pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-17.09">
2 <title>Release 17.09 (<quote>Hummingbird</quote>, 2017/09/??)</title>
3 <section xml:id="sec-release-17.09-highlights">
4 <title>Highlights</title>
5 <para>
6 In addition to numerous new and upgraded packages, this release
7 has the following highlights:
8 </para>
9 <itemizedlist>
10 <listitem>
11 <para>
12 The GNOME version is now 3.24. KDE Plasma was upgraded to
13 5.10, KDE Applications to 17.08.1 and KDE Frameworks to 5.37.
14 </para>
15 </listitem>
16 <listitem>
17 <para>
18 The user handling now keeps track of deallocated UIDs/GIDs.
19 When a user or group is revived, this allows it to be
20 allocated the UID/GID it had before. A consequence is that
21 UIDs and GIDs are no longer reused.
22 </para>
23 </listitem>
24 <listitem>
25 <para>
26 The module option
27 <literal>services.xserver.xrandrHeads</literal> now causes the
28 first head specified in this list to be set as the primary
29 head. Apart from that, it's now possible to also set
30 additional options by using an attribute set, for example:
31 </para>
32 <programlisting language="bash">
33{ services.xserver.xrandrHeads = [
34 "HDMI-0"
35 {
36 output = "DVI-0";
37 primary = true;
38 monitorConfig = ''
39 Option "Rotate" "right"
40 '';
41 }
42 ];
43}
44</programlisting>
45 <para>
46 This will set the <literal>DVI-0</literal> output to be the
47 primary head, even though <literal>HDMI-0</literal> is the
48 first head in the list.
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 The handling of SSL in the <literal>services.nginx</literal>
54 module has been cleaned up, renaming the misnamed
55 <literal>enableSSL</literal> to <literal>onlySSL</literal>
56 which reflects its original intention. This is not to be used
57 with the already existing <literal>forceSSL</literal> which
58 creates a second non-SSL virtual host redirecting to the SSL
59 virtual host. This by chance had worked earlier due to
60 specific implementation details. In case you had specified
61 both please remove the <literal>enableSSL</literal> option to
62 keep the previous behaviour.
63 </para>
64 <para>
65 Another <literal>addSSL</literal> option has been introduced
66 to configure both a non-SSL virtual host and an SSL virtual
67 host with the same configuration.
68 </para>
69 <para>
70 Options to configure <literal>resolver</literal> options and
71 <literal>upstream</literal> blocks have been introduced. See
72 their information for further details.
73 </para>
74 <para>
75 The <literal>port</literal> option has been replaced by a more
76 generic <literal>listen</literal> option which makes it
77 possible to specify multiple addresses, ports and SSL configs
78 dependant on the new SSL handling mentioned above.
79 </para>
80 </listitem>
81 </itemizedlist>
82 </section>
83 <section xml:id="sec-release-17.09-new-services">
84 <title>New Services</title>
85 <para>
86 The following new services were added since the last release:
87 </para>
88 <itemizedlist>
89 <listitem>
90 <para>
91 <literal>config/fonts/fontconfig-penultimate.nix</literal>
92 </para>
93 </listitem>
94 <listitem>
95 <para>
96 <literal>config/fonts/fontconfig-ultimate.nix</literal>
97 </para>
98 </listitem>
99 <listitem>
100 <para>
101 <literal>config/terminfo.nix</literal>
102 </para>
103 </listitem>
104 <listitem>
105 <para>
106 <literal>hardware/sensor/iio.nix</literal>
107 </para>
108 </listitem>
109 <listitem>
110 <para>
111 <literal>hardware/nitrokey.nix</literal>
112 </para>
113 </listitem>
114 <listitem>
115 <para>
116 <literal>hardware/raid/hpsa.nix</literal>
117 </para>
118 </listitem>
119 <listitem>
120 <para>
121 <literal>programs/browserpass.nix</literal>
122 </para>
123 </listitem>
124 <listitem>
125 <para>
126 <literal>programs/gnupg.nix</literal>
127 </para>
128 </listitem>
129 <listitem>
130 <para>
131 <literal>programs/qt5ct.nix</literal>
132 </para>
133 </listitem>
134 <listitem>
135 <para>
136 <literal>programs/slock.nix</literal>
137 </para>
138 </listitem>
139 <listitem>
140 <para>
141 <literal>programs/thefuck.nix</literal>
142 </para>
143 </listitem>
144 <listitem>
145 <para>
146 <literal>security/auditd.nix</literal>
147 </para>
148 </listitem>
149 <listitem>
150 <para>
151 <literal>security/lock-kernel-modules.nix</literal>
152 </para>
153 </listitem>
154 <listitem>
155 <para>
156 <literal>service-managers/docker.nix</literal>
157 </para>
158 </listitem>
159 <listitem>
160 <para>
161 <literal>service-managers/trivial.nix</literal>
162 </para>
163 </listitem>
164 <listitem>
165 <para>
166 <literal>services/admin/salt/master.nix</literal>
167 </para>
168 </listitem>
169 <listitem>
170 <para>
171 <literal>services/admin/salt/minion.nix</literal>
172 </para>
173 </listitem>
174 <listitem>
175 <para>
176 <literal>services/audio/slimserver.nix</literal>
177 </para>
178 </listitem>
179 <listitem>
180 <para>
181 <literal>services/cluster/kubernetes/default.nix</literal>
182 </para>
183 </listitem>
184 <listitem>
185 <para>
186 <literal>services/cluster/kubernetes/dns.nix</literal>
187 </para>
188 </listitem>
189 <listitem>
190 <para>
191 <literal>services/cluster/kubernetes/dashboard.nix</literal>
192 </para>
193 </listitem>
194 <listitem>
195 <para>
196 <literal>services/continuous-integration/hail.nix</literal>
197 </para>
198 </listitem>
199 <listitem>
200 <para>
201 <literal>services/databases/clickhouse.nix</literal>
202 </para>
203 </listitem>
204 <listitem>
205 <para>
206 <literal>services/databases/postage.nix</literal>
207 </para>
208 </listitem>
209 <listitem>
210 <para>
211 <literal>services/desktops/gnome3/gnome-disks.nix</literal>
212 </para>
213 </listitem>
214 <listitem>
215 <para>
216 <literal>services/desktops/gnome3/gpaste.nix</literal>
217 </para>
218 </listitem>
219 <listitem>
220 <para>
221 <literal>services/logging/SystemdJournal2Gelf.nix</literal>
222 </para>
223 </listitem>
224 <listitem>
225 <para>
226 <literal>services/logging/heartbeat.nix</literal>
227 </para>
228 </listitem>
229 <listitem>
230 <para>
231 <literal>services/logging/journalwatch.nix</literal>
232 </para>
233 </listitem>
234 <listitem>
235 <para>
236 <literal>services/logging/syslogd.nix</literal>
237 </para>
238 </listitem>
239 <listitem>
240 <para>
241 <literal>services/mail/mailhog.nix</literal>
242 </para>
243 </listitem>
244 <listitem>
245 <para>
246 <literal>services/mail/nullmailer.nix</literal>
247 </para>
248 </listitem>
249 <listitem>
250 <para>
251 <literal>services/misc/airsonic.nix</literal>
252 </para>
253 </listitem>
254 <listitem>
255 <para>
256 <literal>services/misc/autorandr.nix</literal>
257 </para>
258 </listitem>
259 <listitem>
260 <para>
261 <literal>services/misc/exhibitor.nix</literal>
262 </para>
263 </listitem>
264 <listitem>
265 <para>
266 <literal>services/misc/fstrim.nix</literal>
267 </para>
268 </listitem>
269 <listitem>
270 <para>
271 <literal>services/misc/gollum.nix</literal>
272 </para>
273 </listitem>
274 <listitem>
275 <para>
276 <literal>services/misc/irkerd.nix</literal>
277 </para>
278 </listitem>
279 <listitem>
280 <para>
281 <literal>services/misc/jackett.nix</literal>
282 </para>
283 </listitem>
284 <listitem>
285 <para>
286 <literal>services/misc/radarr.nix</literal>
287 </para>
288 </listitem>
289 <listitem>
290 <para>
291 <literal>services/misc/snapper.nix</literal>
292 </para>
293 </listitem>
294 <listitem>
295 <para>
296 <literal>services/monitoring/osquery.nix</literal>
297 </para>
298 </listitem>
299 <listitem>
300 <para>
301 <literal>services/monitoring/prometheus/collectd-exporter.nix</literal>
302 </para>
303 </listitem>
304 <listitem>
305 <para>
306 <literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal>
307 </para>
308 </listitem>
309 <listitem>
310 <para>
311 <literal>services/network-filesystems/kbfs.nix</literal>
312 </para>
313 </listitem>
314 <listitem>
315 <para>
316 <literal>services/networking/dnscache.nix</literal>
317 </para>
318 </listitem>
319 <listitem>
320 <para>
321 <literal>services/networking/fireqos.nix</literal>
322 </para>
323 </listitem>
324 <listitem>
325 <para>
326 <literal>services/networking/iwd.nix</literal>
327 </para>
328 </listitem>
329 <listitem>
330 <para>
331 <literal>services/networking/keepalived/default.nix</literal>
332 </para>
333 </listitem>
334 <listitem>
335 <para>
336 <literal>services/networking/keybase.nix</literal>
337 </para>
338 </listitem>
339 <listitem>
340 <para>
341 <literal>services/networking/lldpd.nix</literal>
342 </para>
343 </listitem>
344 <listitem>
345 <para>
346 <literal>services/networking/matterbridge.nix</literal>
347 </para>
348 </listitem>
349 <listitem>
350 <para>
351 <literal>services/networking/squid.nix</literal>
352 </para>
353 </listitem>
354 <listitem>
355 <para>
356 <literal>services/networking/tinydns.nix</literal>
357 </para>
358 </listitem>
359 <listitem>
360 <para>
361 <literal>services/networking/xrdp.nix</literal>
362 </para>
363 </listitem>
364 <listitem>
365 <para>
366 <literal>services/security/shibboleth-sp.nix</literal>
367 </para>
368 </listitem>
369 <listitem>
370 <para>
371 <literal>services/security/sks.nix</literal>
372 </para>
373 </listitem>
374 <listitem>
375 <para>
376 <literal>services/security/sshguard.nix</literal>
377 </para>
378 </listitem>
379 <listitem>
380 <para>
381 <literal>services/security/torify.nix</literal>
382 </para>
383 </listitem>
384 <listitem>
385 <para>
386 <literal>services/security/usbguard.nix</literal>
387 </para>
388 </listitem>
389 <listitem>
390 <para>
391 <literal>services/security/vault.nix</literal>
392 </para>
393 </listitem>
394 <listitem>
395 <para>
396 <literal>services/system/earlyoom.nix</literal>
397 </para>
398 </listitem>
399 <listitem>
400 <para>
401 <literal>services/system/saslauthd.nix</literal>
402 </para>
403 </listitem>
404 <listitem>
405 <para>
406 <literal>services/web-apps/nexus.nix</literal>
407 </para>
408 </listitem>
409 <listitem>
410 <para>
411 <literal>services/web-apps/pgpkeyserver-lite.nix</literal>
412 </para>
413 </listitem>
414 <listitem>
415 <para>
416 <literal>services/web-apps/piwik.nix</literal>
417 </para>
418 </listitem>
419 <listitem>
420 <para>
421 <literal>services/web-servers/lighttpd/collectd.nix</literal>
422 </para>
423 </listitem>
424 <listitem>
425 <para>
426 <literal>services/web-servers/minio.nix</literal>
427 </para>
428 </listitem>
429 <listitem>
430 <para>
431 <literal>services/x11/display-managers/xpra.nix</literal>
432 </para>
433 </listitem>
434 <listitem>
435 <para>
436 <literal>services/x11/xautolock.nix</literal>
437 </para>
438 </listitem>
439 <listitem>
440 <para>
441 <literal>tasks/filesystems/bcachefs.nix</literal>
442 </para>
443 </listitem>
444 <listitem>
445 <para>
446 <literal>tasks/powertop.nix</literal>
447 </para>
448 </listitem>
449 </itemizedlist>
450 </section>
451 <section xml:id="sec-release-17.09-incompatibilities">
452 <title>Backward Incompatibilities</title>
453 <para>
454 When upgrading from a previous release, please be aware of the
455 following incompatible changes:
456 </para>
457 <itemizedlist>
458 <listitem>
459 <para>
460 <emphasis role="strong">In an Qemu-based virtualization
461 environment, the network interface names changed from i.e.
462 <literal>enp0s3</literal> to
463 <literal>ens3</literal>.</emphasis>
464 </para>
465 <para>
466 This is due to a kernel configuration change. The new naming
467 is consistent with those of other Linux distributions with
468 systemd. See
469 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link>
470 for more information.
471 </para>
472 <para>
473 A machine is affected if the <literal>virt-what</literal> tool
474 either returns <literal>qemu</literal> or
475 <literal>kvm</literal> <emphasis>and</emphasis> has interface
476 names used in any part of its NixOS configuration, in
477 particular if a static network configuration with
478 <literal>networking.interfaces</literal> is used.
479 </para>
480 <para>
481 Before rebooting affected machines, please ensure:
482 </para>
483 <itemizedlist>
484 <listitem>
485 <para>
486 Change the interface names in your NixOS configuration.
487 The first interface will be called
488 <literal>ens3</literal>, the second one
489 <literal>ens8</literal> and starting from there
490 incremented by 1.
491 </para>
492 </listitem>
493 <listitem>
494 <para>
495 After changing the interface names, rebuild your system
496 with <literal>nixos-rebuild boot</literal> to activate the
497 new configuration after a reboot. If you switch to the new
498 configuration right away you might lose network
499 connectivity! If using <literal>nixops</literal>, deploy
500 with <literal>nixops deploy --force-reboot</literal>.
501 </para>
502 </listitem>
503 </itemizedlist>
504 </listitem>
505 <listitem>
506 <para>
507 The following changes apply if the
508 <literal>stateVersion</literal> is changed to 17.09 or higher.
509 For <literal>stateVersion = "17.03"</literal> or
510 lower the old behavior is preserved.
511 </para>
512 <itemizedlist>
513 <listitem>
514 <para>
515 The <literal>postgres</literal> default version was
516 changed from 9.5 to 9.6.
517 </para>
518 </listitem>
519 <listitem>
520 <para>
521 The <literal>postgres</literal> superuser name has changed
522 from <literal>root</literal> to
523 <literal>postgres</literal> to more closely follow what
524 other Linux distributions are doing.
525 </para>
526 </listitem>
527 <listitem>
528 <para>
529 The <literal>postgres</literal> default
530 <literal>dataDir</literal> has changed from
531 <literal>/var/db/postgres</literal> to
532 <literal>/var/lib/postgresql/$psqlSchema</literal> where
533 $psqlSchema is 9.6 for example.
534 </para>
535 </listitem>
536 <listitem>
537 <para>
538 The <literal>mysql</literal> default
539 <literal>dataDir</literal> has changed from
540 <literal>/var/mysql</literal> to
541 <literal>/var/lib/mysql</literal>.
542 </para>
543 </listitem>
544 <listitem>
545 <para>
546 Radicale's default package has changed from 1.x to 2.x.
547 Instructions to migrate can be found
548 <link xlink:href="http://radicale.org/1to2/"> here
549 </link>. It is also possible to use the newer version by
550 setting the <literal>package</literal> to
551 <literal>radicale2</literal>, which is done automatically
552 when <literal>stateVersion</literal> is 17.09 or higher.
553 The <literal>extraArgs</literal> option has been added to
554 allow passing the data migration arguments specified in
555 the instructions; see the <literal>radicale.nix</literal>
556 NixOS test for an example migration.
557 </para>
558 </listitem>
559 </itemizedlist>
560 </listitem>
561 <listitem>
562 <para>
563 The <literal>aiccu</literal> package was removed. This is due
564 to SixXS <link xlink:href="https://www.sixxs.net/main/">
565 sunsetting</link> its IPv6 tunnel.
566 </para>
567 </listitem>
568 <listitem>
569 <para>
570 The <literal>fanctl</literal> package and
571 <literal>fan</literal> module have been removed due to the
572 developers not upstreaming their iproute2 patches and lagging
573 with compatibility to recent iproute2 versions.
574 </para>
575 </listitem>
576 <listitem>
577 <para>
578 Top-level <literal>idea</literal> package collection was
579 renamed. All JetBrains IDEs are now at
580 <literal>jetbrains</literal>.
581 </para>
582 </listitem>
583 <listitem>
584 <para>
585 <literal>flexget</literal>'s state database cannot be upgraded
586 to its new internal format, requiring removal of any existing
587 <literal>db-config.sqlite</literal> which will be
588 automatically recreated.
589 </para>
590 </listitem>
591 <listitem>
592 <para>
593 The <literal>ipfs</literal> service now doesn't ignore the
594 <literal>dataDir</literal> option anymore. If you've ever set
595 this option to anything other than the default you'll have to
596 either unset it (so the default gets used) or migrate the old
597 data manually with
598 </para>
599 <programlisting>
600dataDir=<valueOfDataDir>
601mv /var/lib/ipfs/.ipfs/* $dataDir
602rmdir /var/lib/ipfs/.ipfs
603</programlisting>
604 </listitem>
605 <listitem>
606 <para>
607 The <literal>caddy</literal> service was previously using an
608 extra <literal>.caddy</literal> directory in the data
609 directory specified with the <literal>dataDir</literal>
610 option. The contents of the <literal>.caddy</literal>
611 directory are now expected to be in the
612 <literal>dataDir</literal>.
613 </para>
614 </listitem>
615 <listitem>
616 <para>
617 The <literal>ssh-agent</literal> user service is not started
618 by default anymore. Use
619 <literal>programs.ssh.startAgent</literal> to enable it if
620 needed. There is also a new
621 <literal>programs.gnupg.agent</literal> module that creates a
622 <literal>gpg-agent</literal> user service. It can also serve
623 as a SSH agent if <literal>enableSSHSupport</literal> is set.
624 </para>
625 </listitem>
626 <listitem>
627 <para>
628 The
629 <literal>services.tinc.networks.<name>.listenAddress</literal>
630 option had a misleading name that did not correspond to its
631 behavior. It now correctly defines the ip to listen for
632 incoming connections on. To keep the previous behaviour, use
633 <literal>services.tinc.networks.<name>.bindToAddress</literal>
634 instead. Refer to the description of the options for more
635 details.
636 </para>
637 </listitem>
638 <listitem>
639 <para>
640 <literal>tlsdate</literal> package and module were removed.
641 This is due to the project being dead and not building with
642 openssl 1.1.
643 </para>
644 </listitem>
645 <listitem>
646 <para>
647 <literal>wvdial</literal> package and module were removed.
648 This is due to the project being dead and not building with
649 openssl 1.1.
650 </para>
651 </listitem>
652 <listitem>
653 <para>
654 <literal>cc-wrapper</literal>'s setup-hook now exports a
655 number of environment variables corresponding to binutils
656 binaries, (e.g. <literal>LD</literal>,
657 <literal>STRIP</literal>, <literal>RANLIB</literal>, etc).
658 This is done to prevent packages' build systems guessing,
659 which is harder to predict, especially when cross-compiling.
660 However, some packages have broken due to this—their build
661 systems either not supporting, or claiming to support without
662 adequate testing, taking such environment variables as
663 parameters.
664 </para>
665 </listitem>
666 <listitem>
667 <para>
668 <literal>services.firefox.syncserver</literal> now runs by
669 default as a non-root user. To accomodate this change, the
670 default sqlite database location has also been changed.
671 Migration should work automatically. Refer to the description
672 of the options for more details.
673 </para>
674 </listitem>
675 <listitem>
676 <para>
677 The <literal>compiz</literal> window manager and package was
678 removed. The system support had been broken for several years.
679 </para>
680 </listitem>
681 <listitem>
682 <para>
683 Touchpad support should now be enabled through
684 <literal>libinput</literal> as <literal>synaptics</literal> is
685 now deprecated. See the option
686 <literal>services.xserver.libinput.enable</literal>.
687 </para>
688 </listitem>
689 <listitem>
690 <para>
691 grsecurity/PaX support has been dropped, following upstream's
692 decision to cease free support. See
693 <link xlink:href="https://grsecurity.net/passing_the_baton.php">
694 upstream's announcement</link> for more information. No
695 complete replacement for grsecurity/PaX is available
696 presently.
697 </para>
698 </listitem>
699 <listitem>
700 <para>
701 <literal>services.mysql</literal> now has declarative
702 configuration of databases and users with the
703 <literal>ensureDatabases</literal> and
704 <literal>ensureUsers</literal> options.
705 </para>
706 <para>
707 These options will never delete existing databases and users,
708 especially not when the value of the options are changed.
709 </para>
710 <para>
711 The MySQL users will be identified using
712 <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
713 Unix socket authentication</link>. This authenticates the Unix
714 user with the same name only, and that without the need for a
715 password.
716 </para>
717 <para>
718 If you have previously created a MySQL <literal>root</literal>
719 user <emphasis>with a password</emphasis>, you will need to
720 add <literal>root</literal> user for unix socket
721 authentication before using the new options. This can be done
722 by running the following SQL script:
723 </para>
724 <programlisting language="SQL">
725CREATE USER 'root'@'%' IDENTIFIED BY '';
726GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
727FLUSH PRIVILEGES;
728
729-- Optionally, delete the password-authenticated user:
730-- DROP USER 'root'@'localhost';
731</programlisting>
732 </listitem>
733 <listitem>
734 <para>
735 <literal>services.mysqlBackup</literal> now works by default
736 without any user setup, including for users other than
737 <literal>mysql</literal>.
738 </para>
739 <para>
740 By default, the <literal>mysql</literal> user is no longer the
741 user which performs the backup. Instead a system account
742 <literal>mysqlbackup</literal> is used.
743 </para>
744 <para>
745 The <literal>mysqlBackup</literal> service is also now using
746 systemd timers instead of <literal>cron</literal>.
747 </para>
748 <para>
749 Therefore, the <literal>services.mysqlBackup.period</literal>
750 option no longer exists, and has been replaced with
751 <literal>services.mysqlBackup.calendar</literal>, which is in
752 the format of
753 <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events">systemd.time(7)</link>.
754 </para>
755 <para>
756 If you expect to be sent an e-mail when the backup fails,
757 consider using a script which monitors the systemd journal for
758 errors. Regretfully, at present there is no built-in
759 functionality for this.
760 </para>
761 <para>
762 You can check that backups still work by running
763 <literal>systemctl start mysql-backup</literal> then
764 <literal>systemctl status mysql-backup</literal>.
765 </para>
766 </listitem>
767 <listitem>
768 <para>
769 Templated systemd services e.g
770 <literal>container@name</literal> are now handled currectly
771 when switching to a new configuration, resulting in them being
772 reloaded.
773 </para>
774 </listitem>
775 <listitem>
776 <para>
777 Steam: the <literal>newStdcpp</literal> parameter was removed
778 and should not be needed anymore.
779 </para>
780 </listitem>
781 <listitem>
782 <para>
783 Redis has been updated to version 4 which mandates a cluster
784 mass-restart, due to changes in the network handling, in order
785 to ensure compatibility with networks NATing traffic.
786 </para>
787 </listitem>
788 </itemizedlist>
789 </section>
790 <section xml:id="sec-release-17.09-notable-changes">
791 <title>Other Notable Changes</title>
792 <itemizedlist>
793 <listitem>
794 <para>
795 Modules can now be disabled by using
796 <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
797 disabledModules</link>, allowing another to take it's place.
798 This can be used to import a set of modules from another
799 channel while keeping the rest of the system on a stable
800 release.
801 </para>
802 </listitem>
803 <listitem>
804 <para>
805 Updated to FreeType 2.7.1, including a new TrueType engine.
806 The new engine replaces the Infinality engine which was the
807 default in NixOS. The default font rendering settings are now
808 provided by fontconfig-penultimate, replacing
809 fontconfig-ultimate; the new defaults are less invasive and
810 provide rendering that is more consistent with other systems
811 and hopefully with each font designer's intent. Some
812 system-wide configuration has been removed from the Fontconfig
813 NixOS module where user Fontconfig settings are available.
814 </para>
815 </listitem>
816 <listitem>
817 <para>
818 ZFS/SPL have been updated to 0.7.0,
819 <literal>zfsUnstable, splUnstable</literal> have therefore
820 been removed.
821 </para>
822 </listitem>
823 <listitem>
824 <para>
825 The <literal>time.timeZone</literal> option now allows the
826 value <literal>null</literal> in addition to timezone strings.
827 This value allows changing the timezone of a system
828 imperatively using
829 <literal>timedatectl set-timezone</literal>. The default
830 timezone is still UTC.
831 </para>
832 </listitem>
833 <listitem>
834 <para>
835 Nixpkgs overlays may now be specified with a file as well as a
836 directory. The value of
837 <literal><nixpkgs-overlays></literal> may be a file, and
838 <literal>~/.config/nixpkgs/overlays.nix</literal> can be used
839 instead of the <literal>~/.config/nixpkgs/overlays</literal>
840 directory.
841 </para>
842 <para>
843 See the overlays chapter of the Nixpkgs manual for more
844 details.
845 </para>
846 </listitem>
847 <listitem>
848 <para>
849 Definitions for <literal>/etc/hosts</literal> can now be
850 specified declaratively with
851 <literal>networking.hosts</literal>.
852 </para>
853 </listitem>
854 <listitem>
855 <para>
856 Two new options have been added to the installer loader, in
857 addition to the default having changed. The kernel log
858 verbosity has been lowered to the upstream default for the
859 default options, in order to not spam the console when e.g.
860 joining a network.
861 </para>
862 <para>
863 This therefore leads to adding a new <literal>debug</literal>
864 option to set the log level to the previous verbose mode, to
865 make debugging easier, but still accessible easily.
866 </para>
867 <para>
868 Additionally a <literal>copytoram</literal> option has been
869 added, which makes it possible to remove the install medium
870 after booting. This allows tethering from your phone after
871 booting from it.
872 </para>
873 </listitem>
874 <listitem>
875 <para>
876 <literal>services.gitlab-runner.configOptions</literal> has
877 been added to specify the configuration of gitlab-runners
878 declaratively.
879 </para>
880 </listitem>
881 <listitem>
882 <para>
883 <literal>services.jenkins.plugins</literal> has been added to
884 install plugins easily, this can be generated with
885 jenkinsPlugins2nix.
886 </para>
887 </listitem>
888 <listitem>
889 <para>
890 <literal>services.postfix.config</literal> has been added to
891 specify the main.cf with NixOS options. Additionally other
892 options have been added to the postfix module and has been
893 improved further.
894 </para>
895 </listitem>
896 <listitem>
897 <para>
898 The GitLab package and module have been updated to the latest
899 10.0 release.
900 </para>
901 </listitem>
902 <listitem>
903 <para>
904 The <literal>systemd-boot</literal> boot loader now lists the
905 NixOS version, kernel version and build date of all bootable
906 generations.
907 </para>
908 </listitem>
909 <listitem>
910 <para>
911 The dnscrypt-proxy service now defaults to using a random
912 upstream resolver, selected from the list of public
913 non-logging resolvers with DNSSEC support. Existing
914 configurations can be migrated to this mode of operation by
915 omitting the
916 <literal>services.dnscrypt-proxy.resolverName</literal> option
917 or setting it to <literal>"random"</literal>.
918 </para>
919 </listitem>
920 </itemizedlist>
921 </section>
922</section>