-
should only be used for arguments that can't go through
456
+
should only be used for arguments that can’t go through
457
457
the module fixed-point, because of infinite recursion or
458
458
other problems. An example is overriding the
459
459
<literal>lib</literal> argument, because
···
477
477
instead of requiring
478
478
<literal>the-submodule.config.config = "value"</literal>.
479
479
This is because only when modules
480
-
<emphasis>don't</emphasis> set the
480
+
<emphasis>don’t</emphasis> set the
481
481
<literal>config</literal> or <literal>options</literal>
482
482
keys, all keys are interpreted as option definitions in
483
483
the <literal>config</literal> section. Enabling this
···
668
668
<varlistentry>
669
669
<term>
670
670
<literal>types.oneOf</literal> [
671
-
<emphasis><literal>t1 t2</literal></emphasis> ... ]
671
+
<emphasis><literal>t1 t2</literal></emphasis> … ]
672
672
</term>
673
673
<listitem>
674
674
<para>
···
732
732
<emphasis role="strong">Example: Directly defined
733
733
submodule</emphasis>
734
734
</para>
735
-
<programlisting language="bash">
735
+
<programlisting language="nix">
736
736
options.mod = mkOption {
737
737
description = "submodule example";
738
738
type = with types; submodule {
···
752
752
<emphasis role="strong">Example: Submodule defined as a
753
753
reference</emphasis>
754
754
</para>
755
-
<programlisting language="bash">
755
+
<programlisting language="nix">
756
756
let
757
757
modOptions = {
758
758
options = {
···
787
787
<emphasis role="strong">Example: Declaration of a list of
788
788
submodules</emphasis>
789
789
</para>
790
-
<programlisting language="bash">
790
+
<programlisting language="nix">
791
791
options.mod = mkOption {
792
792
description = "submodule example";
793
793
type = with types; listOf (submodule {
···
807
807
<emphasis role="strong">Example: Definition of a list of
808
808
submodules</emphasis>
809
809
</para>
810
-
<programlisting language="bash">
810
+
<programlisting language="nix">
811
811
config.mod = [
812
812
{ foo = 1; bar = "one"; }
813
813
{ foo = 2; bar = "two"; }
···
827
827
<emphasis role="strong">Example: Declaration of attribute sets of
828
828
submodules</emphasis>
829
829
</para>
830
-
<programlisting language="bash">
830
+
<programlisting language="nix">
831
831
options.mod = mkOption {
832
832
description = "submodule example";
833
833
type = with types; attrsOf (submodule {
···
847
847
<emphasis role="strong">Example: Definition of attribute sets of
848
848
submodules</emphasis>
849
849
</para>
850
-
<programlisting language="bash">
850
+
<programlisting language="nix">
851
851
config.mod.one = { foo = 1; bar = "one"; };
852
852
config.mod.two = { foo = 2; bar = "two"; };
853
853
</programlisting>
···
878
878
<emphasis role="strong">Example: Adding a type
879
879
check</emphasis>
880
880
</para>
881
-
<programlisting language="bash">
881
+
<programlisting language="nix">
882
882
byte = mkOption {
883
883
description = "An integer between 0 and 255.";
884
884
type = types.addCheck types.int (x: x >= 0 && x <= 255);
···
889
889
<emphasis role="strong">Example: Overriding a type
890
890
check</emphasis>
891
891
</para>
892
-
<programlisting language="bash">
892
+
<programlisting language="nix">
893
893
nixThings = mkOption {
894
894
description = "words that start with 'nix'";
895
895
type = types.str // {
+6
-6
nixos/doc/manual/from_md/development/replace-modules.section.xml
+6
-6
nixos/doc/manual/from_md/development/replace-modules.section.xml
···
3
3
<para>
4
4
Modules that are imported can also be disabled. The option
5
5
declarations, config implementation and the imports of a disabled
6
-
module will be ignored, allowing another to take it's place. This
7
-
can be used to import a set of modules from another channel while
6
+
module will be ignored, allowing another to take its place. This can
7
+
be used to import a set of modules from another channel while
8
8
keeping the rest of the system on a stable release.
9
9
</para>
10
10
<para>
···
19
19
This example will replace the existing postgresql module with the
20
20
version defined in the nixos-unstable channel while keeping the rest
21
21
of the modules and packages from the original nixos channel. This
22
-
only overrides the module definition, this won't use postgresql from
22
+
only overrides the module definition, this won’t use postgresql from
23
23
nixos-unstable unless explicitly configured to do so.
24
24
</para>
25
-
<programlisting language="bash">
25
+
<programlisting language="nix">
26
26
{ config, lib, pkgs, ... }:
27
27
28
28
{
···
40
40
<para>
41
41
This example shows how to define a custom module as a replacement
42
42
for an existing module. Importing this module will disable the
43
-
original module without having to know it's implementation details.
43
+
original module without having to know its implementation details.
44
44
</para>
45
-
<programlisting language="bash">
45
+
<programlisting language="nix">
46
46
{ config, lib, pkgs, ... }:
47
47
48
48
with lib;
+5
-6
nixos/doc/manual/from_md/development/settings-options.section.xml
+5
-6
nixos/doc/manual/from_md/development/settings-options.section.xml
···
19
19
</listitem>
20
20
<listitem>
21
21
<para>
22
-
Non-nix-representable ones: These can't be trivially mapped to a
22
+
Non-nix-representable ones: These can’t be trivially mapped to a
23
23
subset of Nix syntax. Most generic programming languages are in
24
24
this group, e.g. bash, since the statement
25
-
<literal>if true; then echo hi; fi</literal> doesn't have a
25
+
<literal>if true; then echo hi; fi</literal> doesn’t have a
26
26
trivial representation in Nix.
27
27
</para>
28
28
<para>
···
42
42
</listitem>
43
43
</itemizedlist>
44
44
<section xml:id="sec-settings-nix-representable">
45
-
<title>Nix-representable Formats (JSON, YAML, TOML, INI,
46
-
...)</title>
45
+
<title>Nix-representable Formats (JSON, YAML, TOML, INI, …)</title>
47
46
<para>
48
47
By convention, formats like this are handled with a generic
49
48
<literal>settings</literal> option, representing the full program
···
318
317
used, along with some other related best practices. See the
319
318
comments for explanations.
320
319
</para>
321
-
<programlisting language="bash">
320
+
<programlisting language="nix">
322
321
{ options, config, lib, pkgs, ... }:
323
322
let
324
323
cfg = config.services.foo;
···
391
390
<emphasis role="strong">Example: Declaring a type-checked
392
391
<literal>settings</literal> attribute</emphasis>
393
392
</para>
394
-
<programlisting language="bash">
393
+
<programlisting language="nix">
395
394
settings = lib.mkOption {
396
395
type = lib.types.submodule {
397
396
+1
-1
nixos/doc/manual/from_md/development/writing-documentation.chapter.xml
+1
-1
nixos/doc/manual/from_md/development/writing-documentation.chapter.xml
+5
-5
nixos/doc/manual/from_md/development/writing-modules.chapter.xml
+5
-5
nixos/doc/manual/from_md/development/writing-modules.chapter.xml
···
32
32
In <xref linkend="sec-configuration-syntax" />, we saw the following
33
33
structure of NixOS modules:
34
34
</para>
35
-
<programlisting language="bash">
35
+
<programlisting language="nix">
36
36
{ config, pkgs, ... }:
37
37
38
38
{ option definitions
···
50
50
<emphasis role="strong">Example: Structure of NixOS
51
51
Modules</emphasis>
52
52
</para>
53
-
<programlisting language="bash">
53
+
<programlisting language="nix">
54
54
{ config, pkgs, ... }:
55
55
56
56
{
···
90
90
This <literal>imports</literal> list enumerates the paths to
91
91
other NixOS modules that should be included in the evaluation of
92
92
the system configuration. A default set of modules is defined in
93
-
the file <literal>modules/module-list.nix</literal>. These don't
93
+
the file <literal>modules/module-list.nix</literal>. These don’t
94
94
need to be added in the import list.
95
95
</para>
96
96
</listitem>
···
146
146
<emphasis role="strong">Example: NixOS Module for the
147
147
<quote>locate</quote> Service</emphasis>
148
148
</para>
149
-
<programlisting language="bash">
149
+
<programlisting language="nix">
150
150
{ config, lib, pkgs, ... }:
151
151
152
152
with lib;
···
208
208
<emphasis role="strong">Example: Escaping in Exec
209
209
directives</emphasis>
210
210
</para>
211
-
<programlisting language="bash">
211
+
<programlisting language="nix">
212
212
{ config, lib, pkgs, utils, ... }:
213
213
214
214
with lib;
+39
-27
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
+39
-27
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
···
3
3
<para>
4
4
A NixOS test is a module that has the following structure:
5
5
</para>
6
-
<programlisting language="bash">
6
+
<programlisting language="nix">
7
7
{
8
8
9
9
# One or more machines:
···
58
58
Tests that are part of NixOS are added to
59
59
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/all-tests.nix"><literal>nixos/tests/all-tests.nix</literal></link>.
60
60
</para>
61
-
<programlisting language="bash">
61
+
<programlisting language="nix">
62
62
hostname = runTest ./hostname.nix;
63
63
</programlisting>
64
64
<para>
65
65
Overrides can be added by defining an anonymous module in
66
66
<literal>all-tests.nix</literal>.
67
67
</para>
68
-
<programlisting language="bash">
68
+
<programlisting language="nix">
69
69
hostname = runTest {
70
70
imports = [ ./hostname.nix ];
71
71
defaults.networking.firewall.enable = false;
···
87
87
Outside the <literal>nixpkgs</literal> repository, you can
88
88
instantiate the test by first importing the NixOS library,
89
89
</para>
90
-
<programlisting language="bash">
90
+
<programlisting language="nix">
91
91
let nixos-lib = import (nixpkgs + "/nixos/lib") { };
92
92
in
93
93
···
255
255
<listitem>
256
256
<para>
257
257
Return a list of different interpretations of what is
258
-
currently visible on the machine's screen using optical
258
+
currently visible on the machine’s screen using optical
259
259
character recognition. The number and order of the
260
260
interpretations is not specified and is subject to change,
261
261
but if no exception is raised at least one will be returned.
···
276
276
<listitem>
277
277
<para>
278
278
Return a textual representation of what is currently visible
279
-
on the machine's screen using optical character recognition.
279
+
on the machine’s screen using optical character recognition.
280
280
</para>
281
281
<note>
282
282
<para>
···
630
630
<literal>stop_job</literal>.
631
631
</para>
632
632
<para>
633
-
For faster dev cycles it's also possible to disable the
634
-
code-linters (this shouldn't be committed though):
633
+
For faster dev cycles it’s also possible to disable the
634
+
code-linters (this shouldn’t be committed though):
635
635
</para>
636
-
<programlisting language="bash">
636
+
<programlisting language="nix">
637
637
{
638
638
skipLint = true;
639
639
nodes.machine =
···
650
650
<para>
651
651
This will produce a Nix warning at evaluation time. To fully
652
652
disable the linter, wrap the test script in comment directives to
653
-
disable the Black linter directly (again, don't commit this within
653
+
disable the Black linter directly (again, don’t commit this within
654
654
the Nixpkgs repository):
655
655
</para>
656
-
<programlisting language="bash">
656
+
<programlisting language="nix">
657
657
testScript =
658
658
''
659
659
# fmt: off
···
665
665
Similarly, the type checking of test scripts can be disabled in
666
666
the following way:
667
667
</para>
668
-
<programlisting language="bash">
668
+
<programlisting language="nix">
669
669
{
670
670
skipTypeCheck = true;
671
671
nodes.machine =
···
700
700
<literal>polling_condition</literal> takes the following
701
701
(optional) arguments:
702
702
</para>
703
-
<para>
704
-
<literal>seconds_interval</literal>
705
-
</para>
706
-
<para>
707
-
: specifies how often the condition should be polled:
708
-
</para>
703
+
<variablelist>
704
+
<varlistentry>
705
+
<term>
706
+
<literal>seconds_interval</literal>
707
+
</term>
708
+
<listitem>
709
+
<para>
710
+
specifies how often the condition should be polled:
711
+
</para>
712
+
</listitem>
713
+
</varlistentry>
714
+
</variablelist>
709
715
<programlisting language="python">
710
716
@polling_condition(seconds_interval=10)
711
717
def foo_running():
712
718
machine.succeed("pgrep -x foo")
713
719
</programlisting>
714
-
<para>
715
-
<literal>description</literal>
716
-
</para>
717
-
<para>
718
-
: is used in the log when the condition is checked. If this is not
719
-
provided, the description is pulled from the docstring of the
720
-
function. These two are therefore equivalent:
721
-
</para>
720
+
<variablelist>
721
+
<varlistentry>
722
+
<term>
723
+
<literal>description</literal>
724
+
</term>
725
+
<listitem>
726
+
<para>
727
+
is used in the log when the condition is checked. If this is
728
+
not provided, the description is pulled from the docstring
729
+
of the function. These two are therefore equivalent:
730
+
</para>
731
+
</listitem>
732
+
</varlistentry>
733
+
</variablelist>
722
734
<programlisting language="python">
723
735
@polling_condition
724
736
def foo_running():
···
739
751
<literal>extraPythonPackages</literal>. For example, you could add
740
752
<literal>numpy</literal> like this:
741
753
</para>
742
-
<programlisting language="bash">
754
+
<programlisting language="nix">
743
755
{
744
756
extraPythonPackages = p: [ p.numpy ];
745
757
+1
-1
nixos/doc/manual/from_md/installation/building-nixos.chapter.xml
+1
-1
nixos/doc/manual/from_md/installation/building-nixos.chapter.xml
+4
-4
nixos/doc/manual/from_md/installation/changing-config.chapter.xml
+4
-4
nixos/doc/manual/from_md/installation/changing-config.chapter.xml
···
16
16
</para>
17
17
<warning>
18
18
<para>
19
-
This command doesn't start/stop
19
+
This command doesn’t start/stop
20
20
<link linkend="opt-systemd.user.services">user services</link>
21
21
automatically. <literal>nixos-rebuild</literal> only runs a
22
22
<literal>daemon-reload</literal> for each user with running user
···
64
64
<para>
65
65
which causes the new configuration (and previous ones created using
66
66
<literal>-p test</literal>) to show up in the GRUB submenu
67
-
<quote>NixOS - Profile 'test'</quote>. This can be useful to
68
-
separate test configurations from <quote>stable</quote>
67
+
<quote>NixOS - Profile <quote>test</quote></quote>. This can be
68
+
useful to separate test configurations from <quote>stable</quote>
69
69
configurations.
70
70
</para>
71
71
<para>
···
94
94
unless you have set <literal>mutableUsers = false</literal>. Another
95
95
way is to temporarily add the following to your configuration:
96
96
</para>
97
-
<programlisting language="bash">
97
+
<programlisting language="nix">
98
98
users.users.your-user.initialHashedPassword = "test";
99
99
</programlisting>
100
100
<para>
+1
-1
nixos/doc/manual/from_md/installation/installing-behind-a-proxy.section.xml
+1
-1
nixos/doc/manual/from_md/installation/installing-behind-a-proxy.section.xml
···
11
11
<literal>/mnt/etc/nixos/configuration.nix</literal> to keep the
12
12
internet accessible after reboot.
13
13
</para>
14
-
<programlisting language="bash">
14
+
<programlisting language="nix">
15
15
networking.proxy.default = "http://user:password@proxy:port/";
16
16
networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
17
17
</programlisting>
+23
-23
nixos/doc/manual/from_md/installation/installing-from-other-distro.section.xml
+23
-23
nixos/doc/manual/from_md/installation/installing-from-other-distro.section.xml
···
53
53
Switch to the NixOS channel:
54
54
</para>
55
55
<para>
56
-
If you've just installed Nix on a non-NixOS distribution, you
56
+
If you’ve just installed Nix on a non-NixOS distribution, you
57
57
will be on the <literal>nixpkgs</literal> channel by default.
58
58
</para>
59
59
<programlisting>
···
78
78
Install the NixOS installation tools:
79
79
</para>
80
80
<para>
81
-
You'll need <literal>nixos-generate-config</literal> and
81
+
You’ll need <literal>nixos-generate-config</literal> and
82
82
<literal>nixos-install</literal>, but this also makes some man
83
83
pages and <literal>nixos-enter</literal> available, just in case
84
84
you want to chroot into your NixOS partition. NixOS installs
85
-
these by default, but you don't have NixOS yet..
85
+
these by default, but you don’t have NixOS yet..
86
86
</para>
87
87
<programlisting>
88
88
$ nix-env -f '<nixpkgs>' -iA nixos-install-tools
···
105
105
mounting steps of <xref linkend="sec-installation" />
106
106
</para>
107
107
<para>
108
-
If you're about to install NixOS in place using
108
+
If you’re about to install NixOS in place using
109
109
<literal>NIXOS_LUSTRATE</literal> there is nothing to do for
110
110
this step.
111
111
</para>
···
118
118
$ sudo `which nixos-generate-config` --root /mnt
119
119
</programlisting>
120
120
<para>
121
-
You'll probably want to edit the configuration files. Refer to
121
+
You’ll probably want to edit the configuration files. Refer to
122
122
the <literal>nixos-generate-config</literal> step in
123
123
<xref linkend="sec-installation" /> for more information.
124
124
</para>
125
125
<para>
126
126
Consider setting up the NixOS bootloader to give you the ability
127
127
to boot on your existing Linux partition. For instance, if
128
-
you're using GRUB and your existing distribution is running
128
+
you’re using GRUB and your existing distribution is running
129
129
Ubuntu, you may want to add something like this to your
130
130
<literal>configuration.nix</literal>:
131
131
</para>
132
-
<programlisting language="bash">
132
+
<programlisting language="nix">
133
133
boot.loader.grub.extraEntries = ''
134
134
menuentry "Ubuntu" {
135
135
search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e
···
215
215
</programlisting>
216
216
<para>
217
217
Note that this will place the generated configuration files in
218
-
<literal>/etc/nixos</literal>. You'll probably want to edit the
218
+
<literal>/etc/nixos</literal>. You’ll probably want to edit the
219
219
configuration files. Refer to the
220
220
<literal>nixos-generate-config</literal> step in
221
221
<xref linkend="sec-installation" /> for more information.
222
222
</para>
223
223
<para>
224
-
You'll likely want to set a root password for your first boot
225
-
using the configuration files because you won't have a chance to
224
+
You’ll likely want to set a root password for your first boot
225
+
using the configuration files because you won’t have a chance to
226
226
enter a password until after you reboot. You can initialize the
227
227
root password to an empty one with this line: (and of course
228
-
don't forget to set one once you've rebooted or to lock the
228
+
don’t forget to set one once you’ve rebooted or to lock the
229
229
account with <literal>sudo passwd -l root</literal> if you use
230
230
<literal>sudo</literal>)
231
231
</para>
232
-
<programlisting language="bash">
232
+
<programlisting language="nix">
233
233
users.users.root.initialHashedPassword = "";
234
234
</programlisting>
235
235
</listitem>
···
262
262
</para>
263
263
<para>
264
264
<literal>/etc/NIXOS_LUSTRATE</literal> tells the NixOS bootup
265
-
scripts to move <emphasis>everything</emphasis> that's in the
265
+
scripts to move <emphasis>everything</emphasis> that’s in the
266
266
root partition to <literal>/old-root</literal>. This will move
267
267
your existing distribution out of the way in the very early
268
268
stages of the NixOS bootup. There are exceptions (we do need to
···
290
290
<note>
291
291
<para>
292
292
Support for <literal>NIXOS_LUSTRATE</literal> was added in
293
-
NixOS 16.09. The act of "lustrating" refers to the
294
-
wiping of the existing distribution. Creating
293
+
NixOS 16.09. The act of <quote>lustrating</quote> refers to
294
+
the wiping of the existing distribution. Creating
295
295
<literal>/etc/NIXOS_LUSTRATE</literal> can also be used on
296
296
NixOS to remove all mutable files from your root partition
297
-
(anything that's not in <literal>/nix</literal> or
298
-
<literal>/boot</literal> gets "lustrated" on the
297
+
(anything that’s not in <literal>/nix</literal> or
298
+
<literal>/boot</literal> gets <quote>lustrated</quote> on the
299
299
next boot.
300
300
</para>
301
301
<para>
···
307
307
</para>
308
308
</note>
309
309
<para>
310
-
Let's create the files:
310
+
Let’s create the files:
311
311
</para>
312
312
<programlisting>
313
313
$ sudo touch /etc/NIXOS
314
314
$ sudo touch /etc/NIXOS_LUSTRATE
315
315
</programlisting>
316
316
<para>
317
-
Let's also make sure the NixOS configuration files are kept once
317
+
Let’s also make sure the NixOS configuration files are kept once
318
318
we reboot on NixOS:
319
319
</para>
320
320
<programlisting>
···
331
331
<warning>
332
332
<para>
333
333
Once you complete this step, your current distribution will no
334
-
longer be bootable! If you didn't get all the NixOS
334
+
longer be bootable! If you didn’t get all the NixOS
335
335
configuration right, especially those settings pertaining to
336
336
boot loading and root partition, NixOS may not be bootable
337
337
either. Have a USB rescue device ready in case this happens.
···
349
349
<listitem>
350
350
<para>
351
351
If for some reason you want to revert to the old distribution,
352
-
you'll need to boot on a USB rescue disk and do something along
352
+
you’ll need to boot on a USB rescue disk and do something along
353
353
these lines:
354
354
</para>
355
355
<programlisting>
···
367
367
loader.
368
368
</para>
369
369
<para>
370
-
And of course, if you're happy with NixOS and no longer need the
370
+
And of course, if you’re happy with NixOS and no longer need the
371
371
old distribution:
372
372
</para>
373
373
<programlisting>
···
376
376
</listitem>
377
377
<listitem>
378
378
<para>
379
-
It's also worth noting that this whole process can be automated.
379
+
It’s also worth noting that this whole process can be automated.
380
380
This is especially useful for Cloud VMs, where provider do not
381
381
provide NixOS. For instance,
382
382
<link xlink:href="https://github.com/elitak/nixos-infect">nixos-infect</link>
+2
-2
nixos/doc/manual/from_md/installation/installing-kexec.section.xml
+2
-2
nixos/doc/manual/from_md/installation/installing-kexec.section.xml
···
54
54
running Linux Distribution.
55
55
</para>
56
56
<para>
57
-
Note it’s symlinks pointing elsewhere, so <literal>cd</literal> in,
57
+
Note its symlinks pointing elsewhere, so <literal>cd</literal> in,
58
58
and use <literal>scp * root@$destination</literal> to copy it over,
59
59
rather than rsync.
60
60
</para>
···
69
69
instead of the default installer image, you can build your own
70
70
<literal>configuration.nix</literal>:
71
71
</para>
72
-
<programlisting language="bash">
72
+
<programlisting language="nix">
73
73
{ modulesPath, ... }: {
74
74
imports = [
75
75
(modulesPath + "/installer/netboot/netboot-minimal.nix")
+6
-6
nixos/doc/manual/from_md/installation/installing-usb.section.xml
+6
-6
nixos/doc/manual/from_md/installation/installing-usb.section.xml
···
110
110
sudo dd if=<path-to-image> of=/dev/rdiskX bs=4m
111
111
</programlisting>
112
112
<para>
113
-
After <literal>dd</literal> completes, a GUI dialog "The disk
114
-
you inserted was not readable by this computer" will pop up,
115
-
which can be ignored.
113
+
After <literal>dd</literal> completes, a GUI dialog <quote>The
114
+
disk you inserted was not readable by this computer</quote> will
115
+
pop up, which can be ignored.
116
116
</para>
117
117
<note>
118
118
<para>
119
-
Using the 'raw' <literal>rdiskX</literal> device instead of
120
-
<literal>diskX</literal> with dd completes in minutes instead of
121
-
hours.
119
+
Using the <quote>raw</quote> <literal>rdiskX</literal> device
120
+
instead of <literal>diskX</literal> with dd completes in minutes
121
+
instead of hours.
122
122
</para>
123
123
</note>
124
124
<orderedlist numeration="arabic" spacing="compact">
+7
-7
nixos/doc/manual/from_md/installation/installing-virtualbox-guest.section.xml
+7
-7
nixos/doc/manual/from_md/installation/installing-virtualbox-guest.section.xml
···
11
11
<orderedlist numeration="arabic">
12
12
<listitem>
13
13
<para>
14
-
Add a New Machine in VirtualBox with OS Type "Linux / Other
15
-
Linux"
14
+
Add a New Machine in VirtualBox with OS Type <quote>Linux /
15
+
Other Linux</quote>
16
16
</para>
17
17
</listitem>
18
18
<listitem>
···
38
38
<listitem>
39
39
<para>
40
40
Click on Settings / System / Acceleration and enable
41
-
"VT-x/AMD-V" acceleration
41
+
<quote>VT-x/AMD-V</quote> acceleration
42
42
</para>
43
43
</listitem>
44
44
<listitem>
···
58
58
There are a few modifications you should make in configuration.nix.
59
59
Enable booting:
60
60
</para>
61
-
<programlisting language="bash">
61
+
<programlisting language="nix">
62
62
boot.loader.grub.device = "/dev/sda";
63
63
</programlisting>
64
64
<para>
65
65
Also remove the fsck that runs at startup. It will always fail to
66
66
run, stopping your boot until you press <literal>*</literal>.
67
67
</para>
68
-
<programlisting language="bash">
68
+
<programlisting language="nix">
69
69
boot.initrd.checkJournalingFS = false;
70
70
</programlisting>
71
71
<para>
72
72
Shared folders can be given a name and a path in the host system in
73
73
the VirtualBox settings (Machine / Settings / Shared Folders, then
74
-
click on the "Add" icon). Add the following to the
74
+
click on the <quote>Add</quote> icon). Add the following to the
75
75
<literal>/etc/nixos/configuration.nix</literal> to auto-mount them.
76
76
If you do not add <literal>"nofail"</literal>, the system
77
77
will not boot properly.
78
78
</para>
79
-
<programlisting language="bash">
79
+
<programlisting language="nix">
80
80
{ config, pkgs, ...} :
81
81
{
82
82
fileSystems."/virtualboxshare" = {
+4
-4
nixos/doc/manual/from_md/installation/installing.chapter.xml
+4
-4
nixos/doc/manual/from_md/installation/installing.chapter.xml
···
345
345
<!-- legacy anchor -->
346
346
</para>
347
347
<para>
348
-
Here's an example partition scheme for UEFI, using
348
+
Here’s an example partition scheme for UEFI, using
349
349
<literal>/dev/sda</literal> as the device.
350
350
</para>
351
351
<note>
352
352
<para>
353
-
You can safely ignore <literal>parted</literal>'s
353
+
You can safely ignore <literal>parted</literal>’s
354
354
informational message about needing to update /etc/fstab.
355
355
</para>
356
356
</note>
···
415
415
<!-- legacy anchor -->
416
416
</para>
417
417
<para>
418
-
Here's an example partition scheme for Legacy Boot, using
418
+
Here’s an example partition scheme for Legacy Boot, using
419
419
<literal>/dev/sda</literal> as the device.
420
420
</para>
421
421
<note>
422
422
<para>
423
-
You can safely ignore <literal>parted</literal>'s
423
+
You can safely ignore <literal>parted</literal>’s
424
424
informational message about needing to update /etc/fstab.
425
425
</para>
426
426
</note>
+2
-2
nixos/doc/manual/from_md/installation/upgrading.chapter.xml
+2
-2
nixos/doc/manual/from_md/installation/upgrading.chapter.xml
···
128
128
You can keep a NixOS system up-to-date automatically by adding the
129
129
following to <literal>configuration.nix</literal>:
130
130
</para>
131
-
<programlisting language="bash">
131
+
<programlisting language="nix">
132
132
system.autoUpgrade.enable = true;
133
133
system.autoUpgrade.allowReboot = true;
134
134
</programlisting>
···
145
145
contains a different kernel, initrd or kernel modules. You can
146
146
also specify a channel explicitly, e.g.
147
147
</para>
148
-
<programlisting language="bash">
148
+
<programlisting language="nix">
149
149
system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.11;
150
150
</programlisting>
151
151
</section>
+5
-5
nixos/doc/manual/from_md/release-notes/rl-1404.section.xml
+5
-5
nixos/doc/manual/from_md/release-notes/rl-1404.section.xml
···
79
79
the NixOS configuration. For instance, if a package
80
80
<literal>foo</literal> provides systemd units, you can say:
81
81
</para>
82
-
<programlisting language="bash">
82
+
<programlisting language="nix">
83
83
{
84
84
systemd.packages = [ pkgs.foo ];
85
85
}
···
88
88
to enable those units. You can then set or override unit options
89
89
in the usual way, e.g.
90
90
</para>
91
-
<programlisting language="bash">
91
+
<programlisting language="nix">
92
92
{
93
93
systemd.services.foo.wantedBy = [ "multi-user.target" ];
94
94
systemd.services.foo.serviceConfig.MemoryLimit = "512M";
···
105
105
NixOS configuration requires unfree packages from Nixpkgs, you
106
106
need to enable support for them explicitly by setting:
107
107
</para>
108
-
<programlisting language="bash">
108
+
<programlisting language="nix">
109
109
{
110
110
nixpkgs.config.allowUnfree = true;
111
111
}
···
123
123
The Adobe Flash player is no longer enabled by default in the
124
124
Firefox and Chromium wrappers. To enable it, you must set:
125
125
</para>
126
-
<programlisting language="bash">
126
+
<programlisting language="nix">
127
127
{
128
128
nixpkgs.config.allowUnfree = true;
129
129
nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox
···
136
136
The firewall is now enabled by default. If you don’t want this,
137
137
you need to disable it explicitly:
138
138
</para>
139
-
<programlisting language="bash">
139
+
<programlisting language="nix">
140
140
{
141
141
networking.firewall.enable = false;
142
142
}
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1412.section.xml
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1412.section.xml
···
370
370
documentation</link> for details. If you wish to continue to use
371
371
httpd 2.2, add the following line to your NixOS configuration:
372
372
</para>
373
-
<programlisting language="bash">
373
+
<programlisting language="nix">
374
374
{
375
375
services.httpd.package = pkgs.apacheHttpd_2_2;
376
376
}
+20
-20
nixos/doc/manual/from_md/release-notes/rl-1509.section.xml
+20
-20
nixos/doc/manual/from_md/release-notes/rl-1509.section.xml
···
9
9
<para>
10
10
The <link xlink:href="http://haskell.org/">Haskell</link>
11
11
packages infrastructure has been re-designed from the ground up
12
-
("Haskell NG"). NixOS now distributes the latest
12
+
(<quote>Haskell NG</quote>). NixOS now distributes the latest
13
13
version of every single package registered on
14
14
<link xlink:href="http://hackage.haskell.org/">Hackage</link> --
15
15
well in excess of 8,000 Haskell packages. Detailed instructions
16
16
on how to use that infrastructure can be found in the
17
-
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
17
+
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User’s
18
18
Guide to the Haskell Infrastructure</link>. Users migrating from
19
19
an earlier release may find helpful information below, in the
20
20
list of backwards-incompatible changes. Furthermore, we
···
23
23
Haskell</link> release since version 0.0 as well as the most
24
24
recent <link xlink:href="http://www.stackage.org/">Stackage
25
25
Nightly</link> snapshot. The announcement
26
-
<link xlink:href="https://nixos.org/nix-dev/2015-September/018138.html">"Full
27
-
Stackage Support in Nixpkgs"</link> gives additional
26
+
<link xlink:href="https://nixos.org/nix-dev/2015-September/018138.html"><quote>Full
27
+
Stackage Support in Nixpkgs</quote></link> gives additional
28
28
details.
29
29
</para>
30
30
</listitem>
···
42
42
</para>
43
43
</listitem>
44
44
</itemizedlist>
45
-
<programlisting language="bash">
45
+
<programlisting language="nix">
46
46
{
47
47
system.autoUpgrade.enable = true;
48
48
}
···
432
432
</para>
433
433
</listitem>
434
434
</itemizedlist>
435
-
<programlisting language="bash">
435
+
<programlisting language="nix">
436
436
{
437
437
system.stateVersion = "14.12";
438
438
}
···
464
464
</listitem>
465
465
<listitem>
466
466
<para>
467
-
Steam now doesn't need root rights to work. Instead of using
467
+
Steam now doesn’t need root rights to work. Instead of using
468
468
<literal>*-steam-chrootenv</literal>, you should now just run
469
469
<literal>steam</literal>. <literal>steamChrootEnv</literal>
470
470
package was renamed to <literal>steam</literal>, and old
···
523
523
</para>
524
524
</listitem>
525
525
</itemizedlist>
526
-
<programlisting language="bash">
526
+
<programlisting language="nix">
527
527
{
528
528
fileSystems."/shiny" = {
529
529
device = "myshinysharedfolder";
···
534
534
<itemizedlist spacing="compact">
535
535
<listitem>
536
536
<para>
537
-
"<literal>nix-env -qa</literal>" no longer discovers
538
-
Haskell packages by name. The only packages visible in the
539
-
global scope are <literal>ghc</literal>,
537
+
<quote><literal>nix-env -qa</literal></quote> no longer
538
+
discovers Haskell packages by name. The only packages visible in
539
+
the global scope are <literal>ghc</literal>,
540
540
<literal>cabal-install</literal>, and <literal>stack</literal>,
541
541
but all other packages are hidden. The reason for this
542
542
inconvenience is the sheer size of the Haskell package set.
543
543
Name-based lookups are expensive, and most
544
544
<literal>nix-env -qa</literal> operations would become much
545
-
slower if we'd add the entire Hackage database into the top
545
+
slower if we’d add the entire Hackage database into the top
546
546
level attribute set. Instead, the list of Haskell packages can
547
547
be displayed by running:
548
548
</para>
···
566
566
<para>
567
567
Previous versions of NixOS came with a feature called
568
568
<literal>ghc-wrapper</literal>, a small script that allowed GHC
569
-
to transparently pick up on libraries installed in the user's
569
+
to transparently pick up on libraries installed in the user’s
570
570
profile. This feature has been deprecated;
571
571
<literal>ghc-wrapper</literal> was removed from the
572
572
distribution. The proper way to register Haskell libraries with
573
573
the compiler now is the
574
574
<literal>haskellPackages.ghcWithPackages</literal> function. The
575
-
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
575
+
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User’s
576
576
Guide to the Haskell Infrastructure</link> provides more
577
577
information about this subject.
578
578
</para>
···
593
593
have a function attribute called <literal>extension</literal>
594
594
that users could override in their
595
595
<literal>~/.nixpkgs/config.nix</literal> files to configure
596
-
additional attributes, etc. That function still exists, but it's
596
+
additional attributes, etc. That function still exists, but it’s
597
597
now called <literal>overrides</literal>.
598
598
</para>
599
599
</listitem>
···
662
662
<literal>lib</literal>, after adding it as argument of the
663
663
module. The following module
664
664
</para>
665
-
<programlisting language="bash">
665
+
<programlisting language="nix">
666
666
{ config, pkgs, ... }:
667
667
668
668
with pkgs.lib;
···
677
677
<para>
678
678
should be modified to look like:
679
679
</para>
680
-
<programlisting language="bash">
680
+
<programlisting language="nix">
681
681
{ config, pkgs, lib, ... }:
682
682
683
683
with lib;
···
695
695
replaced by <literal>(import <nixpkgs> {})</literal>. The
696
696
following module
697
697
</para>
698
-
<programlisting language="bash">
698
+
<programlisting language="nix">
699
699
{ config, pkgs, ... }:
700
700
701
701
let
···
712
712
<para>
713
713
should be modified to look like:
714
714
</para>
715
-
<programlisting language="bash">
715
+
<programlisting language="nix">
716
716
{ config, pkgs, ... }:
717
717
718
718
let
···
748
748
<literal>/etc/ssh/moduli</literal> file with respect to the
749
749
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
750
750
discovered in the Diffie-Hellman key exchange</link> can now
751
-
replace OpenSSH's default version with one they generated
751
+
replace OpenSSH’s default version with one they generated
752
752
themselves using the new
753
753
<literal>services.openssh.moduliFile</literal> option.
754
754
</para>
+15
-15
nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
+15
-15
nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
···
378
378
You will need to add an import statement to your NixOS
379
379
configuration in order to use it, e.g.
380
380
</para>
381
-
<programlisting language="bash">
381
+
<programlisting language="nix">
382
382
{
383
383
imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
384
384
}
···
395
395
to be built in. All modules now reside in
396
396
<literal>nginxModules</literal> set. Example configuration:
397
397
</para>
398
-
<programlisting language="bash">
398
+
<programlisting language="nix">
399
399
nginx.override {
400
400
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
401
401
}
···
403
403
</listitem>
404
404
<listitem>
405
405
<para>
406
-
<literal>s3sync</literal> is removed, as it hasn't been
406
+
<literal>s3sync</literal> is removed, as it hasn’t been
407
407
developed by upstream for 4 years and only runs with ruby 1.8.
408
408
For an actively-developer alternative look at
409
409
<literal>tarsnap</literal> and others.
···
411
411
</listitem>
412
412
<listitem>
413
413
<para>
414
-
<literal>ruby_1_8</literal> has been removed as it's not
414
+
<literal>ruby_1_8</literal> has been removed as it’s not
415
415
supported from upstream anymore and probably contains security
416
416
issues.
417
417
</para>
···
439
439
<listitem>
440
440
<para>
441
441
The <literal>Ctrl+Alt+Backspace</literal> key combination no
442
-
longer kills the X server by default. There's a new option
442
+
longer kills the X server by default. There’s a new option
443
443
<literal>services.xserver.enableCtrlAltBackspace</literal>
444
444
allowing to enable the combination again.
445
445
</para>
···
457
457
<literal>/var/lib/postfix</literal>. Old configurations are
458
458
migrated automatically. <literal>service.postfix</literal>
459
459
module has also received many improvements, such as correct
460
-
directories' access rights, new <literal>aliasFiles</literal>
460
+
directories’ access rights, new <literal>aliasFiles</literal>
461
461
and <literal>mapFiles</literal> options and more.
462
462
</para>
463
463
</listitem>
···
468
468
continue to work, but print a warning, until the 16.09 release.
469
469
An example of the new style:
470
470
</para>
471
-
<programlisting language="bash">
471
+
<programlisting language="nix">
472
472
{
473
473
fileSystems."/example" = {
474
474
device = "/dev/sdc";
···
497
497
<para>
498
498
There are also Gutenprint improvements; in particular, a new
499
499
option <literal>services.printing.gutenprint</literal> is added
500
-
to enable automatic updating of Gutenprint PPMs; it's greatly
500
+
to enable automatic updating of Gutenprint PPMs; it’s greatly
501
501
recommended to enable it instead of adding
502
502
<literal>gutenprint</literal> to the <literal>drivers</literal>
503
503
list.
···
524
524
used input method name, <literal>"ibus"</literal> for
525
525
ibus. An example of the new style:
526
526
</para>
527
-
<programlisting language="bash">
527
+
<programlisting language="nix">
528
528
{
529
529
i18n.inputMethod.enabled = "ibus";
530
530
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
···
533
533
<para>
534
534
That is equivalent to the old version:
535
535
</para>
536
-
<programlisting language="bash">
536
+
<programlisting language="nix">
537
537
{
538
538
programs.ibus.enable = true;
539
539
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
···
545
545
<literal>services.udev.extraRules</literal> option now writes
546
546
rules to <literal>99-local.rules</literal> instead of
547
547
<literal>10-local.rules</literal>. This makes all the user rules
548
-
apply after others, so their results wouldn't be overridden by
548
+
apply after others, so their results wouldn’t be overridden by
549
549
anything else.
550
550
</para>
551
551
</listitem>
···
587
587
point to exact folder where syncthing is writing to. Example
588
588
configuration should look something like:
589
589
</para>
590
-
<programlisting language="bash">
590
+
<programlisting language="nix">
591
591
{
592
592
services.syncthing = {
593
593
enable = true;
···
632
632
The <literal>services.xserver.startGnuPGAgent</literal> option
633
633
has been removed. GnuPG 2.1.x changed the way the gpg-agent
634
634
works, and that new approach no longer requires (or even
635
-
supports) the "start everything as a child of the
636
-
agent" scheme we've implemented in NixOS for older
635
+
supports) the <quote>start everything as a child of the
636
+
agent</quote> scheme we’ve implemented in NixOS for older
637
637
versions. To configure the gpg-agent for your X session, add the
638
638
following code to <literal>~/.bashrc</literal> or some file
639
639
that’s sourced when your shell is started:
···
670
670
</programlisting>
671
671
<para>
672
672
The <literal>gpg-agent(1)</literal> man page has more details
673
-
about this subject, i.e. in the "EXAMPLES" section.
673
+
about this subject, i.e. in the <quote>EXAMPLES</quote> section.
674
674
</para>
675
675
</listitem>
676
676
</itemizedlist>
+4
-4
nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
+4
-4
nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
···
78
78
LTS Haskell package set. That support has been dropped. The
79
79
previously provided <literal>haskell.packages.lts-x_y</literal>
80
80
package sets still exist in name to aviod breaking user code,
81
-
but these package sets don't actually contain the versions
81
+
but these package sets don’t actually contain the versions
82
82
mandated by the corresponding LTS release. Instead, our package
83
83
set it loosely based on the latest available LTS release, i.e.
84
84
LTS 7.x at the time of this writing. New releases of NixOS and
···
119
119
</listitem>
120
120
<listitem>
121
121
<para>
122
-
Gitlab's maintainance script <literal>gitlab-runner</literal>
122
+
Gitlab’s maintainance script <literal>gitlab-runner</literal>
123
123
was removed and split up into the more clearer
124
124
<literal>gitlab-run</literal> and <literal>gitlab-rake</literal>
125
125
scripts, because <literal>gitlab-runner</literal> is a component
···
164
164
<para>
165
165
<literal>goPackages</literal> was replaced with separated Go
166
166
applications in appropriate <literal>nixpkgs</literal>
167
-
categories. Each Go package uses its own dependency set. There's
167
+
categories. Each Go package uses its own dependency set. There’s
168
168
also a new <literal>go2nix</literal> tool introduced to generate
169
169
a Go package definition from its Go source automatically.
170
170
</para>
···
192
192
interface has been streamlined. Desktop users should be able to
193
193
simply set
194
194
</para>
195
-
<programlisting language="bash">
195
+
<programlisting language="nix">
196
196
{
197
197
security.grsecurity.enable = true;
198
198
}
+9
-9
nixos/doc/manual/from_md/release-notes/rl-1703.section.xml
+9
-9
nixos/doc/manual/from_md/release-notes/rl-1703.section.xml
···
22
22
</listitem>
23
23
<listitem>
24
24
<para>
25
-
The default desktop environment now is KDE's Plasma 5. KDE 4
25
+
The default desktop environment now is KDE’s Plasma 5. KDE 4
26
26
has been removed
27
27
</para>
28
28
</listitem>
···
560
560
Parsoid service now uses YAML configuration format.
561
561
<literal>service.parsoid.interwikis</literal> is now called
562
562
<literal>service.parsoid.wikis</literal> and is a list of
563
-
either API URLs or attribute sets as specified in parsoid's
563
+
either API URLs or attribute sets as specified in parsoid’s
564
564
documentation.
565
565
</para>
566
566
</listitem>
···
581
581
<literal>service.nylon</literal> is now declared using named
582
582
instances. As an example:
583
583
</para>
584
-
<programlisting language="bash">
584
+
<programlisting language="nix">
585
585
{
586
586
services.nylon = {
587
587
enable = true;
···
594
594
<para>
595
595
should be replaced with:
596
596
</para>
597
-
<programlisting language="bash">
597
+
<programlisting language="nix">
598
598
{
599
599
services.nylon.myvpn = {
600
600
enable = true;
···
615
615
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
616
616
overlays</link>. For example, the following code:
617
617
</para>
618
-
<programlisting language="bash">
618
+
<programlisting language="nix">
619
619
let
620
620
pkgs = import <nixpkgs> {};
621
621
in
···
624
624
<para>
625
625
should be replaced by:
626
626
</para>
627
-
<programlisting language="bash">
627
+
<programlisting language="nix">
628
628
let
629
629
pkgs = import <nixpkgs> {};
630
630
in
···
647
647
<listitem>
648
648
<para>
649
649
<literal>local_recipient_maps</literal> is not set to empty
650
-
value by Postfix service. It's an insecure default as stated
650
+
value by Postfix service. It’s an insecure default as stated
651
651
by Postfix documentation. Those who want to retain this
652
652
setting need to set it via
653
653
<literal>services.postfix.extraConfig</literal>.
···
669
669
<listitem>
670
670
<para>
671
671
The socket handling of the <literal>services.rmilter</literal>
672
-
module has been fixed and refactored. As rmilter doesn't
672
+
module has been fixed and refactored. As rmilter doesn’t
673
673
support binding to more than one socket, the options
674
674
<literal>bindUnixSockets</literal> and
675
675
<literal>bindInetSockets</literal> have been replaced by
···
729
729
improves visual consistency and makes Java follow system font
730
730
style, improving the situation on HighDPI displays. This has a
731
731
cost of increased closure size; for server and other headless
732
-
workloads it's recommended to use
732
+
workloads it’s recommended to use
733
733
<literal>jre_headless</literal>.
734
734
</para>
735
735
</listitem>
+18
-18
nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
+18
-18
nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
···
26
26
The module option
27
27
<literal>services.xserver.xrandrHeads</literal> now causes the
28
28
first head specified in this list to be set as the primary
29
-
head. Apart from that, it's now possible to also set
29
+
head. Apart from that, it’s now possible to also set
30
30
additional options by using an attribute set, for example:
31
31
</para>
32
-
<programlisting language="bash">
32
+
<programlisting language="nix">
33
33
{ services.xserver.xrandrHeads = [
34
34
"HDMI-0"
35
35
{
···
543
543
</listitem>
544
544
<listitem>
545
545
<para>
546
-
Radicale's default package has changed from 1.x to 2.x.
546
+
Radicale’s default package has changed from 1.x to 2.x.
547
547
Instructions to migrate can be found
548
548
<link xlink:href="http://radicale.org/1to2/"> here
549
549
</link>. It is also possible to use the newer version by
···
582
582
</listitem>
583
583
<listitem>
584
584
<para>
585
-
<literal>flexget</literal>'s state database cannot be upgraded
585
+
<literal>flexget</literal>’s state database cannot be upgraded
586
586
to its new internal format, requiring removal of any existing
587
587
<literal>db-config.sqlite</literal> which will be
588
588
automatically recreated.
···
590
590
</listitem>
591
591
<listitem>
592
592
<para>
593
-
The <literal>ipfs</literal> service now doesn't ignore the
594
-
<literal>dataDir</literal> option anymore. If you've ever set
595
-
this option to anything other than the default you'll have to
593
+
The <literal>ipfs</literal> service now doesn’t ignore the
594
+
<literal>dataDir</literal> option anymore. If you’ve ever set
595
+
this option to anything other than the default you’ll have to
596
596
either unset it (so the default gets used) or migrate the old
597
597
data manually with
598
598
</para>
···
651
651
</listitem>
652
652
<listitem>
653
653
<para>
654
-
<literal>cc-wrapper</literal>'s setup-hook now exports a
654
+
<literal>cc-wrapper</literal><quote>s setup-hook now exports a
655
655
number of environment variables corresponding to binutils
656
656
binaries, (e.g. <literal>LD</literal>,
657
657
<literal>STRIP</literal>, <literal>RANLIB</literal>, etc).
658
-
This is done to prevent packages' build systems guessing,
659
-
which is harder to predict, especially when cross-compiling.
660
-
However, some packages have broken due to this—their build
661
-
systems either not supporting, or claiming to support without
662
-
adequate testing, taking such environment variables as
663
-
parameters.
658
+
This is done to prevent packages</quote> build systems
659
+
guessing, which is harder to predict, especially when
660
+
cross-compiling. However, some packages have broken due to
661
+
this—their build systems either not supporting, or claiming to
662
+
support without adequate testing, taking such environment
663
+
variables as parameters.
664
664
</para>
665
665
</listitem>
666
666
<listitem>
···
688
688
</listitem>
689
689
<listitem>
690
690
<para>
691
-
grsecurity/PaX support has been dropped, following upstream's
691
+
grsecurity/PaX support has been dropped, following upstream’s
692
692
decision to cease free support. See
693
693
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
694
-
upstream's announcement</link> for more information. No
694
+
upstream’s announcement</link> for more information. No
695
695
complete replacement for grsecurity/PaX is available
696
696
presently.
697
697
</para>
···
794
794
<para>
795
795
Modules can now be disabled by using
796
796
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
797
-
disabledModules</link>, allowing another to take it's place.
797
+
disabledModules</link>, allowing another to take it’s place.
798
798
This can be used to import a set of modules from another
799
799
channel while keeping the rest of the system on a stable
800
800
release.
···
808
808
provided by fontconfig-penultimate, replacing
809
809
fontconfig-ultimate; the new defaults are less invasive and
810
810
provide rendering that is more consistent with other systems
811
-
and hopefully with each font designer's intent. Some
811
+
and hopefully with each font designer’s intent. Some
812
812
system-wide configuration has been removed from the Fontconfig
813
813
NixOS module where user Fontconfig settings are available.
814
814
</para>
+11
-11
nixos/doc/manual/from_md/release-notes/rl-1803.section.xml
+11
-11
nixos/doc/manual/from_md/release-notes/rl-1803.section.xml
···
16
16
<listitem>
17
17
<para>
18
18
Platform support: x86_64-linux and x86_64-darwin since release
19
-
time (the latter isn't NixOS, really). Binaries for
19
+
time (the latter isn’t NixOS, really). Binaries for
20
20
aarch64-linux are available, but no channel exists yet, as
21
-
it's waiting for some test fixes, etc.
21
+
it’s waiting for some test fixes, etc.
22
22
</para>
23
23
</listitem>
24
24
<listitem>
···
495
495
<para>
496
496
The propagation logic has been changed. The new logic, along
497
497
with new types of dependencies that go with, is thoroughly
498
-
documented in the "Specifying dependencies" section
499
-
of the "Standard Environment" chapter of the nixpkgs
500
-
manual. The old logic isn't but is easy to describe:
501
-
dependencies were propagated as the same type of dependency no
502
-
matter what. In practice, that means that many
498
+
documented in the <quote>Specifying dependencies</quote>
499
+
section of the <quote>Standard Environment</quote> chapter of
500
+
the nixpkgs manual. The old logic isn’t but is easy to
501
+
describe: dependencies were propagated as the same type of
502
+
dependency no matter what. In practice, that means that many
503
503
<literal>propagatedNativeBuildInputs</literal> should instead
504
504
be <literal>propagatedBuildInputs</literal>. Thankfully, that
505
505
was and is the least used type of dependency. Also, it means
···
541
541
Previously, if other options in the Postfix module like
542
542
<literal>services.postfix.useSrs</literal> were set and the
543
543
user set config options that were also set by such options,
544
-
the resulting config wouldn't include all options that were
544
+
the resulting config wouldn’t include all options that were
545
545
needed. They are now merged correctly. If config options need
546
546
to be overridden, <literal>lib.mkForce</literal> or
547
547
<literal>lib.mkOverride</literal> can be used.
···
626
626
if <literal>config.networking.domain</literal> is set,
627
627
<literal>matomo.${config.networking.hostName}</literal> if
628
628
it is not set. If you change your
629
-
<literal>serverName</literal>, remember you'll need to
629
+
<literal>serverName</literal>, remember you’ll need to
630
630
update the <literal>trustedHosts[]</literal> array in
631
631
<literal>/var/lib/matomo/config/config.ini.php</literal>
632
632
as well.
···
793
793
<para>
794
794
<literal>services.btrfs.autoScrub</literal> has been added, to
795
795
periodically check btrfs filesystems for data corruption. If
796
-
there's a correct copy available, it will automatically repair
796
+
there’s a correct copy available, it will automatically repair
797
797
corrupted blocks.
798
798
</para>
799
799
</listitem>
···
830
830
<para>
831
831
In order to have the previous default configuration add
832
832
</para>
833
-
<programlisting language="bash">
833
+
<programlisting language="nix">
834
834
{
835
835
services.xserver.displayManager.lightdm.greeters.gtk.indicators = [
836
836
"~host" "~spacer"
+9
-9
nixos/doc/manual/from_md/release-notes/rl-1809.section.xml
+9
-9
nixos/doc/manual/from_md/release-notes/rl-1809.section.xml
···
54
54
<para>
55
55
For example
56
56
</para>
57
-
<programlisting language="bash">
57
+
<programlisting language="nix">
58
58
{
59
59
programs.firejail = {
60
60
enable = true;
···
523
523
<listitem>
524
524
<para>
525
525
The <literal>netcat</literal> package is now taken directly
526
-
from OpenBSD's <literal>libressl</literal>, instead of relying
527
-
on Debian's fork. The new version should be very close to the
526
+
from OpenBSD’s <literal>libressl</literal>, instead of relying
527
+
on Debian’s fork. The new version should be very close to the
528
528
old version, but there are some minor differences.
529
529
Importantly, flags like -b, -q, -C, and -Z are no longer
530
530
accepted by the nc command.
···
533
533
<listitem>
534
534
<para>
535
535
The <literal>services.docker-registry.extraConfig</literal>
536
-
object doesn't contain environment variables anymore. Instead
536
+
object doesn’t contain environment variables anymore. Instead
537
537
it needs to provide an object structure that can be mapped
538
538
onto the YAML configuration defined in
539
539
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
···
543
543
<listitem>
544
544
<para>
545
545
<literal>gnucash</literal> has changed from version 2.4 to
546
-
3.x. If you've been using <literal>gnucash</literal> (version
546
+
3.x. If you’ve been using <literal>gnucash</literal> (version
547
547
2.4) instead of <literal>gnucash26</literal> (version 2.6) you
548
548
must open your Gnucash data file(s) with
549
549
<literal>gnucash26</literal> and then save them to upgrade the
···
695
695
A NixOS system can now be constructed more easily based on a
696
696
preexisting invocation of Nixpkgs. For example:
697
697
</para>
698
-
<programlisting language="bash">
698
+
<programlisting language="nix">
699
699
{
700
700
inherit (pkgs.nixos {
701
701
boot.loader.grub.enable = false;
···
791
791
<para>
792
792
An example usage of this would be:
793
793
</para>
794
-
<programlisting language="bash">
794
+
<programlisting language="nix">
795
795
{ config, ... }:
796
796
797
797
{
···
874
874
The <literal>programs.screen</literal> module provides allows
875
875
to configure <literal>/etc/screenrc</literal>, however the
876
876
module behaved fairly counterintuitive as the config exists,
877
-
but the package wasn't available. Since 18.09
877
+
but the package wasn’t available. Since 18.09
878
878
<literal>pkgs.screen</literal> will be added to
879
879
<literal>environment.systemPackages</literal>.
880
880
</para>
···
920
920
<para>
921
921
NixOS option descriptions are now automatically broken up into
922
922
individual paragraphs if the text contains two consecutive
923
-
newlines, so it's no longer necessary to use
923
+
newlines, so it’s no longer necessary to use
924
924
<literal></para><para></literal> to start a new
925
925
paragraph.
926
926
</para>
+13
-13
nixos/doc/manual/from_md/release-notes/rl-1903.section.xml
+13
-13
nixos/doc/manual/from_md/release-notes/rl-1903.section.xml
···
29
29
<para>
30
30
By default,
31
31
<literal>services.xserver.desktopManager.pantheon</literal>
32
-
enables LightDM as a display manager, as pantheon's screen
32
+
enables LightDM as a display manager, as pantheon’s screen
33
33
locking implementation relies on it. Because of that it is
34
-
recommended to leave LightDM enabled. If you'd like to
34
+
recommended to leave LightDM enabled. If you’d like to
35
35
disable it anyway, set
36
36
<literal>services.xserver.displayManager.lightdm.enable</literal>
37
37
to <literal>false</literal> and enable your preferred
···
39
39
</para>
40
40
</note>
41
41
<para>
42
-
Also note that Pantheon's LightDM greeter is not enabled by
43
-
default, because it has numerous issues in NixOS and isn't
42
+
Also note that Pantheon’s LightDM greeter is not enabled by
43
+
default, because it has numerous issues in NixOS and isn’t
44
44
optimal for use here yet.
45
45
</para>
46
46
</listitem>
···
200
200
<listitem>
201
201
<para>
202
202
The <literal>ntp</literal> module now has sane default
203
-
restrictions. If you're relying on the previous defaults,
203
+
restrictions. If you’re relying on the previous defaults,
204
204
which permitted all queries and commands from all
205
205
firewall-permitted sources, you can set
206
206
<literal>services.ntp.restrictDefault</literal> and
···
342
342
preserved when also setting interface specific rules such as
343
343
<literal>networking.firewall.interfaces.en0.allow*</literal>.
344
344
These rules continue to use the pseudo device
345
-
"default"
345
+
<quote>default</quote>
346
346
(<literal>networking.firewall.interfaces.default.*</literal>),
347
347
and assigning to this pseudo device will override the
348
348
(<literal>networking.firewall.allow*</literal>) options.
···
360
360
presence of <literal>services.sssd.enable = true</literal>
361
361
because nscd caching would interfere with
362
362
<literal>sssd</literal> in unpredictable ways as well. Because
363
-
we're using nscd not for caching, but for convincing glibc to
363
+
we’re using nscd not for caching, but for convincing glibc to
364
364
find NSS modules in the nix store instead of an absolute path,
365
-
we have decided to disable caching globally now, as it's
365
+
we have decided to disable caching globally now, as it’s
366
366
usually not the behaviour the user wants and can lead to
367
367
surprising behaviour. Furthermore, negative caching of host
368
368
lookups is also disabled now by default. This should fix the
···
374
374
setting the <literal>services.nscd.config</literal> option
375
375
with the desired caching parameters.
376
376
</para>
377
-
<programlisting language="bash">
377
+
<programlisting language="nix">
378
378
{
379
379
services.nscd.config =
380
380
''
···
453
453
with its control field set to <literal>sufficient</literal>
454
454
instead of <literal>required</literal>, so that password
455
455
managed only by later PAM password modules are being executed.
456
-
Previously, for example, changing an LDAP account's password
456
+
Previously, for example, changing an LDAP account’s password
457
457
through PAM was not possible: the whole password module
458
458
verification was exited prematurely by
459
459
<literal>pam_unix</literal>, preventing
···
497
497
<link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the
498
498
last version to accept self-signed certificates</link>. As
499
499
such, it is now recommended to use a proper certificate
500
-
verified by a root CA (for example Let's Encrypt). The new
500
+
verified by a root CA (for example Let’s Encrypt). The new
501
501
<link linkend="module-services-matrix">manual chapter on
502
502
Matrix</link> contains a working example of using nginx as a
503
503
reverse proxy in front of <literal>matrix-synapse</literal>,
504
-
using Let's Encrypt certificates.
504
+
using Let’s Encrypt certificates.
505
505
</para>
506
506
</listitem>
507
507
<listitem>
···
682
682
<link xlink:href="options.html#opt-services.ndppd.enable">all
683
683
config options</link> provided by the current upstream version
684
684
as service options. Additionally the <literal>ndppd</literal>
685
-
package doesn't contain the systemd unit configuration from
685
+
package doesn’t contain the systemd unit configuration from
686
686
upstream anymore, the unit is completely configured by the
687
687
NixOS module now.
688
688
</para>
+24
-24
nixos/doc/manual/from_md/release-notes/rl-1909.section.xml
+24
-24
nixos/doc/manual/from_md/release-notes/rl-1909.section.xml
···
82
82
</listitem>
83
83
<listitem>
84
84
<para>
85
-
We've updated to Xfce 4.14, which brings a new module
85
+
We’ve updated to Xfce 4.14, which brings a new module
86
86
<literal>services.xserver.desktopManager.xfce4-14</literal>.
87
-
If you'd like to upgrade, please switch from the
87
+
If you’d like to upgrade, please switch from the
88
88
<literal>services.xserver.desktopManager.xfce</literal> module
89
-
as it will be deprecated in a future release. They're
90
-
incompatibilities with the current Xfce module; it doesn't
91
-
support <literal>thunarPlugins</literal> and it isn't
89
+
as it will be deprecated in a future release. They’re
90
+
incompatibilities with the current Xfce module; it doesn’t
91
+
support <literal>thunarPlugins</literal> and it isn’t
92
92
recommended to use
93
93
<literal>services.xserver.desktopManager.xfce</literal> and
94
94
<literal>services.xserver.desktopManager.xfce4-14</literal>
···
125
125
</itemizedlist>
126
126
<para>
127
127
With these options we hope to give users finer grained control
128
-
over their systems. Prior to this change you'd either have to
128
+
over their systems. Prior to this change you’d either have to
129
129
manually disable options or use
130
130
<literal>environment.gnome3.excludePackages</literal> which
131
131
only excluded the optional applications.
···
138
138
<listitem>
139
139
<para>
140
140
Orthogonal to the previous changes to the GNOME 3 desktop
141
-
manager module, we've updated all default services and
141
+
manager module, we’ve updated all default services and
142
142
applications to match as close as possible to a default
143
143
reference GNOME 3 experience.
144
144
</para>
···
295
295
<literal>services.xserver.desktopManager.mate</literal>
296
296
Note Mate uses
297
297
<literal>programs.system-config-printer</literal> as it
298
-
doesn't use it as a service, but its graphical interface
298
+
doesn’t use it as a service, but its graphical interface
299
299
directly.
300
300
</para>
301
301
</listitem>
···
347
347
<literal>services.prometheus.alertmanager.user</literal> and
348
348
<literal>services.prometheus.alertmanager.group</literal> have
349
349
been removed because the alertmanager service is now using
350
-
systemd's
350
+
systemd’s
351
351
<link xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
352
352
DynamicUser mechanism</link> which obviates these options.
353
353
</para>
···
366
366
The <literal>services.nzbget.configFile</literal> and
367
367
<literal>services.nzbget.openFirewall</literal> options were
368
368
removed as they are managed internally by the nzbget. The
369
-
<literal>services.nzbget.dataDir</literal> option hadn't
369
+
<literal>services.nzbget.dataDir</literal> option hadn’t
370
370
actually been used by the module for some time and so was
371
371
removed as cleanup.
372
372
</para>
···
475
475
Make sure you set the <literal>_netdev</literal> option for
476
476
each of the file systems referring to block devices provided
477
477
by the autoLuks module. Not doing this might render the system
478
-
in a state where it doesn't boot anymore.
478
+
in a state where it doesn’t boot anymore.
479
479
</para>
480
480
<para>
481
481
If you are actively using the <literal>autoLuks</literal>
···
667
667
instead of depending on the catch-all
668
668
<literal>acme-certificates.target</literal>. This target unit
669
669
was also removed from the codebase. This will mean nginx will
670
-
no longer depend on certificates it isn't explicitly managing
670
+
no longer depend on certificates it isn’t explicitly managing
671
671
and fixes a bug with certificate renewal ordering racing with
672
672
nginx restarting which could lead to nginx getting in a broken
673
673
state as described at
···
687
687
<literal>services.xserver.desktopManager.xterm</literal> is
688
688
now disabled by default if <literal>stateVersion</literal> is
689
689
19.09 or higher. Previously the xterm desktopManager was
690
-
enabled when xserver was enabled, but it isn't useful for all
691
-
people so it didn't make sense to have any desktopManager
690
+
enabled when xserver was enabled, but it isn’t useful for all
691
+
people so it didn’t make sense to have any desktopManager
692
692
enabled default.
693
693
</para>
694
694
</listitem>
···
696
696
<para>
697
697
The WeeChat plugin
698
698
<literal>pkgs.weechatScripts.weechat-xmpp</literal> has been
699
-
removed as it doesn't receive any updates from upstream and
699
+
removed as it doesn’t receive any updates from upstream and
700
700
depends on outdated Python2-based modules.
701
701
</para>
702
702
</listitem>
···
744
744
<literal>services.gitlab.secrets.dbFile</literal>,
745
745
<literal>services.gitlab.secrets.otpFile</literal> and
746
746
<literal>services.gitlab.secrets.jwsFile</literal>). This was
747
-
done so that secrets aren't stored in the world-readable nix
748
-
store, but means that for each option you'll have to create a
749
-
file with the same exact string, add "File" to the
750
-
end of the option name, and change the definition to a string
751
-
pointing to the corresponding file; e.g.
747
+
done so that secrets aren’t stored in the world-readable nix
748
+
store, but means that for each option you’ll have to create a
749
+
file with the same exact string, add <quote>File</quote> to
750
+
the end of the option name, and change the definition to a
751
+
string pointing to the corresponding file; e.g.
752
752
<literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
753
753
becomes
754
754
<literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal>
···
791
791
<listitem>
792
792
<para>
793
793
The <literal>nodejs-11_x</literal> package has been removed as
794
-
it's EOLed by upstream.
794
+
it’s EOLed by upstream.
795
795
</para>
796
796
</listitem>
797
797
<listitem>
···
961
961
from the upstream default <literal>speex-float-1</literal> to
962
962
<literal>speex-float-5</literal>. Be aware that low-powered
963
963
ARM-based and MIPS-based boards will struggle with this so
964
-
you'll need to set
964
+
you’ll need to set
965
965
<literal>hardware.pulseaudio.daemon.config.resample-method</literal>
966
966
back to <literal>speex-float-1</literal>.
967
967
</para>
···
1004
1004
</listitem>
1005
1005
<listitem>
1006
1006
<para>
1007
-
It's now possible to change configuration in
1007
+
It’s now possible to change configuration in
1008
1008
<link xlink:href="options.html#opt-services.nextcloud.enable">services.nextcloud</link>
1009
1009
after the initial deploy since all config parameters are
1010
1010
persisted in an additional config file generated by the
···
1178
1178
<link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release
1179
1179
notes</link> for details. The mgr dashboard as well as osds
1180
1180
backed by loop-devices is no longer explicitly supported by
1181
-
the package and module. Note: There's been some issues with
1181
+
the package and module. Note: There’s been some issues with
1182
1182
python-cherrypy, which is used by the dashboard and prometheus
1183
1183
mgr modules (and possibly others), hence
1184
1184
0000-dont-check-cherrypy-version.patch.
+40
-40
nixos/doc/manual/from_md/release-notes/rl-2003.section.xml
+40
-40
nixos/doc/manual/from_md/release-notes/rl-2003.section.xml
···
73
73
<listitem>
74
74
<para>
75
75
The graphical installer image starts the graphical session
76
-
automatically. Before you'd be greeted by a tty and asked to
76
+
automatically. Before you’d be greeted by a tty and asked to
77
77
enter <literal>systemctl start display-manager</literal>. It
78
78
is now possible to disable the display-manager from running by
79
79
selecting the <literal>Disable display-manager</literal> quirk
···
93
93
<link xlink:href="options.html#opt-services.xserver.desktopManager.pantheon.enable">services.xserver.desktopManager.pantheon.enable</link>,
94
94
we now default to also use
95
95
<link xlink:href="https://blog.elementary.io/say-hello-to-the-new-greeter/">
96
-
Pantheon's newly designed greeter </link>. Contrary to NixOS's
96
+
Pantheon’s newly designed greeter </link>. Contrary to NixOS’s
97
97
usual update policy, Pantheon will receive updates during the
98
98
cycle of NixOS 20.03 when backwards compatible.
99
99
</para>
···
133
133
option to improve support for upstream session files. If you
134
134
used something like:
135
135
</para>
136
-
<programlisting language="bash">
136
+
<programlisting language="nix">
137
137
{
138
138
services.xserver.desktopManager.default = "xfce";
139
139
services.xserver.windowManager.default = "icewm";
···
142
142
<para>
143
143
you should change it to:
144
144
</para>
145
-
<programlisting language="bash">
145
+
<programlisting language="nix">
146
146
{
147
147
services.xserver.displayManager.defaultSession = "xfce+icewm";
148
148
}
···
196
196
</listitem>
197
197
<listitem>
198
198
<para>
199
-
UPower's configuration is now managed by NixOS and can be
199
+
UPower’s configuration is now managed by NixOS and can be
200
200
customized via <literal>services.upower</literal>.
201
201
</para>
202
202
</listitem>
···
505
505
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
506
506
</para>
507
507
<para>
508
-
We already don't support the global
508
+
We already don’t support the global
509
509
<link xlink:href="options.html#opt-networking.useDHCP">networking.useDHCP</link>,
510
510
<link xlink:href="options.html#opt-networking.defaultGateway">networking.defaultGateway</link>
511
511
and
···
522
522
The stdenv now runs all bash with <literal>set -u</literal>,
523
523
to catch the use of undefined variables. Before, it itself
524
524
used <literal>set -u</literal> but was careful to unset it so
525
-
other packages' code ran as before. Now, all bash code is held
525
+
other packages’ code ran as before. Now, all bash code is held
526
526
to the same high standard, and the rather complex stateful
527
527
manipulation of the options can be discarded.
528
528
</para>
···
558
558
<literal>xfceUnstable</literal> all now point to the latest
559
559
Xfce 4.14 packages. And in the future NixOS releases will be
560
560
the latest released version of Xfce available at the time of
561
-
the release's development (if viable).
561
+
the release’s development (if viable).
562
562
</para>
563
563
</listitem>
564
564
<listitem>
···
662
662
<listitem>
663
663
<para>
664
664
The <literal>dump1090</literal> derivation has been changed to
665
-
use FlightAware's dump1090 as its upstream. However, this
665
+
use FlightAware’s dump1090 as its upstream. However, this
666
666
version does not have an internal webserver anymore. The
667
667
assets in the <literal>share/dump1090</literal> directory of
668
668
the derivation can be used in conjunction with an external
···
821
821
is a <literal>loaOf</literal> option that is commonly used as
822
822
follows:
823
823
</para>
824
-
<programlisting language="bash">
824
+
<programlisting language="nix">
825
825
{
826
826
users.users =
827
827
[ { name = "me";
···
836
836
value of <literal>name</literal> as the name of the attribute
837
837
set:
838
838
</para>
839
-
<programlisting language="bash">
839
+
<programlisting language="nix">
840
840
{
841
841
users.users.me =
842
842
{ description = "My personal user.";
···
890
890
<listitem>
891
891
<para>
892
892
The<literal>services.buildkite-agent.openssh.publicKeyPath</literal>
893
-
option has been removed, as it's not necessary to deploy
893
+
option has been removed, as it’s not necessary to deploy
894
894
public keys to clone private repositories.
895
895
</para>
896
896
</listitem>
···
932
932
The <literal>services.xserver.displayManager.auto</literal>
933
933
module has been removed. It was only intended for use in
934
934
internal NixOS tests, and gave the false impression of it
935
-
being a special display manager when it's actually LightDM.
935
+
being a special display manager when it’s actually LightDM.
936
936
Please use the
937
937
<literal>services.xserver.displayManager.lightdm.autoLogin</literal>
938
938
options instead, or any other display manager in NixOS as they
···
940
940
because it permitted root auto-login you can override the
941
941
lightdm-autologin pam module like:
942
942
</para>
943
-
<programlisting language="bash">
943
+
<programlisting language="nix">
944
944
{
945
945
security.pam.services.lightdm-autologin.text = lib.mkForce ''
946
946
auth requisite pam_nologin.so
···
962
962
auth required pam_succeed_if.so quiet
963
963
</programlisting>
964
964
<para>
965
-
line, where default it's:
965
+
line, where default it’s:
966
966
</para>
967
967
<programlisting>
968
968
auth required pam_succeed_if.so uid >= 1000 quiet
969
969
</programlisting>
970
970
<para>
971
-
not permitting users with uid's below 1000 (like root). All
971
+
not permitting users with uid’s below 1000 (like root). All
972
972
other display managers in NixOS are configured like this.
973
973
</para>
974
974
</listitem>
···
1004
1004
Additionally, some Postfix configuration must now be set
1005
1005
manually instead of automatically by the Mailman module:
1006
1006
</para>
1007
-
<programlisting language="bash">
1007
+
<programlisting language="nix">
1008
1008
{
1009
1009
services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
1010
1010
services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
···
1051
1051
<listitem>
1052
1052
<para>
1053
1053
The <literal>*psu</literal> versions of oraclejdk8 have been
1054
-
removed as they aren't provided by upstream anymore.
1054
+
removed as they aren’t provided by upstream anymore.
1055
1055
</para>
1056
1056
</listitem>
1057
1057
<listitem>
1058
1058
<para>
1059
1059
The <literal>services.dnscrypt-proxy</literal> module has been
1060
1060
removed as it used the deprecated version of dnscrypt-proxy.
1061
-
We've added
1061
+
We’ve added
1062
1062
<link xlink:href="options.html#opt-services.dnscrypt-proxy2.enable">services.dnscrypt-proxy2.enable</link>
1063
1063
to use the supported version. This module supports
1064
1064
configuration via the Nix attribute set
···
1066
1066
or by passing a TOML configuration file via
1067
1067
<link xlink:href="options.html#opt-services.dnscrypt-proxy2.configFile">services.dnscrypt-proxy2.configFile</link>.
1068
1068
</para>
1069
-
<programlisting language="bash">
1069
+
<programlisting language="nix">
1070
1070
{
1071
1071
# Example configuration:
1072
1072
services.dnscrypt-proxy2.enable = true;
···
1093
1093
</listitem>
1094
1094
<listitem>
1095
1095
<para>
1096
-
sqldeveloper_18 has been removed as it's not maintained
1096
+
sqldeveloper_18 has been removed as it’s not maintained
1097
1097
anymore, sqldeveloper has been updated to version
1098
1098
<literal>19.4</literal>. Please note that this means that this
1099
1099
means that the oraclejdk is now required. For further
···
1110
1110
the different lists of dependencies mashed together as one big
1111
1111
list, and then partitioning into Haskell and non-Hakell
1112
1112
dependencies, they work from the original many different
1113
-
dependency parameters and don't need to algorithmically
1113
+
dependency parameters and don’t need to algorithmically
1114
1114
partition anything.
1115
1115
</para>
1116
1116
<para>
···
1123
1123
</listitem>
1124
1124
<listitem>
1125
1125
<para>
1126
-
The gcc-snapshot-package has been removed. It's marked as
1126
+
The gcc-snapshot-package has been removed. It’s marked as
1127
1127
broken for >2 years and used to point to a fairly old
1128
1128
snapshot from the gcc7-branch.
1129
1129
</para>
···
1158
1158
<listitem>
1159
1159
<para>
1160
1160
nextcloud has been updated to <literal>v18.0.2</literal>. This
1161
-
means that users from NixOS 19.09 can't upgrade directly since
1161
+
means that users from NixOS 19.09 can’t upgrade directly since
1162
1162
you can only move one version forward and 19.09 uses
1163
1163
<literal>v16.0.8</literal>.
1164
1164
</para>
···
1181
1181
Existing setups will be detected using
1182
1182
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>:
1183
1183
by default, nextcloud17 will be used, but will raise a
1184
-
warning which notes that after that deploy it's
1184
+
warning which notes that after that deploy it’s
1185
1185
recommended to update to the latest stable version
1186
1186
(nextcloud18) by declaring the newly introduced setting
1187
1187
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>.
···
1194
1194
get an evaluation error by default. This is done to ensure
1195
1195
that our
1196
1196
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>-option
1197
-
doesn't select an older version by accident. It's
1197
+
doesn’t select an older version by accident. It’s
1198
1198
recommended to use pkgs.nextcloud18 or to set
1199
1199
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>
1200
1200
to pkgs.nextcloud explicitly.
···
1203
1203
</itemizedlist>
1204
1204
<warning>
1205
1205
<para>
1206
-
Please note that if you're coming from
1206
+
Please note that if you’re coming from
1207
1207
<literal>19.03</literal> or older, you have to manually
1208
1208
upgrade to <literal>19.09</literal> first to upgrade your
1209
1209
server to Nextcloud v16.
···
1215
1215
Hydra has gained a massive performance improvement due to
1216
1216
<link xlink:href="https://github.com/NixOS/hydra/pull/710">some
1217
1217
database schema changes</link> by adding several IDs and
1218
-
better indexing. However, it's necessary to upgrade Hydra in
1218
+
better indexing. However, it’s necessary to upgrade Hydra in
1219
1219
multiple steps:
1220
1220
</para>
1221
1221
<itemizedlist>
···
1229
1229
when upgrading. Otherwise, the package can be deployed
1230
1230
using the following config:
1231
1231
</para>
1232
-
<programlisting language="bash">
1232
+
<programlisting language="nix">
1233
1233
{ pkgs, ... }: {
1234
1234
services.hydra.package = pkgs.hydra-migration;
1235
1235
}
···
1266
1266
<link xlink:href="options.html#opt-system.stateVersion">stateVersion</link>
1267
1267
is set to <literal>20.03</literal> or greater,
1268
1268
hydra-unstable will be used automatically! This will break
1269
-
your setup if you didn't run the migration.
1269
+
your setup if you didn’t run the migration.
1270
1270
</para>
1271
1271
</warning>
1272
1272
<para>
1273
1273
Please note that Hydra is currently not available with
1274
-
nixStable as this doesn't compile anymore.
1274
+
nixStable as this doesn’t compile anymore.
1275
1275
</para>
1276
1276
<warning>
1277
1277
<para>
···
1281
1281
assertion error will be thrown. To circumvent this, you need
1282
1282
to set
1283
1283
<link xlink:href="options.html#opt-services.hydra.package">services.hydra.package</link>
1284
-
to pkgs.hydra explicitly and make sure you know what you're
1284
+
to pkgs.hydra explicitly and make sure you know what you’re
1285
1285
doing!
1286
1286
</para>
1287
1287
</warning>
···
1319
1319
<para>
1320
1320
To continue to use the old approach, you can configure:
1321
1321
</para>
1322
-
<programlisting language="bash">
1322
+
<programlisting language="nix">
1323
1323
{
1324
1324
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
1325
1325
systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
···
1413
1413
<itemizedlist>
1414
1414
<listitem>
1415
1415
<para>
1416
-
If you use <literal>sqlite3</literal> you don't need to do
1416
+
If you use <literal>sqlite3</literal> you don’t need to do
1417
1417
anything.
1418
1418
</para>
1419
1419
</listitem>
1420
1420
<listitem>
1421
1421
<para>
1422
1422
If you use <literal>postgresql</literal> on a different
1423
-
server, you don't need to change anything as well since
1423
+
server, you don’t need to change anything as well since
1424
1424
this module was never designed to configure remote
1425
1425
databases.
1426
1426
</para>
···
1432
1432
older, you simply need to enable postgresql-support
1433
1433
explicitly:
1434
1434
</para>
1435
-
<programlisting language="bash">
1435
+
<programlisting language="nix">
1436
1436
{ ... }: {
1437
1437
services.matrix-synapse = {
1438
1438
enable = true;
···
1460
1460
<literal>nixos-unstable</literal> <emphasis>after</emphasis>
1461
1461
the <literal>19.09</literal>-release, your database is
1462
1462
misconfigured due to a regression in NixOS. For now,
1463
-
matrix-synapse will startup with a warning, but it's
1463
+
matrix-synapse will startup with a warning, but it’s
1464
1464
recommended to reconfigure the database to set the values
1465
1465
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal>
1466
1466
to
···
1473
1473
<link xlink:href="options.html#opt-systemd.network.links">systemd.network.links</link>
1474
1474
option is now respected even when
1475
1475
<link xlink:href="options.html#opt-systemd.network.enable">systemd-networkd</link>
1476
-
is disabled. This mirrors the behaviour of systemd - It's udev
1476
+
is disabled. This mirrors the behaviour of systemd - It’s udev
1477
1477
that parses <literal>.link</literal> files, not
1478
1478
<literal>systemd-networkd</literal>.
1479
1479
</para>
···
1486
1486
<para>
1487
1487
Please note that mongodb has been relicensed under their own
1488
1488
<link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal> sspl</literal></link>-license.
1489
-
Since it's not entirely free and not OSI-approved, it's
1490
-
listed as non-free. This means that Hydra doesn't provide
1489
+
Since it’s not entirely free and not OSI-approved, it’s
1490
+
listed as non-free. This means that Hydra doesn’t provide
1491
1491
prebuilt mongodb-packages and needs to be built locally.
1492
1492
</para>
1493
1493
</warning>
+48
-48
nixos/doc/manual/from_md/release-notes/rl-2009.section.xml
+48
-48
nixos/doc/manual/from_md/release-notes/rl-2009.section.xml
···
722
722
See
723
723
<link xlink:href="https://mariadb.com/kb/en/authentication-from-mariadb-104/">Authentication
724
724
from MariaDB 10.4</link>. unix_socket auth plugin does not use
725
-
a password, and uses the connecting user's UID instead. When a
725
+
a password, and uses the connecting user’s UID instead. When a
726
726
new MariaDB data directory is initialized, two MariaDB users
727
727
are created and can be used with new unix_socket auth plugin,
728
728
as well as traditional mysql_native_password plugin:
···
730
730
traditional mysql_native_password plugin method, one must run
731
731
the following:
732
732
</para>
733
-
<programlisting language="bash">
733
+
<programlisting language="nix">
734
734
{
735
735
services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
736
736
ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("verysecret");
···
755
755
allow MySQL to read from /home and /tmp directories when using
756
756
<literal>LOAD DATA INFILE</literal>
757
757
</para>
758
-
<programlisting language="bash">
758
+
<programlisting language="nix">
759
759
{
760
760
systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only";
761
761
}
···
766
766
<literal>SELECT * INTO OUTFILE</literal>, assuming the mysql
767
767
user has write access to <literal>/var/data</literal>
768
768
</para>
769
-
<programlisting language="bash">
769
+
<programlisting language="nix">
770
770
{
771
771
systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
772
772
}
···
864
864
<para>
865
865
<literal>buildGoModule</literal> now internally creates a
866
866
vendor directory in the source tree for downloaded modules
867
-
instead of using go's
867
+
instead of using go’s
868
868
<link xlink:href="https://golang.org/cmd/go/#hdr-Module_proxy_protocol">module
869
869
proxy protocol</link>. This storage format is simpler and
870
870
therefore less likely to break with future versions of go. As
···
885
885
<literal>phantomJsSupport = true</literal> to the package
886
886
instantiation:
887
887
</para>
888
-
<programlisting language="bash">
888
+
<programlisting language="nix">
889
889
{
890
890
services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
891
891
phantomJsSupport = true;
···
941
941
<para>
942
942
If you used the
943
943
<literal>boot.initrd.network.ssh.host*Key</literal> options,
944
-
you'll get an error explaining how to convert your host keys
944
+
you’ll get an error explaining how to convert your host keys
945
945
and migrate to the new
946
946
<literal>boot.initrd.network.ssh.hostKeys</literal> option.
947
-
Otherwise, if you don't have any host keys set, you'll need to
947
+
Otherwise, if you don’t have any host keys set, you’ll need to
948
948
generate some; see the <literal>hostKeys</literal> option
949
949
documentation for instructions.
950
950
</para>
951
951
</listitem>
952
952
<listitem>
953
953
<para>
954
-
Since this release there's an easy way to customize your PHP
954
+
Since this release there’s an easy way to customize your PHP
955
955
install to get a much smaller base PHP with only wanted
956
956
extensions enabled. See the following snippet installing a
957
957
smaller PHP with the extensions <literal>imagick</literal>,
958
958
<literal>opcache</literal>, <literal>pdo</literal> and
959
959
<literal>pdo_mysql</literal> loaded:
960
960
</para>
961
-
<programlisting language="bash">
961
+
<programlisting language="nix">
962
962
{
963
963
environment.systemPackages = [
964
964
(pkgs.php.withExtensions
···
973
973
}
974
974
</programlisting>
975
975
<para>
976
-
The default <literal>php</literal> attribute hasn't lost any
976
+
The default <literal>php</literal> attribute hasn’t lost any
977
977
extensions. The <literal>opcache</literal> extension has been
978
978
added. All upstream PHP extensions are available under
979
979
php.extensions.<name?>.
···
997
997
The remaining configuration flags can now be set directly on
998
998
the <literal>php</literal> attribute. For example, instead of
999
999
</para>
1000
-
<programlisting language="bash">
1000
+
<programlisting language="nix">
1001
1001
{
1002
1002
php.override {
1003
1003
config.php.embed = true;
···
1008
1008
<para>
1009
1009
you should now write
1010
1010
</para>
1011
-
<programlisting language="bash">
1011
+
<programlisting language="nix">
1012
1012
{
1013
1013
php.override {
1014
1014
embedSupport = true;
···
1062
1062
writing to other folders, use
1063
1063
<literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal>
1064
1064
</para>
1065
-
<programlisting language="bash">
1065
+
<programlisting language="nix">
1066
1066
{
1067
1067
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
1068
1068
}
···
1076
1076
docs</link> for details). If you require serving files from
1077
1077
home directories, you may choose to set e.g.
1078
1078
</para>
1079
-
<programlisting language="bash">
1079
+
<programlisting language="nix">
1080
1080
{
1081
1081
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
1082
1082
}
···
1093
1093
<para>
1094
1094
Replace a <literal>nesting.clone</literal> entry with:
1095
1095
</para>
1096
-
<programlisting language="bash">
1096
+
<programlisting language="nix">
1097
1097
{
1098
1098
specialisation.example-sub-configuration = {
1099
1099
configuration = {
···
1104
1104
<para>
1105
1105
Replace a <literal>nesting.children</literal> entry with:
1106
1106
</para>
1107
-
<programlisting language="bash">
1107
+
<programlisting language="nix">
1108
1108
{
1109
1109
specialisation.example-sub-configuration = {
1110
1110
inheritParentConfig = false;
···
1162
1162
<para>
1163
1163
The <literal>systemd-networkd</literal> option
1164
1164
<literal>systemd.network.networks.<name>.dhcp.CriticalConnection</literal>
1165
-
has been removed following upstream systemd's deprecation of
1165
+
has been removed following upstream systemd’s deprecation of
1166
1166
the same. It is recommended to use
1167
1167
<literal>systemd.network.networks.<name>.networkConfig.KeepConfiguration</literal>
1168
1168
instead. See systemd.network 5 for details.
···
1174
1174
<literal>systemd.network.networks._name_.dhcpConfig</literal>
1175
1175
has been renamed to
1176
1176
<link xlink:href="options.html#opt-systemd.network.networks._name_.dhcpV4Config">systemd.network.networks.<emphasis>name</emphasis>.dhcpV4Config</link>
1177
-
following upstream systemd's documentation change. See
1177
+
following upstream systemd’s documentation change. See
1178
1178
systemd.network 5 for details.
1179
1179
</para>
1180
1180
</listitem>
···
1283
1283
The
1284
1284
<link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
1285
1285
package and NixOS module have been removed from Nixpkgs as the
1286
-
software is unmaintained and can't be built. For more
1286
+
software is unmaintained and can’t be built. For more
1287
1287
information see issue
1288
1288
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
1289
1289
</para>
···
1350
1350
</listitem>
1351
1351
<listitem>
1352
1352
<para>
1353
-
Radicale's default package has changed from 2.x to 3.x. An
1353
+
Radicale’s default package has changed from 2.x to 3.x. An
1354
1354
upgrade checklist can be found
1355
1355
<link xlink:href="https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist">here</link>.
1356
1356
You can use the newer version in the NixOS service by setting
···
1385
1385
multi-instance config with an existing bitcoind data directory
1386
1386
and user, you have to adjust the original config, e.g.:
1387
1387
</para>
1388
-
<programlisting language="bash">
1388
+
<programlisting language="nix">
1389
1389
{
1390
1390
services.bitcoind = {
1391
1391
enable = true;
···
1397
1397
<para>
1398
1398
To something similar:
1399
1399
</para>
1400
-
<programlisting language="bash">
1400
+
<programlisting language="nix">
1401
1401
{
1402
1402
services.bitcoind.mainnet = {
1403
1403
enable = true;
···
1447
1447
the original SSL settings, you have to adjust the original
1448
1448
config, e.g.:
1449
1449
</para>
1450
-
<programlisting language="bash">
1450
+
<programlisting language="nix">
1451
1451
{
1452
1452
services.dokuwiki = {
1453
1453
enable = true;
···
1458
1458
<para>
1459
1459
To something similar:
1460
1460
</para>
1461
-
<programlisting language="bash">
1461
+
<programlisting language="nix">
1462
1462
{
1463
1463
services.dokuwiki."mywiki" = {
1464
1464
enable = true;
···
1472
1472
</programlisting>
1473
1473
<para>
1474
1474
The base package has also been upgraded to the 2020-07-29
1475
-
"Hogfather" release. Plugins might be incompatible
1476
-
or require upgrading.
1475
+
<quote>Hogfather</quote> release. Plugins might be
1476
+
incompatible or require upgrading.
1477
1477
</para>
1478
1478
</listitem>
1479
1479
<listitem>
···
1492
1492
option is (<literal>/var/db/postgresql</literal>) and then
1493
1493
explicitly set this value to maintain compatibility:
1494
1494
</para>
1495
-
<programlisting language="bash">
1495
+
<programlisting language="nix">
1496
1496
{
1497
1497
services.postgresql.dataDir = "/var/db/postgresql";
1498
1498
}
···
1587
1587
<listitem>
1588
1588
<para>
1589
1589
The <literal>security.rngd</literal> service is now disabled
1590
-
by default. This choice was made because there's krngd in the
1590
+
by default. This choice was made because there’s krngd in the
1591
1591
linux kernel space making it (for most usecases) functionally
1592
1592
redundent.
1593
1593
</para>
···
1609
1609
will be EOL (end of life) within the lifetime of 20.09</link>.
1610
1610
</para>
1611
1611
<para>
1612
-
It's necessary to upgrade to nextcloud19:
1612
+
It’s necessary to upgrade to nextcloud19:
1613
1613
</para>
1614
1614
<itemizedlist>
1615
1615
<listitem>
1616
1616
<para>
1617
1617
From nextcloud17, you have to upgrade to nextcloud18 first
1618
-
as Nextcloud doesn't allow going multiple major revisions
1618
+
as Nextcloud doesn’t allow going multiple major revisions
1619
1619
forward in a single upgrade. This is possible by setting
1620
1620
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
1621
1621
to nextcloud18.
···
1623
1623
</listitem>
1624
1624
<listitem>
1625
1625
<para>
1626
-
From nextcloud18, it's possible to directly upgrade to
1626
+
From nextcloud18, it’s possible to directly upgrade to
1627
1627
nextcloud19 by setting
1628
1628
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
1629
1629
to nextcloud19.
···
1685
1685
<listitem>
1686
1686
<para>
1687
1687
The notmuch package moves its emacs-related binaries and emacs
1688
-
lisp files to a separate output. They're not part of the
1688
+
lisp files to a separate output. They’re not part of the
1689
1689
default <literal>out</literal> output anymore - if you relied
1690
1690
on the <literal>notmuch-emacs-mua</literal> binary or the
1691
1691
emacs lisp files, access them via the
···
1736
1736
</listitem>
1737
1737
<listitem>
1738
1738
<para>
1739
-
The cc- and binutils-wrapper's "infix salt" and
1739
+
The cc- and binutils-wrapper’s <quote>infix salt</quote> and
1740
1740
<literal>_BUILD_</literal> and <literal>_TARGET_</literal>
1741
-
user infixes have been replaced with with a "suffix
1742
-
salt" and suffixes and <literal>_FOR_BUILD</literal> and
1743
-
<literal>_FOR_TARGET</literal>. This matches the autotools
1741
+
user infixes have been replaced with with a <quote>suffix
1742
+
salt</quote> and suffixes and <literal>_FOR_BUILD</literal>
1743
+
and <literal>_FOR_TARGET</literal>. This matches the autotools
1744
1744
convention for env vars which standard for these things,
1745
1745
making interfacing with other tools easier.
1746
1746
</para>
···
1774
1774
<literal>network-link-*</literal> units, which have been
1775
1775
removed. Bringing the interface up has been moved to the
1776
1776
beginning of the <literal>network-addresses-*</literal> unit.
1777
-
Note this doesn't require <literal>systemd-networkd</literal>
1778
-
- it's udev that parses <literal>.link</literal> files. Extra
1777
+
Note this doesn’t require <literal>systemd-networkd</literal>
1778
+
- it’s udev that parses <literal>.link</literal> files. Extra
1779
1779
care needs to be taken in the presence of
1780
1780
<link xlink:href="https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME">legacy
1781
1781
udev rules</link> to rename interfaces, as MAC Address and MTU
···
1825
1825
you must include those directories into the
1826
1826
<literal>BindPaths</literal> of the service:
1827
1827
</para>
1828
-
<programlisting language="bash">
1828
+
<programlisting language="nix">
1829
1829
{
1830
1830
systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ];
1831
1831
}
···
1835
1835
<literal>transmission-daemon</literal> is now only available
1836
1836
on the local network interface by default. Use:
1837
1837
</para>
1838
-
<programlisting language="bash">
1838
+
<programlisting language="nix">
1839
1839
{
1840
1840
services.transmission.settings.rpc-bind-address = "0.0.0.0";
1841
1841
}
···
1850
1850
With this release <literal>systemd-networkd</literal> (when
1851
1851
enabled through
1852
1852
<link xlink:href="options.html#opt-networking.useNetworkd">networking.useNetworkd</link>)
1853
-
has it's netlink socket created through a
1853
+
has it’s netlink socket created through a
1854
1854
<literal>systemd.socket</literal> unit. This gives us control
1855
1855
over socket buffer sizes and other parameters. For larger
1856
1856
setups where networkd has to create a lot of (virtual) devices
···
1873
1873
</para>
1874
1874
<para>
1875
1875
Since the actual memory requirements depend on hardware,
1876
-
timing, exact configurations etc. it isn't currently possible
1876
+
timing, exact configurations etc. it isn’t currently possible
1877
1877
to infer a good default from within the NixOS module system.
1878
1878
Administrators are advised to monitor the logs of
1879
1879
<literal>systemd-networkd</literal> for
···
1882
1882
</para>
1883
1883
<para>
1884
1884
Note: Increasing the <literal>ReceiveBufferSize=</literal>
1885
-
doesn't allocate any memory. It just increases the upper bound
1885
+
doesn’t allocate any memory. It just increases the upper bound
1886
1886
on the kernel side. The memory allocation depends on the
1887
1887
amount of messages that are queued on the kernel side of the
1888
1888
netlink socket.
···
1900
1900
<para>
1901
1901
This means that a configuration like this
1902
1902
</para>
1903
-
<programlisting language="bash">
1903
+
<programlisting language="nix">
1904
1904
{
1905
1905
services.dovecot2.mailboxes = [
1906
1906
{ name = "Junk";
···
1912
1912
<para>
1913
1913
should now look like this:
1914
1914
</para>
1915
-
<programlisting language="bash">
1915
+
<programlisting language="nix">
1916
1916
{
1917
1917
services.dovecot2.mailboxes = {
1918
1918
Junk.auto = "create";
···
1934
1934
</para>
1935
1935
<para>
1936
1936
If you have an existing installation, please make sure that
1937
-
you're on nextcloud18 before upgrading to nextcloud19 since
1938
-
Nextcloud doesn't support upgrades across multiple major
1937
+
you’re on nextcloud18 before upgrading to nextcloud19 since
1938
+
Nextcloud doesn’t support upgrades across multiple major
1939
1939
versions.
1940
1940
</para>
1941
1941
</listitem>
+31
-30
nixos/doc/manual/from_md/release-notes/rl-2105.section.xml
+31
-30
nixos/doc/manual/from_md/release-notes/rl-2105.section.xml
···
235
235
<para>
236
236
The <literal>networking.wireless.iwd</literal> module now
237
237
installs the upstream-provided 80-iwd.link file, which sets
238
-
the NamePolicy= for all wlan devices to "keep
239
-
kernel", to avoid race conditions between iwd and
240
-
networkd. If you don't want this, you can set
238
+
the NamePolicy= for all wlan devices to <quote>keep
239
+
kernel</quote>, to avoid race conditions between iwd and
240
+
networkd. If you don’t want this, you can set
241
241
<literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>.
242
242
</para>
243
243
</listitem>
···
245
245
<para>
246
246
<literal>rubyMinimal</literal> was removed due to being unused
247
247
and unusable. The default ruby interpreter includes JIT
248
-
support, which makes it reference it's compiler. Since JIT
248
+
support, which makes it reference it’s compiler. Since JIT
249
249
support is probably needed by some Gems, it was decided to
250
250
enable this feature with all cc references by default, and
251
251
allow to build a Ruby derivation without references to cc, by
···
330
330
<literal>mediatomb</literal> package. If you want to keep the
331
331
old behavior, you must declare it with:
332
332
</para>
333
-
<programlisting language="bash">
333
+
<programlisting language="nix">
334
334
{
335
335
services.mediatomb.package = pkgs.mediatomb;
336
336
}
···
341
341
service declaration to add the firewall rules itself before,
342
342
you should now declare it with:
343
343
</para>
344
-
<programlisting language="bash">
344
+
<programlisting language="nix">
345
345
{
346
346
services.mediatomb.openFirewall = true;
347
347
}
···
368
368
<link xlink:href="options.html#opt-services.uwsgi.capabilities">services.uwsgi.capabilities</link>.
369
369
The previous behaviour can be restored by setting:
370
370
</para>
371
-
<programlisting language="bash">
371
+
<programlisting language="nix">
372
372
{
373
373
services.uwsgi.user = "root";
374
374
services.uwsgi.group = "root";
···
427
427
<para>
428
428
<link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>,
429
429
which is off by default, had a <literal>chmod</literal> race
430
-
condition fixed. As an aside, the parent directory's
430
+
condition fixed. As an aside, the parent directory’s
431
431
permissions were widened, and the key files were made
432
432
owner-writable. This only affects newly created keys. However,
433
433
if the exact permissions are important for your setup, read
···
527
527
this directory are guarded to only run if the files they
528
528
want to manipulate do not already exist, and so will not
529
529
re-apply their changes if the IMDS response changes.
530
-
Examples: <literal>root</literal>'s SSH key is only added if
530
+
Examples: <literal>root</literal>’s SSH key is only added if
531
531
<literal>/root/.ssh/authorized_keys</literal> does not
532
532
exist, and SSH host keys are only set from user data if they
533
533
do not exist in <literal>/etc/ssh</literal>.
···
550
550
configures Privoxy, and the
551
551
<literal>services.tor.client.privoxy.enable</literal> option
552
552
has been removed. To enable Privoxy, and to configure it to
553
-
use Tor's faster port, use the following configuration:
553
+
use Tor’s faster port, use the following configuration:
554
554
</para>
555
-
<programlisting language="bash">
555
+
<programlisting language="nix">
556
556
{
557
557
opt-services.privoxy.enable = true;
558
558
opt-services.privoxy.enableTor = true;
···
628
628
exporter no longer accepts a fixed command-line parameter to
629
629
specify the URL of the endpoint serving JSON. It now expects
630
630
this URL to be passed as an URL parameter, when scraping the
631
-
exporter's <literal>/probe</literal> endpoint. In the
631
+
exporter’s <literal>/probe</literal> endpoint. In the
632
632
prometheus scrape configuration the scrape target might look
633
633
like this:
634
634
</para>
···
689
689
<literal>mpich</literal> instead of the default
690
690
<literal>openmpi</literal> can now be achived like this:
691
691
</para>
692
-
<programlisting language="bash">
692
+
<programlisting language="nix">
693
693
self: super:
694
694
{
695
695
mpi = super.mpich;
···
790
790
for any device that the kernel recognises as an hardware RNG,
791
791
as it will automatically run the krngd task to periodically
792
792
collect random data from the device and mix it into the
793
-
kernel's RNG.
793
+
kernel’s RNG.
794
794
</para>
795
795
<para>
796
796
The default SMTP port for GitLab has been changed to
···
850
850
kodiPackages.inputstream-adaptive and kodiPackages.vfs-sftp
851
851
addons:
852
852
</para>
853
-
<programlisting language="bash">
853
+
<programlisting language="nix">
854
854
{
855
855
environment.systemPackages = [
856
856
pkgs.kodi
···
867
867
and as a result the above configuration should now be written
868
868
as:
869
869
</para>
870
-
<programlisting language="bash">
870
+
<programlisting language="nix">
871
871
{
872
872
environment.systemPackages = [
873
873
(pkgs.kodi.withPackages (p: with p; [
···
893
893
<literal>services.minio.dataDir</literal> changed type to a
894
894
list of paths, required for specifiyng multiple data
895
895
directories for using with erasure coding. Currently, the
896
-
service doesn't enforce nor checks the correct number of paths
896
+
service doesn’t enforce nor checks the correct number of paths
897
897
to correspond to minio requirements.
898
898
</para>
899
899
</listitem>
···
910
910
<literal>dvorak-programmer</literal> in
911
911
<literal>console.keyMap</literal> now instead of
912
912
<literal>dvp</literal>. In
913
-
<literal>services.xserver.xkbVariant</literal> it's still
913
+
<literal>services.xserver.xkbVariant</literal> it’s still
914
914
<literal>dvp</literal>.
915
915
</para>
916
916
</listitem>
···
954
954
supported.
955
955
</para>
956
956
<para>
957
-
Furthermore, Radicale's systemd unit was hardened which might
957
+
Furthermore, Radicale’s systemd unit was hardened which might
958
958
break some deployments. In particular, a non-default
959
959
<literal>filesystem_folder</literal> has to be added to
960
960
<literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal>
···
991
991
<listitem>
992
992
<para>
993
993
<link xlink:href="https://www.gnuradio.org/">GNURadio</link>
994
-
has a <literal>pkgs</literal> attribute set, and there's a
994
+
has a <literal>pkgs</literal> attribute set, and there’s a
995
995
<literal>gnuradio.callPackage</literal> function that extends
996
996
<literal>pkgs</literal> with a
997
997
<literal>mkDerivation</literal>, and a
···
1027
1027
<listitem>
1028
1028
<para>
1029
1029
<link xlink:href="https://kodi.tv/">Kodi</link> has been
1030
-
updated to version 19.1 "Matrix". See the
1030
+
updated to version 19.1 <quote>Matrix</quote>. See the
1031
1031
<link xlink:href="https://kodi.tv/article/kodi-19-0-matrix-release">announcement</link>
1032
1032
for further details.
1033
1033
</para>
···
1098
1098
<listitem>
1099
1099
<para>
1100
1100
The default-version of <literal>nextcloud</literal> is
1101
-
nextcloud21. Please note that it's <emphasis>not</emphasis>
1101
+
nextcloud21. Please note that it’s <emphasis>not</emphasis>
1102
1102
possible to upgrade <literal>nextcloud</literal> across
1103
-
multiple major versions! This means that it's e.g. not
1103
+
multiple major versions! This means that it’s e.g. not
1104
1104
possible to upgrade from nextcloud18 to nextcloud20 in a
1105
1105
single deploy and most <literal>20.09</literal> users will
1106
1106
have to upgrade to nextcloud20 first.
···
1122
1122
</listitem>
1123
1123
<listitem>
1124
1124
<para>
1125
-
NixOS now emits a deprecation warning if systemd's
1125
+
NixOS now emits a deprecation warning if systemd’s
1126
1126
<literal>StartLimitInterval</literal> setting is used in a
1127
1127
<literal>serviceConfig</literal> section instead of in a
1128
1128
<literal>unitConfig</literal>; that setting is deprecated and
···
1158
1158
users to declare autoscan media directories from their nixos
1159
1159
configuration:
1160
1160
</para>
1161
-
<programlisting language="bash">
1161
+
<programlisting language="nix">
1162
1162
{
1163
1163
services.mediatomb.mediaDirectories = [
1164
1164
{ path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; }
···
1255
1255
<listitem>
1256
1256
<para>
1257
1257
The <literal>services.dnscrypt-proxy2</literal> module now
1258
-
takes the upstream's example configuration and updates it with
1259
-
the user's settings. An option has been added to restore the
1258
+
takes the upstream’s example configuration and updates it with
1259
+
the user’s settings. An option has been added to restore the
1260
1260
old behaviour if you prefer to declare the configuration from
1261
1261
scratch.
1262
1262
</para>
···
1298
1298
<para>
1299
1299
The zookeeper package does not provide
1300
1300
<literal>zooInspector.sh</literal> anymore, as that
1301
-
"contrib" has been dropped from upstream releases.
1301
+
<quote>contrib</quote> has been dropped from upstream
1302
+
releases.
1302
1303
</para>
1303
1304
</listitem>
1304
1305
<listitem>
···
1317
1318
now always ensures home directory permissions to be
1318
1319
<literal>0700</literal>. Permissions had previously been
1319
1320
ignored for already existing home directories, possibly
1320
-
leaving them readable by others. The option's description was
1321
+
leaving them readable by others. The option’s description was
1321
1322
incorrect regarding ownership management and has been
1322
1323
simplified greatly.
1323
1324
</para>
···
1518
1519
been dropped. Users that still want it should add the
1519
1520
following to their system configuration:
1520
1521
</para>
1521
-
<programlisting language="bash">
1522
+
<programlisting language="nix">
1522
1523
{
1523
1524
services.gvfs.package = pkgs.gvfs.override { samba = null; };
1524
1525
}
+4
-4
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+4
-4
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
···
642
642
</para>
643
643
</listitem>
644
644
</itemizedlist>
645
-
<programlisting language="bash">
645
+
<programlisting language="nix">
646
646
{
647
647
services.paperless-ng.extraConfig = {
648
648
# Provide languages as ISO 639-2 codes
···
723
723
</listitem>
724
724
<listitem>
725
725
<para>
726
-
The <literal>erigon</literal> ethereum node has moved it’s
726
+
The <literal>erigon</literal> ethereum node has moved its
727
727
database location in <literal>2021-08-03</literal>, users
728
728
upgrading must manually move their chaindata (see
729
729
<link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release
···
737
737
insecure. Out-of-tree modules are likely to require
738
738
adaptation: instead of
739
739
</para>
740
-
<programlisting language="bash">
740
+
<programlisting language="nix">
741
741
{
742
742
users.users.foo = {
743
743
isSystemUser = true;
···
747
747
<para>
748
748
also create a group for your user:
749
749
</para>
750
-
<programlisting language="bash">
750
+
<programlisting language="nix">
751
751
{
752
752
users.users.foo = {
753
753
isSystemUser = true;
+6
-6
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+6
-6
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
···
714
714
<literal>programs.msmtp.*</literal> can be used instead for an
715
715
equivalent setup. For example:
716
716
</para>
717
-
<programlisting language="bash">
717
+
<programlisting language="nix">
718
718
{
719
719
# Original ssmtp configuration:
720
720
services.ssmtp = {
···
847
847
<literal>config.nixpkgs.config.allowUnfree</literal> are
848
848
enabled. If you still want these fonts, use:
849
849
</para>
850
-
<programlisting language="bash">
850
+
<programlisting language="nix">
851
851
{
852
852
fonts.fonts = [
853
853
pkgs.xorg.fontbhlucidatypewriter100dpi
···
942
942
<para>
943
943
Before:
944
944
</para>
945
-
<programlisting language="bash">
945
+
<programlisting language="nix">
946
946
{
947
947
services.matrix-synapse = {
948
948
enable = true;
···
977
977
<para>
978
978
After:
979
979
</para>
980
-
<programlisting language="bash">
980
+
<programlisting language="nix">
981
981
{
982
982
services.matrix-synapse = {
983
983
enable = true;
···
1143
1143
<para>
1144
1144
Before:
1145
1145
</para>
1146
-
<programlisting language="bash">
1146
+
<programlisting language="nix">
1147
1147
services.keycloak = {
1148
1148
enable = true;
1149
1149
httpPort = "8080";
···
1157
1157
<para>
1158
1158
After:
1159
1159
</para>
1160
-
<programlisting language="bash">
1160
+
<programlisting language="nix">
1161
1161
services.keycloak = {
1162
1162
enable = true;
1163
1163
settings = {
+2
-2
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+2
-2
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
···
1082
1082
removed. This option was an association of environment
1083
1083
variables for Grafana. If you had an expression like
1084
1084
</para>
1085
-
<programlisting language="bash">
1085
+
<programlisting language="nix">
1086
1086
{
1087
1087
services.grafana.extraOptions.SECURITY_ADMIN_USER = "foobar";
1088
1088
}
···
1096
1096
For the migration, it is recommended to turn it into the
1097
1097
INI format, i.e. to declare
1098
1098
</para>
1099
-
<programlisting language="bash">
1099
+
<programlisting language="nix">
1100
1100
{
1101
1101
services.grafana.settings.security.admin_user = "foobar";
1102
1102
}
+2
-2
nixos/doc/manual/installation/changing-config.chapter.md
+2
-2
nixos/doc/manual/installation/changing-config.chapter.md
···
13
13
(e.g., by restarting system services).
14
14
15
15
::: {.warning}
16
-
This command doesn\'t start/stop [user services](#opt-systemd.user.services)
16
+
This command doesn't start/stop [user services](#opt-systemd.user.services)
17
17
automatically. `nixos-rebuild` only runs a `daemon-reload` for each user with running
18
18
user services.
19
19
:::
···
51
51
```
52
52
53
53
which causes the new configuration (and previous ones created using
54
-
`-p test`) to show up in the GRUB submenu "NixOS - Profile \'test\'".
54
+
`-p test`) to show up in the GRUB submenu "NixOS - Profile 'test'".
55
55
This can be useful to separate test configurations from "stable"
56
56
configurations.
57
57
+21
-21
nixos/doc/manual/installation/installing-from-other-distro.section.md
+21
-21
nixos/doc/manual/installation/installing-from-other-distro.section.md
···
30
30
31
31
1. Switch to the NixOS channel:
32
32
33
-
If you\'ve just installed Nix on a non-NixOS distribution, you will
33
+
If you've just installed Nix on a non-NixOS distribution, you will
34
34
be on the `nixpkgs` channel by default.
35
35
36
36
```ShellSession
···
49
49
50
50
1. Install the NixOS installation tools:
51
51
52
-
You\'ll need `nixos-generate-config` and `nixos-install`, but this
52
+
You'll need `nixos-generate-config` and `nixos-install`, but this
53
53
also makes some man pages and `nixos-enter` available, just in case
54
54
you want to chroot into your NixOS partition. NixOS installs these
55
-
by default, but you don\'t have NixOS yet..
55
+
by default, but you don't have NixOS yet..
56
56
57
57
```ShellSession
58
58
$ nix-env -f '<nixpkgs>' -iA nixos-install-tools
···
70
70
refer to the partitioning, file-system creation, and mounting steps
71
71
of [](#sec-installation)
72
72
73
-
If you\'re about to install NixOS in place using `NIXOS_LUSTRATE`
73
+
If you're about to install NixOS in place using `NIXOS_LUSTRATE`
74
74
there is nothing to do for this step.
75
75
76
76
1. Generate your NixOS configuration:
···
79
79
$ sudo `which nixos-generate-config` --root /mnt
80
80
```
81
81
82
-
You\'ll probably want to edit the configuration files. Refer to the
82
+
You'll probably want to edit the configuration files. Refer to the
83
83
`nixos-generate-config` step in [](#sec-installation) for more
84
84
information.
85
85
86
86
Consider setting up the NixOS bootloader to give you the ability to
87
-
boot on your existing Linux partition. For instance, if you\'re
87
+
boot on your existing Linux partition. For instance, if you're
88
88
using GRUB and your existing distribution is running Ubuntu, you may
89
89
want to add something like this to your `configuration.nix`:
90
90
···
152
152
```
153
153
154
154
Note that this will place the generated configuration files in
155
-
`/etc/nixos`. You\'ll probably want to edit the configuration files.
155
+
`/etc/nixos`. You'll probably want to edit the configuration files.
156
156
Refer to the `nixos-generate-config` step in
157
157
[](#sec-installation) for more information.
158
158
159
-
You\'ll likely want to set a root password for your first boot using
160
-
the configuration files because you won\'t have a chance to enter a
159
+
You'll likely want to set a root password for your first boot using
160
+
the configuration files because you won't have a chance to enter a
161
161
password until after you reboot. You can initialize the root password
162
-
to an empty one with this line: (and of course don\'t forget to set
163
-
one once you\'ve rebooted or to lock the account with
162
+
to an empty one with this line: (and of course don't forget to set
163
+
one once you've rebooted or to lock the account with
164
164
`sudo passwd -l root` if you use `sudo`)
165
165
166
166
```nix
···
186
186
bootup scripts require its presence).
187
187
188
188
`/etc/NIXOS_LUSTRATE` tells the NixOS bootup scripts to move
189
-
*everything* that\'s in the root partition to `/old-root`. This will
189
+
*everything* that's in the root partition to `/old-root`. This will
190
190
move your existing distribution out of the way in the very early
191
191
stages of the NixOS bootup. There are exceptions (we do need to keep
192
192
NixOS there after all), so the NixOS lustrate process will not
···
201
201
202
202
::: {.note}
203
203
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
204
-
\"lustrating\" refers to the wiping of the existing distribution.
204
+
"lustrating" refers to the wiping of the existing distribution.
205
205
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
206
-
all mutable files from your root partition (anything that\'s not in
207
-
`/nix` or `/boot` gets \"lustrated\" on the next boot.
206
+
all mutable files from your root partition (anything that's not in
207
+
`/nix` or `/boot` gets "lustrated" on the next boot.
208
208
209
209
lustrate /ˈlʌstreɪt/ verb.
210
210
···
212
212
ritual action.
213
213
:::
214
214
215
-
Let\'s create the files:
215
+
Let's create the files:
216
216
217
217
```ShellSession
218
218
$ sudo touch /etc/NIXOS
219
219
$ sudo touch /etc/NIXOS_LUSTRATE
220
220
```
221
221
222
-
Let\'s also make sure the NixOS configuration files are kept once we
222
+
Let's also make sure the NixOS configuration files are kept once we
223
223
reboot on NixOS:
224
224
225
225
```ShellSession
···
233
233
234
234
::: {.warning}
235
235
Once you complete this step, your current distribution will no
236
-
longer be bootable! If you didn\'t get all the NixOS configuration
236
+
longer be bootable! If you didn't get all the NixOS configuration
237
237
right, especially those settings pertaining to boot loading and root
238
238
partition, NixOS may not be bootable either. Have a USB rescue
239
239
device ready in case this happens.
···
247
247
Cross your fingers, reboot, hopefully you should get a NixOS prompt!
248
248
249
249
1. If for some reason you want to revert to the old distribution,
250
-
you\'ll need to boot on a USB rescue disk and do something along
250
+
you'll need to boot on a USB rescue disk and do something along
251
251
these lines:
252
252
253
253
```ShellSession
···
264
264
This may work as is or you might also need to reinstall the boot
265
265
loader.
266
266
267
-
And of course, if you\'re happy with NixOS and no longer need the
267
+
And of course, if you're happy with NixOS and no longer need the
268
268
old distribution:
269
269
270
270
```ShellSession
271
271
sudo rm -rf /old-root
272
272
```
273
273
274
-
1. It\'s also worth noting that this whole process can be automated.
274
+
1. It's also worth noting that this whole process can be automated.
275
275
This is especially useful for Cloud VMs, where provider do not
276
276
provide NixOS. For instance,
277
277
[nixos-infect](https://github.com/elitak/nixos-infect) uses the
+1
-1
nixos/doc/manual/installation/installing-kexec.section.md
+1
-1
nixos/doc/manual/installation/installing-kexec.section.md
···
30
30
These three files are meant to be copied over to the other already running
31
31
Linux Distribution.
32
32
33
-
Note it's symlinks pointing elsewhere, so `cd` in, and use
33
+
Note its symlinks pointing elsewhere, so `cd` in, and use
34
34
`scp * root@$destination` to copy it over, rather than rsync.
35
35
36
36
Once you finished copying, execute `kexec-boot` *on the destination*, and after
+3
-3
nixos/doc/manual/installation/installing-usb.section.md
+3
-3
nixos/doc/manual/installation/installing-usb.section.md
···
56
56
sudo dd if=<path-to-image> of=/dev/rdiskX bs=4m
57
57
```
58
58
59
-
After `dd` completes, a GUI dialog \"The disk
60
-
you inserted was not readable by this computer\" will pop up, which can
59
+
After `dd` completes, a GUI dialog "The disk
60
+
you inserted was not readable by this computer" will pop up, which can
61
61
be ignored.
62
62
63
63
::: {.note}
64
-
Using the \'raw\' `rdiskX` device instead of `diskX` with dd completes in
64
+
Using the 'raw' `rdiskX` device instead of `diskX` with dd completes in
65
65
minutes instead of hours.
66
66
:::
67
67
+3
-3
nixos/doc/manual/installation/installing-virtualbox-guest.section.md
+3
-3
nixos/doc/manual/installation/installing-virtualbox-guest.section.md
···
6
6
page](https://nixos.org/nixos/download.html). If you want to set up a
7
7
VirtualBox guest manually, follow these instructions:
8
8
9
-
1. Add a New Machine in VirtualBox with OS Type \"Linux / Other Linux\"
9
+
1. Add a New Machine in VirtualBox with OS Type "Linux / Other Linux"
10
10
11
11
1. Base Memory Size: 768 MB or higher.
12
12
···
16
16
17
17
1. Click on Settings / System / Processor and enable PAE/NX
18
18
19
-
1. Click on Settings / System / Acceleration and enable \"VT-x/AMD-V\"
19
+
1. Click on Settings / System / Acceleration and enable "VT-x/AMD-V"
20
20
acceleration
21
21
22
22
1. Click on Settings / Display / Screen and select VMSVGA as Graphics
···
41
41
42
42
Shared folders can be given a name and a path in the host system in the
43
43
VirtualBox settings (Machine / Settings / Shared Folders, then click on
44
-
the \"Add\" icon). Add the following to the
44
+
the "Add" icon). Add the following to the
45
45
`/etc/nixos/configuration.nix` to auto-mount them. If you do not add
46
46
`"nofail"`, the system will not boot properly.
47
47
+4
-4
nixos/doc/manual/installation/installing.chapter.md
+4
-4
nixos/doc/manual/installation/installing.chapter.md
···
230
230
#### UEFI (GPT) {#sec-installation-manual-partitioning-UEFI}
231
231
[]{#sec-installation-partitioning-UEFI} <!-- legacy anchor -->
232
232
233
-
Here\'s an example partition scheme for UEFI, using `/dev/sda` as the
233
+
Here's an example partition scheme for UEFI, using `/dev/sda` as the
234
234
device.
235
235
236
236
::: {.note}
237
-
You can safely ignore `parted`\'s informational message about needing to
237
+
You can safely ignore `parted`'s informational message about needing to
238
238
update /etc/fstab.
239
239
:::
240
240
···
279
279
#### Legacy Boot (MBR) {#sec-installation-manual-partitioning-MBR}
280
280
[]{#sec-installation-partitioning-MBR} <!-- legacy anchor -->
281
281
282
-
Here\'s an example partition scheme for Legacy Boot, using `/dev/sda` as
282
+
Here's an example partition scheme for Legacy Boot, using `/dev/sda` as
283
283
the device.
284
284
285
285
::: {.note}
286
-
You can safely ignore `parted`\'s informational message about needing to
286
+
You can safely ignore `parted`'s informational message about needing to
287
287
update /etc/fstab.
288
288
:::
289
289
+1
-1
nixos/doc/manual/md-to-db.sh
+1
-1
nixos/doc/manual/md-to-db.sh
···
1
1
#! /usr/bin/env nix-shell
2
-
#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/tarball/21.11 -i bash -p pandoc
2
+
#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/tarball/22.11 -i bash -p pandoc
3
3
4
4
# This script is temporarily needed while we transition the manual to
5
5
# CommonMark. It converts the .md files in the regular manual folder
+6
-6
nixos/doc/manual/release-notes/rl-1509.section.md
+6
-6
nixos/doc/manual/release-notes/rl-1509.section.md
···
2
2
3
3
In addition to numerous new and upgraded packages, this release has the following highlights:
4
4
5
-
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
5
+
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up ("Haskell NG"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement ["Full Stackage Support in Nixpkgs"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
6
6
7
7
- Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security.
8
8
···
178
178
179
179
- Nix now requires binary caches to be cryptographically signed. If you have unsigned binary caches that you want to continue to use, you should set `nix.requireSignedBinaryCaches = false`.
180
180
181
-
- Steam now doesn\'t need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
181
+
- Steam now doesn't need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
182
182
183
183
- CMPlayer has been renamed to bomi upstream. Package `cmplayer` was accordingly renamed to `bomi`
184
184
···
203
203
}
204
204
```
205
205
206
-
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we\'d add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
206
+
- "`nix-env -qa`" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
207
207
208
208
```ShellSession
209
209
nix-env -f "<nixpkgs>" -qaP -A haskellPackages
···
217
217
218
218
Installing Haskell _libraries_ this way, however, is no longer supported. See the next item for more details.
219
219
220
-
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user\'s profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
220
+
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user's profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
221
221
222
222
- All Haskell builds that have been generated with version 1.x of the `cabal2nix` utility are now invalid and need to be re-generated with a current version of `cabal2nix` to function. The most recent version of this tool can be installed by running `nix-env -i cabal2nix`.
223
223
224
-
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it\'s now called `overrides`.
224
+
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it's now called `overrides`.
225
225
226
226
- The OpenBLAS library has been updated to version `0.2.14`. Support for the `x86_64-darwin` platform was added. Dynamic architecture detection was enabled; OpenBLAS now selects microarchitecture-optimized routines at runtime, so optimal performance is achieved without the need to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages which use an optimized BLAS or LAPACK implementation.
227
227
···
312
312
313
313
- The nixos and nixpkgs channels were unified, so one _can_ use `nix-env -iA nixos.bash` instead of `nix-env -iA nixos.pkgs.bash`. See [the commit](https://github.com/NixOS/nixpkgs/commit/2cd7c1f198) for details.
314
314
315
-
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH\'s default version with one they generated themselves using the new `services.openssh.moduliFile` option.
315
+
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH's default version with one they generated themselves using the new `services.openssh.moduliFile` option.
316
316
317
317
- A newly packaged TeX Live 2015 is provided in `pkgs.texlive`, split into 6500 nix packages. For basic user documentation see [the source](https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1). Beware of [an issue](https://github.com/NixOS/nixpkgs/issues/9757) when installing a too large package set. The plan is to deprecate and maybe delete the original TeX packages until the next release.
318
318
+8
-8
nixos/doc/manual/release-notes/rl-1603.section.md
+8
-8
nixos/doc/manual/release-notes/rl-1603.section.md
···
152
152
}
153
153
```
154
154
155
-
- `s3sync` is removed, as it hasn\'t been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
155
+
- `s3sync` is removed, as it hasn't been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
156
156
157
-
- `ruby_1_8` has been removed as it\'s not supported from upstream anymore and probably contains security issues.
157
+
- `ruby_1_8` has been removed as it's not supported from upstream anymore and probably contains security issues.
158
158
159
159
- `tidy-html5` package is removed. Upstream only provided `(lib)tidy5` during development, and now they went back to `(lib)tidy` to work as a drop-in replacement of the original package that has been unmaintained for years. You can (still) use the `html-tidy` package, which got updated to a stable release from this new upstream.
160
160
161
161
- `extraDeviceOptions` argument is removed from `bumblebee` package. Instead there are now two separate arguments: `extraNvidiaDeviceOptions` and `extraNouveauDeviceOptions` for setting extra X11 options for nvidia and nouveau drivers, respectively.
162
162
163
-
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There\'s a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
163
+
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There's a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
164
164
165
165
- `emacsPackagesNg` now contains all packages from the ELPA, MELPA, and MELPA Stable repositories.
166
166
167
-
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories\' access rights, new `aliasFiles` and `mapFiles` options and more.
167
+
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories' access rights, new `aliasFiles` and `mapFiles` options and more.
168
168
169
169
- Filesystem options should now be configured as a list of strings, not a comma-separated string. The old style will continue to work, but print a warning, until the 16.09 release. An example of the new style:
170
170
···
180
180
181
181
- CUPS, installed by `services.printing` module, now has its data directory in `/var/lib/cups`. Old configurations from `/etc/cups` are moved there automatically, but there might be problems. Also configuration options `services.printing.cupsdConf` and `services.printing.cupsdFilesConf` were removed because they had been allowing one to override configuration variables required for CUPS to work at all on NixOS. For most use cases, `services.printing.extraConf` and new option `services.printing.extraFilesConf` should be enough; if you encounter a situation when they are not, please file a bug.
182
182
183
-
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it\'s greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
183
+
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it's greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
184
184
185
185
- `services.xserver.vaapiDrivers` has been removed. Use `hardware.opengl.extraPackages{,32}` instead. You can also specify VDPAU drivers there.
186
186
···
202
202
}
203
203
```
204
204
205
-
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn\'t be overridden by anything else.
205
+
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn't be overridden by anything else.
206
206
207
207
- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.
208
208
···
246
246
247
247
you should either re-run `nixos-generate-config` or manually replace `"${config.boot.kernelPackages.broadcom_sta}"` by `config.boot.kernelPackages.broadcom_sta` in your `/etc/nixos/hardware-configuration.nix`. More discussion is on [ the github issue](https://github.com/NixOS/nixpkgs/pull/12595).
248
248
249
-
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we\'ve implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
249
+
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
250
250
251
251
```shell
252
252
GPG_TTY=$(tty)
···
273
273
gpg --import ~/.gnupg/secring.gpg
274
274
```
275
275
276
-
The `gpg-agent(1)` man page has more details about this subject, i.e. in the \"EXAMPLES\" section.
276
+
The `gpg-agent(1)` man page has more details about this subject, i.e. in the "EXAMPLES" section.
277
277
278
278
Other notable improvements:
279
279
+3
-3
nixos/doc/manual/release-notes/rl-1609.section.md
+3
-3
nixos/doc/manual/release-notes/rl-1609.section.md
···
20
20
21
21
- A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
22
22
23
-
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don\'t actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
23
+
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
24
24
25
25
- Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`.
26
26
···
28
28
29
29
- `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused.
30
30
31
-
- Gitlab\'s maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
31
+
- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
32
32
33
33
- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).
34
34
···
38
38
39
39
- `pkgs.linuxPackages.virtualbox` now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new `pkgs.virtualbox` instead.
40
40
41
-
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There\'s also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
41
+
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There's also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
42
42
43
43
- `services.mongodb.extraConfig` configuration format was changed to YAML.
44
44
+5
-5
nixos/doc/manual/release-notes/rl-1703.section.md
+5
-5
nixos/doc/manual/release-notes/rl-1703.section.md
···
8
8
9
9
- This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
10
10
11
-
- The default desktop environment now is KDE\'s Plasma 5. KDE 4 has been removed
11
+
- The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed
12
12
13
13
- The setuid wrapper functionality now supports setting capabilities.
14
14
···
208
208
209
209
- Two lone top-level dict dbs moved into `dictdDBs`. This affects: `dictdWordnet` which is now at `dictdDBs.wordnet` and `dictdWiktionary` which is now at `dictdDBs.wiktionary`
210
210
211
-
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid\'s documentation.
211
+
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid's documentation.
212
212
213
213
- `Ntpd` was replaced by `systemd-timesyncd` as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting `services.ntp.enable` to `true`. Upstream time servers for all NTP implementations are now configured using `networking.timeServers`.
214
214
···
260
260
261
261
- Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs.
262
262
263
-
- `local_recipient_maps` is not set to empty value by Postfix service. It\'s an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
263
+
- `local_recipient_maps` is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
264
264
265
265
- Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags `-4` and `-6` have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the `-I` flag, but by encoding the interface into the address (`ping fe80::1%eth0`).
266
266
267
-
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn\'t support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
267
+
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
268
268
269
269
- The `fetch*` functions no longer support md5, please use sha256 instead.
270
270
···
278
278
279
279
- Module type system have a new extensible option types feature that allow to extend certain types, such as enum, through multiple option declarations of the same option across multiple modules.
280
280
281
-
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it\'s recommended to use `jre_headless`.
281
+
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it's recommended to use `jre_headless`.
282
282
283
283
- Python 2.6 interpreter and package set have been removed.
284
284
+8
-8
nixos/doc/manual/release-notes/rl-1709.section.md
+8
-8
nixos/doc/manual/release-notes/rl-1709.section.md
···
8
8
9
9
- The user handling now keeps track of deallocated UIDs/GIDs. When a user or group is revived, this allows it to be allocated the UID/GID it had before. A consequence is that UIDs and GIDs are no longer reused.
10
10
11
-
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it\'s now possible to also set additional options by using an attribute set, for example:
11
+
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it's now possible to also set additional options by using an attribute set, for example:
12
12
13
13
```nix
14
14
{ services.xserver.xrandrHeads = [
···
208
208
209
209
- The `mysql` default `dataDir` has changed from `/var/mysql` to `/var/lib/mysql`.
210
210
211
-
- Radicale\'s default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
211
+
- Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
212
212
213
213
- The `aiccu` package was removed. This is due to SixXS [ sunsetting](https://www.sixxs.net/main/) its IPv6 tunnel.
214
214
···
216
216
217
217
- Top-level `idea` package collection was renamed. All JetBrains IDEs are now at `jetbrains`.
218
218
219
-
- `flexget`\'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
219
+
- `flexget`'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
220
220
221
-
- The `ipfs` service now doesn\'t ignore the `dataDir` option anymore. If you\'ve ever set this option to anything other than the default you\'ll have to either unset it (so the default gets used) or migrate the old data manually with
221
+
- The `ipfs` service now doesn't ignore the `dataDir` option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
222
222
223
223
```ShellSession
224
224
dataDir=<valueOfDataDir>
···
236
236
237
237
- `wvdial` package and module were removed. This is due to the project being dead and not building with openssl 1.1.
238
238
239
-
- `cc-wrapper`\'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages\' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
239
+
- `cc-wrapper`'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
240
240
241
241
- `services.firefox.syncserver` now runs by default as a non-root user. To accommodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details.
242
242
···
244
244
245
245
- Touchpad support should now be enabled through `libinput` as `synaptics` is now deprecated. See the option `services.xserver.libinput.enable`.
246
246
247
-
- grsecurity/PaX support has been dropped, following upstream\'s decision to cease free support. See [ upstream\'s announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
247
+
- grsecurity/PaX support has been dropped, following upstream's decision to cease free support. See [ upstream's announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
248
248
249
249
- `services.mysql` now has declarative configuration of databases and users with the `ensureDatabases` and `ensureUsers` options.
250
250
···
283
283
284
284
## Other Notable Changes {#sec-release-17.09-notable-changes}
285
285
286
-
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it\'s place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
286
+
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it's place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
287
287
288
-
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer\'s intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
288
+
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer's intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
289
289
290
290
- ZFS/SPL have been updated to 0.7.0, `zfsUnstable, splUnstable` have therefore been removed.
291
291
+5
-5
nixos/doc/manual/release-notes/rl-1803.section.md
+5
-5
nixos/doc/manual/release-notes/rl-1803.section.md
···
6
6
7
7
- End of support is planned for end of October 2018, handing over to 18.09.
8
8
9
-
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn\'t NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it\'s waiting for some test fixes, etc.
9
+
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc.
10
10
11
11
- Nix now defaults to 2.0; see its [release notes](https://nixos.org/nix/manual/#ssec-relnotes-2.0).
12
12
···
176
176
177
177
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
178
178
179
-
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn\'t but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
179
+
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
180
180
181
181
- `lib.addPassthru drv passthru` is removed. Use `lib.extendDerivation true passthru drv` instead.
182
182
···
184
184
185
185
- The `hardware.amdHybridGraphics.disable` option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
186
186
187
-
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn\'t include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
187
+
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn't include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
188
188
189
189
- The following changes apply if the `stateVersion` is changed to 18.03 or higher. For `stateVersion = "17.09"` or lower the old behavior is preserved.
190
190
···
204
204
205
205
- The data directory `/var/lib/piwik` was renamed to `/var/lib/matomo`. All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
206
206
207
-
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you\'ll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
207
+
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you'll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
208
208
209
209
- The `piwik` user was renamed to `matomo`. The service will adjust ownership automatically for files in the data directory. If you use unix socket authentication, remember to give the new `matomo` user access to the database and to change the `username` to `matomo` in the `[database]` section of `/var/lib/matomo/config/config.ini.php`.
210
210
···
250
250
251
251
- The option `services.logstash.listenAddress` is now `127.0.0.1` by default. Previously the default behaviour was to listen on all interfaces.
252
252
253
-
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there\'s a correct copy available, it will automatically repair corrupted blocks.
253
+
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there's a correct copy available, it will automatically repair corrupted blocks.
254
254
255
255
- `displayManager.lightdm.greeters.gtk.clock-format.` has been added, the clock format string (as expected by strftime, e.g. `%H:%M`) to use with the lightdm gtk greeter panel.
256
256
+5
-5
nixos/doc/manual/release-notes/rl-1809.section.md
+5
-5
nixos/doc/manual/release-notes/rl-1809.section.md
···
204
204
205
205
- The `clementine` package points now to the free derivation. `clementineFree` is removed now and `clementineUnfree` points to the package which is bundled with the unfree `libspotify` package.
206
206
207
-
- The `netcat` package is now taken directly from OpenBSD\'s `libressl`, instead of relying on Debian\'s fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
207
+
- The `netcat` package is now taken directly from OpenBSD's `libressl`, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
208
208
209
-
- The `services.docker-registry.extraConfig` object doesn\'t contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
209
+
- The `services.docker-registry.extraConfig` object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
210
210
211
-
- `gnucash` has changed from version 2.4 to 3.x. If you\'ve been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
211
+
- `gnucash` has changed from version 2.4 to 3.x. If you've been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
212
212
213
213
- `services.munge` now runs as user (and group) `munge` instead of root. Make sure the key file is accessible to the daemon.
214
214
···
315
315
316
316
- The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set `services.kubernetes.addons.dashboard.rbac.clusterAdmin` to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: `kubectl delete clusterrolebinding kubernetes-dashboard`
317
317
318
-
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn\'t available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
318
+
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
319
319
320
320
- The module `services.networking.hostapd` now uses WPA2 by default.
321
321
···
327
327
328
328
- The default display manager is now LightDM. To use SLiM set `services.xserver.displayManager.slim.enable` to `true`.
329
329
330
-
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it\'s no longer necessary to use `</para><para>` to start a new paragraph.
330
+
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use `</para><para>` to start a new paragraph.
331
331
332
332
- Top-level `buildPlatform`, `hostPlatform`, and `targetPlatform` in Nixpkgs are deprecated. Please use their equivalents in `stdenv` instead: `stdenv.buildPlatform`, `stdenv.hostPlatform`, and `stdenv.targetPlatform`.
+9
-9
nixos/doc/manual/release-notes/rl-1903.section.md
+9
-9
nixos/doc/manual/release-notes/rl-1903.section.md
···
11
11
- Added the Pantheon desktop environment. It can be enabled through `services.xserver.desktopManager.pantheon.enable`.
12
12
13
13
::: {.note}
14
-
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon\'s screen locking implementation relies on it.
15
-
Because of that it is recommended to leave LightDM enabled. If you\'d like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
14
+
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon's screen locking implementation relies on it.
15
+
Because of that it is recommended to leave LightDM enabled. If you'd like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
16
16
:::
17
17
18
-
Also note that Pantheon\'s LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn\'t optimal for use here yet.
18
+
Also note that Pantheon's LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn't optimal for use here yet.
19
19
20
20
- A major refactoring of the Kubernetes module has been completed. Refactorings primarily focus on decoupling components and enhancing security. Two-way TLS and RBAC has been enabled by default for all components, which slightly changes the way the module is configured. See: [](#sec-kubernetes) for details.
21
21
···
57
57
58
58
- The Syncthing state and configuration data has been moved from `services.syncthing.dataDir` to the newly defined `services.syncthing.configDir`, which default to `/var/lib/syncthing/.config/syncthing`. This change makes possible to share synced directories using ACLs without Syncthing resetting the permission on every start.
59
59
60
-
- The `ntp` module now has sane default restrictions. If you\'re relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
60
+
- The `ntp` module now has sane default restrictions. If you're relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
61
61
62
62
- Package `rabbitmq_server` is renamed to `rabbitmq-server`.
63
63
···
89
89
90
90
- The option `services.xserver.displayManager.job.logToFile` which was previously set to `true` when using the display managers `lightdm`, `sddm` or `xpra` has been reset to the default value (`false`).
91
91
92
-
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device \"default\" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
92
+
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
93
93
94
-
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we\'re using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it\'s usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
94
+
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
95
95
96
96
If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters.
97
97
···
137
137
138
138
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
139
139
140
-
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account\'s password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
140
+
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
141
141
142
142
- `fish` has been upgraded to 3.0. It comes with a number of improvements and backwards incompatible changes. See the `fish` [release notes](https://github.com/fish-shell/fish-shell/releases/tag/3.0.0) for more information.
143
143
···
145
145
146
146
- NixOS module system type `types.optionSet` and `lib.mkOption` argument `options` are deprecated. Use `types.submodule` instead. ([\#54637](https://github.com/NixOS/nixpkgs/pull/54637))
147
147
148
-
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let\'s Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let\'s Encrypt certificates.
148
+
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let's Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let's Encrypt certificates.
149
149
150
150
- `mailutils` now works by default when `sendmail` is not in a setuid wrapper. As a consequence, the `sendmailPath` argument, having lost its main use, has been removed.
151
151
···
191
191
With this change application specific volumes are relative to the master volume which can be adjusted independently, whereas before they were absolute; meaning that in effect, it scaled the device-volume with the volume of the loudest application.
192
192
:::
193
193
194
-
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn\'t contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
194
+
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn't contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
195
195
196
196
- New installs of NixOS will default to the Redmine 4.x series unless otherwise specified in `services.redmine.package` while existing installs of NixOS will default to the Redmine 3.x series.
197
197
+15
-15
nixos/doc/manual/release-notes/rl-1909.section.md
+15
-15
nixos/doc/manual/release-notes/rl-1909.section.md
···
34
34
35
35
- The installer now uses a less privileged `nixos` user whereas before we logged in as root. To gain root privileges use `sudo -i` without a password.
36
36
37
-
- We\'ve updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you\'d like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They\'re incompatibilities with the current Xfce module; it doesn\'t support `thunarPlugins` and it isn\'t recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
37
+
- We've updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you'd like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support `thunarPlugins` and it isn't recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
38
38
39
39
- The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages like games.
40
40
···
46
46
47
47
- `services.gnome3.games.enable`
48
48
49
-
With these options we hope to give users finer grained control over their systems. Prior to this change you\'d either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
49
+
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
50
50
51
-
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we\'ve updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
51
+
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
52
52
53
53
**The following changes were enacted in `services.gnome3.core-utilities.enable`**
54
54
···
104
104
105
105
- `services.xserver.desktopManager.pantheon`
106
106
107
-
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn\'t use it as a service, but its graphical interface directly.
107
+
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn't use it as a service, but its graphical interface directly.
108
108
109
109
- [services.blueman.enable](options.html#opt-services.blueman.enable) has been added. If you previously had blueman installed via `environment.systemPackages` please migrate to using the NixOS module, as this would result in an insufficiently configured blueman.
110
110
···
118
118
119
119
- PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle and has been removed.
120
120
121
-
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd\'s [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
121
+
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd's [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
122
122
123
123
- The NetworkManager systemd unit was renamed back from network-manager.service to NetworkManager.service for better compatibility with other applications expecting this name. The same applies to ModemManager where modem-manager.service is now called ModemManager.service again.
124
124
125
-
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn\'t actually been used by the module for some time and so was removed as cleanup.
125
+
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn't actually been used by the module for some time and so was removed as cleanup.
126
126
127
127
- The `services.mysql.pidDir` option was removed, as it was only used by the wordpress apache-httpd service to wait for mysql to have started up. This can be accomplished by either describing a dependency on mysql.service (preferred) or waiting for the (hardcoded) `/run/mysqld/mysql.sock` file to appear.
128
128
···
148
148
149
149
A new knob named `nixops.enableDeprecatedAutoLuks` has been introduced to disable the eval failure and to acknowledge the notice was received and read. If you plan on using the feature please note that it might break with subsequent updates.
150
150
151
-
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn\'t boot anymore.
151
+
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn't boot anymore.
152
152
153
153
If you are actively using the `autoLuks` module please let us know in [issue \#62211](https://github.com/NixOS/nixpkgs/issues/62211).
154
154
···
196
196
197
197
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
198
198
199
-
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn\'t explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
199
+
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
200
200
201
201
- The old deprecated `emacs` package sets have been dropped. What used to be called `emacsPackagesNg` is now simply called `emacsPackages`.
202
202
203
-
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn\'t useful for all people so it didn\'t make sense to have any desktopManager enabled default.
203
+
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to have any desktopManager enabled default.
204
204
205
-
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn\'t receive any updates from upstream and depends on outdated Python2-based modules.
205
+
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn't receive any updates from upstream and depends on outdated Python2-based modules.
206
206
207
207
- Old unsupported versions (`logstash5`, `kibana5`, `filebeat5`, `heartbeat5`, `metricbeat5`, `packetbeat5`) of the ELK-stack and Elastic beats have been removed.
208
208
···
210
210
211
211
- Citrix Receiver (`citrix_receiver`) has been dropped in favor of Citrix Workspace (`citrix_workspace`).
212
212
213
-
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren\'t stored in the world-readable nix store, but means that for each option you\'ll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
213
+
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren't stored in the world-readable nix store, but means that for each option you'll have to create a file with the same exact string, add "File" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
214
214
215
215
The state path (`services.gitlab.statePath`) now has the following restriction: no parent directory can be owned by any other user than `root` or the user specified in `services.gitlab.user`; i.e. if `services.gitlab.statePath` is set to `/var/lib/gitlab/state`, `gitlab` and all parent directories must be owned by either `root` or the user specified in `services.gitlab.user`.
216
216
···
218
218
219
219
- The Twitter client `corebird` has been dropped as [it is discontinued and does not work against the new Twitter API](https://www.patreon.com/posts/corebirds-future-18921328). Please use the fork `cawbird` instead which has been adapted to the API changes and is still maintained.
220
220
221
-
- The `nodejs-11_x` package has been removed as it\'s EOLed by upstream.
221
+
- The `nodejs-11_x` package has been removed as it's EOLed by upstream.
222
222
223
223
- Because of the systemd upgrade, systemd-timesyncd will no longer work if `system.stateVersion` is not set correctly. When upgrading from NixOS 19.03, please make sure that `system.stateVersion` is set to `"19.03"`, or lower if the installation dates back to an earlier version of NixOS.
224
224
···
252
252
253
253
- The `consul` package was upgraded past version `1.5`, so its deprecated legacy UI is no longer available.
254
254
255
-
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you\'ll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
255
+
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you'll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
256
256
257
257
- The `phabricator` package and associated `httpd.extraSubservice`, as well as the `phd` service have been removed from nixpkgs due to lack of maintainer.
258
258
···
264
264
265
265
- The `tomcat-connector` `httpd.extraSubservice` has been removed from nixpkgs.
266
266
267
-
- It\'s now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
267
+
- It's now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
268
268
269
269
- There exists now `lib.forEach`, which is like `map`, but with arguments flipped. When mapping function body spans many lines (or has nested `map`s), it is often hard to follow which list is modified.
270
270
···
308
308
309
309
- The `altcoins` categorization of packages has been removed. You now access these packages at the top level, ie. `nix-shell -p dogecoin` instead of `nix-shell -p altcoins.dogecoin`, etc.
310
310
311
-
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There\'s been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
311
+
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There's been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
312
312
313
313
- `pkgs.weechat` is now compiled against `pkgs.python3`. Weechat also recommends [to use Python3 in their docs.](https://weechat.org/scripts/python3/)
+29
-29
nixos/doc/manual/release-notes/rl-2003.section.md
+29
-29
nixos/doc/manual/release-notes/rl-2003.section.md
···
34
34
35
35
- Postgresql for NixOS service now defaults to v11.
36
36
37
-
- The graphical installer image starts the graphical session automatically. Before you\'d be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
37
+
- The graphical installer image starts the graphical session automatically. Before you'd be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
38
38
39
39
- GNOME 3 has been upgraded to 3.34. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/3.34) for details.
40
40
41
-
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon\'s newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS\'s usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
41
+
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon's newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS's usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
42
42
43
43
- By default zfs pools will now be trimmed on a weekly basis. Trimming is only done on supported devices (i.e. NVME or SSDs) and should improve throughput and lifetime of these devices. It is controlled by the `services.zfs.trim.enable` varname. The zfs scrub service (`services.zfs.autoScrub.enable`) and the zfs autosnapshot service (`services.zfs.autoSnapshot.enable`) are now only enabled if zfs is set in `config.boot.initrd.supportedFilesystems` or `config.boot.supportedFilesystems`. These lists will automatically contain zfs as soon as any zfs mountpoint is configured in `fileSystems`.
44
44
···
77
77
78
78
- The kubernetes kube-proxy now supports a new hostname configuration `services.kubernetes.proxy.hostname` which has to be set if the hostname of the node should be non default.
79
79
80
-
- UPower\'s configuration is now managed by NixOS and can be customized via `services.upower`.
80
+
- UPower's configuration is now managed by NixOS and can be customized via `services.upower`.
81
81
82
82
- To use Geary you should enable [programs.geary.enable](options.html#opt-programs.geary.enable) instead of just adding it to [environment.systemPackages](options.html#opt-environment.systemPackages). It was created so Geary could function properly outside of GNOME.
83
83
···
187
187
188
188
- The `99-main.network` file was removed. Matching all network interfaces caused many breakages, see [\#18962](https://github.com/NixOS/nixpkgs/pull/18962) and [\#71106](https://github.com/NixOS/nixpkgs/pull/71106).
189
189
190
-
We already don\'t support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
190
+
We already don't support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
191
191
192
-
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages\' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
192
+
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
193
193
194
194
- The SLIM Display Manager has been removed, as it has been unmaintained since 2013. Consider migrating to a different display manager such as LightDM (current default in NixOS), SDDM, GDM, or using the startx module which uses Xinitrc.
195
195
···
197
197
198
198
- The BEAM package set has been deleted. You will only find there the different interpreters. You should now use the different build tools coming with the languages with sandbox mode disabled.
199
199
200
-
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release\'s development (if viable).
200
+
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release's development (if viable).
201
201
202
202
- The [phpfpm](options.html#opt-services.phpfpm.pools) module now sets `PrivateTmp=true` in its systemd units for better process isolation. If you rely on `/tmp` being shared with other services, explicitly override this by setting `serviceConfig.PrivateTmp` to `false` for each phpfpm unit.
203
203
···
221
221
222
222
- The packages `openobex` and `obexftp` are no longer installed when enabling Bluetooth via `hardware.bluetooth.enable`.
223
223
224
-
- The `dump1090` derivation has been changed to use FlightAware\'s dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
224
+
- The `dump1090` derivation has been changed to use FlightAware's dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
225
225
226
226
- The fourStore and fourStoreEndpoint modules have been removed.
227
227
···
291
291
292
292
- `services.buildkite-agent.meta-data` has been renamed to [services.buildkite-agents.\<name\>.tags](options.html#opt-services.buildkite-agents), to match upstreams naming for 3.x. Its type has also changed - it now accepts an attrset of strings.
293
293
294
-
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it\'s not necessary to deploy public keys to clone private repositories.
294
+
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it's not necessary to deploy public keys to clone private repositories.
295
295
296
296
- `services.buildkite-agent.openssh.privateKeyPath` has been renamed to [buildkite-agents.\<name\>.privateSshKeyPath](options.html#opt-services.buildkite-agents), as the whole `openssh` now only contained that single option.
297
297
···
301
301
302
302
- The `gcc5` and `gfortran5` packages have been removed.
303
303
304
-
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it\'s actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
304
+
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it's actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
305
305
306
306
```nix
307
307
{
···
325
325
auth required pam_succeed_if.so quiet
326
326
```
327
327
328
-
line, where default it\'s:
328
+
line, where default it's:
329
329
330
330
```
331
331
auth required pam_succeed_if.so uid >= 1000 quiet
332
332
```
333
333
334
-
not permitting users with uid\'s below 1000 (like root). All other display managers in NixOS are configured like this.
334
+
not permitting users with uid's below 1000 (like root). All other display managers in NixOS are configured like this.
335
335
336
336
- There have been lots of improvements to the Mailman module. As a result,
337
337
···
357
357
358
358
- Rspamd was updated to version 2.2. Read [ the upstream migration notes](https://rspamd.com/doc/migration.html#migration-to-rspamd-20) carefully. Please be especially aware that some modules were removed and the default Bayes backend is now Redis.
359
359
360
-
- The `*psu` versions of oraclejdk8 have been removed as they aren\'t provided by upstream anymore.
360
+
- The `*psu` versions of oraclejdk8 have been removed as they aren't provided by upstream anymore.
361
361
362
-
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We\'ve added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
362
+
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We've added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
363
363
364
364
```nix
365
365
{
···
382
382
383
383
- `qesteidutil` has been deprecated in favor of `qdigidoc`.
384
384
385
-
- sqldeveloper_18 has been removed as it\'s not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
385
+
- sqldeveloper_18 has been removed as it's not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
386
386
387
-
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don\'t need to algorithmically partition anything.
387
+
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything.
388
388
389
389
This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a `buildDepends` or run-time Haskell dependency as a `setupDepends`, whereas things would have worked before they may not work now.
390
390
391
-
- The gcc-snapshot-package has been removed. It\'s marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
391
+
- The gcc-snapshot-package has been removed. It's marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
392
392
393
393
- The nixos-build-vms8 -script now uses the python test-driver.
394
394
···
398
398
399
399
- Stand-alone usage of `Upower` now requires `services.upower.enable` instead of just installing into [environment.systemPackages](options.html#opt-environment.systemPackages).
400
400
401
-
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can\'t upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
401
+
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can't upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
402
402
403
403
To provide a safe upgrade-path and to circumvent similar issues in the future, the following measures were taken:
404
404
405
405
- The pkgs.nextcloud-attribute has been removed and replaced with versioned attributes (currently pkgs.nextcloud17 and pkgs.nextcloud18). With this change major-releases can be backported without breaking stuff and to make upgrade-paths easier.
406
406
407
-
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it\'s recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
407
+
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it's recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
408
408
409
-
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn\'t select an older version by accident. It\'s recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
409
+
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn't select an older version by accident. It's recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
410
410
411
411
::: {.warning}
412
-
Please note that if you\'re coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
412
+
Please note that if you're coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
413
413
:::
414
414
415
-
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it\'s necessary to upgrade Hydra in multiple steps:
415
+
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it's necessary to upgrade Hydra in multiple steps:
416
416
417
417
- At first, an older version of Hydra needs to be deployed which adds those (nullable) columns. When having set [stateVersion ](options.html#opt-system.stateVersion) to a value older than `20.03`, this package will be selected by default from the module when upgrading. Otherwise, the package can be deployed using the following config:
418
418
···
434
434
- Deploy a newer version of Hydra to activate the DB optimizations. This can be done by using hydra-unstable. This package already includes [flake-support](https://github.com/nixos/rfcs/pull/49) and is therefore compiled against pkgs.nixFlakes.
435
435
436
436
::: {.warning}
437
-
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn\'t run the migration.
437
+
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn't run the migration.
438
438
:::
439
439
440
-
Please note that Hydra is currently not available with nixStable as this doesn\'t compile anymore.
440
+
Please note that Hydra is currently not available with nixStable as this doesn't compile anymore.
441
441
442
442
::: {.warning}
443
-
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you\'re doing!
443
+
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you're doing!
444
444
:::
445
445
446
446
- The TokuDB storage engine will be disabled in mariadb 10.5. It is recommended to switch to RocksDB. See also [TokuDB](https://mariadb.com/kb/en/tokudb/).
···
478
478
479
479
Depending on your setup, you need to incorporate one of the following changes in your setup to upgrade to 20.03:
480
480
481
-
- If you use `sqlite3` you don\'t need to do anything.
481
+
- If you use `sqlite3` you don't need to do anything.
482
482
483
-
- If you use `postgresql` on a different server, you don\'t need to change anything as well since this module was never designed to configure remote databases.
483
+
- If you use `postgresql` on a different server, you don't need to change anything as well since this module was never designed to configure remote databases.
484
484
485
485
- If you use `postgresql` and configured your synapse initially on `19.09` or older, you simply need to enable postgresql-support explicitly:
486
486
···
496
496
497
497
- If you deploy a fresh matrix-synapse, you need to configure the database yourself (e.g. by using the [services.postgresql.initialScript](options.html#opt-services.postgresql.initialScript) option). An example for this can be found in the [documentation of the Matrix module](#module-services-matrix).
498
498
499
-
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it\'s recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
499
+
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it's recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
500
500
501
-
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It\'s udev that parses `.link` files, not `systemd-networkd`.
501
+
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It's udev that parses `.link` files, not `systemd-networkd`.
502
502
503
503
- mongodb has been updated to version `3.4.24`.
504
504
505
505
::: {.warning}
506
-
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it\'s not entirely free and not OSI-approved, it\'s listed as non-free. This means that Hydra doesn\'t provide prebuilt mongodb-packages and needs to be built locally.
506
+
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it's not entirely free and not OSI-approved, it's listed as non-free. This means that Hydra doesn't provide prebuilt mongodb-packages and needs to be built locally.
507
507
:::
+21
-21
nixos/doc/manual/release-notes/rl-2009.section.md
+21
-21
nixos/doc/manual/release-notes/rl-2009.section.md
···
218
218
219
219
When upgrading from a previous release, please be aware of the following incompatible changes:
220
220
221
-
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user\'s UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
221
+
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user's UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
222
222
223
223
```nix
224
224
{
···
284
284
285
285
- The [matrix-synapse](options.html#opt-services.matrix-synapse.enable) module no longer includes optional dependencies by default, they have to be added through the [plugins](options.html#opt-services.matrix-synapse.plugins) option.
286
286
287
-
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go\'s [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
287
+
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go's [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
288
288
289
289
- Grafana is now built without support for phantomjs by default. Phantomjs support has been [deprecated in Grafana](https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/) and the phantomjs project is [currently unmaintained](https://github.com/ariya/phantomjs/issues/15344#issue-302015362). It can still be enabled by providing `phantomJsSupport = true` to the package instantiation:
290
290
···
306
306
307
307
- The initrd SSH support now uses OpenSSH rather than Dropbear to allow the use of Ed25519 keys and other OpenSSH-specific functionality. Host keys must now be in the OpenSSH format, and at least one pre-generated key must be specified.
308
308
309
-
If you used the `boot.initrd.network.ssh.host*Key` options, you\'ll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don\'t have any host keys set, you\'ll need to generate some; see the `hostKeys` option documentation for instructions.
309
+
If you used the `boot.initrd.network.ssh.host*Key` options, you'll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don't have any host keys set, you'll need to generate some; see the `hostKeys` option documentation for instructions.
310
310
311
-
- Since this release there\'s an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
311
+
- Since this release there's an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
312
312
313
313
```nix
314
314
{
···
325
325
}
326
326
```
327
327
328
-
The default `php` attribute hasn\'t lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
328
+
The default `php` attribute hasn't lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
329
329
330
330
All PHP `config` flags have been removed for the following reasons:
331
331
···
418
418
419
419
The default value for [services.httpd.mpm](options.html#opt-services.httpd.mpm) has been changed from `prefork` to `event`. Along with this change the default value for [services.httpd.virtualHosts.\<name\>.http2](options.html#opt-services.httpd.virtualHosts) has been set to `true`.
420
420
421
-
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd\'s deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
421
+
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd's deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
422
422
423
-
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd\'s documentation change. See systemd.network 5 for details.
423
+
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd's documentation change. See systemd.network 5 for details.
424
424
425
425
- In the `picom` module, several options that accepted floating point numbers encoded as strings (for example [services.picom.activeOpacity](options.html#opt-services.picom.activeOpacity)) have been changed to the (relatively) new native `float` type. To migrate your configuration simply remove the quotes around the numbers.
426
426
···
440
440
441
441
- The GRUB specific option `boot.loader.grub.extraInitrd` has been replaced with the generic option `boot.initrd.secrets`. This option creates a secondary initrd from the specified files, rather than using a manually created initrd file. Due to an existing bug with `boot.loader.grub.extraInitrd`, it is not possible to directly boot an older generation that used that option. It is still possible to rollback to that generation if the required initrd file has not been deleted.
442
442
443
-
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can\'t be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
443
+
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can't be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
444
444
445
445
- In the `resilio` module, [services.resilio.httpListenAddr](options.html#opt-services.resilio.httpListenAddr) has been changed to listen to `[::1]` instead of `0.0.0.0`.
446
446
···
456
456
457
457
- Update servers first, then clients.
458
458
459
-
- Radicale\'s default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
459
+
- Radicale's default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
460
460
461
461
- `udpt` experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml. The new configuration documentation can be found at [the official website](https://naim94a.github.io/udpt/config.html) and example configuration is packaged in `${udpt}/share/udpt/udpt.toml`.
462
462
···
522
522
}
523
523
```
524
524
525
-
The base package has also been upgraded to the 2020-07-29 \"Hogfather\" release. Plugins might be incompatible or require upgrading.
525
+
The base package has also been upgraded to the 2020-07-29 "Hogfather" release. Plugins might be incompatible or require upgrading.
526
526
527
527
- The [services.postgresql.dataDir](options.html#opt-services.postgresql.dataDir) option is now set to `"/var/lib/postgresql/${cfg.package.psqlSchema}"` regardless of your [system.stateVersion](options.html#opt-system.stateVersion). Users with an existing postgresql install that have a [system.stateVersion](options.html#opt-system.stateVersion) of `17.03` or below should double check what the value of their [services.postgresql.dataDir](options.html#opt-services.postgresql.dataDir) option is (`/var/db/postgresql`) and then explicitly set this value to maintain compatibility:
528
528
···
552
552
553
553
- The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`.
554
554
555
-
- The `security.rngd` service is now disabled by default. This choice was made because there\'s krngd in the linux kernel space making it (for most usecases) functionally redundent.
555
+
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent.
556
556
557
557
- The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed.
558
558
559
559
- The package nextcloud17 has been removed and nextcloud18 was marked as insecure since both of them will [ will be EOL (end of life) within the lifetime of 20.09](https://docs.nextcloud.com/server/19/admin_manual/release_schedule.html).
560
560
561
-
It\'s necessary to upgrade to nextcloud19:
561
+
It's necessary to upgrade to nextcloud19:
562
562
563
-
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn\'t allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
563
+
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn't allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
564
564
565
-
- From nextcloud18, it\'s possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
565
+
- From nextcloud18, it's possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
566
566
567
567
- The GNOME desktop manager no longer default installs gnome3.epiphany. It was chosen to do this as it has a usability breaking issue (see issue [\#98819](https://github.com/NixOS/nixpkgs/issues/98819)) that makes it unsuitable to be a default app.
568
568
···
578
578
579
579
- `services.journald.rateLimitBurst` was updated from `1000` to `10000` to follow the new upstream systemd default.
580
580
581
-
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They\'re not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
581
+
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They're not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
582
582
583
583
- Device tree overlay support was improved in [\#79370](https://github.com/NixOS/nixpkgs/pull/79370) and now uses [hardware.deviceTree.kernelPackage](options.html#opt-hardware.deviceTree.kernelPackage) instead of `hardware.deviceTree.base`. [hardware.deviceTree.overlays](options.html#opt-hardware.deviceTree.overlays) configuration was extended to support `.dts` files with symbols. Device trees can now be filtered by setting [hardware.deviceTree.filter](options.html#opt-hardware.deviceTree.filter) option.
584
584
···
590
590
591
591
Please note that Rust packages utilizing a custom build/install procedure (e.g. by using a `Makefile`) or test suites that rely on the structure of the `target/` directory may break due to those assumptions. For further information, please read the Rust section in the Nixpkgs manual.
592
592
593
-
- The cc- and binutils-wrapper\'s \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
593
+
- The cc- and binutils-wrapper's "infix salt" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a "suffix salt" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
594
594
595
595
- Additional Git documentation (HTML and text files) is now available via the `git-doc` package.
596
596
···
598
598
599
599
- The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer. To login through ssh, either a password or an ssh key must be set for the root user or the nixos user.
600
600
601
-
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn\'t require `systemd-networkd` - it\'s udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
601
+
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn't require `systemd-networkd` - it's udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
602
602
603
603
- Grafana received a major update to version 7.x. A plugin is now needed for image rendering support, and plugins must now be signed by default. More information can be found [in the Grafana documentation](https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0).
604
604
···
624
624
625
625
to get the previous behavior of listening on all network interfaces.
626
626
627
-
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it\'s netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
627
+
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it's netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
628
628
629
629
On a machine with \>100 virtual interfaces (e.g., wireguard tunnels, VLANs, ...), that all have to be brought up during system startup, the receive buffer size will spike for a brief period. Eventually some of the message will be dropped since there is not enough (permitted) buffer space available.
630
630
631
631
By having `systemd-networkd` start with a netlink socket created by `systemd` we can configure the `ReceiveBufferSize=` parameter in the socket options (i.e. `systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize`) without recompiling `systemd-networkd`.
632
632
633
-
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn\'t currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
633
+
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn't currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
634
634
635
-
Note: Increasing the `ReceiveBufferSize=` doesn\'t allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
635
+
Note: Increasing the `ReceiveBufferSize=` doesn't allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
636
636
637
637
- Specifying [mailboxes](options.html#opt-services.dovecot2.mailboxes) in the dovecot2 module as a list is deprecated and will break eval in 21.05. Instead, an attribute-set should be specified where the `name` should be the key of the attribute.
638
638
···
662
662
663
663
- nextcloud has been updated to [v19](https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/).
664
664
665
-
If you have an existing installation, please make sure that you\'re on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn\'t support upgrades across multiple major versions.
665
+
If you have an existing installation, please make sure that you're on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn't support upgrades across multiple major versions.
666
666
667
667
- The `nixos-run-vms` script now deletes the previous run machines states on test startup. You can use the `--keep-vm-state` flag to match the previous behaviour and keep the same VM state between different test runs.
668
668
+17
-17
nixos/doc/manual/release-notes/rl-2105.section.md
+17
-17
nixos/doc/manual/release-notes/rl-2105.section.md
···
68
68
69
69
- If the `services.dbus` module is enabled, then the user D-Bus session is now always socket activated. The associated options `services.dbus.socketActivated` and `services.xserver.startDbusSession` have therefore been removed and you will receive a warning if they are present in your configuration. This change makes the user D-Bus session available also for non-graphical logins.
70
70
71
-
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don\'t want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
71
+
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to "keep kernel", to avoid race conditions between iwd and networkd. If you don't want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
72
72
73
-
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it\'s compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
73
+
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it's compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
74
74
75
75
- Setting `services.openssh.authorizedKeysFiles` now also affects which keys `security.pam.enableSSHAgentAuth` will use. WARNING: If you are using these options in combination do make sure that any key paths you use are present in `services.openssh.authorizedKeysFiles`!
76
76
···
130
130
131
131
- `vim` and `neovim` switched to Python 3, dropping all Python 2 support.
132
132
133
-
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory\'s permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
133
+
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory's permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
134
134
135
135
- [boot.zfs.forceImportAll](options.html#opt-boot.zfs.forceImportAll) previously did nothing, but has been fixed. However its default has been changed to `false` to preserve the existing default behaviour. If you have this explicitly set to `true`, please note that your non-root pools will now be forcibly imported.
136
136
···
157
157
- Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and restarting the instance will now cause it to fetch and apply the new user data.
158
158
159
159
::: {.warning}
160
-
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`\'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
160
+
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
161
161
:::
162
162
163
163
- The `rspamd` services is now sandboxed. It is run as a dynamic user instead of root, so secrets and other files may have to be moved or their permissions may have to be fixed. The sockets are now located in `/run/rspamd` instead of `/run`.
164
164
165
-
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor\'s faster port, use the following configuration:
165
+
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor's faster port, use the following configuration:
166
166
167
167
```nix
168
168
{
···
181
181
182
182
- The fish-foreign-env package has been replaced with fishPlugins.foreign-env, in which the fish functions have been relocated to the `vendor_functions.d` directory to be loaded automatically.
183
183
184
-
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter\'s `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
184
+
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter's `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
185
185
186
186
```
187
187
http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint
···
230
230
231
231
Additionally, packages flashplayer and hal-flash were removed along with the `services.flashpolicyd` module.
232
232
233
-
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel\'s RNG.
233
+
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel's RNG.
234
234
235
235
The default SMTP port for GitLab has been changed to `25` from its previous default of `465`. If you depended on this default, you should now set the [services.gitlab.smtp.port](options.html#opt-services.gitlab.smtp.port) option.
236
236
···
272
272
273
273
- `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`.
274
274
275
-
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn\'t enforce nor checks the correct number of paths to correspond to minio requirements.
275
+
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
276
276
277
277
- All CUDA toolkit versions prior to CUDA 10 have been removed.
278
278
279
-
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it\'s still `dvp`.
279
+
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it's still `dvp`.
280
280
281
281
- The babeld service is now being run as an unprivileged user. To achieve that the module configures `skip-kernel-setup true` and takes care of setting forwarding and rp_filter sysctls by itself as well as for each interface in `services.babeld.interfaces`.
282
282
···
286
286
287
287
- Instead of determining `services.radicale.package` automatically based on `system.stateVersion`, the latest version is always used because old versions are not officially supported.
288
288
289
-
Furthermore, Radicale\'s systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
289
+
Furthermore, Radicale's systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
290
290
291
291
- In the `security.acme` module, use of `--reuse-key` parameter for Lego has been removed. It was introduced for HKPK, but this security feature is now deprecated. It is a better security practice to rotate key pairs instead of always keeping the same. If you need to keep this parameter, you can add it back using `extraLegoRenewFlags` as an option for the appropriate certificate.
292
292
···
294
294
295
295
- `stdenv.lib` has been deprecated and will break eval in 21.11. Please use `pkgs.lib` instead. See [\#108938](https://github.com/NixOS/nixpkgs/issues/108938) for details.
296
296
297
-
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there\'s a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
297
+
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there's a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
298
298
299
299
- [Privoxy](https://www.privoxy.org/) has been updated to version 3.0.32 (See [announcement](https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html)). Compared to the previous release, Privoxy has gained support for HTTPS inspection (still experimental), Brotli decompression, several new filters and lots of bug fixes, including security ones. In addition, the package is now built with compression and external filters support, which were previously disabled.
300
300
301
301
Regarding the NixOS module, new options for HTTPS inspection have been added and `services.privoxy.extraConfig` has been replaced by the new [services.privoxy.settings](options.html#opt-services.privoxy.settings) (See [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) for the motivation).
302
302
303
-
- [Kodi](https://kodi.tv/) has been updated to version 19.1 \"Matrix\". See the [announcement](https://kodi.tv/article/kodi-19-0-matrix-release) for further details.
303
+
- [Kodi](https://kodi.tv/) has been updated to version 19.1 "Matrix". See the [announcement](https://kodi.tv/article/kodi-19-0-matrix-release) for further details.
304
304
305
305
- The `services.packagekit.backend` option has been removed as it only supported a single setting which would always be the default. Instead new [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) compliant [services.packagekit.settings](options.html#opt-services.packagekit.settings) and [services.packagekit.vendorSettings](options.html#opt-services.packagekit.vendorSettings) options have been introduced.
306
306
···
316
316
317
317
If this option is disabled, default MTA config becomes not set and you should set the options in `services.mailman.settings.mta` according to the desired configuration as described in [Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html).
318
318
319
-
- The default-version of `nextcloud` is nextcloud21. Please note that it\'s _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it\'s e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
319
+
- The default-version of `nextcloud` is nextcloud21. Please note that it's _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it's e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
320
320
321
321
The package can be manually upgraded by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud21.
322
322
323
323
- The setting [services.redis.bind](options.html#opt-services.redis.bind) defaults to `127.0.0.1` now, making Redis listen on the loopback interface only, and not all public network interfaces.
324
324
325
-
- NixOS now emits a deprecation warning if systemd\'s `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
325
+
- NixOS now emits a deprecation warning if systemd's `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
326
326
327
327
All services should use [systemd.services._name_.startLimitIntervalSec](options.html#opt-systemd.services._name_.startLimitIntervalSec) or `StartLimitIntervalSec` in [systemd.services._name_.unitConfig](options.html#opt-systemd.services._name_.unitConfig) instead.
328
328
···
357
357
358
358
`services.unbound.forwardAddresses` and `services.unbound.allowedAccess` have also been changed to use the new settings interface. You can follow the instructions when executing `nixos-rebuild` to upgrade your configuration to use the new interface.
359
359
360
-
- The `services.dnscrypt-proxy2` module now takes the upstream\'s example configuration and updates it with the user\'s settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
360
+
- The `services.dnscrypt-proxy2` module now takes the upstream's example configuration and updates it with the user's settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
361
361
362
362
- NixOS now defaults to the unified cgroup hierarchy (cgroupsv2). See the [Fedora Article for 31](https://www.redhat.com/sysadmin/fedora-31-control-group-v2) for details on why this is desirable, and how it impacts containers.
363
363
···
367
367
368
368
- GNOME users may wish to delete their `~/.config/pulse` due to the changes to stream routing logic. See [PulseAudio bug 832](https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832) for more information.
369
369
370
-
- The zookeeper package does not provide `zooInspector.sh` anymore, as that \"contrib\" has been dropped from upstream releases.
370
+
- The zookeeper package does not provide `zooInspector.sh` anymore, as that "contrib" has been dropped from upstream releases.
371
371
372
372
- In the ACME module, the data used to build the hash for the account directory has changed to accommodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
373
373
374
-
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly.
374
+
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option's description was incorrect regarding ownership management and has been simplified greatly.
375
375
376
376
- When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those.
377
377
+1
-1
nixos/doc/manual/release-notes/rl-2111.section.md
+1
-1
nixos/doc/manual/release-notes/rl-2111.section.md
···
235
235
236
236
- The `erigon` ethereum node has moved to a new database format in `2021-05-04`, and requires a full resync
237
237
238
-
- The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
238
+
- The `erigon` ethereum node has moved its database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
239
239
240
240
- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of
241
241
```nix