pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook"
2 xmlns:xlink="http://www.w3.org/1999/xlink"
3 xmlns:xi="http://www.w3.org/2001/XInclude"
4 version="5.0"
5 xml:id="sec-release-17.09">
6 <title>Release 17.09 (“Hummingbird”, 2017/09/??)</title>
7
8 <section xmlns="http://docbook.org/ns/docbook"
9 xmlns:xlink="http://www.w3.org/1999/xlink"
10 xmlns:xi="http://www.w3.org/2001/XInclude"
11 version="5.0"
12 xml:id="sec-release-17.09-highlights">
13 <title>Highlights</title>
14
15 <para>
16 In addition to numerous new and upgraded packages, this release has the
17 following highlights:
18 </para>
19
20 <itemizedlist>
21 <listitem>
22 <para>
23 The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE
24 Applications to 17.08.1 and KDE Frameworks to 5.37.
25 </para>
26 </listitem>
27 <listitem>
28 <para>
29 The user handling now keeps track of deallocated UIDs/GIDs. When a user or
30 group is revived, this allows it to be allocated the UID/GID it had
31 before. A consequence is that UIDs and GIDs are no longer reused.
32 </para>
33 </listitem>
34 <listitem>
35 <para>
36 The module option <option>services.xserver.xrandrHeads</option> now causes
37 the first head specified in this list to be set as the primary head. Apart
38 from that, it's now possible to also set additional options by using an
39 attribute set, for example:
40<programlisting>
41{ services.xserver.xrandrHeads = [
42 "HDMI-0"
43 {
44 output = "DVI-0";
45 primary = true;
46 monitorConfig = ''
47 Option "Rotate" "right"
48 '';
49 }
50 ];
51}
52</programlisting>
53 This will set the <literal>DVI-0</literal> output to be the primary head,
54 even though <literal>HDMI-0</literal> is the first head in the list.
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 The handling of SSL in the <literal>services.nginx</literal> module has
60 been cleaned up, renaming the misnamed <literal>enableSSL</literal> to
61 <literal>onlySSL</literal> which reflects its original intention. This is
62 not to be used with the already existing <literal>forceSSL</literal> which
63 creates a second non-SSL virtual host redirecting to the SSL virtual host.
64 This by chance had worked earlier due to specific implementation details.
65 In case you had specified both please remove the
66 <literal>enableSSL</literal> option to keep the previous behaviour.
67 </para>
68 <para>
69 Another <literal>addSSL</literal> option has been introduced to configure
70 both a non-SSL virtual host and an SSL virtual host with the same
71 configuration.
72 </para>
73 <para>
74 Options to configure <literal>resolver</literal> options and
75 <literal>upstream</literal> blocks have been introduced. See their
76 information for further details.
77 </para>
78 <para>
79 The <literal>port</literal> option has been replaced by a more generic
80 <literal>listen</literal> option which makes it possible to specify
81 multiple addresses, ports and SSL configs dependant on the new SSL
82 handling mentioned above.
83 </para>
84 </listitem>
85 </itemizedlist>
86 </section>
87
88 <section xmlns="http://docbook.org/ns/docbook"
89 xmlns:xlink="http://www.w3.org/1999/xlink"
90 xmlns:xi="http://www.w3.org/2001/XInclude"
91 version="5.0"
92 xml:id="sec-release-17.09-new-services">
93 <title>New Services</title>
94
95 <para>
96 The following new services were added since the last release:
97 </para>
98
99 <itemizedlist>
100 <listitem>
101 <para>
102 <literal>config/fonts/fontconfig-penultimate.nix</literal>
103 </para>
104 </listitem>
105 <listitem>
106 <para>
107 <literal>config/fonts/fontconfig-ultimate.nix</literal>
108 </para>
109 </listitem>
110 <listitem>
111 <para>
112 <literal>config/terminfo.nix</literal>
113 </para>
114 </listitem>
115 <listitem>
116 <para>
117 <literal>hardware/sensor/iio.nix</literal>
118 </para>
119 </listitem>
120 <listitem>
121 <para>
122 <literal>hardware/nitrokey.nix</literal>
123 </para>
124 </listitem>
125 <listitem>
126 <para>
127 <literal>hardware/raid/hpsa.nix</literal>
128 </para>
129 </listitem>
130 <listitem>
131 <para>
132 <literal>programs/browserpass.nix</literal>
133 </para>
134 </listitem>
135 <listitem>
136 <para>
137 <literal>programs/gnupg.nix</literal>
138 </para>
139 </listitem>
140 <listitem>
141 <para>
142 <literal>programs/qt5ct.nix</literal>
143 </para>
144 </listitem>
145 <listitem>
146 <para>
147 <literal>programs/slock.nix</literal>
148 </para>
149 </listitem>
150 <listitem>
151 <para>
152 <literal>programs/thefuck.nix</literal>
153 </para>
154 </listitem>
155 <listitem>
156 <para>
157 <literal>security/auditd.nix</literal>
158 </para>
159 </listitem>
160 <listitem>
161 <para>
162 <literal>security/lock-kernel-modules.nix</literal>
163 </para>
164 </listitem>
165 <listitem>
166 <para>
167 <literal>service-managers/docker.nix</literal>
168 </para>
169 </listitem>
170 <listitem>
171 <para>
172 <literal>service-managers/trivial.nix</literal>
173 </para>
174 </listitem>
175 <listitem>
176 <para>
177 <literal>services/admin/salt/master.nix</literal>
178 </para>
179 </listitem>
180 <listitem>
181 <para>
182 <literal>services/admin/salt/minion.nix</literal>
183 </para>
184 </listitem>
185 <listitem>
186 <para>
187 <literal>services/audio/slimserver.nix</literal>
188 </para>
189 </listitem>
190 <listitem>
191 <para>
192 <literal>services/cluster/kubernetes/default.nix</literal>
193 </para>
194 </listitem>
195 <listitem>
196 <para>
197 <literal>services/cluster/kubernetes/dns.nix</literal>
198 </para>
199 </listitem>
200 <listitem>
201 <para>
202 <literal>services/cluster/kubernetes/dashboard.nix</literal>
203 </para>
204 </listitem>
205 <listitem>
206 <para>
207 <literal>services/continuous-integration/hail.nix</literal>
208 </para>
209 </listitem>
210 <listitem>
211 <para>
212 <literal>services/databases/clickhouse.nix</literal>
213 </para>
214 </listitem>
215 <listitem>
216 <para>
217 <literal>services/databases/postage.nix</literal>
218 </para>
219 </listitem>
220 <listitem>
221 <para>
222 <literal>services/desktops/gnome3/gnome-disks.nix</literal>
223 </para>
224 </listitem>
225 <listitem>
226 <para>
227 <literal>services/desktops/gnome3/gpaste.nix</literal>
228 </para>
229 </listitem>
230 <listitem>
231 <para>
232 <literal>services/logging/SystemdJournal2Gelf.nix</literal>
233 </para>
234 </listitem>
235 <listitem>
236 <para>
237 <literal>services/logging/heartbeat.nix</literal>
238 </para>
239 </listitem>
240 <listitem>
241 <para>
242 <literal>services/logging/journalwatch.nix</literal>
243 </para>
244 </listitem>
245 <listitem>
246 <para>
247 <literal>services/logging/syslogd.nix</literal>
248 </para>
249 </listitem>
250 <listitem>
251 <para>
252 <literal>services/mail/mailhog.nix</literal>
253 </para>
254 </listitem>
255 <listitem>
256 <para>
257 <literal>services/mail/nullmailer.nix</literal>
258 </para>
259 </listitem>
260 <listitem>
261 <para>
262 <literal>services/misc/airsonic.nix</literal>
263 </para>
264 </listitem>
265 <listitem>
266 <para>
267 <literal>services/misc/autorandr.nix</literal>
268 </para>
269 </listitem>
270 <listitem>
271 <para>
272 <literal>services/misc/exhibitor.nix</literal>
273 </para>
274 </listitem>
275 <listitem>
276 <para>
277 <literal>services/misc/fstrim.nix</literal>
278 </para>
279 </listitem>
280 <listitem>
281 <para>
282 <literal>services/misc/gollum.nix</literal>
283 </para>
284 </listitem>
285 <listitem>
286 <para>
287 <literal>services/misc/irkerd.nix</literal>
288 </para>
289 </listitem>
290 <listitem>
291 <para>
292 <literal>services/misc/jackett.nix</literal>
293 </para>
294 </listitem>
295 <listitem>
296 <para>
297 <literal>services/misc/radarr.nix</literal>
298 </para>
299 </listitem>
300 <listitem>
301 <para>
302 <literal>services/misc/snapper.nix</literal>
303 </para>
304 </listitem>
305 <listitem>
306 <para>
307 <literal>services/monitoring/osquery.nix</literal>
308 </para>
309 </listitem>
310 <listitem>
311 <para>
312 <literal>services/monitoring/prometheus/collectd-exporter.nix</literal>
313 </para>
314 </listitem>
315 <listitem>
316 <para>
317 <literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal>
318 </para>
319 </listitem>
320 <listitem>
321 <para>
322 <literal>services/network-filesystems/kbfs.nix</literal>
323 </para>
324 </listitem>
325 <listitem>
326 <para>
327 <literal>services/networking/dnscache.nix</literal>
328 </para>
329 </listitem>
330 <listitem>
331 <para>
332 <literal>services/networking/fireqos.nix</literal>
333 </para>
334 </listitem>
335 <listitem>
336 <para>
337 <literal>services/networking/iwd.nix</literal>
338 </para>
339 </listitem>
340 <listitem>
341 <para>
342 <literal>services/networking/keepalived/default.nix</literal>
343 </para>
344 </listitem>
345 <listitem>
346 <para>
347 <literal>services/networking/keybase.nix</literal>
348 </para>
349 </listitem>
350 <listitem>
351 <para>
352 <literal>services/networking/lldpd.nix</literal>
353 </para>
354 </listitem>
355 <listitem>
356 <para>
357 <literal>services/networking/matterbridge.nix</literal>
358 </para>
359 </listitem>
360 <listitem>
361 <para>
362 <literal>services/networking/squid.nix</literal>
363 </para>
364 </listitem>
365 <listitem>
366 <para>
367 <literal>services/networking/tinydns.nix</literal>
368 </para>
369 </listitem>
370 <listitem>
371 <para>
372 <literal>services/networking/xrdp.nix</literal>
373 </para>
374 </listitem>
375 <listitem>
376 <para>
377 <literal>services/security/shibboleth-sp.nix</literal>
378 </para>
379 </listitem>
380 <listitem>
381 <para>
382 <literal>services/security/sks.nix</literal>
383 </para>
384 </listitem>
385 <listitem>
386 <para>
387 <literal>services/security/sshguard.nix</literal>
388 </para>
389 </listitem>
390 <listitem>
391 <para>
392 <literal>services/security/torify.nix</literal>
393 </para>
394 </listitem>
395 <listitem>
396 <para>
397 <literal>services/security/usbguard.nix</literal>
398 </para>
399 </listitem>
400 <listitem>
401 <para>
402 <literal>services/security/vault.nix</literal>
403 </para>
404 </listitem>
405 <listitem>
406 <para>
407 <literal>services/system/earlyoom.nix</literal>
408 </para>
409 </listitem>
410 <listitem>
411 <para>
412 <literal>services/system/saslauthd.nix</literal>
413 </para>
414 </listitem>
415 <listitem>
416 <para>
417 <literal>services/web-apps/nexus.nix</literal>
418 </para>
419 </listitem>
420 <listitem>
421 <para>
422 <literal>services/web-apps/pgpkeyserver-lite.nix</literal>
423 </para>
424 </listitem>
425 <listitem>
426 <para>
427 <literal>services/web-apps/piwik.nix</literal>
428 </para>
429 </listitem>
430 <listitem>
431 <para>
432 <literal>services/web-servers/lighttpd/collectd.nix</literal>
433 </para>
434 </listitem>
435 <listitem>
436 <para>
437 <literal>services/web-servers/minio.nix</literal>
438 </para>
439 </listitem>
440 <listitem>
441 <para>
442 <literal>services/x11/display-managers/xpra.nix</literal>
443 </para>
444 </listitem>
445 <listitem>
446 <para>
447 <literal>services/x11/xautolock.nix</literal>
448 </para>
449 </listitem>
450 <listitem>
451 <para>
452 <literal>tasks/filesystems/bcachefs.nix</literal>
453 </para>
454 </listitem>
455 <listitem>
456 <para>
457 <literal>tasks/powertop.nix</literal>
458 </para>
459 </listitem>
460 </itemizedlist>
461 </section>
462
463 <section xmlns="http://docbook.org/ns/docbook"
464 xmlns:xlink="http://www.w3.org/1999/xlink"
465 xmlns:xi="http://www.w3.org/2001/XInclude"
466 version="5.0"
467 xml:id="sec-release-17.09-incompatibilities">
468 <title>Backward Incompatibilities</title>
469
470 <para>
471 When upgrading from a previous release, please be aware of the following
472 incompatible changes:
473 </para>
474
475 <itemizedlist>
476 <listitem>
477 <para>
478 <emphasis role="strong"> In an Qemu-based virtualization environment, the
479 network interface names changed from i.e. <literal>enp0s3</literal> to
480 <literal>ens3</literal>. </emphasis>
481 </para>
482 <para>
483 This is due to a kernel configuration change. The new naming is consistent
484 with those of other Linux distributions with systemd. See
485 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link>
486 for more information.
487 </para>
488 <para>
489 A machine is affected if the <literal>virt-what</literal> tool either
490 returns <literal>qemu</literal> or <literal>kvm</literal>
491 <emphasis>and</emphasis> has interface names used in any part of its NixOS
492 configuration, in particular if a static network configuration with
493 <literal>networking.interfaces</literal> is used.
494 </para>
495 <para>
496 Before rebooting affected machines, please ensure:
497 <itemizedlist>
498 <listitem>
499 <para>
500 Change the interface names in your NixOS configuration. The first
501 interface will be called <literal>ens3</literal>, the second one
502 <literal>ens8</literal> and starting from there incremented by 1.
503 </para>
504 </listitem>
505 <listitem>
506 <para>
507 After changing the interface names, rebuild your system with
508 <literal>nixos-rebuild boot</literal> to activate the new configuration
509 after a reboot. If you switch to the new configuration right away you
510 might lose network connectivity! If using <literal>nixops</literal>,
511 deploy with <literal>nixops deploy --force-reboot</literal>.
512 </para>
513 </listitem>
514 </itemizedlist>
515 </para>
516 </listitem>
517 <listitem>
518 <para>
519 The following changes apply if the <literal>stateVersion</literal> is
520 changed to 17.09 or higher. For <literal>stateVersion = "17.03"</literal>
521 or lower the old behavior is preserved.
522 </para>
523 <itemizedlist>
524 <listitem>
525 <para>
526 The <literal>postgres</literal> default version was changed from 9.5 to
527 9.6.
528 </para>
529 </listitem>
530 <listitem>
531 <para>
532 The <literal>postgres</literal> superuser name has changed from
533 <literal>root</literal> to <literal>postgres</literal> to more closely
534 follow what other Linux distributions are doing.
535 </para>
536 </listitem>
537 <listitem>
538 <para>
539 The <literal>postgres</literal> default <literal>dataDir</literal> has
540 changed from <literal>/var/db/postgres</literal> to
541 <literal>/var/lib/postgresql/$psqlSchema</literal> where $psqlSchema is
542 9.6 for example.
543 </para>
544 </listitem>
545 <listitem>
546 <para>
547 The <literal>mysql</literal> default <literal>dataDir</literal> has
548 changed from <literal>/var/mysql</literal> to
549 <literal>/var/lib/mysql</literal>.
550 </para>
551 </listitem>
552 <listitem>
553 <para>
554 Radicale's default package has changed from 1.x to 2.x. Instructions to
555 migrate can be found <link xlink:href="http://radicale.org/1to2/"> here
556 </link>. It is also possible to use the newer version by setting the
557 <literal>package</literal> to <literal>radicale2</literal>, which is
558 done automatically when <literal>stateVersion</literal> is 17.09 or
559 higher. The <literal>extraArgs</literal> option has been added to allow
560 passing the data migration arguments specified in the instructions; see
561 the
562 <filename xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/radicale.nix">radicale.nix</filename>
563 NixOS test for an example migration.
564 </para>
565 </listitem>
566 </itemizedlist>
567 </listitem>
568 <listitem>
569 <para>
570 The <literal>aiccu</literal> package was removed. This is due to SixXS
571 <link xlink:href="https://www.sixxs.net/main/"> sunsetting</link> its IPv6
572 tunnel.
573 </para>
574 </listitem>
575 <listitem>
576 <para>
577 The <literal>fanctl</literal> package and <literal>fan</literal> module
578 have been removed due to the developers not upstreaming their iproute2
579 patches and lagging with compatibility to recent iproute2 versions.
580 </para>
581 </listitem>
582 <listitem>
583 <para>
584 Top-level <literal>idea</literal> package collection was renamed. All
585 JetBrains IDEs are now at <literal>jetbrains</literal>.
586 </para>
587 </listitem>
588 <listitem>
589 <para>
590 <literal>flexget</literal>'s state database cannot be upgraded to its new
591 internal format, requiring removal of any existing
592 <literal>db-config.sqlite</literal> which will be automatically recreated.
593 </para>
594 </listitem>
595 <listitem>
596 <para>
597 The <literal>ipfs</literal> service now doesn't ignore the
598 <literal>dataDir</literal> option anymore. If you've ever set this option
599 to anything other than the default you'll have to either unset it (so the
600 default gets used) or migrate the old data manually with
601<programlisting>
602dataDir=<valueOfDataDir>
603mv /var/lib/ipfs/.ipfs/* $dataDir
604rmdir /var/lib/ipfs/.ipfs
605</programlisting>
606 </para>
607 </listitem>
608 <listitem>
609 <para>
610 The <literal>caddy</literal> service was previously using an extra
611 <literal>.caddy</literal> directory in the data directory specified with
612 the <literal>dataDir</literal> option. The contents of the
613 <literal>.caddy</literal> directory are now expected to be in the
614 <literal>dataDir</literal>.
615 </para>
616 </listitem>
617 <listitem>
618 <para>
619 The <literal>ssh-agent</literal> user service is not started by default
620 anymore. Use <literal>programs.ssh.startAgent</literal> to enable it if
621 needed. There is also a new <literal>programs.gnupg.agent</literal> module
622 that creates a <literal>gpg-agent</literal> user service. It can also
623 serve as a SSH agent if <literal>enableSSHSupport</literal> is set.
624 </para>
625 </listitem>
626 <listitem>
627 <para>
628 The <literal>services.tinc.networks.<name>.listenAddress</literal>
629 option had a misleading name that did not correspond to its behavior. It
630 now correctly defines the ip to listen for incoming connections on. To
631 keep the previous behaviour, use
632 <literal>services.tinc.networks.<name>.bindToAddress</literal>
633 instead. Refer to the description of the options for more details.
634 </para>
635 </listitem>
636 <listitem>
637 <para>
638 <literal>tlsdate</literal> package and module were removed. This is due to
639 the project being dead and not building with openssl 1.1.
640 </para>
641 </listitem>
642 <listitem>
643 <para>
644 <literal>wvdial</literal> package and module were removed. This is due to
645 the project being dead and not building with openssl 1.1.
646 </para>
647 </listitem>
648 <listitem>
649 <para>
650 <literal>cc-wrapper</literal>'s setup-hook now exports a number of
651 environment variables corresponding to binutils binaries, (e.g.
652 <envar>LD</envar>, <envar>STRIP</envar>, <envar>RANLIB</envar>, etc). This
653 is done to prevent packages' build systems guessing, which is harder to
654 predict, especially when cross-compiling. However, some packages have
655 broken due to this—their build systems either not supporting, or
656 claiming to support without adequate testing, taking such environment
657 variables as parameters.
658 </para>
659 </listitem>
660 <listitem>
661 <para>
662 <literal>services.firefox.syncserver</literal> now runs by default as a
663 non-root user. To accomodate this change, the default sqlite database
664 location has also been changed. Migration should work automatically. Refer
665 to the description of the options for more details.
666 </para>
667 </listitem>
668 <listitem>
669 <para>
670 The <literal>compiz</literal> window manager and package was removed. The
671 system support had been broken for several years.
672 </para>
673 </listitem>
674 <listitem>
675 <para>
676 Touchpad support should now be enabled through <literal>libinput</literal>
677 as <literal>synaptics</literal> is now deprecated. See the option
678 <literal>services.xserver.libinput.enable</literal>.
679 </para>
680 </listitem>
681 <listitem>
682 <para>
683 grsecurity/PaX support has been dropped, following upstream's decision to
684 cease free support. See
685 <link xlink:href="https://grsecurity.net/passing_the_baton.php">
686 upstream's announcement</link> for more information. No complete
687 replacement for grsecurity/PaX is available presently.
688 </para>
689 </listitem>
690 <listitem>
691 <para>
692 <literal>services.mysql</literal> now has declarative configuration of
693 databases and users with the <literal>ensureDatabases</literal> and
694 <literal>ensureUsers</literal> options.
695 </para>
696 <para>
697 These options will never delete existing databases and users, especially
698 not when the value of the options are changed.
699 </para>
700 <para>
701 The MySQL users will be identified using
702 <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
703 Unix socket authentication</link>. This authenticates the Unix user with
704 the same name only, and that without the need for a password.
705 </para>
706 <para>
707 If you have previously created a MySQL <literal>root</literal> user
708 <emphasis>with a password</emphasis>, you will need to add
709 <literal>root</literal> user for unix socket authentication before using
710 the new options. This can be done by running the following SQL script:
711<programlisting language="sql">
712CREATE USER 'root'@'%' IDENTIFIED BY '';
713GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
714FLUSH PRIVILEGES;
715
716-- Optionally, delete the password-authenticated user:
717-- DROP USER 'root'@'localhost';
718</programlisting>
719 </para>
720 </listitem>
721 <listitem>
722 <para>
723 <literal>services.mysqlBackup</literal> now works by default without any
724 user setup, including for users other than <literal>mysql</literal>.
725 </para>
726 <para>
727 By default, the <literal>mysql</literal> user is no longer the user which
728 performs the backup. Instead a system account
729 <literal>mysqlbackup</literal> is used.
730 </para>
731 <para>
732 The <literal>mysqlBackup</literal> service is also now using systemd
733 timers instead of <literal>cron</literal>.
734 </para>
735 <para>
736 Therefore, the <literal>services.mysqlBackup.period</literal> option no
737 longer exists, and has been replaced with
738 <literal>services.mysqlBackup.calendar</literal>, which is in the format
739 of
740 <link
741 xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events">systemd.time(7)</link>.
742 </para>
743 <para>
744 If you expect to be sent an e-mail when the backup fails, consider using a
745 script which monitors the systemd journal for errors. Regretfully, at
746 present there is no built-in functionality for this.
747 </para>
748 <para>
749 You can check that backups still work by running <command>systemctl start
750 mysql-backup</command> then <command>systemctl status
751 mysql-backup</command>.
752 </para>
753 </listitem>
754 <listitem>
755 <para>
756 Templated systemd services e.g <literal>container@name</literal> are now
757 handled currectly when switching to a new configuration, resulting in them
758 being reloaded.
759 </para>
760 </listitem>
761 <listitem>
762 <para>
763 Steam: the <literal>newStdcpp</literal> parameter was removed and should
764 not be needed anymore.
765 </para>
766 </listitem>
767 <listitem>
768 <para>
769 Redis has been updated to version 4 which mandates a cluster mass-restart,
770 due to changes in the network handling, in order to ensure compatibility
771 with networks NATing traffic.
772 </para>
773 </listitem>
774 </itemizedlist>
775 </section>
776
777 <section xmlns="http://docbook.org/ns/docbook"
778 xmlns:xlink="http://www.w3.org/1999/xlink"
779 xmlns:xi="http://www.w3.org/2001/XInclude"
780 version="5.0"
781 xml:id="sec-release-17.09-notable-changes">
782 <title>Other Notable Changes</title>
783
784 <itemizedlist>
785 <listitem>
786 <para>
787 Modules can now be disabled by using
788 <link
789 xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
790 disabledModules</link>, allowing another to take it's place. This can be
791 used to import a set of modules from another channel while keeping the
792 rest of the system on a stable release.
793 </para>
794 </listitem>
795 <listitem>
796 <para>
797 Updated to FreeType 2.7.1, including a new TrueType engine. The new engine
798 replaces the Infinality engine which was the default in NixOS. The default
799 font rendering settings are now provided by fontconfig-penultimate,
800 replacing fontconfig-ultimate; the new defaults are less invasive and
801 provide rendering that is more consistent with other systems and hopefully
802 with each font designer's intent. Some system-wide configuration has been
803 removed from the Fontconfig NixOS module where user Fontconfig settings
804 are available.
805 </para>
806 </listitem>
807 <listitem>
808 <para>
809 ZFS/SPL have been updated to 0.7.0, <literal>zfsUnstable,
810 splUnstable</literal> have therefore been removed.
811 </para>
812 </listitem>
813 <listitem>
814 <para>
815 The <option>time.timeZone</option> option now allows the value
816 <literal>null</literal> in addition to timezone strings. This value allows
817 changing the timezone of a system imperatively using <command>timedatectl
818 set-timezone</command>. The default timezone is still UTC.
819 </para>
820 </listitem>
821 <listitem>
822 <para>
823 Nixpkgs overlays may now be specified with a file as well as a directory.
824 The value of <literal><nixpkgs-overlays></literal> may be a file, and
825 <filename>~/.config/nixpkgs/overlays.nix</filename> can be used instead of
826 the <filename>~/.config/nixpkgs/overlays</filename> directory.
827 </para>
828 <para>
829 See the overlays chapter of the Nixpkgs manual for more details.
830 </para>
831 </listitem>
832 <listitem>
833 <para>
834 Definitions for <filename>/etc/hosts</filename> can now be specified
835 declaratively with <literal>networking.hosts</literal>.
836 </para>
837 </listitem>
838 <listitem>
839 <para>
840 Two new options have been added to the installer loader, in addition to
841 the default having changed. The kernel log verbosity has been lowered to
842 the upstream default for the default options, in order to not spam the
843 console when e.g. joining a network.
844 </para>
845 <para>
846 This therefore leads to adding a new <literal>debug</literal> option to
847 set the log level to the previous verbose mode, to make debugging easier,
848 but still accessible easily.
849 </para>
850 <para>
851 Additionally a <literal>copytoram</literal> option has been added, which
852 makes it possible to remove the install medium after booting. This allows
853 tethering from your phone after booting from it.
854 </para>
855 </listitem>
856 <listitem>
857 <para>
858 <literal>services.gitlab-runner.configOptions</literal> has been added to
859 specify the configuration of gitlab-runners declaratively.
860 </para>
861 </listitem>
862 <listitem>
863 <para>
864 <literal>services.jenkins.plugins</literal> has been added to install
865 plugins easily, this can be generated with jenkinsPlugins2nix.
866 </para>
867 </listitem>
868 <listitem>
869 <para>
870 <literal>services.postfix.config</literal> has been added to specify the
871 main.cf with NixOS options. Additionally other options have been added to
872 the postfix module and has been improved further.
873 </para>
874 </listitem>
875 <listitem>
876 <para>
877 The GitLab package and module have been updated to the latest 10.0
878 release.
879 </para>
880 </listitem>
881 <listitem>
882 <para>
883 The <literal>systemd-boot</literal> boot loader now lists the NixOS
884 version, kernel version and build date of all bootable generations.
885 </para>
886 </listitem>
887 <listitem>
888 <para>
889 The dnscrypt-proxy service now defaults to using a random upstream
890 resolver, selected from the list of public non-logging resolvers with
891 DNSSEC support. Existing configurations can be migrated to this mode of
892 operation by omitting the
893 <option>services.dnscrypt-proxy.resolverName</option> option or setting it
894 to <literal>"random"</literal>.
895 </para>
896 </listitem>
897 </itemizedlist>
898 </section>
899</section>