1 files changed, 103 insertions, 0 deletions

diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml
index e0f71aadaba5..6493bb995967 100644
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -237,6 +237,12 @@
     </para>
    </listitem>
    <listitem>
+    <para>
+     The <literal>shibboleth-sp</literal> package has been updated to version 3.
+     It is largely backward compatible, for further information refer to the
+     <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes">release notes</link>
+     and <link xlink:href="https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2">upgrade guide</link>.
+    </para>
      <para>
        Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped.
      </para>
@@ -263,6 +269,28 @@
        <literal>false</literal>.
      </para>
    </listitem>
+   <listitem>
+     <para>
+       The <option>services.systemhealth</option> module has been removed from nixpkgs due to lack of maintainer.
+     </para>
+   </listitem>
+   <listitem>
+     <para>
+       The <option>services.mantisbt</option> module has been removed from nixpkgs due to lack of maintainer.
+     </para>
+   </listitem>
+   <listitem>
+     <para>
+       Squid 3 has been removed and the <option>squid</option> derivation now refers to Squid 4.
+     </para>
+   </listitem>
+   <listitem>
+     <para>
+       The <option>services.pdns-recursor.extraConfig</option> option has been replaced by
+       <option>services.pdns-recursor.settings</option>. The new option allows setting extra
+       configuration while being better type-checked and mergeable.
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 
@@ -424,6 +452,81 @@
      installer after creating <literal>/var/lib/nextcloud</literal>.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     There exists now <literal>lib.forEach</literal>, which is like <literal>map</literal>, but with
+     arguments flipped. When mapping function body spans many lines (or has nested
+     <literal>map</literal>s), it is often hard to follow which list is modified.
+    </para>
+    <para>
+     Previous solution to this problem was either to use <literal>lib.flip map</literal>
+     idiom or extract that anonymous mapping function to a named one. Both can still be used
+     but <literal>lib.forEach</literal> is preferred over <literal>lib.flip map</literal>.
+    </para>
+    <para>
+      The <literal>/etc/sysctl.d/nixos.conf</literal> file containing all the options set via
+      <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link> was moved to
+      <literal>/etc/sysctl.d/60-nixos.conf</literal>, as
+      <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      recommends prefixing all filenames in <literal>/etc/sysctl.d</literal> with a
+      two-digit number and a dash to simplify the ordering of the files.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+      We now install the sysctl snippets shipped with systemd.
+    <itemizedlist>
+     <para>This enables:</para>
+     <listitem>
+      <para>Loose reverse path filtering</para>
+     </listitem>
+     <listitem>
+      <para>Source route filtering</para>
+     </listitem>
+     <listitem>
+      <para>
+       <literal>fq_codel</literal> as a packet scheduler (this helps to fight bufferbloat)
+      </para>
+     </listitem>
+    </itemizedlist>
+
+     This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
+     These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
+     and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
+     (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
+     </para>
+   </listitem>
+   <listitem>
+    <para>
+      Coredumps are now acquired by <literal>systemd-coredump</literal> by default.
+      <literal>systemd-coredump</literal> behaviour can still be modified via
+      <option>systemd.coredump.extraConfig</option>.
+      To stick to the old behaviour (having the kernel dump to a file called <literal>core</literal>
+      in the working directory), without piping it through <literal>systemd-coredump</literal>, set
+      <option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>.
+    </para>
+   </listitem>
+  <listitem>
+   <para>
+    <literal>systemd.packages</literal> option now also supports generators and
+    shutdown scripts. Old <literal>systemd.generator-packages</literal> option has
+    been removed.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
+    Use <literal>rspamd</literal> in proxy mode instead.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+     systemd cgroup accounting via the
+     <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link>
+     option is now enabled by default. It now also enables the more recent Block IO and IP accounting
+     features.
+   </para>
+  </listitem>
   </itemizedlist>
  </section>
 </section>