mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 15:03:28 +00:00
doc,nixos/doc: unescape double quotes
Leftovers from the CommonMark conversion.
This commit is contained in:
parent
d11832fd96
commit
e9e65810ac
@ -73,7 +73,7 @@ There are also two ways to try compiling a package which has been marked as unsu
|
||||
}
|
||||
```
|
||||
|
||||
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program *ought* to work on a certain platform, but doesn't, the platform should be included in `meta.platforms`, but marked as broken with e.g. `meta.broken = !hostPlatform.isWindows`. Of course, this begs the question of what \"ought\" means exactly. That is left to the package maintainer.
|
||||
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program *ought* to work on a certain platform, but doesn't, the platform should be included in `meta.platforms`, but marked as broken with e.g. `meta.broken = !hostPlatform.isWindows`. Of course, this begs the question of what "ought" means exactly. That is left to the package maintainer.
|
||||
|
||||
## Installing unfree packages {#sec-allow-unfree}
|
||||
|
||||
|
@ -17,7 +17,7 @@ services.kubernetes = {
|
||||
};
|
||||
```
|
||||
|
||||
Another way is to assign cluster roles (\"master\" and/or \"node\") to
|
||||
Another way is to assign cluster roles ("master" and/or "node") to
|
||||
the host. This enables apiserver, controllerManager, scheduler,
|
||||
addonManager, kube-proxy and etcd:
|
||||
|
||||
|
@ -46,7 +46,7 @@ Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with db
|
||||
```
|
||||
|
||||
This is caused by some needed GNOME services not running. This is all
|
||||
fixed by enabling \"Launch GNOME services on startup\" in the Advanced
|
||||
fixed by enabling "Launch GNOME services on startup" in the Advanced
|
||||
tab of the Session and Startup settings panel. Alternatively, you can
|
||||
run this command to do the same thing.
|
||||
|
||||
|
@ -21,8 +21,8 @@ services.kubernetes = {
|
||||
};
|
||||
</programlisting>
|
||||
<para>
|
||||
Another way is to assign cluster roles ("master" and/or
|
||||
"node") to the host. This enables apiserver,
|
||||
Another way is to assign cluster roles (<quote>master</quote> and/or
|
||||
<quote>node</quote>) to the host. This enables apiserver,
|
||||
controllerManager, scheduler, addonManager, kube-proxy and etcd:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
|
@ -54,9 +54,10 @@ Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with db
|
||||
</programlisting>
|
||||
<para>
|
||||
This is caused by some needed GNOME services not running. This is
|
||||
all fixed by enabling "Launch GNOME services on startup"
|
||||
in the Advanced tab of the Session and Startup settings panel.
|
||||
Alternatively, you can run this command to do the same thing.
|
||||
all fixed by enabling <quote>Launch GNOME services on
|
||||
startup</quote> in the Advanced tab of the Session and Startup
|
||||
settings panel. Alternatively, you can run this command to do the
|
||||
same thing.
|
||||
</para>
|
||||
<programlisting>
|
||||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||
|
@ -290,12 +290,12 @@ $ sudo chown -R 0:0 /nix
|
||||
<note>
|
||||
<para>
|
||||
Support for <literal>NIXOS_LUSTRATE</literal> was added in
|
||||
NixOS 16.09. The act of "lustrating" refers to the
|
||||
wiping of the existing distribution. Creating
|
||||
NixOS 16.09. The act of <quote>lustrating</quote> refers to
|
||||
the wiping of the existing distribution. Creating
|
||||
<literal>/etc/NIXOS_LUSTRATE</literal> can also be used on
|
||||
NixOS to remove all mutable files from your root partition
|
||||
(anything that’s not in <literal>/nix</literal> or
|
||||
<literal>/boot</literal> gets "lustrated" on the
|
||||
<literal>/boot</literal> gets <quote>lustrated</quote> on the
|
||||
next boot.
|
||||
</para>
|
||||
<para>
|
||||
|
@ -110,9 +110,9 @@ diskutil unmountDisk diskX
|
||||
sudo dd if=<path-to-image> of=/dev/rdiskX bs=4m
|
||||
</programlisting>
|
||||
<para>
|
||||
After <literal>dd</literal> completes, a GUI dialog "The disk
|
||||
you inserted was not readable by this computer" will pop up,
|
||||
which can be ignored.
|
||||
After <literal>dd</literal> completes, a GUI dialog <quote>The
|
||||
disk you inserted was not readable by this computer</quote> will
|
||||
pop up, which can be ignored.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
|
@ -11,8 +11,8 @@
|
||||
<orderedlist numeration="arabic">
|
||||
<listitem>
|
||||
<para>
|
||||
Add a New Machine in VirtualBox with OS Type "Linux / Other
|
||||
Linux"
|
||||
Add a New Machine in VirtualBox with OS Type <quote>Linux /
|
||||
Other Linux</quote>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
@ -38,7 +38,7 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Click on Settings / System / Acceleration and enable
|
||||
"VT-x/AMD-V" acceleration
|
||||
<quote>VT-x/AMD-V</quote> acceleration
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
@ -71,7 +71,7 @@ boot.initrd.checkJournalingFS = false;
|
||||
<para>
|
||||
Shared folders can be given a name and a path in the host system in
|
||||
the VirtualBox settings (Machine / Settings / Shared Folders, then
|
||||
click on the "Add" icon). Add the following to the
|
||||
click on the <quote>Add</quote> icon). Add the following to the
|
||||
<literal>/etc/nixos/configuration.nix</literal> to auto-mount them.
|
||||
If you do not add <literal>"nofail"</literal>, the system
|
||||
will not boot properly.
|
||||
|
@ -9,7 +9,7 @@
|
||||
<para>
|
||||
The <link xlink:href="http://haskell.org/">Haskell</link>
|
||||
packages infrastructure has been re-designed from the ground up
|
||||
("Haskell NG"). NixOS now distributes the latest
|
||||
(<quote>Haskell NG</quote>). NixOS now distributes the latest
|
||||
version of every single package registered on
|
||||
<link xlink:href="http://hackage.haskell.org/">Hackage</link> --
|
||||
well in excess of 8,000 Haskell packages. Detailed instructions
|
||||
@ -23,8 +23,8 @@
|
||||
Haskell</link> release since version 0.0 as well as the most
|
||||
recent <link xlink:href="http://www.stackage.org/">Stackage
|
||||
Nightly</link> snapshot. The announcement
|
||||
<link xlink:href="https://nixos.org/nix-dev/2015-September/018138.html">"Full
|
||||
Stackage Support in Nixpkgs"</link> gives additional
|
||||
<link xlink:href="https://nixos.org/nix-dev/2015-September/018138.html"><quote>Full
|
||||
Stackage Support in Nixpkgs</quote></link> gives additional
|
||||
details.
|
||||
</para>
|
||||
</listitem>
|
||||
@ -534,9 +534,9 @@
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
"<literal>nix-env -qa</literal>" no longer discovers
|
||||
Haskell packages by name. The only packages visible in the
|
||||
global scope are <literal>ghc</literal>,
|
||||
<quote><literal>nix-env -qa</literal></quote> no longer
|
||||
discovers Haskell packages by name. The only packages visible in
|
||||
the global scope are <literal>ghc</literal>,
|
||||
<literal>cabal-install</literal>, and <literal>stack</literal>,
|
||||
but all other packages are hidden. The reason for this
|
||||
inconvenience is the sheer size of the Haskell package set.
|
||||
|
@ -632,8 +632,8 @@ error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be creat
|
||||
The <literal>services.xserver.startGnuPGAgent</literal> option
|
||||
has been removed. GnuPG 2.1.x changed the way the gpg-agent
|
||||
works, and that new approach no longer requires (or even
|
||||
supports) the "start everything as a child of the
|
||||
agent" scheme we’ve implemented in NixOS for older
|
||||
supports) the <quote>start everything as a child of the
|
||||
agent</quote> scheme we’ve implemented in NixOS for older
|
||||
versions. To configure the gpg-agent for your X session, add the
|
||||
following code to <literal>~/.bashrc</literal> or some file
|
||||
that’s sourced when your shell is started:
|
||||
@ -670,7 +670,7 @@ export GPG_TTY
|
||||
</programlisting>
|
||||
<para>
|
||||
The <literal>gpg-agent(1)</literal> man page has more details
|
||||
about this subject, i.e. in the "EXAMPLES" section.
|
||||
about this subject, i.e. in the <quote>EXAMPLES</quote> section.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -495,11 +495,11 @@
|
||||
<para>
|
||||
The propagation logic has been changed. The new logic, along
|
||||
with new types of dependencies that go with, is thoroughly
|
||||
documented in the "Specifying dependencies" section
|
||||
of the "Standard Environment" chapter of the nixpkgs
|
||||
manual. The old logic isn’t but is easy to describe:
|
||||
dependencies were propagated as the same type of dependency no
|
||||
matter what. In practice, that means that many
|
||||
documented in the <quote>Specifying dependencies</quote>
|
||||
section of the <quote>Standard Environment</quote> chapter of
|
||||
the nixpkgs manual. The old logic isn’t but is easy to
|
||||
describe: dependencies were propagated as the same type of
|
||||
dependency no matter what. In practice, that means that many
|
||||
<literal>propagatedNativeBuildInputs</literal> should instead
|
||||
be <literal>propagatedBuildInputs</literal>. Thankfully, that
|
||||
was and is the least used type of dependency. Also, it means
|
||||
|
@ -342,7 +342,7 @@
|
||||
preserved when also setting interface specific rules such as
|
||||
<literal>networking.firewall.interfaces.en0.allow*</literal>.
|
||||
These rules continue to use the pseudo device
|
||||
"default"
|
||||
<quote>default</quote>
|
||||
(<literal>networking.firewall.interfaces.default.*</literal>),
|
||||
and assigning to this pseudo device will override the
|
||||
(<literal>networking.firewall.allow*</literal>) options.
|
||||
|
@ -746,9 +746,9 @@
|
||||
<literal>services.gitlab.secrets.jwsFile</literal>). This was
|
||||
done so that secrets aren’t stored in the world-readable nix
|
||||
store, but means that for each option you’ll have to create a
|
||||
file with the same exact string, add "File" to the
|
||||
end of the option name, and change the definition to a string
|
||||
pointing to the corresponding file; e.g.
|
||||
file with the same exact string, add <quote>File</quote> to
|
||||
the end of the option name, and change the definition to a
|
||||
string pointing to the corresponding file; e.g.
|
||||
<literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
|
||||
becomes
|
||||
<literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal>
|
||||
|
@ -1472,8 +1472,8 @@ $ sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
|
||||
</programlisting>
|
||||
<para>
|
||||
The base package has also been upgraded to the 2020-07-29
|
||||
"Hogfather" release. Plugins might be incompatible
|
||||
or require upgrading.
|
||||
<quote>Hogfather</quote> release. Plugins might be
|
||||
incompatible or require upgrading.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
@ -1736,11 +1736,11 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The cc- and binutils-wrapper’s "infix salt" and
|
||||
The cc- and binutils-wrapper’s <quote>infix salt</quote> and
|
||||
<literal>_BUILD_</literal> and <literal>_TARGET_</literal>
|
||||
user infixes have been replaced with with a "suffix
|
||||
salt" and suffixes and <literal>_FOR_BUILD</literal> and
|
||||
<literal>_FOR_TARGET</literal>. This matches the autotools
|
||||
user infixes have been replaced with with a <quote>suffix
|
||||
salt</quote> and suffixes and <literal>_FOR_BUILD</literal>
|
||||
and <literal>_FOR_TARGET</literal>. This matches the autotools
|
||||
convention for env vars which standard for these things,
|
||||
making interfacing with other tools easier.
|
||||
</para>
|
||||
|
@ -235,8 +235,8 @@
|
||||
<para>
|
||||
The <literal>networking.wireless.iwd</literal> module now
|
||||
installs the upstream-provided 80-iwd.link file, which sets
|
||||
the NamePolicy= for all wlan devices to "keep
|
||||
kernel", to avoid race conditions between iwd and
|
||||
the NamePolicy= for all wlan devices to <quote>keep
|
||||
kernel</quote>, to avoid race conditions between iwd and
|
||||
networkd. If you don’t want this, you can set
|
||||
<literal>systemd.network.links."80-iwd" = lib.mkForce {}</literal>.
|
||||
</para>
|
||||
@ -1027,7 +1027,7 @@ self: super:
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://kodi.tv/">Kodi</link> has been
|
||||
updated to version 19.1 "Matrix". See the
|
||||
updated to version 19.1 <quote>Matrix</quote>. See the
|
||||
<link xlink:href="https://kodi.tv/article/kodi-19-0-matrix-release">announcement</link>
|
||||
for further details.
|
||||
</para>
|
||||
@ -1298,7 +1298,8 @@ self: super:
|
||||
<para>
|
||||
The zookeeper package does not provide
|
||||
<literal>zooInspector.sh</literal> anymore, as that
|
||||
"contrib" has been dropped from upstream releases.
|
||||
<quote>contrib</quote> has been dropped from upstream
|
||||
releases.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -201,10 +201,10 @@ The first steps to all these are the same:
|
||||
|
||||
::: {.note}
|
||||
Support for `NIXOS_LUSTRATE` was added in NixOS 16.09. The act of
|
||||
\"lustrating\" refers to the wiping of the existing distribution.
|
||||
"lustrating" refers to the wiping of the existing distribution.
|
||||
Creating `/etc/NIXOS_LUSTRATE` can also be used on NixOS to remove
|
||||
all mutable files from your root partition (anything that's not in
|
||||
`/nix` or `/boot` gets \"lustrated\" on the next boot.
|
||||
`/nix` or `/boot` gets "lustrated" on the next boot.
|
||||
|
||||
lustrate /ˈlʌstreɪt/ verb.
|
||||
|
||||
|
@ -56,8 +56,8 @@ select the image, select the USB flash drive and click "Write".
|
||||
sudo dd if=<path-to-image> of=/dev/rdiskX bs=4m
|
||||
```
|
||||
|
||||
After `dd` completes, a GUI dialog \"The disk
|
||||
you inserted was not readable by this computer\" will pop up, which can
|
||||
After `dd` completes, a GUI dialog "The disk
|
||||
you inserted was not readable by this computer" will pop up, which can
|
||||
be ignored.
|
||||
|
||||
::: {.note}
|
||||
|
@ -6,7 +6,7 @@ use a pre-made VirtualBox appliance, it is available at [the downloads
|
||||
page](https://nixos.org/nixos/download.html). If you want to set up a
|
||||
VirtualBox guest manually, follow these instructions:
|
||||
|
||||
1. Add a New Machine in VirtualBox with OS Type \"Linux / Other Linux\"
|
||||
1. Add a New Machine in VirtualBox with OS Type "Linux / Other Linux"
|
||||
|
||||
1. Base Memory Size: 768 MB or higher.
|
||||
|
||||
@ -16,7 +16,7 @@ VirtualBox guest manually, follow these instructions:
|
||||
|
||||
1. Click on Settings / System / Processor and enable PAE/NX
|
||||
|
||||
1. Click on Settings / System / Acceleration and enable \"VT-x/AMD-V\"
|
||||
1. Click on Settings / System / Acceleration and enable "VT-x/AMD-V"
|
||||
acceleration
|
||||
|
||||
1. Click on Settings / Display / Screen and select VMSVGA as Graphics
|
||||
@ -41,7 +41,7 @@ boot.initrd.checkJournalingFS = false;
|
||||
|
||||
Shared folders can be given a name and a path in the host system in the
|
||||
VirtualBox settings (Machine / Settings / Shared Folders, then click on
|
||||
the \"Add\" icon). Add the following to the
|
||||
the "Add" icon). Add the following to the
|
||||
`/etc/nixos/configuration.nix` to auto-mount them. If you do not add
|
||||
`"nofail"`, the system will not boot properly.
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
In addition to numerous new and upgraded packages, this release has the following highlights:
|
||||
|
||||
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up (\"Haskell NG\"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement [\"Full Stackage Support in Nixpkgs\"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
|
||||
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up ("Haskell NG"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement ["Full Stackage Support in Nixpkgs"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
|
||||
|
||||
- Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security.
|
||||
|
||||
@ -203,7 +203,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
|
||||
}
|
||||
```
|
||||
|
||||
- \"`nix-env -qa`\" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
|
||||
- "`nix-env -qa`" no longer discovers Haskell packages by name. The only packages visible in the global scope are `ghc`, `cabal-install`, and `stack`, but all other packages are hidden. The reason for this inconvenience is the sheer size of the Haskell package set. Name-based lookups are expensive, and most `nix-env -qa` operations would become much slower if we'd add the entire Hackage database into the top level attribute set. Instead, the list of Haskell packages can be displayed by running:
|
||||
|
||||
```ShellSession
|
||||
nix-env -f "<nixpkgs>" -qaP -A haskellPackages
|
||||
|
@ -246,7 +246,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
you should either re-run `nixos-generate-config` or manually replace `"${config.boot.kernelPackages.broadcom_sta}"` by `config.boot.kernelPackages.broadcom_sta` in your `/etc/nixos/hardware-configuration.nix`. More discussion is on [ the github issue](https://github.com/NixOS/nixpkgs/pull/12595).
|
||||
|
||||
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the \"start everything as a child of the agent\" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
|
||||
- The `services.xserver.startGnuPGAgent` option has been removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no longer requires (or even supports) the "start everything as a child of the agent" scheme we've implemented in NixOS for older versions. To configure the gpg-agent for your X session, add the following code to `~/.bashrc` or some file that's sourced when your shell is started:
|
||||
|
||||
```shell
|
||||
GPG_TTY=$(tty)
|
||||
@ -273,7 +273,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
gpg --import ~/.gnupg/secring.gpg
|
||||
```
|
||||
|
||||
The `gpg-agent(1)` man page has more details about this subject, i.e. in the \"EXAMPLES\" section.
|
||||
The `gpg-agent(1)` man page has more details about this subject, i.e. in the "EXAMPLES" section.
|
||||
|
||||
Other notable improvements:
|
||||
|
||||
|
@ -176,7 +176,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- `cc-wrapper` has been split in two; there is now also a `bintools-wrapper`. The most commonly used files in `nix-support` are now split between the two wrappers. Some commonly used ones, like `nix-support/dynamic-linker`, are duplicated for backwards compatability, even though they rightly belong only in `bintools-wrapper`. Other more obscure ones are just moved.
|
||||
|
||||
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the \"Specifying dependencies\" section of the \"Standard Environment\" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
|
||||
- The propagation logic has been changed. The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. In practice, that means that many `propagatedNativeBuildInputs` should instead be `propagatedBuildInputs`. Thankfully, that was and is the least used type of dependency. Also, it means that some `propagatedBuildInputs` should instead be `depsTargetTargetPropagated`. Other types dependencies should be unaffected.
|
||||
|
||||
- `lib.addPassthru drv passthru` is removed. Use `lib.extendDerivation true passthru drv` instead.
|
||||
|
||||
|
@ -89,7 +89,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- The option `services.xserver.displayManager.job.logToFile` which was previously set to `true` when using the display managers `lightdm`, `sddm` or `xpra` has been reset to the default value (`false`).
|
||||
|
||||
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device \"default\" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
|
||||
- Network interface indiscriminate NixOS firewall options (`networking.firewall.allow*`) are now preserved when also setting interface specific rules such as `networking.firewall.interfaces.en0.allow*`. These rules continue to use the pseudo device "default" (`networking.firewall.interfaces.default.*`), and assigning to this pseudo device will override the (`networking.firewall.allow*`) options.
|
||||
|
||||
- The `nscd` service now disables all caching of `passwd` and `group` databases by default. This was interferring with the correct functioning of the `libnss_systemd.so` module which is used by `systemd` to manage uids and usernames in the presence of `DynamicUser=` in systemd services. This was already the default behaviour in presence of `services.sssd.enable = true` because nscd caching would interfere with `sssd` in unpredictable ways as well. Because we're using nscd not for caching, but for convincing glibc to find NSS modules in the nix store instead of an absolute path, we have decided to disable caching globally now, as it's usually not the behaviour the user wants and can lead to surprising behaviour. Furthermore, negative caching of host lookups is also disabled now by default. This should fix the issue of dns lookups failing in the presence of an unreliable network.
|
||||
|
||||
|
@ -210,7 +210,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- Citrix Receiver (`citrix_receiver`) has been dropped in favor of Citrix Workspace (`citrix_workspace`).
|
||||
|
||||
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren't stored in the world-readable nix store, but means that for each option you'll have to create a file with the same exact string, add \"File\" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
|
||||
- The `services.gitlab` module has had its literal secret options (`services.gitlab.smtp.password`, `services.gitlab.databasePassword`, `services.gitlab.initialRootPassword`, `services.gitlab.secrets.secret`, `services.gitlab.secrets.db`, `services.gitlab.secrets.otp` and `services.gitlab.secrets.jws`) replaced by file-based versions (`services.gitlab.smtp.passwordFile`, `services.gitlab.databasePasswordFile`, `services.gitlab.initialRootPasswordFile`, `services.gitlab.secrets.secretFile`, `services.gitlab.secrets.dbFile`, `services.gitlab.secrets.otpFile` and `services.gitlab.secrets.jwsFile`). This was done so that secrets aren't stored in the world-readable nix store, but means that for each option you'll have to create a file with the same exact string, add "File" to the end of the option name, and change the definition to a string pointing to the corresponding file; e.g. `services.gitlab.databasePassword = "supersecurepassword"` becomes `services.gitlab.databasePasswordFile = "/path/to/secret_file"` where the file `secret_file` contains the string `supersecurepassword`.
|
||||
|
||||
The state path (`services.gitlab.statePath`) now has the following restriction: no parent directory can be owned by any other user than `root` or the user specified in `services.gitlab.user`; i.e. if `services.gitlab.statePath` is set to `/var/lib/gitlab/state`, `gitlab` and all parent directories must be owned by either `root` or the user specified in `services.gitlab.user`.
|
||||
|
||||
|
@ -522,7 +522,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
}
|
||||
```
|
||||
|
||||
The base package has also been upgraded to the 2020-07-29 \"Hogfather\" release. Plugins might be incompatible or require upgrading.
|
||||
The base package has also been upgraded to the 2020-07-29 "Hogfather" release. Plugins might be incompatible or require upgrading.
|
||||
|
||||
- The [services.postgresql.dataDir](options.html#opt-services.postgresql.dataDir) option is now set to `"/var/lib/postgresql/${cfg.package.psqlSchema}"` regardless of your [system.stateVersion](options.html#opt-system.stateVersion). Users with an existing postgresql install that have a [system.stateVersion](options.html#opt-system.stateVersion) of `17.03` or below should double check what the value of their [services.postgresql.dataDir](options.html#opt-services.postgresql.dataDir) option is (`/var/db/postgresql`) and then explicitly set this value to maintain compatibility:
|
||||
|
||||
@ -590,7 +590,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
Please note that Rust packages utilizing a custom build/install procedure (e.g. by using a `Makefile`) or test suites that rely on the structure of the `target/` directory may break due to those assumptions. For further information, please read the Rust section in the Nixpkgs manual.
|
||||
|
||||
- The cc- and binutils-wrapper's \"infix salt\" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a \"suffix salt\" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||
- The cc- and binutils-wrapper's "infix salt" and `_BUILD_` and `_TARGET_` user infixes have been replaced with with a "suffix salt" and suffixes and `_FOR_BUILD` and `_FOR_TARGET`. This matches the autotools convention for env vars which standard for these things, making interfacing with other tools easier.
|
||||
|
||||
- Additional Git documentation (HTML and text files) is now available via the `git-doc` package.
|
||||
|
||||
|
@ -68,7 +68,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- If the `services.dbus` module is enabled, then the user D-Bus session is now always socket activated. The associated options `services.dbus.socketActivated` and `services.xserver.startDbusSession` have therefore been removed and you will receive a warning if they are present in your configuration. This change makes the user D-Bus session available also for non-graphical logins.
|
||||
|
||||
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to \"keep kernel\", to avoid race conditions between iwd and networkd. If you don't want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
|
||||
- The `networking.wireless.iwd` module now installs the upstream-provided 80-iwd.link file, which sets the NamePolicy= for all wlan devices to "keep kernel", to avoid race conditions between iwd and networkd. If you don't want this, you can set `systemd.network.links."80-iwd" = lib.mkForce {}`.
|
||||
|
||||
- `rubyMinimal` was removed due to being unused and unusable. The default ruby interpreter includes JIT support, which makes it reference it's compiler. Since JIT support is probably needed by some Gems, it was decided to enable this feature with all cc references by default, and allow to build a Ruby derivation without references to cc, by setting `jitSupport = false;` in an overlay. See [\#90151](https://github.com/NixOS/nixpkgs/pull/90151) for more info.
|
||||
|
||||
@ -300,7 +300,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
Regarding the NixOS module, new options for HTTPS inspection have been added and `services.privoxy.extraConfig` has been replaced by the new [services.privoxy.settings](options.html#opt-services.privoxy.settings) (See [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) for the motivation).
|
||||
|
||||
- [Kodi](https://kodi.tv/) has been updated to version 19.1 \"Matrix\". See the [announcement](https://kodi.tv/article/kodi-19-0-matrix-release) for further details.
|
||||
- [Kodi](https://kodi.tv/) has been updated to version 19.1 "Matrix". See the [announcement](https://kodi.tv/article/kodi-19-0-matrix-release) for further details.
|
||||
|
||||
- The `services.packagekit.backend` option has been removed as it only supported a single setting which would always be the default. Instead new [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) compliant [services.packagekit.settings](options.html#opt-services.packagekit.settings) and [services.packagekit.vendorSettings](options.html#opt-services.packagekit.vendorSettings) options have been introduced.
|
||||
|
||||
@ -367,7 +367,7 @@ When upgrading from a previous release, please be aware of the following incompa
|
||||
|
||||
- GNOME users may wish to delete their `~/.config/pulse` due to the changes to stream routing logic. See [PulseAudio bug 832](https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832) for more information.
|
||||
|
||||
- The zookeeper package does not provide `zooInspector.sh` anymore, as that \"contrib\" has been dropped from upstream releases.
|
||||
- The zookeeper package does not provide `zooInspector.sh` anymore, as that "contrib" has been dropped from upstream releases.
|
||||
|
||||
- In the ACME module, the data used to build the hash for the account directory has changed to accommodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user