Merging against upstream master

9 files changed, 234 insertions, 32 deletions

diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml
index 448e2a932e91..8677c13db40f 100644
--- a/nixos/doc/manual/configuration/configuration.xml
+++ b/nixos/doc/manual/configuration/configuration.xml
@@ -21,6 +21,7 @@ effect after you run <command>nixos-rebuild</command>.</para>
 <xi:include href="user-mgmt.xml" />
 <xi:include href="file-systems.xml" />
 <xi:include href="x-windows.xml" />
+<xi:include href="xfce.xml" />
 <xi:include href="networking.xml" />
 <xi:include href="linux-kernel.xml" />
 
diff --git a/nixos/doc/manual/configuration/ipv6-config.xml b/nixos/doc/manual/configuration/ipv6-config.xml
index bf86926f9bf5..6d9e0a164e9e 100644
--- a/nixos/doc/manual/configuration/ipv6-config.xml
+++ b/nixos/doc/manual/configuration/ipv6-config.xml
@@ -22,5 +22,25 @@ boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
 </programlisting>
 </para>
 
+<para>As with IPv4 networking interfaces are automatically configured via
+DHCPv6. You can configure an interface manually:
+
+<programlisting>
+networking.interfaces.eth0.ip6 = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ];
+</programlisting>
+</para>
+
+<para>For configuring a gateway, optionally with explicitly specified interface:
+
+<programlisting>
+networking.defaultGateway6 = {
+  address = "fe00::1";
+  interface = "enp0s3";
+}
+</programlisting>
+</para>
+
+<para>See <xref linkend='sec-ipv4' /> for similar examples and additional information.
+</para>
 
 </section>
diff --git a/nixos/doc/manual/configuration/luks-file-systems.xml b/nixos/doc/manual/configuration/luks-file-systems.xml
index 2062456703f7..00c795cd0898 100644
--- a/nixos/doc/manual/configuration/luks-file-systems.xml
+++ b/nixos/doc/manual/configuration/luks-file-systems.xml
@@ -37,6 +37,10 @@ boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-
 fileSystems."/".device = "/dev/mapper/crypted";
 </programlisting>
 
+Should grub be used as bootloader, and <filename>/boot</filename> is located
+on an encrypted partition, it is necessary to add the following grub option:
+<programlisting>boot.loader.grub.enableCryptodisk = true;</programlisting>
+
 </para>
 
 </section>
diff --git a/nixos/doc/manual/configuration/modularity.xml b/nixos/doc/manual/configuration/modularity.xml
index 59a4e3b33ba1..30da064ac579 100644
--- a/nixos/doc/manual/configuration/modularity.xml
+++ b/nixos/doc/manual/configuration/modularity.xml
@@ -36,9 +36,8 @@ latter might look like this:
 { config, pkgs, ... }:
 
 { services.xserver.enable = true;
-  services.xserver.displayManager.kdm.enable = true;
-  services.xserver.desktopManager.kde4.enable = true;
-  environment.systemPackages = [ pkgs.kde4.kscreensaver ];
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.kde5.enable = true;
 }
 </programlisting>
 
diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml
index 829e5b9ea842..2bd9cca5622f 100644
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@@ -36,7 +36,10 @@ to set a password, which is retained across invocations of
 and /etc/group will be congruent to your NixOS configuration. For instance,
 if you remove a user from users.extraUsers and run nixos-rebuild, the user
 account will cease to exist. Also, imperative commands for managing users
-and groups, such as useradd, are no longer available.</para>
+and groups, such as useradd, are no longer available. Passwords may still be
+assigned by setting the user's <literal>hashedPassword</literal> option. A
+hashed password can be generated using <command>mkpasswd -m sha-512</command>
+after installing the <literal>mkpasswd</literal> package.</para>
 
 <para>A user ID (uid) is assigned automatically.  You can also specify
 a uid manually by adding
diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml
index 3040839861c1..93d10d19b208 100644
--- a/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixos/doc/manual/configuration/x-windows.xml
@@ -25,7 +25,7 @@ Otherwise, you can only log into a plain undecorated
 <command>xterm</command> window.  Thus you should pick one or more of
 the following lines:
 <programlisting>
-services.xserver.desktopManager.kde4.enable = true;
+services.xserver.desktopManager.kde5.enable = true;
 services.xserver.desktopManager.xfce.enable = true;
 services.xserver.windowManager.xmonad.enable = true;
 services.xserver.windowManager.twm.enable = true;
@@ -35,9 +35,9 @@ services.xserver.windowManager.icewm.enable = true;
 
 <para>NixOS’s default <emphasis>display manager</emphasis> (the
 program that provides a graphical login prompt and manages the X
-server) is SLiM.  You can select KDE’s <command>kdm</command> instead:
+server) is SLiM.  You can select KDE’s <command>sddm</command> instead:
 <programlisting>
-services.xserver.displayManager.kdm.enable = true;
+services.xserver.displayManager.sddm.enable = true;
 </programlisting>
 </para>
 
diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml
new file mode 100644
index 000000000000..af6278e9c920
--- /dev/null
+++ b/nixos/doc/manual/configuration/xfce.xml
@@ -0,0 +1,105 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         version="5.0"
+         xml:id="sec-xfce">
+
+    <title>Xfce Desktop Environment</title>
+
+    <para>
+        To enable the Xfce Desktop Environment, set
+        <programlisting>
+            services.xserver.desktopManager = {
+                xfce.enable = true;
+                default = "xfce";
+            };
+        </programlisting>
+    </para>
+
+    <para>
+        Optionally, <emphasis>compton</emphasis>
+        can be enabled for nice graphical effects, some example settings:
+        <programlisting>
+            services.compton = {
+              enable          = true;
+              fade            = true;
+              inactiveOpacity = "0.9";
+              shadow          = true;
+              fadeDelta       = 4;
+            };
+        </programlisting>
+    </para>
+
+    <para>
+        Some Xfce programs are not installed automatically.
+        To install them manually (system wide), put them into your
+        <literal>environment.systemPackages</literal>.
+	</para>
+
+    <para>
+		NixOS’s default <emphasis>display manager</emphasis>is SLiM.
+		(DM is the program that provides a graphical login prompt
+		 and manages the X server.)
+	   	You can, for example, select KDE’s
+        <command>sddm</command> instead:
+        <programlisting>
+            services.xserver.displayManager.sddm.enable = true;
+        </programlisting>
+    </para>
+
+    <simplesect>
+        <title>Thunar Volume Support</title>
+
+        <para>
+            To enable
+            <emphasis>Thunar</emphasis>
+            volume support, put
+            <programlisting>
+                services.xserver.desktopManager.xfce.enable = true;
+            </programlisting>
+            into your <emphasis>configuration.nix</emphasis>.
+        </para>
+
+    </simplesect>
+
+    <simplesect>
+        <title>Polkit Authentication Agent</title>
+
+        <para>
+            There is no authentication agent automatically installed alongside
+            Xfce. To allow mounting of local (non-removable) filesystems, you
+            will need to install one.
+
+            Installing <emphasis>polkit_gnome</emphasis>, a rebuild, logout and
+            login did the trick.
+        </para>
+
+    </simplesect>
+
+    <simplesect>
+        <title>Troubleshooting</title>
+
+        <para>
+            Even after enabling udisks2, volume management might not work.
+            Thunar and/or the desktop takes time to show up.
+
+            Thunar will spit out this kind of message on start
+            (look at journalctl --user -b).
+
+            <programlisting>
+                Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
+            </programlisting>
+
+            This is caused by some needed GNOME services not running.
+            This is all fixed by enabling "Launch GNOME services on startup" in
+            the Advanced tab of the Session and Startup settings panel.
+            Alternatively, you can run this command to do the same thing.
+            <programlisting>
+                $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
+            </programlisting>
+            A log-out and re-log will be needed for this to take effect.
+        </para>
+
+    </simplesect>
+
+</chapter>
diff --git a/nixos/doc/manual/development/option-declarations.xml b/nixos/doc/manual/development/option-declarations.xml
index ce432a7fa6ca..d62d0896bb7c 100644
--- a/nixos/doc/manual/development/option-declarations.xml
+++ b/nixos/doc/manual/development/option-declarations.xml
@@ -65,22 +65,22 @@ options = {
 
 </para>
 
-<section xml:id="sec-option-declarations-eot"><title>Extensible Option 
+<section xml:id="sec-option-declarations-eot"><title>Extensible Option
     Types</title>
 
-  <para>Extensible option types is a feature that allow to extend certain types 
+  <para>Extensible option types is a feature that allow to extend certain types
     declaration through multiple module files.
-    This feature only work with a restricted set of types, namely 
+    This feature only work with a restricted set of types, namely
     <literal>enum</literal> and <literal>submodules</literal> and any composed
     forms of them.</para>
 
-  <para>Extensible option types can be used for <literal>enum</literal> options 
-    that affects multiple modules, or as an alternative to related 
+  <para>Extensible option types can be used for <literal>enum</literal> options
+    that affects multiple modules, or as an alternative to related
     <literal>enable</literal> options.</para>
 
   <para>As an example, we will take the case of display managers. There is a
     central display manager module for generic display manager options and a
-    module file per display manager backend (slim, kdm, gdm ...).
+    module file per display manager backend (slim, sddm, gdm ...).
   </para>
 
   <para>There are two approach to this module structure:
@@ -96,7 +96,7 @@ options = {
   </para>
 
   <para>Both approachs have problems.</para>
-    
+
   <para>Making backends independent can quickly become hard to manage. For
     display managers, there can be only one enabled at a time, but the type
     system can not enforce this restriction as there is no relation between
@@ -108,18 +108,18 @@ options = {
     central module will require to change the central module option every time
     a new backend is added or removed.</para>
 
-  <para>By using extensible option types, it is possible to create a placeholder 
-    option in the central module (<xref linkend='ex-option-declaration-eot-service' 
-      />), and to extend it in each backend module (<xref 
-      linkend='ex-option-declaration-eot-backend-slim' />, <xref 
-      linkend='ex-option-declaration-eot-backend-kdm' />).</para>
- 
+  <para>By using extensible option types, it is possible to create a placeholder
+    option in the central module (<xref linkend='ex-option-declaration-eot-service'
+      />), and to extend it in each backend module (<xref
+      linkend='ex-option-declaration-eot-backend-slim' />, <xref
+      linkend='ex-option-declaration-eot-backend-sddm' />).</para>
+
   <para>As a result, <literal>displayManager.enable</literal> option values can
   be added without changing the main service module file and the type system
   automatically enforce that there can only be a single display manager
   enabled.</para>
 
-<example xml:id='ex-option-declaration-eot-service'><title>Extensible type 
+<example xml:id='ex-option-declaration-eot-service'><title>Extensible type
     placeholder in the service module</title>
 <screen>
 services.xserver.displayManager.enable = mkOption {
@@ -127,29 +127,29 @@ services.xserver.displayManager.enable = mkOption {
   type = with types; nullOr (enum [ ]);
 };</screen></example>
 
-<example xml:id='ex-option-declaration-eot-backend-slim'><title>Extending 
-    <literal>services.xserver.displayManager.enable</literal> in the 
+<example xml:id='ex-option-declaration-eot-backend-slim'><title>Extending
+    <literal>services.xserver.displayManager.enable</literal> in the
     <literal>slim</literal> module</title>
 <screen>
 services.xserver.displayManager.enable = mkOption {
   type = with types; nullOr (enum [ "slim" ]);
 };</screen></example>
 
-<example xml:id='ex-option-declaration-eot-backend-kdm'><title>Extending 
-    <literal>services.foo.backend</literal> in the <literal>kdm</literal> 
+<example xml:id='ex-option-declaration-eot-backend-sddm'><title>Extending
+    <literal>services.foo.backend</literal> in the <literal>sddm</literal>
     module</title>
 <screen>
 services.xserver.displayManager.enable = mkOption {
-  type = with types; nullOr (enum [ "kdm" ]);
+  type = with types; nullOr (enum [ "sddm" ]);
 };</screen></example>
 
-<para>The placeholder declaration is a standard <literal>mkOption</literal> 
-  declaration, but it is important that extensible option declarations only use 
+<para>The placeholder declaration is a standard <literal>mkOption</literal>
+  declaration, but it is important that extensible option declarations only use
   the <literal>type</literal> argument.</para>
 
-<para>Extensible option types work with any of the composed variants of 
-  <literal>enum</literal> such as 
-  <literal>with types; nullOr (enum [ "foo" "bar" ])</literal> 
+<para>Extensible option types work with any of the composed variants of
+  <literal>enum</literal> such as
+  <literal>with types; nullOr (enum [ "foo" "bar" ])</literal>
   or <literal>with types; listOf (enum [ "foo" "bar" ])</literal>.</para>
 
 </section>
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 73686cbafe52..5d6053fcbf74 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -17,12 +17,21 @@ has the following highlights: </para>
   </listitem>
 
   <listitem>
-
     <para>Setting capabilities on programs is now supported with a
     <literal>setcap-wrapper</literal> functionality. This
     functionality and the <literal>setuid-wrapper</literal> are merged
     into a single "wrappers" module.</para>
   </listitem>
+
+  <listitem>
+    <para>X.org server uses branch 1.19.  Due to ABI incompatibilities,
+      <literal>ati_unfree</literal> keeps forcing 1.17
+      and <literal>amdgpu-pro</literal> starts forcing 1.18.</para>
+  </listitem>
+
+  <listitem>
+    <para>PHP now defaults to PHP 7.1</para>
+  </listitem>
 </itemizedlist>
 
 <para>The following new services were added since the last release:</para>
@@ -54,6 +63,7 @@ following incompatible changes:</para>
       for what those parameters represent.
     </para>
   </listitem>
+
   <listitem>
     <para>
       <literal>ansible</literal> now defaults to ansible version 2 as version 1
@@ -62,6 +72,7 @@ following incompatible changes:</para>
       vulnerability</link> unpatched by upstream.
     </para>
   </listitem>
+
   <listitem>
     <para>
       <literal>gnome</literal> alias has been removed along with
@@ -105,6 +116,15 @@ following incompatible changes:</para>
 
   <listitem>
     <para>
+      Two lone top-level dict dbs moved into <literal>dictdDBs</literal>. This
+      affects: <literal>dictdWordnet</literal> which is now at
+      <literal>dictdDBs.wordnet</literal> and <literal>dictdWiktionary</literal>
+      which is now at <literal>dictdDBs.wiktionary</literal>
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>
       Parsoid service now uses YAML configuration format.
      <literal>service.parsoid.interwikis</literal> is now called
      <literal>service.parsoid.wikis</literal> and is a list of either API URLs
@@ -124,7 +144,36 @@ following incompatible changes:</para>
   </listitem>
 
   <listitem>
+    <para>
+      <literal>service.nylon</literal> is now declared using named instances.
+      As an example:
 
+<programlisting>
+  services.nylon = {
+    enable = true;
+    acceptInterface = "br0";
+    bindInterface = "tun1";
+    port = 5912;
+  };
+</programlisting>
+
+      should be replaced with:
+
+<programlisting>
+  services.nylon.myvpn = {
+    enable = true;
+    acceptInterface = "br0";
+    bindInterface = "tun1";
+    port = 5912;
+  };
+</programlisting>
+
+      this enables you to declare a SOCKS proxy for each uplink.
+
+    </para>
+  </listitem>
+
+  <listitem>
     <para><literal>overridePackages</literal> function no longer exists.
     It is replaced by <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
@@ -161,18 +210,39 @@ following incompatible changes:</para>
     </para>
   </listitem>
 
+  <listitem>
+    <para>
+      <literal>local_recipient_maps</literal> is not set to empty value by
+      Postfix service. It's an insecure default as stated by Postfix
+      documentation. Those who want to retain this setting need to set it via
+      <literal>services.postfix.extraConfig</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>
 
 
 <para>Other notable improvements:</para>
 
 <itemizedlist>
+
   <listitem>
     <para>Module type system have a new extensible option types feature that
       allow to extend certain types, such as enum, through multiple option
       declarations of the same option across multiple modules.
     </para>
   </listitem>
+
+  <listitem>
+    <para>
+      <literal>jre</literal> now defaults to GTK+ UI by default. This
+      improves visual consistency and makes Java follow system font style,
+      improving the situation on HighDPI displays. This has a cost of increased
+      closure size; for server and other headless workloads it's recommended to
+      use <literal>jre_headless</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>