diff options
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/administration/service-mgmt.xml | 98 | ||||
| -rw-r--r-- | nixos/doc/manual/configuration/configuration.xml | 1 | ||||
| -rw-r--r-- | nixos/doc/manual/configuration/gpu-accel.xml | 76 | ||||
| -rw-r--r-- | nixos/doc/manual/configuration/wayland.xml | 23 | ||||
| -rw-r--r-- | nixos/doc/manual/contributing-to-this-manual.xml | 2 | ||||
| -rw-r--r-- | nixos/doc/manual/default.nix | 1 | ||||
| -rw-r--r-- | nixos/doc/manual/installation/installing-from-other-distro.xml | 7 | ||||
| -rw-r--r-- | nixos/doc/manual/man-nixos-install.xml | 23 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 355 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2103.xml | 140 | ||||
| -rwxr-xr-x | nixos/doc/varlistentry-fixer.rb | 74 |
11 files changed, 602 insertions, 198 deletions
diff --git a/nixos/doc/manual/administration/service-mgmt.xml b/nixos/doc/manual/administration/service-mgmt.xml index 1c5d48a5bcf0..863b0d47f6c7 100644 --- a/nixos/doc/manual/administration/service-mgmt.xml +++ b/nixos/doc/manual/administration/service-mgmt.xml @@ -6,7 +6,7 @@ <title>Service Management</title> <para> In NixOS, all system services are started and monitored using the systemd - program. Systemd is the “init” process of the system (i.e. PID 1), the + program. systemd is the “init” process of the system (i.e. PID 1), the parent of all other processes. It manages a set of so-called “units”, which can be things like system services (programs), but also mount points, swap files, devices, targets (groups of units) and more. Units can have @@ -16,10 +16,17 @@ dependencies of this unit cause all system services to be started, file systems to be mounted, swap files to be activated, and so on. </para> - <para> - The command <command>systemctl</command> is the main way to interact with - <command>systemd</command>. Without any arguments, it shows the status of - active units: + <section xml:id="sect-nixos-systemd-general"> + <title>Interacting with a running systemd</title> + <para> + The command <command>systemctl</command> is the main way to interact with + <command>systemd</command>. The following paragraphs demonstrate ways to + interact with any OS running systemd as init system. NixOS is of no + exception. The <link xlink:href="#sect-nixos-systemd-nixos">next section + </link> explains NixOS specific things worth knowing. + </para> + <para> + Without any arguments, <literal>systmctl</literal> the status of active units: <screen> <prompt>$ </prompt>systemctl -.mount loaded active mounted / @@ -28,10 +35,10 @@ sshd.service loaded active running SSH Daemon graphical.target loaded active active Graphical Interface <replaceable>...</replaceable> </screen> - </para> - <para> - You can ask for detailed status information about a unit, for instance, the - PostgreSQL database service: + </para> + <para> + You can ask for detailed status information about a unit, for instance, the + PostgreSQL database service: <screen> <prompt>$ </prompt>systemctl status postgresql.service postgresql.service - PostgreSQL Server @@ -62,11 +69,72 @@ Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server. <prompt># </prompt>systemctl start postgresql.service <prompt># </prompt>systemctl restart postgresql.service </screen> - These operations are synchronous: they wait until the service has finished - starting or stopping (or has failed). Starting a unit will cause the - dependencies of that unit to be started as well (if necessary). - </para> -<!-- - cgroups: each service and user session is a cgroup + These operations are synchronous: they wait until the service has finished + starting or stopping (or has failed). Starting a unit will cause the + dependencies of that unit to be started as well (if necessary). + </para> + <!-- TODO: document cgroups, draft: + each service and user session is a cgroup -- cgroup resource management --> + - cgroup resource management --> + </section> + <section xml:id="sect-nixos-systemd-nixos"> + <title>systemd in NixOS</title> + <para> + Packages in Nixpkgs sometimes provide systemd units with them, usually in + e.g <literal>#pkg-out#/lib/systemd/</literal>. Putting such a package in + <literal>environment.systemPackages</literal> doesn't make the service + available to users or the system. + </para> + <para> + In order to enable a systemd <emphasis>system</emphasis> service with + provided upstream package, use (e.g): +<programlisting> +<xref linkend="opt-systemd.packages"/> = [ pkgs.packagekit ]; +</programlisting> + </para> + <para> + Usually NixOS modules written by the community do the above, plus take care of + other details. If a module was written for a service you are interested in, + you'd probably need only to use + <literal>services.#name#.enable = true;</literal>. These services are defined + in Nixpkgs' + <link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules"> + <literal>nixos/modules/</literal> directory </link>. In case the service is + simple enough, the above method should work, and start the service on boot. + </para> + <para> + <emphasis>User</emphasis> systemd services on the other hand, should be + treated differently. Given a package that has a systemd unit file at + <literal>#pkg-out#/lib/systemd/user/</literal>, using + <xref linkend="opt-systemd.packages"/> will make you able to start the service via + <literal>systemctl --user start</literal>, but it won't start automatically on login. + <!-- TODO: Document why systemd.packages doesn't work for user services or fix this. + https://github.com/NixOS/nixpkgs/blob/2cd6594a8710a801038af2b72348658f732ce84a/nixos/modules/system/boot/systemd-lib.nix#L177-L198 + + This has been talked over at https://discourse.nixos.org/t/how-to-enable-upstream-systemd-user-services-declaratively/7649/5 + --> + However, You can imperatively enable it by adding the package's attribute to + <link linkend="opt-environment.systemPackages"> + <literal>systemd.packages</literal></link> and then do this (e.g): +<screen> +<prompt>$ </prompt>mkdir -p ~/.config/systemd/user/default.target.wants +<prompt>$ </prompt>ln -s /run/current-system/sw/lib/systemd/user/syncthing.service ~/.config/systemd/user/default.target.wants/ +<prompt>$ </prompt>systemctl --user daemon-reload +<prompt>$ </prompt>systemctl --user enable syncthing.service +</screen> + If you are interested in a timer file, use <literal>timers.target.wants</literal> + instead of <literal>default.target.wants</literal> in the 1st and 2nd command. + </para> + <para> + Using <literal>systemctl --user enable syncthing.service</literal> instead of + the above, will work, but it'll use the absolute path of + <literal>syncthing.service</literal> for the symlink, and this path is in + <literal>/nix/store/.../lib/systemd/user/</literal>. Hence + <link xlink:href="#sec-nix-gc">garbage collection</link> will remove that file + and you will wind up with a broken symlink in your systemd configuration, which + in turn will not make the service / timer start on login. + </para> + </section> </chapter> + diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml index 6eb8f50bacac..44ff1f1b571a 100644 --- a/nixos/doc/manual/configuration/configuration.xml +++ b/nixos/doc/manual/configuration/configuration.xml @@ -18,6 +18,7 @@ <xi:include href="user-mgmt.xml" /> <xi:include href="file-systems.xml" /> <xi:include href="x-windows.xml" /> + <xi:include href="wayland.xml" /> <xi:include href="gpu-accel.xml" /> <xi:include href="xfce.xml" /> <xi:include href="networking.xml" /> diff --git a/nixos/doc/manual/configuration/gpu-accel.xml b/nixos/doc/manual/configuration/gpu-accel.xml index 95ee13f4796e..3695a5ff445a 100644 --- a/nixos/doc/manual/configuration/gpu-accel.xml +++ b/nixos/doc/manual/configuration/gpu-accel.xml @@ -65,16 +65,16 @@ Platform Vendor Advanced Micro Devices, Inc.</screen> <title>AMD</title> <para> - Modern AMD <link - xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics - Core Next</link> (GCN) GPUs are supported through the - <package>rocm-opencl-icd</package> package. Adding this package to - <xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL - support: - - <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ - rocm-opencl-icd -];</programlisting> + Modern AMD <link + xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics + Core Next</link> (GCN) GPUs are supported through the + <package>rocm-opencl-icd</package> package. Adding this package to + <xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL + support: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + rocm-opencl-icd + ];</programlisting> </para> </section> @@ -100,9 +100,9 @@ Platform Vendor Advanced Micro Devices, Inc.</screen> support. For example, for Gen8 and later GPUs, the following configuration can be used: - <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ - intel-compute-runtime -];</programlisting> + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + intel-compute-runtime + ];</programlisting> </para> </section> @@ -173,31 +173,31 @@ GPU1: <title>AMD</title> <para> - Modern AMD <link - xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics - Core Next</link> (GCN) GPUs are supported through either radv, which is - part of <package>mesa</package>, or the <package>amdvlk</package> package. - Adding the <package>amdvlk</package> package to - <xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers - available for applications and lets them choose. A specific driver can - be forced as follows: - - <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ - pkgs.<package>amdvlk</package> -]; - -# To enable Vulkan support for 32-bit applications, also add: -<xref linkend="opt-hardware.opengl.extraPackages32"/> = [ - pkgs.driversi686Linux.<package>amdvlk</package> -]; - -# For amdvlk -<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; -# For radv -<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; -</programlisting> + Modern AMD <link + xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics + Core Next</link> (GCN) GPUs are supported through either radv, which is + part of <package>mesa</package>, or the <package>amdvlk</package> package. + Adding the <package>amdvlk</package> package to + <xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers + available for applications and lets them choose. A specific driver can + be forced as follows: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + pkgs.<package>amdvlk</package> + ]; + + # To enable Vulkan support for 32-bit applications, also add: + <xref linkend="opt-hardware.opengl.extraPackages32"/> = [ + pkgs.driversi686Linux.<package>amdvlk</package> + ]; + + # For amdvlk + <xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; + # For radv + <xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; + </programlisting> </para> </section> </section> diff --git a/nixos/doc/manual/configuration/wayland.xml b/nixos/doc/manual/configuration/wayland.xml new file mode 100644 index 000000000000..231c219cf081 --- /dev/null +++ b/nixos/doc/manual/configuration/wayland.xml @@ -0,0 +1,23 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-wayland"> + <title>Wayland</title> + + <para> + While X11 (see <xref linkend="sec-x11"/>) is still the primary display + technology on NixOS, Wayland support is steadily improving. + Where X11 separates the X Server and the window manager, on Wayland those + are combined: a Wayland Compositor is like an X11 window manager, but also + embeds the Wayland 'Server' functionality. This means it is sufficient to + install a Wayland Compositor such as <package>sway</package> without + separately enabling a Wayland server: +<programlisting> +<xref linkend="opt-programs.sway.enable"/> = true; +</programlisting> + This installs the <package>sway</package> compositor along with some + essential utilities. Now you can start <package>sway</package> from the TTY + console. + </para> +</chapter> diff --git a/nixos/doc/manual/contributing-to-this-manual.xml b/nixos/doc/manual/contributing-to-this-manual.xml index 9820e75fc337..935dd66bc141 100644 --- a/nixos/doc/manual/contributing-to-this-manual.xml +++ b/nixos/doc/manual/contributing-to-this-manual.xml @@ -12,7 +12,7 @@ xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository. You can quickly check your edits with the following: </para> <screen> -<prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual +<prompt>$ </prompt>cd /path/to/nixpkgs <prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux </screen> <para> diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 6ca75f869f45..af7a2e08220c 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -63,6 +63,7 @@ let "--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'" "--param xref.with.number.and.title 1" "--param toc.section.depth 0" + "--param generate.consistent.ids 1" "--stringparam admon.style ''" "--stringparam callout.graphics.extension .svg" "--stringparam current.docid manual" diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml index f10a7d658879..43f69b923d14 100644 --- a/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -161,6 +161,13 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen> existing systems without the help of a rescue USB drive or similar. </para> </warning> + <note> + <para> + On some distributions there are separate PATHS for programs intended only for root. + In order for the installation to succeed, you might have to use <literal>PATH="$PATH:/usr/sbin:/sbin"</literal> + in the following command. + </para> + </note> <screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen> <para> Again, please refer to the <literal>nixos-install</literal> step in diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml index b205e2309687..91542d37cbd5 100644 --- a/nixos/doc/manual/man-nixos-install.xml +++ b/nixos/doc/manual/man-nixos-install.xml @@ -50,6 +50,12 @@ </arg> <arg> + <group choice='req'> + <arg choice='plain'><option>--impure</option></arg> + </group> + </arg> + + <arg> <arg choice='plain'> <option>--channel</option> </arg> @@ -102,6 +108,12 @@ <arg> <arg choice='plain'> + <option>--keep-going</option> + </arg> + </arg> + + <arg> + <arg choice='plain'> <option>--help</option> </arg> </arg> @@ -297,6 +309,17 @@ </varlistentry> <varlistentry> <term> + <option>--keep-going</option> + </term> + <listitem> + <para> + Causes Nix to continue building derivations as far as possible + in the face of failed builds. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <option>--help</option> </term> <listitem> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 89bdd12adf80..afb09d7c5d26 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -3,7 +3,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-20.09"> - <title>Release 20.09 (“Nightingale”, 2020.10/26)</title> + <title>Release 20.09 (“Nightingale”, 2020.10/27)</title> <para> Support is planned until the end of April 2021, handing over to 21.03. @@ -50,7 +50,7 @@ </listitem> <listitem> <para> - Desktop Enironments: + Desktop Environments: </para> <itemizedlist> <listitem> @@ -65,7 +65,7 @@ </listitem> <listitem> <para> - gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>. + gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link> </para> </listitem> <listitem> @@ -75,7 +75,7 @@ </listitem> <listitem> <para> - NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>. + NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link> </para> </listitem> </itemizedlist> @@ -89,28 +89,28 @@ <listitem> <para> - Agda ecosystem was heavily reworked (see more details below). + Agda ecosystem was heavily reworked (see more details below) </para> </listitem> <listitem> <para> - PHP now defaults to PHP 7.4, updated from 7.3. + PHP now defaults to PHP 7.4, updated from 7.3 </para> </listitem> <listitem> <para> - PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release. + PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release </para> </listitem> <listitem> <para> - Python 3 now defaults to Python 3.8 instead of 3.7. + Python 3 now defaults to Python 3.8 instead of 3.7 </para> </listitem> <listitem> <para> - Python 3.5 has reached its upstream EOL at the end of September 2020: it - has been removed from the list of available packages. + Python 3.5 reached its upstream EOL at the end of September 2020: it + has been removed from the list of available packages </para> </listitem> </itemizedlist> @@ -156,7 +156,7 @@ </listitem> <listitem> <para> - There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. + There is a new module for Podman (<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. </para> </listitem> <listitem> @@ -191,7 +191,7 @@ </listitem> <listitem> <para> - Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project. + Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the <link xlink:href="https://sourceforge.net/projects/g15daemon/">g15daemon project</link>. </para> </listitem> <listitem> @@ -200,7 +200,7 @@ allows to restrict non-default entries in the boot menu to one or more users. The users and passwords are defined via the option <option>boot.loader.grub.users</option>. - Note: Password support is only avaiable in GRUB version 2. + Note: Password support is only available in GRUB version 2. </para> </listitem> </itemizedlist> @@ -234,7 +234,17 @@ </listitem> </itemizedlist> </listitem> - + <listitem> + <para> + Starting with this release, the hydra-build-result + <literal>nixos-<replaceable>YY.MM</replaceable></literal> + branches no longer exist in the <link + xlink:href="https://github.com/nixos/nixpkgs-channels">deprecated + nixpkgs-channels repository</link>. These branches are now in + <link xlink:href="https://github.com/nixos/nixpkgs">the main nixpkgs + repository</link>. + </para> + </listitem> </itemizedlist> </section> @@ -257,27 +267,27 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware. + <xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware </para> </listitem> <listitem> <para> - <xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module. + <xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module </para> </listitem> <listitem> <para> - <xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays. + <xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays </para> </listitem> <listitem> <para> - <xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards. + <xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards </para> </listitem> <listitem> <para> - <xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers. + <xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers </para> </listitem> </itemizedlist> @@ -289,12 +299,12 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking. + <xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking </para> </listitem> <listitem> <para> - <xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration. + <xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration </para> </listitem> </itemizedlist> @@ -306,12 +316,12 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root. + <xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root </para> </listitem> <listitem> <para> - <xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support. + <xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support </para> </listitem> </itemizedlist> @@ -323,7 +333,7 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-boot.initrd.network.openvpn.enable" /> Start an OpenVPN client during initrd boot. + <xref linkend="opt-boot.initrd.network.openvpn.enable" /> start an OpenVPN client during initrd boot </para> </listitem> </itemizedlist> @@ -335,17 +345,17 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-boot.enableContainers" /> Use nixos-containers. + <xref linkend="opt-boot.enableContainers" /> use nixos-containers </para> </listitem> <listitem> <para> - <xref linkend="opt-virtualisation.oci-containers.containers" /> Run OCI (Docker) containers. + <xref linkend="opt-virtualisation.oci-containers.containers" /> run OCI (Docker) containers </para> </listitem> <listitem> <para> - <xref linkend="opt-virtualisation.podman.enable" /> Daemonless container engine. + <xref linkend="opt-virtualisation.podman.enable" /> daemonless container engine </para> </listitem> </itemizedlist> @@ -358,242 +368,237 @@ <itemizedlist> <listitem> <para> - <xref linkend="opt-services.ankisyncd.enable" /> Anki sync server. - </para> - </listitem> - <listitem> - <para> - <xref linkend="opt-services.bazarr.enable" /> subtitle manager for Sonarr and Radarr. + <xref linkend="opt-services.ankisyncd.enable" /> Anki sync server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC. + <xref linkend="opt-services.bazarr.enable" /> Subtitle manager for Sonarr and Radarr </para> </listitem> <listitem> <para> - <xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet. + <xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC </para> </listitem> <listitem> <para> - <xref linkend="opt-services.cage.enable" /> Wayland cage service. + <xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet </para> </listitem> <listitem> <para> - <xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser. + <xref linkend="opt-services.cage.enable" /> Wayland cage service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating helpers and shifts on large events. + <xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser </para> </listitem> <listitem> <para> - <xref linkend="opt-services.espanso.enable" /> text-expander written in rust. + <xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating volunteers and shifts on large events </para> </listitem> <listitem> <para> - <xref linkend="opt-services.foldingathome.enable" /> Folding@home client. + <xref linkend="opt-services.espanso.enable" /> text-expander written in rust </para> </listitem> <listitem> <para> - <xref linkend="opt-services.foldingathome.enable" /> Folding@home client. + <xref linkend="opt-services.foldingathome.enable" /> Folding@home client </para> </listitem> <listitem> <para> - <xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool. + <xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool </para> </listitem> <listitem> <para> - <xref linkend="opt-services.go-neb.enable" /> Matrix bot. + <xref linkend="opt-services.go-neb.enable" /> Matrix bot </para> </listitem> <listitem> <para> - <xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service. + <xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent. + <xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent </para> </listitem> <listitem> <para> - <xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet. + <xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet </para> </listitem> <listitem> <para> - <xref linkend="opt-services.jirafeau.enable" /> a web file repository. + <xref linkend="opt-services.jirafeau.enable" /> A web file repository </para> </listitem> <listitem> <para> - <xref linkend="opt-services.jitsi-meet.enable" /> secure, simple and scalable video conferences. + <xref linkend="opt-services.jitsi-meet.enable" /> Secure, simple and scalable video conferences </para> </listitem> <listitem> <para> - <xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router. + <xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router </para> </listitem> <listitem> <para> - <xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server. + <xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.k3s.enable" /> lightweight kubernetes distribution. + <xref linkend="opt-services.k3s.enable" /> Lightweight Kubernetes distribution </para> </listitem> <listitem> <para> - <xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server. + <xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.malcontent.enable" /> parental control support. + <xref linkend="opt-services.malcontent.enable" /> Parental Control support </para> </listitem> <listitem> <para> - <xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge. + <xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge </para> </listitem> <listitem> <para> - <xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge. + <xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge </para> </listitem> <listitem> <para> - <xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service. + <xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server. + <xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon. + <xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon </para> </listitem> <listitem> <para> - <xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge. + <xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge </para> </listitem> <listitem> <para> - <xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service. + <xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.nix-store-gcs-proxy" /> Enable a Google storage bucket to be used as a nix store. + <xref linkend="opt-services.nix-store-gcs-proxy" /> Google storage bucket to be used as a nix store </para> </listitem> <listitem> <para> - <xref linkend="opt-services.onedrive.enable" /> OneDrive sync service. + <xref linkend="opt-services.onedrive.enable" /> OneDrive sync service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service. + <xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.pixiecore.enable" /> manage network booting of machines. + <xref linkend="opt-services.pixiecore.enable" /> Manage network booting of machines </para> </listitem> <listitem> <para> - <xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server. + <xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon. + <xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon </para> </listitem> <listitem> <para> - <xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge. + <xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge </para> </listitem> <listitem> <para> - <xref linkend="opt-services.rss-bridge.enable" /> generate RSS and Atom feeds. + <xref linkend="opt-services.rss-bridge.enable" /> Generate RSS and Atom feeds </para> </listitem> <listitem> <para> - <xref linkend="opt-services.rtorrent.enable" /> rTorrent service. + <xref linkend="opt-services.rtorrent.enable" /> rTorrent service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server. + <xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.sogo.enable" /> SOGo groupware. + <xref linkend="opt-services.sogo.enable" /> SOGo groupware </para> </listitem> <listitem> <para> - <xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server. + <xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.torque.mom.enable" /> torque computing node. + <xref linkend="opt-services.torque.mom.enable" /> torque computing node </para> </listitem> <listitem> <para> - <xref linkend="opt-services.torque.server.enable" /> enable torque server. + <xref linkend="opt-services.torque.server.enable" /> torque server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.tuptime.enable" /> a total uptime service. + <xref linkend="opt-services.tuptime.enable" /> A total uptime service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.urserver.enable" /> X11 remote server. + <xref linkend="opt-services.urserver.enable" /> X11 remote server </para> </listitem> <listitem> <para> - <xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service. + <xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service </para> </listitem> <listitem> <para> - <xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent. + <xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent </para> </listitem> <listitem> <para> - <xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge. + <xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge </para> </listitem> </itemizedlist> @@ -733,7 +738,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation: <programlisting>{ services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec { - phantomJsSupport = false; + phantomJsSupport = true; }); }</programlisting> </para> @@ -884,12 +889,23 @@ php.override { <listitem> <para> Nginx web server now starting with additional sandbox/hardening options. By default, write access - to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders, + to <literal>/var/log/nginx</literal> and <literal>/var/cache/nginx</literal> is allowed. To allow writing to other folders, use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal> <programlisting> systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; </programlisting> </para> + <para> + Nginx is also started with the systemd option <literal>ProtectHome = mkDefault true;</literal> + which forbids it to read anything from <literal>/home</literal>, <literal>/root</literal> + and <literal>/run/user</literal> (see + <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=">ProtectHome docs</link> + for details). + If you require serving files from home directories, you may choose to set e.g. +<programlisting> +systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; +</programlisting> + </para> </listitem> <listitem> <para> @@ -1587,30 +1603,30 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; <para> Agda has been heavily reworked. <itemizedlist> - <listitem> - <para> - <literal>agda.mkDerivation</literal> has been heavily changed and - is now located at <package>agdaPackages.mkDerivation</package>. - </para> - </listitem> - <listitem> - <para> - New top-level packages <package>agda</package> and - <literal>agda.withPackages</literal> have been added, the second - of which sets up agda with access to chosen libraries. - </para> - </listitem> - <listitem> - <para> - All agda libraries now live under - <literal>agdaPackages</literal>. - </para> - </listitem> - <listitem> - <para> - Many broken libraries have been removed. - </para> - </listitem> + <listitem> + <para> + <literal>agda.mkDerivation</literal> has been heavily changed and + is now located at <package>agdaPackages.mkDerivation</package>. + </para> + </listitem> + <listitem> + <para> + New top-level packages <package>agda</package> and + <literal>agda.withPackages</literal> have been added, the second + of which sets up agda with access to chosen libraries. + </para> + </listitem> + <listitem> + <para> + All agda libraries now live under + <literal>agdaPackages</literal>. + </para> + </listitem> + <listitem> + <para> + Many broken libraries have been removed. + </para> + </listitem> </itemizedlist> See the <link xlink:href="https://nixos.org/nixpkgs/manual/#agda">new @@ -1623,7 +1639,7 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; nixpkgs. It was a work in progress to package the <link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>, including libraries, tools and applications, and it was still - missing a service to lauch the desktop environment. It has shown + missing a service to launch the desktop environment. It has shown to no longer be a feasible goal due to reasons discussed in <link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>. The package <literal>netease-cloud-music</literal> has also been @@ -1668,4 +1684,131 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; </listitem> </itemizedlist> </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-20.09-contributions"> + <title>Contributions</title> + <para> + I, Jonathan Ringer, would like to thank the following individuals for their work on nixpkgs. This release could not be done without the hard work of the NixOS community. There were 31282 contributions across 1313 contributors. + </para> + <orderedlist> + <para> + Top contributors to NixOS/Nixpkgs from the 20.03 release to the 20.09 release: + </para> + <listitem> + <para> + 2288 Mario Rodas + </para> + </listitem> + <listitem> + <para> + 1837 Frederik Rietdijk + </para> + </listitem> + <listitem> + <para> + 946 Jörg Thalheim + </para> + </listitem> + <listitem> + <para> + 925 Maximilian Bosch + </para> + </listitem> + <listitem> + <para> + 687 Jonathan Ringer + </para> + </listitem> + <listitem> + <para> + 651 Jan Tojnar + </para> + </listitem> + <listitem> + <para> + 622 Daniël de Kok + </para> + </listitem> + <listitem> + <para> + 605 WORLDofPEACE + </para> + </listitem> + <listitem> + <para> + 597 Florian Klink + </para> + </listitem> + <listitem> + <para> + 528 José Romildo Malaquias + </para> + </listitem> + </orderedlist> + + <orderedlist> + <para> + Top contributors to stabilizing this release (Zero Hydra Failures period): + </para> + <listitem> + <para> + 281 volth + </para> + </listitem> + <listitem> + <para> + 101 Robert Scott + </para> + </listitem> + <listitem> + <para> + 86 Tim Steinbach + </para> + </listitem> + <listitem> + <para> + 76 WORLDofPEACE + </para> + </listitem> + <listitem> + <para> + 49 Maximilian Bosch + </para> + </listitem> + <listitem> + <para> + 42 Thomas Tuegel + </para> + </listitem> + <listitem> + <para> + 37 Doron Behar + </para> + </listitem> + <listitem> + <para> + 36 Vladimír Čunát + </para> + </listitem> + <listitem> + <para> + 27 Jonathan Ringer + </para> + </listitem> + <listitem> + <para> + 27 Maciej Krüger + </para> + </listitem> + </orderedlist> + + <para> + I, Jonathan Ringer, would also like to personally thank @WORLDofPEACE for their help in mentoring me on the release process. Special thanks also goes to Thomas Tuegel for helping immensely with stabilizing Qt, KDE, and Plasma5; I would also like to thank Robert Scott for his numerous fixes and pull request reviews. + </para> + + </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index af73b307325f..10d5cda77464 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -23,6 +23,9 @@ Support is planned until the end of October 2021, handing over to 21.09. </para> </listitem> + <listitem> + <para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para> + </listitem> </itemizedlist> </section> @@ -39,7 +42,19 @@ <itemizedlist> <listitem> - <para /> + <para> + <link xlink:href="https://www.keycloak.org/">Keycloak</link>, + an open source identity and access management server with + support for <link + xlink:href="https://openid.net/connect/">OpenID Connect</link>, + <link xlink:href="https://oauth.net/2/">OAUTH 2.0</link> and + <link xlink:href="https://en.wikipedia.org/wiki/SAML_2.0">SAML + 2.0</link>. + </para> + <para> + See the <link linkend="module-services-keycloak">Keycloak + section of the NixOS manual</link> for more information. + </para> </listitem> </itemizedlist> @@ -75,6 +90,18 @@ </para> </listitem> <listitem> + <para> + <literal>rubyMinimal</literal> was removed due to being unused and + unusable. The default ruby interpreter includes JIT support, which makes + it reference it's compiler. Since JIT support is probably needed by some + Gems, it was decided to enable this feature with all cc references by + default, and allow to build a Ruby derivation without references to cc, + by setting <literal>jitSupport = false;</literal> in an overlay. See + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link> + for more info. + </para> + </listitem> + <listitem> <para> The option <option>fonts.enableFontDir</option> has been renamed to <xref linkend="opt-fonts.fontDir.enable"/>. The path of font directory @@ -116,6 +143,48 @@ <literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>. </para> </listitem> + <listitem> + <para> + <package>btc1</package> has been abandoned upstream, and removed. + </para> + </listitem> + <listitem> + <para> + <package>riak-cs</package> package removed along with <varname>services.riak-cs</varname> module. + </para> + </listitem> + <listitem> + <para> + <package>stanchion</package> package removed along with <varname>services.stanchion</varname> module. + </para> + </listitem> + <listitem> + <para> + <package>mutt</package> has been updated to a new major version (2.x), which comes with + some backward incompatible changes that are described in the + <link xlink:href="http://www.mutt.org/relnotes/2.0/">release notes for Mutt 2.0</link>. + </para> + </listitem> + <listitem> + <para> + <literal>vim</literal> switched to Python 3, dropping all Python 2 support. + </para> + </listitem> + <listitem> + <para> + <link linkend="opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link> + previously did nothing, but has been fixed. However its default has been + changed to <literal>false</literal> to preserve the existing default + behaviour. If you have this explicitly set to <literal>true</literal>, + please note that your non-root pools will now be forcibly imported. + </para> + </listitem> + <listitem> + <para> + <package>openafs</package> now points to <package>openafs_1_8</package>, + which is the new stable release. OpenAFS 1.6 was removed. + </para> + </listitem> </itemizedlist> </section> @@ -139,6 +208,75 @@ to <package>nextcloud20</package>. </para> </listitem> + <listitem> + <para> + The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces. + </para> + </listitem> + <listitem> + <para> + NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details. + </para> + <para> + All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead. + </para> + </listitem> + <listitem> + <para> + The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues. + </para> + + <para> + It is now possible to enable a local UNIX control socket for unbound by setting the <xref linkend="opt-services.unbound.localControlSocketPath" /> + option. + </para> + + <para> + Previously we just applied a very minimal set of restrictions and + trusted unbound to properly drop root privs and capabilities. + </para> + + <para> + As of this we are (for the most part) just using the upstream + example unit file for unbound. The main difference is that we start + unbound as <literal>unbound</literal> user with the required capabilities instead of + letting unbound do the chroot & uid/gid changes. + </para> + + <para> + The upstream unit configuration this is based on is a lot stricter with + all kinds of permissions then our previous variant. It also came with + the default of having the <literal>Type</literal> set to <literal>notify</literal>, therefore we are now also + using the <literal>unbound-with-systemd</literal> package here. Unbound will start up, + read the configuration files and start listening on the configured ports + before systemd will declare the unit <literal>active (running)</literal>. + This will likely help with startup order and the occasional race condition during system + activation where the DNS service is started but not yet ready to answer + queries. Services depending on <literal>nss-lookup.target</literal> or <literal>unbound.service</literal> + are now be able to use unbound when those targets have been reached. + </para> + + <para> + Aditionally to the much stricter runtime environmet the + <literal>/dev/urandom</literal> mount lines we previously had in the code (that would + randomly failed during the stop-phase) have been removed as systemd will take care of those for us. + </para> + + <para> + The <literal>preStart</literal> script is now only required if we enabled the trust + anchor updates (which are still enabled by default). + </para> + + <para> + Another benefit of the refactoring is that we can now issue reloads via + either <literal>pkill -HUP unbound</literal> and <literal>systemctl reload unbound</literal> to reload the + running configuration without taking the daemon offline. A prerequisite + of this was that unbound configuration is available on a well known path + on the file system. We are using the path <literal>/etc/unbound/unbound.conf</literal> as that is the + default in the CLI tooling which in turn enables us to use + <literal>unbound-control</literal> without passing a custom configuration location. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/varlistentry-fixer.rb b/nixos/doc/varlistentry-fixer.rb index 6c7cc1e6439b..02168016b554 100755 --- a/nixos/doc/varlistentry-fixer.rb +++ b/nixos/doc/varlistentry-fixer.rb @@ -15,8 +15,8 @@ require "rexml/document" include REXML if ARGV.length < 1 then - $stderr.puts "Needs a filename." - exit 1 + $stderr.puts "Needs a filename." + exit 1 end filename = ARGV.shift @@ -51,17 +51,17 @@ $touched = false # Generates: --optionnamevalue # ^^ ^^ doc.elements.each("//varlistentry/term") do |term| - ["varname", "function", "option", "replaceable"].each do |prev_name| - term.elements.each(prev_name) do |el| - if el.next_element and - el.next_element.name == "replaceable" and - el.next_sibling_node.class == Element - then - $touched = true - term.insert_after(el, Text.new(" ")) - end - end - end + ["varname", "function", "option", "replaceable"].each do |prev_name| + term.elements.each(prev_name) do |el| + if el.next_element and + el.next_element.name == "replaceable" and + el.next_sibling_node.class == Element + then + $touched = true + term.insert_after(el, Text.new(" ")) + end + end + end end @@ -75,17 +75,17 @@ end # Generates: -Ipath # ^^ doc.elements.each("//cmdsynopsis/arg") do |term| - ["option", "replaceable"].each do |prev_name| - term.elements.each(prev_name) do |el| - if el.next_element and - el.next_element.name == "replaceable" and - el.next_sibling_node.class == Element - then - $touched = true - term.insert_after(el, Text.new(" ")) - end - end - end + ["option", "replaceable"].each do |prev_name| + term.elements.each(prev_name) do |el| + if el.next_element and + el.next_element.name == "replaceable" and + el.next_sibling_node.class == Element + then + $touched = true + term.insert_after(el, Text.new(" ")) + end + end + end end # <cmdsynopsis> @@ -104,21 +104,21 @@ end # Generates: [{--profile-name | -p }name] # ^^^^ doc.elements.each("//cmdsynopsis/arg") do |term| - ["group"].each do |prev_name| - term.elements.each(prev_name) do |el| - if el.next_element and - el.next_element.name == "replaceable" and - el.next_sibling_node.class == Element - then - $touched = true - term.insert_after(el, Text.new(" ")) - end - end - end + ["group"].each do |prev_name| + term.elements.each(prev_name) do |el| + if el.next_element and + el.next_element.name == "replaceable" and + el.next_sibling_node.class == Element + then + $touched = true + term.insert_after(el, Text.new(" ")) + end + end + end end if $touched then - doc.context[:attribute_quote] = :quote - doc.write(output: File.open(filename, "w")) + doc.context[:attribute_quote] = :quote + doc.write(output: File.open(filename, "w")) end |