diff options
Diffstat (limited to 'nixpkgs/nixos/doc')
17 files changed, 252 insertions, 98 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.xml b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.xml index 182641055e4..02cb78f47e8 100644 --- a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.xml +++ b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.xml @@ -11,7 +11,7 @@ the package to your clone, and (optionally) submit a patch or pull request to have it accepted into the main Nixpkgs repository. This is described in detail in the <link -xlink:href="http://nixos.org/nixpkgs/manual">Nixpkgs +xlink:href="https://nixos.org/nixpkgs/manual">Nixpkgs manual</link>. In short, you clone Nixpkgs: <screen> <prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs diff --git a/nixpkgs/nixos/doc/manual/configuration/config-syntax.xml b/nixpkgs/nixos/doc/manual/configuration/config-syntax.xml index 5ef498cf9ae..5526dea247c 100644 --- a/nixpkgs/nixos/doc/manual/configuration/config-syntax.xml +++ b/nixpkgs/nixos/doc/manual/configuration/config-syntax.xml @@ -14,7 +14,7 @@ when managing complex systems. The syntax and semantics of the Nix language are fully described in the <link -xlink:href="http://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix +xlink:href="https://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix manual</link>, but here we give a short overview of the most important constructs useful in NixOS configuration files. </para> diff --git a/nixpkgs/nixos/doc/manual/configuration/file-systems.xml b/nixpkgs/nixos/doc/manual/configuration/file-systems.xml index e4c03de71b7..3ac02a975eb 100644 --- a/nixpkgs/nixos/doc/manual/configuration/file-systems.xml +++ b/nixpkgs/nixos/doc/manual/configuration/file-systems.xml @@ -16,6 +16,17 @@ fsType = "ext4"; }; </programlisting> + This will create an entry in <filename>/etc/fstab</filename>, which will + generate a corresponding + <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.mount.html">systemd.mount</link> + unit via + <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html">systemd-fstab-generator</link>. + The filesystem will be mounted automatically unless + <literal>"noauto"</literal> is present in <link + linkend="opt-fileSystems._name__.options">options</link>. + <literal>"noauto"</literal> filesystems can be mounted explicitly using + <command>systemctl</command> e.g. <command>systemctl start + data.mount</command>. Mount points are created automatically if they don’t already exist. For <option><link linkend="opt-fileSystems._name__.device">device</link></option>, it’s best to use the topology-independent device aliases in diff --git a/nixpkgs/nixos/doc/manual/configuration/summary.xml b/nixpkgs/nixos/doc/manual/configuration/summary.xml index ea980254a8f..289face16de 100644 --- a/nixpkgs/nixos/doc/manual/configuration/summary.xml +++ b/nixpkgs/nixos/doc/manual/configuration/summary.xml @@ -10,7 +10,7 @@ expression language. It’s not complete. In particular, there are many other built-in functions. See the <link -xlink:href="http://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix +xlink:href="https://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix manual</link> for the rest. </para> diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml index 06dd7c8bfb9..110712baf5f 100644 --- a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml +++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml @@ -31,6 +31,7 @@ <xref linkend="opt-services.xserver.windowManager.twm.enable"/> = true; <xref linkend="opt-services.xserver.windowManager.icewm.enable"/> = true; <xref linkend="opt-services.xserver.windowManager.i3.enable"/> = true; +<xref linkend="opt-services.xserver.windowManager.herbstluftwm.enable"/> = true; </programlisting> </para> <para> diff --git a/nixpkgs/nixos/doc/manual/configuration/xfce.xml b/nixpkgs/nixos/doc/manual/configuration/xfce.xml index ebf1f493c5c..abcf5f648a4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/xfce.xml +++ b/nixpkgs/nixos/doc/manual/configuration/xfce.xml @@ -16,11 +16,11 @@ effects, some example settings: <programlisting> <link linkend="opt-services.picom.enable">services.picom</link> = { - <link linkend="opt-services.picom.enable">enable</link> = true; - <link linkend="opt-services.picom.fade">fade</link> = true; - <link linkend="opt-services.picom.inactiveOpacity">inactiveOpacity</link> = "0.9"; - <link linkend="opt-services.picom.shadow">shadow</link> = true; - <link linkend="opt-services.picom.fadeDelta">fadeDelta</link> = 4; + <link linkend="opt-services.picom.enable">enable</link> = true; + <link linkend="opt-services.picom.fade">fade</link> = true; + <link linkend="opt-services.picom.inactiveOpacity">inactiveOpacity</link> = 0.9; + <link linkend="opt-services.picom.shadow">shadow</link> = true; + <link linkend="opt-services.picom.fadeDelta">fadeDelta</link> = 4; }; </programlisting> </para> diff --git a/nixpkgs/nixos/doc/manual/development/releases.xml b/nixpkgs/nixos/doc/manual/development/releases.xml index cc0ec78cc74..8abc66dfec1 100755 --- a/nixpkgs/nixos/doc/manual/development/releases.xml +++ b/nixpkgs/nixos/doc/manual/development/releases.xml @@ -57,7 +57,7 @@ <listitem> <para> <link xlink:href="https://github.com/NixOS/nixos-org-configurations/pull/18"> - Make sure a channel is created at http://nixos.org/channels/. </link> + Make sure a channel is created at https://nixos.org/channels/. </link> </para> </listitem> <listitem> diff --git a/nixpkgs/nixos/doc/manual/development/replace-modules.xml b/nixpkgs/nixos/doc/manual/development/replace-modules.xml index b4a466e2294..9fc5678ca1b 100644 --- a/nixpkgs/nixos/doc/manual/development/replace-modules.xml +++ b/nixpkgs/nixos/doc/manual/development/replace-modules.xml @@ -37,7 +37,7 @@ imports = [ # Use postgresql service from nixos-unstable channel. - # sudo nix-channel --add http://nixos.org/channels/nixos-unstable nixos-unstable + # sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable <nixos-unstable/nixos/modules/services/databases/postgresql.nix> ]; diff --git a/nixpkgs/nixos/doc/manual/installation/installing.xml b/nixpkgs/nixos/doc/manual/installation/installing.xml index 0dbfb39c32b..673df8f2e4c 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing.xml @@ -41,6 +41,11 @@ neo</command>!) </para> + <para> + If the text is too small to be legible, try <command>setfont ter-132n</command> + to increase the font size. + </para> + <section xml:id="sec-installation-booting-networking"> <title>Networking in the installer</title> diff --git a/nixpkgs/nixos/doc/manual/installation/obtaining.xml b/nixpkgs/nixos/doc/manual/installation/obtaining.xml index 56af5c0e25a..3b8671782de 100644 --- a/nixpkgs/nixos/doc/manual/installation/obtaining.xml +++ b/nixpkgs/nixos/doc/manual/installation/obtaining.xml @@ -7,7 +7,7 @@ <para> NixOS ISO images can be downloaded from the <link -xlink:href="http://nixos.org/nixos/download.html">NixOS download +xlink:href="https://nixos.org/nixos/download.html">NixOS download page</link>. There are a number of installation options. If you happen to have an optical drive and a spare CD, burning the image to CD and booting from that is probably the easiest option. Most people will need to prepare a @@ -26,7 +26,7 @@ xlink:href="https://nixos.wiki/wiki/NixOS_Installation_Guide#Making_the_installa <para> Using virtual appliances in Open Virtualization Format (OVF) that can be imported into VirtualBox. These are available from the - <link xlink:href="http://nixos.org/nixos/download.html">NixOS download + <link xlink:href="https://nixos.org/nixos/download.html">NixOS download page</link>. </para> </listitem> diff --git a/nixpkgs/nixos/doc/manual/installation/upgrading.xml b/nixpkgs/nixos/doc/manual/installation/upgrading.xml index 92864cf2557..e5e02aa0752 100644 --- a/nixpkgs/nixos/doc/manual/installation/upgrading.xml +++ b/nixpkgs/nixos/doc/manual/installation/upgrading.xml @@ -14,7 +14,7 @@ <para> <emphasis>Stable channels</emphasis>, such as <literal - xlink:href="https://nixos.org/channels/nixos-19.09">nixos-19.09</literal>. + xlink:href="https://nixos.org/channels/nixos-20.03">nixos-20.03</literal>. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not from @@ -38,7 +38,7 @@ <para> <emphasis>Small channels</emphasis>, such as <literal - xlink:href="https://nixos.org/channels/nixos-19.09-small">nixos-19.09-small</literal> + xlink:href="https://nixos.org/channels/nixos-20.03-small">nixos-20.03-small</literal> or <literal xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. @@ -63,8 +63,8 @@ <para> When you first install NixOS, you’re automatically subscribed to the NixOS channel that corresponds to your installation source. For instance, if you - installed from a 19.09 ISO, you will be subscribed to the - <literal>nixos-19.09</literal> channel. To see which NixOS channel you’re + installed from a 20.03 ISO, you will be subscribed to the + <literal>nixos-20.03</literal> channel. To see which NixOS channel you’re subscribed to, run the following as root: <screen> # nix-channel --list | grep nixos @@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable # nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos </screen> (Be sure to include the <literal>nixos</literal> parameter at the end.) For - instance, to use the NixOS 19.09 stable channel: + instance, to use the NixOS 20.03 stable channel: <screen> -# nix-channel --add https://nixos.org/channels/nixos-19.09 nixos +# nix-channel --add https://nixos.org/channels/nixos-20.03 nixos </screen> If you have a server, you may want to use the “small” channel instead: <screen> -# nix-channel --add https://nixos.org/channels/nixos-19.09-small nixos +# nix-channel --add https://nixos.org/channels/nixos-20.03-small nixos </screen> And if you want to live on the bleeding edge: <screen> @@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. <programlisting> -<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09; +<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.03; </programlisting> </para> </section> diff --git a/nixpkgs/nixos/doc/manual/man-nixos-install.xml b/nixpkgs/nixos/doc/manual/man-nixos-install.xml index 9255ce763ef..84849282e9a 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-install.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-install.xml @@ -25,16 +25,6 @@ </group> </arg> <arg> - <group choice='req'> - <arg choice='plain'> - <option>--print-build-logs</option> - </arg> - <arg choice='plain'> - <option>-L</option> - </arg> - </group> - </arg> - <arg> <arg choice='plain'> <option>-I</option> </arg> @@ -179,12 +169,6 @@ </listitem> </varlistentry> <varlistentry> - <term><option>--print-build-logs</option> / <option>-L</option></term> - <listitem> - <para>Print the full build logs of <command>nix build</command> to stderr.</para> - </listitem> - </varlistentry> - <varlistentry> <term> <option>--root</option> </term> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1404.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1404.xml index 8d8cea4303a..56dbb74a71d 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1404.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1404.xml @@ -49,7 +49,7 @@ <para> Nix has been updated to 1.7 (<link - xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>). + xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>). </para> </listitem> <listitem> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1509.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1509.xml index 5c4d9970178..098c8c5095b 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1509.xml @@ -22,7 +22,7 @@ in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the <link - xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's Guide to the Haskell Infrastructure</link>. Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional @@ -555,7 +555,7 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc the compiler now is the <literal>haskellPackages.ghcWithPackages</literal> function. The <link - xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's Guide to the Haskell Infrastructure</link> provides more information about this subject. </para> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1603.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1603.xml index 9b512c4b1e5..6d4b28825fa 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1603.xml @@ -54,7 +54,7 @@ xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar> to a deterministic value, and Nix has <link - xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained + xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained an option</link> to repeat a build a number of times to test determinism. An ongoing project, the goal of exact reproducibility is to allow binaries to be verified independently (e.g., a user might only trust binaries that diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml index 8f97de24ab1..393a9286ca4 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml @@ -3,7 +3,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-20.03"> - <title>Release 20.03 (“Markhor”, 2020.03/??)</title> + <title>Release 20.03 (“Markhor”, 2020.04/20)</title> <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" @@ -935,8 +935,8 @@ services.dnsmasq.servers = [ "127.0.0.1#43" ]; </listitem> <listitem> <para> - Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organized dependencies the same way as regular builds. - In particular, rather than receiving all the different lists of dependencies master together as one big lists, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. + Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organize dependencies the same way as regular builds. + In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. </para> <para> This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a <varname>buildDepends</varname> or run-time Haskell dependency as a <varname>setupDepends</varname>, whereas things would have worked before they may not work now. @@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root"; As well as this, the options <literal>security.acme.acceptTerms</literal> and either <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> must be set in order to use the ACME module. - Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are - preserved and thus it is possible to roll back to previous versions without breaking certificate - generation. + Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. + In particular private keys will not be preserved. However, the credentials for simp-le are preserved and + thus it is possible to roll back to previous versions without breaking certificate generation. + Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can + have consequences if you embed your public key in apps. </para> </listitem> <listitem> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml index 4965f9c3629..1d24553b08d 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml @@ -28,6 +28,11 @@ </listitem> <listitem> <para> + We now distribute a GNOME ISO. + </para> + </listitem> + <listitem> + <para> PHP now defaults to PHP 7.4, updated from 7.3. </para> </listitem> @@ -40,6 +45,44 @@ make use of these new options instead. </para> </listitem> + <listitem> + <para> + There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. + </para> + </listitem> + <listitem> + <para> + The new <varname>virtualisation.containers</varname> module manages configuration shared by the CRI-O and Podman modules. + </para> + </listitem> + <listitem> + <para> + Declarative Docker containers are renamed from <varname>docker-containers</varname> to <varname>virtualisation.oci-containers.containers</varname>. + This is to make it possible to use <literal>podman</literal> instead of <literal>docker</literal>. + </para> + </listitem> + <listitem> + <para> + MariaDB has been updated to 10.4, MariaDB Galera to 26.4. + Before you upgrade, it would be best to take a backup of your database. + For MariaDB Galera Cluster, see <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/">Upgrading + from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster</link> instead. + Before doing the upgrade read <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104">Incompatible + Changes Between 10.3 and 10.4</link>. + After the upgrade you will need to run <literal>mysql_upgrade</literal>. + MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more + intuitive. See <link xlink:href="https://mariadb.com/kb/en/authentication-from-mariadb-104/">Authentication from MariaDB 10.4</link>. + unix_socket auth plugin does not use a password, and uses the connecting user's UID instead. When a new MariaDB data directory is initialized, two MariaDB users are + created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root@localhost and mysql@localhost. To actually use + the traditional mysql_native_password plugin method, one must run the following: +<programlisting> +services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' + ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("verysecret"); +''; +</programlisting> + When MariaDB data directory is just upgraded (not initialized), the users are not created or modified. + </para> + </listitem> </itemizedlist> </section> @@ -56,7 +99,9 @@ <itemizedlist> <listitem> - <para /> + <para> + There is a new <xref linkend="opt-security.doas.enable"/> module that provides <command>doas</command>, a lighter alternative to <command>sudo</command> with many of the same features. + </para> </listitem> </itemizedlist> @@ -77,6 +122,12 @@ <itemizedlist> <listitem> <para> + The go-modules builder now uses vendorSha256 instead of modSha256 to pin + fetched version data. This is currently a warning, but will be removed in the next release. + </para> + </listitem> + <listitem> + <para> Grafana is now built without support for phantomjs by default. Phantomjs support has been <link xlink:href="https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/">deprecated in Grafana</link> and the <package>phantomjs</package> project is @@ -130,69 +181,69 @@ </listitem> <listitem> <para> - Since this release there's an easy way to customize your PHP install to get a much smaller - base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP - with the extensions <literal>imagick</literal>, <literal>opcache</literal> and + Since this release there's an easy way to customize your PHP + install to get a much smaller base PHP with only wanted + extensions enabled. See the following snippet installing a + smaller PHP with the extensions <literal>imagick</literal>, + <literal>opcache</literal>, <literal>pdo</literal> and <literal>pdo_mysql</literal> loaded: <programlisting> environment.systemPackages = [ -(pkgs.php.buildEnv { extensions = pp: with pp; [ - imagick - opcache - pdo_mysql - ]; }) + (pkgs.php.withExtensions + ({ all, ... }: with all; [ + imagick + opcache + pdo + pdo_mysql + ]) + ) ];</programlisting> - The default <literal>php</literal> attribute hasn't lost any extensions - - the <literal>opcache</literal> extension was added there. + The default <literal>php</literal> attribute hasn't lost any + extensions. The <literal>opcache</literal> extension has been + added. All upstream PHP extensions are available under <package><![CDATA[php.extensions.<name?>]]></package>. </para> <para> - The updated <literal>php</literal> attribute is now easily customizable to your liking - by using extensions instead of writing config files or changing configure flags. - - Therefore we have removed the following configure flags: + All PHP <literal>config</literal> flags have been removed for + the following reasons: <itemizedlist> - <title>PHP <literal>config</literal> flags that we don't read anymore:</title> - <listitem><para><literal>config.php.argon2</literal></para></listitem> - <listitem><para><literal>config.php.bcmath</literal></para></listitem> - <listitem><para><literal>config.php.bz2</literal></para></listitem> - <listitem><para><literal>config.php.calendar</literal></para></listitem> - <listitem><para><literal>config.php.curl</literal></para></listitem> - <listitem><para><literal>config.php.exif</literal></para></listitem> - <listitem><para><literal>config.php.ftp</literal></para></listitem> - <listitem><para><literal>config.php.gd</literal></para></listitem> - <listitem><para><literal>config.php.gettext</literal></para></listitem> - <listitem><para><literal>config.php.gmp</literal></para></listitem> - <listitem><para><literal>config.php.imap</literal></para></listitem> - <listitem><para><literal>config.php.intl</literal></para></listitem> - <listitem><para><literal>config.php.ldap</literal></para></listitem> - <listitem><para><literal>config.php.libxml2</literal></para></listitem> - <listitem><para><literal>config.php.libzip</literal></para></listitem> - <listitem><para><literal>config.php.mbstring</literal></para></listitem> - <listitem><para><literal>config.php.mysqli</literal></para></listitem> - <listitem><para><literal>config.php.mysqlnd</literal></para></listitem> - <listitem><para><literal>config.php.openssl</literal></para></listitem> - <listitem><para><literal>config.php.pcntl</literal></para></listitem> - <listitem><para><literal>config.php.pdo_mysql</literal></para></listitem> - <listitem><para><literal>config.php.pdo_odbc</literal></para></listitem> - <listitem><para><literal>config.php.pdo_pgsql</literal></para></listitem> - <listitem><para><literal>config.php.phpdbg</literal></para></listitem> - <listitem><para><literal>config.php.postgresql</literal></para></listitem> - <listitem><para><literal>config.php.readline</literal></para></listitem> - <listitem><para><literal>config.php.soap</literal></para></listitem> - <listitem><para><literal>config.php.sockets</literal></para></listitem> - <listitem><para><literal>config.php.sodium</literal></para></listitem> - <listitem><para><literal>config.php.sqlite</literal></para></listitem> - <listitem><para><literal>config.php.tidy</literal></para></listitem> - <listitem><para><literal>config.php.xmlrpc</literal></para></listitem> - <listitem><para><literal>config.php.xsl</literal></para></listitem> - <listitem><para><literal>config.php.zip</literal></para></listitem> - <listitem><para><literal>config.php.zlib</literal></para></listitem> + <listitem> + <para> + The updated <literal>php</literal> attribute is now easily + customizable to your liking by using + <literal>php.withExtensions</literal> or + <literal>php.buildEnv</literal> instead of writing config files + or changing configure flags. + </para> + </listitem> + <listitem> + <para> + The remaining configuration flags can now be set directly on + the <literal>php</literal> attribute. For example, instead of + + <programlisting> +php.override { + config.php.embed = true; + config.php.apxs2 = false; +} + </programlisting> + + you should now write + + <programlisting> +php.override { + embedSupport = true; + apxs2Support = false; +} + </programlisting> + </para> + </listitem> </itemizedlist> + </para> </listitem> <listitem> @@ -203,7 +254,25 @@ environment.systemPackages = [ <link xlink:href="https://github.com/gollum/gollum/wiki/5.0-release-notes#migrating-your-wiki">here</link>. </para> </listitem> - + <listitem> + <para> + Deluge 2.x was added and is used as default for new NixOS + installations where stateVersion is >= 20.09. If you are upgrading from a previous + NixOS version, you can set <literal>service.deluge.package = pkgs.deluge-2_x</literal> + to upgrade to Deluge 2.x and migrate the state to the new format. + Be aware that backwards state migrations are not supported by Deluge. + </para> + </listitem> + <listitem> + <para> + Add option <literal>services.nginx.enableSandbox</literal> to starting Nginx web server with additional sandbox/hardening options. + By default, write access to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders, + use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal> + <programlisting> +systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; + </programlisting> + </para> + </listitem> <listitem> <para> The NixOS options <literal>nesting.clone</literal> and @@ -247,6 +316,76 @@ environment.systemPackages = [ </programlisting> </para> </listitem> + <listitem> + <para> + The Nginx log directory has been moved to <literal>/var/log/nginx</literal>, the cache directory + to <literal>/var/cache/nginx</literal>. The option <literal>services.nginx.stateDir</literal> has + been removed. + </para> + </listitem> + <listitem> + <para> + The httpd web server previously started its main process as root + privileged, then ran worker processes as a less privileged identity user. + This was changed to start all of httpd as a less privileged user (defined by + <xref linkend="opt-services.httpd.user"/> and + <xref linkend="opt-services.httpd.group"/>). As a consequence, all files that + are needed for httpd to run (included configuration fragments, SSL + certificates and keys, etc.) must now be readable by this less privileged + user/group. + </para> + <para> + The default value for <xref linkend="opt-services.httpd.mpm"/> + has been changed from <literal>prefork</literal> to <literal>event</literal>. Along with + this change the default value for + <link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.http2</link> + has been set to <literal>true</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>systemd-networkd</literal> option + <literal>systemd.network.networks.<name>.dhcp.CriticalConnection</literal> + has been removed following upstream systemd's deprecation of the same. It is recommended to use + <literal>systemd.network.networks.<name>.networkConfig.KeepConfiguration</literal> instead. + See <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + </para> + </listitem> + <listitem> + <para> + The <literal>systemd-networkd</literal> option + <literal>systemd.network.networks._name_.dhcpConfig</literal> + has been renamed to + <xref linkend="opt-systemd.network.networks._name_.dhcpV4Config"/> + following upstream systemd's documentation change. + See <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + </para> + </listitem> + <listitem> + <para> + In the <literal>picom</literal> module, several options that accepted + floating point numbers encoded as strings (for example + <xref linkend="opt-services.picom.activeOpacity"/>) have been changed + to the (relatively) new native <literal>float</literal> type. To migrate + your configuration simply remove the quotes around the numbers. + </para> + </listitem> + <listitem> + <para> + When using <literal>buildBazelPackage</literal> from Nixpkgs, + <literal>flat</literal> hash mode is now used for dependencies + instead of <literal>recursive</literal>. This is to better allow + using hashed mirrors where needed. As a result, these hashes + will have changed. + </para> + </listitem> + <listitem> + <para> + The rkt module has been removed, it was archived by upstream. + </para> + </listitem> </itemizedlist> </section> @@ -260,6 +399,13 @@ environment.systemPackages = [ <itemizedlist> <listitem> <para> + <option>services.journald.rateLimitBurst</option> was updated from + <literal>1000</literal> to <literal>10000</literal> to follow the new + upstream systemd default. + </para> + </listitem> + <listitem> + <para> The <package>notmuch</package> package move its emacs-related binaries and emacs lisp files to a separate output. They're not part of the default <literal>out</literal> output anymore - if you relied on the @@ -267,6 +413,11 @@ environment.systemPackages = [ the <literal>notmuch.emacs</literal> output. </para> </listitem> + <listitem> + <para> + The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. + </para> + </listitem> </itemizedlist> </section> </section> |