diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2105.xml')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2105.xml | 186 |
1 files changed, 181 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index e0552c25a856..7364151ef666 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -27,7 +27,7 @@ <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para> </listitem> <listitem> - <para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para> + <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para> </listitem> <listitem> <para> @@ -78,7 +78,7 @@ </listitem> <listitem> <para> - <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.0 "Matrix". See + <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for further details. </para> @@ -94,6 +94,37 @@ been introduced. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0. + Now nginx uses the zlib-ng library by default. + </para> + </listitem> + <listitem> + <para> + KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its + <link xlink:href="https://kde.org/announcements/gear/21.04/">release + notes</link> for details. + </para> + <para> + The <code>kdeApplications</code> package set is now <code>kdeGear</code>, + in keeping with the new name. The old name remains for compatibility, but + it is deprecated. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated + to version 4.4. The package now includes example configurations and manual + pages by default. The NixOS module has been changed to use the upstream + systemd units and write the configuration in the <literal>/etc/ipsec.d/ + </literal> directory. In addition, two new options have been added to + specify connection policies + (<xref linkend="opt-services.libreswan.policies"/>) + and disable send/receive redirects + (<xref linkend="opt-services.libreswan.disableRedirects"/>). + </para> + </listitem> </itemizedlist> </section> @@ -139,6 +170,11 @@ section of the NixOS manual</link> for more information. </para> </listitem> + <listitem> + <para> + <xref linkend="opt-services.nebula.networks" /> <link xlink:href="https://github.com/slackhq/nebula">Nebula VPN</link> + </para> + </listitem> </itemizedlist> </section> @@ -172,6 +208,12 @@ It was broken since the switch to cgroups-v2. </para> </listitem> + <listitem> + <para> + The <literal>linuxPackages.ati_drivers_x11</literal> kernel modules have been removed. + The drivers only supported kernels prior to 4.2, and thus have become obsolete. + </para> + </listitem> <listitem> <para> The <literal>systemConfig</literal> kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them. @@ -324,7 +366,18 @@ </listitem> <listitem> <para> - <literal>vim</literal> switched to Python 3, dropping all Python 2 support. + <literal>vim</literal> and <literal>neovim</literal> switched to Python 3, dropping all Python 2 support. + </para> + </listitem> + <listitem> + <para> + <link linkend="opt-networking.wireguard.interfaces">networking.wireguard.interfaces.<name>.generatePrivateKeyFile</link>, + which is off by default, had a <literal>chmod</literal> race condition + fixed. As an aside, the parent directory's permissions were widened, + and the key files were made owner-writable. + This only affects newly created keys. + However, if the exact permissions are important for your setup, read + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>. </para> </listitem> <listitem> @@ -344,6 +397,15 @@ </listitem> <listitem> <para> + The WireGuard module gained a new option + <option>networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds</option> + that implements refreshing the IP of DNS-based endpoints periodically + (which WireGuard itself + <link xlink:href="https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html">cannot do</link>). + </para> + </listitem> + <listitem> + <para> MariaDB has been updated to 10.5. Before you upgrade, it would be best to take a backup of your database and read <link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105"> @@ -374,7 +436,7 @@ </para> <programlisting> TMPDIR=$(mktemp -d) - slaptest -f /path/to/slapd.conf $TMPDIR + slaptest -f /path/to/slapd.conf -F $TMPDIR slapcat -F $TMPDIR -n0 -H 'ldap:///???(!(objectClass=olcSchemaConfig))' </programlisting> <para> @@ -680,6 +742,49 @@ environment.systemPackages = [ All CUDA toolkit versions prior to CUDA 10 have been removed. </para> </listitem> + <listitem> + <para> + The <package>kbdKeymaps</package> package was removed since dvp and neo + are now included in <package>kbd</package>. + + If you want to use the Programmer Dvorak Keyboard Layout, you have to use + <literal>dvorak-programmer</literal> in <option>console.keyMap</option> + now instead of <literal>dvp</literal>. + In <option>services.xserver.xkbVariant</option> it's still <literal>dvp</literal>. + </para> + </listitem> + <listitem> + <para> + The <package>babeld</package> service is now being run as an unprivileged user. To achieve that the module configures + <literal>skip-kernel-setup true</literal> and takes care of setting forwarding and rp_filter sysctls by itself as well + as for each interface in <varname>services.babeld.interfaces</varname>. + </para> + </listitem> + <listitem> + <para> + The <option>services.zigbee2mqtt.config</option> option has been renamed to <option>services.zigbee2mqtt.settings</option> and + now follows <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>. + </para> + </listitem> + <listitem> + <para> + The <package>yadm</package> dotfile manager has been updated from 2.x to 3.x, which has new (XDG) default locations for some data/state files. Most yadm commands will fail and print a legacy path warning (which describes how to upgrade/migrate your repository). If you have scripts, daemons, scheduled jobs, shell profiles, etc. that invoke yadm, expect them to fail or misbehave until you perform this migration and prepare accordingly. + </para> + </listitem> + <listitem> + <para> + Instead of determining <option>services.radicale.package</option> + automatically based on <option>system.stateVersion</option>, the latest + version is always used because old versions are not officially supported. + </para> + <para> + Furthermore, Radicale's systemd unit was hardened which might break some + deployments. In particular, a non-default + <literal>filesystem_folder</literal> has to be added to + <option>systemd.services.radicale.serviceConfig.ReadWritePaths</option> if + the deprecated <option>services.radicale.config</option> is used. + </para> + </listitem> </itemizedlist> </section> @@ -794,6 +899,23 @@ environment.systemPackages = [ default in the CLI tooling which in turn enables us to use <literal>unbound-control</literal> without passing a custom configuration location. </para> + + <para> + The module has also been reworked to be <link + xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link> compliant. As such, + <option>sevices.unbound.extraConfig</option> has been removed and replaced + by <xref linkend="opt-services.unbound.settings"/>. <option>services.unbound.interfaces</option> + has been renamed to <option>services.unbound.settings.server.interface</option>. + </para> + + <para> + <option>services.unbound.forwardAddresses</option> and + <option>services.unbound.allowedAccess</option> have also been changed to + use the new settings interface. You can follow the instructions when + executing <literal>nixos-rebuild</literal> to upgrade your configuration to + use the new interface. + </para> </listitem> <listitem> <para> @@ -858,8 +980,25 @@ environment.systemPackages = [ </para> </listitem> <listitem> + <para> + The <literal>security.apparmor</literal> module, + for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link> + Mandatory Access Control system, + has been substantialy improved along with related tools, + so that module maintainers can now more easily write AppArmor profiles for NixOS. + The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>, + replacing the previous <literal>profiles</literal> option + to provide a way to disable a profile + and to select whether to confine in enforce mode (default) + or in complain mode (see <literal>journalctl -b --grep apparmor</literal>). + Security-minded users may also want to enable <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>, + at the cost of having some of their processes killed + when updating to a NixOS version introducing new AppArmor profiles. + </para> + </listitem> + <listitem> <para> - The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default. + The GNOME desktop manager once again installs <package>gnome.epiphany</package> by default. </para> </listitem> <listitem> @@ -965,6 +1104,43 @@ environment.systemPackages = [ PostgreSQL 9.5 is scheduled EOL during the 21.05 life cycle and has been removed. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://www.xfce.org/">Xfce4</link> relies on + GIO/GVfs for userspace virtual filesystem access in applications + like <link xlink:href="https://docs.xfce.org/xfce/thunar/">thunar</link> and + <link xlink:href="https://docs.xfce.org/apps/gigolo/">gigolo</link>. + For that to work, the gvfs nixos service is enabled by default, + and it can be configured with the specific package that provides + GVfs. Until now Xfce4 was setting it to use a lighter version of + GVfs (without support for samba). To avoid conflicts with other + desktop environments this setting has been dropped. Users that + still want it should add the following to their system + configuration: + <programlisting> +<xref linkend="opt-services.gvfs.package" /> = pkgs.gvfs.override { samba = null; }; + </programlisting> + </para> + </listitem> + <listitem> + <para> + The newly enabled <literal>systemd-pstore.service</literal> now automatically evacuates crashdumps and panic logs from the persistent storage to <literal>/var/lib/systemd/pstore</literal>. + This prevents NVRAM from filling up, which ensures the latest diagnostic data is always stored and alleviates problems with writing new boot configurations. + </para> + </listitem> + <listitem> + <para> + Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work. + </para> + </listitem> + <listitem> + <para> + Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package. + We also dropped <literal>lfe_1_2</literal> as it could not build with R21+. + Moving forward, we expect to only support 3 yearly releases of OTP. + </para> + </listitem> + </itemizedlist> </section> </section> |