colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc,nixos/doc: unescape apostrophes

Browse Source 
Leftovers from the CommonMark conversion.
This commit is contained in:
Naïm Favier 2022-12-21 21:24:48 +01:00
parent 3fc528ff7f
commit d11832fd96
No known key found for this signature in database
GPG Key ID: 95AFCE8211908325
63 changed files with 416 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/builders/images/ocitools.section.md
View File

@ -34,4 +34,4 @@ buildContainer {
- `mounts` specifies additional mount points chosen by the user. By default only a minimal set of necessary filesystems are mounted into the container (e.g procfs, cgroupfs)
- `readonly` makes the container\'s rootfs read-only if it is set to true. The default value is false `false`.
- `readonly` makes the container's rootfs read-only if it is set to true. The default value is false `false`.

2
doc/builders/packages/dlib.section.md
View File

@ -4,7 +4,7 @@
## Compiling without AVX support {#compiling-without-avx-support}
Especially older CPUs don\'t support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
Especially older CPUs don't support [AVX](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions) (Advanced Vector Extensions) instructions that are used by DLib to optimize their algorithms.
On the affected hardware errors like `Illegal instruction` will occur. In those cases AVX support needs to be disabled:

4
doc/functions/nix-gitignore.section.md
View File

@ -4,7 +4,7 @@
## Usage {#sec-pkgs-nix-gitignore-usage}
`pkgs.nix-gitignore` exports a number of functions, but you\'ll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
`pkgs.nix-gitignore` exports a number of functions, but you'll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
```nix
{ pkgs ? import <nixpkgs> {} }:
@ -30,7 +30,7 @@ gitignoreSourcePure = gitignoreFilterSourcePure (_: _: true);
gitignoreSource = gitignoreFilterSource (_: _: true);
```
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it\'s blacklisted by either your filter or the gitignoreFilter.
Those filter functions accept the same arguments the `builtins.filterSource` function would pass to its filters, thus `fn: gitignoreFilterSourcePure fn ""` should be extensionally equivalent to `filterSource`. The file is blacklisted if it's blacklisted by either your filter or the gitignoreFilter.
If you want to make your own filter from scratch, you may use

12
nixos/doc/manual/administration/service-mgmt.chapter.md
View File

@ -75,7 +75,7 @@ necessary).
Packages in Nixpkgs sometimes provide systemd units with them, usually
in e.g `#pkg-out#/lib/systemd/`. Putting such a package in
`environment.systemPackages` doesn\'t make the service available to
`environment.systemPackages` doesn't make the service available to
users or the system.
In order to enable a systemd *system* service with provided upstream
@ -87,9 +87,9 @@ systemd.packages = [ pkgs.packagekit ];
Usually NixOS modules written by the community do the above, plus take
care of other details. If a module was written for a service you are
interested in, you\'d probably need only to use
interested in, you'd probably need only to use
`services.#name#.enable = true;`. These services are defined in
Nixpkgs\' [ `nixos/modules/` directory
Nixpkgs' [ `nixos/modules/` directory
](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules). In case
the service is simple enough, the above method should work, and start
the service on boot.
@ -98,8 +98,8 @@ the service on boot.
differently. Given a package that has a systemd unit file at
`#pkg-out#/lib/systemd/user/`, using [](#opt-systemd.packages) will
make you able to start the service via `systemctl --user start`, but it
won\'t start automatically on login. However, You can imperatively
enable it by adding the package\'s attribute to
won't start automatically on login. However, You can imperatively
enable it by adding the package's attribute to
[](#opt-systemd.packages) and then do this (e.g):
```ShellSession
@ -113,7 +113,7 @@ If you are interested in a timer file, use `timers.target.wants` instead
of `default.target.wants` in the 1st and 2nd command.
Using `systemctl --user enable syncthing.service` instead of the above,
will work, but it\'ll use the absolute path of `syncthing.service` for
will work, but it'll use the absolute path of `syncthing.service` for
the symlink, and this path is in `/nix/store/.../lib/systemd/user/`.
Hence [garbage collection](#sec-nix-gc) will remove that file and you
will wind up with a broken symlink in your systemd configuration, which

2
nixos/doc/manual/configuration/profiles.chapter.md
View File

@ -2,7 +2,7 @@
In some cases, it may be desirable to take advantage of commonly-used,
predefined configurations provided by nixpkgs, but different from those
that come as default. This is a role fulfilled by NixOS\'s Profiles,
that come as default. This is a role fulfilled by NixOS's Profiles,
which come as files living in `<nixpkgs/nixos/modules/profiles>`. That
is to say, expected usage is to add them to the imports list of your
`/etc/configuration.nix` as such:

2
nixos/doc/manual/configuration/user-mgmt.chapter.md
View File

@ -30,7 +30,7 @@ to your NixOS configuration. For instance, if you remove a user from
[](#opt-users.users) and run nixos-rebuild, the user
account will cease to exist. Also, imperative commands for managing users and
groups, such as useradd, are no longer available. Passwords may still be
assigned by setting the user\'s
assigned by setting the user's
[hashedPassword](#opt-users.users._name_.hashedPassword) option. A
hashed password can be generated using `mkpasswd`.

2
nixos/doc/manual/configuration/wayland.chapter.md
View File

@ -4,7 +4,7 @@ While X11 (see [](#sec-x11)) is still the primary display technology
on NixOS, Wayland support is steadily improving. Where X11 separates the
X Server and the window manager, on Wayland those are combined: a
Wayland Compositor is like an X11 window manager, but also embeds the
Wayland \'Server\' functionality. This means it is sufficient to install
Wayland 'Server' functionality. This means it is sufficient to install
a Wayland Compositor such as sway without separately enabling a Wayland
server:

14
nixos/doc/manual/configuration/x-windows.chapter.md
View File

@ -81,7 +81,7 @@ second password to login can be redundant.
To enable auto-login, you need to define your default window manager and
desktop environment. If you wanted no desktop environment and i3 as your
your window manager, you\'d define:
your window manager, you'd define:
```nix
services.xserver.displayManager.defaultSession = "none+i3";
@ -110,7 +110,7 @@ maintained but may perform worse in some cases (like in old chipsets).
The second driver, `intel`, is specific to Intel GPUs, but not
recommended by most distributions: it lacks several modern features (for
example, it doesn\'t support Glamor) and the package hasn\'t been
example, it doesn't support Glamor) and the package hasn't been
officially updated since 2015.
The results vary depending on the hardware, so you may have to try both
@ -162,7 +162,7 @@ with other kernel modules.
AMD provides a proprietary driver for its graphics cards that is not
enabled by default because it's not Free Software, is often broken in
nixpkgs and as of this writing doesn\'t offer more features or
nixpkgs and as of this writing doesn't offer more features or
performance. If you still want to use it anyway, you need to explicitly
set:
@ -215,7 +215,7 @@ US layout, with an additional layer to type some greek symbols by
pressing the right-alt key.
Create a file called `us-greek` with the following content (under a
directory called `symbols`; it\'s an XKB peculiarity that will help with
directory called `symbols`; it's an XKB peculiarity that will help with
testing):
```nix
@ -249,7 +249,7 @@ The name (after `extraLayouts.`) should match the one given to the
Applying this customization requires rebuilding several packages, and a
broken XKB file can lead to the X session crashing at login. Therefore,
you\'re strongly advised to **test your layout before applying it**:
you're strongly advised to **test your layout before applying it**:
```ShellSession
$ nix-shell -p xorg.xkbcomp
@ -314,7 +314,7 @@ prefer to keep the layout definitions inside the NixOS configuration.
Unfortunately, the Xorg server does not (currently) support setting a
keymap directly but relies instead on XKB rules to select the matching
components (keycodes, types, \...) of a layout. This means that
components other than symbols won\'t be loaded by default. As a
components other than symbols won't be loaded by default. As a
workaround, you can set the keymap using `setxkbmap` at the start of the
session with:
@ -323,7 +323,7 @@ services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media";
```
If you are manually starting the X server, you should set the argument
`-xkbdir /etc/X11/xkb`, otherwise X won\'t find your layout files. For
`-xkbdir /etc/X11/xkb`, otherwise X won't find your layout files. For
example with `xinit` run
```ShellSession

4
nixos/doc/manual/configuration/xfce.chapter.md
View File

@ -31,8 +31,8 @@ enabled. To enable Thunar without enabling Xfce, use the configuration
option [](#opt-programs.thunar.enable) instead of simply adding
`pkgs.xfce.thunar` to [](#opt-environment.systemPackages).
If you\'d like to add extra plugins to Thunar, add them to
[](#opt-programs.thunar.plugins). You shouldn\'t just add them to
If you'd like to add extra plugins to Thunar, add them to
[](#opt-programs.thunar.plugins). You shouldn't just add them to
[](#opt-environment.systemPackages).
## Troubleshooting {#sec-xfce-troubleshooting .unnumbered}

10
nixos/doc/manual/development/option-types.section.md
View File

@ -92,11 +92,11 @@ merging is handled.
: A free-form attribute set.
::: {.warning}
This type will be deprecated in the future because it doesn\'t
This type will be deprecated in the future because it doesn't
recurse into attribute sets, silently drops earlier attribute
definitions, and doesn\'t discharge `lib.mkDefault`, `lib.mkIf`
definitions, and doesn't discharge `lib.mkDefault`, `lib.mkIf`
and co. For allowing arbitrary attribute sets, prefer
`types.attrsOf types.anything` instead which doesn\'t have these
`types.attrsOf types.anything` instead which doesn't have these
problems.
:::
@ -222,7 +222,7 @@ Submodules are detailed in [Submodule](#section-option-types-submodule).
- *`specialArgs`* An attribute set of extra arguments to be passed
to the module functions. The option `_module.args` should be
used instead for most arguments since it allows overriding.
*`specialArgs`* should only be used for arguments that can\'t go
*`specialArgs`* should only be used for arguments that can't go
through the module fixed-point, because of infinite recursion or
other problems. An example is overriding the `lib` argument,
because `lib` itself is used to define `_module.args`, which
@ -236,7 +236,7 @@ Submodules are detailed in [Submodule](#section-option-types-submodule).
In such a case it would allow the option to be set with
`the-submodule.config = "value"` instead of requiring
`the-submodule.config.config = "value"`. This is because
only when modules *don\'t* set the `config` or `options`
only when modules *don't* set the `config` or `options`
keys, all keys are interpreted as option definitions in the
`config` section. Enabling this option implicitly puts all
attributes in the `config` section.

6
nixos/doc/manual/development/replace-modules.section.md
View File

@ -2,7 +2,7 @@
Modules that are imported can also be disabled. The option declarations,
config implementation and the imports of a disabled module will be
ignored, allowing another to take it\'s place. This can be used to
ignored, allowing another to take its place. This can be used to
import a set of modules from another channel while keeping the rest of
the system on a stable release.
@ -14,7 +14,7 @@ relative to the modules path (eg. \<nixpkgs/nixos/modules> for nixos).
This example will replace the existing postgresql module with the
version defined in the nixos-unstable channel while keeping the rest of
the modules and packages from the original nixos channel. This only
overrides the module definition, this won\'t use postgresql from
overrides the module definition, this won't use postgresql from
nixos-unstable unless explicitly configured to do so.
```nix
@ -35,7 +35,7 @@ nixos-unstable unless explicitly configured to do so.
This example shows how to define a custom module as a replacement for an
existing module. Importing this module will disable the original module
without having to know it\'s implementation details.
without having to know its implementation details.
```nix
{ config, lib, pkgs, ... }:

4
nixos/doc/manual/development/settings-options.section.md
View File

@ -9,10 +9,10 @@ can be declared. File formats can be separated into two categories:
`{ foo = { bar = 10; }; }`. Other examples are INI, YAML and TOML.
The following section explains the convention for these settings.
- Non-nix-representable ones: These can\'t be trivially mapped to a
- Non-nix-representable ones: These can't be trivially mapped to a
subset of Nix syntax. Most generic programming languages are in this
group, e.g. bash, since the statement `if true; then echo hi; fi`
doesn\'t have a trivial representation in Nix.
doesn't have a trivial representation in Nix.
Currently there are no fixed conventions for these, but it is common
to have a `configFile` option for setting the configuration file

2
nixos/doc/manual/development/writing-documentation.chapter.md
View File

@ -19,7 +19,7 @@ $ nix-shell
nix-shell$ make
```
Once you are done making modifications to the manual, it\'s important to
Once you are done making modifications to the manual, it's important to
build it before committing. You can do that as follows:
```ShellSession

2
nixos/doc/manual/development/writing-modules.chapter.md
View File

@ -71,7 +71,7 @@ The meaning of each part is as follows.
- This `imports` list enumerates the paths to other NixOS modules that
should be included in the evaluation of the system configuration. A
default set of modules is defined in the file `modules/module-list.nix`.
These don\'t need to be added in the import list.
These don't need to be added in the import list.
- The attribute `options` is a nested set of *option declarations*
(described below).

10
nixos/doc/manual/development/writing-nixos-tests.section.md
View File

@ -165,7 +165,7 @@ The following methods are available on machine objects:
`get_screen_text_variants`
: Return a list of different interpretations of what is currently
visible on the machine\'s screen using optical character
visible on the machine's screen using optical character
recognition. The number and order of the interpretations is not
specified and is subject to change, but if no exception is raised at
least one will be returned.
@ -177,7 +177,7 @@ The following methods are available on machine objects:
`get_screen_text`
: Return a textual representation of what is currently visible on the
machine\'s screen using optical character recognition.
machine's screen using optical character recognition.
::: {.note}
This requires [`enableOCR`](#test-opt-enableOCR) to be set to `true`.
@ -350,8 +350,8 @@ machine.wait_for_unit("xautolock.service", "x-session-user")
This applies to `systemctl`, `get_unit_info`, `wait_for_unit`,
`start_job` and `stop_job`.
For faster dev cycles it\'s also possible to disable the code-linters
(this shouldn\'t be committed though):
For faster dev cycles it's also possible to disable the code-linters
(this shouldn't be committed though):
```nix
{
@ -370,7 +370,7 @@ For faster dev cycles it\'s also possible to disable the code-linters
This will produce a Nix warning at evaluation time. To fully disable the
linter, wrap the test script in comment directives to disable the Black
linter directly (again, don\'t commit this within the Nixpkgs
linter directly (again, don't commit this within the Nixpkgs
repository):
```nix

12
nixos/doc/manual/from_md/administration/service-mgmt.chapter.xml
View File

@ -85,7 +85,7 @@ Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
Packages in Nixpkgs sometimes provide systemd units with them,
usually in e.g <literal>#pkg-out#/lib/systemd/</literal>. Putting
such a package in <literal>environment.systemPackages</literal>
doesn't make the service available to users or the system.
doesnt make the service available to users or the system.
</para>
<para>
In order to enable a systemd <emphasis>system</emphasis> service
@ -97,9 +97,9 @@ systemd.packages = [ pkgs.packagekit ];
<para>
Usually NixOS modules written by the community do the above, plus
take care of other details. If a module was written for a service
you are interested in, you'd probably need only to use
you are interested in, youd probably need only to use
<literal>services.#name#.enable = true;</literal>. These services
are defined in Nixpkgs'
are defined in Nixpkgs
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules">
<literal>nixos/modules/</literal> directory </link>. In case the
service is simple enough, the above method should work, and start
@ -111,8 +111,8 @@ systemd.packages = [ pkgs.packagekit ];
unit file at <literal>#pkg-out#/lib/systemd/user/</literal>, using
<xref linkend="opt-systemd.packages" /> will make you able to
start the service via <literal>systemctl --user start</literal>,
but it won't start automatically on login. However, You can
imperatively enable it by adding the package's attribute to
but it wont start automatically on login. However, You can
imperatively enable it by adding the packages attribute to
<xref linkend="opt-systemd.packages" /> and then do this (e.g):
</para>
<programlisting>
@ -129,7 +129,7 @@ $ systemctl --user enable syncthing.service
</para>
<para>
Using <literal>systemctl --user enable syncthing.service</literal>
instead of the above, will work, but it'll use the absolute path
instead of the above, will work, but itll use the absolute path
of <literal>syncthing.service</literal> for the symlink, and this
path is in <literal>/nix/store/.../lib/systemd/user/</literal>.
Hence <link linkend="sec-nix-gc">garbage collection</link> will

2
nixos/doc/manual/from_md/configuration/profiles.chapter.xml
View File

@ -4,7 +4,7 @@
In some cases, it may be desirable to take advantage of
commonly-used, predefined configurations provided by nixpkgs, but
different from those that come as default. This is a role fulfilled
by NixOS's Profiles, which come as files living in
by NixOSs Profiles, which come as files living in
<literal>&lt;nixpkgs/nixos/modules/profiles&gt;</literal>. That is
to say, expected usage is to add them to the imports list of your
<literal>/etc/configuration.nix</literal> as such:

2
nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml
View File

@ -36,7 +36,7 @@ users.users.alice = {
<xref linkend="opt-users.users" /> and run nixos-rebuild, the user
account will cease to exist. Also, imperative commands for managing
users and groups, such as useradd, are no longer available.
Passwords may still be assigned by setting the user's
Passwords may still be assigned by setting the users
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using
<literal>mkpasswd</literal>.

7
nixos/doc/manual/from_md/configuration/wayland.chapter.xml
View File

@ -5,9 +5,10 @@
display technology on NixOS, Wayland support is steadily improving.
Where X11 separates the X Server and the window manager, on Wayland
those are combined: a Wayland Compositor is like an X11 window
manager, but also embeds the Wayland 'Server' functionality. This
means it is sufficient to install a Wayland Compositor such as sway
without separately enabling a Wayland server:
manager, but also embeds the Wayland <quote>Server</quote>
functionality. This means it is sufficient to install a Wayland
Compositor such as sway without separately enabling a Wayland
server:
</para>
<programlisting language="bash">
programs.sway.enable = true;

16
nixos/doc/manual/from_md/configuration/x-windows.chapter.xml
View File

@ -88,7 +88,7 @@ hardware.opengl.driSupport32Bit = true;
<para>
To enable auto-login, you need to define your default window
manager and desktop environment. If you wanted no desktop
environment and i3 as your your window manager, you'd define:
environment and i3 as your your window manager, youd define:
</para>
<programlisting language="bash">
services.xserver.displayManager.defaultSession = &quot;none+i3&quot;;
@ -122,8 +122,8 @@ services.xserver.displayManager.autoLogin.user = &quot;alice&quot;;
<para>
The second driver, <literal>intel</literal>, is specific to Intel
GPUs, but not recommended by most distributions: it lacks several
modern features (for example, it doesn't support Glamor) and the
package hasn't been officially updated since 2015.
modern features (for example, it doesnt support Glamor) and the
package hasnt been officially updated since 2015.
</para>
<para>
The results vary depending on the hardware, so you may have to try
@ -181,7 +181,7 @@ services.xserver.videoDrivers = [ &quot;nvidiaLegacy304&quot; ];
<para>
AMD provides a proprietary driver for its graphics cards that is
not enabled by default because its not Free Software, is often
broken in nixpkgs and as of this writing doesn't offer more
broken in nixpkgs and as of this writing doesnt offer more
features or performance. If you still want to use it anyway, you
need to explicitly set:
</para>
@ -244,7 +244,7 @@ qt5.style = &quot;gtk2&quot;;
<para>
Create a file called <literal>us-greek</literal> with the
following content (under a directory called
<literal>symbols</literal>; it's an XKB peculiarity that will help
<literal>symbols</literal>; its an XKB peculiarity that will help
with testing):
</para>
<programlisting language="bash">
@ -279,7 +279,7 @@ services.xserver.extraLayouts.us-greek = {
<para>
Applying this customization requires rebuilding several packages,
and a broken XKB file can lead to the X session crashing at login.
Therefore, you're strongly advised to <emphasis role="strong">test
Therefore, youre strongly advised to <emphasis role="strong">test
your layout before applying it</emphasis>:
</para>
<programlisting>
@ -353,7 +353,7 @@ services.xserver.extraLayouts.media = {
Unfortunately, the Xorg server does not (currently) support
setting a keymap directly but relies instead on XKB rules to
select the matching components (keycodes, types, ...) of a layout.
This means that components other than symbols won't be loaded by
This means that components other than symbols wont be loaded by
default. As a workaround, you can set the keymap using
<literal>setxkbmap</literal> at the start of the session with:
</para>
@ -363,7 +363,7 @@ services.xserver.displayManager.sessionCommands = &quot;setxkbmap -keycodes medi
<para>
If you are manually starting the X server, you should set the
argument <literal>-xkbdir /etc/X11/xkb</literal>, otherwise X
won't find your layout files. For example with
wont find your layout files. For example with
<literal>xinit</literal> run
</para>
<programlisting>

4
nixos/doc/manual/from_md/configuration/xfce.chapter.xml
View File

@ -36,8 +36,8 @@ services.picom = {
<xref linkend="opt-environment.systemPackages" />.
</para>
<para>
If you'd like to add extra plugins to Thunar, add them to
<xref linkend="opt-programs.thunar.plugins" />. You shouldn't just
If youd like to add extra plugins to Thunar, add them to
<xref linkend="opt-programs.thunar.plugins" />. You shouldnt just
add them to <xref linkend="opt-environment.systemPackages" />.
</para>
</section>

10
nixos/doc/manual/from_md/development/option-types.section.xml
View File

@ -152,13 +152,13 @@
<warning>
<para>
This type will be deprecated in the future because it
doesn't recurse into attribute sets, silently drops
earlier attribute definitions, and doesn't discharge
doesnt recurse into attribute sets, silently drops
earlier attribute definitions, and doesnt discharge
<literal>lib.mkDefault</literal>,
<literal>lib.mkIf</literal> and co. For allowing arbitrary
attribute sets, prefer
<literal>types.attrsOf types.anything</literal> instead
which doesn't have these problems.
which doesnt have these problems.
</para>
</warning>
</listitem>
@ -453,7 +453,7 @@
<literal>_module.args</literal> should be used instead
for most arguments since it allows overriding.
<emphasis><literal>specialArgs</literal></emphasis>
should only be used for arguments that can't go through
should only be used for arguments that cant go through
the module fixed-point, because of infinite recursion or
other problems. An example is overriding the
<literal>lib</literal> argument, because
@ -477,7 +477,7 @@
instead of requiring
<literal>the-submodule.config.config = &quot;value&quot;</literal>.
This is because only when modules
<emphasis>don't</emphasis> set the
<emphasis>dont</emphasis> set the
<literal>config</literal> or <literal>options</literal>
keys, all keys are interpreted as option definitions in
the <literal>config</literal> section. Enabling this

8
nixos/doc/manual/from_md/development/replace-modules.section.xml
View File

@ -3,8 +3,8 @@
<para>
Modules that are imported can also be disabled. The option
declarations, config implementation and the imports of a disabled
module will be ignored, allowing another to take it's place. This
can be used to import a set of modules from another channel while
module will be ignored, allowing another to take its place. This can
be used to import a set of modules from another channel while
keeping the rest of the system on a stable release.
</para>
<para>
@ -19,7 +19,7 @@
This example will replace the existing postgresql module with the
version defined in the nixos-unstable channel while keeping the rest
of the modules and packages from the original nixos channel. This
only overrides the module definition, this won't use postgresql from
only overrides the module definition, this wont use postgresql from
nixos-unstable unless explicitly configured to do so.
</para>
<programlisting language="bash">
@ -40,7 +40,7 @@
<para>
This example shows how to define a custom module as a replacement
for an existing module. Importing this module will disable the
original module without having to know it's implementation details.
original module without having to know its implementation details.
</para>
<programlisting language="bash">
{ config, lib, pkgs, ... }:

4
nixos/doc/manual/from_md/development/settings-options.section.xml
View File

@ -19,10 +19,10 @@
</listitem>
<listitem>
<para>
Non-nix-representable ones: These can't be trivially mapped to a
Non-nix-representable ones: These cant be trivially mapped to a
subset of Nix syntax. Most generic programming languages are in
this group, e.g. bash, since the statement
<literal>if true; then echo hi; fi</literal> doesn't have a
<literal>if true; then echo hi; fi</literal> doesnt have a
trivial representation in Nix.
</para>
<para>

2
nixos/doc/manual/from_md/development/writing-documentation.chapter.xml
View File

@ -23,7 +23,7 @@ $ nix-shell
nix-shell$ make
</programlisting>
<para>
Once you are done making modifications to the manual, it's
Once you are done making modifications to the manual, its
important to build it before committing. You can do that as
follows:
</para>

2
nixos/doc/manual/from_md/development/writing-modules.chapter.xml
View File

@ -90,7 +90,7 @@
This <literal>imports</literal> list enumerates the paths to
other NixOS modules that should be included in the evaluation of
the system configuration. A default set of modules is defined in
the file <literal>modules/module-list.nix</literal>. These don't
the file <literal>modules/module-list.nix</literal>. These dont
need to be added in the import list.
</para>
</listitem>

10
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
View File

@ -255,7 +255,7 @@ start_all()
<listitem>
<para>
Return a list of different interpretations of what is
currently visible on the machine's screen using optical
currently visible on the machines screen using optical
character recognition. The number and order of the
interpretations is not specified and is subject to change,
but if no exception is raised at least one will be returned.
@ -276,7 +276,7 @@ start_all()
<listitem>
<para>
Return a textual representation of what is currently visible
on the machine's screen using optical character recognition.
on the machines screen using optical character recognition.
</para>
<note>
<para>
@ -630,8 +630,8 @@ machine.wait_for_unit(&quot;xautolock.service&quot;, &quot;x-session-user&quot;)
<literal>stop_job</literal>.
</para>
<para>
For faster dev cycles it's also possible to disable the
code-linters (this shouldn't be committed though):
For faster dev cycles its also possible to disable the
code-linters (this shouldnt be committed though):
</para>
<programlisting language="bash">
{
@ -650,7 +650,7 @@ machine.wait_for_unit(&quot;xautolock.service&quot;, &quot;x-session-user&quot;)
<para>
This will produce a Nix warning at evaluation time. To fully
disable the linter, wrap the test script in comment directives to
disable the Black linter directly (again, don't commit this within
disable the Black linter directly (again, dont commit this within
the Nixpkgs repository):
</para>
<programlisting language="bash">

6
nixos/doc/manual/from_md/installation/changing-config.chapter.xml
View File

@ -16,7 +16,7 @@
</para>
<warning>
<para>
This command doesn't start/stop
This command doesnt start/stop
<link linkend="opt-systemd.user.services">user services</link>
automatically. <literal>nixos-rebuild</literal> only runs a
<literal>daemon-reload</literal> for each user with running user
@ -64,8 +64,8 @@
<para>
which causes the new configuration (and previous ones created using
<literal>-p test</literal>) to show up in the GRUB submenu
<quote>NixOS - Profile 'test'</quote>. This can be useful to
separate test configurations from <quote>stable</quote>
<quote>NixOS - Profile <quote>test</quote></quote>. This can be
useful to separate test configurations from <quote>stable</quote>
configurations.
</para>
<para>

36
nixos/doc/manual/from_md/installation/installing-from-other-distro.section.xml
View File

@ -53,7 +53,7 @@ $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell
Switch to the NixOS channel:
</para>
<para>
If you've just installed Nix on a non-NixOS distribution, you
If youve just installed Nix on a non-NixOS distribution, you
will be on the <literal>nixpkgs</literal> channel by default.
</para>
<programlisting>
@ -78,11 +78,11 @@ $ nix-channel --add https://nixos.org/channels/nixos-version nixpkgs
Install the NixOS installation tools:
</para>
<para>
You'll need <literal>nixos-generate-config</literal> and
Youll need <literal>nixos-generate-config</literal> and
<literal>nixos-install</literal>, but this also makes some man
pages and <literal>nixos-enter</literal> available, just in case
you want to chroot into your NixOS partition. NixOS installs
these by default, but you don't have NixOS yet..
these by default, but you dont have NixOS yet..
</para>
<programlisting>
$ nix-env -f '&lt;nixpkgs&gt;' -iA nixos-install-tools
@ -105,7 +105,7 @@ $ nix-env -f '&lt;nixpkgs&gt;' -iA nixos-install-tools
mounting steps of <xref linkend="sec-installation" />
</para>
<para>
If you're about to install NixOS in place using
If youre about to install NixOS in place using
<literal>NIXOS_LUSTRATE</literal> there is nothing to do for
this step.
</para>
@ -118,14 +118,14 @@ $ nix-env -f '&lt;nixpkgs&gt;' -iA nixos-install-tools
$ sudo `which nixos-generate-config` --root /mnt
</programlisting>
<para>
You'll probably want to edit the configuration files. Refer to
Youll probably want to edit the configuration files. Refer to
the <literal>nixos-generate-config</literal> step in
<xref linkend="sec-installation" /> for more information.
</para>
<para>
Consider setting up the NixOS bootloader to give you the ability
to boot on your existing Linux partition. For instance, if
you're using GRUB and your existing distribution is running
youre using GRUB and your existing distribution is running
Ubuntu, you may want to add something like this to your
<literal>configuration.nix</literal>:
</para>
@ -215,17 +215,17 @@ $ sudo `which nixos-generate-config`
</programlisting>
<para>
Note that this will place the generated configuration files in
<literal>/etc/nixos</literal>. You'll probably want to edit the
<literal>/etc/nixos</literal>. Youll probably want to edit the
configuration files. Refer to the
<literal>nixos-generate-config</literal> step in
<xref linkend="sec-installation" /> for more information.
</para>
<para>
You'll likely want to set a root password for your first boot
using the configuration files because you won't have a chance to
Youll likely want to set a root password for your first boot
using the configuration files because you wont have a chance to
enter a password until after you reboot. You can initialize the
root password to an empty one with this line: (and of course
don't forget to set one once you've rebooted or to lock the
dont forget to set one once youve rebooted or to lock the
account with <literal>sudo passwd -l root</literal> if you use
<literal>sudo</literal>)
</para>
@ -262,7 +262,7 @@ $ sudo chown -R 0:0 /nix
</para>
<para>
<literal>/etc/NIXOS_LUSTRATE</literal> tells the NixOS bootup
scripts to move <emphasis>everything</emphasis> that's in the
scripts to move <emphasis>everything</emphasis> thats in the
root partition to <literal>/old-root</literal>. This will move
your existing distribution out of the way in the very early
stages of the NixOS bootup. There are exceptions (we do need to
@ -294,7 +294,7 @@ $ sudo chown -R 0:0 /nix
wiping of the existing distribution. Creating
<literal>/etc/NIXOS_LUSTRATE</literal> can also be used on
NixOS to remove all mutable files from your root partition
(anything that's not in <literal>/nix</literal> or
(anything thats not in <literal>/nix</literal> or
<literal>/boot</literal> gets &quot;lustrated&quot; on the
next boot.
</para>
@ -307,14 +307,14 @@ $ sudo chown -R 0:0 /nix
</para>
</note>
<para>
Let's create the files:
Lets create the files:
</para>
<programlisting>
$ sudo touch /etc/NIXOS
$ sudo touch /etc/NIXOS_LUSTRATE
</programlisting>
<para>
Let's also make sure the NixOS configuration files are kept once
Lets also make sure the NixOS configuration files are kept once
we reboot on NixOS:
</para>
<programlisting>
@ -331,7 +331,7 @@ $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
<warning>
<para>
Once you complete this step, your current distribution will no
longer be bootable! If you didn't get all the NixOS
longer be bootable! If you didnt get all the NixOS
configuration right, especially those settings pertaining to
boot loading and root partition, NixOS may not be bootable
either. Have a USB rescue device ready in case this happens.
@ -349,7 +349,7 @@ sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
<listitem>
<para>
If for some reason you want to revert to the old distribution,
you'll need to boot on a USB rescue disk and do something along
youll need to boot on a USB rescue disk and do something along
these lines:
</para>
<programlisting>
@ -367,7 +367,7 @@ sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
loader.
</para>
<para>
And of course, if you're happy with NixOS and no longer need the
And of course, if youre happy with NixOS and no longer need the
old distribution:
</para>
<programlisting>
@ -376,7 +376,7 @@ sudo rm -rf /old-root
</listitem>
<listitem>
<para>
It's also worth noting that this whole process can be automated.
Its also worth noting that this whole process can be automated.
This is especially useful for Cloud VMs, where provider do not
provide NixOS. For instance,
<link xlink:href="https://github.com/elitak/nixos-infect">nixos-infect</link>

2
nixos/doc/manual/from_md/installation/installing-kexec.section.xml
View File

@ -54,7 +54,7 @@ nix-build -A kexec.x86_64-linux '&lt;nixpkgs/nixos/release.nix&gt;'
running Linux Distribution.
</para>
<para>
Note its symlinks pointing elsewhere, so <literal>cd</literal> in,
Note its symlinks pointing elsewhere, so <literal>cd</literal> in,
and use <literal>scp * root@$destination</literal> to copy it over,
rather than rsync.
</para>

6
nixos/doc/manual/from_md/installation/installing-usb.section.xml
View File

@ -116,9 +116,9 @@ sudo dd if=&lt;path-to-image&gt; of=/dev/rdiskX bs=4m
</para>
<note>
<para>
Using the 'raw' <literal>rdiskX</literal> device instead of
<literal>diskX</literal> with dd completes in minutes instead of
hours.
Using the <quote>raw</quote> <literal>rdiskX</literal> device
instead of <literal>diskX</literal> with dd completes in minutes
instead of hours.
</para>
</note>
<orderedlist numeration="arabic" spacing="compact">

8
nixos/doc/manual/from_md/installation/installing.chapter.xml
View File

@ -345,12 +345,12 @@ OK
<!-- legacy anchor -->
</para>
<para>
Here's an example partition scheme for UEFI, using
Heres an example partition scheme for UEFI, using
<literal>/dev/sda</literal> as the device.
</para>
<note>
<para>
You can safely ignore <literal>parted</literal>'s
You can safely ignore <literal>parted</literal>s
informational message about needing to update /etc/fstab.
</para>
</note>
@ -415,12 +415,12 @@ OK
<!-- legacy anchor -->
</para>
<para>
Here's an example partition scheme for Legacy Boot, using
Heres an example partition scheme for Legacy Boot, using
<literal>/dev/sda</literal> as the device.
</para>
<note>
<para>
You can safely ignore <literal>parted</literal>'s
You can safely ignore <literal>parted</literal>s
informational message about needing to update /etc/fstab.
</para>
</note>

14
nixos/doc/manual/from_md/release-notes/rl-1509.section.xml
View File

@ -14,7 +14,7 @@
<link xlink:href="http://hackage.haskell.org/">Hackage</link> --
well in excess of 8,000 Haskell packages. Detailed instructions
on how to use that infrastructure can be found in the
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">Users
Guide to the Haskell Infrastructure</link>. Users migrating from
an earlier release may find helpful information below, in the
list of backwards-incompatible changes. Furthermore, we
@ -464,7 +464,7 @@
</listitem>
<listitem>
<para>
Steam now doesn't need root rights to work. Instead of using
Steam now doesnt need root rights to work. Instead of using
<literal>*-steam-chrootenv</literal>, you should now just run
<literal>steam</literal>. <literal>steamChrootEnv</literal>
package was renamed to <literal>steam</literal>, and old
@ -542,7 +542,7 @@
inconvenience is the sheer size of the Haskell package set.
Name-based lookups are expensive, and most
<literal>nix-env -qa</literal> operations would become much
slower if we'd add the entire Hackage database into the top
slower if wed add the entire Hackage database into the top
level attribute set. Instead, the list of Haskell packages can
be displayed by running:
</para>
@ -566,13 +566,13 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.pandoc
<para>
Previous versions of NixOS came with a feature called
<literal>ghc-wrapper</literal>, a small script that allowed GHC
to transparently pick up on libraries installed in the user's
to transparently pick up on libraries installed in the users
profile. This feature has been deprecated;
<literal>ghc-wrapper</literal> was removed from the
distribution. The proper way to register Haskell libraries with
the compiler now is the
<literal>haskellPackages.ghcWithPackages</literal> function. The
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
<link xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">Users
Guide to the Haskell Infrastructure</link> provides more
information about this subject.
</para>
@ -593,7 +593,7 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.pandoc
have a function attribute called <literal>extension</literal>
that users could override in their
<literal>~/.nixpkgs/config.nix</literal> files to configure
additional attributes, etc. That function still exists, but it's
additional attributes, etc. That function still exists, but its
now called <literal>overrides</literal>.
</para>
</listitem>
@ -748,7 +748,7 @@ in
<literal>/etc/ssh/moduli</literal> file with respect to the
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
discovered in the Diffie-Hellman key exchange</link> can now
replace OpenSSH's default version with one they generated
replace OpenSSHs default version with one they generated
themselves using the new
<literal>services.openssh.moduliFile</literal> option.
</para>

14
nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
View File

@ -403,7 +403,7 @@ nginx.override {
</listitem>
<listitem>
<para>
<literal>s3sync</literal> is removed, as it hasn't been
<literal>s3sync</literal> is removed, as it hasnt been
developed by upstream for 4 years and only runs with ruby 1.8.
For an actively-developer alternative look at
<literal>tarsnap</literal> and others.
@ -411,7 +411,7 @@ nginx.override {
</listitem>
<listitem>
<para>
<literal>ruby_1_8</literal> has been removed as it's not
<literal>ruby_1_8</literal> has been removed as its not
supported from upstream anymore and probably contains security
issues.
</para>
@ -439,7 +439,7 @@ nginx.override {
<listitem>
<para>
The <literal>Ctrl+Alt+Backspace</literal> key combination no
longer kills the X server by default. There's a new option
longer kills the X server by default. Theres a new option
<literal>services.xserver.enableCtrlAltBackspace</literal>
allowing to enable the combination again.
</para>
@ -457,7 +457,7 @@ nginx.override {
<literal>/var/lib/postfix</literal>. Old configurations are
migrated automatically. <literal>service.postfix</literal>
module has also received many improvements, such as correct
directories' access rights, new <literal>aliasFiles</literal>
directories access rights, new <literal>aliasFiles</literal>
and <literal>mapFiles</literal> options and more.
</para>
</listitem>
@ -497,7 +497,7 @@ nginx.override {
<para>
There are also Gutenprint improvements; in particular, a new
option <literal>services.printing.gutenprint</literal> is added
to enable automatic updating of Gutenprint PPMs; it's greatly
to enable automatic updating of Gutenprint PPMs; its greatly
recommended to enable it instead of adding
<literal>gutenprint</literal> to the <literal>drivers</literal>
list.
@ -545,7 +545,7 @@ nginx.override {
<literal>services.udev.extraRules</literal> option now writes
rules to <literal>99-local.rules</literal> instead of
<literal>10-local.rules</literal>. This makes all the user rules
apply after others, so their results wouldn't be overridden by
apply after others, so their results wouldnt be overridden by
anything else.
</para>
</listitem>
@ -633,7 +633,7 @@ error: path /nix/store/*-broadcom-sta-* does not exist and cannot be creat
has been removed. GnuPG 2.1.x changed the way the gpg-agent
works, and that new approach no longer requires (or even
supports) the &quot;start everything as a child of the
agent&quot; scheme we've implemented in NixOS for older
agent&quot; scheme weve implemented in NixOS for older
versions. To configure the gpg-agent for your X session, add the
following code to <literal>~/.bashrc</literal> or some file
thats sourced when your shell is started:

6
nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
View File

@ -78,7 +78,7 @@
LTS Haskell package set. That support has been dropped. The
previously provided <literal>haskell.packages.lts-x_y</literal>
package sets still exist in name to aviod breaking user code,
but these package sets don't actually contain the versions
but these package sets dont actually contain the versions
mandated by the corresponding LTS release. Instead, our package
set it loosely based on the latest available LTS release, i.e.
LTS 7.x at the time of this writing. New releases of NixOS and
@ -119,7 +119,7 @@
</listitem>
<listitem>
<para>
Gitlab's maintainance script <literal>gitlab-runner</literal>
Gitlabs maintainance script <literal>gitlab-runner</literal>
was removed and split up into the more clearer
<literal>gitlab-run</literal> and <literal>gitlab-rake</literal>
scripts, because <literal>gitlab-runner</literal> is a component
@ -164,7 +164,7 @@
<para>
<literal>goPackages</literal> was replaced with separated Go
applications in appropriate <literal>nixpkgs</literal>
categories. Each Go package uses its own dependency set. There's
categories. Each Go package uses its own dependency set. Theres
also a new <literal>go2nix</literal> tool introduced to generate
a Go package definition from its Go source automatically.
</para>

10
nixos/doc/manual/from_md/release-notes/rl-1703.section.xml
View File

@ -22,7 +22,7 @@
</listitem>
<listitem>
<para>
The default desktop environment now is KDE's Plasma 5. KDE 4
The default desktop environment now is KDEs Plasma 5. KDE 4
has been removed
</para>
</listitem>
@ -560,7 +560,7 @@
Parsoid service now uses YAML configuration format.
<literal>service.parsoid.interwikis</literal> is now called
<literal>service.parsoid.wikis</literal> and is a list of
either API URLs or attribute sets as specified in parsoid's
either API URLs or attribute sets as specified in parsoids
documentation.
</para>
</listitem>
@ -647,7 +647,7 @@ in
<listitem>
<para>
<literal>local_recipient_maps</literal> is not set to empty
value by Postfix service. It's an insecure default as stated
value by Postfix service. Its an insecure default as stated
by Postfix documentation. Those who want to retain this
setting need to set it via
<literal>services.postfix.extraConfig</literal>.
@ -669,7 +669,7 @@ in
<listitem>
<para>
The socket handling of the <literal>services.rmilter</literal>
module has been fixed and refactored. As rmilter doesn't
module has been fixed and refactored. As rmilter doesnt
support binding to more than one socket, the options
<literal>bindUnixSockets</literal> and
<literal>bindInetSockets</literal> have been replaced by
@ -729,7 +729,7 @@ in
improves visual consistency and makes Java follow system font
style, improving the situation on HighDPI displays. This has a
cost of increased closure size; for server and other headless
workloads it's recommended to use
workloads its recommended to use
<literal>jre_headless</literal>.
</para>
</listitem>

34
nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
View File

@ -26,7 +26,7 @@
The module option
<literal>services.xserver.xrandrHeads</literal> now causes the
first head specified in this list to be set as the primary
head. Apart from that, it's now possible to also set
head. Apart from that, its now possible to also set
additional options by using an attribute set, for example:
</para>
<programlisting language="bash">
@ -543,7 +543,7 @@
</listitem>
<listitem>
<para>
Radicale's default package has changed from 1.x to 2.x.
Radicales default package has changed from 1.x to 2.x.
Instructions to migrate can be found
<link xlink:href="http://radicale.org/1to2/"> here
</link>. It is also possible to use the newer version by
@ -582,7 +582,7 @@
</listitem>
<listitem>
<para>
<literal>flexget</literal>'s state database cannot be upgraded
<literal>flexget</literal>s state database cannot be upgraded
to its new internal format, requiring removal of any existing
<literal>db-config.sqlite</literal> which will be
automatically recreated.
@ -590,9 +590,9 @@
</listitem>
<listitem>
<para>
The <literal>ipfs</literal> service now doesn't ignore the
<literal>dataDir</literal> option anymore. If you've ever set
this option to anything other than the default you'll have to
The <literal>ipfs</literal> service now doesnt ignore the
<literal>dataDir</literal> option anymore. If youve ever set
this option to anything other than the default youll have to
either unset it (so the default gets used) or migrate the old
data manually with
</para>
@ -651,16 +651,16 @@ rmdir /var/lib/ipfs/.ipfs
</listitem>
<listitem>
<para>
<literal>cc-wrapper</literal>'s setup-hook now exports a
<literal>cc-wrapper</literal><quote>s setup-hook now exports a
number of environment variables corresponding to binutils
binaries, (e.g. <literal>LD</literal>,
<literal>STRIP</literal>, <literal>RANLIB</literal>, etc).
This is done to prevent packages' build systems guessing,
which is harder to predict, especially when cross-compiling.
However, some packages have broken due to this—their build
systems either not supporting, or claiming to support without
adequate testing, taking such environment variables as
parameters.
This is done to prevent packages</quote> build systems
guessing, which is harder to predict, especially when
cross-compiling. However, some packages have broken due to
this—their build systems either not supporting, or claiming to
support without adequate testing, taking such environment
variables as parameters.
</para>
</listitem>
<listitem>
@ -688,10 +688,10 @@ rmdir /var/lib/ipfs/.ipfs
</listitem>
<listitem>
<para>
grsecurity/PaX support has been dropped, following upstream's
grsecurity/PaX support has been dropped, following upstreams
decision to cease free support. See
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
upstream's announcement</link> for more information. No
upstreams announcement</link> for more information. No
complete replacement for grsecurity/PaX is available
presently.
</para>
@ -794,7 +794,7 @@ FLUSH PRIVILEGES;
<para>
Modules can now be disabled by using
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
disabledModules</link>, allowing another to take it's place.
disabledModules</link>, allowing another to take its place.
This can be used to import a set of modules from another
channel while keeping the rest of the system on a stable
release.
@ -808,7 +808,7 @@ FLUSH PRIVILEGES;
provided by fontconfig-penultimate, replacing
fontconfig-ultimate; the new defaults are less invasive and
provide rendering that is more consistent with other systems
and hopefully with each font designer's intent. Some
and hopefully with each font designers intent. Some
system-wide configuration has been removed from the Fontconfig
NixOS module where user Fontconfig settings are available.
</para>

12
nixos/doc/manual/from_md/release-notes/rl-1803.section.xml
View File

@ -16,9 +16,9 @@
<listitem>
<para>
Platform support: x86_64-linux and x86_64-darwin since release
time (the latter isn't NixOS, really). Binaries for
time (the latter isnt NixOS, really). Binaries for
aarch64-linux are available, but no channel exists yet, as
it's waiting for some test fixes, etc.
its waiting for some test fixes, etc.
</para>
</listitem>
<listitem>
@ -497,7 +497,7 @@
with new types of dependencies that go with, is thoroughly
documented in the &quot;Specifying dependencies&quot; section
of the &quot;Standard Environment&quot; chapter of the nixpkgs
manual. The old logic isn't but is easy to describe:
manual. The old logic isnt but is easy to describe:
dependencies were propagated as the same type of dependency no
matter what. In practice, that means that many
<literal>propagatedNativeBuildInputs</literal> should instead
@ -541,7 +541,7 @@
Previously, if other options in the Postfix module like
<literal>services.postfix.useSrs</literal> were set and the
user set config options that were also set by such options,
the resulting config wouldn't include all options that were
the resulting config wouldnt include all options that were
needed. They are now merged correctly. If config options need
to be overridden, <literal>lib.mkForce</literal> or
<literal>lib.mkOverride</literal> can be used.
@ -626,7 +626,7 @@
if <literal>config.networking.domain</literal> is set,
<literal>matomo.${config.networking.hostName}</literal> if
it is not set. If you change your
<literal>serverName</literal>, remember you'll need to
<literal>serverName</literal>, remember youll need to
update the <literal>trustedHosts[]</literal> array in
<literal>/var/lib/matomo/config/config.ini.php</literal>
as well.
@ -793,7 +793,7 @@
<para>
<literal>services.btrfs.autoScrub</literal> has been added, to
periodically check btrfs filesystems for data corruption. If
there's a correct copy available, it will automatically repair
theres a correct copy available, it will automatically repair
corrupted blocks.
</para>
</listitem>

12
nixos/doc/manual/from_md/release-notes/rl-1809.section.xml
View File

@ -523,8 +523,8 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<listitem>
<para>
The <literal>netcat</literal> package is now taken directly
from OpenBSD's <literal>libressl</literal>, instead of relying
on Debian's fork. The new version should be very close to the
from OpenBSDs <literal>libressl</literal>, instead of relying
on Debians fork. The new version should be very close to the
old version, but there are some minor differences.
Importantly, flags like -b, -q, -C, and -Z are no longer
accepted by the nc command.
@ -533,7 +533,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<listitem>
<para>
The <literal>services.docker-registry.extraConfig</literal>
object doesn't contain environment variables anymore. Instead
object doesnt contain environment variables anymore. Instead
it needs to provide an object structure that can be mapped
onto the YAML configuration defined in
<link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the
@ -543,7 +543,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<listitem>
<para>
<literal>gnucash</literal> has changed from version 2.4 to
3.x. If you've been using <literal>gnucash</literal> (version
3.x. If youve been using <literal>gnucash</literal> (version
2.4) instead of <literal>gnucash26</literal> (version 2.6) you
must open your Gnucash data file(s) with
<literal>gnucash26</literal> and then save them to upgrade the
@ -874,7 +874,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
The <literal>programs.screen</literal> module provides allows
to configure <literal>/etc/screenrc</literal>, however the
module behaved fairly counterintuitive as the config exists,
but the package wasn't available. Since 18.09
but the package wasnt available. Since 18.09
<literal>pkgs.screen</literal> will be added to
<literal>environment.systemPackages</literal>.
</para>
@ -920,7 +920,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<para>
NixOS option descriptions are now automatically broken up into
individual paragraphs if the text contains two consecutive
newlines, so it's no longer necessary to use
newlines, so its no longer necessary to use
<literal>&lt;/para&gt;&lt;para&gt;</literal> to start a new
paragraph.
</para>

22
nixos/doc/manual/from_md/release-notes/rl-1903.section.xml
View File

@ -29,9 +29,9 @@
<para>
By default,
<literal>services.xserver.desktopManager.pantheon</literal>
enables LightDM as a display manager, as pantheon's screen
enables LightDM as a display manager, as pantheons screen
locking implementation relies on it. Because of that it is
recommended to leave LightDM enabled. If you'd like to
recommended to leave LightDM enabled. If youd like to
disable it anyway, set
<literal>services.xserver.displayManager.lightdm.enable</literal>
to <literal>false</literal> and enable your preferred
@ -39,8 +39,8 @@
</para>
</note>
<para>
Also note that Pantheon's LightDM greeter is not enabled by
default, because it has numerous issues in NixOS and isn't
Also note that Pantheons LightDM greeter is not enabled by
default, because it has numerous issues in NixOS and isnt
optimal for use here yet.
</para>
</listitem>
@ -200,7 +200,7 @@
<listitem>
<para>
The <literal>ntp</literal> module now has sane default
restrictions. If you're relying on the previous defaults,
restrictions. If youre relying on the previous defaults,
which permitted all queries and commands from all
firewall-permitted sources, you can set
<literal>services.ntp.restrictDefault</literal> and
@ -360,9 +360,9 @@
presence of <literal>services.sssd.enable = true</literal>
because nscd caching would interfere with
<literal>sssd</literal> in unpredictable ways as well. Because
we're using nscd not for caching, but for convincing glibc to
were using nscd not for caching, but for convincing glibc to
find NSS modules in the nix store instead of an absolute path,
we have decided to disable caching globally now, as it's
we have decided to disable caching globally now, as its
usually not the behaviour the user wants and can lead to
surprising behaviour. Furthermore, negative caching of host
lookups is also disabled now by default. This should fix the
@ -453,7 +453,7 @@
with its control field set to <literal>sufficient</literal>
instead of <literal>required</literal>, so that password
managed only by later PAM password modules are being executed.
Previously, for example, changing an LDAP account's password
Previously, for example, changing an LDAP accounts password
through PAM was not possible: the whole password module
verification was exited prematurely by
<literal>pam_unix</literal>, preventing
@ -497,11 +497,11 @@
<link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the
last version to accept self-signed certificates</link>. As
such, it is now recommended to use a proper certificate
verified by a root CA (for example Let's Encrypt). The new
verified by a root CA (for example Lets Encrypt). The new
<link linkend="module-services-matrix">manual chapter on
Matrix</link> contains a working example of using nginx as a
reverse proxy in front of <literal>matrix-synapse</literal>,
using Let's Encrypt certificates.
using Lets Encrypt certificates.
</para>
</listitem>
<listitem>
@ -682,7 +682,7 @@
<link xlink:href="options.html#opt-services.ndppd.enable">all
config options</link> provided by the current upstream version
as service options. Additionally the <literal>ndppd</literal>
package doesn't contain the systemd unit configuration from
package doesnt contain the systemd unit configuration from
upstream anymore, the unit is completely configured by the
NixOS module now.
</para>

42
nixos/doc/manual/from_md/release-notes/rl-1909.section.xml
View File

@ -82,13 +82,13 @@
</listitem>
<listitem>
<para>
We've updated to Xfce 4.14, which brings a new module
Weve updated to Xfce 4.14, which brings a new module
<literal>services.xserver.desktopManager.xfce4-14</literal>.
If you'd like to upgrade, please switch from the
If youd like to upgrade, please switch from the
<literal>services.xserver.desktopManager.xfce</literal> module
as it will be deprecated in a future release. They're
incompatibilities with the current Xfce module; it doesn't
support <literal>thunarPlugins</literal> and it isn't
as it will be deprecated in a future release. Theyre
incompatibilities with the current Xfce module; it doesnt
support <literal>thunarPlugins</literal> and it isnt
recommended to use
<literal>services.xserver.desktopManager.xfce</literal> and
<literal>services.xserver.desktopManager.xfce4-14</literal>
@ -125,7 +125,7 @@
</itemizedlist>
<para>
With these options we hope to give users finer grained control
over their systems. Prior to this change you'd either have to
over their systems. Prior to this change youd either have to
manually disable options or use
<literal>environment.gnome3.excludePackages</literal> which
only excluded the optional applications.
@ -138,7 +138,7 @@
<listitem>
<para>
Orthogonal to the previous changes to the GNOME 3 desktop
manager module, we've updated all default services and
manager module, weve updated all default services and
applications to match as close as possible to a default
reference GNOME 3 experience.
</para>
@ -295,7 +295,7 @@
<literal>services.xserver.desktopManager.mate</literal>
Note Mate uses
<literal>programs.system-config-printer</literal> as it
doesn't use it as a service, but its graphical interface
doesnt use it as a service, but its graphical interface
directly.
</para>
</listitem>
@ -347,7 +347,7 @@
<literal>services.prometheus.alertmanager.user</literal> and
<literal>services.prometheus.alertmanager.group</literal> have
been removed because the alertmanager service is now using
systemd's
systemds
<link xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
DynamicUser mechanism</link> which obviates these options.
</para>
@ -366,7 +366,7 @@
The <literal>services.nzbget.configFile</literal> and
<literal>services.nzbget.openFirewall</literal> options were
removed as they are managed internally by the nzbget. The
<literal>services.nzbget.dataDir</literal> option hadn't
<literal>services.nzbget.dataDir</literal> option hadnt
actually been used by the module for some time and so was
removed as cleanup.
</para>
@ -475,7 +475,7 @@
Make sure you set the <literal>_netdev</literal> option for
each of the file systems referring to block devices provided
by the autoLuks module. Not doing this might render the system
in a state where it doesn't boot anymore.
in a state where it doesnt boot anymore.
</para>
<para>
If you are actively using the <literal>autoLuks</literal>
@ -667,7 +667,7 @@
instead of depending on the catch-all
<literal>acme-certificates.target</literal>. This target unit
was also removed from the codebase. This will mean nginx will
no longer depend on certificates it isn't explicitly managing
no longer depend on certificates it isnt explicitly managing
and fixes a bug with certificate renewal ordering racing with
nginx restarting which could lead to nginx getting in a broken
state as described at
@ -687,8 +687,8 @@
<literal>services.xserver.desktopManager.xterm</literal> is
now disabled by default if <literal>stateVersion</literal> is
19.09 or higher. Previously the xterm desktopManager was
enabled when xserver was enabled, but it isn't useful for all
people so it didn't make sense to have any desktopManager
enabled when xserver was enabled, but it isnt useful for all
people so it didnt make sense to have any desktopManager
enabled default.
</para>
</listitem>
@ -696,7 +696,7 @@
<para>
The WeeChat plugin
<literal>pkgs.weechatScripts.weechat-xmpp</literal> has been
removed as it doesn't receive any updates from upstream and
removed as it doesnt receive any updates from upstream and
depends on outdated Python2-based modules.
</para>
</listitem>
@ -744,8 +744,8 @@
<literal>services.gitlab.secrets.dbFile</literal>,
<literal>services.gitlab.secrets.otpFile</literal> and
<literal>services.gitlab.secrets.jwsFile</literal>). This was
done so that secrets aren't stored in the world-readable nix
store, but means that for each option you'll have to create a
done so that secrets arent stored in the world-readable nix
store, but means that for each option youll have to create a
file with the same exact string, add &quot;File&quot; to the
end of the option name, and change the definition to a string
pointing to the corresponding file; e.g.
@ -791,7 +791,7 @@
<listitem>
<para>
The <literal>nodejs-11_x</literal> package has been removed as
it's EOLed by upstream.
its EOLed by upstream.
</para>
</listitem>
<listitem>
@ -961,7 +961,7 @@
from the upstream default <literal>speex-float-1</literal> to
<literal>speex-float-5</literal>. Be aware that low-powered
ARM-based and MIPS-based boards will struggle with this so
you'll need to set
youll need to set
<literal>hardware.pulseaudio.daemon.config.resample-method</literal>
back to <literal>speex-float-1</literal>.
</para>
@ -1004,7 +1004,7 @@
</listitem>
<listitem>
<para>
It's now possible to change configuration in
Its now possible to change configuration in
<link xlink:href="options.html#opt-services.nextcloud.enable">services.nextcloud</link>
after the initial deploy since all config parameters are
persisted in an additional config file generated by the
@ -1178,7 +1178,7 @@
<link xlink:href="https://ceph.com/releases/v14-2-0-nautilus-released/">release
notes</link> for details. The mgr dashboard as well as osds
backed by loop-devices is no longer explicitly supported by
the package and module. Note: There's been some issues with
the package and module. Note: Theres been some issues with
python-cherrypy, which is used by the dashboard and prometheus
mgr modules (and possibly others), hence
0000-dont-check-cherrypy-version.patch.

60
nixos/doc/manual/from_md/release-notes/rl-2003.section.xml
View File

@ -73,7 +73,7 @@
<listitem>
<para>
The graphical installer image starts the graphical session
automatically. Before you'd be greeted by a tty and asked to
automatically. Before youd be greeted by a tty and asked to
enter <literal>systemctl start display-manager</literal>. It
is now possible to disable the display-manager from running by
selecting the <literal>Disable display-manager</literal> quirk
@ -93,7 +93,7 @@
<link xlink:href="options.html#opt-services.xserver.desktopManager.pantheon.enable">services.xserver.desktopManager.pantheon.enable</link>,
we now default to also use
<link xlink:href="https://blog.elementary.io/say-hello-to-the-new-greeter/">
Pantheon's newly designed greeter </link>. Contrary to NixOS's
Pantheons newly designed greeter </link>. Contrary to NixOSs
usual update policy, Pantheon will receive updates during the
cycle of NixOS 20.03 when backwards compatible.
</para>
@ -196,7 +196,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
</listitem>
<listitem>
<para>
UPower's configuration is now managed by NixOS and can be
UPowers configuration is now managed by NixOS and can be
customized via <literal>services.upower</literal>.
</para>
</listitem>
@ -505,7 +505,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
</para>
<para>
We already don't support the global
We already dont support the global
<link xlink:href="options.html#opt-networking.useDHCP">networking.useDHCP</link>,
<link xlink:href="options.html#opt-networking.defaultGateway">networking.defaultGateway</link>
and
@ -522,7 +522,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
The stdenv now runs all bash with <literal>set -u</literal>,
to catch the use of undefined variables. Before, it itself
used <literal>set -u</literal> but was careful to unset it so
other packages' code ran as before. Now, all bash code is held
other packages code ran as before. Now, all bash code is held
to the same high standard, and the rather complex stateful
manipulation of the options can be discarded.
</para>
@ -558,7 +558,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
<literal>xfceUnstable</literal> all now point to the latest
Xfce 4.14 packages. And in the future NixOS releases will be
the latest released version of Xfce available at the time of
the release's development (if viable).
the releases development (if viable).
</para>
</listitem>
<listitem>
@ -662,7 +662,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
<listitem>
<para>
The <literal>dump1090</literal> derivation has been changed to
use FlightAware's dump1090 as its upstream. However, this
use FlightAwares dump1090 as its upstream. However, this
version does not have an internal webserver anymore. The
assets in the <literal>share/dump1090</literal> directory of
the derivation can be used in conjunction with an external
@ -890,7 +890,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
<listitem>
<para>
The<literal>services.buildkite-agent.openssh.publicKeyPath</literal>
option has been removed, as it's not necessary to deploy
option has been removed, as its not necessary to deploy
public keys to clone private repositories.
</para>
</listitem>
@ -932,7 +932,7 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
The <literal>services.xserver.displayManager.auto</literal>
module has been removed. It was only intended for use in
internal NixOS tests, and gave the false impression of it
being a special display manager when it's actually LightDM.
being a special display manager when its actually LightDM.
Please use the
<literal>services.xserver.displayManager.lightdm.autoLogin</literal>
options instead, or any other display manager in NixOS as they
@ -962,13 +962,13 @@ See https://github.com/NixOS/nixpkgs/pull/71684 for details.
auth required pam_succeed_if.so quiet
</programlisting>
<para>
line, where default it's:
line, where default its:
</para>
<programlisting>
auth required pam_succeed_if.so uid &gt;= 1000 quiet
</programlisting>
<para>
not permitting users with uid's below 1000 (like root). All
not permitting users with uids below 1000 (like root). All
other display managers in NixOS are configured like this.
</para>
</listitem>
@ -1051,14 +1051,14 @@ auth required pam_succeed_if.so quiet
<listitem>
<para>
The <literal>*psu</literal> versions of oraclejdk8 have been
removed as they aren't provided by upstream anymore.
removed as they arent provided by upstream anymore.
</para>
</listitem>
<listitem>
<para>
The <literal>services.dnscrypt-proxy</literal> module has been
removed as it used the deprecated version of dnscrypt-proxy.
We've added
Weve added
<link xlink:href="options.html#opt-services.dnscrypt-proxy2.enable">services.dnscrypt-proxy2.enable</link>
to use the supported version. This module supports
configuration via the Nix attribute set
@ -1093,7 +1093,7 @@ auth required pam_succeed_if.so quiet
</listitem>
<listitem>
<para>
sqldeveloper_18 has been removed as it's not maintained
sqldeveloper_18 has been removed as its not maintained
anymore, sqldeveloper has been updated to version
<literal>19.4</literal>. Please note that this means that this
means that the oraclejdk is now required. For further
@ -1110,7 +1110,7 @@ auth required pam_succeed_if.so quiet
the different lists of dependencies mashed together as one big
list, and then partitioning into Haskell and non-Hakell
dependencies, they work from the original many different
dependency parameters and don't need to algorithmically
dependency parameters and dont need to algorithmically
partition anything.
</para>
<para>
@ -1123,7 +1123,7 @@ auth required pam_succeed_if.so quiet
</listitem>
<listitem>
<para>
The gcc-snapshot-package has been removed. It's marked as
The gcc-snapshot-package has been removed. Its marked as
broken for &gt;2 years and used to point to a fairly old
snapshot from the gcc7-branch.
</para>
@ -1158,7 +1158,7 @@ auth required pam_succeed_if.so quiet
<listitem>
<para>
nextcloud has been updated to <literal>v18.0.2</literal>. This
means that users from NixOS 19.09 can't upgrade directly since
means that users from NixOS 19.09 cant upgrade directly since
you can only move one version forward and 19.09 uses
<literal>v16.0.8</literal>.
</para>
@ -1181,7 +1181,7 @@ auth required pam_succeed_if.so quiet
Existing setups will be detected using
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>:
by default, nextcloud17 will be used, but will raise a
warning which notes that after that deploy it's
warning which notes that after that deploy its
recommended to update to the latest stable version
(nextcloud18) by declaring the newly introduced setting
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>.
@ -1194,7 +1194,7 @@ auth required pam_succeed_if.so quiet
get an evaluation error by default. This is done to ensure
that our
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>-option
doesn't select an older version by accident. It's
doesnt select an older version by accident. Its
recommended to use pkgs.nextcloud18 or to set
<link xlink:href="options.html#opt-services.nextcloud.package">package</link>
to pkgs.nextcloud explicitly.
@ -1203,7 +1203,7 @@ auth required pam_succeed_if.so quiet
</itemizedlist>
<warning>
<para>
Please note that if you're coming from
Please note that if youre coming from
<literal>19.03</literal> or older, you have to manually
upgrade to <literal>19.09</literal> first to upgrade your
server to Nextcloud v16.
@ -1215,7 +1215,7 @@ auth required pam_succeed_if.so quiet
Hydra has gained a massive performance improvement due to
<link xlink:href="https://github.com/NixOS/hydra/pull/710">some
database schema changes</link> by adding several IDs and
better indexing. However, it's necessary to upgrade Hydra in
better indexing. However, its necessary to upgrade Hydra in
multiple steps:
</para>
<itemizedlist>
@ -1266,12 +1266,12 @@ $ hydra-backfill-ids
<link xlink:href="options.html#opt-system.stateVersion">stateVersion</link>
is set to <literal>20.03</literal> or greater,
hydra-unstable will be used automatically! This will break
your setup if you didn't run the migration.
your setup if you didnt run the migration.
</para>
</warning>
<para>
Please note that Hydra is currently not available with
nixStable as this doesn't compile anymore.
nixStable as this doesnt compile anymore.
</para>
<warning>
<para>
@ -1281,7 +1281,7 @@ $ hydra-backfill-ids
assertion error will be thrown. To circumvent this, you need
to set
<link xlink:href="options.html#opt-services.hydra.package">services.hydra.package</link>
to pkgs.hydra explicitly and make sure you know what you're
to pkgs.hydra explicitly and make sure you know what youre
doing!
</para>
</warning>
@ -1413,14 +1413,14 @@ $ hydra-backfill-ids
<itemizedlist>
<listitem>
<para>
If you use <literal>sqlite3</literal> you don't need to do
If you use <literal>sqlite3</literal> you dont need to do
anything.
</para>
</listitem>
<listitem>
<para>
If you use <literal>postgresql</literal> on a different
server, you don't need to change anything as well since
server, you dont need to change anything as well since
this module was never designed to configure remote
databases.
</para>
@ -1460,7 +1460,7 @@ $ hydra-backfill-ids
<literal>nixos-unstable</literal> <emphasis>after</emphasis>
the <literal>19.09</literal>-release, your database is
misconfigured due to a regression in NixOS. For now,
matrix-synapse will startup with a warning, but it's
matrix-synapse will startup with a warning, but its
recommended to reconfigure the database to set the values
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal>
to
@ -1473,7 +1473,7 @@ $ hydra-backfill-ids
<link xlink:href="options.html#opt-systemd.network.links">systemd.network.links</link>
option is now respected even when
<link xlink:href="options.html#opt-systemd.network.enable">systemd-networkd</link>
is disabled. This mirrors the behaviour of systemd - It's udev
is disabled. This mirrors the behaviour of systemd - Its udev
that parses <literal>.link</literal> files, not
<literal>systemd-networkd</literal>.
</para>
@ -1486,8 +1486,8 @@ $ hydra-backfill-ids
<para>
Please note that mongodb has been relicensed under their own
<link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal> sspl</literal></link>-license.
Since it's not entirely free and not OSI-approved, it's
listed as non-free. This means that Hydra doesn't provide
Since its not entirely free and not OSI-approved, its
listed as non-free. This means that Hydra doesnt provide
prebuilt mongodb-packages and needs to be built locally.
</para>
</warning>

46
nixos/doc/manual/from_md/release-notes/rl-2009.section.xml
View File

@ -722,7 +722,7 @@
See
<link xlink:href="https://mariadb.com/kb/en/authentication-from-mariadb-104/">Authentication
from MariaDB 10.4</link>. unix_socket auth plugin does not use
a password, and uses the connecting user's UID instead. When a
a password, and uses the connecting users UID instead. When a
new MariaDB data directory is initialized, two MariaDB users
are created and can be used with new unix_socket auth plugin,
as well as traditional mysql_native_password plugin:
@ -864,7 +864,7 @@ WHERE table_schema = &quot;zabbix&quot; AND COLLATION_NAME = &quot;utf8_general_
<para>
<literal>buildGoModule</literal> now internally creates a
vendor directory in the source tree for downloaded modules
instead of using go's
instead of using gos
<link xlink:href="https://golang.org/cmd/go/#hdr-Module_proxy_protocol">module
proxy protocol</link>. This storage format is simpler and
therefore less likely to break with future versions of go. As
@ -941,17 +941,17 @@ WHERE table_schema = &quot;zabbix&quot; AND COLLATION_NAME = &quot;utf8_general_
<para>
If you used the
<literal>boot.initrd.network.ssh.host*Key</literal> options,
you'll get an error explaining how to convert your host keys
youll get an error explaining how to convert your host keys
and migrate to the new
<literal>boot.initrd.network.ssh.hostKeys</literal> option.
Otherwise, if you don't have any host keys set, you'll need to
Otherwise, if you dont have any host keys set, youll need to
generate some; see the <literal>hostKeys</literal> option
documentation for instructions.
</para>
</listitem>
<listitem>
<para>
Since this release there's an easy way to customize your PHP
Since this release theres an easy way to customize your PHP
install to get a much smaller base PHP with only wanted
extensions enabled. See the following snippet installing a
smaller PHP with the extensions <literal>imagick</literal>,
@ -973,7 +973,7 @@ WHERE table_schema = &quot;zabbix&quot; AND COLLATION_NAME = &quot;utf8_general_
}
</programlisting>
<para>
The default <literal>php</literal> attribute hasn't lost any
The default <literal>php</literal> attribute hasnt lost any
extensions. The <literal>opcache</literal> extension has been
added. All upstream PHP extensions are available under
php.extensions.&lt;name?&gt;.
@ -1162,7 +1162,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
<para>
The <literal>systemd-networkd</literal> option
<literal>systemd.network.networks.&lt;name&gt;.dhcp.CriticalConnection</literal>
has been removed following upstream systemd's deprecation of
has been removed following upstream systemds deprecation of
the same. It is recommended to use
<literal>systemd.network.networks.&lt;name&gt;.networkConfig.KeepConfiguration</literal>
instead. See systemd.network 5 for details.
@ -1174,7 +1174,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
<literal>systemd.network.networks._name_.dhcpConfig</literal>
has been renamed to
<link xlink:href="options.html#opt-systemd.network.networks._name_.dhcpV4Config">systemd.network.networks.<emphasis>name</emphasis>.dhcpV4Config</link>
following upstream systemd's documentation change. See
following upstream systemds documentation change. See
systemd.network 5 for details.
</para>
</listitem>
@ -1283,7 +1283,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
The
<link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
package and NixOS module have been removed from Nixpkgs as the
software is unmaintained and can't be built. For more
software is unmaintained and cant be built. For more
information see issue
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
</para>
@ -1350,7 +1350,7 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
</listitem>
<listitem>
<para>
Radicale's default package has changed from 2.x to 3.x. An
Radicales default package has changed from 2.x to 3.x. An
upgrade checklist can be found
<link xlink:href="https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist">here</link>.
You can use the newer version in the NixOS service by setting
@ -1587,7 +1587,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
<listitem>
<para>
The <literal>security.rngd</literal> service is now disabled
by default. This choice was made because there's krngd in the
by default. This choice was made because theres krngd in the
linux kernel space making it (for most usecases) functionally
redundent.
</para>
@ -1609,13 +1609,13 @@ CREATE ROLE postgres LOGIN SUPERUSER;
will be EOL (end of life) within the lifetime of 20.09</link>.
</para>
<para>
It's necessary to upgrade to nextcloud19:
Its necessary to upgrade to nextcloud19:
</para>
<itemizedlist>
<listitem>
<para>
From nextcloud17, you have to upgrade to nextcloud18 first
as Nextcloud doesn't allow going multiple major revisions
as Nextcloud doesnt allow going multiple major revisions
forward in a single upgrade. This is possible by setting
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
to nextcloud18.
@ -1623,7 +1623,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
</listitem>
<listitem>
<para>
From nextcloud18, it's possible to directly upgrade to
From nextcloud18, its possible to directly upgrade to
nextcloud19 by setting
<link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>
to nextcloud19.
@ -1685,7 +1685,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
<listitem>
<para>
The notmuch package moves its emacs-related binaries and emacs
lisp files to a separate output. They're not part of the
lisp files to a separate output. Theyre not part of the
default <literal>out</literal> output anymore - if you relied
on the <literal>notmuch-emacs-mua</literal> binary or the
emacs lisp files, access them via the
@ -1736,7 +1736,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
</listitem>
<listitem>
<para>
The cc- and binutils-wrapper's &quot;infix salt&quot; and
The cc- and binutils-wrappers &quot;infix salt&quot; and
<literal>_BUILD_</literal> and <literal>_TARGET_</literal>
user infixes have been replaced with with a &quot;suffix
salt&quot; and suffixes and <literal>_FOR_BUILD</literal> and
@ -1774,8 +1774,8 @@ CREATE ROLE postgres LOGIN SUPERUSER;
<literal>network-link-*</literal> units, which have been
removed. Bringing the interface up has been moved to the
beginning of the <literal>network-addresses-*</literal> unit.
Note this doesn't require <literal>systemd-networkd</literal>
- it's udev that parses <literal>.link</literal> files. Extra
Note this doesnt require <literal>systemd-networkd</literal>
- its udev that parses <literal>.link</literal> files. Extra
care needs to be taken in the presence of
<link xlink:href="https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME">legacy
udev rules</link> to rename interfaces, as MAC Address and MTU
@ -1850,7 +1850,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
With this release <literal>systemd-networkd</literal> (when
enabled through
<link xlink:href="options.html#opt-networking.useNetworkd">networking.useNetworkd</link>)
has it's netlink socket created through a
has its netlink socket created through a
<literal>systemd.socket</literal> unit. This gives us control
over socket buffer sizes and other parameters. For larger
setups where networkd has to create a lot of (virtual) devices
@ -1873,7 +1873,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
</para>
<para>
Since the actual memory requirements depend on hardware,
timing, exact configurations etc. it isn't currently possible
timing, exact configurations etc. it isnt currently possible
to infer a good default from within the NixOS module system.
Administrators are advised to monitor the logs of
<literal>systemd-networkd</literal> for
@ -1882,7 +1882,7 @@ CREATE ROLE postgres LOGIN SUPERUSER;
</para>
<para>
Note: Increasing the <literal>ReceiveBufferSize=</literal>
doesn't allocate any memory. It just increases the upper bound
doesnt allocate any memory. It just increases the upper bound
on the kernel side. The memory allocation depends on the
amount of messages that are queued on the kernel side of the
netlink socket.
@ -1934,8 +1934,8 @@ CREATE ROLE postgres LOGIN SUPERUSER;
</para>
<para>
If you have an existing installation, please make sure that
you're on nextcloud18 before upgrading to nextcloud19 since
Nextcloud doesn't support upgrades across multiple major
youre on nextcloud18 before upgrading to nextcloud19 since
Nextcloud doesnt support upgrades across multiple major
versions.
</para>
</listitem>

34
nixos/doc/manual/from_md/release-notes/rl-2105.section.xml
View File

@ -237,7 +237,7 @@
installs the upstream-provided 80-iwd.link file, which sets
the NamePolicy= for all wlan devices to &quot;keep
kernel&quot;, to avoid race conditions between iwd and
networkd. If you don't want this, you can set
networkd. If you dont want this, you can set
<literal>systemd.network.links.&quot;80-iwd&quot; = lib.mkForce {}</literal>.
</para>
</listitem>
@ -245,7 +245,7 @@
<para>
<literal>rubyMinimal</literal> was removed due to being unused
and unusable. The default ruby interpreter includes JIT
support, which makes it reference it's compiler. Since JIT
support, which makes it reference its compiler. Since JIT
support is probably needed by some Gems, it was decided to
enable this feature with all cc references by default, and
allow to build a Ruby derivation without references to cc, by
@ -427,7 +427,7 @@
<para>
<link xlink:href="options.html#opt-networking.wireguard.interfaces">networking.wireguard.interfaces.&lt;name&gt;.generatePrivateKeyFile</link>,
which is off by default, had a <literal>chmod</literal> race
condition fixed. As an aside, the parent directory's
condition fixed. As an aside, the parent directorys
permissions were widened, and the key files were made
owner-writable. This only affects newly created keys. However,
if the exact permissions are important for your setup, read
@ -527,7 +527,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
this directory are guarded to only run if the files they
want to manipulate do not already exist, and so will not
re-apply their changes if the IMDS response changes.
Examples: <literal>root</literal>'s SSH key is only added if
Examples: <literal>root</literal>s SSH key is only added if
<literal>/root/.ssh/authorized_keys</literal> does not
exist, and SSH host keys are only set from user data if they
do not exist in <literal>/etc/ssh</literal>.
@ -550,7 +550,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
configures Privoxy, and the
<literal>services.tor.client.privoxy.enable</literal> option
has been removed. To enable Privoxy, and to configure it to
use Tor's faster port, use the following configuration:
use Tors faster port, use the following configuration:
</para>
<programlisting language="bash">
{
@ -628,7 +628,7 @@ $ slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))'
exporter no longer accepts a fixed command-line parameter to
specify the URL of the endpoint serving JSON. It now expects
this URL to be passed as an URL parameter, when scraping the
exporter's <literal>/probe</literal> endpoint. In the
exporters <literal>/probe</literal> endpoint. In the
prometheus scrape configuration the scrape target might look
like this:
</para>
@ -790,7 +790,7 @@ self: super:
for any device that the kernel recognises as an hardware RNG,
as it will automatically run the krngd task to periodically
collect random data from the device and mix it into the
kernel's RNG.
kernels RNG.
</para>
<para>
The default SMTP port for GitLab has been changed to
@ -893,7 +893,7 @@ self: super:
<literal>services.minio.dataDir</literal> changed type to a
list of paths, required for specifiyng multiple data
directories for using with erasure coding. Currently, the
service doesn't enforce nor checks the correct number of paths
service doesnt enforce nor checks the correct number of paths
to correspond to minio requirements.
</para>
</listitem>
@ -910,7 +910,7 @@ self: super:
<literal>dvorak-programmer</literal> in
<literal>console.keyMap</literal> now instead of
<literal>dvp</literal>. In
<literal>services.xserver.xkbVariant</literal> it's still
<literal>services.xserver.xkbVariant</literal> its still
<literal>dvp</literal>.
</para>
</listitem>
@ -954,7 +954,7 @@ self: super:
supported.
</para>
<para>
Furthermore, Radicale's systemd unit was hardened which might
Furthermore, Radicales systemd unit was hardened which might
break some deployments. In particular, a non-default
<literal>filesystem_folder</literal> has to be added to
<literal>systemd.services.radicale.serviceConfig.ReadWritePaths</literal>
@ -991,7 +991,7 @@ self: super:
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link>
has a <literal>pkgs</literal> attribute set, and there's a
has a <literal>pkgs</literal> attribute set, and theres a
<literal>gnuradio.callPackage</literal> function that extends
<literal>pkgs</literal> with a
<literal>mkDerivation</literal>, and a
@ -1098,9 +1098,9 @@ self: super:
<listitem>
<para>
The default-version of <literal>nextcloud</literal> is
nextcloud21. Please note that it's <emphasis>not</emphasis>
nextcloud21. Please note that its <emphasis>not</emphasis>
possible to upgrade <literal>nextcloud</literal> across
multiple major versions! This means that it's e.g. not
multiple major versions! This means that its e.g. not
possible to upgrade from nextcloud18 to nextcloud20 in a
single deploy and most <literal>20.09</literal> users will
have to upgrade to nextcloud20 first.
@ -1122,7 +1122,7 @@ self: super:
</listitem>
<listitem>
<para>
NixOS now emits a deprecation warning if systemd's
NixOS now emits a deprecation warning if systemds
<literal>StartLimitInterval</literal> setting is used in a
<literal>serviceConfig</literal> section instead of in a
<literal>unitConfig</literal>; that setting is deprecated and
@ -1255,8 +1255,8 @@ self: super:
<listitem>
<para>
The <literal>services.dnscrypt-proxy2</literal> module now
takes the upstream's example configuration and updates it with
the user's settings. An option has been added to restore the
takes the upstreams example configuration and updates it with
the users settings. An option has been added to restore the
old behaviour if you prefer to declare the configuration from
scratch.
</para>
@ -1317,7 +1317,7 @@ self: super:
now always ensures home directory permissions to be
<literal>0700</literal>. Permissions had previously been
ignored for already existing home directories, possibly
leaving them readable by others. The option's description was
leaving them readable by others. The options description was
incorrect regarding ownership management and has been
simplified greatly.
</para>

2
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View File

@ -723,7 +723,7 @@ Superuser created successfully.
</listitem>
<listitem>
<para>
The <literal>erigon</literal> ethereum node has moved its
The <literal>erigon</literal> ethereum node has moved its
database location in <literal>2021-08-03</literal>, users
upgrading must manually move their chaindata (see
<link xlink:href="https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03">release

4
nixos/doc/manual/installation/changing-config.chapter.md
View File

@ -13,7 +13,7 @@ booting, and try to realise the configuration in the running system
(e.g., by restarting system services).
::: {.warning}
This command doesn\'t start/stop [user services](#opt-systemd.user.services)
This command doesn't start/stop [user services](#opt-systemd.user.services)
automatically. `nixos-rebuild` only runs a `daemon-reload` for each user with running
user services.
:::
@ -51,7 +51,7 @@ GRUB 2 boot screen by giving it a different *profile name*, e.g.
```
which causes the new configuration (and previous ones created using
`-p test`) to show up in the GRUB submenu "NixOS - Profile \'test\'".
`-p test`) to show up in the GRUB submenu "NixOS - Profile 'test'".
This can be useful to separate test configurations from "stable"
configurations.

38
nixos/doc/manual/installation/installing-from-other-distro.section.md
View File

@ -30,7 +30,7 @@ The first steps to all these are the same:
1. Switch to the NixOS channel:
If you\'ve just installed Nix on a non-NixOS distribution, you will
If you've just installed Nix on a non-NixOS distribution, you will
be on the `nixpkgs` channel by default.
```ShellSession
@ -49,10 +49,10 @@ The first steps to all these are the same:
1. Install the NixOS installation tools:
You\'ll need `nixos-generate-config` and `nixos-install`, but this
You'll need `nixos-generate-config` and `nixos-install`, but this
also makes some man pages and `nixos-enter` available, just in case
you want to chroot into your NixOS partition. NixOS installs these
by default, but you don\'t have NixOS yet..
by default, but you don't have NixOS yet..
```ShellSession
$ nix-env -f '<nixpkgs>' -iA nixos-install-tools
@ -70,7 +70,7 @@ The first steps to all these are the same:
refer to the partitioning, file-system creation, and mounting steps
of [](#sec-installation)
If you\'re about to install NixOS in place using `NIXOS_LUSTRATE`
If you're about to install NixOS in place using `NIXOS_LUSTRATE`
there is nothing to do for this step.
1. Generate your NixOS configuration:
@ -79,12 +79,12 @@ The first steps to all these are the same:
$ sudo `which nixos-generate-config` --root /mnt
```
You\'ll probably want to edit the configuration files. Refer to the
You'll probably want to edit the configuration files. Refer to the
`nixos-generate-config` step in [](#sec-installation) for more
information.
Consider setting up the NixOS bootloader to give you the ability to
boot on your existing Linux partition. For instance, if you\'re
boot on your existing Linux partition. For instance, if you're
using GRUB and your existing distribution is running Ubuntu, you may
want to add something like this to your `configuration.nix`:
@ -152,15 +152,15 @@ The first steps to all these are the same:
```
Note that this will place the generated configuration files in
`/etc/nixos`. You\'ll probably want to edit the configuration files.
`/etc/nixos`. You'll probably want to edit the configuration files.
Refer to the `nixos-generate-config` step in
[](#sec-installation) for more information.
You\'ll likely want to set a root password for your first boot using
the configuration files because you won\'t have a chance to enter a
You'll likely want to set a root password for your first boot using
the configuration files because you won't have a chance to enter a
password until after you reboot. You can initialize the root password
to an empty one with this line: (and of course don\'t forget to set
one once you\'ve rebooted or to lock the account with
to an empty one with this line: (and of course don't forget to set
one once you've rebooted or to lock the account with
`sudo passwd -l root` if you use `sudo`)
```nix
@ -186,7 +186,7 @@ The first steps to all these are the same:
bootup scripts require its presence).
`/etc/NIXOS_LUSTRATE` tells the NixOS bootup scripts to move
*everything* that\'s in the root partition to `/old-root`. This will
*everything* that's in the root partition to `/old-root`. This will
move your existing distribution out of the way in the very early
stages of the NixOS bootup. There are exceptions (we do need to keep
NixOS there after all), so the NixOS lustrate process will not
@ -203,7 +203,7 @@ The first steps to all these are the same:
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
\"lustrating\" refers to the wiping of the existing distribution.
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
all mutable files from your root partition (anything that\'s not in
all mutable files from your root partition (anything that's not in
`/nix` or `/boot` gets \"lustrated\" on the next boot.
lustrate /ˈlʌstreɪt/ verb.
@ -212,14 +212,14 @@ The first steps to all these are the same:
ritual action.
:::
Let\'s create the files:
Let's create the files:
```ShellSession
$ sudo touch /etc/NIXOS
$ sudo touch /etc/NIXOS_LUSTRATE
```
Let\'s also make sure the NixOS configuration files are kept once we
Let's also make sure the NixOS configuration files are kept once we
reboot on NixOS:
```ShellSession
@ -233,7 +233,7 @@ The first steps to all these are the same:
::: {.warning}
Once you complete this step, your current distribution will no
longer be bootable! If you didn\'t get all the NixOS configuration
longer be bootable! If you didn't get all the NixOS configuration
right, especially those settings pertaining to boot loading and root
partition, NixOS may not be bootable either. Have a USB rescue
device ready in case this happens.
@ -247,7 +247,7 @@ The first steps to all these are the same:
Cross your fingers, reboot, hopefully you should get a NixOS prompt!
1. If for some reason you want to revert to the old distribution,
you\'ll need to boot on a USB rescue disk and do something along
you'll need to boot on a USB rescue disk and do something along
these lines:
```ShellSession
@ -264,14 +264,14 @@ The first steps to all these are the same:
This may work as is or you might also need to reinstall the boot
loader.
And of course, if you\'re happy with NixOS and no longer need the
And of course, if you're happy with NixOS and no longer need the
old distribution:
```ShellSession
sudo rm -rf /old-root
```
1. It\'s also worth noting that this whole process can be automated.
1. It's also worth noting that this whole process can be automated.
This is especially useful for Cloud VMs, where provider do not
provide NixOS. For instance,
[nixos-infect](https://github.com/elitak/nixos-infect) uses the

2
nixos/doc/manual/installation/installing-kexec.section.md
View File

@ -30,7 +30,7 @@ This will create a `result` directory containing the following:
These three files are meant to be copied over to the other already running
Linux Distribution.
Note it's symlinks pointing elsewhere, so `cd` in, and use
Note its symlinks pointing elsewhere, so `cd` in, and use
`scp * root@$destination` to copy it over, rather than rsync.
Once you finished copying, execute `kexec-boot` *on the destination*, and after

2
nixos/doc/manual/installation/installing-usb.section.md
View File

@ -61,7 +61,7 @@ select the image, select the USB flash drive and click "Write".
be ignored.
::: {.note}
Using the \'raw\' `rdiskX` device instead of `diskX` with dd completes in
Using the 'raw' `rdiskX` device instead of `diskX` with dd completes in
minutes instead of hours.
:::

8
nixos/doc/manual/installation/installing.chapter.md
View File

@ -230,11 +230,11 @@ The recommended partition scheme differs depending if the computer uses
#### UEFI (GPT) {#sec-installation-manual-partitioning-UEFI}
[]{#sec-installation-partitioning-UEFI} <!-- legacy anchor -->
Here\'s an example partition scheme for UEFI, using `/dev/sda` as the
Here's an example partition scheme for UEFI, using `/dev/sda` as the
device.
::: {.note}
You can safely ignore `parted`\'s informational message about needing to
You can safely ignore `parted`'s informational message about needing to
update /etc/fstab.
:::
@ -279,11 +279,11 @@ Once complete, you can follow with
#### Legacy Boot (MBR) {#sec-installation-manual-partitioning-MBR}
[]{#sec-installation-partitioning-MBR} <!-- legacy anchor -->
Here\'s an example partition scheme for Legacy Boot, using `/dev/sda` as
Here's an example partition scheme for Legacy Boot, using `/dev/sda` as
the device.
::: {.note}
You can safely ignore `parted`\'s informational message about needing to
You can safely ignore `parted`'s informational message about needing to
update /etc/fstab.
:::

12
nixos/doc/manual/release-notes/rl-1509.section.md
View File

@ -2,7 +2,7 @@
In addition to numerous new and upgraded packages, this release has the following highlights:
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
- Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security.
@ -178,7 +178,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
- Nix now requires binary caches to be cryptographically signed. If you have unsigned binary caches that you want to continue to use, you should set `nix.requireSignedBinaryCaches = false`.
- Steam now doesn\'t need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
- Steam now doesn't need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
- CMPlayer has been renamed to bomi upstream. Package `cmplayer` was accordingly renamed to `bomi`
@ -203,7 +203,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
}
```
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we\'d add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
```ShellSession
nix-env -f "<nixpkgs>" -qaP -A haskellPackages
@ -217,11 +217,11 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
Installing Haskell _libraries_ this way, however, is no longer supported. See the next item for more details.
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user\'s profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User\'s Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
- Previous versions of NixOS came with a feature called `ghc-wrapper`, a small script that allowed GHC to transparently pick up on libraries installed in the user's profile. This feature has been deprecated; `ghc-wrapper` was removed from the distribution. The proper way to register Haskell libraries with the compiler now is the `haskellPackages.ghcWithPackages` function. The [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure) provides more information about this subject.
- All Haskell builds that have been generated with version 1.x of the `cabal2nix` utility are now invalid and need to be re-generated with a current version of `cabal2nix` to function. The most recent version of this tool can be installed by running `nix-env -i cabal2nix`.
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it\'s now called `overrides`.
- The `haskellPackages` set in Nixpkgs used to have a function attribute called `extension` that users could override in their `~/.nixpkgs/config.nix` files to configure additional attributes, etc. That function still exists, but it's now called `overrides`.
- The OpenBLAS library has been updated to version `0.2.14`. Support for the `x86_64-darwin` platform was added. Dynamic architecture detection was enabled; OpenBLAS now selects microarchitecture-optimized routines at runtime, so optimal performance is achieved without the need to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages which use an optimized BLAS or LAPACK implementation.
@ -312,7 +312,7 @@ Other notable improvements:
- The nixos and nixpkgs channels were unified, so one _can_ use `nix-env -iA nixos.bash` instead of `nix-env -iA nixos.pkgs.bash`. See [the commit](https://github.com/NixOS/nixpkgs/commit/2cd7c1f198) for details.
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH\'s default version with one they generated themselves using the new `services.openssh.moduliFile` option.
- Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH's default version with one they generated themselves using the new `services.openssh.moduliFile` option.
- A newly packaged TeX Live 2015 is provided in `pkgs.texlive`, split into 6500 nix packages. For basic user documentation see [the source](https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1). Beware of [an issue](https://github.com/NixOS/nixpkgs/issues/9757) when installing a too large package set. The plan is to deprecate and maybe delete the original TeX packages until the next release.

14
nixos/doc/manual/release-notes/rl-1603.section.md
View File

@ -152,19 +152,19 @@ When upgrading from a previous release, please be aware of the following incompa
}
```
- `s3sync` is removed, as it hasn\'t been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
- `s3sync` is removed, as it hasn't been developed by upstream for 4 years and only runs with ruby 1.8. For an actively-developer alternative look at `tarsnap` and others.
- `ruby_1_8` has been removed as it\'s not supported from upstream anymore and probably contains security issues.
- `ruby_1_8` has been removed as it's not supported from upstream anymore and probably contains security issues.
- `tidy-html5` package is removed. Upstream only provided `(lib)tidy5` during development, and now they went back to `(lib)tidy` to work as a drop-in replacement of the original package that has been unmaintained for years. You can (still) use the `html-tidy` package, which got updated to a stable release from this new upstream.
- `extraDeviceOptions` argument is removed from `bumblebee` package. Instead there are now two separate arguments: `extraNvidiaDeviceOptions` and `extraNouveauDeviceOptions` for setting extra X11 options for nvidia and nouveau drivers, respectively.
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There\'s a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
- The `Ctrl+Alt+Backspace` key combination no longer kills the X server by default. There's a new option `services.xserver.enableCtrlAltBackspace` allowing to enable the combination again.
- `emacsPackagesNg` now contains all packages from the ELPA, MELPA, and MELPA Stable repositories.
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories\' access rights, new `aliasFiles` and `mapFiles` options and more.
- Data directory for Postfix MTA server is moved from `/var/postfix` to `/var/lib/postfix`. Old configurations are migrated automatically. `service.postfix` module has also received many improvements, such as correct directories' access rights, new `aliasFiles` and `mapFiles` options and more.
- Filesystem options should now be configured as a list of strings, not a comma-separated string. The old style will continue to work, but print a warning, until the 16.09 release. An example of the new style:
@ -180,7 +180,7 @@ When upgrading from a previous release, please be aware of the following incompa
- CUPS, installed by `services.printing` module, now has its data directory in `/var/lib/cups`. Old configurations from `/etc/cups` are moved there automatically, but there might be problems. Also configuration options `services.printing.cupsdConf` and `services.printing.cupsdFilesConf` were removed because they had been allowing one to override configuration variables required for CUPS to work at all on NixOS. For most use cases, `services.printing.extraConf` and new option `services.printing.extraFilesConf` should be enough; if you encounter a situation when they are not, please file a bug.
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it\'s greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
There are also Gutenprint improvements; in particular, a new option `services.printing.gutenprint` is added to enable automatic updating of Gutenprint PPMs; it's greatly recommended to enable it instead of adding `gutenprint` to the `drivers` list.
- `services.xserver.vaapiDrivers` has been removed. Use `hardware.opengl.extraPackages{,32}` instead. You can also specify VDPAU drivers there.
@ -202,7 +202,7 @@ When upgrading from a previous release, please be aware of the following incompa
}
```
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn\'t be overridden by anything else.
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn't be overridden by anything else.
- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.
@ -246,7 +246,7 @@ When upgrading from a previous release, please be aware of the following incompa
you should either re-run `nixos-generate-config` or manually replace `"${config.boot.kernelPackages.broadcom_sta}"` by `config.boot.kernelPackages.broadcom_sta` in your `/etc/nixos/hardware-configuration.nix`. More discussion is on [ the github issue](https://github.com/NixOS/nixpkgs/pull/12595).
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we\'ve implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
```shell
GPG_TTY=$(tty)

6
nixos/doc/manual/release-notes/rl-1609.section.md
View File

@ -20,7 +20,7 @@ When upgrading from a previous release, please be aware of the following incompa
- A large number of packages have been converted to use the multiple outputs feature of Nix to greatly reduce the amount of required disk space, as mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages [were changed](https://github.com/NixOS/nixpkgs/pull/14766) late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don\'t actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
- Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided `haskell.packages.lts-x_y` package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will drop those old names entirely. [The motivation for this change](https://nixos.org/nix-dev/2016-June/020585.html) has been discussed at length on the `nix-dev` mailing list and in [Github issue \#14897](https://github.com/NixOS/nixpkgs/issues/14897). Development strategies for Haskell hackers who want to rely on Nix and NixOS have been described in [another nix-dev article](https://nixos.org/nix-dev/2016-June/020642.html).
- Shell aliases for systemd sub-commands [were dropped](https://github.com/NixOS/nixpkgs/pull/15598): `start`, `stop`, `restart`, `status`.
@ -28,7 +28,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `/var/empty` is now immutable. Activation script runs `chattr +i` to forbid any modifications inside the folder. See [ the pull request](https://github.com/NixOS/nixpkgs/pull/18365) for what bugs this caused.
- Gitlab\'s maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
- Gitlab's maintainance script `gitlab-runner` was removed and split up into the more clearer `gitlab-run` and `gitlab-rake` scripts, because `gitlab-runner` is a component of Gitlab CI.
- `services.xserver.libinput.accelProfile` default changed from `flat` to `adaptive`, as per [ official documentation](https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79).
@ -38,7 +38,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `pkgs.linuxPackages.virtualbox` now contains only the kernel modules instead of the VirtualBox user space binaries. If you want to reference the user space binaries, you have to use the new `pkgs.virtualbox` instead.
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There\'s also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
- `goPackages` was replaced with separated Go applications in appropriate `nixpkgs` categories. Each Go package uses its own dependency set. There's also a new `go2nix` tool introduced to generate a Go package definition from its Go source automatically.
- `services.mongodb.extraConfig` configuration format was changed to YAML.

10
nixos/doc/manual/release-notes/rl-1703.section.md
View File

@ -8,7 +8,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
- The default desktop environment now is KDE\'s Plasma 5. KDE 4 has been removed
- The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed
- The setuid wrapper functionality now supports setting capabilities.
@ -208,7 +208,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Two lone top-level dict dbs moved into `dictdDBs`. This affects: `dictdWordnet` which is now at `dictdDBs.wordnet` and `dictdWiktionary` which is now at `dictdDBs.wiktionary`
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid\'s documentation.
- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid's documentation.
- `Ntpd` was replaced by `systemd-timesyncd` as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting `services.ntp.enable` to `true`. Upstream time servers for all NTP implementations are now configured using `networking.timeServers`.
@ -260,11 +260,11 @@ When upgrading from a previous release, please be aware of the following incompa
- Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs.
- `local_recipient_maps` is not set to empty value by Postfix service. It\'s an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
- `local_recipient_maps` is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
- Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags `-4` and `-6` have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the `-I` flag, but by encoding the interface into the address (`ping fe80::1%eth0`).
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn\'t support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
- The `fetch*` functions no longer support md5, please use sha256 instead.
@ -278,7 +278,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Module type system have a new extensible option types feature that allow to extend certain types, such as enum, through multiple option declarations of the same option across multiple modules.
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it\'s recommended to use `jre_headless`.
- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it's recommended to use `jre_headless`.
- Python 2.6 interpreter and package set have been removed.

16
nixos/doc/manual/release-notes/rl-1709.section.md
View File

@ -8,7 +8,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The user handling now keeps track of deallocated UIDs/GIDs. When a user or group is revived, this allows it to be allocated the UID/GID it had before. A consequence is that UIDs and GIDs are no longer reused.
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it\'s now possible to also set additional options by using an attribute set, for example:
- The module option `services.xserver.xrandrHeads` now causes the first head specified in this list to be set as the primary head. Apart from that, it's now possible to also set additional options by using an attribute set, for example:
```nix
{ services.xserver.xrandrHeads = [
@ -208,7 +208,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `mysql` default `dataDir` has changed from `/var/mysql` to `/var/lib/mysql`.
- Radicale\'s default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
- Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found [ here ](http://radicale.org/1to2/). It is also possible to use the newer version by setting the `package` to `radicale2`, which is done automatically when `stateVersion` is 17.09 or higher. The `extraArgs` option has been added to allow passing the data migration arguments specified in the instructions; see the `radicale.nix` NixOS test for an example migration.
- The `aiccu` package was removed. This is due to SixXS [ sunsetting](https://www.sixxs.net/main/) its IPv6 tunnel.
@ -216,9 +216,9 @@ When upgrading from a previous release, please be aware of the following incompa
- Top-level `idea` package collection was renamed. All JetBrains IDEs are now at `jetbrains`.
- `flexget`\'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
- `flexget`'s state database cannot be upgraded to its new internal format, requiring removal of any existing `db-config.sqlite` which will be automatically recreated.
- The `ipfs` service now doesn\'t ignore the `dataDir` option anymore. If you\'ve ever set this option to anything other than the default you\'ll have to either unset it (so the default gets used) or migrate the old data manually with
- The `ipfs` service now doesn't ignore the `dataDir` option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
```ShellSession
dataDir=<valueOfDataDir>
@ -236,7 +236,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `wvdial` package and module were removed. This is due to the project being dead and not building with openssl 1.1.
- `cc-wrapper`\'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages\' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
- `cc-wrapper`'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
- `services.firefox.syncserver` now runs by default as a non-root user. To accommodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details.
@ -244,7 +244,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Touchpad support should now be enabled through `libinput` as `synaptics` is now deprecated. See the option `services.xserver.libinput.enable`.
- grsecurity/PaX support has been dropped, following upstream\'s decision to cease free support. See [ upstream\'s announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
- grsecurity/PaX support has been dropped, following upstream's decision to cease free support. See [ upstream's announcement](https://grsecurity.net/passing_the_baton.php) for more information. No complete replacement for grsecurity/PaX is available presently.
- `services.mysql` now has declarative configuration of databases and users with the `ensureDatabases` and `ensureUsers` options.
@ -283,9 +283,9 @@ When upgrading from a previous release, please be aware of the following incompa
## Other Notable Changes {#sec-release-17.09-notable-changes}
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it\'s place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
- Modules can now be disabled by using [ disabledModules](https://nixos.org/nixpkgs/manual/#sec-replace-modules), allowing another to take it's place. This can be used to import a set of modules from another channel while keeping the rest of the system on a stable release.
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer\'s intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
- Updated to FreeType 2.7.1, including a new TrueType engine. The new engine replaces the Infinality engine which was the default in NixOS. The default font rendering settings are now provided by fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults are less invasive and provide rendering that is more consistent with other systems and hopefully with each font designer's intent. Some system-wide configuration has been removed from the Fontconfig NixOS module where user Fontconfig settings are available.
- ZFS/SPL have been updated to 0.7.0, `zfsUnstable, splUnstable` have therefore been removed.

10
nixos/doc/manual/release-notes/rl-1803.section.md
View File

@ -6,7 +6,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- End of support is planned for end of October 2018, handing over to 18.09.
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn\'t NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it\'s waiting for some test fixes, etc.
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc.
- Nix now defaults to 2.0; see its [release notes](https://nixos.org/nix/manual/#ssec-relnotes-2.0).
@ -176,7 +176,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn\'t but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
- `lib.addPassthru drv passthru` is removed. Use `lib.extendDerivation true passthru drv` instead.
@ -184,7 +184,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `hardware.amdHybridGraphics.disable` option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn\'t include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
- The merging of config options for `services.postfix.config` was buggy. Previously, if other options in the Postfix module like `services.postfix.useSrs` were set and the user set config options that were also set by such options, the resulting config wouldn't include all options that were needed. They are now merged correctly. If config options need to be overridden, `lib.mkForce` or `lib.mkOverride` can be used.
- The following changes apply if the `stateVersion` is changed to 18.03 or higher. For `stateVersion = "17.09"` or lower the old behavior is preserved.
@ -204,7 +204,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The data directory `/var/lib/piwik` was renamed to `/var/lib/matomo`. All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you\'ll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
- The default `serverName` for the nginx configuration changed from `piwik.${config.networking.hostName}` to `matomo.${config.networking.hostName}.${config.networking.domain}` if `config.networking.domain` is set, `matomo.${config.networking.hostName}` if it is not set. If you change your `serverName`, remember you'll need to update the `trustedHosts[]` array in `/var/lib/matomo/config/config.ini.php` as well.
- The `piwik` user was renamed to `matomo`. The service will adjust ownership automatically for files in the data directory. If you use unix socket authentication, remember to give the new `matomo` user access to the database and to change the `username` to `matomo` in the `[database]` section of `/var/lib/matomo/config/config.ini.php`.
@ -250,7 +250,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The option `services.logstash.listenAddress` is now `127.0.0.1` by default. Previously the default behaviour was to listen on all interfaces.
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there\'s a correct copy available, it will automatically repair corrupted blocks.
- `services.btrfs.autoScrub` has been added, to periodically check btrfs filesystems for data corruption. If there's a correct copy available, it will automatically repair corrupted blocks.
- `displayManager.lightdm.greeters.gtk.clock-format.` has been added, the clock format string (as expected by strftime, e.g. `%H:%M`) to use with the lightdm gtk greeter panel.

10
nixos/doc/manual/release-notes/rl-1809.section.md
View File

@ -204,11 +204,11 @@ When upgrading from a previous release, please be aware of the following incompa
- The `clementine` package points now to the free derivation. `clementineFree` is removed now and `clementineUnfree` points to the package which is bundled with the unfree `libspotify` package.
- The `netcat` package is now taken directly from OpenBSD\'s `libressl`, instead of relying on Debian\'s fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
- The `netcat` package is now taken directly from OpenBSD's `libressl`, instead of relying on Debian's fork. The new version should be very close to the old version, but there are some minor differences. Importantly, flags like -b, -q, -C, and -Z are no longer accepted by the nc command.
- The `services.docker-registry.extraConfig` object doesn\'t contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
- The `services.docker-registry.extraConfig` object doesn't contain environment variables anymore. Instead it needs to provide an object structure that can be mapped onto the YAML configuration defined in [the `docker/distribution` docs](https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md).
- `gnucash` has changed from version 2.4 to 3.x. If you\'ve been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
- `gnucash` has changed from version 2.4 to 3.x. If you've been using `gnucash` (version 2.4) instead of `gnucash26` (version 2.6) you must open your Gnucash data file(s) with `gnucash26` and then save them to upgrade the file format. Then you may use your data file(s) with Gnucash 3.x. See the upgrade [documentation](https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade). Gnucash 2.4 is still available under the attribute `gnucash24`.
- `services.munge` now runs as user (and group) `munge` instead of root. Make sure the key file is accessible to the daemon.
@ -315,7 +315,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set `services.kubernetes.addons.dashboard.rbac.clusterAdmin` to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: `kubectl delete clusterrolebinding kubernetes-dashboard`
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn\'t available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
- The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`.
- The module `services.networking.hostapd` now uses WPA2 by default.
@ -327,6 +327,6 @@ When upgrading from a previous release, please be aware of the following incompa
- The default display manager is now LightDM. To use SLiM set `services.xserver.displayManager.slim.enable` to `true`.
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it\'s no longer necessary to use `</para><para>` to start a new paragraph.
- NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use `</para><para>` to start a new paragraph.
- Top-level `buildPlatform`, `hostPlatform`, and `targetPlatform` in Nixpkgs are deprecated. Please use their equivalents in `stdenv` instead: `stdenv.buildPlatform`, `stdenv.hostPlatform`, and `stdenv.targetPlatform`.

16
nixos/doc/manual/release-notes/rl-1903.section.md
View File

@ -11,11 +11,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- Added the Pantheon desktop environment. It can be enabled through `services.xserver.desktopManager.pantheon.enable`.
::: {.note}
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon\'s screen locking implementation relies on it.
Because of that it is recommended to leave LightDM enabled. If you\'d like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon's screen locking implementation relies on it.
Because of that it is recommended to leave LightDM enabled. If you'd like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
:::
Also note that Pantheon\'s LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn\'t optimal for use here yet.
Also note that Pantheon's LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn't optimal for use here yet.
- A major refactoring of the Kubernetes module has been completed. Refactorings primarily focus on decoupling components and enhancing security. Two-way TLS and RBAC has been enabled by default for all components, which slightly changes the way the module is configured. See: [](#sec-kubernetes) for details.
@ -57,7 +57,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The Syncthing state and configuration data has been moved from `services.syncthing.dataDir` to the newly defined `services.syncthing.configDir`, which default to `/var/lib/syncthing/.config/syncthing`. This change makes possible to share synced directories using ACLs without Syncthing resetting the permission on every start.
- The `ntp` module now has sane default restrictions. If you\'re relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
- The `ntp` module now has sane default restrictions. If you're relying on the previous defaults, which permitted all queries and commands from all firewall-permitted sources, you can set `services.ntp.restrictDefault` and `services.ntp.restrictSource` to `[]`.
- Package `rabbitmq_server` is renamed to `rabbitmq-server`.
@ -91,7 +91,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device \"default\" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we\'re using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it\'s usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
If the old behaviour is desired, this can be restored by setting the `services.nscd.config` option with the desired caching parameters.
@ -137,7 +137,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `pam_unix` account module is now loaded with its control field set to `required` instead of `sufficient`, so that later PAM account modules that might do more extensive checks are being executed. Previously, the whole account module verification was exited prematurely in case a nss module provided the account name to `pam_unix`. The LDAP and SSSD NixOS modules already add their NSS modules when enabled. In case your setup breaks due to some later PAM account module previosuly shadowed, or failing NSS lookups, please file a bug. You can get back the old behaviour by manually setting `security.pam.services.<name?>.text`.
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account\'s password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
- The `pam_unix` password module is now loaded with its control field set to `sufficient` instead of `required`, so that password managed only by later PAM password modules are being executed. Previously, for example, changing an LDAP account's password through PAM was not possible: the whole password module verification was exited prematurely by `pam_unix`, preventing `pam_ldap` to manage the password as it should.
- `fish` has been upgraded to 3.0. It comes with a number of improvements and backwards incompatible changes. See the `fish` [release notes](https://github.com/fish-shell/fish-shell/releases/tag/3.0.0) for more information.
@ -145,7 +145,7 @@ When upgrading from a previous release, please be aware of the following incompa
- NixOS module system type `types.optionSet` and `lib.mkOption` argument `options` are deprecated. Use `types.submodule` instead. ([\#54637](https://github.com/NixOS/nixpkgs/pull/54637))
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let\'s Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let\'s Encrypt certificates.
- `matrix-synapse` has been updated to version 0.99. It will [no longer generate a self-signed certificate on first launch](https://github.com/matrix-org/synapse/pull/4509) and will be [the last version to accept self-signed certificates](https://matrix.org/blog/2019/02/05/synapse-0-99-0/). As such, it is now recommended to use a proper certificate verified by a root CA (for example Let's Encrypt). The new [manual chapter on Matrix](#module-services-matrix) contains a working example of using nginx as a reverse proxy in front of `matrix-synapse`, using Let's Encrypt certificates.
- `mailutils` now works by default when `sendmail` is not in a setuid wrapper. As a consequence, the `sendmailPath` argument, having lost its main use, has been removed.
@ -191,7 +191,7 @@ When upgrading from a previous release, please be aware of the following incompa
With this change application specific volumes are relative to the master volume which can be adjusted independently, whereas before they were absolute; meaning that in effect, it scaled the device-volume with the volume of the loudest application.
:::
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn\'t contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
- The [`ndppd`](https://github.com/DanielAdolfsson/ndppd) module now supports [all config options](options.html#opt-services.ndppd.enable) provided by the current upstream version as service options. Additionally the `ndppd` package doesn't contain the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
- New installs of NixOS will default to the Redmine 4.x series unless otherwise specified in `services.redmine.package` while existing installs of NixOS will default to the Redmine 3.x series.

30
nixos/doc/manual/release-notes/rl-1909.section.md
View File

@ -34,7 +34,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The installer now uses a less privileged `nixos` user whereas before we logged in as root. To gain root privileges use `sudo -i` without a password.
- We\'ve updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you\'d like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They\'re incompatibilities with the current Xfce module; it doesn\'t support `thunarPlugins` and it isn\'t recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
- We've updated to Xfce 4.14, which brings a new module `services.xserver.desktopManager.xfce4-14`. If you'd like to upgrade, please switch from the `services.xserver.desktopManager.xfce` module as it will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support `thunarPlugins` and it isn't recommended to use `services.xserver.desktopManager.xfce` and `services.xserver.desktopManager.xfce4-14` simultaneously or to downgrade from Xfce 4.14 after upgrading.
- The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages like games.
@ -46,9 +46,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.gnome3.games.enable`
With these options we hope to give users finer grained control over their systems. Prior to this change you\'d either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually disable options or use `environment.gnome3.excludePackages` which only excluded the optional applications. `environment.gnome3.excludePackages` is now unguarded, it can exclude any package installed with `environment.systemPackages` in the GNOME 3 module.
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we\'ve updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
- Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications to match as close as possible to a default reference GNOME 3 experience.
**The following changes were enacted in `services.gnome3.core-utilities.enable`**
@ -104,7 +104,7 @@ The following new services were added since the last release:
- `services.xserver.desktopManager.pantheon`
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn\'t use it as a service, but its graphical interface directly.
- `services.xserver.desktopManager.mate` Note Mate uses `programs.system-config-printer` as it doesn't use it as a service, but its graphical interface directly.
- [services.blueman.enable](options.html#opt-services.blueman.enable) has been added. If you previously had blueman installed via `environment.systemPackages` please migrate to using the NixOS module, as this would result in an insufficiently configured blueman.
@ -118,11 +118,11 @@ When upgrading from a previous release, please be aware of the following incompa
- PostgreSQL 9.4 is scheduled EOL during the 19.09 life cycle and has been removed.
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd\'s [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
- The options `services.prometheus.alertmanager.user` and `services.prometheus.alertmanager.group` have been removed because the alertmanager service is now using systemd's [ DynamicUser mechanism](http://0pointer.net/blog/dynamic-users-with-systemd.html) which obviates these options.
- The NetworkManager systemd unit was renamed back from network-manager.service to NetworkManager.service for better compatibility with other applications expecting this name. The same applies to ModemManager where modem-manager.service is now called ModemManager.service again.
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn\'t actually been used by the module for some time and so was removed as cleanup.
- The `services.nzbget.configFile` and `services.nzbget.openFirewall` options were removed as they are managed internally by the nzbget. The `services.nzbget.dataDir` option hadn't actually been used by the module for some time and so was removed as cleanup.
- The `services.mysql.pidDir` option was removed, as it was only used by the wordpress apache-httpd service to wait for mysql to have started up. This can be accomplished by either describing a dependency on mysql.service (preferred) or waiting for the (hardcoded) `/run/mysqld/mysql.sock` file to appear.
@ -148,7 +148,7 @@ When upgrading from a previous release, please be aware of the following incompa
A new knob named `nixops.enableDeprecatedAutoLuks` has been introduced to disable the eval failure and to acknowledge the notice was received and read. If you plan on using the feature please note that it might break with subsequent updates.
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn\'t boot anymore.
Make sure you set the `_netdev` option for each of the file systems referring to block devices provided by the autoLuks module. Not doing this might render the system in a state where it doesn't boot anymore.
If you are actively using the `autoLuks` module please let us know in [issue \#62211](https://github.com/NixOS/nixpkgs/issues/62211).
@ -196,13 +196,13 @@ When upgrading from a previous release, please be aware of the following incompa
Furthermore, the acme module will not automatically add a dependency on `lighttpd.service` anymore. If you are using certficates provided by letsencrypt for lighttpd, then you should depend on the certificate service `acme-${cert}.service>` manually.
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn\'t explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
For nginx, the dependencies are still automatically managed when `services.nginx.virtualhosts.<name>.enableACME` is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs, instead of depending on the catch-all `acme-certificates.target`. This target unit was also removed from the codebase. This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at [NixOS/nixpkgs\#60180](https://github.com/NixOS/nixpkgs/issues/60180).
- The old deprecated `emacs` package sets have been dropped. What used to be called `emacsPackagesNg` is now simply called `emacsPackages`.
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn\'t useful for all people so it didn\'t make sense to have any desktopManager enabled default.
- `services.xserver.desktopManager.xterm` is now disabled by default if `stateVersion` is 19.09 or higher. Previously the xterm desktopManager was enabled when xserver was enabled, but it isn't useful for all people so it didn't make sense to have any desktopManager enabled default.
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn\'t receive any updates from upstream and depends on outdated Python2-based modules.
- The WeeChat plugin `pkgs.weechatScripts.weechat-xmpp` has been removed as it doesn't receive any updates from upstream and depends on outdated Python2-based modules.
- Old unsupported versions (`logstash5`, `kibana5`, `filebeat5`, `heartbeat5`, `metricbeat5`, `packetbeat5`) of the ELK-stack and Elastic beats have been removed.
@ -210,7 +210,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Citrix Receiver (`citrix_receiver`) has been dropped in favor of Citrix Workspace (`citrix_workspace`).
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren\'t stored in the world-readable nix store, but means that for each option you\'ll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren't stored in the world-readable nix store, but means that for each option you'll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
The state path (`services.gitlab.statePath`) now has the following restriction: no parent directory can be owned by any other user than `root` or the user specified in `services.gitlab.user`; i.e. if `services.gitlab.statePath` is set to `/var/lib/gitlab/state`, `gitlab` and all parent directories must be owned by either `root` or the user specified in `services.gitlab.user`.
@ -218,7 +218,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The Twitter client `corebird` has been dropped as [it is discontinued and does not work against the new Twitter API](https://www.patreon.com/posts/corebirds-future-18921328). Please use the fork `cawbird` instead which has been adapted to the API changes and is still maintained.
- The `nodejs-11_x` package has been removed as it\'s EOLed by upstream.
- The `nodejs-11_x` package has been removed as it's EOLed by upstream.
- Because of the systemd upgrade, systemd-timesyncd will no longer work if `system.stateVersion` is not set correctly. When upgrading from NixOS 19.03, please make sure that `system.stateVersion` is set to `"19.03"`, or lower if the installation dates back to an earlier version of NixOS.
@ -252,7 +252,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `consul` package was upgraded past version `1.5`, so its deprecated legacy UI is no longer available.
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you\'ll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
- The default resample-method for PulseAudio has been changed from the upstream default `speex-float-1` to `speex-float-5`. Be aware that low-powered ARM-based and MIPS-based boards will struggle with this so you'll need to set `hardware.pulseaudio.daemon.config.resample-method` back to `speex-float-1`.
- The `phabricator` package and associated `httpd.extraSubservice`, as well as the `phd` service have been removed from nixpkgs due to lack of maintainer.
@ -264,7 +264,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `tomcat-connector` `httpd.extraSubservice` has been removed from nixpkgs.
- It\'s now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
- It's now possible to change configuration in [services.nextcloud](options.html#opt-services.nextcloud.enable) after the initial deploy since all config parameters are persisted in an additional config file generated by the module. Previously core configuration like database parameters were set using their imperative installer after creating `/var/lib/nextcloud`.
- There exists now `lib.forEach`, which is like `map`, but with arguments flipped. When mapping function body spans many lines (or has nested `map`s), it is often hard to follow which list is modified.
@ -308,6 +308,6 @@ When upgrading from a previous release, please be aware of the following incompa
- The `altcoins` categorization of packages has been removed. You now access these packages at the top level, ie. `nix-shell -p dogecoin` instead of `nix-shell -p altcoins.dogecoin`, etc.
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There\'s been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
- Ceph has been upgraded to v14.2.1. See the [release notes](https://ceph.com/releases/v14-2-0-nautilus-released/) for details. The mgr dashboard as well as osds backed by loop-devices is no longer explicitly supported by the package and module. Note: There's been some issues with python-cherrypy, which is used by the dashboard and prometheus mgr modules (and possibly others), hence 0000-dont-check-cherrypy-version.patch.
- `pkgs.weechat` is now compiled against `pkgs.python3`. Weechat also recommends [to use Python3 in their docs.](https://weechat.org/scripts/python3/)

58
nixos/doc/manual/release-notes/rl-2003.section.md
View File

@ -34,11 +34,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- Postgresql for NixOS service now defaults to v11.
- The graphical installer image starts the graphical session automatically. Before you\'d be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
- The graphical installer image starts the graphical session automatically. Before you'd be greeted by a tty and asked to enter `systemctl start display-manager`. It is now possible to disable the display-manager from running by selecting the `Disable display-manager` quirk in the boot menu.
- GNOME 3 has been upgraded to 3.34. Please take a look at their [Release Notes](https://help.gnome.org/misc/release-notes/3.34) for details.
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon\'s newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS\'s usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
- If you enable the Pantheon Desktop Manager via [services.xserver.desktopManager.pantheon.enable](options.html#opt-services.xserver.desktopManager.pantheon.enable), we now default to also use [ Pantheon's newly designed greeter ](https://blog.elementary.io/say-hello-to-the-new-greeter/). Contrary to NixOS's usual update policy, Pantheon will receive updates during the cycle of NixOS 20.03 when backwards compatible.
- By default zfs pools will now be trimmed on a weekly basis. Trimming is only done on supported devices (i.e. NVME or SSDs) and should improve throughput and lifetime of these devices. It is controlled by the `services.zfs.trim.enable` varname. The zfs scrub service (`services.zfs.autoScrub.enable`) and the zfs autosnapshot service (`services.zfs.autoSnapshot.enable`) are now only enabled if zfs is set in `config.boot.initrd.supportedFilesystems` or `config.boot.supportedFilesystems`. These lists will automatically contain zfs as soon as any zfs mountpoint is configured in `fileSystems`.
@ -77,7 +77,7 @@ The following new services were added since the last release:
- The kubernetes kube-proxy now supports a new hostname configuration `services.kubernetes.proxy.hostname` which has to be set if the hostname of the node should be non default.
- UPower\'s configuration is now managed by NixOS and can be customized via `services.upower`.
- UPower's configuration is now managed by NixOS and can be customized via `services.upower`.
- To use Geary you should enable [programs.geary.enable](options.html#opt-programs.geary.enable) instead of just adding it to [environment.systemPackages](options.html#opt-environment.systemPackages). It was created so Geary could function properly outside of GNOME.
@ -187,9 +187,9 @@ When upgrading from a previous release, please be aware of the following incompa
- The `99-main.network` file was removed. Matching all network interfaces caused many breakages, see [\#18962](https://github.com/NixOS/nixpkgs/pull/18962) and [\#71106](https://github.com/NixOS/nixpkgs/pull/71106).
We already don\'t support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
We already don't support the global [networking.useDHCP](options.html#opt-networking.useDHCP), [networking.defaultGateway](options.html#opt-networking.defaultGateway) and [networking.defaultGateway6](options.html#opt-networking.defaultGateway6) options if [networking.useNetworkd](options.html#opt-networking.useNetworkd) is enabled, but direct users to configure the per-device [networking.interfaces.\<name\>....](options.html#opt-networking.interfaces) options.
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages\' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
- The stdenv now runs all bash with `set -u`, to catch the use of undefined variables. Before, it itself used `set -u` but was careful to unset it so other packages' code ran as before. Now, all bash code is held to the same high standard, and the rather complex stateful manipulation of the options can be discarded.
- The SLIM Display Manager has been removed, as it has been unmaintained since 2013. Consider migrating to a different display manager such as LightDM (current default in NixOS), SDDM, GDM, or using the startx module which uses Xinitrc.
@ -197,7 +197,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The BEAM package set has been deleted. You will only find there the different interpreters. You should now use the different build tools coming with the languages with sandbox mode disabled.
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release\'s development (if viable).
- There is now only one Xfce package-set and module. This means that attributes `xfce4-14` and `xfceUnstable` all now point to the latest Xfce 4.14 packages. And in the future NixOS releases will be the latest released version of Xfce available at the time of the release's development (if viable).
- The [phpfpm](options.html#opt-services.phpfpm.pools) module now sets `PrivateTmp=true` in its systemd units for better process isolation. If you rely on `/tmp` being shared with other services, explicitly override this by setting `serviceConfig.PrivateTmp` to `false` for each phpfpm unit.
@ -221,7 +221,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The packages `openobex` and `obexftp` are no longer installed when enabling Bluetooth via `hardware.bluetooth.enable`.
- The `dump1090` derivation has been changed to use FlightAware\'s dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
- The `dump1090` derivation has been changed to use FlightAware's dump1090 as its upstream. However, this version does not have an internal webserver anymore. The assets in the `share/dump1090` directory of the derivation can be used in conjunction with an external webserver to replace this functionality.
- The fourStore and fourStoreEndpoint modules have been removed.
@ -291,7 +291,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `services.buildkite-agent.meta-data` has been renamed to [services.buildkite-agents.\<name\>.tags](options.html#opt-services.buildkite-agents), to match upstreams naming for 3.x. Its type has also changed - it now accepts an attrset of strings.
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it\'s not necessary to deploy public keys to clone private repositories.
- The`services.buildkite-agent.openssh.publicKeyPath` option has been removed, as it's not necessary to deploy public keys to clone private repositories.
- `services.buildkite-agent.openssh.privateKeyPath` has been renamed to [buildkite-agents.\<name\>.privateSshKeyPath](options.html#opt-services.buildkite-agents), as the whole `openssh` now only contained that single option.
@ -301,7 +301,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The `gcc5` and `gfortran5` packages have been removed.
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it\'s actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
- The `services.xserver.displayManager.auto` module has been removed. It was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it's actually LightDM. Please use the `services.xserver.displayManager.lightdm.autoLogin` options instead, or any other display manager in NixOS as they all support auto-login. If you used this module specifically because it permitted root auto-login you can override the lightdm-autologin pam module like:
```nix
{
@ -325,13 +325,13 @@ When upgrading from a previous release, please be aware of the following incompa
auth required pam_succeed_if.so quiet
```
line, where default it\'s:
line, where default it's:
```
auth required pam_succeed_if.so uid >= 1000 quiet
```
not permitting users with uid\'s below 1000 (like root). All other display managers in NixOS are configured like this.
not permitting users with uid's below 1000 (like root). All other display managers in NixOS are configured like this.
- There have been lots of improvements to the Mailman module. As a result,
@ -357,9 +357,9 @@ When upgrading from a previous release, please be aware of the following incompa
- Rspamd was updated to version 2.2. Read [ the upstream migration notes](https://rspamd.com/doc/migration.html#migration-to-rspamd-20) carefully. Please be especially aware that some modules were removed and the default Bayes backend is now Redis.
- The `*psu` versions of oraclejdk8 have been removed as they aren\'t provided by upstream anymore.
- The `*psu` versions of oraclejdk8 have been removed as they aren't provided by upstream anymore.
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We\'ve added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
- The `services.dnscrypt-proxy` module has been removed as it used the deprecated version of dnscrypt-proxy. We've added [services.dnscrypt-proxy2.enable](options.html#opt-services.dnscrypt-proxy2.enable) to use the supported version. This module supports configuration via the Nix attribute set [services.dnscrypt-proxy2.settings](options.html#opt-services.dnscrypt-proxy2.settings), or by passing a TOML configuration file via [services.dnscrypt-proxy2.configFile](options.html#opt-services.dnscrypt-proxy2.configFile).
```nix
{
@ -382,13 +382,13 @@ When upgrading from a previous release, please be aware of the following incompa
- `qesteidutil` has been deprecated in favor of `qdigidoc`.
- sqldeveloper_18 has been removed as it\'s not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
- sqldeveloper_18 has been removed as it's not maintained anymore, sqldeveloper has been updated to version `19.4`. Please note that this means that this means that the oraclejdk is now required. For further information please read the [release notes](https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html).
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don\'t need to algorithmically partition anything.
- Haskell `env` and `shellFor` dev shell environments now organize dependencies the same way as regular builds. In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything.
This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a `buildDepends` or run-time Haskell dependency as a `setupDepends`, whereas things would have worked before they may not work now.
- The gcc-snapshot-package has been removed. It\'s marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
- The gcc-snapshot-package has been removed. It's marked as broken for \>2 years and used to point to a fairly old snapshot from the gcc7-branch.
- The nixos-build-vms8 -script now uses the python test-driver.
@ -398,21 +398,21 @@ When upgrading from a previous release, please be aware of the following incompa
- Stand-alone usage of `Upower` now requires `services.upower.enable` instead of just installing into [environment.systemPackages](options.html#opt-environment.systemPackages).
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can\'t upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
- nextcloud has been updated to `v18.0.2`. This means that users from NixOS 19.09 can't upgrade directly since you can only move one version forward and 19.09 uses `v16.0.8`.
To provide a safe upgrade-path and to circumvent similar issues in the future, the following measures were taken:
- The pkgs.nextcloud-attribute has been removed and replaced with versioned attributes (currently pkgs.nextcloud17 and pkgs.nextcloud18). With this change major-releases can be backported without breaking stuff and to make upgrade-paths easier.
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it\'s recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
- Existing setups will be detected using [system.stateVersion](options.html#opt-system.stateVersion): by default, nextcloud17 will be used, but will raise a warning which notes that after that deploy it's recommended to update to the latest stable version (nextcloud18) by declaring the newly introduced setting [services.nextcloud.package](options.html#opt-services.nextcloud.package).
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn\'t select an older version by accident. It\'s recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
- Users with an overlay (e.g. to use nextcloud at version `v18` on `19.09`) will get an evaluation error by default. This is done to ensure that our [package](options.html#opt-services.nextcloud.package)-option doesn't select an older version by accident. It's recommended to use pkgs.nextcloud18 or to set [package](options.html#opt-services.nextcloud.package) to pkgs.nextcloud explicitly.
::: {.warning}
Please note that if you\'re coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
Please note that if you're coming from `19.03` or older, you have to manually upgrade to `19.09` first to upgrade your server to Nextcloud v16.
:::
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it\'s necessary to upgrade Hydra in multiple steps:
- Hydra has gained a massive performance improvement due to [some database schema changes](https://github.com/NixOS/hydra/pull/710) by adding several IDs and better indexing. However, it's necessary to upgrade Hydra in multiple steps:
- At first, an older version of Hydra needs to be deployed which adds those (nullable) columns. When having set [stateVersion ](options.html#opt-system.stateVersion) to a value older than `20.03`, this package will be selected by default from the module when upgrading. Otherwise, the package can be deployed using the following config:
@ -434,13 +434,13 @@ When upgrading from a previous release, please be aware of the following incompa
- Deploy a newer version of Hydra to activate the DB optimizations. This can be done by using hydra-unstable. This package already includes [flake-support](https://github.com/nixos/rfcs/pull/49) and is therefore compiled against pkgs.nixFlakes.
::: {.warning}
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn\'t run the migration.
If your [stateVersion](options.html#opt-system.stateVersion) is set to `20.03` or greater, hydra-unstable will be used automatically! This will break your setup if you didn't run the migration.
:::
Please note that Hydra is currently not available with nixStable as this doesn\'t compile anymore.
Please note that Hydra is currently not available with nixStable as this doesn't compile anymore.
::: {.warning}
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you\'re doing!
pkgs.hydra has been removed to ensure a graceful database-migration using the dedicated package-attributes. If you still have pkgs.hydra defined in e.g. an overlay, an assertion error will be thrown. To circumvent this, you need to set [services.hydra.package](options.html#opt-services.hydra.package) to pkgs.hydra explicitly and make sure you know what you're doing!
:::
- The TokuDB storage engine will be disabled in mariadb 10.5. It is recommended to switch to RocksDB. See also [TokuDB](https://mariadb.com/kb/en/tokudb/).
@ -478,9 +478,9 @@ When upgrading from a previous release, please be aware of the following incompa
Depending on your setup, you need to incorporate one of the following changes in your setup to upgrade to 20.03:
- If you use `sqlite3` you don\'t need to do anything.
- If you use `sqlite3` you don't need to do anything.
- If you use `postgresql` on a different server, you don\'t need to change anything as well since this module was never designed to configure remote databases.
- If you use `postgresql` on a different server, you don't need to change anything as well since this module was never designed to configure remote databases.
- If you use `postgresql` and configured your synapse initially on `19.09` or older, you simply need to enable postgresql-support explicitly:
@ -496,12 +496,12 @@ When upgrading from a previous release, please be aware of the following incompa
- If you deploy a fresh matrix-synapse, you need to configure the database yourself (e.g. by using the [services.postgresql.initialScript](options.html#opt-services.postgresql.initialScript) option). An example for this can be found in the [documentation of the Matrix module](#module-services-matrix).
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it\'s recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
- If you initially deployed your matrix-synapse on `nixos-unstable` _after_ the `19.09`-release, your database is misconfigured due to a regression in NixOS. For now, matrix-synapse will startup with a warning, but it's recommended to reconfigure the database to set the values `LC_COLLATE` and `LC_CTYPE` to [`'C'`](https://www.postgresql.org/docs/12/locale.html).
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It\'s udev that parses `.link` files, not `systemd-networkd`.
- The [systemd.network.links](options.html#opt-systemd.network.links) option is now respected even when [systemd-networkd](options.html#opt-systemd.network.enable) is disabled. This mirrors the behaviour of systemd - It's udev that parses `.link` files, not `systemd-networkd`.
- mongodb has been updated to version `3.4.24`.
::: {.warning}
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it\'s not entirely free and not OSI-approved, it\'s listed as non-free. This means that Hydra doesn\'t provide prebuilt mongodb-packages and needs to be built locally.
Please note that mongodb has been relicensed under their own [` sspl`](https://www.mongodb.com/licensing/server-side-public-license/faq)-license. Since it's not entirely free and not OSI-approved, it's listed as non-free. This means that Hydra doesn't provide prebuilt mongodb-packages and needs to be built locally.
:::

40
nixos/doc/manual/release-notes/rl-2009.section.md
View File

@ -218,7 +218,7 @@ In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules we
When upgrading from a previous release, please be aware of the following incompatible changes:
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user\'s UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
- MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Before you upgrade, it would be best to take a backup of your database. For MariaDB Galera Cluster, see [Upgrading from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104-with-galera-cluster/) instead. Before doing the upgrade read [Incompatible Changes Between 10.3 and 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). After the upgrade you will need to run `mysql_upgrade`. MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more intuitive. See [Authentication from MariaDB 10.4](https://mariadb.com/kb/en/authentication-from-mariadb-104/). unix_socket auth plugin does not use a password, and uses the connecting user's UID instead. When a new MariaDB data directory is initialized, two MariaDB users are created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root\@localhost and mysql\@localhost. To actually use the traditional mysql_native_password plugin method, one must run the following:
```nix
{
@ -284,7 +284,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The [matrix-synapse](options.html#opt-services.matrix-synapse.enable) module no longer includes optional dependencies by default, they have to be added through the [plugins](options.html#opt-services.matrix-synapse.plugins) option.
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go\'s [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
- `buildGoModule` now internally creates a vendor directory in the source tree for downloaded modules instead of using go's [module proxy protocol](https://golang.org/cmd/go/#hdr-Module_proxy_protocol). This storage format is simpler and therefore less likely to break with future versions of go. As a result `buildGoModule` switched from `modSha256` to the `vendorSha256` attribute to pin fetched version data.
- Grafana is now built without support for phantomjs by default. Phantomjs support has been [deprecated in Grafana](https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/) and the phantomjs project is [currently unmaintained](https://github.com/ariya/phantomjs/issues/15344#issue-302015362). It can still be enabled by providing `phantomJsSupport = true` to the package instantiation:
@ -306,9 +306,9 @@ When upgrading from a previous release, please be aware of the following incompa
- The initrd SSH support now uses OpenSSH rather than Dropbear to allow the use of Ed25519 keys and other OpenSSH-specific functionality. Host keys must now be in the OpenSSH format, and at least one pre-generated key must be specified.
If you used the `boot.initrd.network.ssh.host*Key` options, you\'ll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don\'t have any host keys set, you\'ll need to generate some; see the `hostKeys` option documentation for instructions.
If you used the `boot.initrd.network.ssh.host*Key` options, you'll get an error explaining how to convert your host keys and migrate to the new `boot.initrd.network.ssh.hostKeys` option. Otherwise, if you don't have any host keys set, you'll need to generate some; see the `hostKeys` option documentation for instructions.
- Since this release there\'s an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
- Since this release there's an easy way to customize your PHP install to get a much smaller base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP with the extensions `imagick`, `opcache`, `pdo` and `pdo_mysql` loaded:
```nix
{
@ -325,7 +325,7 @@ When upgrading from a previous release, please be aware of the following incompa
}
```
The default `php` attribute hasn\'t lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
The default `php` attribute hasn't lost any extensions. The `opcache` extension has been added. All upstream PHP extensions are available under php.extensions.\<name?\>.
All PHP `config` flags have been removed for the following reasons:
@ -418,9 +418,9 @@ When upgrading from a previous release, please be aware of the following incompa
The default value for [services.httpd.mpm](options.html#opt-services.httpd.mpm) has been changed from `prefork` to `event`. Along with this change the default value for [services.httpd.virtualHosts.\<name\>.http2](options.html#opt-services.httpd.virtualHosts) has been set to `true`.
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd\'s deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
- The `systemd-networkd` option `systemd.network.networks.<name>.dhcp.CriticalConnection` has been removed following upstream systemd's deprecation of the same. It is recommended to use `systemd.network.networks.<name>.networkConfig.KeepConfiguration` instead. See systemd.network 5 for details.
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd\'s documentation change. See systemd.network 5 for details.
- The `systemd-networkd` option `systemd.network.networks._name_.dhcpConfig` has been renamed to [systemd.network.networks._name_.dhcpV4Config](options.html#opt-systemd.network.networks._name_.dhcpV4Config) following upstream systemd's documentation change. See systemd.network 5 for details.
- In the `picom` module, several options that accepted floating point numbers encoded as strings (for example [services.picom.activeOpacity](options.html#opt-services.picom.activeOpacity)) have been changed to the (relatively) new native `float` type. To migrate your configuration simply remove the quotes around the numbers.
@ -440,7 +440,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The GRUB specific option `boot.loader.grub.extraInitrd` has been replaced with the generic option `boot.initrd.secrets`. This option creates a secondary initrd from the specified files, rather than using a manually created initrd file. Due to an existing bug with `boot.loader.grub.extraInitrd`, it is not possible to directly boot an older generation that used that option. It is still possible to rollback to that generation if the required initrd file has not been deleted.
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can\'t be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
- The [DNSChain](https://github.com/okTurtles/dnschain) package and NixOS module have been removed from Nixpkgs as the software is unmaintained and can't be built. For more information see issue [\#89205](https://github.com/NixOS/nixpkgs/issues/89205).
- In the `resilio` module, [services.resilio.httpListenAddr](options.html#opt-services.resilio.httpListenAddr) has been changed to listen to `[::1]` instead of `0.0.0.0`.
@ -456,7 +456,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Update servers first, then clients.
- Radicale\'s default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
- Radicale's default package has changed from 2.x to 3.x. An upgrade checklist can be found [here](https://github.com/Kozea/Radicale/blob/3.0.x/NEWS.md#upgrade-checklist). You can use the newer version in the NixOS service by setting the `package` to `radicale3`, which is done automatically if `stateVersion` is 20.09 or higher.
- `udpt` experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml. The new configuration documentation can be found at [the official website](https://naim94a.github.io/udpt/config.html) and example configuration is packaged in `${udpt}/share/udpt/udpt.toml`.
@ -552,17 +552,17 @@ When upgrading from a previous release, please be aware of the following incompa
- The [jellyfin](options.html#opt-services.jellyfin.enable) module will use and stay on the Jellyfin version `10.5.5` if `stateVersion` is lower than `20.09`. This is because significant changes were made to the database schema, and it is highly recommended to backup your instance before upgrading. After making your backup, you can upgrade to the latest version either by setting your `stateVersion` to `20.09` or higher, or set the `services.jellyfin.package` to `pkgs.jellyfin`. If you do not wish to upgrade Jellyfin, but want to change your `stateVersion`, you can set the value of `services.jellyfin.package` to `pkgs.jellyfin_10_5`.
- The `security.rngd` service is now disabled by default. This choice was made because there\'s krngd in the linux kernel space making it (for most usecases) functionally redundent.
- The `security.rngd` service is now disabled by default. This choice was made because there's krngd in the linux kernel space making it (for most usecases) functionally redundent.
- The `hardware.nvidia.optimus_prime.enable` service has been renamed to `hardware.nvidia.prime.sync.enable` and has many new enhancements. Related nvidia prime settings may have also changed.
- The package nextcloud17 has been removed and nextcloud18 was marked as insecure since both of them will [ will be EOL (end of life) within the lifetime of 20.09](https://docs.nextcloud.com/server/19/admin_manual/release_schedule.html).
It\'s necessary to upgrade to nextcloud19:
It's necessary to upgrade to nextcloud19:
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn\'t allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
- From nextcloud17, you have to upgrade to nextcloud18 first as Nextcloud doesn't allow going multiple major revisions forward in a single upgrade. This is possible by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud18.
- From nextcloud18, it\'s possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
- From nextcloud18, it's possible to directly upgrade to nextcloud19 by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud19.
- The GNOME desktop manager no longer default installs gnome3.epiphany. It was chosen to do this as it has a usability breaking issue (see issue [\#98819](https://github.com/NixOS/nixpkgs/issues/98819)) that makes it unsuitable to be a default app.
@ -578,7 +578,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `services.journald.rateLimitBurst` was updated from `1000` to `10000` to follow the new upstream systemd default.
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They\'re not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
- The notmuch package moves its emacs-related binaries and emacs lisp files to a separate output. They're not part of the default `out` output anymore - if you relied on the `notmuch-emacs-mua` binary or the emacs lisp files, access them via the `notmuch.emacs` output.
- Device tree overlay support was improved in [\#79370](https://github.com/NixOS/nixpkgs/pull/79370) and now uses [hardware.deviceTree.kernelPackage](options.html#opt-hardware.deviceTree.kernelPackage) instead of `hardware.deviceTree.base`. [hardware.deviceTree.overlays](options.html#opt-hardware.deviceTree.overlays) configuration was extended to support `.dts` files with symbols. Device trees can now be filtered by setting [hardware.deviceTree.filter](options.html#opt-hardware.deviceTree.filter) option.
@ -590,7 +590,7 @@ When upgrading from a previous release, please be aware of the following incompa
Please note that Rust packages utilizing a custom build/install procedure (e.g. by using a `Makefile`) or test suites that rely on the structure of the `target/` directory may break due to those assumptions. For further information, please read the Rust section in the Nixpkgs manual.
- The cc- and binutils-wrapper\'s \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
- The cc- and binutils-wrapper's \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
- Additional Git documentation (HTML and text files) is now available via the `git-doc` package.
@ -598,7 +598,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer. To login through ssh, either a password or an ssh key must be set for the root user or the nixos user.
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn\'t require `systemd-networkd` - it\'s udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
- The scripted networking system now uses `.link` files in `/etc/systemd/network` to configure mac address and link MTU, instead of the sometimes buggy `network-link-*` units, which have been removed. Bringing the interface up has been moved to the beginning of the `network-addresses-*` unit. Note this doesn't require `systemd-networkd` - it's udev that parses `.link` files. Extra care needs to be taken in the presence of [legacy udev rules](https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME) to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. In such cases, you most likely want to create a `10-*.link` file through [systemd.network.links](options.html#opt-systemd.network.links) and set both name and MAC Address / MTU there.
- Grafana received a major update to version 7.x. A plugin is now needed for image rendering support, and plugins must now be signed by default. More information can be found [in the Grafana documentation](https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0).
@ -624,15 +624,15 @@ When upgrading from a previous release, please be aware of the following incompa
to get the previous behavior of listening on all network interfaces.
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it\'s netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
- With this release `systemd-networkd` (when enabled through [networking.useNetworkd](options.html#opt-networking.useNetworkd)) has it's netlink socket created through a `systemd.socket` unit. This gives us control over socket buffer sizes and other parameters. For larger setups where networkd has to create a lot of (virtual) devices the default buffer size (currently 128MB) is not enough.
On a machine with \>100 virtual interfaces (e.g., wireguard tunnels, VLANs, ...), that all have to be brought up during system startup, the receive buffer size will spike for a brief period. Eventually some of the message will be dropped since there is not enough (permitted) buffer space available.
By having `systemd-networkd` start with a netlink socket created by `systemd` we can configure the `ReceiveBufferSize=` parameter in the socket options (i.e. `systemd.sockets.systemd-networkd.socketOptions.ReceiveBufferSize`) without recompiling `systemd-networkd`.
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn\'t currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
Since the actual memory requirements depend on hardware, timing, exact configurations etc. it isn't currently possible to infer a good default from within the NixOS module system. Administrators are advised to monitor the logs of `systemd-networkd` for `rtnl: kernel receive buffer overrun` spam and increase the memory limit as they see fit.
Note: Increasing the `ReceiveBufferSize=` doesn\'t allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
Note: Increasing the `ReceiveBufferSize=` doesn't allocate any memory. It just increases the upper bound on the kernel side. The memory allocation depends on the amount of messages that are queued on the kernel side of the netlink socket.
- Specifying [mailboxes](options.html#opt-services.dovecot2.mailboxes) in the dovecot2 module as a list is deprecated and will break eval in 21.05. Instead, an attribute-set should be specified where the `name` should be the key of the attribute.
@ -662,7 +662,7 @@ When upgrading from a previous release, please be aware of the following incompa
- nextcloud has been updated to [v19](https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/).
If you have an existing installation, please make sure that you\'re on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn\'t support upgrades across multiple major versions.
If you have an existing installation, please make sure that you're on nextcloud18 before upgrading to nextcloud19 since Nextcloud doesn't support upgrades across multiple major versions.
- The `nixos-run-vms` script now deletes the previous run machines states on test startup. You can use the `--keep-vm-state` flag to match the previous behaviour and keep the same VM state between different test runs.

30
nixos/doc/manual/release-notes/rl-2105.section.md
View File

@ -68,9 +68,9 @@ When upgrading from a previous release, please be aware of the following incompa
- If the `services.dbus` module is enabled, then the user D-Bus session is now always socket activated. The associated options `services.dbus.socketActivated` and `services.xserver.startDbusSession` have therefore been removed and you will receive a warning if they are present in your configuration. This change makes the user D-Bus session available also for non-graphical logins.
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don\'t want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don't want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it\'s compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it's compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
- Setting `services.openssh.authorizedKeysFiles` now also affects which keys `security.pam.enableSSHAgentAuth` will use. WARNING: If you are using these options in combination do make sure that any key paths you use are present in `services.openssh.authorizedKeysFiles`!
@ -130,7 +130,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `vim` and `neovim` switched to Python 3, dropping all Python 2 support.
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory\'s permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
- [networking.wireguard.interfaces.\<name\>.generatePrivateKeyFile](options.html#opt-networking.wireguard.interfaces), which is off by default, had a `chmod` race condition fixed. As an aside, the parent directory's permissions were widened, and the key files were made owner-writable. This only affects newly created keys. However, if the exact permissions are important for your setup, read [\#121294](https://github.com/NixOS/nixpkgs/pull/121294).
- [boot.zfs.forceImportAll](options.html#opt-boot.zfs.forceImportAll) previously did nothing, but has been fixed. However its default has been changed to `false` to preserve the existing default behaviour. If you have this explicitly set to `true`, please note that your non-root pools will now be forcibly imported.
@ -157,12 +157,12 @@ When upgrading from a previous release, please be aware of the following incompa
- Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and restarting the instance will now cause it to fetch and apply the new user data.
::: {.warning}
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`\'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
Specifically, `/etc/ec2-metadata` is re-populated on each boot. Some NixOS scripts that read from this directory are guarded to only run if the files they want to manipulate do not already exist, and so will not re-apply their changes if the IMDS response changes. Examples: `root`'s SSH key is only added if `/root/.ssh/authorized_keys` does not exist, and SSH host keys are only set from user data if they do not exist in `/etc/ssh`.
:::
- The `rspamd` services is now sandboxed. It is run as a dynamic user instead of root, so secrets and other files may have to be moved or their permissions may have to be fixed. The sockets are now located in `/run/rspamd` instead of `/run`.
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor\'s faster port, use the following configuration:
- Enabling the Tor client no longer silently also enables and configures Privoxy, and the `services.tor.client.privoxy.enable` option has been removed. To enable Privoxy, and to configure it to use Tor's faster port, use the following configuration:
```nix
{
@ -181,7 +181,7 @@ When upgrading from a previous release, please be aware of the following incompa
- The fish-foreign-env package has been replaced with fishPlugins.foreign-env, in which the fish functions have been relocated to the `vendor_functions.d` directory to be loaded automatically.
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter\'s `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
- The prometheus json exporter is now managed by the prometheus community. Together with additional features some backwards incompatibilities were introduced. Most importantly the exporter no longer accepts a fixed command-line parameter to specify the URL of the endpoint serving JSON. It now expects this URL to be passed as an URL parameter, when scraping the exporter's `/probe` endpoint. In the prometheus scrape configuration the scrape target might look like this:
```
http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/endpoint
@ -230,7 +230,7 @@ When upgrading from a previous release, please be aware of the following incompa
Additionally, packages flashplayer and hal-flash were removed along with the `services.flashpolicyd` module.
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel\'s RNG.
- The `security.rngd` module has been removed. It was disabled by default in 20.09 as it was functionally redundant with krngd in the linux kernel. It is not necessary for any device that the kernel recognises as an hardware RNG, as it will automatically run the krngd task to periodically collect random data from the device and mix it into the kernel's RNG.
The default SMTP port for GitLab has been changed to `25` from its previous default of `465`. If you depended on this default, you should now set the [services.gitlab.smtp.port](options.html#opt-services.gitlab.smtp.port) option.
@ -272,11 +272,11 @@ When upgrading from a previous release, please be aware of the following incompa
- `environment.defaultPackages` now includes the nano package. If pkgs.nano is not added to the list, make sure another editor is installed and the `EDITOR` environment variable is set to it. Environment variables can be set using `environment.variables`.
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn\'t enforce nor checks the correct number of paths to correspond to minio requirements.
- `services.minio.dataDir` changed type to a list of paths, required for specifiyng multiple data directories for using with erasure coding. Currently, the service doesn't enforce nor checks the correct number of paths to correspond to minio requirements.
- All CUDA toolkit versions prior to CUDA 10 have been removed.
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it\'s still `dvp`.
- The kbdKeymaps package was removed since dvp and neo are now included in kbd. If you want to use the Programmer Dvorak Keyboard Layout, you have to use `dvorak-programmer` in `console.keyMap` now instead of `dvp`. In `services.xserver.xkbVariant` it's still `dvp`.
- The babeld service is now being run as an unprivileged user. To achieve that the module configures `skip-kernel-setup true` and takes care of setting forwarding and rp_filter sysctls by itself as well as for each interface in `services.babeld.interfaces`.
@ -286,7 +286,7 @@ When upgrading from a previous release, please be aware of the following incompa
- Instead of determining `services.radicale.package` automatically based on `system.stateVersion`, the latest version is always used because old versions are not officially supported.
Furthermore, Radicale\'s systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
Furthermore, Radicale's systemd unit was hardened which might break some deployments. In particular, a non-default `filesystem_folder` has to be added to `systemd.services.radicale.serviceConfig.ReadWritePaths` if the deprecated `services.radicale.config` is used.
- In the `security.acme` module, use of `--reuse-key` parameter for Lego has been removed. It was introduced for HKPK, but this security feature is now deprecated. It is a better security practice to rotate key pairs instead of always keeping the same. If you need to keep this parameter, you can add it back using `extraLegoRenewFlags` as an option for the appropriate certificate.
@ -294,7 +294,7 @@ When upgrading from a previous release, please be aware of the following incompa
- `stdenv.lib` has been deprecated and will break eval in 21.11. Please use `pkgs.lib` instead. See [\#108938](https://github.com/NixOS/nixpkgs/issues/108938) for details.
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there\'s a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
- [GNURadio](https://www.gnuradio.org/) has a `pkgs` attribute set, and there's a `gnuradio.callPackage` function that extends `pkgs` with a `mkDerivation`, and a `mkDerivationWith`, like Qt5. Now all `gnuradio.pkgs` are defined with `gnuradio.callPackage` and some packages that depend on gnuradio are defined with this as well.
- [Privoxy](https://www.privoxy.org/) has been updated to version 3.0.32 (See [announcement](https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html)). Compared to the previous release, Privoxy has gained support for HTTPS inspection (still experimental), Brotli decompression, several new filters and lots of bug fixes, including security ones. In addition, the package is now built with compression and external filters support, which were previously disabled.
@ -316,13 +316,13 @@ When upgrading from a previous release, please be aware of the following incompa
If this option is disabled, default MTA config becomes not set and you should set the options in `services.mailman.settings.mta` according to the desired configuration as described in [Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html).
- The default-version of `nextcloud` is nextcloud21. Please note that it\'s _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it\'s e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
- The default-version of `nextcloud` is nextcloud21. Please note that it's _not_ possible to upgrade `nextcloud` across multiple major versions! This means that it's e.g. not possible to upgrade from nextcloud18 to nextcloud20 in a single deploy and most `20.09` users will have to upgrade to nextcloud20 first.
The package can be manually upgraded by setting [services.nextcloud.package](options.html#opt-services.nextcloud.package) to nextcloud21.
- The setting [services.redis.bind](options.html#opt-services.redis.bind) defaults to `127.0.0.1` now, making Redis listen on the loopback interface only, and not all public network interfaces.
- NixOS now emits a deprecation warning if systemd\'s `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
- NixOS now emits a deprecation warning if systemd's `StartLimitInterval` setting is used in a `serviceConfig` section instead of in a `unitConfig`; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See [\#45785](https://github.com/NixOS/nixpkgs/issues/45785) for details.
All services should use [systemd.services._name_.startLimitIntervalSec](options.html#opt-systemd.services._name_.startLimitIntervalSec) or `StartLimitIntervalSec` in [systemd.services._name_.unitConfig](options.html#opt-systemd.services._name_.unitConfig) instead.
@ -357,7 +357,7 @@ When upgrading from a previous release, please be aware of the following incompa
`services.unbound.forwardAddresses` and `services.unbound.allowedAccess` have also been changed to use the new settings interface. You can follow the instructions when executing `nixos-rebuild` to upgrade your configuration to use the new interface.
- The `services.dnscrypt-proxy2` module now takes the upstream\'s example configuration and updates it with the user\'s settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
- The `services.dnscrypt-proxy2` module now takes the upstream's example configuration and updates it with the user's settings. An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
- NixOS now defaults to the unified cgroup hierarchy (cgroupsv2). See the [Fedora Article for 31](https://www.redhat.com/sysadmin/fedora-31-control-group-v2) for details on why this is desirable, and how it impacts containers.
@ -371,7 +371,7 @@ When upgrading from a previous release, please be aware of the following incompa
- In the ACME module, the data used to build the hash for the account directory has changed to accommodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly.
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option's description was incorrect regarding ownership management and has been simplified greatly.
- When defining a new user, one of [users.users._name_.isNormalUser](options.html#opt-users.users._name_.isNormalUser) and [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) is now required. This is to prevent accidentally giving a UID above 1000 to system users, which could have unexpected consequences, like running user activation scripts for system users. Note that users defined with an explicit UID below 500 are exempted from this check, as [users.users._name_.isSystemUser](options.html#opt-users.users._name_.isSystemUser) has no effect for those.

2
nixos/doc/manual/release-notes/rl-2111.section.md
View File

@ -235,7 +235,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `erigon` ethereum node has moved to a new database format in `2021-05-04`, and requires a full resync
- The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
- The `erigon` ethereum node has moved its database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
- [users.users.&lt;name&gt;.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of
```nix