diff options
Diffstat (limited to 'nixpkgs/nixos/doc')
33 files changed, 1609 insertions, 177 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/boot-problems.xml b/nixpkgs/nixos/doc/manual/administration/boot-problems.xml index 5fa0b29e6d6..e0f66284010 100644 --- a/nixpkgs/nixos/doc/manual/administration/boot-problems.xml +++ b/nixpkgs/nixos/doc/manual/administration/boot-problems.xml @@ -19,9 +19,9 @@ </term> <listitem> <para> - Start a root shell if something goes wrong in stage 1 of the boot process - (the initial ramdisk). This is disabled by default because there is no - authentication for the root shell. + Allows the user to start a root shell if something goes wrong in stage 1 + of the boot process (the initial ramdisk). This is disabled by default + because there is no authentication for the root shell. </para> </listitem> </varlistentry> @@ -51,6 +51,22 @@ </varlistentry> <varlistentry> <term> + <literal>boot.debug1mounts</literal> + </term> + <listitem> + <para> + Like <literal>boot.debug1</literal> or + <literal>boot.debug1devices</literal>, but runs stage1 until all + filesystems that are mounted during initrd are mounted (see + <option><link linkend="opt-fileSystems._name_.neededForBoot">neededForBoot</link></option> + ). As a motivating example, this could be useful if you've forgotten to set + <option><link linkend="opt-fileSystems._name_.neededForBoot">neededForBoot</link></option> + on a file system. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <literal>boot.trace</literal> </term> <listitem> @@ -91,6 +107,15 @@ </para> <para> + Notice that for <literal>boot.shell_on_fail</literal>, + <literal>boot.debug1</literal>, <literal>boot.debug1devices</literal>, and + <literal>boot.debug1mounts</literal>, if you did <emphasis>not</emphasis> + select "start the new shell as pid 1", and you <literal>exit</literal> from + the new shell, boot will proceed normally from the point where it failed, as + if you'd chosen "ignore the error and continue". + </para> + + <para> If no login prompts or X11 login screens appear (e.g. due to hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start rescue mode (described above). (Also note that since most units have a diff --git a/nixpkgs/nixos/doc/manual/administration/imperative-containers.xml b/nixpkgs/nixos/doc/manual/administration/imperative-containers.xml index 7ded0c11786..435ed230f51 100644 --- a/nixpkgs/nixos/doc/manual/administration/imperative-containers.xml +++ b/nixpkgs/nixos/doc/manual/administration/imperative-containers.xml @@ -27,7 +27,7 @@ <screen> # nixos-container create foo --config ' <xref linkend="opt-services.openssh.enable"/> = true; - <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.users.root.openssh.authorizedKeys.keys</link> = ["ssh-dss AAAAB3N…"]; + <link linkend="opt-users.users._name_.openssh.authorizedKeys.keys">users.users.root.openssh.authorizedKeys.keys</link> = ["ssh-dss AAAAB3N…"]; ' </screen> By default the next free address in the <literal>10.233.0.0/16</literal> subnet will be chosen diff --git a/nixpkgs/nixos/doc/manual/configuration/configuration.xml b/nixpkgs/nixos/doc/manual/configuration/configuration.xml index 507d28814ea..6eb8f50baca 100644 --- a/nixpkgs/nixos/doc/manual/configuration/configuration.xml +++ b/nixpkgs/nixos/doc/manual/configuration/configuration.xml @@ -18,6 +18,7 @@ <xi:include href="user-mgmt.xml" /> <xi:include href="file-systems.xml" /> <xi:include href="x-windows.xml" /> + <xi:include href="gpu-accel.xml" /> <xi:include href="xfce.xml" /> <xi:include href="networking.xml" /> <xi:include href="linux-kernel.xml" /> diff --git a/nixpkgs/nixos/doc/manual/configuration/file-systems.xml b/nixpkgs/nixos/doc/manual/configuration/file-systems.xml index 3ac02a975eb..9747433375f 100644 --- a/nixpkgs/nixos/doc/manual/configuration/file-systems.xml +++ b/nixpkgs/nixos/doc/manual/configuration/file-systems.xml @@ -23,12 +23,12 @@ <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html">systemd-fstab-generator</link>. The filesystem will be mounted automatically unless <literal>"noauto"</literal> is present in <link - linkend="opt-fileSystems._name__.options">options</link>. + linkend="opt-fileSystems._name_.options">options</link>. <literal>"noauto"</literal> filesystems can be mounted explicitly using <command>systemctl</command> e.g. <command>systemctl start data.mount</command>. Mount points are created automatically if they don’t already exist. For - <option><link linkend="opt-fileSystems._name__.device">device</link></option>, + <option><link linkend="opt-fileSystems._name_.device">device</link></option>, it’s best to use the topology-independent device aliases in <filename>/dev/disk/by-label</filename> and <filename>/dev/disk/by-uuid</filename>, as these don’t change if the @@ -36,7 +36,7 @@ </para> <para> You can usually omit the file system type - (<option><link linkend="opt-fileSystems._name__.fsType">fsType</link></option>), + (<option><link linkend="opt-fileSystems._name_.fsType">fsType</link></option>), since <command>mount</command> can usually detect the type and load the necessary kernel module automatically. However, if the file system is needed at early boot (in the initial ramdisk) and is not <literal>ext2</literal>, @@ -49,7 +49,7 @@ System startup will fail if any of the filesystems fails to mount, dropping you to the emergency shell. You can make a mount asynchronous and non-critical by adding - <literal><link linkend="opt-fileSystems._name__.options">options</link> = [ + <literal><link linkend="opt-fileSystems._name_.options">options</link> = [ "nofail" ];</literal>. </para> </note> diff --git a/nixpkgs/nixos/doc/manual/configuration/gpu-accel.xml b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.xml new file mode 100644 index 00000000000..95ee13f4796 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.xml @@ -0,0 +1,263 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-gpu-accel"> + <title>GPU acceleration</title> + + <para> + NixOS provides various APIs that benefit from GPU hardware + acceleration, such as VA-API and VDPAU for video playback; OpenGL and + Vulkan for 3D graphics; and OpenCL for general-purpose computing. + This chapter describes how to set up GPU hardware acceleration (as far + as this is not done automatically) and how to verify that hardware + acceleration is indeed used. + </para> + + <para> + Most of the aforementioned APIs are agnostic with regards to which + display server is used. Consequently, these instructions should apply + both to the X Window System and Wayland compositors. + </para> + + <section xml:id="sec-gpu-accel-opencl"> + <title>OpenCL</title> + + <para> + <link xlink:href="https://en.wikipedia.org/wiki/OpenCL">OpenCL</link> is a + general compute API. It is used by various applications such as + Blender and Darktable to accelerate certain operations. + </para> + + <para> + OpenCL applications load drivers through the <emphasis>Installable Client + Driver</emphasis> (ICD) mechanism. In this mechanism, an ICD file + specifies the path to the OpenCL driver for a particular GPU family. + In NixOS, there are two ways to make ICD files visible to the ICD + loader. The first is through the <varname>OCL_ICD_VENDORS</varname> + environment variable. This variable can contain a directory which + is scanned by the ICL loader for ICD files. For example: + + <screen><prompt>$</prompt> export \ + OCL_ICD_VENDORS=`nix-build '<nixpkgs>' --no-out-link -A rocm-opencl-icd`/etc/OpenCL/vendors/</screen> + </para> + + <para> + The second mechanism is to add the OpenCL driver package to + <xref linkend="opt-hardware.opengl.extraPackages"/>. This links the + ICD file under <filename>/run/opengl-driver</filename>, where it will + be visible to the ICD loader. + </para> + + <para> + The proper installation of OpenCL drivers can be verified through + the <command>clinfo</command> command of the <package>clinfo</package> + package. This command will report the number of hardware devices + that is found and give detailed information for each device: + </para> + + <screen><prompt>$</prompt> clinfo | head -n3 +Number of platforms 1 +Platform Name AMD Accelerated Parallel Processing +Platform Vendor Advanced Micro Devices, Inc.</screen> + + <section xml:id="sec-gpu-accel-opencl-amd"> + <title>AMD</title> + + <para> + Modern AMD <link + xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics + Core Next</link> (GCN) GPUs are supported through the + <package>rocm-opencl-icd</package> package. Adding this package to + <xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL + support: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + rocm-opencl-icd +];</programlisting> + </para> + </section> + + <section xml:id="sec-gpu-accel-opencl-intel"> + <title>Intel</title> + + <para> + <link + xlink:href="https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8">Intel + Gen8 and later GPUs</link> are supported by the Intel NEO OpenCL + runtime that is provided by the + <package>intel-compute-runtime</package> package. For Gen7 GPUs, + the deprecated Beignet runtime can be used, which is provided + by the <package>beignet</package> package. The proprietary Intel + OpenCL runtime, in the <package>intel-ocl</package> package, is + an alternative for Gen7 GPUs. + </para> + + <para> + The <package>intel-compute-runtime</package>, <package>beignet</package>, + or <package>intel-ocl</package> package can be added to + <xref linkend="opt-hardware.opengl.extraPackages"/> to enable OpenCL + support. For example, for Gen8 and later GPUs, the following + configuration can be used: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + intel-compute-runtime +];</programlisting> + + </para> + </section> + </section> + + <section xml:id="sec-gpu-accel-vulkan"> + <title>Vulkan</title> + + <para> + <link xlink:href="https://en.wikipedia.org/wiki/Vulkan_(API)">Vulkan</link> is a + graphics and compute API for GPUs. It is used directly by games or indirectly though + compatibility layers like <link xlink:href="https://github.com/doitsujin/dxvk/wiki">DXVK</link>. + </para> + + <para> + By default, if <xref linkend="opt-hardware.opengl.driSupport"/> is enabled, + <package>mesa</package> is installed and provides Vulkan for supported hardware. + </para> + + <para> + Similar to OpenCL, Vulkan drivers are loaded through the <emphasis>Installable Client + Driver</emphasis> (ICD) mechanism. ICD files for Vulkan are JSON files that specify + the path to the driver library and the supported Vulkan version. All successfully + loaded drivers are exposed to the application as different GPUs. + In NixOS, there are two ways to make ICD files visible to Vulkan applications: an + environment variable and a module option. + </para> + + <para> + The first option is through the <varname>VK_ICD_FILENAMES</varname> + environment variable. This variable can contain multiple JSON files, separated by + <literal>:</literal>. For example: + + <screen><prompt>$</prompt> export \ + VK_ICD_FILENAMES=`nix-build '<nixpkgs>' --no-out-link -A amdvlk`/share/vulkan/icd.d/amd_icd64.json</screen> + </para> + + <para> + The second mechanism is to add the Vulkan driver package to + <xref linkend="opt-hardware.opengl.extraPackages"/>. This links the + ICD file under <filename>/run/opengl-driver</filename>, where it will + be visible to the ICD loader. + </para> + + <para> + The proper installation of Vulkan drivers can be verified through + the <command>vulkaninfo</command> command of the <package>vulkan-tools</package> + package. This command will report the hardware devices and drivers found, + in this example output amdvlk and radv: + </para> + + <screen><prompt>$</prompt> vulkaninfo | grep GPU + GPU id : 0 (Unknown AMD GPU) + GPU id : 1 (AMD RADV NAVI10 (LLVM 9.0.1)) + ... +GPU0: + deviceType = PHYSICAL_DEVICE_TYPE_DISCRETE_GPU + deviceName = Unknown AMD GPU +GPU1: + deviceType = PHYSICAL_DEVICE_TYPE_DISCRETE_GPU</screen> + + <para> + A simple graphical application that uses Vulkan is <command>vkcube</command> + from the <package>vulkan-tools</package> package. + </para> + + <section xml:id="sec-gpu-accel-vulkan-amd"> + <title>AMD</title> + + <para> + Modern AMD <link + xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics + Core Next</link> (GCN) GPUs are supported through either radv, which is + part of <package>mesa</package>, or the <package>amdvlk</package> package. + Adding the <package>amdvlk</package> package to + <xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers + available for applications and lets them choose. A specific driver can + be forced as follows: + + <programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [ + pkgs.<package>amdvlk</package> +]; + +# To enable Vulkan support for 32-bit applications, also add: +<xref linkend="opt-hardware.opengl.extraPackages32"/> = [ + pkgs.driversi686Linux.<package>amdvlk</package> +]; + +# For amdvlk +<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; +# For radv +<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; +</programlisting> + </para> + </section> + </section> + + <section xml:id="sec-gpu-accel-common-issues"> + <title>Common issues</title> + + <section xml:id="sec-gpu-accel-common-issues-permissions"> + <title>User permissions</title> + + <para> + Except where noted explicitly, it should not be necessary to + adjust user permissions to use these acceleration APIs. In the default + configuration, GPU devices have world-read/write permissions + (<filename>/dev/dri/renderD*</filename>) or are tagged as + <code>uaccess</code> (<filename>/dev/dri/card*</filename>). The + access control lists of devices with the <varname>uaccess</varname> + tag will be updated automatically when a user logs in through + <command>systemd-logind</command>. For example, if the user + <emphasis>jane</emphasis> is logged in, the access control list + should look as follows: + + <screen><prompt>$</prompt> getfacl /dev/dri/card0 +# file: dev/dri/card0 +# owner: root +# group: video +user::rw- +user:jane:rw- +group::rw- +mask::rw- +other::---</screen> + + If you disabled (this functionality of) <command>systemd-logind</command>, + you may need to add the user to the <code>video</code> group and + log in again. + </para> + </section> + + <section xml:id="sec-gpu-accel-common-issues-mixing-nixpkgs"> + <title>Mixing different versions of nixpkgs</title> + + <para> + The <emphasis>Installable Client Driver</emphasis> (ICD) + mechanism used by OpenCL and Vulkan loads runtimes into its address + space using <code>dlopen</code>. Mixing an ICD loader mechanism and + runtimes from different version of nixpkgs may not work. For example, + if the ICD loader uses an older version of <package>glibc</package> + than the runtime, the runtime may not be loadable due to + missing symbols. Unfortunately, the loader will generally be quiet + about such issues. + </para> + + <para> + If you suspect that you are running into library version mismatches + between an ICL loader and a runtime, you could run an application with + the <code>LD_DEBUG</code> variable set to get more diagnostic + information. For example, OpenCL can be tested with + <code>LD_DEBUG=files clinfo</code>, which should report missing + symbols. + </para> + </section> + </section> +</chapter> diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.xml b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.xml index 71ddf41491b..884becf0979 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.xml +++ b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.xml @@ -10,7 +10,7 @@ automatically configure network interfaces. However, you can configure an interface manually as follows: <programlisting> -<link linkend="opt-networking.interfaces._name__.ipv4.addresses">networking.interfaces.eth0.ipv4.addresses</link> = [ { +<link linkend="opt-networking.interfaces._name_.ipv4.addresses">networking.interfaces.eth0.ipv4.addresses</link> = [ { address = "192.168.1.2"; prefixLength = 24; } ]; diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.xml b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.xml index 675a5d9a260..7b89b4092be 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.xml +++ b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.xml @@ -26,7 +26,7 @@ As with IPv4 networking interfaces are automatically configured via DHCPv6. You can configure an interface manually: <programlisting> -<link linkend="opt-networking.interfaces._name__.ipv6.addresses">networking.interfaces.eth0.ipv6.addresses</link> = [ { +<link linkend="opt-networking.interfaces._name_.ipv6.addresses">networking.interfaces.eth0.ipv6.addresses</link> = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ]; diff --git a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml index d3007843d68..8a8168c095f 100644 --- a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml +++ b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.xml @@ -30,7 +30,7 @@ Enter passphrase for /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: *** <filename>/</filename>, add the following to <filename>configuration.nix</filename>: <programlisting> -<link linkend="opt-boot.initrd.luks.devices._name__.device">boot.initrd.luks.devices.crypted.device</link> = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; +<link linkend="opt-boot.initrd.luks.devices._name_.device">boot.initrd.luks.devices.crypted.device</link> = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; <xref linkend="opt-fileSystems"/>."/".device = "/dev/mapper/crypted"; </programlisting> Should grub be used as bootloader, and <filename>/boot</filename> is located @@ -60,13 +60,13 @@ Added to key to device /dev/sda2, slot: 2 To ensure that this file system is decrypted using the FIDO2 compatible key, add the following to <filename>configuration.nix</filename>: <programlisting> <link linkend="opt-boot.initrd.luks.fido2Support">boot.initrd.luks.fido2Support</link> = true; -<link linkend="opt-boot.initrd.luks.devices._name__.fido2.credential">boot.initrd.luks.devices."/dev/sda2".fido2.credential</link> = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; +<link linkend="opt-boot.initrd.luks.devices._name_.fido2.credential">boot.initrd.luks.devices."/dev/sda2".fido2.credential</link> = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; </programlisting> You can also use the FIDO2 passwordless setup, but for security reasons, you might want to enable it only when your device is PIN protected, such as <link xlink:href="https://trezor.io/">Trezor</link>. <programlisting> -<link linkend="opt-boot.initrd.luks.devices._name__.fido2.passwordLess">boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess</link> = true; +<link linkend="opt-boot.initrd.luks.devices._name_.fido2.passwordLess">boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess</link> = true; </programlisting> </para> </section> diff --git a/nixpkgs/nixos/doc/manual/configuration/network-manager.xml b/nixpkgs/nixos/doc/manual/configuration/network-manager.xml index 3953e0ffe85..94d229fd803 100644 --- a/nixpkgs/nixos/doc/manual/configuration/network-manager.xml +++ b/nixpkgs/nixos/doc/manual/configuration/network-manager.xml @@ -19,7 +19,7 @@ All users that should have permission to change network settings must belong to the <code>networkmanager</code> group: <programlisting> -<link linkend="opt-users.users._name__.extraGroups">users.users.alice.extraGroups</link> = [ "networkmanager" ]; +<link linkend="opt-users.users._name_.extraGroups">users.users.alice.extraGroups</link> = [ "networkmanager" ]; </programlisting> </para> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml index 395a5ec357c..bc801bb3dc5 100644 --- a/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml @@ -9,7 +9,6 @@ This profile just enables a <systemitem class="username">demo</systemitem> user, with password <literal>demo</literal>, uid <literal>1000</literal>, <systemitem class="groupname">wheel</systemitem> group and - <link linkend="opt-services.xserver.displayManager.sddm.autoLogin"> autologin - in the SDDM display manager</link>. + <link linkend="opt-services.xserver.displayManager.autoLogin">autologin in the SDDM display manager</link>. </para> </section> diff --git a/nixpkgs/nixos/doc/manual/configuration/ssh.xml b/nixpkgs/nixos/doc/manual/configuration/ssh.xml index a4af1b96583..95ad3edff93 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ssh.xml +++ b/nixpkgs/nixos/doc/manual/configuration/ssh.xml @@ -20,7 +20,7 @@ follows: <!-- FIXME: this might not work if the user is unmanaged. --> <programlisting> -<link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.users.alice.openssh.authorizedKeys.keys</link> = +<link linkend="opt-users.users._name_.openssh.authorizedKeys.keys">users.users.alice.openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; </programlisting> </para> diff --git a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.xml b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.xml index 4b1710f3a2b..68324cc85b5 100644 --- a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.xml @@ -11,11 +11,11 @@ that a user account named <literal>alice</literal> shall exist: <programlisting> <xref linkend="opt-users.users"/>.alice = { - <link linkend="opt-users.users._name__.isNormalUser">isNormalUser</link> = true; - <link linkend="opt-users.users._name__.home">home</link> = "/home/alice"; - <link linkend="opt-users.users._name__.description">description</link> = "Alice Foobar"; - <link linkend="opt-users.users._name__.extraGroups">extraGroups</link> = [ "wheel" "networkmanager" ]; - <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; + <link linkend="opt-users.users._name_.isNormalUser">isNormalUser</link> = true; + <link linkend="opt-users.users._name_.home">home</link> = "/home/alice"; + <link linkend="opt-users.users._name_.description">description</link> = "Alice Foobar"; + <link linkend="opt-users.users._name_.extraGroups">extraGroups</link> = [ "wheel" "networkmanager" ]; + <link linkend="opt-users.users._name_.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; </programlisting> Note that <literal>alice</literal> is a member of the @@ -36,7 +36,7 @@ account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. Passwords may still be assigned by setting the user's - <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link> + <link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link> option. A hashed password can be generated using <command>mkpasswd -m sha-512</command> after installing the <literal>mkpasswd</literal> package. </para> diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml index 110712baf5f..18f0be5e7f3 100644 --- a/nixpkgs/nixos/doc/manual/configuration/x-windows.xml +++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.xml @@ -90,10 +90,50 @@ using lightdm for a user <literal>alice</literal>: <programlisting> <xref linkend="opt-services.xserver.displayManager.lightdm.enable"/> = true; -<xref linkend="opt-services.xserver.displayManager.lightdm.autoLogin.enable"/> = true; -<xref linkend="opt-services.xserver.displayManager.lightdm.autoLogin.user"/> = "alice"; +<xref linkend="opt-services.xserver.displayManager.autoLogin.enable"/> = true; +<xref linkend="opt-services.xserver.displayManager.autoLogin.user"/> = "alice"; </programlisting> - The options are named identically for all other display managers. + </para> + </simplesect> + <simplesect xml:id="sec-x11--graphics-cards-intel"> + <title>Intel Graphics drivers</title> + <para> + There are two choices for Intel Graphics drivers in X.org: + <literal>modesetting</literal> (included in the <package>xorg-server</package> itself) + and <literal>intel</literal> (provided by the package <package>xf86-video-intel</package>). + </para> + <para> + The default and recommended is <literal>modesetting</literal>. + It is a generic driver which uses the kernel + <link xlink:href="https://en.wikipedia.org/wiki/Mode_setting">mode setting</link> + (KMS) mechanism. It supports Glamor (2D graphics acceleration via OpenGL) + and is actively maintained but may perform worse in some cases (like in old chipsets). + </para> + <para> + The second driver, <literal>intel</literal>, is specific to Intel GPUs, + but not recommended by most distributions: it lacks several modern features + (for example, it doesn't support Glamor) and the package hasn't been officially + updated since 2015. + </para> + <para> + The results vary depending on the hardware, so you may have to try both drivers. + Use the option <xref linkend="opt-services.xserver.videoDrivers"/> to set one. + The recommended configuration for modern systems is: +<programlisting> + <xref linkend="opt-services.xserver.videoDrivers"/> = [ "modesetting" ]; + <xref linkend="opt-services.xserver.useGlamor"/> = true; +</programlisting> + If you experience screen tearing no matter what, this configuration was + reported to resolve the issue: +<programlisting> + <xref linkend="opt-services.xserver.videoDrivers"/> = [ "intel" ]; + <xref linkend="opt-services.xserver.deviceSection"/> = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; +</programlisting> + Note that this will likely downgrade the performance compared to + <literal>modesetting</literal> or <literal>intel</literal> with DRI 3 (default). </para> </simplesect> <simplesect xml:id="sec-x11-graphics-cards-nvidia"> diff --git a/nixpkgs/nixos/doc/manual/development/freeform-modules.xml b/nixpkgs/nixos/doc/manual/development/freeform-modules.xml new file mode 100644 index 00000000000..257e6b11bf0 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/development/freeform-modules.xml @@ -0,0 +1,68 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-freeform-modules"> + <title>Freeform modules</title> + <para> + Freeform modules allow you to define values for option paths that have not been declared explicitly. This can be used to add attribute-specific types to what would otherwise have to be <literal>attrsOf</literal> options in order to accept all attribute names. + </para> + <para> + This feature can be enabled by using the attribute <literal>freeformType</literal> to define a freeform type. By doing this, all assignments without an associated option will be merged using the freeform type and combined into the resulting <literal>config</literal> set. Since this feature nullifies name checking for entire option trees, it is only recommended for use in submodules. + </para> + <example xml:id="ex-freeform-module"> + <title>Freeform submodule</title> + <para> + The following shows a submodule assigning a freeform type that allows arbitrary attributes with <literal>str</literal> values below <literal>settings</literal>, but also declares an option for the <literal>settings.port</literal> attribute to have it type-checked and assign a default value. See <xref linkend="ex-settings-typed-attrs"/> for a more complete example. + </para> + <programlisting> +{ lib, config, ... }: { + + options.settings = lib.mkOption { + type = lib.types.submodule { + + freeformType = with lib.types; attrsOf str; + + # We want this attribute to be checked for the correct type + options.port = lib.mkOption { + type = lib.types.port; + # Declaring the option also allows defining a default value + default = 8080; + }; + + }; + }; +} + </programlisting> + <para> + And the following shows what such a module then allows + </para> + <programlisting> +{ + # Not a declared option, but the freeform type allows this + settings.logLevel = "debug"; + + # Not allowed because the the freeform type only allows strings + # settings.enable = true; + + # Allowed because there is a port option declared + settings.port = 80; + + # Not allowed because the port option doesn't allow strings + # settings.port = "443"; +} + </programlisting> + </example> + <note> + <para> + Freeform attributes cannot depend on other attributes of the same set without infinite recursion: +<programlisting> +{ + # This throws infinite recursion encountered + settings.logLevel = lib.mkIf (config.settings.port == 80) "debug"; +} +</programlisting> + To prevent this, declare options for all attributes that need to depend on others. For above example this means to declare <literal>logLevel</literal> to be an option. + </para> + </note> +</section> diff --git a/nixpkgs/nixos/doc/manual/development/option-types.xml b/nixpkgs/nixos/doc/manual/development/option-types.xml index 957349ad181..5a6dae6e991 100644 --- a/nixpkgs/nixos/doc/manual/development/option-types.xml +++ b/nixpkgs/nixos/doc/manual/development/option-types.xml @@ -387,17 +387,6 @@ </varlistentry> <varlistentry> <term> - <varname>types.loaOf</varname> <replaceable>t</replaceable> - </term> - <listitem> - <para> - An attribute set or a list of <replaceable>t</replaceable> type. Multiple - definitions are merged according to the value. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> <varname>types.nullOr</varname> <replaceable>t</replaceable> </term> <listitem> diff --git a/nixpkgs/nixos/doc/manual/development/releases.xml b/nixpkgs/nixos/doc/manual/development/releases.xml index 8abc66dfec1..cd68a428a6f 100755 --- a/nixpkgs/nixos/doc/manual/development/releases.xml +++ b/nixpkgs/nixos/doc/manual/development/releases.xml @@ -8,24 +8,26 @@ <title>Release process</title> <para> - Going through an example of releasing NixOS 17.09: + Going through an example of releasing NixOS 19.09: </para> <section xml:id="one-month-before-the-beta"> <title>One month before the beta</title> - <itemizedlist spacing="compact"> + <itemizedlist> <listitem> <para> - Send an email to the nix-devel mailinglist as a warning about upcoming - beta "feature freeze" in a month. + Create an announcement on <link xlink:href="https://discourse.nixos.org">Discourse</link> as a warning about upcoming beta <quote>feature freeze</quote> in a month. <link xlink:href="https://discourse.nixos.org/t/nixos-19-09-feature-freeze/3707">See this post as an example</link>. </para> </listitem> <listitem> <para> - Discuss with Eelco Dolstra and the community (via IRC, ML) about what - will reach the deadline. Any issue or Pull Request targeting the release - should be included in the release milestone. + Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline. Any issue or Pull Request targeting the release should be included in the release milestone. + </para> + </listitem> + <listitem> + <para> + Remove attributes that we know we will not be able to support, especially if there is a stable alternative. E.g. Check that our Linux kernels’ <link xlink:href="https://www.kernel.org/category/releases.html">projected end-of-life</link> are after our release projected end-of-life. </para> </listitem> </itemizedlist> @@ -34,113 +36,113 @@ <section xml:id="at-beta-release-time"> <title>At beta release time</title> - <itemizedlist spacing="compact"> + <orderedlist> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/13559">Create - an issue for tracking Zero Hydra Failures progress. ZHF is an effort to - get build failures down to zero.</link> + From the master branch run: </para> +<programlisting> +git checkout -b release-19.09 +</programlisting> </listitem> <listitem> <para> - <literal>git tag -a -s -m "Release 17.09-beta" 17.09-beta - && git push origin 17.09-beta</literal> + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/10e61bf5be57736035ec7a804cb0bf3d083bf2cf#diff-9c798092bac0caeb5c52d509be0ca263R69">Bump the <literal>system.defaultChannel</literal> attribute in <literal>nixos/modules/misc/version.nix</literal></link> </para> </listitem> <listitem> <para> - From the master branch run <literal>git checkout -b - release-17.09</literal>. + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/10e61bf5be57736035ec7a804cb0bf3d083bf2cf#diff-831e8d9748240fb23e6734fdc2a6d16eR15">Update <literal>versionSuffix</literal> in <literal>nixos/release.nix</literal></link> </para> </listitem> + </orderedlist> + + <para> + To get the commit count, use the following command: + </para> + +<programlisting> +git rev-list --count release-19.09 +</programlisting> + + <orderedlist> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixos-org-configurations/pull/18"> - Make sure a channel is created at https://nixos.org/channels/. </link> + Edit changelog at <literal>nixos/doc/manual/release-notes/rl-1909.xml</literal>. </para> + <itemizedlist> + <listitem> + <para> + Get all new NixOS modules: + </para> +<programlisting> +git diff release-19.03..release-19.09 nixos/modules/module-list.nix | grep ^+ +</programlisting> + </listitem> + <listitem> + <para> + Note systemd, kernel, glibc, desktop environment, and Nix upgrades. + </para> + </listitem> + </itemizedlist> </listitem> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixpkgs/compare/bdf161ed8d21...6b63c4616790"> - Bump the <literal>system.defaultChannel</literal> attribute in - <literal>nixos/modules/misc/version.nix</literal> </link> + Tag the release: </para> +<programlisting> +git tag --annotate --message="Release 19.09-beta" 19.09-beta +git push upstream 19.09-beta +</programlisting> </listitem> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixpkgs/commit/d6b08acd1ccac0d9d502c4b635e00b04d3387f06"> - Update <literal>versionSuffix</literal> in - <literal>nixos/release.nix</literal></link>, use - <literal>git rev-list --count 17.09-beta</literal> - to get the commit count. + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-2bc0e46110b507d6d5a344264ef15adaR1">On the <literal>master</literal> branch, increment the <literal>.version</literal> file</link> </para> +<programlisting> +echo -n "20.03" > .version +</programlisting> </listitem> <listitem> <para> - <literal>echo -n "18.03" > .version</literal> on master. + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-03f3d41b68f62079c55001f1a1c55c1dR137">Update <literal>codeName</literal> in <literal>lib/trivial.nix</literal></link> This will be the name for the next release. </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixpkgs/commit/b8a4095003e27659092892a4708bb3698231a842"> - Pick a new name for the unstable branch. </link> + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/01268fda85b7eee4e462c873d8654f975067731f#diff-e7ee5ff686cdcc513ca089d6e5682587R11">Create a new release notes file for the upcoming release + 1</link>, in our case this is <literal>rl-2003.xml</literal>. </para> </listitem> <listitem> <para> - Create a new release notes file for the upcoming release + 1, in this - case <literal>rl-1803.xml</literal>. + Contact the infrastructure team to create the necessary Hydra Jobsets. </para> </listitem> <listitem> <para> - Create two Hydra jobsets: release-17.09 and release-17.09-small with - <literal>stableBranch</literal> set to false. + <link xlink:href="https://github.com/NixOS/nixos-org-configurations/blob/master/channels.nix">Create a channel at https://nixos.org/channels by creating a PR to nixos-org-configurations, changing <literal>channels.nix</literal></link> </para> </listitem> <listitem> <para> - Remove attributes that we know we will not be able to support, - especially if there is a stable alternative. E.g. Check that our - Linux kernels' - <link xlink:href="https://www.kernel.org/category/releases.html"> - projected end-of-life</link> are after our release projected - end-of-life + Get all Hydra jobsets for the release to have their first evaluation. </para> </listitem> <listitem> <para> - Edit changelog at - <literal>nixos/doc/manual/release-notes/rl-1709.xml</literal> (double - check desktop versions are noted) + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/13559">Create an issue for tracking Zero Hydra Failures progress. ZHF is an effort to get build failures down to zero.</link> </para> - <itemizedlist spacing="compact"> - <listitem> - <para> - Get all new NixOS modules <literal>git diff - release-17.03..release-17.09 nixos/modules/module-list.nix|grep - ^+</literal> - </para> - </listitem> - <listitem> - <para> - Note systemd, kernel, glibc and Nix upgrades. - </para> - </listitem> - </itemizedlist> </listitem> - </itemizedlist> + </orderedlist> </section> <section xml:id="during-beta"> <title>During Beta</title> - <itemizedlist spacing="compact"> + <itemizedlist> <listitem> <para> - Monitor the master branch for bugfixes and minor updates and cherry-pick - them to the release branch. + Monitor the master branch for bugfixes and minor updates and cherry-pick them to the release branch. </para> </listitem> </itemizedlist> @@ -149,7 +151,7 @@ <section xml:id="before-the-final-release"> <title>Before the final release</title> - <itemizedlist spacing="compact"> + <itemizedlist> <listitem> <para> Re-check that the release notes are complete. @@ -157,21 +159,17 @@ </listitem> <listitem> <para> - Release Nix (currently only Eelco Dolstra can do that). - <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix"> - Make sure fallback is updated. </link> + Release Nix (currently only Eelco Dolstra can do that). <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix">Make sure fallback is updated.</link> </para> </listitem> <listitem> <para> - <link xlink:href="https://github.com/NixOS/nixpkgs/commit/40fd9ae3ac8048758abdcfc7d28a78b5f22fe97e"> - Update README.md with new stable NixOS version information. </link> + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/40fd9ae3ac8048758abdcfc7d28a78b5f22fe97e">Update README.md with new stable NixOS version information.</link> </para> </listitem> <listitem> <para> - Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for - the channel to update. + Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for the channel to update. </para> </listitem> </itemizedlist> @@ -180,76 +178,143 @@ <section xml:id="at-final-release-time"> <title>At final release time</title> - <itemizedlist spacing="compact"> + <orderedlist> <listitem> <para> - <literal>git tag -s -a -m "Release 15.09" 15.09</literal> + Update <xref linkend="sec-upgrading" /> section of the manual to match new stable release version. </para> </listitem> <listitem> <para> - Update "Chapter 4. Upgrading NixOS" section of the manual to match - new stable release version. + Update <literal>rl-1909.xml</literal> with the release date. </para> </listitem> <listitem> <para> - Update the - <link xlink:href="https://github.com/NixOS/nixos-homepage/commit/2a37975d5a617ecdfca94696242b6f32ffcba9f1"><code>NIXOS_SERIES</code></link> - in the - <link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link> - repository. + Tag the final release </para> +<programlisting> +git tag --annotate --message="Release 19.09" 19.09 +git push upstream 19.09 +</programlisting> + </listitem> + <listitem> + <para> + Update <link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link> for the release. + </para> + <orderedlist> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/Makefile#L1">Update <literal>NIXOS_SERIES</literal> in the <literal>Makefile</literal></link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/nixos-release.tt#L1">Update <literal>nixos-release.tt</literal> with the new NixOS version</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixos-homepage/blob/47ac3571c4d71e841fd4e6c6e1872e762b9c4942/flake.nix#L10">Update the <literal>flake.nix</literal> input <literal>released-nixpkgs</literal> to 19.09</link>. + </para> + </listitem> + <listitem> + <para> + Run <literal>./update.sh</literal> (this updates flake.lock to updated channel). + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixos-homepage/blob/a5626c71c03a2dd69086564e56f1a230a2bb177a/logo/nixos-logo-19.09-loris-lores.png">Add a compressed version of the NixOS logo for 19.09</link>. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixos-homepage/commit/a5626c71c03a2dd69086564e56f1a230a2bb177a#diff-9cdc6434d3e4fd93a6e5bb0a531a7c71R5">Compose a news item for the website RSS feed</link>. + </para> + </listitem> + </orderedlist> </listitem> <listitem> <para> - Get number of commits for the release: <literal>git log - release-14.04..release-14.12 --format=%an|wc -l</literal> + Create a new topic on <link xlink:href="https://discourse.nixos.org/">the Discourse instance</link> to announce the release. </para> </listitem> + </orderedlist> + + <para> + You should include the following information: + </para> + + <itemizedlist> <listitem> <para> - Commits by contributor: <literal>git log release-14.04..release-14.12 - --format=%an|sort|uniq -c|sort -rn</literal> + Number of commits for the release: </para> +<programlisting> +bash git log release-19.03..release-19.09 --format=%an | wc -l +</programlisting> </listitem> <listitem> <para> - Create a new topic on <link xlink:href="https://discourse.nixos.org/">the - Discourse instance</link> to announce the release with the above information. - Best to check how previous email was formulated to see what needs to be - included. + Commits by contributor: </para> +<programlisting> +git shortlog --summary --numbered release-19.03..release-19.09 +</programlisting> </listitem> </itemizedlist> + + <para> + Best to check how the previous post was formulated to see what needs to be included. + </para> </section> </section> - <section xml:id="release-managers"> + <section xml:id="release-management-team"> <title>Release Management Team</title> + <para> - For each release there are two release managers. After each release the - release manager having managed two releases steps down and the release - management team of the last release appoints a new release manager. + For each release there are two release managers. After each release the release manager having managed two releases steps down and the release management team of the last release appoints a new release manager. </para> + <para> - This makes sure a release management team always consists of one release - manager who already has managed one release and one release manager being - introduced to their role, making it easier to pass on knowledge and - experience. + This makes sure a release management team always consists of one release manager who already has managed one release and one release manager being introduced to their role, making it easier to pass on knowledge and experience. </para> + <para> - Release managers for the current NixOS release are tracked by GitHub team - <link xlink:href="https://github.com/orgs/NixOS/teams/nixos-release-managers/members"><literal>@NixOS/nixos-release-managers</literal></link>. + Release managers for the current NixOS release are tracked by GitHub team <link xlink:href="https://github.com/orgs/NixOS/teams/nixos-release-managers/members"><literal>@NixOS/nixos-release-managers</literal></link>. </para> + <para> - A release manager's role and responsibilities are: + A release manager’s role and responsibilities are: </para> + <itemizedlist> - <listitem><para>manage the release process</para></listitem> - <listitem><para>start discussions about features and changes for a given release</para></listitem> - <listitem><para>create a roadmap</para></listitem> - <listitem><para>release in cooperation with Eelco Dolstra</para></listitem> - <listitem><para>decide which bug fixes, features, etc... get backported after a release</para></listitem> + <listitem> + <para> + manage the release process + </para> + </listitem> + <listitem> + <para> + start discussions about features and changes for a given release + </para> + </listitem> + <listitem> + <para> + create a roadmap + </para> + </listitem> + <listitem> + <para> + release in cooperation with Eelco Dolstra + </para> + </listitem> + <listitem> + <para> + decide which bug fixes, features, etc… get backported after a release + </para> + </listitem> </itemizedlist> </section> <section xml:id="release-schedule"> diff --git a/nixpkgs/nixos/doc/manual/development/running-nixos-tests-interactively.xml b/nixpkgs/nixos/doc/manual/development/running-nixos-tests-interactively.xml index 31216874c70..a11a9382764 100644 --- a/nixpkgs/nixos/doc/manual/development/running-nixos-tests-interactively.xml +++ b/nixpkgs/nixos/doc/manual/development/running-nixos-tests-interactively.xml @@ -38,7 +38,12 @@ starting VDE switch for network 1 </para> <para> - The machine state is kept across VM restarts in - <filename>/tmp/vm-state-</filename><varname>machinename</varname>. + You can re-use the VM states coming from a previous run + by setting the <command>--keep-vm-state</command> flag. +<screen> +<prompt>$ </prompt>./result/bin/nixos-run-vms --keep-vm-state +</screen> + The machine state is stored in the + <filename>$TMPDIR/vm-state-</filename><varname>machinename</varname> directory. </para> </section> diff --git a/nixpkgs/nixos/doc/manual/development/settings-options.xml b/nixpkgs/nixos/doc/manual/development/settings-options.xml new file mode 100644 index 00000000000..c99c3af92f8 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/development/settings-options.xml @@ -0,0 +1,216 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-settings-options"> + <title>Options for Program Settings</title> + + <para> + Many programs have configuration files where program-specific settings can be declared. File formats can be separated into two categories: + <itemizedlist> + <listitem> + <para> + Nix-representable ones: These can trivially be mapped to a subset of Nix syntax. E.g. JSON is an example, since its values like <literal>{"foo":{"bar":10}}</literal> can be mapped directly to Nix: <literal>{ foo = { bar = 10; }; }</literal>. Other examples are INI, YAML and TOML. The following section explains the convention for these settings. + </para> + </listitem> + <listitem> + <para> + Non-nix-representable ones: These can't be trivially mapped to a subset of Nix syntax. Most generic programming languages are in this group, e.g. bash, since the statement <literal>if true; then echo hi; fi</literal> doesn't have a trivial representation in Nix. + </para> + <para> + Currently there are no fixed conventions for these, but it is common to have a <literal>configFile</literal> option for setting the configuration file path directly. The default value of <literal>configFile</literal> can be an auto-generated file, with convenient options for controlling the contents. For example an option of type <literal>attrsOf str</literal> can be used for representing environment variables which generates a section like <literal>export FOO="foo"</literal>. Often it can also be useful to also include an <literal>extraConfig</literal> option of type <literal>lines</literal> to allow arbitrary text after the autogenerated part of the file. + </para> + </listitem> + </itemizedlist> + </para> + <section xml:id="sec-settings-nix-representable"> + <title>Nix-representable Formats (JSON, YAML, TOML, INI, ...)</title> + <para> + By convention, formats like this are handled with a generic <literal>settings</literal> option, representing the full program configuration as a Nix value. The type of this option should represent the format. The most common formats have a predefined type and string generator already declared under <literal>pkgs.formats</literal>: + <variablelist> + <varlistentry> + <term> + <varname>pkgs.formats.json</varname> { } + </term> + <listitem> + <para> + A function taking an empty attribute set (for future extensibility) and returning a set with JSON-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <varname>pkgs.formats.yaml</varname> { } + </term> + <listitem> + <para> + A function taking an empty attribute set (for future extensibility) and returning a set with YAML-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <varname>pkgs.formats.ini</varname> { <replaceable>listsAsDuplicateKeys</replaceable> ? false, ... } + </term> + <listitem> + <para> + A function taking an attribute set with values + <variablelist> + <varlistentry> + <term> + <varname>listsAsDuplicateKeys</varname> + </term> + <listitem> + <para> + A boolean for controlling whether list values can be used to represent duplicate INI keys + </para> + </listitem> + </varlistentry> + </variablelist> + It returns a set with INI-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <varname>pkgs.formats.toml</varname> { } + </term> + <listitem> + <para> + A function taking an empty attribute set (for future extensibility) and returning a set with TOML-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>. + </para> + </listitem> + </varlistentry> + </variablelist> + + </para> + <para xml:id="pkgs-formats-result"> + These functions all return an attribute set with these values: + <variablelist> + <varlistentry> + <term> + <varname>type</varname> + </term> + <listitem> + <para> + A module system type representing a value of the format + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <varname>generate</varname> <replaceable>filename</replaceable> <replaceable>jsonValue</replaceable> + </term> + <listitem> + <para> + A function that can render a value of the format to a file. Returns a file path. + <note> + <para> + This function puts the value contents in the Nix store. So this should be avoided for secrets. + </para> + </note> + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + <example xml:id="ex-settings-nix-representable"> + <title>Module with conventional <literal>settings</literal> option</title> + <para> + The following shows a module for an example program that uses a JSON configuration file. It demonstrates how above values can be used, along with some other related best practices. See the comments for explanations. + </para> +<programlisting> +{ options, config, lib, pkgs, ... }: +let + cfg = config.services.foo; + # Define the settings format used for this program + settingsFormat = pkgs.formats.json {}; +in { + + options.services.foo = { + enable = lib.mkEnableOption "foo service"; + + settings = lib.mkOption { + # Setting this type allows for correct merging behavior + type = settingsFormat.type; + default = {}; + description = '' + Configuration for foo, see + <link xlink:href="https://example.com/docs/foo"/> + for supported settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + # We can assign some default settings here to make the service work by just + # enabling it. We use `mkDefault` for values that can be changed without + # problems + services.foo.settings = { + # Fails at runtime without any value set + log_level = lib.mkDefault "WARN"; + + # We assume systemd's `StateDirectory` is used, so we require this value, + # therefore no mkDefault + data_path = "/var/lib/foo"; + + # Since we use this to create a user we need to know the default value at + # eval time + user = lib.mkDefault "foo"; + }; + + environment.etc."foo.json".source = + # The formats generator function takes a filename and the Nix value + # representing the format value and produces a filepath with that value + # rendered in the format + settingsFormat.generate "foo-config.json" cfg.settings; + + # We know that the `user` attribute exists because we set a default value + # for it above, allowing us to use it without worries here + users.users.${cfg.settings.user} = {}; + + # ... + }; +} +</programlisting> + </example> + <section xml:id="sec-settings-attrs-options"> + <title>Option declarations for attributes</title> + <para> + Some <literal>settings</literal> attributes may deserve some extra care. They may need a different type, default or merging behavior, or they are essential options that should show their documentation in the manual. This can be done using <xref linkend='sec-freeform-modules'/>. + <example xml:id="ex-settings-typed-attrs"> + <title>Declaring a type-checked <literal>settings</literal> attribute</title> + <para> + We extend above example using freeform modules to declare an option for the port, which will enforce it to be a valid integer and make it show up in the manual. + </para> +<programlisting> +settings = lib.mkOption { + type = lib.types.submodule { + + freeformType = settingsFormat.type; + + # Declare an option for the port such that the type is checked and this option + # is shown in the manual. + options.port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = '' + Which port this service should listen on. + ''; + }; + + }; + default = {}; + description = '' + Configuration for Foo, see + <link xlink:href="https://example.com/docs/foo"/> + for supported values. + ''; +}; +</programlisting> + </example> + </para> + </section> + </section> + +</section> diff --git a/nixpkgs/nixos/doc/manual/development/writing-modules.xml b/nixpkgs/nixos/doc/manual/development/writing-modules.xml index bbf793bb0be..d244356dbed 100644 --- a/nixpkgs/nixos/doc/manual/development/writing-modules.xml +++ b/nixpkgs/nixos/doc/manual/development/writing-modules.xml @@ -183,4 +183,6 @@ in { <xi:include href="meta-attributes.xml" /> <xi:include href="importing-modules.xml" /> <xi:include href="replace-modules.xml" /> + <xi:include href="freeform-modules.xml" /> + <xi:include href="settings-options.xml" /> </chapter> diff --git a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml index 150bea8c2d8..74ab23605b3 100644 --- a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml +++ b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.xml @@ -216,12 +216,12 @@ start_all() </varlistentry> <varlistentry> <term> - <methodname>send_keys</methodname> + <methodname>send_key</methodname> </term> <listitem> <para> Simulate pressing keys on the virtual keyboard, e.g., - <literal>send_keys("ctrl-alt-delete")</literal>. + <literal>send_key("ctrl-alt-delete")</literal>. </para> </listitem> </varlistentry> @@ -232,7 +232,7 @@ start_all() <listitem> <para> Simulate typing a sequence of characters on the virtual keyboard, e.g., - <literal>send_keys("foobar\n")</literal> will type the string + <literal>send_chars("foobar\n")</literal> will type the string <literal>foobar</literal> followed by the Enter key. </para> </listitem> @@ -362,6 +362,18 @@ start_all() </varlistentry> <varlistentry> <term> + <methodname>wait_for_console_text</methodname> + </term> + <listitem> + <para> + Wait until the supplied regular expressions match a line of the serial + console output. This method is useful when OCR is not possibile or + accurate enough. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <methodname>wait_for_window</methodname> </term> <listitem> @@ -378,7 +390,7 @@ start_all() <listitem> <para> Copies a file from host to machine, e.g., - <literal>copy_file_from_host("myfile", "/etc/my/important/file")</literal>. + <literal>copy_from_host("myfile", "/etc/my/important/file")</literal>. </para> <para> The first argument is the file on the host. The file needs to be diff --git a/nixpkgs/nixos/doc/manual/installation/changing-config.xml b/nixpkgs/nixos/doc/manual/installation/changing-config.xml index 48193d986ab..4288806d5eb 100644 --- a/nixpkgs/nixos/doc/manual/installation/changing-config.xml +++ b/nixpkgs/nixos/doc/manual/installation/changing-config.xml @@ -78,7 +78,7 @@ <literal>mutableUsers = false</literal>. Another way is to temporarily add the following to your configuration: <screen> -<link linkend="opt-users.users._name__.initialHashedPassword">users.users.your-user.initialHashedPassword</link> = "test"; +<link linkend="opt-users.users._name_.initialHashedPassword">users.users.your-user.initialHashedPassword</link> = "test"; </screen> <emphasis>Important:</emphasis> delete the $hostname.qcow2 file if you have started the virtual machine at least once without the right users, otherwise diff --git a/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.xml index 8ed45899fd7..d2d1245c57a 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -89,7 +89,7 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen> NixOS partition. They are installed by default on NixOS, but you don't have NixOS yet.. </para> -<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen> +<screen><prompt>$ </prompt>nix-env -f '<nixpkgs/nixos>' --arg configuration {} -iA config.system.build.{nixos-generate-config,nixos-install,nixos-enter,manual.manpages}</screen> </listitem> <listitem> <note> @@ -211,7 +211,7 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen> use <literal>sudo</literal>) </para> <programlisting> -<link linkend="opt-users.users._name__.initialHashedPassword">users.users.root.initialHashedPassword</link> = ""; +<link linkend="opt-users.users._name_.initialHashedPassword">users.users.root.initialHashedPassword</link> = ""; </programlisting> </listitem> <listitem> diff --git a/nixpkgs/nixos/doc/manual/installation/installing-pxe.xml b/nixpkgs/nixos/doc/manual/installation/installing-pxe.xml index 94199e5e028..ea88fbdad7e 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-pxe.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing-pxe.xml @@ -16,7 +16,7 @@ </para> <programlisting> -nix-build -A netboot nixos/release.nix +nix-build -A netboot.x86_64-linux nixos/release.nix </programlisting> <para> diff --git a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml index 0ba909fa953..1cffeed4807 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.xml @@ -49,7 +49,7 @@ </listitem> <listitem> <para> - Click on Settings / Display / Screen and select VBoxVGA as Graphics Controller + Click on Settings / Display / Screen and select VMSVGA as Graphics Controller </para> </listitem> <listitem> diff --git a/nixpkgs/nixos/doc/manual/installation/installing.xml b/nixpkgs/nixos/doc/manual/installation/installing.xml index 673df8f2e4c..6df1d830348 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing.xml @@ -42,7 +42,7 @@ </para> <para> - If the text is too small to be legible, try <command>setfont ter-132n</command> + If the text is too small to be legible, try <command>setfont ter-v32n</command> to increase the font size. </para> @@ -70,9 +70,13 @@ <para> If you would like to continue the installation from a different machine you - need to activate the SSH daemon via <command>systemctl start - sshd</command>. You then must set a password for either <literal>root</literal> or - <literal>nixos</literal> with <command>passwd</command> to be able to login. + can use activated SSH daemon. You need to copy your ssh key to either + <literal>/home/nixos/.ssh/authorized_keys</literal> or + <literal>/root/.ssh/authorized_keys</literal> (Tip: For installers with a + modifiable filesystem such as the sd-card installer image a key can be manually + placed by mounting the image on a different machine). Alternatively you must set + a password for either <literal>root</literal> or <literal>nixos</literal> with + <command>passwd</command> to be able to login. </para> </section> </section> @@ -146,7 +150,7 @@ partition. It uses the initially reserved 512MiB at the start of the disk. <screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB -<prompt># </prompt>parted /dev/sda -- set 3 boot on</screen> +<prompt># </prompt>parted /dev/sda -- set 3 esp on</screen> </para> </listitem> </orderedlist> @@ -513,7 +517,7 @@ Retype new UNIX password: ***</screen> <prompt># </prompt>parted /dev/sda -- mkpart primary 512MiB -8GiB <prompt># </prompt>parted /dev/sda -- mkpart primary linux-swap -8GiB 100% <prompt># </prompt>parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB -<prompt># </prompt>parted /dev/sda -- set 3 boot on</screen> +<prompt># </prompt>parted /dev/sda -- set 3 esp on</screen> </example> <example xml:id="ex-install-sequence"> @@ -550,7 +554,7 @@ Retype new UNIX password: ***</screen> # Note: setting fileSystems is generally not # necessary, since nixos-generate-config figures them out # automatically in hardware-configuration.nix. - #<link linkend="opt-fileSystems._name__.device">fileSystems."/".device</link> = "/dev/disk/by-label/nixos"; + #<link linkend="opt-fileSystems._name_.device">fileSystems."/".device</link> = "/dev/disk/by-label/nixos"; # Enable the OpenSSH server. services.sshd.enable = true; diff --git a/nixpkgs/nixos/doc/manual/man-nixos-build-vms.xml b/nixpkgs/nixos/doc/manual/man-nixos-build-vms.xml index d114261f53b..fa7c8c0c6d7 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-build-vms.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-build-vms.xml @@ -13,15 +13,15 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-build-vms</command> + <command>nixos-build-vms</command> <arg> <option>--show-trace</option> </arg> - + <arg> <option>--no-out-link</option> </arg> - + <arg> <option>--help</option> </arg> diff --git a/nixpkgs/nixos/doc/manual/man-nixos-enter.xml b/nixpkgs/nixos/doc/manual/man-nixos-enter.xml index fe560d3efdd..f533d66099d 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-enter.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-enter.xml @@ -13,21 +13,21 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-enter</command> + <command>nixos-enter</command> <arg> <arg choice='plain'> <option>--root</option> </arg> <replaceable>root</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--system</option> </arg> <replaceable>system</replaceable> </arg> - + <arg> <arg choice='plain'> <option>-c</option> @@ -40,13 +40,13 @@ <option>--silent</option> </arg> </arg> - + <arg> <arg choice='plain'> <option>--help</option> </arg> </arg> - + <arg> <arg choice='plain'> <option>--</option> @@ -136,7 +136,7 @@ <filename>/mnt</filename>: </para> <screen> -# nixos-enter /mnt +# nixos-enter --root /mnt </screen> <para> Run a shell command: diff --git a/nixpkgs/nixos/doc/manual/man-nixos-install.xml b/nixpkgs/nixos/doc/manual/man-nixos-install.xml index 84849282e9a..b205e230968 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-install.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-install.xml @@ -46,6 +46,10 @@ </arg> <arg> + <option>--flake</option> <replaceable>flake-uri</replaceable> + </arg> + + <arg> <arg choice='plain'> <option>--channel</option> </arg> @@ -200,6 +204,18 @@ </listitem> </varlistentry> <varlistentry> + <term> + <option>--flake</option> <replaceable>flake-uri</replaceable>#<replaceable>name</replaceable> + </term> + <listitem> + <para> + Build the NixOS system from the specified flake. + The flake must contain an output named + <literal>nixosConfigurations.<replaceable>name</replaceable></literal>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term> <option>--channel</option> </term> diff --git a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml index f4f663b84f0..7dab5c69dfb 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml @@ -315,7 +315,7 @@ switch</command>), because the hardware and boot loader configuration in the VM are different. The boot loader is installed on an automatically generated virtual disk containing a <filename>/boot</filename> - partition, which is mounted read-only in the VM. + partition. </para> </listitem> </varlistentry> @@ -521,7 +521,7 @@ <varlistentry> <term> - <option>--flake</option> <replaceable>flake-uri</replaceable>[<replaceable>name</replaceable>] + <option>--flake</option> <replaceable>flake-uri</replaceable><optional>#<replaceable>name</replaceable></optional> </term> <listitem> <para> diff --git a/nixpkgs/nixos/doc/manual/release-notes/release-notes.xml b/nixpkgs/nixos/doc/manual/release-notes/release-notes.xml index e2913b8a535..bf18457c2b3 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/release-notes.xml @@ -8,6 +8,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. </para> + <xi:include href="rl-2103.xml" /> <xi:include href="rl-2009.xml" /> <xi:include href="rl-2003.xml" /> <xi:include href="rl-1909.xml" /> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml index 393a9286ca4..87f12285619 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2003.xml @@ -792,11 +792,11 @@ users.users.me = The <option>services.xserver.displayManager.auto</option> module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it's actually LightDM. - Please use the <xref linkend="opt-services.xserver.displayManager.lightdm.autoLogin"/> options instead, + Please use the <option>services.xserver.displayManager.lightdm.autoLogin</option> options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like: <programlisting> -<link xlink:href="#opt-security.pam.services._name__.text">security.pam.services.lightdm-autologin.text</link> = lib.mkForce '' +<link xlink:href="#opt-security.pam.services._name_.text">security.pam.services.lightdm-autologin.text</link> = lib.mkForce '' auth requisite pam_nologin.so auth required pam_succeed_if.so quiet auth required pam_permit.so diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml index e17e8ac24d1..0f5df907d88 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml @@ -28,6 +28,12 @@ </listitem> <listitem> <para> + Quickly configure a complete, private, self-hosted video + conferencing solution with the new Jitsi Meet module. + </para> + </listitem> + <listitem> + <para> <package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module. Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module. </para> @@ -44,6 +50,16 @@ </listitem> <listitem> <para> + PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release. + </para> + </listitem> + <listitem> + <para> + Python 3 now defaults to Python 3.8 instead of 3.7. + </para> + </listitem> + <listitem> + <para> Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link> and <link linkend="opt-services.openssh.authorizedKeysCommandUser">authorizedKeysCommandUser</link>, have been added to the <literal>openssh</literal> module. If you have <literal>AuthorizedKeysCommand</literal> @@ -89,6 +105,121 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' When MariaDB data directory is just upgraded (not initialized), the users are not created or modified. </para> </listitem> + <listitem> + <para> + MySQL server is now started with additional systemd sandbox/hardening options for better security. The PrivateTmp, ProtectHome, and ProtectSystem options + may be problematic when MySQL is attempting to read from or write to your filesystem anywhere outside of its own state directory, for example when + calling <literal>LOAD DATA INFILE or SELECT * INTO OUTFILE</literal>. In this scenario a variant of the following may be required: + - allow MySQL to read from /home and /tmp directories when using <literal>LOAD DATA INFILE</literal> +<programlisting> +systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only"; +</programlisting> + - allow MySQL to write to custom folder <literal>/var/data</literal> when using <literal>SELECT * INTO OUTFILE</literal>, assuming the mysql user has write + access to <literal>/var/data</literal> +<programlisting> +systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ]; +</programlisting> + </para> + <para> + The MySQL service no longer runs its <literal>systemd</literal> service startup script as <literal>root</literal> anymore. A dedicated non <literal>root</literal> + super user account is required for operation. This means users with an existing MySQL or MariaDB database server are required to run the following SQL statements + as a super admin user before upgrading: +<programlisting> +CREATE USER IF NOT EXISTS 'mysql'@'localhost' identified with unix_socket; +GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; +</programlisting> + If you use MySQL instead of MariaDB please replace <literal>unix_socket</literal> with <literal>auth_socket</literal>. If you have changed the value of <xref linkend="opt-services.mysql.user"/> + from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead. + </para> + </listitem> + <listitem> + <para> + The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link> + has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities + like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of + the NixOS configuration: since this can be expensive when a large number of packages are installed, the + feature is disabled by default. + </para> + </listitem> + <listitem> + <para> + <varname>services.postfix.sslCACert</varname> was replaced by <varname>services.postfix.tlsTrustedAuthorities</varname> which now defaults to system certificate authorities. + </para> + </listitem> + <listitem> + <para> + Subordinate GID and UID mappings are now set up automatically for all normal users. + This will make container tools like Podman work as non-root users out of the box. + </para> + </listitem> + <listitem> + <para> + The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds. + </para> + </listitem> + <listitem> + <para> + Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project. + </para> + </listitem> + <listitem> + <para> + Zabbix now defaults to 5.0, updated from 4.4. Please carefully read through + <link xlink:href="https://www.zabbix.com/documentation/current/manual/installation/upgrade/sources">the upgrade guide</link> + and apply any changes required. Be sure to take special note of the section on + <link xlink:href="https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500#enabling_extended_range_of_numeric_float_values">enabling extended range of numeric (float) values</link> + as you will need to apply this database migration manually. + </para> + <para> + If you are using Zabbix Server with a MySQL or MariaDB database you should note that using a character set of <literal>utf8</literal> and a collate of <literal>utf8_bin</literal> has become mandatory with + this release. See the upstream <link xlink:href="https://support.zabbix.com/browse/ZBX-17357">issue</link> for further discussion. Before upgrading you should check the character set and collation used by + your database and ensure they are correct: +<programlisting> + SELECT + default_character_set_name, + default_collation_name + FROM + information_schema.schemata + WHERE + schema_name = 'zabbix'; +</programlisting> + If these values are not correct you should take a backup of your database and convert the character set and collation as required. Here is an + <link xlink:href="https://www.zabbix.com/forum/zabbix-help/396573-reinstall-after-upgrade?p=396891#post396891">example</link> of how to do so, taken from + the Zabbix forums: +<programlisting> + ALTER DATABASE `zabbix` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; + + -- the following will produce a list of SQL commands you should subsequently execute + SELECT CONCAT("ALTER TABLE ", TABLE_NAME," CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;") AS ExecuteTheString + FROM information_schema.`COLUMNS` + WHERE table_schema = "zabbix" AND COLLATION_NAME = "utf8_general_ci"; +</programlisting> + </para> + </listitem> + <listitem> + <para> + The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them. + </para> + </listitem> + <listitem> + <para> + The GRUB module gained support for basic password protection, which + allows to restrict non-default entries in the boot menu to one or more + users. The users and passwords are defined via the option + <option>boot.loader.grub.users</option>. + Note: Password support is only avaiable in GRUB version 2. + </para> + </listitem> + <listitem> + <para> + Following its deprecation in 20.03, the Perl NixOS test driver has been removed. + All remaining tests have been ported to the Python test framework. + Code outside nixpkgs using <filename>make-test.nix</filename> or + <filename>testing.nix</filename> needs to be ported to + <filename>make-test-python.nix</filename> and + <filename>testing-python.nix</filename> respectively. + </para> + </listitem> </itemizedlist> </section> @@ -108,6 +239,11 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' <para> There is a new <xref linkend="opt-security.doas.enable"/> module that provides <command>doas</command>, a lighter alternative to <command>sudo</command> with many of the same features. </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://hercules-ci.com">Hercules CI</link> Agent is a specialized build agent for projects built with Nix. See the <link xlink:href="https://nixos.org/nixos/options.html#services.hercules-ci-agent">options</link> and <link xlink:href="https://docs.hercules-ci.com/hercules-ci/getting-started/#deploy-agent">setup</link>. + </para> </listitem> </itemizedlist> @@ -132,12 +268,10 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' in the source tree for downloaded modules instead of using go's <link xlink:href="https://golang.org/cmd/go/#hdr-Module_proxy_protocol">module proxy protocol</link>. This storage format is simpler and therefore less - likekly to break with future versions of go. As a result + likely to break with future versions of go. As a result <literal>buildGoModule</literal> switched from <literal>modSha256</literal> to the <literal>vendorSha256</literal> - attribute to pin fetched version data. <literal>buildGoModule</literal> - still accepts <literal>modSha256</literal> with a warning, but support will - be removed in the next release. + attribute to pin fetched version data. </para> </listitem> <listitem> @@ -146,7 +280,7 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' <link xlink:href="https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/">deprecated in Grafana</link> and the <package>phantomjs</package> project is <link xlink:href="https://github.com/ariya/phantomjs/issues/15344#issue-302015362">currently unmaintained</link>. - It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instanciation: + It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation: <programlisting>{ services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec { phantomJsSupport = false; @@ -158,7 +292,7 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' <para> The <link linkend="opt-services.supybot.enable">supybot</link> module now uses <literal>/var/lib/supybot</literal> as its default <link linkend="opt-services.supybot.stateDir">stateDir</link> path if <literal>stateVersion</literal> - is 20.09 or higher. It also enables number of + is 20.09 or higher. It also enables a number of <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing">systemd sandboxing options</link> which may possibly interfere with some plugins. If this is the case you can disable the options through attributes in <option>systemd.services.supybot.serviceConfig</option>. @@ -178,6 +312,12 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' </listitem> <listitem> <para> + <literal>vmware</literal> has been removed from the <literal>services.x11.videoDrivers</literal> defaults. + For VMWare guests set <literal>virtualisation.vmware.guest.enable</literal> to <literal>true</literal> which will include the appropriate drivers. + </para> + </listitem> + <listitem> + <para> The initrd SSH support now uses OpenSSH rather than Dropbear to allow the use of Ed25519 keys and other OpenSSH-specific functionality. Host keys must now be in the OpenSSH format, and at @@ -261,6 +401,20 @@ php.override { </para> </listitem> <listitem> + <para> + The ACME module has been overhauled for simplicity and maintainability. + Cert generation now implicitly uses the <literal>acme</literal> + user, and the <literal>security.acme.certs._name_.user</literal> option + has been removed. Instead, certificate access from other services is now + managed through group permissions. The module no longer runs lego + twice under certain conditions, and will correctly renew certificates if + their configuration is changed. Services which reload nginx and httpd after + certificate renewal are now properly configured too so you no longer have + to do this manually if you are using HTTPS enabled virtual hosts. A mechanism + for regenerating certs on demand has also been added and documented. + </para> + </listitem> + <listitem> <para> Gollum received a major update to version 5.x and you may have to change some links in your wiki when migrating from gollum 4.x. More information @@ -279,8 +433,8 @@ php.override { </listitem> <listitem> <para> - Add option <literal>services.nginx.enableSandbox</literal> to starting Nginx web server with additional sandbox/hardening options. - By default, write access to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders, + Nginx web server now starting with additional sandbox/hardening options. By default, write access + to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders, use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal> <programlisting> systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; @@ -441,6 +595,239 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; recommended to only use lower-case characters. </para> </listitem> + <listitem> + <para> + The GRUB specific option <option>boot.loader.grub.extraInitrd</option> + has been replaced with the generic option + <option>boot.initrd.secrets</option>. This option creates a secondary + initrd from the specified files, rather than using a manually created + initrd file. + + Due to an existing bug with <option>boot.loader.grub.extraInitrd</option>, + it is not possible to directly boot an older generation that used that + option. It is still possible to rollback to that generation if the required + initrd file has not been deleted. + </para> + </listitem> + <listitem> + <para> + The <link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link> + package and NixOS module have been removed from Nixpkgs as the software is + unmaintained and can't be built. For more information see issue + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>. + </para> + </listitem> + <listitem> + <para> + In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>. + </para> + </listitem> + <listitem> + <para> + Users of <link xlink:href="http://openafs.org">OpenAFS 1.6</link> must + upgrade their services to OpenAFS 1.8! In this release, the OpenAFS package + version 1.6.24 is marked broken but can be used during transition to + OpenAFS 1.8.x. Use the options + <option>services.openafsClient.packages.module</option>, + <option>services.openafsClient.packages.programs</option> and + <option>services.openafsServer.package</option> to select a different + OpenAFS package. OpenAFS 1.6 will be removed in the next release. The + package <literal>openafs</literal> and the service options will then + silently point to the OpenAFS 1.8 release. + </para> + <para> + See also the OpenAFS <link + xlink:href="http://docs.openafs.org/AdminGuide/index.html">Administrator + Guide</link> for instructions. Beware of the following when updating + servers: + <itemizedlist> + <listitem> + <para> + The storage format of the server key has changed and the key must be converted before running the new release. + </para> + </listitem> + <listitem> + <para> + When updating multiple database servers, turn off the database servers + from the highest IP down to the lowest with resting periods in + between. Start up in reverse order. Do not concurrently run database + servers working with different OpenAFS releases! + </para> + </listitem> + <listitem> + <para> + Update servers first, then clients. + </para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + Radicale's default package has changed from 2.x to 3.x. An upgrade + checklist can be found + <link xlink:href="https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist">here</link>. + You can use the newer version in the NixOS service by setting the + <literal>package</literal> to <literal>radicale3</literal>, which is done + automatically if <literal>stateVersion</literal> is 20.09 or higher. + </para> + </listitem> + <listitem> + <para> + <literal>udpt</literal> experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml. + The new configuration documentation can be found at + <link xlink:href="https://naim94a.github.io/udpt/config.html">the official website</link> and example + configuration is packaged in <literal>${udpt}/share/udpt/udpt.toml</literal>. + </para> + </listitem> + <listitem> + <para> + We now have a unified <xref linkend="opt-services.xserver.displayManager.autoLogin"/> option interface + to be used for every display-manager in NixOS. + </para> + </listitem> + <listitem> + <para> + The <literal>bitcoind</literal> module has changed to multi-instance, using submodules. + Therefore, it is now mandatory to name each instance. + To use this new multi-instance config with an existing bitcoind data directory and user, + you have to adjust the original config, e.g.: +<programlisting> + services.bitcoind = { + enable = true; + extraConfig = "..."; + ... + }; +</programlisting> + To something similar: +<programlisting> + services.bitcoind.mainnet = { + enable = true; + dataDir = "/var/lib/bitcoind"; + user = "bitcoin"; + extraConfig = "..."; + ... + }; +</programlisting> + The key settings are: + <itemizedlist> + <listitem> + <para> + <literal>dataDir</literal> - to continue using the same data directory. + </para> + </listitem> + <listitem> + <para> + <literal>user</literal> - to continue using the same user so that bitcoind maintains access to its files. + </para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + Graylog introduced a change in the LDAP server certificate validation behaviour for version 3.3.3 which might break existing setups. + When updating Graylog from a version before 3.3.3 make sure to check the Graylog <link xlink:href="https://www.graylog.org/post/announcing-graylog-v3-3-3">release info</link> for information on how to avoid the issue. + </para> + </listitem> + <listitem> + <para> + The <literal>dokuwiki</literal> module has changed to multi-instance, using submodules. + Therefore, it is now mandatory to name each instance. Moreover, forcing SSL by default has been dropped, so + <literal>nginx.forceSSL</literal> and <literal>nginx.enableACME</literal> are no longer set to <literal>true</literal>. + To continue using your service with the original SSL settings, you have to adjust the original config, e.g.: +<programlisting> +services.dokuwiki = { + enable = true; + ... +}; +</programlisting> + To something similar: +<programlisting> +services.dokuwiki."mywiki" = { + enable = true; + nginx = { + forceSSL = true; + enableACME = true; + }; + ... +}; +</programlisting> + The base package has also been upgraded to the 2020-07-29 "Hogfather" release. Plugins might be incompatible or require upgrading. + </para> + </listitem> + <listitem> + <para> + The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your + <xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.03</literal> or below + should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly + set this value to maintain compatibility: +<programlisting> +services.postgresql.dataDir = "/var/db/postgresql"; +</programlisting> + </para> + <para> + The postgresql module now expects there to be a database super user account called <literal>postgres</literal> regardless of your <xref linkend="opt-system.stateVersion"/>. Users + with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.03</literal> or below should run the following SQL statements as a + database super admin user before upgrading: +<programlisting> +CREATE ROLE postgres LOGIN SUPERUSER; +</programlisting> + </para> + </listitem> + <listitem> + <para> + The USBGuard module now removes options and instead hardcodes values for <literal>IPCAccessControlFiles</literal>, <literal>ruleFiles</literal>, and <literal>auditFilePath</literal>. Audit logs can be found in the journal. + </para> + </listitem> + <listitem> + <para> + The NixOS module system now evaluates option definitions more strictly, allowing it to detect a larger set of problems. + As a result, what previously evaluated may not do so anymore. + See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/82743#issuecomment-674520472">the PR that changed this</link> for more info. + </para> + </listitem> + <listitem> + <para> + For NixOS configuration options, the type <literal>loaOf</literal>, after + its initial deprecation in release 20.03, has been removed. In NixOS and + Nixpkgs options using this type have been converted to <literal>attrsOf</literal>. + For more information on this change have look at these links: + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/1800">issue #1800</link>, + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/63103">PR #63103</link>. + </para> + </listitem> + <listitem> + <para> + <literal>config.systemd.services.${name}.path</literal> now returns a list of paths instead of a colon-separated string. + </para> + </listitem> + <listitem> + <para> + Caddy module now uses Caddy v2 by default. Caddy v1 can still be used by setting + <xref linkend="opt-services.caddy.package"/> to <literal>pkgs.caddy1</literal>. + </para> + <para> + New option <xref linkend="opt-services.caddy.adapter"/> has been added. + </para> + </listitem> + <listitem> + <para> + The <link linkend="opt-services.jellyfin.enable">jellyfin</link> module will use and stay on the Jellyfin version <literal>10.5.5</literal> + if <literal>stateVersion</literal> is lower than <literal>20.09</literal>. This is because significant changes were made to the database schema, + and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by + setting your <literal>stateVersion</literal> to <literal>20.09</literal> or higher, or set the <option>services.jellyfin.package</option> to + <literal>pkgs.jellyfin</literal>. If you do not wish to upgrade Jellyfin, but want to change your <literal>stateVersion</literal>, you can set + the value of <option>services.jellyfin.package</option> to <literal>pkgs.jellyfin_10_5</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>security.rngd</literal> service is now disabled by default. + This choice was made because there's krngd in the linux kernel space making it (for most usecases) + functionally redundent. + </para> + </listitem> </itemizedlist> </section> @@ -453,6 +840,9 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; <itemizedlist> <listitem> + <para>SD images are now compressed by default using <literal>zstd</literal>. The compression for ISO images has also been changed to <literal>zstd</literal>, but ISO images are still not compressed by default.</para> + </listitem> + <listitem> <para> <option>services.journald.rateLimitBurst</option> was updated from <literal>1000</literal> to <literal>10000</literal> to follow the new @@ -466,11 +856,50 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; of the default <literal>out</literal> output anymore - if you relied on the <literal>notmuch-emacs-mua</literal> binary or the emacs lisp files, access them via the <literal>notmuch.emacs</literal> output. + + Device tree overlay support was improved in + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/79370">#79370</link> + and now uses <xref linkend="opt-hardware.deviceTree.kernelPackage"/> + instead of <option>hardware.deviceTree.base</option>. + + <xref linkend="opt-hardware.deviceTree.overlays"/> configuration was + extended to support <literal>.dts</literal> files with symbols. + + Device trees can now be filtered by setting + <xref linkend="opt-hardware.deviceTree.filter"/> option. + </para> + </listitem> + <listitem> + <para> + The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>buildGoModule</literal> <literal>doCheck</literal> now defaults to <literal>true</literal>. + </para> + </listitem> + <listitem> + <para> + Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal> + mode for the <literal>checkPhase</literal> by default. + </para> + <para> + Please note that Rust packages utilizing a custom build/install procedure + (e.g. by using a <filename>Makefile</filename>) or test suites that rely on the + structure of the <filename>target/</filename> directory may break due to those assumptions. + For further information, please read the Rust section in the Nixpkgs manual. </para> </listitem> <listitem> <para> - The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. + The cc- and binutils-wrapper's "infix salt" and <literal>_BUILD_</literal> and <literal>_TARGET_</literal> user infixes have been replaced with with a "suffix salt" and suffixes and <literal>_FOR_BUILD</literal> and <literal>_FOR_TARGET</literal>. + This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier. + </para> + </listitem> + <listitem> + <para> + Additional Git documentation (HTML and text files) is now available via the <literal>git-doc</literal> package. </para> </listitem> <listitem> @@ -480,6 +909,12 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; </listitem> <listitem> <para> + The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer. + To login through ssh, either a password or an ssh key must be set for the root user or the nixos user. + </para> + </listitem> + <listitem> + <para> The scripted networking system now uses <literal>.link</literal> files in <literal>/etc/systemd/network</literal> to configure mac address and link MTU, instead of the sometimes buggy <literal>network-link-*</literal> units, which @@ -501,6 +936,217 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; <link xlink:href="https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0">in the Grafana documentation</link>. </para> </listitem> + <listitem> + <para> + The <literal>hardware.u2f</literal> module, which was installing udev rules + was removed, as udev gained native support to handle FIDO security tokens. + </para> + </listitem> + <listitem> + <para> + The <literal>services.transmission</literal> module + was enhanced with the new options: + <xref linkend="opt-services.transmission.credentialsFile"/>, + <xref linkend="opt-services.transmission.openFirewall"/>, + and <xref linkend="opt-services.transmission.performanceNetParameters"/>. + </para> + <para> + <literal>transmission-daemon</literal> is now started with additional systemd sandbox/hardening options for better security. + Please <link xlink:href="https://github.com/NixOS/nixpkgs/issues">report</link> + any use case where this is not working well. + In particular, the <literal>RootDirectory</literal> option newly set + forbids uploading or downloading a torrent outside of the default directory + configured at <link linkend="opt-services.transmission.settings">settings.download-dir</link>. + If you really need Transmission to access other directories, + you must include those directories into the <literal>BindPaths</literal> of the service: +<programlisting> +systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ]; +</programlisting> + </para> + <para> + Also, connection to the RPC (Remote Procedure Call) of <literal>transmission-daemon</literal> + is now only available on the local network interface by default. + Use: +<programlisting> +services.transmission.settings.rpc-bind-address = "0.0.0.0"; +</programlisting> + to get the previous behavior of listening on all network interfaces. + </para> + </listitem> + <listitem> + <para> + With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>) + has it's netlink socket created through a <literal>systemd.socket</literal> unit. This gives us control over + socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) + devices the default buffer size (currently 128MB) is not enough. + </para> + <para> + On a machine with >100 virtual interfaces (e.g., wireguard tunnels, VLANs, …), that all have to + be brought up during system startup, the receive buffer size will spike for a brief period. + Eventually some of the message will be dropped since there is not enough (permitted) buffer + space available. + </para> + <para> + By having <literal>systemd-networkd</literal> start with a netlink socket created by + <literal>systemd</literal> we can configure the <literal>ReceiveBufferSize=</literal> parameter + in the socket options (i.e. <literal>systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize</literal>) + without recompiling <literal>systemd-networkd</literal>. + </para> + <para> + Since the actual memory requirements depend on hardware, timing, exact + configurations etc. it isn't currently possible to infer a good default + from within the NixOS module system. Administrators are advised to + monitor the logs of <literal>systemd-networkd</literal> for <literal>rtnl: kernel receive buffer + overrun</literal> spam and increase the memory limit as they see fit. + </para> + <para> + Note: Increasing the <literal>ReceiveBufferSize=</literal> doesn't allocate any memory. It just increases + the upper bound on the kernel side. The memory allocation depends on the amount of messages that are + queued on the kernel side of the netlink socket. + </para> + </listitem> + <listitem> + <para> + Specifying <link linkend="opt-services.dovecot2.mailboxes">mailboxes</link> in the <package>dovecot2</package> module + as a list is deprecated and will break eval in 21.03. Instead, an attribute-set should be specified where the <literal>name</literal> + should be the key of the attribute. + </para> + <para> + This means that a configuration like this +<programlisting>{ + <link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = [ + { name = "Junk"; + auto = "create"; + } + ]; +}</programlisting> + should now look like this: +<programlisting>{ + <link linkend="opt-services.dovecot2.mailboxes">services.dovecot2.mailboxes</link> = { + Junk.auto = "create"; + }; +}</programlisting> + </para> + </listitem> + <listitem> + <para> + <package>netbeans</package> was upgraded to 12.0 and now defaults to OpenJDK 11. This might cause problems if your projects depend on packages that were removed in Java 11. + </para> + </listitem> + <listitem> + <para> + <package>nextcloud</package> has been updated to <link xlink:href="https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/">v19</link>. + </para> + <para> + If you have an existing installation, please make sure that you're on + <package>nextcloud18</package> before upgrading to <package>nextcloud19</package> + since Nextcloud doesn't support upgrades across multiple major versions. + </para> + <para> + The <literal>nixos-run-vms</literal> script now deletes the + previous run machines states on test startup. You can use the + <literal>--keep-vm-state</literal> flag to match the previous + behaviour and keep the same VM state between different test runs. + </para> + </listitem> + <listitem> + <para> + The <link linkend="opt-nix.buildMachines">nix.buildMachines</link> option is now type-checked. + There are no functional changes, however this may require updating some configurations to use correct types for all attributes. + </para> + </listitem> + <listitem> + <para> + The <literal>fontconfig</literal> module stopped generating fontconfig 2.10.x config and cache. + Fontconfig 2.10.x was removed from Nixpkgs - it hasn't been used in any nixpkgs package anymore. + </para> + </listitem> + <listitem> + <para> + Nginx module <literal>nginxModules.fastcgi-cache-purge</literal> renamed to official name <literal>nginxModules.cache-purge</literal>. + Nginx module <literal>nginxModules.ngx_aws_auth</literal> renamed to official name <literal>nginxModules.aws-auth</literal>. + </para> + </listitem> + <listitem> + <para> + The option <option>defaultPackages</option> was added. It installs the packages <package>perl</package>, <package>rsync</package> and <package>strace</package> for now. They were added unconditionally to <option>systemPackages</option> before, but are not strictly necessary for a minimal NixOS install. You can set it to an empty list to have a more minimal system. Be aware that some functionality might still have an impure dependency on those packages, so things might break. + </para> + </listitem> + <listitem> + <para> + The <literal>undervolt</literal> option no longer needs to apply its + settings every 30s. If they still become undone, open an issue and restore + the previous behaviour using <literal>undervolt.useTimer</literal>. + </para> + </listitem> + <listitem> + <para> + Agda has been heavily reworked. + <itemizedlist> + <listitem> + <para> + <literal>agda.mkDerivation</literal> has been heavily changed and + is now located at <package>agdaPackages.mkDerivation</package>. + </para> + </listitem> + <listitem> + <para> + New top-level packages <package>agda</package> and + <literal>agda.withPackages</literal> have been added, the second + of which sets up agda with access to chosen libraries. + </para> + </listitem> + <listitem> + <para> + All agda libraries now live under + <literal>agdaPackages</literal>. + </para> + </listitem> + <listitem> + <para> + Many broken libraries have been removed. + </para> + </listitem> + </itemizedlist> + See the <link + xlink:href="https://nixos.org/nixpkgs/manual/#agda">new + documentation</link> for more information. + </para> + </listitem> + <listitem> + <para> + The <literal>deepin</literal> package set has been removed from + nixpkgs. It was a work in progress to package the + <link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>, + including libraries, tools and applications, and it was still + missing a service to lauch the desktop environment. It has shown + to no longer be a feasible goal due to reasons discussed in + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>. + The package <literal>netease-cloud-music</literal> has also been + removed, as it depends on libraries from deepin. + </para> + </listitem> + <listitem> + <para> + The <literal>opendkim</literal> module now uses systemd sandboxing features + to limit the exposure of the system towards the opendkim service. + </para> + </listitem> + </itemizedlist> + <itemizedlist> + <listitem> + <para /> + <para> + Kubernetes has been upgraded to 1.19.1, which also means that the + golang version to build it has been bumped to 1.15. This may have + consequences for your existing clusters and their certificates. Please + consider + <link xlink:href="https://relnotes.k8s.io/?markdown=93264"> + the release notes for Kubernetes 1.19 carefully + </link> + before upgrading. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2103.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-2103.xml new file mode 100644 index 00000000000..eccf2b69dad --- /dev/null +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2103.xml @@ -0,0 +1,80 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-21.03"> + <title>Release 21.03 (“Okapi”, 2021.03/??)</title> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-21.03-highlights"> + <title>Highlights</title> + + <para> + In addition to numerous new and upgraded packages, this release has the + following highlights: + </para> + + <itemizedlist> + <listitem> + <para> + Support is planned until the end of October 2021, handing over to 21.09. + </para> + </listitem> + </itemizedlist> + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-21.03-new-services"> + <title>New Services</title> + + <para> + The following new services were added since the last release: + </para> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-21.03-incompatibilities"> + <title>Backward Incompatibilities</title> + + <para> + When upgrading from a previous release, please be aware of the following + incompatible changes: + </para> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-21.03-notable-changes"> + <title>Other Notable Changes</title> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + </section> +</section> |