diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2019-09-18 22:13:35 +0200 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2019-09-18 22:13:35 +0200 |
commit | ea6e8775bd69e4676c623a85c39f1da540d29ad1 (patch) | |
tree | 87c478306e7bc911b267e356c608faacb38ff573 /nixos/doc/manual/release-notes/rl-1809.xml | |
parent | 83c2ad80ca8c6087b034155e2a767c4f72a6df3f (diff) |
nixos/doc: re-format
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-1809.xml')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1809.xml | 311 |
1 files changed, 69 insertions, 242 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 3f10b26223dd..df53c6f9dd92 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -13,8 +13,7 @@ <title>Highlights</title> <para> - In addition to numerous new and upgraded packages, this release has the - following notable updates: + In addition to numerous new and upgraded packages, this release has the following notable updates: </para> <itemizedlist> @@ -25,28 +24,22 @@ </listitem> <listitem> <para> - Platform support: x86_64-linux and x86_64-darwin as always. Support for - aarch64-linux is as with the previous releases, not equivalent to the - x86-64-linux release, but with efforts to reach parity. + Platform support: x86_64-linux and x86_64-darwin as always. Support for aarch64-linux is as with the previous releases, not equivalent to the x86-64-linux release, but with efforts to reach parity. </para> </listitem> <listitem> <para> - Nix has been updated to 2.1; see its - <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release - notes</link>. + Nix has been updated to 2.1; see its <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release notes</link>. </para> </listitem> <listitem> <para> - Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 2.27, gcc: 7 - (unchanged), systemd: 237 → 239. + Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 2.27, gcc: 7 (unchanged), systemd: 237 → 239. </para> </listitem> <listitem> <para> - Desktop version changes: gnome: 3.26 → 3.28, (KDE) plasma-desktop: 5.12 - → 5.13. + Desktop version changes: gnome: 3.26 → 3.28, (KDE) plasma-desktop: 5.12 → 5.13. </para> </listitem> </itemizedlist> @@ -58,8 +51,7 @@ <itemizedlist> <listitem> <para> - Support for wrapping binaries using <literal>firejail</literal> has been - added through <varname>programs.firejail.wrappedBinaries</varname>. + Support for wrapping binaries using <literal>firejail</literal> has been added through <varname>programs.firejail.wrappedBinaries</varname>. </para> <para> For example @@ -74,17 +66,12 @@ programs.firejail = { }; </programlisting> <para> - This will place <literal>firefox</literal> and <literal>mpv</literal> - binaries in the global path wrapped by firejail. + This will place <literal>firefox</literal> and <literal>mpv</literal> binaries in the global path wrapped by firejail. </para> </listitem> <listitem> <para> - User channels are now in the default <literal>NIX_PATH</literal>, allowing - users to use their personal <command>nix-channel</command> defined - channels in <command>nix-build</command> and <command>nix-shell</command> - commands, as well as in imports like <code>import - <mychannel></code>. + User channels are now in the default <literal>NIX_PATH</literal>, allowing users to use their personal <command>nix-channel</command> defined channels in <command>nix-build</command> and <command>nix-shell</command> commands, as well as in imports like <code>import <mychannel></code>. </para> <para> For example @@ -114,52 +101,31 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' <itemizedlist> <listitem> <para> - The <varname>services.cassandra</varname> module has been reworked and was - rewritten from scratch. The service has succeeding tests for the versions - 2.1, 2.2, 3.0 and 3.11 of - <link - xlink:href="https://cassandra.apache.org/">Apache - Cassandra</link>. + The <varname>services.cassandra</varname> module has been reworked and was rewritten from scratch. The service has succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of <link + xlink:href="https://cassandra.apache.org/">Apache Cassandra</link>. </para> </listitem> <listitem> <para> - There is a new <varname>services.foundationdb</varname> module for - deploying - <link xlink:href="https://www.foundationdb.org">FoundationDB</link> - clusters. + There is a new <varname>services.foundationdb</varname> module for deploying <link xlink:href="https://www.foundationdb.org">FoundationDB</link> clusters. </para> </listitem> <listitem> <para> - When enabled the <literal>iproute2</literal> will copy the files expected - by ip route (e.g., <filename>rt_tables</filename>) in - <filename>/etc/iproute2</filename>. This allows to write aliases for - routing tables for instance. + When enabled the <literal>iproute2</literal> will copy the files expected by ip route (e.g., <filename>rt_tables</filename>) in <filename>/etc/iproute2</filename>. This allows to write aliases for routing tables for instance. </para> </listitem> <listitem> <para> - <varname>services.strongswan-swanctl</varname> is a modern replacement for - <varname>services.strongswan</varname>. You can use either one of them to - setup IPsec VPNs but not both at the same time. + <varname>services.strongswan-swanctl</varname> is a modern replacement for <varname>services.strongswan</varname>. You can use either one of them to setup IPsec VPNs but not both at the same time. </para> <para> - <varname>services.strongswan-swanctl</varname> uses the - <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link> - command which uses the modern - <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link> - <emphasis>Versatile IKE Configuration Interface</emphasis>. The deprecated - <literal>ipsec</literal> command used in - <varname>services.strongswan</varname> is using the legacy - <link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke - configuration interface</link>. + <varname>services.strongswan-swanctl</varname> uses the <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link> command which uses the modern <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link> <emphasis>Versatile IKE Configuration Interface</emphasis>. The deprecated <literal>ipsec</literal> command used in <varname>services.strongswan</varname> is using the legacy <link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke configuration interface</link>. </para> </listitem> <listitem> <para> - The new <varname>services.elasticsearch-curator</varname> service - periodically curates or manages, your Elasticsearch indices and snapshots. + The new <varname>services.elasticsearch-curator</varname> service periodically curates or manages, your Elasticsearch indices and snapshots. </para> </listitem> </itemizedlist> @@ -470,38 +436,32 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' <title>Backward Incompatibilities</title> <para> - When upgrading from a previous release, please be aware of the following - incompatible changes: + When upgrading from a previous release, please be aware of the following incompatible changes: </para> <itemizedlist> <listitem> <para> - Some licenses that were incorrectly not marked as unfree now are. This is - the case for: + Some licenses that were incorrectly not marked as unfree now are. This is the case for: <itemizedlist> <listitem> <para> - cc-by-nc-sa-20: Creative Commons Attribution Non Commercial Share Alike - 2.0 + cc-by-nc-sa-20: Creative Commons Attribution Non Commercial Share Alike 2.0 </para> </listitem> <listitem> <para> - cc-by-nc-sa-25: Creative Commons Attribution Non Commercial Share Alike - 2.5 + cc-by-nc-sa-25: Creative Commons Attribution Non Commercial Share Alike 2.5 </para> </listitem> <listitem> <para> - cc-by-nc-sa-30: Creative Commons Attribution Non Commercial Share Alike - 3.0 + cc-by-nc-sa-30: Creative Commons Attribution Non Commercial Share Alike 3.0 </para> </listitem> <listitem> <para> - cc-by-nc-sa-40: Creative Commons Attribution Non Commercial Share Alike - 4.0 + cc-by-nc-sa-40: Creative Commons Attribution Non Commercial Share Alike 4.0 </para> </listitem> <listitem> @@ -519,128 +479,71 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' </listitem> <listitem> <para> - The deprecated <varname>services.cassandra</varname> module has seen a - complete rewrite. (See above.) + The deprecated <varname>services.cassandra</varname> module has seen a complete rewrite. (See above.) </para> </listitem> <listitem> <para> - <literal>lib.strict</literal> is removed. Use - <literal>builtins.seq</literal> instead. + <literal>lib.strict</literal> is removed. Use <literal>builtins.seq</literal> instead. </para> </listitem> <listitem> <para> - The <literal>clementine</literal> package points now to the free - derivation. <literal>clementineFree</literal> is removed now and - <literal>clementineUnfree</literal> points to the package which is bundled - with the unfree <literal>libspotify</literal> package. + The <literal>clementine</literal> package points now to the free derivation. <literal>clementineFree</literal> is removed now and <literal>clementineUnfree</literal> points to the package which is bundled with the unfree <literal>libspotify</literal> package. </para> </listitem> <listitem> <para> - The <literal>netcat</literal> package is now taken directly from OpenBSD's - <literal>libressl</literal>, instead of relying on Debian's fork. The new - version should be very close to the old version, but there are some minor - differences. Importantly, flags like -b, -q, -C, and -Z are no longer - accepted by the nc command. + The <literal>netcat</literal> package is now taken directly from OpenBSD's <literal>libressl</literal>, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command. </para> </listitem> <listitem> <para> - The <varname>services.docker-registry.extraConfig</varname> object doesn't - contain environment variables anymore. Instead it needs to provide an - object structure that can be mapped onto the YAML configuration defined in - <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the - <varname>docker/distribution</varname> docs</link>. + The <varname>services.docker-registry.extraConfig</varname> object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the <varname>docker/distribution</varname> docs</link>. </para> </listitem> <listitem> <para> - <literal>gnucash</literal> has changed from version 2.4 to 3.x. If you've - been using <literal>gnucash</literal> (version 2.4) instead of - <literal>gnucash26</literal> (version 2.6) you must open your Gnucash data - file(s) with <literal>gnucash26</literal> and then save them to upgrade - the file format. Then you may use your data file(s) with Gnucash 3.x. See - the upgrade - <link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>. - Gnucash 2.4 is still available under the attribute - <literal>gnucash24</literal>. + <literal>gnucash</literal> has changed from version 2.4 to 3.x. If you've been using <literal>gnucash</literal> (version 2.4) instead of <literal>gnucash26</literal> (version 2.6) you must open your Gnucash data file(s) with <literal>gnucash26</literal> and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade <link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>. Gnucash 2.4 is still available under the attribute <literal>gnucash24</literal>. </para> </listitem> <listitem> <para> - <varname>services.munge</varname> now runs as user (and group) - <literal>munge</literal> instead of root. Make sure the key file is - accessible to the daemon. + <varname>services.munge</varname> now runs as user (and group) <literal>munge</literal> instead of root. Make sure the key file is accessible to the daemon. </para> </listitem> <listitem> <para> - <varname>dockerTools.buildImage</varname> now uses <literal>null</literal> - as default value for <varname>tag</varname>, which indicates that the nix - output hash will be used as tag. + <varname>dockerTools.buildImage</varname> now uses <literal>null</literal> as default value for <varname>tag</varname>, which indicates that the nix output hash will be used as tag. </para> </listitem> <listitem> <para> - The ELK stack: <varname>elasticsearch</varname>, - <varname>logstash</varname> and <varname>kibana</varname> has been - upgraded from 2.* to 6.3.*. The 2.* versions have been - <link xlink:href="https://www.elastic.co/support/eol">unsupported since - last year</link> so they have been removed. You can still use the 5.* - versions under the names <varname>elasticsearch5</varname>, - <varname>logstash5</varname> and <varname>kibana5</varname>. + The ELK stack: <varname>elasticsearch</varname>, <varname>logstash</varname> and <varname>kibana</varname> has been upgraded from 2.* to 6.3.*. The 2.* versions have been <link xlink:href="https://www.elastic.co/support/eol">unsupported since last year</link> so they have been removed. You can still use the 5.* versions under the names <varname>elasticsearch5</varname>, <varname>logstash5</varname> and <varname>kibana5</varname>. </para> <para> - The elastic beats: <varname>filebeat</varname>, - <varname>heartbeat</varname>, <varname>metricbeat</varname> and - <varname>packetbeat</varname> have had the same treatment: they now target - 6.3.* as well. The 5.* versions are available under the names: - <varname>filebeat5</varname>, <varname>heartbeat5</varname>, - <varname>metricbeat5</varname> and <varname>packetbeat5</varname> + The elastic beats: <varname>filebeat</varname>, <varname>heartbeat</varname>, <varname>metricbeat</varname> and <varname>packetbeat</varname> have had the same treatment: they now target 6.3.* as well. The 5.* versions are available under the names: <varname>filebeat5</varname>, <varname>heartbeat5</varname>, <varname>metricbeat5</varname> and <varname>packetbeat5</varname> </para> <para> - The ELK-6.3 stack now comes with - <link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by - default</link>. Since X-Pack is licensed under the - <link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic - License</link> the ELK packages now have an unfree license. To use them - you need to specify <literal>allowUnfree = true;</literal> in your nixpkgs - configuration. + The ELK-6.3 stack now comes with <link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by default</link>. Since X-Pack is licensed under the <link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic License</link> the ELK packages now have an unfree license. To use them you need to specify <literal>allowUnfree = true;</literal> in your nixpkgs configuration. </para> <para> - Fortunately there is also a free variant of the ELK stack without X-Pack. - The packages are available under the names: - <varname>elasticsearch-oss</varname>, <varname>logstash-oss</varname> and - <varname>kibana-oss</varname>. + Fortunately there is also a free variant of the ELK stack without X-Pack. The packages are available under the names: <varname>elasticsearch-oss</varname>, <varname>logstash-oss</varname> and <varname>kibana-oss</varname>. </para> </listitem> <listitem> <para> - Options - <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal> - <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal> - were removed. <literal>luksroot.nix</literal> module never supported more - than one YubiKey at a time anyway, hence those options never had any - effect. You should be able to remove them from your config without any - issues. + Options <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal> <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal> were removed. <literal>luksroot.nix</literal> module never supported more than one YubiKey at a time anyway, hence those options never had any effect. You should be able to remove them from your config without any issues. </para> </listitem> <listitem> <para> - <literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs - now refer to the host platform instead of the build platform. For native - builds this is not change, let alone a breaking one. For cross builds, it - is a breaking change, and <literal>stdenv.buildPlatform.system</literal> - can be used instead for the old behavior. They should be using that - anyways for clarity. + <literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs now refer to the host platform instead of the build platform. For native builds this is not change, let alone a breaking one. For cross builds, it is a breaking change, and <literal>stdenv.buildPlatform.system</literal> can be used instead for the old behavior. They should be using that anyways for clarity. </para> </listitem> <listitem> <para> - Groups <literal>kvm</literal> and <literal>render</literal> are introduced - now, as systemd requires them. + Groups <literal>kvm</literal> and <literal>render</literal> are introduced now, as systemd requires them. </para> </listitem> </itemizedlist> @@ -656,92 +559,69 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' <itemizedlist> <listitem> <para> - <literal>dockerTools.pullImage</literal> relies on image digest instead of - image tag to download the image. The <literal>sha256</literal> of a pulled - image has to be updated. + <literal>dockerTools.pullImage</literal> relies on image digest instead of image tag to download the image. The <literal>sha256</literal> of a pulled image has to be updated. </para> </listitem> <listitem> <para> - <literal>lib.attrNamesToStr</literal> has been deprecated. Use more - specific concatenation (<literal>lib.concat(Map)StringsSep</literal>) - instead. + <literal>lib.attrNamesToStr</literal> has been deprecated. Use more specific concatenation (<literal>lib.concat(Map)StringsSep</literal>) instead. </para> </listitem> <listitem> <para> - <literal>lib.addErrorContextToAttrs</literal> has been deprecated. Use - <literal>builtins.addErrorContext</literal> directly. + <literal>lib.addErrorContextToAttrs</literal> has been deprecated. Use <literal>builtins.addErrorContext</literal> directly. </para> </listitem> <listitem> <para> - <literal>lib.showVal</literal> has been deprecated. Use - <literal>lib.traceSeqN</literal> instead. + <literal>lib.showVal</literal> has been deprecated. Use <literal>lib.traceSeqN</literal> instead. </para> </listitem> <listitem> <para> - <literal>lib.traceXMLVal</literal> has been deprecated. Use - <literal>lib.traceValFn builtins.toXml</literal> instead. + <literal>lib.traceXMLVal</literal> has been deprecated. Use <literal>lib.traceValFn builtins.toXml</literal> instead. </para> </listitem> <listitem> <para> - <literal>lib.traceXMLValMarked</literal> has been deprecated. Use - <literal>lib.traceValFn (x: str + builtins.toXML x)</literal> instead. + <literal>lib.traceXMLValMarked</literal> has been deprecated. Use <literal>lib.traceValFn (x: str + builtins.toXML x)</literal> instead. </para> </listitem> <listitem> <para> - The <literal>pkgs</literal> argument to NixOS modules can now be set - directly using <literal>nixpkgs.pkgs</literal>. Previously, only the - <literal>system</literal>, <literal>config</literal> and - <literal>overlays</literal> arguments could be used to influence - <literal>pkgs</literal>. + The <literal>pkgs</literal> argument to NixOS modules can now be set directly using <literal>nixpkgs.pkgs</literal>. Previously, only the <literal>system</literal>, <literal>config</literal> and <literal>overlays</literal> arguments could be used to influence <literal>pkgs</literal>. </para> </listitem> <listitem> <para> - A NixOS system can now be constructed more easily based on a preexisting - invocation of Nixpkgs. For example: + A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs. For example: <programlisting> inherit (pkgs.nixos { boot.loader.grub.enable = false; fileSystems."/".device = "/dev/xvda1"; }) toplevel kernel initialRamdisk manual; </programlisting> - This benefits evaluation performance, lets you write Nixpkgs packages that - depend on NixOS images and is consistent with a deployment architecture - that would be centered around Nixpkgs overlays. + This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays. </para> </listitem> <listitem> <para> - <literal>lib.traceValIfNot</literal> has been deprecated. Use - <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> - instead. + <literal>lib.traceValIfNot</literal> has been deprecated. Use <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> instead. </para> </listitem> <listitem> <para> - <literal>lib.traceCallXml</literal> has been deprecated. Please complain - if you use the function regularly. + <literal>lib.traceCallXml</literal> has been deprecated. Please complain if you use the function regularly. </para> </listitem> <listitem> <para> - The attribute <literal>lib.nixpkgsVersion</literal> has been deprecated in - favor of <literal>lib.version</literal>. Please refer to the discussion in - <link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link> - for further reference. + The attribute <literal>lib.nixpkgsVersion</literal> has been deprecated in favor of <literal>lib.version</literal>. Please refer to the discussion in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link> for further reference. </para> </listitem> <listitem> <para> - <literal>lib.recursiveUpdateUntil</literal> was not acting according to - its specification. It has been fixed to act according to the docstring, - and a test has been added. + <literal>lib.recursiveUpdateUntil</literal> was not acting according to its specification. It has been fixed to act according to the docstring, and a test has been added. </para> </listitem> <listitem> @@ -755,9 +635,7 @@ inherit (pkgs.nixos { </term> <listitem> <para> - Puts the generated Diffie-Hellman parameters into the Nix store instead - of managing them in a stateful manner in - <filename class="directory">/var/lib/dhparams</filename>. + Puts the generated Diffie-Hellman parameters into the Nix store instead of managing them in a stateful manner in <filename class="directory">/var/lib/dhparams</filename>. </para> </listitem> </varlistentry> @@ -767,27 +645,20 @@ inherit (pkgs.nixos { </term> <listitem> <para> - The default bit size to use for the generated Diffie-Hellman - parameters. + The default bit size to use for the generated Diffie-Hellman parameters. </para> </listitem> </varlistentry> </variablelist> <note> <para> - The path to the actual generated parameter files should now be queried - using - <literal>config.security.dhparams.params.<replaceable>name</replaceable>.path</literal> - because it might be either in the Nix store or in a directory configured - by <option>security.dhparams.path</option>. + The path to the actual generated parameter files should now be queried using <literal>config.security.dhparams.params.<replaceable>name</replaceable>.path</literal> because it might be either in the Nix store or in a directory configured by <option>security.dhparams.path</option>. </para> </note> <note> <title>For developers:</title> <para> - Module implementers should not set a specific bit size in order to let - users configure it by themselves if they want to have a different bit - size than the default (2048). + Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). </para> <para> An example usage of this would be: @@ -806,126 +677,82 @@ inherit (pkgs.nixos { </listitem> <listitem> <para> - <literal>networking.networkmanager.useDnsmasq</literal> has been - deprecated. Use <literal>networking.networkmanager.dns</literal> instead. + <literal>networking.networkmanager.useDnsmasq</literal> has been deprecated. Use <literal>networking.networkmanager.dns</literal> instead. </para> </listitem> <listitem> <para> - The Kubernetes package has been bumped to major version 1.11. Please - consult the - <link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release - notes</link> for details on new features and api changes. + The Kubernetes package has been bumped to major version 1.11. Please consult the <link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release notes</link> for details on new features and api changes. </para> </listitem> <listitem> <para> - The option - <varname>services.kubernetes.apiserver.admissionControl</varname> was - renamed to - <varname>services.kubernetes.apiserver.enableAdmissionPlugins</varname>. + The option <varname>services.kubernetes.apiserver.admissionControl</varname> was renamed to <varname>services.kubernetes.apiserver.enableAdmissionPlugins</varname>. </para> </listitem> <listitem> <para> - Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) - Therefore; public service port for the dashboard has changed to 443 - (container port 8443) and scheme to https. + Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) Therefore; public service port for the dashboard has changed to 443 (container port 8443) and scheme to https. </para> </listitem> <listitem> <para> - The option <varname>services.kubernetes.apiserver.address</varname> was - renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>. - Note that the default value has changed from 127.0.0.1 to 0.0.0.0. + The option <varname>services.kubernetes.apiserver.address</varname> was renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>. Note that the default value has changed from 127.0.0.1 to 0.0.0.0. </para> </listitem> <listitem> <para> - The option <varname>services.kubernetes.apiserver.publicAddress</varname> - was not used and thus has been removed. + The option <varname>services.kubernetes.apiserver.publicAddress</varname> was not used and thus has been removed. </para> </listitem> <listitem> <para> - The option - <varname>services.kubernetes.addons.dashboard.enableRBAC</varname> was - renamed to - <varname>services.kubernetes.addons.dashboard.rbac.enable</varname>. + The option <varname>services.kubernetes.addons.dashboard.enableRBAC</varname> was renamed to <varname>services.kubernetes.addons.dashboard.rbac.enable</varname>. </para> </listitem> <listitem> <para> - The Kubernetes Dashboard now has only minimal RBAC permissions by default. - If dashboard cluster-admin rights are desired, set - <varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname> - to true. On existing clusters, in order for the revocation of privileges - to take effect, the current ClusterRoleBinding for kubernetes-dashboard - must be manually removed: <literal>kubectl delete clusterrolebinding - kubernetes-dashboard</literal> + The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set <varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname> to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: <literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal> </para> </listitem> <listitem> <para> - The <varname>programs.screen</varname> module provides allows to configure - <literal>/etc/screenrc</literal>, however the module behaved fairly - counterintuitive as the config exists, but the package wasn't available. - Since 18.09 <literal>pkgs.screen</literal> will be added to - <literal>environment.systemPackages</literal>. + The <varname>programs.screen</varname> module provides allows to configure <literal>/etc/screenrc</literal>, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 <literal>pkgs.screen</literal> will be added to <literal>environment.systemPackages</literal>. </para> </listitem> <listitem> <para> - The module <option>services.networking.hostapd</option> now uses WPA2 by - default. + The module <option>services.networking.hostapd</option> now uses WPA2 by default. </para> </listitem> <listitem> <para> - <varname>s6Dns</varname>, <varname>s6Networking</varname>, - <varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname> - renamed to <varname>s6-dns</varname>, <varname>s6-networking</varname>, - <varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname> - respectively. + <varname>s6Dns</varname>, <varname>s6Networking</varname>, <varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname> renamed to <varname>s6-dns</varname>, <varname>s6-networking</varname>, <varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname> respectively. </para> </listitem> <listitem> <para> - The module option <option>nix.useSandbox</option> is now defaulted to - <literal>true</literal>. + The module option <option>nix.useSandbox</option> is now defaulted to <literal>true</literal>. </para> </listitem> <listitem> <para> - The config activation script of <literal>nixos-rebuild</literal> now - <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link> - all user units for each authenticated user. + The config activation script of <literal>nixos-rebuild</literal> now <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link> all user units for each authenticated user. </para> </listitem> <listitem> <para> - The default display manager is now LightDM. To use SLiM set - <literal>services.xserver.displayManager.slim.enable</literal> to - <literal>true</literal>. + The default display manager is now LightDM. To use SLiM set <literal>services.xserver.displayManager.slim.enable</literal> to <literal>true</literal>. </para> </listitem> <listitem> <para> - NixOS option descriptions are now automatically broken up into individual - paragraphs if the text contains two consecutive newlines, so it's no - longer necessary to use <code></para><para></code> to start a - new paragraph. + NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use <code></para><para></code> to start a new paragraph. </para> </listitem> <listitem> <para> - Top-level <literal>buildPlatform</literal>, - <literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in - Nixpkgs are deprecated. Please use their equivalents in - <literal>stdenv</literal> instead: - <literal>stdenv.buildPlatform</literal>, - <literal>stdenv.hostPlatform</literal>, and - <literal>stdenv.targetPlatform</literal>. + Top-level <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in Nixpkgs are deprecated. Please use their equivalents in <literal>stdenv</literal> instead: <literal>stdenv.buildPlatform</literal>, <literal>stdenv.hostPlatform</literal>, and <literal>stdenv.targetPlatform</literal>. </para> </listitem> </itemizedlist> |