pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / from_md / release-notes / rl-1809.section.xml
at 23.05-pre 32 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-18.09"> 2 <title>Release 18.09 (<quote>Jellyfish</quote>, 2018/10/05)</title> 3 <section xml:id="sec-release-18.09-highlights"> 4 <title>Highlights</title> 5 <para> 6 In addition to numerous new and upgraded packages, this release 7 has the following notable updates: 8 </para> 9 <itemizedlist> 10 <listitem> 11 <para> 12 End of support is planned for end of April 2019, handing over 13 to 19.03. 14 </para> 15 </listitem> 16 <listitem> 17 <para> 18 Platform support: x86_64-linux and x86_64-darwin as always. 19 Support for aarch64-linux is as with the previous releases, 20 not equivalent to the x86-64-linux release, but with efforts 21 to reach parity. 22 </para> 23 </listitem> 24 <listitem> 25 <para> 26 Nix has been updated to 2.1; see its 27 <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.1">release 28 notes</link>. 29 </para> 30 </listitem> 31 <listitem> 32 <para> 33 Core versions: linux: 4.14 LTS (unchanged), glibc: 2.26 → 34 2.27, gcc: 7 (unchanged), systemd: 237 → 239. 35 </para> 36 </listitem> 37 <listitem> 38 <para> 39 Desktop version changes: gnome: 3.26 → 3.28, (KDE) 40 plasma-desktop: 5.12 → 5.13. 41 </para> 42 </listitem> 43 </itemizedlist> 44 <para> 45 Notable changes and additions for 18.09 include: 46 </para> 47 <itemizedlist> 48 <listitem> 49 <para> 50 Support for wrapping binaries using 51 <literal>firejail</literal> has been added through 52 <literal>programs.firejail.wrappedBinaries</literal>. 53 </para> 54 <para> 55 For example 56 </para> 57 <programlisting language="bash"> 58{ 59 programs.firejail = { 60 enable = true; 61 wrappedBinaries = { 62 firefox = &quot;${lib.getBin pkgs.firefox}/bin/firefox&quot;; 63 mpv = &quot;${lib.getBin pkgs.mpv}/bin/mpv&quot;; 64 }; 65 }; 66} 67</programlisting> 68 <para> 69 This will place <literal>firefox</literal> and 70 <literal>mpv</literal> binaries in the global path wrapped by 71 firejail. 72 </para> 73 </listitem> 74 <listitem> 75 <para> 76 User channels are now in the default 77 <literal>NIX_PATH</literal>, allowing users to use their 78 personal <literal>nix-channel</literal> defined channels in 79 <literal>nix-build</literal> and <literal>nix-shell</literal> 80 commands, as well as in imports like 81 <literal>import &lt;mychannel&gt;</literal>. 82 </para> 83 <para> 84 For example 85 </para> 86 <programlisting> 87$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable 88$ nix-channel --update 89$ nix-build '&lt;nixpkgsunstable&gt;' -A gitFull 90$ nix run -f '&lt;nixpkgsunstable&gt;' gitFull 91$ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull' 92</programlisting> 93 </listitem> 94 </itemizedlist> 95 </section> 96 <section xml:id="sec-release-18.09-new-services"> 97 <title>New Services</title> 98 <para> 99 A curated selection of new services that were added since the last 100 release: 101 </para> 102 <itemizedlist> 103 <listitem> 104 <para> 105 The <literal>services.cassandra</literal> module has been 106 reworked and was rewritten from scratch. The service has 107 succeeding tests for the versions 2.1, 2.2, 3.0 and 3.11 of 108 <link xlink:href="https://cassandra.apache.org/">Apache 109 Cassandra</link>. 110 </para> 111 </listitem> 112 <listitem> 113 <para> 114 There is a new <literal>services.foundationdb</literal> module 115 for deploying 116 <link xlink:href="https://www.foundationdb.org">FoundationDB</link> 117 clusters. 118 </para> 119 </listitem> 120 <listitem> 121 <para> 122 When enabled the <literal>iproute2</literal> will copy the 123 files expected by ip route (e.g., 124 <literal>rt_tables</literal>) in 125 <literal>/etc/iproute2</literal>. This allows to write aliases 126 for routing tables for instance. 127 </para> 128 </listitem> 129 <listitem> 130 <para> 131 <literal>services.strongswan-swanctl</literal> is a modern 132 replacement for <literal>services.strongswan</literal>. You 133 can use either one of them to setup IPsec VPNs but not both at 134 the same time. 135 </para> 136 <para> 137 <literal>services.strongswan-swanctl</literal> uses the 138 <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link> 139 command which uses the modern 140 <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link> 141 <emphasis>Versatile IKE Configuration Interface</emphasis>. 142 The deprecated <literal>ipsec</literal> command used in 143 <literal>services.strongswan</literal> is using the legacy 144 <link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke 145 configuration interface</link>. 146 </para> 147 </listitem> 148 <listitem> 149 <para> 150 The new <literal>services.elasticsearch-curator</literal> 151 service periodically curates or manages, your Elasticsearch 152 indices and snapshots. 153 </para> 154 </listitem> 155 </itemizedlist> 156 <para> 157 Every new services: 158 </para> 159 <itemizedlist> 160 <listitem> 161 <para> 162 <literal>./config/xdg/autostart.nix</literal> 163 </para> 164 </listitem> 165 <listitem> 166 <para> 167 <literal>./config/xdg/icons.nix</literal> 168 </para> 169 </listitem> 170 <listitem> 171 <para> 172 <literal>./config/xdg/menus.nix</literal> 173 </para> 174 </listitem> 175 <listitem> 176 <para> 177 <literal>./config/xdg/mime.nix</literal> 178 </para> 179 </listitem> 180 <listitem> 181 <para> 182 <literal>./hardware/brightnessctl.nix</literal> 183 </para> 184 </listitem> 185 <listitem> 186 <para> 187 <literal>./hardware/onlykey.nix</literal> 188 </para> 189 </listitem> 190 <listitem> 191 <para> 192 <literal>./hardware/video/uvcvideo/default.nix</literal> 193 </para> 194 </listitem> 195 <listitem> 196 <para> 197 <literal>./misc/documentation.nix</literal> 198 </para> 199 </listitem> 200 <listitem> 201 <para> 202 <literal>./programs/firejail.nix</literal> 203 </para> 204 </listitem> 205 <listitem> 206 <para> 207 <literal>./programs/iftop.nix</literal> 208 </para> 209 </listitem> 210 <listitem> 211 <para> 212 <literal>./programs/sedutil.nix</literal> 213 </para> 214 </listitem> 215 <listitem> 216 <para> 217 <literal>./programs/singularity.nix</literal> 218 </para> 219 </listitem> 220 <listitem> 221 <para> 222 <literal>./programs/xss-lock.nix</literal> 223 </para> 224 </listitem> 225 <listitem> 226 <para> 227 <literal>./programs/zsh/zsh-autosuggestions.nix</literal> 228 </para> 229 </listitem> 230 <listitem> 231 <para> 232 <literal>./services/admin/oxidized.nix</literal> 233 </para> 234 </listitem> 235 <listitem> 236 <para> 237 <literal>./services/backup/duplicati.nix</literal> 238 </para> 239 </listitem> 240 <listitem> 241 <para> 242 <literal>./services/backup/restic.nix</literal> 243 </para> 244 </listitem> 245 <listitem> 246 <para> 247 <literal>./services/backup/restic-rest-server.nix</literal> 248 </para> 249 </listitem> 250 <listitem> 251 <para> 252 <literal>./services/cluster/hadoop/default.nix</literal> 253 </para> 254 </listitem> 255 <listitem> 256 <para> 257 <literal>./services/databases/aerospike.nix</literal> 258 </para> 259 </listitem> 260 <listitem> 261 <para> 262 <literal>./services/databases/monetdb.nix</literal> 263 </para> 264 </listitem> 265 <listitem> 266 <para> 267 <literal>./services/desktops/bamf.nix</literal> 268 </para> 269 </listitem> 270 <listitem> 271 <para> 272 <literal>./services/desktops/flatpak.nix</literal> 273 </para> 274 </listitem> 275 <listitem> 276 <para> 277 <literal>./services/desktops/zeitgeist.nix</literal> 278 </para> 279 </listitem> 280 <listitem> 281 <para> 282 <literal>./services/development/bloop.nix</literal> 283 </para> 284 </listitem> 285 <listitem> 286 <para> 287 <literal>./services/development/jupyter/default.nix</literal> 288 </para> 289 </listitem> 290 <listitem> 291 <para> 292 <literal>./services/hardware/lcd.nix</literal> 293 </para> 294 </listitem> 295 <listitem> 296 <para> 297 <literal>./services/hardware/undervolt.nix</literal> 298 </para> 299 </listitem> 300 <listitem> 301 <para> 302 <literal>./services/misc/clipmenu.nix</literal> 303 </para> 304 </listitem> 305 <listitem> 306 <para> 307 <literal>./services/misc/gitweb.nix</literal> 308 </para> 309 </listitem> 310 <listitem> 311 <para> 312 <literal>./services/misc/serviio.nix</literal> 313 </para> 314 </listitem> 315 <listitem> 316 <para> 317 <literal>./services/misc/safeeyes.nix</literal> 318 </para> 319 </listitem> 320 <listitem> 321 <para> 322 <literal>./services/misc/sysprof.nix</literal> 323 </para> 324 </listitem> 325 <listitem> 326 <para> 327 <literal>./services/misc/weechat.nix</literal> 328 </para> 329 </listitem> 330 <listitem> 331 <para> 332 <literal>./services/monitoring/datadog-agent.nix</literal> 333 </para> 334 </listitem> 335 <listitem> 336 <para> 337 <literal>./services/monitoring/incron.nix</literal> 338 </para> 339 </listitem> 340 <listitem> 341 <para> 342 <literal>./services/networking/dnsdist.nix</literal> 343 </para> 344 </listitem> 345 <listitem> 346 <para> 347 <literal>./services/networking/freeradius.nix</literal> 348 </para> 349 </listitem> 350 <listitem> 351 <para> 352 <literal>./services/networking/hans.nix</literal> 353 </para> 354 </listitem> 355 <listitem> 356 <para> 357 <literal>./services/networking/morty.nix</literal> 358 </para> 359 </listitem> 360 <listitem> 361 <para> 362 <literal>./services/networking/ndppd.nix</literal> 363 </para> 364 </listitem> 365 <listitem> 366 <para> 367 <literal>./services/networking/ocserv.nix</literal> 368 </para> 369 </listitem> 370 <listitem> 371 <para> 372 <literal>./services/networking/owamp.nix</literal> 373 </para> 374 </listitem> 375 <listitem> 376 <para> 377 <literal>./services/networking/quagga.nix</literal> 378 </para> 379 </listitem> 380 <listitem> 381 <para> 382 <literal>./services/networking/shadowsocks.nix</literal> 383 </para> 384 </listitem> 385 <listitem> 386 <para> 387 <literal>./services/networking/stubby.nix</literal> 388 </para> 389 </listitem> 390 <listitem> 391 <para> 392 <literal>./services/networking/zeronet.nix</literal> 393 </para> 394 </listitem> 395 <listitem> 396 <para> 397 <literal>./services/security/certmgr.nix</literal> 398 </para> 399 </listitem> 400 <listitem> 401 <para> 402 <literal>./services/security/cfssl.nix</literal> 403 </para> 404 </listitem> 405 <listitem> 406 <para> 407 <literal>./services/security/oauth2_proxy_nginx.nix</literal> 408 </para> 409 </listitem> 410 <listitem> 411 <para> 412 <literal>./services/web-apps/virtlyst.nix</literal> 413 </para> 414 </listitem> 415 <listitem> 416 <para> 417 <literal>./services/web-apps/youtrack.nix</literal> 418 </para> 419 </listitem> 420 <listitem> 421 <para> 422 <literal>./services/web-servers/hitch/default.nix</literal> 423 </para> 424 </listitem> 425 <listitem> 426 <para> 427 <literal>./services/web-servers/hydron.nix</literal> 428 </para> 429 </listitem> 430 <listitem> 431 <para> 432 <literal>./services/web-servers/meguca.nix</literal> 433 </para> 434 </listitem> 435 <listitem> 436 <para> 437 <literal>./services/web-servers/nginx/gitweb.nix</literal> 438 </para> 439 </listitem> 440 <listitem> 441 <para> 442 <literal>./virtualisation/kvmgt.nix</literal> 443 </para> 444 </listitem> 445 <listitem> 446 <para> 447 <literal>./virtualisation/qemu-guest-agent.nix</literal> 448 </para> 449 </listitem> 450 </itemizedlist> 451 </section> 452 <section xml:id="sec-release-18.09-incompatibilities"> 453 <title>Backward Incompatibilities</title> 454 <para> 455 When upgrading from a previous release, please be aware of the 456 following incompatible changes: 457 </para> 458 <itemizedlist> 459 <listitem> 460 <para> 461 Some licenses that were incorrectly not marked as unfree now 462 are. This is the case for: 463 </para> 464 <itemizedlist> 465 <listitem> 466 <para> 467 cc-by-nc-sa-20: Creative Commons Attribution Non 468 Commercial Share Alike 2.0 469 </para> 470 </listitem> 471 <listitem> 472 <para> 473 cc-by-nc-sa-25: Creative Commons Attribution Non 474 Commercial Share Alike 2.5 475 </para> 476 </listitem> 477 <listitem> 478 <para> 479 cc-by-nc-sa-30: Creative Commons Attribution Non 480 Commercial Share Alike 3.0 481 </para> 482 </listitem> 483 <listitem> 484 <para> 485 cc-by-nc-sa-40: Creative Commons Attribution Non 486 Commercial Share Alike 4.0 487 </para> 488 </listitem> 489 <listitem> 490 <para> 491 cc-by-nd-30: Creative Commons Attribution-No Derivative 492 Works v3.00 493 </para> 494 </listitem> 495 <listitem> 496 <para> 497 msrla: Microsoft Research License Agreement 498 </para> 499 </listitem> 500 </itemizedlist> 501 </listitem> 502 <listitem> 503 <para> 504 The deprecated <literal>services.cassandra</literal> module 505 has seen a complete rewrite. (See above.) 506 </para> 507 </listitem> 508 <listitem> 509 <para> 510 <literal>lib.strict</literal> is removed. Use 511 <literal>builtins.seq</literal> instead. 512 </para> 513 </listitem> 514 <listitem> 515 <para> 516 The <literal>clementine</literal> package points now to the 517 free derivation. <literal>clementineFree</literal> is removed 518 now and <literal>clementineUnfree</literal> points to the 519 package which is bundled with the unfree 520 <literal>libspotify</literal> package. 521 </para> 522 </listitem> 523 <listitem> 524 <para> 525 The <literal>netcat</literal> package is now taken directly 526 from OpenBSD's <literal>libressl</literal>, instead of relying 527 on Debian's fork. The new version should be very close to the 528 old version, but there are some minor differences. 529 Importantly, flags like -b, -q, -C, and -Z are no longer 530 accepted by the nc command. 531 </para> 532 </listitem> 533 <listitem> 534 <para> 535 The <literal>services.docker-registry.extraConfig</literal> 536 object doesn't contain environment variables anymore. Instead 537 it needs to provide an object structure that can be mapped 538 onto the YAML configuration defined in 539 <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the 540 <literal>docker/distribution</literal> docs</link>. 541 </para> 542 </listitem> 543 <listitem> 544 <para> 545 <literal>gnucash</literal> has changed from version 2.4 to 546 3.x. If you've been using <literal>gnucash</literal> (version 547 2.4) instead of <literal>gnucash26</literal> (version 2.6) you 548 must open your Gnucash data file(s) with 549 <literal>gnucash26</literal> and then save them to upgrade the 550 file format. Then you may use your data file(s) with Gnucash 551 3.x. See the upgrade 552 <link xlink:href="https://wiki.gnucash.org/wiki/FAQ#Using_Different_Versions.2C_Up_And_Downgrade">documentation</link>. 553 Gnucash 2.4 is still available under the attribute 554 <literal>gnucash24</literal>. 555 </para> 556 </listitem> 557 <listitem> 558 <para> 559 <literal>services.munge</literal> now runs as user (and group) 560 <literal>munge</literal> instead of root. Make sure the key 561 file is accessible to the daemon. 562 </para> 563 </listitem> 564 <listitem> 565 <para> 566 <literal>dockerTools.buildImage</literal> now uses 567 <literal>null</literal> as default value for 568 <literal>tag</literal>, which indicates that the nix output 569 hash will be used as tag. 570 </para> 571 </listitem> 572 <listitem> 573 <para> 574 The ELK stack: <literal>elasticsearch</literal>, 575 <literal>logstash</literal> and <literal>kibana</literal> has 576 been upgraded from 2.* to 6.3.*. The 2.* versions have been 577 <link xlink:href="https://www.elastic.co/support/eol">unsupported 578 since last year</link> so they have been removed. You can 579 still use the 5.* versions under the names 580 <literal>elasticsearch5</literal>, 581 <literal>logstash5</literal> and <literal>kibana5</literal>. 582 </para> 583 <para> 584 The elastic beats: <literal>filebeat</literal>, 585 <literal>heartbeat</literal>, <literal>metricbeat</literal> 586 and <literal>packetbeat</literal> have had the same treatment: 587 they now target 6.3.* as well. The 5.* versions are available 588 under the names: <literal>filebeat5</literal>, 589 <literal>heartbeat5</literal>, <literal>metricbeat5</literal> 590 and <literal>packetbeat5</literal> 591 </para> 592 <para> 593 The ELK-6.3 stack now comes with 594 <link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack 595 by default</link>. Since X-Pack is licensed under the 596 <link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic 597 License</link> the ELK packages now have an unfree license. To 598 use them you need to specify 599 <literal>allowUnfree = true;</literal> in your nixpkgs 600 configuration. 601 </para> 602 <para> 603 Fortunately there is also a free variant of the ELK stack 604 without X-Pack. The packages are available under the names: 605 <literal>elasticsearch-oss</literal>, 606 <literal>logstash-oss</literal> and 607 <literal>kibana-oss</literal>. 608 </para> 609 </listitem> 610 <listitem> 611 <para> 612 Options 613 <literal>boot.initrd.luks.devices.name.yubikey.ramfsMountPoint</literal> 614 <literal>boot.initrd.luks.devices.name.yubikey.storage.mountPoint</literal> 615 were removed. <literal>luksroot.nix</literal> module never 616 supported more than one YubiKey at a time anyway, hence those 617 options never had any effect. You should be able to remove 618 them from your config without any issues. 619 </para> 620 </listitem> 621 <listitem> 622 <para> 623 <literal>stdenv.system</literal> and <literal>system</literal> 624 in nixpkgs now refer to the host platform instead of the build 625 platform. For native builds this is not change, let alone a 626 breaking one. For cross builds, it is a breaking change, and 627 <literal>stdenv.buildPlatform.system</literal> can be used 628 instead for the old behavior. They should be using that 629 anyways for clarity. 630 </para> 631 </listitem> 632 <listitem> 633 <para> 634 Groups <literal>kvm</literal> and <literal>render</literal> 635 are introduced now, as systemd requires them. 636 </para> 637 </listitem> 638 </itemizedlist> 639 </section> 640 <section xml:id="sec-release-18.09-notable-changes"> 641 <title>Other Notable Changes</title> 642 <itemizedlist> 643 <listitem> 644 <para> 645 <literal>dockerTools.pullImage</literal> relies on image 646 digest instead of image tag to download the image. The 647 <literal>sha256</literal> of a pulled image has to be updated. 648 </para> 649 </listitem> 650 <listitem> 651 <para> 652 <literal>lib.attrNamesToStr</literal> has been deprecated. Use 653 more specific concatenation 654 (<literal>lib.concat(Map)StringsSep</literal>) instead. 655 </para> 656 </listitem> 657 <listitem> 658 <para> 659 <literal>lib.addErrorContextToAttrs</literal> has been 660 deprecated. Use <literal>builtins.addErrorContext</literal> 661 directly. 662 </para> 663 </listitem> 664 <listitem> 665 <para> 666 <literal>lib.showVal</literal> has been deprecated. Use 667 <literal>lib.traceSeqN</literal> instead. 668 </para> 669 </listitem> 670 <listitem> 671 <para> 672 <literal>lib.traceXMLVal</literal> has been deprecated. Use 673 <literal>lib.traceValFn builtins.toXml</literal> instead. 674 </para> 675 </listitem> 676 <listitem> 677 <para> 678 <literal>lib.traceXMLValMarked</literal> has been deprecated. 679 Use 680 <literal>lib.traceValFn (x: str + builtins.toXML x)</literal> 681 instead. 682 </para> 683 </listitem> 684 <listitem> 685 <para> 686 The <literal>pkgs</literal> argument to NixOS modules can now 687 be set directly using <literal>nixpkgs.pkgs</literal>. 688 Previously, only the <literal>system</literal>, 689 <literal>config</literal> and <literal>overlays</literal> 690 arguments could be used to influence <literal>pkgs</literal>. 691 </para> 692 </listitem> 693 <listitem> 694 <para> 695 A NixOS system can now be constructed more easily based on a 696 preexisting invocation of Nixpkgs. For example: 697 </para> 698 <programlisting language="bash"> 699{ 700 inherit (pkgs.nixos { 701 boot.loader.grub.enable = false; 702 fileSystems.&quot;/&quot;.device = &quot;/dev/xvda1&quot;; 703 }) toplevel kernel initialRamdisk manual; 704} 705</programlisting> 706 <para> 707 This benefits evaluation performance, lets you write Nixpkgs 708 packages that depend on NixOS images and is consistent with a 709 deployment architecture that would be centered around Nixpkgs 710 overlays. 711 </para> 712 </listitem> 713 <listitem> 714 <para> 715 <literal>lib.traceValIfNot</literal> has been deprecated. Use 716 <literal>if/then/else</literal> and 717 <literal>lib.traceValSeq</literal> instead. 718 </para> 719 </listitem> 720 <listitem> 721 <para> 722 <literal>lib.traceCallXml</literal> has been deprecated. 723 Please complain if you use the function regularly. 724 </para> 725 </listitem> 726 <listitem> 727 <para> 728 The attribute <literal>lib.nixpkgsVersion</literal> has been 729 deprecated in favor of <literal>lib.version</literal>. Please 730 refer to the discussion in 731 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745">NixOS/nixpkgs#39416</link> 732 for further reference. 733 </para> 734 </listitem> 735 <listitem> 736 <para> 737 <literal>lib.recursiveUpdateUntil</literal> was not acting 738 according to its specification. It has been fixed to act 739 according to the docstring, and a test has been added. 740 </para> 741 </listitem> 742 <listitem> 743 <para> 744 The module for <literal>security.dhparams</literal> has two 745 new options now: 746 </para> 747 <variablelist> 748 <varlistentry> 749 <term> 750 <literal>security.dhparams.stateless</literal> 751 </term> 752 <listitem> 753 <para> 754 Puts the generated Diffie-Hellman parameters into the 755 Nix store instead of managing them in a stateful manner 756 in <literal>/var/lib/dhparams</literal>. 757 </para> 758 </listitem> 759 </varlistentry> 760 <varlistentry> 761 <term> 762 <literal>security.dhparams.defaultBitSize</literal> 763 </term> 764 <listitem> 765 <para> 766 The default bit size to use for the generated 767 Diffie-Hellman parameters. 768 </para> 769 </listitem> 770 </varlistentry> 771 </variablelist> 772 <note> 773 <para> 774 The path to the actual generated parameter files should now 775 be queried using 776 <literal>config.security.dhparams.params.name.path</literal> 777 because it might be either in the Nix store or in a 778 directory configured by 779 <literal>security.dhparams.path</literal>. 780 </para> 781 </note> 782 <note> 783 <para> 784 <emphasis role="strong">For developers:</emphasis> 785 </para> 786 <para> 787 Module implementers should not set a specific bit size in 788 order to let users configure it by themselves if they want 789 to have a different bit size than the default (2048). 790 </para> 791 <para> 792 An example usage of this would be: 793 </para> 794 <programlisting language="bash"> 795{ config, ... }: 796 797{ 798 security.dhparams.params.myservice = {}; 799 environment.etc.&quot;myservice.conf&quot;.text = '' 800 dhparams = ${config.security.dhparams.params.myservice.path} 801 ''; 802} 803</programlisting> 804 </note> 805 </listitem> 806 <listitem> 807 <para> 808 <literal>networking.networkmanager.useDnsmasq</literal> has 809 been deprecated. Use 810 <literal>networking.networkmanager.dns</literal> instead. 811 </para> 812 </listitem> 813 <listitem> 814 <para> 815 The Kubernetes package has been bumped to major version 1.11. 816 Please consult the 817 <link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release 818 notes</link> for details on new features and api changes. 819 </para> 820 </listitem> 821 <listitem> 822 <para> 823 The option 824 <literal>services.kubernetes.apiserver.admissionControl</literal> 825 was renamed to 826 <literal>services.kubernetes.apiserver.enableAdmissionPlugins</literal>. 827 </para> 828 </listitem> 829 <listitem> 830 <para> 831 Recommended way to access the Kubernetes Dashboard is via 832 HTTPS (TLS) Therefore; public service port for the dashboard 833 has changed to 443 (container port 8443) and scheme to https. 834 </para> 835 </listitem> 836 <listitem> 837 <para> 838 The option 839 <literal>services.kubernetes.apiserver.address</literal> was 840 renamed to 841 <literal>services.kubernetes.apiserver.bindAddress</literal>. 842 Note that the default value has changed from 127.0.0.1 to 843 0.0.0.0. 844 </para> 845 </listitem> 846 <listitem> 847 <para> 848 The option 849 <literal>services.kubernetes.apiserver.publicAddress</literal> 850 was not used and thus has been removed. 851 </para> 852 </listitem> 853 <listitem> 854 <para> 855 The option 856 <literal>services.kubernetes.addons.dashboard.enableRBAC</literal> 857 was renamed to 858 <literal>services.kubernetes.addons.dashboard.rbac.enable</literal>. 859 </para> 860 </listitem> 861 <listitem> 862 <para> 863 The Kubernetes Dashboard now has only minimal RBAC permissions 864 by default. If dashboard cluster-admin rights are desired, set 865 <literal>services.kubernetes.addons.dashboard.rbac.clusterAdmin</literal> 866 to true. On existing clusters, in order for the revocation of 867 privileges to take effect, the current ClusterRoleBinding for 868 kubernetes-dashboard must be manually removed: 869 <literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal> 870 </para> 871 </listitem> 872 <listitem> 873 <para> 874 The <literal>programs.screen</literal> module provides allows 875 to configure <literal>/etc/screenrc</literal>, however the 876 module behaved fairly counterintuitive as the config exists, 877 but the package wasn't available. Since 18.09 878 <literal>pkgs.screen</literal> will be added to 879 <literal>environment.systemPackages</literal>. 880 </para> 881 </listitem> 882 <listitem> 883 <para> 884 The module <literal>services.networking.hostapd</literal> now 885 uses WPA2 by default. 886 </para> 887 </listitem> 888 <listitem> 889 <para> 890 <literal>s6Dns</literal>, <literal>s6Networking</literal>, 891 <literal>s6LinuxUtils</literal> and 892 <literal>s6PortableUtils</literal> renamed to 893 <literal>s6-dns</literal>, <literal>s6-networking</literal>, 894 <literal>s6-linux-utils</literal> and 895 <literal>s6-portable-utils</literal> respectively. 896 </para> 897 </listitem> 898 <listitem> 899 <para> 900 The module option <literal>nix.useSandbox</literal> is now 901 defaulted to <literal>true</literal>. 902 </para> 903 </listitem> 904 <listitem> 905 <para> 906 The config activation script of 907 <literal>nixos-rebuild</literal> now 908 <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link> 909 all user units for each authenticated user. 910 </para> 911 </listitem> 912 <listitem> 913 <para> 914 The default display manager is now LightDM. To use SLiM set 915 <literal>services.xserver.displayManager.slim.enable</literal> 916 to <literal>true</literal>. 917 </para> 918 </listitem> 919 <listitem> 920 <para> 921 NixOS option descriptions are now automatically broken up into 922 individual paragraphs if the text contains two consecutive 923 newlines, so it's no longer necessary to use 924 <literal>&lt;/para&gt;&lt;para&gt;</literal> to start a new 925 paragraph. 926 </para> 927 </listitem> 928 <listitem> 929 <para> 930 Top-level <literal>buildPlatform</literal>, 931 <literal>hostPlatform</literal>, and 932 <literal>targetPlatform</literal> in Nixpkgs are deprecated. 933 Please use their equivalents in <literal>stdenv</literal> 934 instead: <literal>stdenv.buildPlatform</literal>, 935 <literal>stdenv.hostPlatform</literal>, and 936 <literal>stdenv.targetPlatform</literal>. 937 </para> 938 </listitem> 939 </itemizedlist> 940 </section> 941</section>