pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-20.03">
2 <title>Release 20.03 (<quote>Markhor</quote>, 2020.04/20)</title>
3 <section xml:id="sec-release-20.03-highlights">
4 <title>Highlights</title>
5 <para>
6 In addition to numerous new and upgraded packages, this release
7 has the following highlights:
8 </para>
9 <itemizedlist>
10 <listitem>
11 <para>
12 Support is planned until the end of October 2020, handing over
13 to 20.09.
14 </para>
15 </listitem>
16 <listitem>
17 <para>
18 Core version changes:
19 </para>
20 <para>
21 gcc: 8.3.0 -> 9.2.0
22 </para>
23 <para>
24 glibc: 2.27 -> 2.30
25 </para>
26 <para>
27 linux: 4.19 -> 5.4
28 </para>
29 <para>
30 mesa: 19.1.5 -> 19.3.3
31 </para>
32 <para>
33 openssl: 1.0.2u -> 1.1.1d
34 </para>
35 </listitem>
36 <listitem>
37 <para>
38 Desktop version changes:
39 </para>
40 <para>
41 plasma5: 5.16.5 -> 5.17.5
42 </para>
43 <para>
44 kdeApplications: 19.08.2 -> 19.12.3
45 </para>
46 <para>
47 gnome3: 3.32 -> 3.34
48 </para>
49 <para>
50 pantheon: 5.0 -> 5.1.3
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Linux kernel is updated to branch 5.4 by default (from 4.19).
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Grub is updated to 2.04, adding support for booting from F2FS
61 filesystems and Btrfs volumes using zstd compression. Note
62 that some users have been unable to boot after upgrading to
63 2.04 - for more information, please see
64 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/61718#issuecomment-617618503">this
65 discussion</link>.
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Postgresql for NixOS service now defaults to v11.
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 The graphical installer image starts the graphical session
76 automatically. Before you'd be greeted by a tty and asked to
77 enter <literal>systemctl start display-manager</literal>. It
78 is now possible to disable the display-manager from running by
79 selecting the <literal>Disable display-manager</literal> quirk
80 in the boot menu.
81 </para>
82 </listitem>
83 <listitem>
84 <para>
85 GNOME 3 has been upgraded to 3.34. Please take a look at their
86 <link xlink:href="https://help.gnome.org/misc/release-notes/3.34">Release
87 Notes</link> for details.
88 </para>
89 </listitem>
90 <listitem>
91 <para>
92 If you enable the Pantheon Desktop Manager via
93 <link xlink:href="options.html#opt-services.xserver.desktopManager.pantheon.enable">services.xserver.desktopManager.pantheon.enable</link>,
94 we now default to also use
95 <link xlink:href="https://blog.elementary.io/say-hello-to-the-new-greeter/">
96 Pantheon's newly designed greeter </link>. Contrary to NixOS's
97 usual update policy, Pantheon will receive updates during the
98 cycle of NixOS 20.03 when backwards compatible.
99 </para>
100 </listitem>
101 <listitem>
102 <para>
103 By default zfs pools will now be trimmed on a weekly basis.
104 Trimming is only done on supported devices (i.e. NVME or SSDs)
105 and should improve throughput and lifetime of these devices.
106 It is controlled by the
107 <literal>services.zfs.trim.enable</literal> varname. The zfs
108 scrub service
109 (<literal>services.zfs.autoScrub.enable</literal>) and the zfs
110 autosnapshot service
111 (<literal>services.zfs.autoSnapshot.enable</literal>) are now
112 only enabled if zfs is set in
113 <literal>config.boot.initrd.supportedFilesystems</literal> or
114 <literal>config.boot.supportedFilesystems</literal>. These
115 lists will automatically contain zfs as soon as any zfs
116 mountpoint is configured in <literal>fileSystems</literal>.
117 </para>
118 </listitem>
119 <listitem>
120 <para>
121 <literal>nixos-option</literal> has been rewritten in C++,
122 speeding it up, improving correctness, and adding a
123 <literal>-r</literal> option which prints all options and
124 their values recursively.
125 </para>
126 </listitem>
127 <listitem>
128 <para>
129 <literal>services.xserver.desktopManager.default</literal> and
130 <literal>services.xserver.windowManager.default</literal>
131 options were replaced by a single
132 <link xlink:href="options.html#opt-services.xserver.displayManager.defaultSession">services.xserver.displayManager.defaultSession</link>
133 option to improve support for upstream session files. If you
134 used something like:
135 </para>
136 <programlisting language="bash">
137{
138 services.xserver.desktopManager.default = "xfce";
139 services.xserver.windowManager.default = "icewm";
140}
141</programlisting>
142 <para>
143 you should change it to:
144 </para>
145 <programlisting language="bash">
146{
147 services.xserver.displayManager.defaultSession = "xfce+icewm";
148}
149</programlisting>
150 </listitem>
151 <listitem>
152 <para>
153 The testing driver implementation in NixOS is now in Python
154 <literal>make-test-python.nix</literal>. This was done by
155 Jacek Galowicz
156 (<link xlink:href="https://github.com/tfc">@tfc</link>), and
157 with the collaboration of Julian Stecklina
158 (<link xlink:href="https://github.com/blitz">@blitz</link>)
159 and Jana Traue
160 (<link xlink:href="https://github.com/jtraue">@jtraue</link>).
161 All documentation has been updated to use this testing driver,
162 and a vast majority of the 286 tests in NixOS were ported to
163 python driver. In 20.09 the Perl driver implementation,
164 <literal>make-test.nix</literal>, is slated for removal. This
165 should give users of the NixOS integration framework a
166 transitory period to rewrite their tests to use the Python
167 implementation. Users of the Perl driver will see this warning
168 everytime they use it:
169 </para>
170 <programlisting>
171$ warning: Perl VM tests are deprecated and will be removed for 20.09.
172Please update your tests to use the python test driver.
173See https://github.com/NixOS/nixpkgs/pull/71684 for details.
174</programlisting>
175 <para>
176 API compatibility is planned to be kept for at least the next
177 release with the perl driver.
178 </para>
179 </listitem>
180 </itemizedlist>
181 </section>
182 <section xml:id="sec-release-20.03-new-services">
183 <title>New Services</title>
184 <para>
185 The following new services were added since the last release:
186 </para>
187 <itemizedlist>
188 <listitem>
189 <para>
190 The kubernetes kube-proxy now supports a new hostname
191 configuration
192 <literal>services.kubernetes.proxy.hostname</literal> which
193 has to be set if the hostname of the node should be non
194 default.
195 </para>
196 </listitem>
197 <listitem>
198 <para>
199 UPower's configuration is now managed by NixOS and can be
200 customized via <literal>services.upower</literal>.
201 </para>
202 </listitem>
203 <listitem>
204 <para>
205 To use Geary you should enable
206 <link xlink:href="options.html#opt-programs.geary.enable">programs.geary.enable</link>
207 instead of just adding it to
208 <link xlink:href="options.html#opt-environment.systemPackages">environment.systemPackages</link>.
209 It was created so Geary could function properly outside of
210 GNOME.
211 </para>
212 </listitem>
213 <listitem>
214 <para>
215 <literal>./config/console.nix</literal>
216 </para>
217 </listitem>
218 <listitem>
219 <para>
220 <literal>./hardware/brillo.nix</literal>
221 </para>
222 </listitem>
223 <listitem>
224 <para>
225 <literal>./hardware/tuxedo-keyboard.nix</literal>
226 </para>
227 </listitem>
228 <listitem>
229 <para>
230 <literal>./programs/bandwhich.nix</literal>
231 </para>
232 </listitem>
233 <listitem>
234 <para>
235 <literal>./programs/bash-my-aws.nix</literal>
236 </para>
237 </listitem>
238 <listitem>
239 <para>
240 <literal>./programs/liboping.nix</literal>
241 </para>
242 </listitem>
243 <listitem>
244 <para>
245 <literal>./programs/traceroute.nix</literal>
246 </para>
247 </listitem>
248 <listitem>
249 <para>
250 <literal>./services/backup/sanoid.nix</literal>
251 </para>
252 </listitem>
253 <listitem>
254 <para>
255 <literal>./services/backup/syncoid.nix</literal>
256 </para>
257 </listitem>
258 <listitem>
259 <para>
260 <literal>./services/backup/zfs-replication.nix</literal>
261 </para>
262 </listitem>
263 <listitem>
264 <para>
265 <literal>./services/continuous-integration/buildkite-agents.nix</literal>
266 </para>
267 </listitem>
268 <listitem>
269 <para>
270 <literal>./services/databases/victoriametrics.nix</literal>
271 </para>
272 </listitem>
273 <listitem>
274 <para>
275 <literal>./services/desktops/gnome3/gnome-initial-setup.nix</literal>
276 </para>
277 </listitem>
278 <listitem>
279 <para>
280 <literal>./services/desktops/neard.nix</literal>
281 </para>
282 </listitem>
283 <listitem>
284 <para>
285 <literal>./services/games/openarena.nix</literal>
286 </para>
287 </listitem>
288 <listitem>
289 <para>
290 <literal>./services/hardware/fancontrol.nix</literal>
291 </para>
292 </listitem>
293 <listitem>
294 <para>
295 <literal>./services/mail/sympa.nix</literal>
296 </para>
297 </listitem>
298 <listitem>
299 <para>
300 <literal>./services/misc/freeswitch.nix</literal>
301 </para>
302 </listitem>
303 <listitem>
304 <para>
305 <literal>./services/misc/mame.nix</literal>
306 </para>
307 </listitem>
308 <listitem>
309 <para>
310 <literal>./services/monitoring/do-agent.nix</literal>
311 </para>
312 </listitem>
313 <listitem>
314 <para>
315 <literal>./services/monitoring/prometheus/xmpp-alerts.nix</literal>
316 </para>
317 </listitem>
318 <listitem>
319 <para>
320 <literal>./services/network-filesystems/orangefs/server.nix</literal>
321 </para>
322 </listitem>
323 <listitem>
324 <para>
325 <literal>./services/network-filesystems/orangefs/client.nix</literal>
326 </para>
327 </listitem>
328 <listitem>
329 <para>
330 <literal>./services/networking/3proxy.nix</literal>
331 </para>
332 </listitem>
333 <listitem>
334 <para>
335 <literal>./services/networking/corerad.nix</literal>
336 </para>
337 </listitem>
338 <listitem>
339 <para>
340 <literal>./services/networking/go-shadowsocks2.nix</literal>
341 </para>
342 </listitem>
343 <listitem>
344 <para>
345 <literal>./services/networking/ntp/openntpd.nix</literal>
346 </para>
347 </listitem>
348 <listitem>
349 <para>
350 <literal>./services/networking/shorewall.nix</literal>
351 </para>
352 </listitem>
353 <listitem>
354 <para>
355 <literal>./services/networking/shorewall6.nix</literal>
356 </para>
357 </listitem>
358 <listitem>
359 <para>
360 <literal>./services/networking/spacecookie.nix</literal>
361 </para>
362 </listitem>
363 <listitem>
364 <para>
365 <literal>./services/networking/trickster.nix</literal>
366 </para>
367 </listitem>
368 <listitem>
369 <para>
370 <literal>./services/networking/v2ray.nix</literal>
371 </para>
372 </listitem>
373 <listitem>
374 <para>
375 <literal>./services/networking/xandikos.nix</literal>
376 </para>
377 </listitem>
378 <listitem>
379 <para>
380 <literal>./services/networking/yggdrasil.nix</literal>
381 </para>
382 </listitem>
383 <listitem>
384 <para>
385 <literal>./services/web-apps/dokuwiki.nix</literal>
386 </para>
387 </listitem>
388 <listitem>
389 <para>
390 <literal>./services/web-apps/gotify-server.nix</literal>
391 </para>
392 </listitem>
393 <listitem>
394 <para>
395 <literal>./services/web-apps/grocy.nix</literal>
396 </para>
397 </listitem>
398 <listitem>
399 <para>
400 <literal>./services/web-apps/ihatemoney</literal>
401 </para>
402 </listitem>
403 <listitem>
404 <para>
405 <literal>./services/web-apps/moinmoin.nix</literal>
406 </para>
407 </listitem>
408 <listitem>
409 <para>
410 <literal>./services/web-apps/trac.nix</literal>
411 </para>
412 </listitem>
413 <listitem>
414 <para>
415 <literal>./services/web-apps/trilium.nix</literal>
416 </para>
417 </listitem>
418 <listitem>
419 <para>
420 <literal>./services/web-apps/shiori.nix</literal>
421 </para>
422 </listitem>
423 <listitem>
424 <para>
425 <literal>./services/web-servers/ttyd.nix</literal>
426 </para>
427 </listitem>
428 <listitem>
429 <para>
430 <literal>./services/x11/picom.nix</literal>
431 </para>
432 </listitem>
433 <listitem>
434 <para>
435 <literal>./services/x11/hardware/digimend.nix</literal>
436 </para>
437 </listitem>
438 <listitem>
439 <para>
440 <literal>./services/x11/imwheel.nix</literal>
441 </para>
442 </listitem>
443 <listitem>
444 <para>
445 <literal>./virtualisation/cri-o.nix</literal>
446 </para>
447 </listitem>
448 </itemizedlist>
449 </section>
450 <section xml:id="sec-release-20.03-incompatibilities">
451 <title>Backward Incompatibilities</title>
452 <para>
453 When upgrading from a previous release, please be aware of the
454 following incompatible changes:
455 </para>
456 <itemizedlist>
457 <listitem>
458 <para>
459 The dhcpcd package
460 <link xlink:href="https://roy.marples.name/archives/dhcpcd-discuss/0002621.html">
461 does not request IPv4 addresses for tap and bridge interfaces
462 anymore by default</link>. In order to still get an address on
463 a bridge interface, one has to disable
464 <literal>networking.useDHCP</literal> and explicitly enable
465 <literal>networking.interfaces.<name>.useDHCP</literal>
466 on every interface, that should get an address via DHCP. This
467 way, dhcpcd is configured in an explicit way about which
468 interface to run on.
469 </para>
470 </listitem>
471 <listitem>
472 <para>
473 GnuPG is now built without support for a graphical passphrase
474 entry by default. Please enable the
475 <literal>gpg-agent</literal> user service via the NixOS option
476 <literal>programs.gnupg.agent.enable</literal>. Note that
477 upstream recommends using <literal>gpg-agent</literal> and
478 will spawn a <literal>gpg-agent</literal> on the first
479 invocation of GnuPG anyway.
480 </para>
481 </listitem>
482 <listitem>
483 <para>
484 The <literal>dynamicHosts</literal> option has been removed
485 from the
486 <link xlink:href="options.html#opt-networking.networkmanager.enable">NetworkManager</link>
487 module. Allowing (multiple) regular users to override host
488 entries affecting the whole system opens up a huge attack
489 vector. There seem to be very rare cases where this might be
490 useful. Consider setting system-wide host entries using
491 <link xlink:href="options.html#opt-networking.hosts">networking.hosts</link>,
492 provide them via the DNS server in your network, or use
493 <link xlink:href="options.html#opt-environment.etc">environment.etc</link>
494 to add a file into
495 <literal>/etc/NetworkManager/dnsmasq.d</literal> reconfiguring
496 <literal>hostsdir</literal>.
497 </para>
498 </listitem>
499 <listitem>
500 <para>
501 The <literal>99-main.network</literal> file was removed.
502 Matching all network interfaces caused many breakages, see
503 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
504 and
505 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
506 </para>
507 <para>
508 We already don't support the global
509 <link xlink:href="options.html#opt-networking.useDHCP">networking.useDHCP</link>,
510 <link xlink:href="options.html#opt-networking.defaultGateway">networking.defaultGateway</link>
511 and
512 <link xlink:href="options.html#opt-networking.defaultGateway6">networking.defaultGateway6</link>
513 options if
514 <link xlink:href="options.html#opt-networking.useNetworkd">networking.useNetworkd</link>
515 is enabled, but direct users to configure the per-device
516 <link xlink:href="options.html#opt-networking.interfaces">networking.interfaces.<name>….</link>
517 options.
518 </para>
519 </listitem>
520 <listitem>
521 <para>
522 The stdenv now runs all bash with <literal>set -u</literal>,
523 to catch the use of undefined variables. Before, it itself
524 used <literal>set -u</literal> but was careful to unset it so
525 other packages' code ran as before. Now, all bash code is held
526 to the same high standard, and the rather complex stateful
527 manipulation of the options can be discarded.
528 </para>
529 </listitem>
530 <listitem>
531 <para>
532 The SLIM Display Manager has been removed, as it has been
533 unmaintained since 2013. Consider migrating to a different
534 display manager such as LightDM (current default in NixOS),
535 SDDM, GDM, or using the startx module which uses Xinitrc.
536 </para>
537 </listitem>
538 <listitem>
539 <para>
540 The Way Cooler wayland compositor has been removed, as the
541 project has been officially canceled. There are no more
542 <literal>way-cooler</literal> attribute and
543 <literal>programs.way-cooler</literal> options.
544 </para>
545 </listitem>
546 <listitem>
547 <para>
548 The BEAM package set has been deleted. You will only find
549 there the different interpreters. You should now use the
550 different build tools coming with the languages with sandbox
551 mode disabled.
552 </para>
553 </listitem>
554 <listitem>
555 <para>
556 There is now only one Xfce package-set and module. This means
557 that attributes <literal>xfce4-14</literal> and
558 <literal>xfceUnstable</literal> all now point to the latest
559 Xfce 4.14 packages. And in the future NixOS releases will be
560 the latest released version of Xfce available at the time of
561 the release's development (if viable).
562 </para>
563 </listitem>
564 <listitem>
565 <para>
566 The
567 <link xlink:href="options.html#opt-services.phpfpm.pools">phpfpm</link>
568 module now sets <literal>PrivateTmp=true</literal> in its
569 systemd units for better process isolation. If you rely on
570 <literal>/tmp</literal> being shared with other services,
571 explicitly override this by setting
572 <literal>serviceConfig.PrivateTmp</literal> to
573 <literal>false</literal> for each phpfpm unit.
574 </para>
575 </listitem>
576 <listitem>
577 <para>
578 KDE’s old multimedia framework Phonon no longer supports Qt 4.
579 For that reason, Plasma desktop also does not have
580 <literal>enableQt4Support</literal> option any more.
581 </para>
582 </listitem>
583 <listitem>
584 <para>
585 The BeeGFS module has been removed.
586 </para>
587 </listitem>
588 <listitem>
589 <para>
590 The osquery module has been removed.
591 </para>
592 </listitem>
593 <listitem>
594 <para>
595 Going forward, <literal>~/bin</literal> in the users home
596 directory will no longer be in <literal>PATH</literal> by
597 default. If you depend on this you should set the option
598 <literal>environment.homeBinInPath</literal> to
599 <literal>true</literal>. The aforementioned option was added
600 this release.
601 </para>
602 </listitem>
603 <listitem>
604 <para>
605 The <literal>buildRustCrate</literal> infrastructure now
606 produces <literal>lib</literal> outputs in addition to the
607 <literal>out</literal> output. This has led to drastically
608 reduced closure sizes for some rust crates since development
609 dependencies are now in the <literal>lib</literal> output.
610 </para>
611 </listitem>
612 <listitem>
613 <para>
614 Pango was upgraded to 1.44, which no longer uses freetype for
615 font loading. This means that type1 and bitmap fonts are no
616 longer supported in applications relying on Pango for font
617 rendering (notably, GTK application). See
618 <link xlink:href="https://gitlab.gnome.org/GNOME/pango/issues/386">
619 upstream issue</link> for more information.
620 </para>
621 </listitem>
622 <listitem>
623 <para>
624 The <literal>roundcube</literal> module has been hardened.
625 </para>
626 <itemizedlist>
627 <listitem>
628 <para>
629 The password of the database is not written world readable
630 in the store any more. If <literal>database.host</literal>
631 is set to <literal>localhost</literal>, then a unix user
632 of the same name as the database will be created and
633 PostreSQL peer authentication will be used, removing the
634 need for a password. Otherwise, a password is still needed
635 and can be provided with the new option
636 <literal>database.passwordFile</literal>, which should be
637 set to the path of a file containing the password and
638 readable by the user <literal>nginx</literal> only. The
639 <literal>database.password</literal> option is insecure
640 and deprecated. Usage of this option will print a warning.
641 </para>
642 </listitem>
643 <listitem>
644 <para>
645 A random <literal>des_key</literal> is set by default in
646 the configuration of roundcube, instead of using the
647 hardcoded and insecure default. To ensure a clean
648 migration, all users will be logged out when you upgrade
649 to this release.
650 </para>
651 </listitem>
652 </itemizedlist>
653 </listitem>
654 <listitem>
655 <para>
656 The packages <literal>openobex</literal> and
657 <literal>obexftp</literal> are no longer installed when
658 enabling Bluetooth via
659 <literal>hardware.bluetooth.enable</literal>.
660 </para>
661 </listitem>
662 <listitem>
663 <para>
664 The <literal>dump1090</literal> derivation has been changed to
665 use FlightAware's dump1090 as its upstream. However, this
666 version does not have an internal webserver anymore. The
667 assets in the <literal>share/dump1090</literal> directory of
668 the derivation can be used in conjunction with an external
669 webserver to replace this functionality.
670 </para>
671 </listitem>
672 <listitem>
673 <para>
674 The fourStore and fourStoreEndpoint modules have been removed.
675 </para>
676 </listitem>
677 <listitem>
678 <para>
679 Polkit no longer has the user of uid 0 (root) as an admin
680 identity. We now follow the upstream default of only having
681 every member of the wheel group admin privileged. Before it
682 was root and members of wheel. The positive outcome of this is
683 pkexec GUI popups or terminal prompts will no longer require
684 the user to choose between two essentially equivalent choices
685 (whether to perform the action as themselves with wheel
686 permissions, or as the root user).
687 </para>
688 </listitem>
689 <listitem>
690 <para>
691 NixOS containers no longer build NixOS manual by default. This
692 saves evaluation time, especially if there are many
693 declarative containers defined. Note that this is already done
694 when
695 <literal><nixos/modules/profiles/minimal.nix></literal>
696 module is included in container config.
697 </para>
698 </listitem>
699 <listitem>
700 <para>
701 The <literal>kresd</literal> services deprecates the
702 <literal>interfaces</literal> option in favor of the
703 <literal>listenPlain</literal> option which requires full
704 <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=">systemd.socket
705 compatible</link> declaration which always include a port.
706 </para>
707 </listitem>
708 <listitem>
709 <para>
710 Virtual console options have been reorganized and can be found
711 under a single top-level attribute:
712 <literal>console</literal>. The full set of changes is as
713 follows:
714 </para>
715 <itemizedlist>
716 <listitem>
717 <para>
718 <literal>i18n.consoleFont</literal> renamed to
719 <link xlink:href="options.html#opt-console.font">console.font</link>
720 </para>
721 </listitem>
722 <listitem>
723 <para>
724 <literal>i18n.consoleKeyMap</literal> renamed to
725 <link xlink:href="options.html#opt-console.keyMap">console.keyMap</link>
726 </para>
727 </listitem>
728 <listitem>
729 <para>
730 <literal>i18n.consoleColors</literal> renamed to
731 <link xlink:href="options.html#opt-console.colors">console.colors</link>
732 </para>
733 </listitem>
734 <listitem>
735 <para>
736 <literal>i18n.consolePackages</literal> renamed to
737 <link xlink:href="options.html#opt-console.packages">console.packages</link>
738 </para>
739 </listitem>
740 <listitem>
741 <para>
742 <literal>i18n.consoleUseXkbConfig</literal> renamed to
743 <link xlink:href="options.html#opt-console.useXkbConfig">console.useXkbConfig</link>
744 </para>
745 </listitem>
746 <listitem>
747 <para>
748 <literal>boot.earlyVconsoleSetup</literal> renamed to
749 <link xlink:href="options.html#opt-console.earlySetup">console.earlySetup</link>
750 </para>
751 </listitem>
752 <listitem>
753 <para>
754 <literal>boot.extraTTYs</literal> renamed to
755 <literal>console.extraTTYs</literal>.
756 </para>
757 </listitem>
758 </itemizedlist>
759 </listitem>
760 <listitem>
761 <para>
762 The
763 <link xlink:href="options.html#opt-services.awstats.enable">awstats</link>
764 module has been rewritten to serve stats via static html
765 pages, updated on a timer, over
766 <link xlink:href="options.html#opt-services.nginx.virtualHosts">nginx</link>,
767 instead of dynamic cgi pages over
768 <link xlink:href="options.html#opt-services.httpd.enable">apache</link>.
769 </para>
770 <para>
771 Minor changes will be required to migrate existing
772 configurations. Details of the required changes can seen by
773 looking through the
774 <link xlink:href="options.html#opt-services.awstats.enable">awstats</link>
775 module.
776 </para>
777 </listitem>
778 <listitem>
779 <para>
780 The httpd module no longer provides options to support serving
781 web content without defining a virtual host. As a result of
782 this the
783 <link xlink:href="options.html#opt-services.httpd.logPerVirtualHost">services.httpd.logPerVirtualHost</link>
784 option now defaults to <literal>true</literal> instead of
785 <literal>false</literal>. Please update your configuration to
786 make use of
787 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts</link>.
788 </para>
789 <para>
790 The
791 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name></link>
792 option has changed type from a list of submodules to an
793 attribute set of submodules, better matching
794 <link xlink:href="options.html#opt-services.nginx.virtualHosts">services.nginx.virtualHosts.<name></link>.
795 </para>
796 <para>
797 This change comes with the addition of the following options
798 which mimic the functionality of their
799 <literal>nginx</literal> counterparts:
800 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.addSSL</link>,
801 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.forceSSL</link>,
802 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.onlySSL</link>,
803 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.enableACME</link>,
804 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.acmeRoot</link>,
805 and
806 <link xlink:href="options.html#opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.useACMEHost</link>.
807 </para>
808 </listitem>
809 <listitem>
810 <para>
811 For NixOS configuration options, the <literal>loaOf</literal>
812 type has been deprecated and will be removed in a future
813 release. In nixpkgs, options of this type will be changed to
814 <literal>attrsOf</literal> instead. If you were using one of
815 these in your configuration, you will see a warning suggesting
816 what changes will be required.
817 </para>
818 <para>
819 For example,
820 <link xlink:href="options.html#opt-users.users">users.users</link>
821 is a <literal>loaOf</literal> option that is commonly used as
822 follows:
823 </para>
824 <programlisting language="bash">
825{
826 users.users =
827 [ { name = "me";
828 description = "My personal user.";
829 isNormalUser = true;
830 }
831 ];
832}
833</programlisting>
834 <para>
835 This should be rewritten by removing the list and using the
836 value of <literal>name</literal> as the name of the attribute
837 set:
838 </para>
839 <programlisting language="bash">
840{
841 users.users.me =
842 { description = "My personal user.";
843 isNormalUser = true;
844 };
845}
846</programlisting>
847 <para>
848 For more information on this change have look at these links:
849 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/1800">issue
850 #1800</link>,
851 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/63103">PR
852 #63103</link>.
853 </para>
854 </listitem>
855 <listitem>
856 <para>
857 For NixOS modules, the types
858 <literal>types.submodule</literal> and
859 <literal>types.submoduleWith</literal> now support paths as
860 allowed values, similar to how <literal>imports</literal>
861 supports paths. Because of this, if you have a module that
862 defines an option of type
863 <literal>either (submodule ...) path</literal>, it will break
864 since a path is now treated as the first type instead of the
865 second. To fix this, change the type to
866 <literal>either path (submodule ...)</literal>.
867 </para>
868 </listitem>
869 <listitem>
870 <para>
871 The
872 <link xlink:href="options.html#opt-services.buildkite-agents">Buildkite
873 Agent</link> module and corresponding packages have been
874 updated to 3.x, and to support multiple instances of the agent
875 running at the same time. This means you will have to rename
876 <literal>services.buildkite-agent</literal> to
877 <literal>services.buildkite-agents.<name></literal>.
878 Furthermore, the following options have been changed:
879 </para>
880 <itemizedlist>
881 <listitem>
882 <para>
883 <literal>services.buildkite-agent.meta-data</literal> has
884 been renamed to
885 <link xlink:href="options.html#opt-services.buildkite-agents">services.buildkite-agents.<name>.tags</link>,
886 to match upstreams naming for 3.x. Its type has also
887 changed - it now accepts an attrset of strings.
888 </para>
889 </listitem>
890 <listitem>
891 <para>
892 The<literal>services.buildkite-agent.openssh.publicKeyPath</literal>
893 option has been removed, as it's not necessary to deploy
894 public keys to clone private repositories.
895 </para>
896 </listitem>
897 <listitem>
898 <para>
899 <literal>services.buildkite-agent.openssh.privateKeyPath</literal>
900 has been renamed to
901 <link xlink:href="options.html#opt-services.buildkite-agents">buildkite-agents.<name>.privateSshKeyPath</link>,
902 as the whole <literal>openssh</literal> now only contained
903 that single option.
904 </para>
905 </listitem>
906 <listitem>
907 <para>
908 <link xlink:href="options.html#opt-services.buildkite-agents">services.buildkite-agents.<name>.shell</link>
909 has been introduced, allowing to specify a custom shell to
910 be used.
911 </para>
912 </listitem>
913 </itemizedlist>
914 </listitem>
915 <listitem>
916 <para>
917 The <literal>citrix_workspace_19_3_0</literal> package has
918 been removed as it will be EOLed within the lifespan of 20.03.
919 For further information, please refer to the
920 <link xlink:href="https://www.citrix.com/de-de/support/product-lifecycle/milestones/receiver.html">support
921 and maintenance information</link> from upstream.
922 </para>
923 </listitem>
924 <listitem>
925 <para>
926 The <literal>gcc5</literal> and <literal>gfortran5</literal>
927 packages have been removed.
928 </para>
929 </listitem>
930 <listitem>
931 <para>
932 The <literal>services.xserver.displayManager.auto</literal>
933 module has been removed. It was only intended for use in
934 internal NixOS tests, and gave the false impression of it
935 being a special display manager when it's actually LightDM.
936 Please use the
937 <literal>services.xserver.displayManager.lightdm.autoLogin</literal>
938 options instead, or any other display manager in NixOS as they
939 all support auto-login. If you used this module specifically
940 because it permitted root auto-login you can override the
941 lightdm-autologin pam module like:
942 </para>
943 <programlisting language="bash">
944{
945 security.pam.services.lightdm-autologin.text = lib.mkForce ''
946 auth requisite pam_nologin.so
947 auth required pam_succeed_if.so quiet
948 auth required pam_permit.so
949
950 account include lightdm
951
952 password include lightdm
953
954 session include lightdm
955 '';
956}
957</programlisting>
958 <para>
959 The difference is the:
960 </para>
961 <programlisting>
962auth required pam_succeed_if.so quiet
963</programlisting>
964 <para>
965 line, where default it's:
966 </para>
967 <programlisting>
968 auth required pam_succeed_if.so uid >= 1000 quiet
969</programlisting>
970 <para>
971 not permitting users with uid's below 1000 (like root). All
972 other display managers in NixOS are configured like this.
973 </para>
974 </listitem>
975 <listitem>
976 <para>
977 There have been lots of improvements to the Mailman module. As
978 a result,
979 </para>
980 <itemizedlist>
981 <listitem>
982 <para>
983 The <literal>services.mailman.hyperkittyBaseUrl</literal>
984 option has been renamed to
985 <link xlink:href="options.html#opt-services.mailman.hyperkitty.baseUrl">services.mailman.hyperkitty.baseUrl</link>.
986 </para>
987 </listitem>
988 <listitem>
989 <para>
990 The <literal>services.mailman.hyperkittyApiKey</literal>
991 option has been removed. This is because having an option
992 for the Hyperkitty API key meant that the API key would be
993 stored in the world-readable Nix store, which was a
994 security vulnerability. A new Hyperkitty API key will be
995 generated the first time the new Hyperkitty service is
996 run, and it will then be persisted outside of the Nix
997 store. To continue using Hyperkitty, you must set
998 <link xlink:href="options.html#opt-services.mailman.hyperkitty.enable">services.mailman.hyperkitty.enable</link>
999 to <literal>true</literal>.
1000 </para>
1001 </listitem>
1002 <listitem>
1003 <para>
1004 Additionally, some Postfix configuration must now be set
1005 manually instead of automatically by the Mailman module:
1006 </para>
1007 <programlisting language="bash">
1008{
1009 services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
1010 services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
1011 services.postfix.config.local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
1012}
1013</programlisting>
1014 <para>
1015 This is because some users may want to include other
1016 values in these lists as well, and this was not possible
1017 if they were set automatically by the Mailman module. It
1018 would not have been possible to just concatenate values
1019 from multiple modules each setting the values they needed,
1020 because the order of elements in the list is significant.
1021 </para>
1022 </listitem>
1023 </itemizedlist>
1024 </listitem>
1025 <listitem>
1026 <para>
1027 The LLVM versions 3.5, 3.9 and 4 (including the corresponding
1028 CLang versions) have been dropped.
1029 </para>
1030 </listitem>
1031 <listitem>
1032 <para>
1033 The
1034 <literal>networking.interfaces.*.preferTempAddress</literal>
1035 option has been replaced by
1036 <literal>networking.interfaces.*.tempAddress</literal>. The
1037 new option allows better control of the IPv6 temporary
1038 addresses, including completely disabling them for interfaces
1039 where they are not needed.
1040 </para>
1041 </listitem>
1042 <listitem>
1043 <para>
1044 Rspamd was updated to version 2.2. Read
1045 <link xlink:href="https://rspamd.com/doc/migration.html#migration-to-rspamd-20">
1046 the upstream migration notes</link> carefully. Please be
1047 especially aware that some modules were removed and the
1048 default Bayes backend is now Redis.
1049 </para>
1050 </listitem>
1051 <listitem>
1052 <para>
1053 The <literal>*psu</literal> versions of oraclejdk8 have been
1054 removed as they aren't provided by upstream anymore.
1055 </para>
1056 </listitem>
1057 <listitem>
1058 <para>
1059 The <literal>services.dnscrypt-proxy</literal> module has been
1060 removed as it used the deprecated version of dnscrypt-proxy.
1061 We've added
1062 <link xlink:href="options.html#opt-services.dnscrypt-proxy2.enable">services.dnscrypt-proxy2.enable</link>
1063 to use the supported version. This module supports
1064 configuration via the Nix attribute set
1065 <link xlink:href="options.html#opt-services.dnscrypt-proxy2.settings">services.dnscrypt-proxy2.settings</link>,
1066 or by passing a TOML configuration file via
1067 <link xlink:href="options.html#opt-services.dnscrypt-proxy2.configFile">services.dnscrypt-proxy2.configFile</link>.
1068 </para>
1069 <programlisting language="bash">
1070{
1071 # Example configuration:
1072 services.dnscrypt-proxy2.enable = true;
1073 services.dnscrypt-proxy2.settings = {
1074 listen_addresses = [ "127.0.0.1:43" ];
1075 sources.public-resolvers = {
1076 urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
1077 cache_file = "public-resolvers.md";
1078 minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
1079 refresh_delay = 72;
1080 };
1081 };
1082
1083 services.dnsmasq.enable = true;
1084 services.dnsmasq.servers = [ "127.0.0.1#43" ];
1085}
1086</programlisting>
1087 </listitem>
1088 <listitem>
1089 <para>
1090 <literal>qesteidutil</literal> has been deprecated in favor of
1091 <literal>qdigidoc</literal>.
1092 </para>
1093 </listitem>
1094 <listitem>
1095 <para>
1096 sqldeveloper_18 has been removed as it's not maintained
1097 anymore, sqldeveloper has been updated to version
1098 <literal>19.4</literal>. Please note that this means that this
1099 means that the oraclejdk is now required. For further
1100 information please read the
1101 <link xlink:href="https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html">release
1102 notes</link>.
1103 </para>
1104 </listitem>
1105 <listitem>
1106 <para>
1107 Haskell <literal>env</literal> and <literal>shellFor</literal>
1108 dev shell environments now organize dependencies the same way
1109 as regular builds. In particular, rather than receiving all
1110 the different lists of dependencies mashed together as one big
1111 list, and then partitioning into Haskell and non-Hakell
1112 dependencies, they work from the original many different
1113 dependency parameters and don't need to algorithmically
1114 partition anything.
1115 </para>
1116 <para>
1117 This means that if you incorrectly categorize a dependency,
1118 e.g. non-Haskell library dependency as a
1119 <literal>buildDepends</literal> or run-time Haskell dependency
1120 as a <literal>setupDepends</literal>, whereas things would
1121 have worked before they may not work now.
1122 </para>
1123 </listitem>
1124 <listitem>
1125 <para>
1126 The gcc-snapshot-package has been removed. It's marked as
1127 broken for >2 years and used to point to a fairly old
1128 snapshot from the gcc7-branch.
1129 </para>
1130 </listitem>
1131 <listitem>
1132 <para>
1133 The nixos-build-vms8 -script now uses the python test-driver.
1134 </para>
1135 </listitem>
1136 <listitem>
1137 <para>
1138 The riot-web package now accepts configuration overrides as an
1139 attribute set instead of a string. A formerly used JSON
1140 configuration can be converted to an attribute set with
1141 <literal>builtins.fromJSON</literal>.
1142 </para>
1143 <para>
1144 The new default configuration also disables automatic guest
1145 account registration and analytics to improve privacy. The
1146 previous behavior can be restored by setting
1147 <literal>config.riot-web.conf = { disable_guests = false; piwik = true; }</literal>.
1148 </para>
1149 </listitem>
1150 <listitem>
1151 <para>
1152 Stand-alone usage of <literal>Upower</literal> now requires
1153 <literal>services.upower.enable</literal> instead of just
1154 installing into
1155 <link xlink:href="options.html#opt-environment.systemPackages">environment.systemPackages</link>.
1156 </para>
1157 </listitem>
1158 <listitem>
1159 <para>
1160 nextcloud has been updated to <literal>v18.0.2</literal>. This
1161 means that users from NixOS 19.09 can't upgrade directly since
1162 you can only move one version forward and 19.09 uses
1163 <literal>v16.0.8</literal>.
1164 </para>
1165 <para>
1166 To provide a safe upgrade-path and to circumvent similar
1167 issues in the future, the following measures were taken:
1168 </para>
1169 <itemizedlist>
1170 <listitem>
1171 <para>
1172 The pkgs.nextcloud-attribute has been removed and replaced
1173 with versioned attributes (currently pkgs.nextcloud17 and
1174 pkgs.nextcloud18). With this change major-releases can be
1175 backported without breaking stuff and to make
1176 upgrade-paths easier.
1177 </para>
1178 </listitem>
1179 <listitem>
1180 <para>
1181 Existing setups will be detected using
1182 <link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>:
1183 by default, nextcloud17 will be used, but will raise a
1184 warning which notes that after that deploy it's
1185 recommended to update to the latest stable version
1186 (nextcloud18) by declaring the newly introduced setting
1187 <link xlink:href="options.html#opt-services.nextcloud.package">services.nextcloud.package</link>.
1188 </para>
1189 </listitem>
1190 <listitem>
1191 <para>
1192 Users with an overlay (e.g. to use nextcloud at version
1193 <literal>v18</literal> on <literal>19.09</literal>) will
1194 get an evaluation error by default. This is done to ensure
1195 that our
1196 <link xlink:href="options.html#opt-services.nextcloud.package">package</link>-option
1197 doesn't select an older version by accident. It's
1198 recommended to use pkgs.nextcloud18 or to set
1199 <link xlink:href="options.html#opt-services.nextcloud.package">package</link>
1200 to pkgs.nextcloud explicitly.
1201 </para>
1202 </listitem>
1203 </itemizedlist>
1204 <warning>
1205 <para>
1206 Please note that if you're coming from
1207 <literal>19.03</literal> or older, you have to manually
1208 upgrade to <literal>19.09</literal> first to upgrade your
1209 server to Nextcloud v16.
1210 </para>
1211 </warning>
1212 </listitem>
1213 <listitem>
1214 <para>
1215 Hydra has gained a massive performance improvement due to
1216 <link xlink:href="https://github.com/NixOS/hydra/pull/710">some
1217 database schema changes</link> by adding several IDs and
1218 better indexing. However, it's necessary to upgrade Hydra in
1219 multiple steps:
1220 </para>
1221 <itemizedlist>
1222 <listitem>
1223 <para>
1224 At first, an older version of Hydra needs to be deployed
1225 which adds those (nullable) columns. When having set
1226 <link xlink:href="options.html#opt-system.stateVersion">stateVersion
1227 </link> to a value older than <literal>20.03</literal>,
1228 this package will be selected by default from the module
1229 when upgrading. Otherwise, the package can be deployed
1230 using the following config:
1231 </para>
1232 <programlisting language="bash">
1233{ pkgs, ... }: {
1234 services.hydra.package = pkgs.hydra-migration;
1235}
1236</programlisting>
1237 </listitem>
1238 </itemizedlist>
1239 </listitem>
1240 <listitem>
1241 <para>
1242 Automatically fill the newly added ID columns on the server by
1243 running the following command:
1244 </para>
1245 <programlisting>
1246$ hydra-backfill-ids
1247</programlisting>
1248 <warning>
1249 <para>
1250 Please note that this process can take a while depending on
1251 your database-size!
1252 </para>
1253 </warning>
1254 </listitem>
1255 <listitem>
1256 <para>
1257 Deploy a newer version of Hydra to activate the DB
1258 optimizations. This can be done by using hydra-unstable. This
1259 package already includes
1260 <link xlink:href="https://github.com/nixos/rfcs/pull/49">flake-support</link>
1261 and is therefore compiled against pkgs.nixFlakes.
1262 </para>
1263 <warning>
1264 <para>
1265 If your
1266 <link xlink:href="options.html#opt-system.stateVersion">stateVersion</link>
1267 is set to <literal>20.03</literal> or greater,
1268 hydra-unstable will be used automatically! This will break
1269 your setup if you didn't run the migration.
1270 </para>
1271 </warning>
1272 <para>
1273 Please note that Hydra is currently not available with
1274 nixStable as this doesn't compile anymore.
1275 </para>
1276 <warning>
1277 <para>
1278 pkgs.hydra has been removed to ensure a graceful
1279 database-migration using the dedicated package-attributes.
1280 If you still have pkgs.hydra defined in e.g. an overlay, an
1281 assertion error will be thrown. To circumvent this, you need
1282 to set
1283 <link xlink:href="options.html#opt-services.hydra.package">services.hydra.package</link>
1284 to pkgs.hydra explicitly and make sure you know what you're
1285 doing!
1286 </para>
1287 </warning>
1288 </listitem>
1289 <listitem>
1290 <para>
1291 The TokuDB storage engine will be disabled in mariadb 10.5. It
1292 is recommended to switch to RocksDB. See also
1293 <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link>.
1294 </para>
1295 </listitem>
1296 </itemizedlist>
1297 </section>
1298 <section xml:id="sec-release-20.03-notable-changes">
1299 <title>Other Notable Changes</title>
1300 <itemizedlist>
1301 <listitem>
1302 <para>
1303 SD images are now compressed by default using
1304 <literal>bzip2</literal>.
1305 </para>
1306 </listitem>
1307 <listitem>
1308 <para>
1309 The nginx web server previously started its master process as
1310 root privileged, then ran worker processes as a less
1311 privileged identity user (the <literal>nginx</literal> user).
1312 This was changed to start all of nginx as a less privileged
1313 user (defined by <literal>services.nginx.user</literal> and
1314 <literal>services.nginx.group</literal>). As a consequence,
1315 all files that are needed for nginx to run (included
1316 configuration fragments, SSL certificates and keys, etc.) must
1317 now be readable by this less privileged user/group.
1318 </para>
1319 <para>
1320 To continue to use the old approach, you can configure:
1321 </para>
1322 <programlisting language="bash">
1323{
1324 services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
1325 systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
1326}
1327</programlisting>
1328 </listitem>
1329 <listitem>
1330 <para>
1331 OpenSSH has been upgraded from 7.9 to 8.1, improving security
1332 and adding features but with potential incompatibilities.
1333 Consult the
1334 <link xlink:href="https://www.openssh.com/txt/release-8.1">
1335 release announcement</link> for more information.
1336 </para>
1337 </listitem>
1338 <listitem>
1339 <para>
1340 <literal>PRETTY_NAME</literal> in
1341 <literal>/etc/os-release</literal> now uses the short rather
1342 than full version string.
1343 </para>
1344 </listitem>
1345 <listitem>
1346 <para>
1347 The ACME module has switched from simp-le to
1348 <link xlink:href="https://github.com/go-acme/lego">lego</link>
1349 which allows us to support DNS-01 challenges and wildcard
1350 certificates. The following options have been added:
1351 <link xlink:href="options.html#opt-security.acme.acceptTerms">security.acme.acceptTerms</link>,
1352 <link xlink:href="options.html#opt-security.acme.certs">security.acme.certs.<name>.dnsProvider</link>,
1353 <link xlink:href="options.html#opt-security.acme.certs">security.acme.certs.<name>.credentialsFile</link>,
1354 <link xlink:href="options.html#opt-security.acme.certs">security.acme.certs.<name>.dnsPropagationCheck</link>.
1355 As well as this, the options
1356 <literal>security.acme.acceptTerms</literal> and either
1357 <literal>security.acme.email</literal> or
1358 <literal>security.acme.certs.<name>.email</literal> must
1359 be set in order to use the ACME module. Certificates will be
1360 regenerated on activation, no account or certificate will be
1361 migrated from simp-le. In particular private keys will not be
1362 preserved. However, the credentials for simp-le are preserved
1363 and thus it is possible to roll back to previous versions
1364 without breaking certificate generation. Note also that in
1365 contrary to simp-le a new private key is recreated at each
1366 renewal by default, which can have consequences if you embed
1367 your public key in apps.
1368 </para>
1369 </listitem>
1370 <listitem>
1371 <para>
1372 It is now possible to unlock LUKS-Encrypted file systems using
1373 a FIDO2 token via
1374 <literal>boot.initrd.luks.fido2Support</literal>.
1375 </para>
1376 </listitem>
1377 <listitem>
1378 <para>
1379 Predictably named network interfaces get renamed in stage-1.
1380 This means that it is possible to use the proper interface
1381 name for e.g. Dropbear setups.
1382 </para>
1383 <para>
1384 For further reference, please read
1385 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/68953">#68953</link>
1386 or the corresponding
1387 <link xlink:href="https://discourse.nixos.org/t/predictable-network-interface-names-in-initrd/4055">discourse
1388 thread</link>.
1389 </para>
1390 </listitem>
1391 <listitem>
1392 <para>
1393 The matrix-synapse-package has been updated to
1394 <link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.11.1">v1.11.1</link>.
1395 Due to
1396 <link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.10.0rc1">stricter
1397 requirements</link> for database configuration when using
1398 postgresql, the automated database setup of the module has
1399 been removed to avoid any further edge-cases.
1400 </para>
1401 <para>
1402 matrix-synapse expects <literal>postgresql</literal>-databases
1403 to have the options <literal>LC_COLLATE</literal> and
1404 <literal>LC_CTYPE</literal> set to
1405 <link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link>
1406 which basically instructs <literal>postgresql</literal> to
1407 ignore any locale-based preferences.
1408 </para>
1409 <para>
1410 Depending on your setup, you need to incorporate one of the
1411 following changes in your setup to upgrade to 20.03:
1412 </para>
1413 <itemizedlist>
1414 <listitem>
1415 <para>
1416 If you use <literal>sqlite3</literal> you don't need to do
1417 anything.
1418 </para>
1419 </listitem>
1420 <listitem>
1421 <para>
1422 If you use <literal>postgresql</literal> on a different
1423 server, you don't need to change anything as well since
1424 this module was never designed to configure remote
1425 databases.
1426 </para>
1427 </listitem>
1428 <listitem>
1429 <para>
1430 If you use <literal>postgresql</literal> and configured
1431 your synapse initially on <literal>19.09</literal> or
1432 older, you simply need to enable postgresql-support
1433 explicitly:
1434 </para>
1435 <programlisting language="bash">
1436{ ... }: {
1437 services.matrix-synapse = {
1438 enable = true;
1439 /* and all the other config you've defined here */
1440 };
1441 services.postgresql.enable = true;
1442}
1443</programlisting>
1444 </listitem>
1445 </itemizedlist>
1446 </listitem>
1447 <listitem>
1448 <para>
1449 If you deploy a fresh matrix-synapse, you need to configure
1450 the database yourself (e.g. by using the
1451 <link xlink:href="options.html#opt-services.postgresql.initialScript">services.postgresql.initialScript</link>
1452 option). An example for this can be found in the
1453 <link linkend="module-services-matrix">documentation of the
1454 Matrix module</link>.
1455 </para>
1456 </listitem>
1457 <listitem>
1458 <para>
1459 If you initially deployed your matrix-synapse on
1460 <literal>nixos-unstable</literal> <emphasis>after</emphasis>
1461 the <literal>19.09</literal>-release, your database is
1462 misconfigured due to a regression in NixOS. For now,
1463 matrix-synapse will startup with a warning, but it's
1464 recommended to reconfigure the database to set the values
1465 <literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal>
1466 to
1467 <link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link>.
1468 </para>
1469 </listitem>
1470 <listitem>
1471 <para>
1472 The
1473 <link xlink:href="options.html#opt-systemd.network.links">systemd.network.links</link>
1474 option is now respected even when
1475 <link xlink:href="options.html#opt-systemd.network.enable">systemd-networkd</link>
1476 is disabled. This mirrors the behaviour of systemd - It's udev
1477 that parses <literal>.link</literal> files, not
1478 <literal>systemd-networkd</literal>.
1479 </para>
1480 </listitem>
1481 <listitem>
1482 <para>
1483 mongodb has been updated to version <literal>3.4.24</literal>.
1484 </para>
1485 <warning>
1486 <para>
1487 Please note that mongodb has been relicensed under their own
1488 <link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal> sspl</literal></link>-license.
1489 Since it's not entirely free and not OSI-approved, it's
1490 listed as non-free. This means that Hydra doesn't provide
1491 prebuilt mongodb-packages and needs to be built locally.
1492 </para>
1493 </warning>
1494 </listitem>
1495 </itemizedlist>
1496 </section>
1497</section>