From eca5c99bf8a115ffd9513f91decc064a5bb3ff6d Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Tue, 1 May 2018 19:57:09 -0400 Subject: [PATCH] nixos docs: format =) --- .../manual/administration/boot-problems.xml | 136 +- .../manual/administration/cleaning-store.xml | 65 +- .../administration/container-networking.xml | 63 +- .../doc/manual/administration/containers.xml | 56 +- .../manual/administration/control-groups.xml | 80 +- .../administration/declarative-containers.xml | 68 +- .../administration/imperative-containers.xml | 135 +- nixos/doc/manual/administration/logging.xml | 51 +- .../administration/maintenance-mode.xml | 16 +- .../administration/network-problems.xml | 34 +- nixos/doc/manual/administration/rebooting.xml | 49 +- nixos/doc/manual/administration/rollback.xml | 49 +- nixos/doc/manual/administration/running.xml | 33 +- .../manual/administration/service-mgmt.xml | 73 +- .../administration/store-corruption.xml | 43 +- .../manual/administration/troubleshooting.xml | 22 +- .../manual/administration/user-sessions.xml | 38 +- .../doc/manual/configuration/abstractions.xml | 104 +- .../configuration/ad-hoc-network-config.xml | 18 +- .../manual/configuration/ad-hoc-packages.xml | 74 +- .../configuration/adding-custom-packages.xml | 59 +- .../doc/manual/configuration/config-file.xml | 215 ++- .../manual/configuration/config-syntax.xml | 38 +- .../manual/configuration/configuration.xml | 44 +- .../configuration/customizing-packages.xml | 125 +- .../configuration/declarative-packages.xml | 48 +- .../doc/manual/configuration/file-systems.xml | 68 +- nixos/doc/manual/configuration/firewall.xml | 49 +- .../doc/manual/configuration/ipv4-config.xml | 46 +- .../doc/manual/configuration/ipv6-config.xml | 43 +- .../doc/manual/configuration/linux-kernel.xml | 93 +- .../configuration/luks-file-systems.xml | 30 +- nixos/doc/manual/configuration/modularity.xml | 140 +- .../manual/configuration/network-manager.xml | 53 +- nixos/doc/manual/configuration/networking.xml | 27 +- .../doc/manual/configuration/package-mgmt.xml | 53 +- nixos/doc/manual/configuration/ssh.xml | 27 +- nixos/doc/manual/configuration/summary.xml | 369 +++--- nixos/doc/manual/configuration/user-mgmt.xml | 124 +- nixos/doc/manual/configuration/wireless.xml | 50 +- nixos/doc/manual/configuration/x-windows.xml | 159 ++- nixos/doc/manual/configuration/xfce.xml | 116 +- nixos/doc/manual/development/assertions.xml | 64 +- .../doc/manual/development/building-nixos.xml | 35 +- .../doc/manual/development/building-parts.xml | 157 ++- nixos/doc/manual/development/development.xml | 31 +- .../manual/development/importing-modules.xml | 23 +- .../manual/development/meta-attributes.xml | 55 +- nixos/doc/manual/development/nixos-tests.xml | 25 +- .../development/option-declarations.xml | 257 ++-- nixos/doc/manual/development/option-def.xml | 105 +- nixos/doc/manual/development/option-types.xml | 1007 ++++++++------ nixos/doc/manual/development/releases.xml | 448 +++---- .../manual/development/replace-modules.xml | 48 +- .../running-nixos-tests-interactively.xml | 37 +- .../development/running-nixos-tests.xml | 31 +- nixos/doc/manual/development/sources.xml | 113 +- .../manual/development/testing-installer.xml | 21 +- .../development/writing-documentation.xml | 252 ++-- .../manual/development/writing-modules.xml | 190 +-- .../development/writing-nixos-tests.xml | 588 +++++---- .../manual/installation/changing-config.xml | 131 +- .../doc/manual/installation/installation.xml | 26 +- .../installing-from-other-distro.xml | 577 ++++---- .../manual/installation/installing-pxe.xml | 74 +- .../manual/installation/installing-usb.xml | 89 +- .../installing-virtualbox-guest.xml | 96 +- nixos/doc/manual/installation/installing.xml | 585 +++++---- nixos/doc/manual/installation/obtaining.xml | 84 +- nixos/doc/manual/installation/upgrading.xml | 202 ++- nixos/doc/manual/man-configuration.xml | 58 +- nixos/doc/manual/man-nixos-build-vms.xml | 149 ++- nixos/doc/manual/man-nixos-enter.xml | 194 +-- .../doc/manual/man-nixos-generate-config.xml | 289 ++-- nixos/doc/manual/man-nixos-install.xml | 381 +++--- nixos/doc/manual/man-nixos-option.xml | 189 ++- nixos/doc/manual/man-nixos-rebuild.xml | 734 ++++++----- nixos/doc/manual/man-nixos-version.xml | 171 +-- nixos/doc/manual/man-pages.xml | 45 +- nixos/doc/manual/manual.xml | 78 +- .../manual/release-notes/release-notes.xml | 32 +- nixos/doc/manual/release-notes/rl-1310.xml | 8 +- nixos/doc/manual/release-notes/rl-1404.xml | 277 ++-- nixos/doc/manual/release-notes/rl-1412.xml | 618 ++++++--- nixos/doc/manual/release-notes/rl-1509.xml | 1021 +++++++++------ nixos/doc/manual/release-notes/rl-1603.xml | 840 +++++++----- nixos/doc/manual/release-notes/rl-1609.xml | 374 +++--- nixos/doc/manual/release-notes/rl-1703.xml | 1063 +++++++++------ nixos/doc/manual/release-notes/rl-1709.xml | 1164 ++++++++++------- nixos/doc/manual/release-notes/rl-1803.xml | 1163 ++++++++++------ nixos/doc/manual/release-notes/rl-1809.xml | 187 +-- 91 files changed, 9711 insertions(+), 7858 deletions(-) diff --git a/nixos/doc/manual/administration/boot-problems.xml b/nixos/doc/manual/administration/boot-problems.xml index be6ff3aac0f..5f05ad261ef 100644 --- a/nixos/doc/manual/administration/boot-problems.xml +++ b/nixos/doc/manual/administration/boot-problems.xml @@ -3,63 +3,83 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-boot-problems"> + Boot Problems -Boot Problems + + If NixOS fails to boot, there are a number of kernel command line parameters + that may help you to identify or fix the issue. You can add these parameters + in the GRUB boot menu by pressing “e” to modify the selected boot entry + and editing the line starting with linux. The following + are some useful kernel command line parameters that are recognised by the + NixOS boot scripts or by systemd: + + + boot.shell_on_fail + + + + Start a root shell if something goes wrong in stage 1 of the boot process + (the initial ramdisk). This is disabled by default because there is no + authentication for the root shell. + + + + + boot.debug1 + + + + Start an interactive shell in stage 1 before anything useful has been + done. That is, no modules have been loaded and no file systems have been + mounted, except for /proc and + /sys. + + + + + boot.trace + + + + Print every shell command executed by the stage 1 and 2 boot scripts. + + + + + single + + + + Boot into rescue mode (a.k.a. single user mode). This will cause systemd + to start nothing but the unit rescue.target, which + runs sulogin to prompt for the root password and start + a root login shell. Exiting the shell causes the system to continue with + the normal boot process. + + + + + systemd.log_level=debug systemd.log_target=console + + + + Make systemd very verbose and send log messages to the console instead of + the journal. + + + + + For more parameters recognised by systemd, see + systemd + 1. + -If NixOS fails to boot, there are a number of kernel command -line parameters that may help you to identify or fix the issue. You -can add these parameters in the GRUB boot menu by pressing “e” to -modify the selected boot entry and editing the line starting with -linux. The following are some useful kernel command -line parameters that are recognised by the NixOS boot scripts or by -systemd: - - - - boot.shell_on_fail - Start a root shell if something goes wrong in - stage 1 of the boot process (the initial ramdisk). This is - disabled by default because there is no authentication for the - root shell. - - - boot.debug1 - Start an interactive shell in stage 1 before - anything useful has been done. That is, no modules have been - loaded and no file systems have been mounted, except for - /proc and - /sys. - - - boot.trace - Print every shell command executed by the stage 1 - and 2 boot scripts. - - - single - Boot into rescue mode (a.k.a. single user mode). - This will cause systemd to start nothing but the unit - rescue.target, which runs - sulogin to prompt for the root password and - start a root login shell. Exiting the shell causes the system to - continue with the normal boot process. - - - systemd.log_level=debug systemd.log_target=console - Make systemd very verbose and send log messages to - the console instead of the journal. - - - - -For more parameters recognised by systemd, see -systemd1. - -If no login prompts or X11 login screens appear (e.g. due to -hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, -this will start rescue mode (described above). (Also note that since -most units have a 90-second timeout before systemd gives up on them, -the agetty login prompts should appear eventually -unless something is very wrong.) - - \ No newline at end of file + + If no login prompts or X11 login screens appear (e.g. due to hanging + dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start + rescue mode (described above). (Also note that since most units have a + 90-second timeout before systemd gives up on them, the + agetty login prompts should appear eventually unless + something is very wrong.) + + diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml index 52512b8f127..ee201982a40 100644 --- a/nixos/doc/manual/administration/cleaning-store.xml +++ b/nixos/doc/manual/administration/cleaning-store.xml @@ -3,60 +3,51 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-nix-gc"> - -Cleaning the Nix Store - -Nix has a purely functional model, meaning that packages are -never upgraded in place. Instead new versions of packages end up in a -different location in the Nix store (/nix/store). -You should periodically run Nix’s garbage -collector to remove old, unreferenced packages. This is -easy: - + Cleaning the Nix Store + + Nix has a purely functional model, meaning that packages are never upgraded + in place. Instead new versions of packages end up in a different location in + the Nix store (/nix/store). You should periodically run + Nix’s garbage collector to remove old, unreferenced + packages. This is easy: $ nix-collect-garbage - -Alternatively, you can use a systemd unit that does the same in the -background: - + Alternatively, you can use a systemd unit that does the same in the + background: # systemctl start nix-gc.service - -You can tell NixOS in configuration.nix to run -this unit automatically at certain points in time, for instance, every -night at 03:15: - + You can tell NixOS in configuration.nix to run this unit + automatically at certain points in time, for instance, every night at 03:15: = true; = "03:15"; - - - -The commands above do not remove garbage collector roots, such -as old system configurations. Thus they do not remove the ability to -roll back to previous configurations. The following command deletes -old roots, removing the ability to roll back to them: + + + The commands above do not remove garbage collector roots, such as old system + configurations. Thus they do not remove the ability to roll back to previous + configurations. The following command deletes old roots, removing the ability + to roll back to them: $ nix-collect-garbage -d -You can also do this for specific profiles, e.g. + You can also do this for specific profiles, e.g. $ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old -Note that NixOS system configurations are stored in the profile -/nix/var/nix/profiles/system. - -Another way to reclaim disk space (often as much as 40% of the -size of the Nix store) is to run Nix’s store optimiser, which seeks -out identical files in the store and replaces them with hard links to -a single copy. + Note that NixOS system configurations are stored in the profile + /nix/var/nix/profiles/system. + + + Another way to reclaim disk space (often as much as 40% of the size of the + Nix store) is to run Nix’s store optimiser, which seeks out identical files + in the store and replaces them with hard links to a single copy. $ nix-store --optimise -Since this command needs to read the entire Nix store, it can take -quite a while to finish. - + Since this command needs to read the entire Nix store, it can take quite a + while to finish. + diff --git a/nixos/doc/manual/administration/container-networking.xml b/nixos/doc/manual/administration/container-networking.xml index 2fc353059df..4b977d1d82e 100644 --- a/nixos/doc/manual/administration/container-networking.xml +++ b/nixos/doc/manual/administration/container-networking.xml @@ -3,15 +3,13 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-container-networking"> + Container Networking - -Container Networking - -When you create a container using nixos-container -create, it gets it own private IPv4 address in the range -10.233.0.0/16. You can get the container’s IPv4 -address as follows: - + + When you create a container using nixos-container create, + it gets it own private IPv4 address in the range + 10.233.0.0/16. You can get the container’s IPv4 address + as follows: # nixos-container show-ip foo 10.233.4.2 @@ -19,40 +17,39 @@ address as follows: $ ping -c1 10.233.4.2 64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms + - - -Networking is implemented using a pair of virtual Ethernet -devices. The network interface in the container is called -eth0, while the matching interface in the host is -called ve-container-name -(e.g., ve-foo). The container has its own network -namespace and the CAP_NET_ADMIN capability, so it -can perform arbitrary network configuration such as setting up -firewall rules, without affecting or having access to the host’s -network. - -By default, containers cannot talk to the outside network. If -you want that, you should set up Network Address Translation (NAT) -rules on the host to rewrite container traffic to use your external -IP address. This can be accomplished using the following configuration -on the host: + + Networking is implemented using a pair of virtual Ethernet devices. The + network interface in the container is called eth0, while + the matching interface in the host is called + ve-container-name (e.g., + ve-foo). The container has its own network namespace and + the CAP_NET_ADMIN capability, so it can perform arbitrary + network configuration such as setting up firewall rules, without affecting or + having access to the host’s network. + + + By default, containers cannot talk to the outside network. If you want that, + you should set up Network Address Translation (NAT) rules on the host to + rewrite container traffic to use your external IP address. This can be + accomplished using the following configuration on the host: = true; = ["ve-+"]; = "eth0"; -where eth0 should be replaced with the desired -external interface. Note that ve-+ is a wildcard -that matches all container interfaces. - -If you are using Network Manager, you need to explicitly prevent -it from managing container interfaces: + where eth0 should be replaced with the desired external + interface. Note that ve-+ is a wildcard that matches all + container interfaces. + + + If you are using Network Manager, you need to explicitly prevent it from + managing container interfaces: networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - - + diff --git a/nixos/doc/manual/administration/containers.xml b/nixos/doc/manual/administration/containers.xml index 4cd2c8ae556..0d3355e56a5 100644 --- a/nixos/doc/manual/administration/containers.xml +++ b/nixos/doc/manual/administration/containers.xml @@ -3,32 +3,32 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-containers"> - -Container Management - -NixOS allows you to easily run other NixOS instances as -containers. Containers are a light-weight -approach to virtualisation that runs software in the container at the -same speed as in the host system. NixOS containers share the Nix store -of the host, making container creation very efficient. - -Currently, NixOS containers are not perfectly isolated -from the host system. This means that a user with root access to the -container can do things that affect the host. So you should not give -container root access to untrusted users. - -NixOS containers can be created in two ways: imperatively, using -the command nixos-container, and declaratively, by -specifying them in your configuration.nix. The -declarative approach implies that containers get upgraded along with -your host system when you run nixos-rebuild, which -is often not what you want. By contrast, in the imperative approach, -containers are configured and updated independently from the host -system. - - - - - + Container Management + + NixOS allows you to easily run other NixOS instances as + containers. Containers are a light-weight approach to + virtualisation that runs software in the container at the same speed as in + the host system. NixOS containers share the Nix store of the host, making + container creation very efficient. + + + + Currently, NixOS containers are not perfectly isolated from the host system. + This means that a user with root access to the container can do things that + affect the host. So you should not give container root access to untrusted + users. + + + + NixOS containers can be created in two ways: imperatively, using the command + nixos-container, and declaratively, by specifying them in + your configuration.nix. The declarative approach implies + that containers get upgraded along with your host system when you run + nixos-rebuild, which is often not what you want. By + contrast, in the imperative approach, containers are configured and updated + independently from the host system. + + + + - diff --git a/nixos/doc/manual/administration/control-groups.xml b/nixos/doc/manual/administration/control-groups.xml index 03db40a3bc5..bb8b7f83d9e 100644 --- a/nixos/doc/manual/administration/control-groups.xml +++ b/nixos/doc/manual/administration/control-groups.xml @@ -3,20 +3,18 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-cgroups"> - -Control Groups - -To keep track of the processes in a running system, systemd uses -control groups (cgroups). A control group is a -set of processes used to allocate resources such as CPU, memory or I/O -bandwidth. There can be multiple control group hierarchies, allowing -each kind of resource to be managed independently. - -The command systemd-cgls lists all control -groups in the systemd hierarchy, which is what -systemd uses to keep track of the processes belonging to each service -or user session: - + Control Groups + + To keep track of the processes in a running system, systemd uses + control groups (cgroups). A control group is a set of + processes used to allocate resources such as CPU, memory or I/O bandwidth. + There can be multiple control group hierarchies, allowing each kind of + resource to be managed independently. + + + The command systemd-cgls lists all control groups in the + systemd hierarchy, which is what systemd uses to keep + track of the processes belonging to each service or user session: $ systemd-cgls ├─user @@ -34,40 +32,34 @@ $ systemd-cgls │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf └─ ... - -Similarly, systemd-cgls cpu shows the cgroups in -the CPU hierarchy, which allows per-cgroup CPU scheduling priorities. -By default, every systemd service gets its own CPU cgroup, while all -user sessions are in the top-level CPU cgroup. This ensures, for -instance, that a thousand run-away processes in the -httpd.service cgroup cannot starve the CPU for one -process in the postgresql.service cgroup. (By -contrast, it they were in the same cgroup, then the PostgreSQL process -would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s -CPU share in configuration.nix: - + Similarly, systemd-cgls cpu shows the cgroups in the CPU + hierarchy, which allows per-cgroup CPU scheduling priorities. By default, + every systemd service gets its own CPU cgroup, while all user sessions are in + the top-level CPU cgroup. This ensures, for instance, that a thousand + run-away processes in the httpd.service cgroup cannot + starve the CPU for one process in the postgresql.service + cgroup. (By contrast, it they were in the same cgroup, then the PostgreSQL + process would get 1/1001 of the cgroup’s CPU time.) You can limit a + service’s CPU share in configuration.nix: systemd.services.httpd.serviceConfig.CPUShares = 512; - -By default, every cgroup has 1024 CPU shares, so this will halve the -CPU allocation of the httpd.service cgroup. - -There also is a memory hierarchy that -controls memory allocation limits; by default, all processes are in -the top-level cgroup, so any service or session can exhaust all -available memory. Per-cgroup memory limits can be specified in -configuration.nix; for instance, to limit -httpd.service to 512 MiB of RAM (excluding swap): - + By default, every cgroup has 1024 CPU shares, so this will halve the CPU + allocation of the httpd.service cgroup. + + + There also is a memory hierarchy that controls memory + allocation limits; by default, all processes are in the top-level cgroup, so + any service or session can exhaust all available memory. Per-cgroup memory + limits can be specified in configuration.nix; for + instance, to limit httpd.service to 512 MiB of RAM + (excluding swap): systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; - - - -The command systemd-cgtop shows a -continuously updated list of all cgroups with their CPU and memory -usage. - + + + The command systemd-cgtop shows a continuously updated + list of all cgroups with their CPU and memory usage. + diff --git a/nixos/doc/manual/administration/declarative-containers.xml b/nixos/doc/manual/administration/declarative-containers.xml index 79b230e5fc7..2a98fb12623 100644 --- a/nixos/doc/manual/administration/declarative-containers.xml +++ b/nixos/doc/manual/administration/declarative-containers.xml @@ -3,14 +3,13 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-declarative-containers"> + Declarative Container Specification -Declarative Container Specification - -You can also specify containers and their configuration in the -host’s configuration.nix. For example, the -following specifies that there shall be a container named -database running PostgreSQL: - + + You can also specify containers and their configuration in the host’s + configuration.nix. For example, the following specifies + that there shall be a container named database running + PostgreSQL: containers.database = { config = @@ -20,18 +19,18 @@ containers.database = }; }; + If you run nixos-rebuild switch, the container will be + built. If the container was already running, it will be updated in place, + without rebooting. The container can be configured to start automatically by + setting containers.database.autoStart = true in its + configuration. + -If you run nixos-rebuild switch, the container will -be built. If the container was already running, it will be -updated in place, without rebooting. The container can be configured to -start automatically by setting containers.database.autoStart = true -in its configuration. - -By default, declarative containers share the network namespace -of the host, meaning that they can listen on (privileged) -ports. However, they cannot change the network configuration. You can -give a container its own network as follows: - + + By default, declarative containers share the network namespace of the host, + meaning that they can listen on (privileged) ports. However, they cannot + change the network configuration. You can give a container its own network as + follows: containers.database = { privateNetwork = true; @@ -39,22 +38,23 @@ containers.database = { localAddress = "192.168.100.11"; }; + This gives the container a private virtual Ethernet interface with IP address + 192.168.100.11, which is hooked up to a virtual Ethernet + interface on the host with IP address 192.168.100.10. (See + the next section for details on container networking.) + -This gives the container a private virtual Ethernet interface with IP -address 192.168.100.11, which is hooked up to a -virtual Ethernet interface on the host with IP address -192.168.100.10. (See the next section for details -on container networking.) - -To disable the container, just remove it from -configuration.nix and run nixos-rebuild -switch. Note that this will not delete the root directory of -the container in /var/lib/containers. Containers can be -destroyed using the imperative method: nixos-container destroy - foo. - -Declarative containers can be started and stopped using the -corresponding systemd service, e.g. systemctl start -container@database. + + To disable the container, just remove it from + configuration.nix and run nixos-rebuild + switch. Note that this will not delete the root directory of the + container in /var/lib/containers. Containers can be + destroyed using the imperative method: nixos-container destroy + foo. + + + Declarative containers can be started and stopped using the corresponding + systemd service, e.g. systemctl start container@database. + diff --git a/nixos/doc/manual/administration/imperative-containers.xml b/nixos/doc/manual/administration/imperative-containers.xml index d39ac7f8bef..9cc7ca3e672 100644 --- a/nixos/doc/manual/administration/imperative-containers.xml +++ b/nixos/doc/manual/administration/imperative-containers.xml @@ -3,101 +3,85 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-imperative-containers"> + Imperative Container Management -Imperative Container Management - -We’ll cover imperative container management using -nixos-container first. -Be aware that container management is currently only possible -as root. - -You create a container with -identifier foo as follows: + + We’ll cover imperative container management using + nixos-container first. Be aware that container management + is currently only possible as root. + + + You create a container with identifier foo as follows: # nixos-container create foo - -This creates the container’s root directory in -/var/lib/containers/foo and a small configuration -file in /etc/containers/foo.conf. It also builds -the container’s initial system configuration and stores it in -/nix/var/nix/profiles/per-container/foo/system. You -can modify the initial configuration of the container on the command -line. For instance, to create a container that has -sshd running, with the given public key for -root: - + This creates the container’s root directory in + /var/lib/containers/foo and a small configuration file + in /etc/containers/foo.conf. It also builds the + container’s initial system configuration and stores it in + /nix/var/nix/profiles/per-container/foo/system. You can + modify the initial configuration of the container on the command line. For + instance, to create a container that has sshd running, + with the given public key for root: # nixos-container create foo --config ' = true; users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"]; ' + - - -Creating a container does not start it. To start the container, -run: - + + Creating a container does not start it. To start the container, run: # nixos-container start foo - -This command will return as soon as the container has booted and has -reached multi-user.target. On the host, the -container runs within a systemd unit called -container@container-name.service. -Thus, if something went wrong, you can get status info using -systemctl: - + This command will return as soon as the container has booted and has reached + multi-user.target. On the host, the container runs within + a systemd unit called + container@container-name.service. + Thus, if something went wrong, you can get status info using + systemctl: # systemctl status container@foo + - - -If the container has started successfully, you can log in as -root using the root-login operation: - + + If the container has started successfully, you can log in as root using the + root-login operation: # nixos-container root-login foo [root@foo:~]# - -Note that only root on the host can do this (since there is no -authentication). You can also get a regular login prompt using the -login operation, which is available to all users on -the host: - + Note that only root on the host can do this (since there is no + authentication). You can also get a regular login prompt using the + login operation, which is available to all users on the + host: # nixos-container login foo foo login: alice Password: *** - -With nixos-container run, you can execute arbitrary -commands in the container: - + With nixos-container run, you can execute arbitrary + commands in the container: # nixos-container run foo -- uname -a Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux + - - -There are several ways to change the configuration of the -container. First, on the host, you can edit -/var/lib/container/name/etc/nixos/configuration.nix, -and run - + + There are several ways to change the configuration of the container. First, + on the host, you can edit + /var/lib/container/name/etc/nixos/configuration.nix, + and run # nixos-container update foo - -This will build and activate the new configuration. You can also -specify a new configuration on the command line: - + This will build and activate the new configuration. You can also specify a + new configuration on the command line: # nixos-container update foo --config ' = true; @@ -108,26 +92,25 @@ specify a new configuration on the command line: # curl http://$(nixos-container show-ip foo)/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">… + However, note that this will overwrite the container’s + /etc/nixos/configuration.nix. + -However, note that this will overwrite the container’s -/etc/nixos/configuration.nix. - -Alternatively, you can change the configuration from within the -container itself by running nixos-rebuild switch -inside the container. Note that the container by default does not have -a copy of the NixOS channel, so you should run nix-channel ---update first. - -Containers can be stopped and started using -nixos-container stop and nixos-container -start, respectively, or by using -systemctl on the container’s service unit. To -destroy a container, including its file system, do + + Alternatively, you can change the configuration from within the container + itself by running nixos-rebuild switch inside the + container. Note that the container by default does not have a copy of the + NixOS channel, so you should run nix-channel --update + first. + + + Containers can be stopped and started using nixos-container + stop and nixos-container start, respectively, or + by using systemctl on the container’s service unit. To + destroy a container, including its file system, do # nixos-container destroy foo - - - + diff --git a/nixos/doc/manual/administration/logging.xml b/nixos/doc/manual/administration/logging.xml index 1d5df7770e2..a41936b373d 100644 --- a/nixos/doc/manual/administration/logging.xml +++ b/nixos/doc/manual/administration/logging.xml @@ -3,26 +3,20 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-logging"> - -Logging - -System-wide logging is provided by systemd’s -journal, which subsumes traditional logging -daemons such as syslogd and klogd. Log entries are kept in binary -files in /var/log/journal/. The command -journalctl allows you to see the contents of the -journal. For example, - + Logging + + System-wide logging is provided by systemd’s journal, + which subsumes traditional logging daemons such as syslogd and klogd. Log + entries are kept in binary files in /var/log/journal/. + The command journalctl allows you to see the contents of + the journal. For example, $ journalctl -b - -shows all journal entries since the last reboot. (The output of -journalctl is piped into less by -default.) You can use various options and match operators to restrict -output to messages of interest. For instance, to get all messages -from PostgreSQL: - + shows all journal entries since the last reboot. (The output of + journalctl is piped into less by + default.) You can use various options and match operators to restrict output + to messages of interest. For instance, to get all messages from PostgreSQL: $ journalctl -u postgresql.service -- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. -- @@ -32,21 +26,18 @@ Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections - -Or to get all messages since the last reboot that have at least a -“critical” severity level: - + Or to get all messages since the last reboot that have at least a + “critical” severity level: $ journalctl -b -p crit Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice] Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1) - - - -The system journal is readable by root and by users in the -wheel and systemd-journal -groups. All users have a private journal that can be read using -journalctl. - - \ No newline at end of file + + + The system journal is readable by root and by users in the + wheel and systemd-journal groups. All + users have a private journal that can be read using + journalctl. + + diff --git a/nixos/doc/manual/administration/maintenance-mode.xml b/nixos/doc/manual/administration/maintenance-mode.xml index 17a1609e557..71e3f9ea665 100644 --- a/nixos/doc/manual/administration/maintenance-mode.xml +++ b/nixos/doc/manual/administration/maintenance-mode.xml @@ -3,16 +3,14 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-maintenance-mode"> + Maintenance Mode -Maintenance Mode - -You can enter rescue mode by running: - + + You can enter rescue mode by running: # systemctl rescue - -This will eventually give you a single-user root shell. Systemd will -stop (almost) all system services. To get out of maintenance mode, -just exit from the rescue shell. - + This will eventually give you a single-user root shell. Systemd will stop + (almost) all system services. To get out of maintenance mode, just exit from + the rescue shell. + diff --git a/nixos/doc/manual/administration/network-problems.xml b/nixos/doc/manual/administration/network-problems.xml index 91f9eb4e22c..570f5835884 100644 --- a/nixos/doc/manual/administration/network-problems.xml +++ b/nixos/doc/manual/administration/network-problems.xml @@ -3,31 +3,25 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-nix-network-issues"> + Network Problems -Network Problems - -Nix uses a so-called binary cache to -optimise building a package from source into downloading it as a -pre-built binary. That is, whenever a command like -nixos-rebuild needs a path in the Nix store, Nix -will try to download that path from the Internet rather than build it -from source. The default binary cache is -https://cache.nixos.org/. If this cache is unreachable, -Nix operations may take a long time due to HTTP connection timeouts. -You can disable the use of the binary cache by adding , e.g. - + + Nix uses a so-called binary cache to optimise building a + package from source into downloading it as a pre-built binary. That is, + whenever a command like nixos-rebuild needs a path in the + Nix store, Nix will try to download that path from the Internet rather than + build it from source. The default binary cache is + https://cache.nixos.org/. If this cache is unreachable, Nix + operations may take a long time due to HTTP connection timeouts. You can + disable the use of the binary cache by adding , e.g. # nixos-rebuild switch --option use-binary-caches false - -If you have an alternative binary cache at your disposal, you can use -it instead: - + If you have an alternative binary cache at your disposal, you can use it + instead: # nixos-rebuild switch --option binary-caches http://my-cache.example.org/ - - - + diff --git a/nixos/doc/manual/administration/rebooting.xml b/nixos/doc/manual/administration/rebooting.xml index 23f3a3219c6..a5abd6f0258 100644 --- a/nixos/doc/manual/administration/rebooting.xml +++ b/nixos/doc/manual/administration/rebooting.xml @@ -3,42 +3,33 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-rebooting"> - -Rebooting and Shutting Down - -The system can be shut down (and automatically powered off) by -doing: - + Rebooting and Shutting Down + + The system can be shut down (and automatically powered off) by doing: # shutdown - -This is equivalent to running systemctl -poweroff. - -To reboot the system, run - + This is equivalent to running systemctl poweroff. + + + To reboot the system, run # reboot - -which is equivalent to systemctl reboot. -Alternatively, you can quickly reboot the system using -kexec, which bypasses the BIOS by directly loading -the new kernel into memory: - + which is equivalent to systemctl reboot. Alternatively, + you can quickly reboot the system using kexec, which + bypasses the BIOS by directly loading the new kernel into memory: # systemctl kexec - - - -The machine can be suspended to RAM (if supported) using -systemctl suspend, and suspended to disk using -systemctl hibernate. - -These commands can be run by any user who is logged in locally, -i.e. on a virtual console or in X11; otherwise, the user is asked for -authentication. - + + + The machine can be suspended to RAM (if supported) using systemctl + suspend, and suspended to disk using systemctl + hibernate. + + + These commands can be run by any user who is logged in locally, i.e. on a + virtual console or in X11; otherwise, the user is asked for authentication. + diff --git a/nixos/doc/manual/administration/rollback.xml b/nixos/doc/manual/administration/rollback.xml index ae621f33de2..07c6acaa469 100644 --- a/nixos/doc/manual/administration/rollback.xml +++ b/nixos/doc/manual/administration/rollback.xml @@ -3,46 +3,39 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-rollback"> + Rolling Back Configuration Changes -Rolling Back Configuration Changes - -After running nixos-rebuild to switch to a -new configuration, you may find that the new configuration doesn’t -work very well. In that case, there are several ways to return to a -previous configuration. - -First, the GRUB boot manager allows you to boot into any -previous configuration that hasn’t been garbage-collected. These -configurations can be found under the GRUB submenu “NixOS - All -configurations”. This is especially useful if the new configuration -fails to boot. After the system has booted, you can make the selected -configuration the default for subsequent boots: + + After running nixos-rebuild to switch to a new + configuration, you may find that the new configuration doesn’t work very + well. In that case, there are several ways to return to a previous + configuration. + + + First, the GRUB boot manager allows you to boot into any previous + configuration that hasn’t been garbage-collected. These configurations can + be found under the GRUB submenu “NixOS - All configurations”. This is + especially useful if the new configuration fails to boot. After the system + has booted, you can make the selected configuration the default for + subsequent boots: # /run/current-system/bin/switch-to-configuration boot + - - -Second, you can switch to the previous configuration in a running -system: - + + Second, you can switch to the previous configuration in a running system: # nixos-rebuild switch --rollback - -This is equivalent to running: - + This is equivalent to running: # /nix/var/nix/profiles/system-N-link/bin/switch-to-configuration switch - -where N is the number of the NixOS system -configuration. To get a list of the available configurations, do: - + where N is the number of the NixOS system + configuration. To get a list of the available configurations, do: $ ls -l /nix/var/nix/profiles/system-*-link ... lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link -> /nix/store/202b...-nixos-13.07pre4932_5a676e4-4be1055 - - - + diff --git a/nixos/doc/manual/administration/running.xml b/nixos/doc/manual/administration/running.xml index 9091511ed52..786dd5e2390 100644 --- a/nixos/doc/manual/administration/running.xml +++ b/nixos/doc/manual/administration/running.xml @@ -3,22 +3,19 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-running"> - -Administration - - -This chapter describes various aspects of managing a running -NixOS system, such as how to use the systemd -service manager. - - - - - - - - - - - + Administration + + + This chapter describes various aspects of managing a running NixOS system, + such as how to use the systemd service manager. + + + + + + + + + + diff --git a/nixos/doc/manual/administration/service-mgmt.xml b/nixos/doc/manual/administration/service-mgmt.xml index 1627c7a2fde..0c2085c8155 100644 --- a/nixos/doc/manual/administration/service-mgmt.xml +++ b/nixos/doc/manual/administration/service-mgmt.xml @@ -3,26 +3,23 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-systemctl"> - -Service Management - -In NixOS, all system services are started and monitored using -the systemd program. Systemd is the “init” process of the system -(i.e. PID 1), the parent of all other processes. It manages a set of -so-called “units”, which can be things like system services -(programs), but also mount points, swap files, devices, targets -(groups of units) and more. Units can have complex dependencies; for -instance, one unit can require that another unit must be successfully -started before the first unit can be started. When the system boots, -it starts a unit named default.target; the -dependencies of this unit cause all system services to be started, -file systems to be mounted, swap files to be activated, and so -on. - -The command systemctl is the main way to -interact with systemd. Without any arguments, it -shows the status of active units: - + Service Management + + In NixOS, all system services are started and monitored using the systemd + program. Systemd is the “init” process of the system (i.e. PID 1), the + parent of all other processes. It manages a set of so-called “units”, + which can be things like system services (programs), but also mount points, + swap files, devices, targets (groups of units) and more. Units can have + complex dependencies; for instance, one unit can require that another unit + must be successfully started before the first unit can be started. When the + system boots, it starts a unit named default.target; the + dependencies of this unit cause all system services to be started, file + systems to be mounted, swap files to be activated, and so on. + + + The command systemctl is the main way to interact with + systemd. Without any arguments, it shows the status of + active units: $ systemctl -.mount loaded active mounted / @@ -31,12 +28,10 @@ sshd.service loaded active running SSH Daemon graphical.target loaded active active Graphical Interface ... - - - -You can ask for detailed status information about a unit, for -instance, the PostgreSQL database service: - + + + You can ask for detailed status information about a unit, for instance, the + PostgreSQL database service: $ systemctl status postgresql.service postgresql.service - PostgreSQL Server @@ -56,28 +51,22 @@ Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG: database system is ready to Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG: autovacuum launcher started Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server. - -Note that this shows the status of the unit (active and running), all -the processes belonging to the service, as well as the most recent log -messages from the service. - - - -Units can be stopped, started or restarted: - + Note that this shows the status of the unit (active and running), all the + processes belonging to the service, as well as the most recent log messages + from the service. + + + Units can be stopped, started or restarted: # systemctl stop postgresql.service # systemctl start postgresql.service # systemctl restart postgresql.service - -These operations are synchronous: they wait until the service has -finished starting or stopping (or has failed). Starting a unit will -cause the dependencies of that unit to be started as well (if -necessary). - + These operations are synchronous: they wait until the service has finished + starting or stopping (or has failed). Starting a unit will cause the + dependencies of that unit to be started as well (if necessary). + - diff --git a/nixos/doc/manual/administration/store-corruption.xml b/nixos/doc/manual/administration/store-corruption.xml index 9f567042b72..a4ca3b651e2 100644 --- a/nixos/doc/manual/administration/store-corruption.xml +++ b/nixos/doc/manual/administration/store-corruption.xml @@ -3,35 +3,34 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-nix-store-corruption"> + Nix Store Corruption -Nix Store Corruption - -After a system crash, it’s possible for files in the Nix store -to become corrupted. (For instance, the Ext4 file system has the -tendency to replace un-synced files with zero bytes.) NixOS tries -hard to prevent this from happening: it performs a -sync before switching to a new configuration, and -Nix’s database is fully transactional. If corruption still occurs, -you may be able to fix it automatically. - -If the corruption is in a path in the closure of the NixOS -system configuration, you can fix it by doing + + After a system crash, it’s possible for files in the Nix store to become + corrupted. (For instance, the Ext4 file system has the tendency to replace + un-synced files with zero bytes.) NixOS tries hard to prevent this from + happening: it performs a sync before switching to a new + configuration, and Nix’s database is fully transactional. If corruption + still occurs, you may be able to fix it automatically. + + + If the corruption is in a path in the closure of the NixOS system + configuration, you can fix it by doing # nixos-rebuild switch --repair + This will cause Nix to check every path in the closure, and if its + cryptographic hash differs from the hash recorded in Nix’s database, the + path is rebuilt or redownloaded. + -This will cause Nix to check every path in the closure, and if its -cryptographic hash differs from the hash recorded in Nix’s database, -the path is rebuilt or redownloaded. - -You can also scan the entire Nix store for corrupt paths: - + + You can also scan the entire Nix store for corrupt paths: # nix-store --verify --check-contents --repair - -Any corrupt paths will be redownloaded if they’re available in a -binary cache; otherwise, they cannot be repaired. - + Any corrupt paths will be redownloaded if they’re available in a binary + cache; otherwise, they cannot be repaired. + diff --git a/nixos/doc/manual/administration/troubleshooting.xml b/nixos/doc/manual/administration/troubleshooting.xml index 351fb188331..6496e7bde38 100644 --- a/nixos/doc/manual/administration/troubleshooting.xml +++ b/nixos/doc/manual/administration/troubleshooting.xml @@ -3,16 +3,14 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-troubleshooting"> - -Troubleshooting - -This chapter describes solutions to common problems you might -encounter when you manage your NixOS system. - - - - - - - + Troubleshooting + + This chapter describes solutions to common problems you might encounter when + you manage your NixOS system. + + + + + + diff --git a/nixos/doc/manual/administration/user-sessions.xml b/nixos/doc/manual/administration/user-sessions.xml index 0a7eb8cd123..1d95cfb22b6 100644 --- a/nixos/doc/manual/administration/user-sessions.xml +++ b/nixos/doc/manual/administration/user-sessions.xml @@ -3,14 +3,12 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-user-sessions"> - -User Sessions - -Systemd keeps track of all users who are logged into the system -(e.g. on a virtual console or remotely via SSH). The command -loginctl allows querying and manipulating user -sessions. For instance, to list all user sessions: - + User Sessions + + Systemd keeps track of all users who are logged into the system (e.g. on a + virtual console or remotely via SSH). The command loginctl + allows querying and manipulating user sessions. For instance, to list all + user sessions: $ loginctl SESSION UID USER SEAT @@ -18,12 +16,10 @@ $ loginctl c3 0 root seat0 c4 500 alice - -This shows that two users are logged in locally, while another is -logged in remotely. (“Seats” are essentially the combinations of -displays and input devices attached to the system; usually, there is -only one seat.) To get information about a session: - + This shows that two users are logged in locally, while another is logged in + remotely. (“Seats” are essentially the combinations of displays and input + devices attached to the system; usually, there is only one seat.) To get + information about a session: $ loginctl session-status c3 c3 - root (0) @@ -38,16 +34,12 @@ c3 - root (0) ├─10339 -bash └─10355 w3m nixos.org - -This shows that the user is logged in on virtual console 3. It also -lists the processes belonging to this session. Since systemd keeps -track of this, you can terminate a session in a way that ensures that -all the session’s processes are gone: - + This shows that the user is logged in on virtual console 3. It also lists the + processes belonging to this session. Since systemd keeps track of this, you + can terminate a session in a way that ensures that all the session’s + processes are gone: # loginctl terminate-session c3 - - - + diff --git a/nixos/doc/manual/configuration/abstractions.xml b/nixos/doc/manual/configuration/abstractions.xml index f794085295c..5bf0635cc1a 100644 --- a/nixos/doc/manual/configuration/abstractions.xml +++ b/nixos/doc/manual/configuration/abstractions.xml @@ -3,12 +3,11 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-module-abstractions"> + Abstractions -Abstractions - -If you find yourself repeating yourself over and over, it’s time -to abstract. Take, for instance, this Apache HTTP Server configuration: - + + If you find yourself repeating yourself over and over, it’s time to + abstract. Take, for instance, this Apache HTTP Server configuration: { = @@ -28,11 +27,9 @@ to abstract. Take, for instance, this Apache HTTP Server configuration: ]; } - -It defines two virtual hosts with nearly identical configuration; the -only difference is that the second one has SSL enabled. To prevent -this duplication, we can use a let: - + It defines two virtual hosts with nearly identical configuration; the only + difference is that the second one has SSL enabled. To prevent this + duplication, we can use a let: let exampleOrgCommon = @@ -53,17 +50,16 @@ in ]; } + The let exampleOrgCommon = ... + defines a variable named exampleOrgCommon. The + // operator merges two attribute sets, so the + configuration of the second virtual host is the set + exampleOrgCommon extended with the SSL options. + -The let exampleOrgCommon = -... defines a variable named -exampleOrgCommon. The // -operator merges two attribute sets, so the configuration of the second -virtual host is the set exampleOrgCommon extended -with the SSL options. - -You can write a let wherever an expression is -allowed. Thus, you also could have written: - + + You can write a let wherever an expression is allowed. + Thus, you also could have written: { = @@ -73,17 +69,16 @@ allowed. Thus, you also could have written: ]; } + but not { let exampleOrgCommon = ...; in + ...; } since attributes (as opposed to + attribute values) are not expressions. + -but not { let exampleOrgCommon = -...; in ...; -} since attributes (as opposed to attribute values) are not -expressions. - -Functions provide another method of -abstraction. For instance, suppose that we want to generate lots of -different virtual hosts, all with identical configuration except for -the host name. This can be done as follows: - + + Functions provide another method of abstraction. For + instance, suppose that we want to generate lots of different virtual hosts, + all with identical configuration except for the host name. This can be done + as follows: { = @@ -101,16 +96,15 @@ the host name. This can be done as follows: ]; } + Here, makeVirtualHost is a function that takes a single + argument name and returns the configuration for a virtual + host. That function is then called for several names to produce the list of + virtual host configurations. + -Here, makeVirtualHost is a function that takes a -single argument name and returns the configuration -for a virtual host. That function is then called for several names to -produce the list of virtual host configurations. - -We can further improve on this by using the function -map, which applies another function to every -element in a list: - + + We can further improve on this by using the function map, + which applies another function to every element in a list: { = @@ -120,16 +114,15 @@ element in a list: [ "example.org" "example.com" "example.gov" "example.nl" ]; } + (The function map is called a higher-order + function because it takes another function as an argument.) + -(The function map is called a -higher-order function because it takes another -function as an argument.) - -What if you need more than one argument, for instance, if we -want to use a different documentRoot for each -virtual host? Then we can make makeVirtualHost a -function that takes a set as its argument, like this: - + + What if you need more than one argument, for instance, if we want to use a + different documentRoot for each virtual host? Then we can + make makeVirtualHost a function that takes a + set as its argument, like this: { = @@ -147,10 +140,9 @@ function that takes a set as its argument, like this: ]; } - -But in this case (where every root is a subdirectory of -/sites named after the virtual host), it would -have been shorter to define makeVirtualHost as + But in this case (where every root is a subdirectory of + /sites named after the virtual host), it would have been + shorter to define makeVirtualHost as makeVirtualHost = name: { hostName = name; @@ -158,9 +150,7 @@ makeVirtualHost = name: adminAddr = "alice@example.org"; }; - -Here, the construct -${...} allows the result -of an expression to be spliced into a string. - + Here, the construct ${...} + allows the result of an expression to be spliced into a string. + diff --git a/nixos/doc/manual/configuration/ad-hoc-network-config.xml b/nixos/doc/manual/configuration/ad-hoc-network-config.xml index c53b9598109..00e595c7cb7 100644 --- a/nixos/doc/manual/configuration/ad-hoc-network-config.xml +++ b/nixos/doc/manual/configuration/ad-hoc-network-config.xml @@ -3,22 +3,18 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ad-hoc-network-config"> + Ad-Hoc Configuration -Ad-Hoc Configuration - -You can use to specify -shell commands to be run at the end of -network-setup.service. This is useful for doing -network configuration not covered by the existing NixOS modules. For -instance, to statically configure an IPv6 address: - + + You can use to specify shell + commands to be run at the end of network-setup.service. + This is useful for doing network configuration not covered by the existing + NixOS modules. For instance, to statically configure an IPv6 address: = '' ip -6 addr add 2001:610:685:1::1/64 dev eth0 ''; - - - + diff --git a/nixos/doc/manual/configuration/ad-hoc-packages.xml b/nixos/doc/manual/configuration/ad-hoc-packages.xml index a147291c4f3..19159d8db5b 100644 --- a/nixos/doc/manual/configuration/ad-hoc-packages.xml +++ b/nixos/doc/manual/configuration/ad-hoc-packages.xml @@ -3,61 +3,59 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-ad-hoc-packages"> + Ad-Hoc Package Management -Ad-Hoc Package Management - -With the command nix-env, you can install and -uninstall packages from the command line. For instance, to install -Mozilla Thunderbird: - + + With the command nix-env, you can install and uninstall + packages from the command line. For instance, to install Mozilla Thunderbird: $ nix-env -iA nixos.thunderbird + If you invoke this as root, the package is installed in the Nix profile + /nix/var/nix/profiles/default and visible to all users + of the system; otherwise, the package ends up in + /nix/var/nix/profiles/per-user/username/profile + and is not visible to other users. The flag specifies the + package by its attribute name; without it, the package is installed by + matching against its package name (e.g. thunderbird). The + latter is slower because it requires matching against all available Nix + packages, and is ambiguous if there are multiple matching packages. + -If you invoke this as root, the package is installed in the Nix -profile /nix/var/nix/profiles/default and visible -to all users of the system; otherwise, the package ends up in -/nix/var/nix/profiles/per-user/username/profile -and is not visible to other users. The flag -specifies the package by its attribute name; without it, the package -is installed by matching against its package name -(e.g. thunderbird). The latter is slower because -it requires matching against all available Nix packages, and is -ambiguous if there are multiple matching packages. - -Packages come from the NixOS channel. You typically upgrade a -package by updating to the latest version of the NixOS channel: + + Packages come from the NixOS channel. You typically upgrade a package by + updating to the latest version of the NixOS channel: $ nix-channel --update nixos -and then running nix-env -i again. Other packages -in the profile are not affected; this is the -crucial difference with the declarative style of package management, -where running nixos-rebuild switch causes all -packages to be updated to their current versions in the NixOS channel. -You can however upgrade all packages for which there is a newer -version by doing: + and then running nix-env -i again. Other packages in the + profile are not affected; this is the crucial difference + with the declarative style of package management, where running + nixos-rebuild switch causes all packages to be updated to + their current versions in the NixOS channel. You can however upgrade all + packages for which there is a newer version by doing: $ nix-env -u '*' - + -A package can be uninstalled using the -flag: + + A package can be uninstalled using the flag: $ nix-env -e thunderbird - + -Finally, you can roll back an undesirable -nix-env action: + + Finally, you can roll back an undesirable nix-env action: $ nix-env --rollback - - -nix-env has many more flags. For details, -see the -nix-env1 -manpage or the Nix manual. + + + nix-env has many more flags. For details, see the + + nix-env + 1 manpage or the Nix manual. + diff --git a/nixos/doc/manual/configuration/adding-custom-packages.xml b/nixos/doc/manual/configuration/adding-custom-packages.xml index ae58f61d73e..b59287a622e 100644 --- a/nixos/doc/manual/configuration/adding-custom-packages.xml +++ b/nixos/doc/manual/configuration/adding-custom-packages.xml @@ -3,43 +3,36 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-custom-packages"> + Adding Custom Packages -Adding Custom Packages - -It’s possible that a package you need is not available in NixOS. -In that case, you can do two things. First, you can clone the Nixpkgs -repository, add the package to your clone, and (optionally) submit a -patch or pull request to have it accepted into the main Nixpkgs -repository. This is described in detail in the Nixpkgs manual. -In short, you clone Nixpkgs: - + + It’s possible that a package you need is not available in NixOS. In that + case, you can do two things. First, you can clone the Nixpkgs repository, add + the package to your clone, and (optionally) submit a patch or pull request to + have it accepted into the main Nixpkgs repository. This is described in + detail in the Nixpkgs + manual. In short, you clone Nixpkgs: $ git clone git://github.com/NixOS/nixpkgs.git $ cd nixpkgs - -Then you write and test the package as described in the Nixpkgs -manual. Finally, you add it to -environment.systemPackages, e.g. - + Then you write and test the package as described in the Nixpkgs manual. + Finally, you add it to environment.systemPackages, e.g. = [ pkgs.my-package ]; - -and you run nixos-rebuild, specifying your own -Nixpkgs tree: - + and you run nixos-rebuild, specifying your own Nixpkgs + tree: # nixos-rebuild switch -I nixpkgs=/path/to/my/nixpkgs + - - -The second possibility is to add the package outside of the -Nixpkgs tree. For instance, here is how you specify a build of the -GNU Hello -package directly in configuration.nix: - + + The second possibility is to add the package outside of the Nixpkgs tree. For + instance, here is how you specify a build of the + GNU Hello + package directly in configuration.nix: = let @@ -53,13 +46,12 @@ package directly in configuration.nix: in [ my-hello ]; - -Of course, you can also move the definition of -my-hello into a separate Nix expression, e.g. + Of course, you can also move the definition of my-hello + into a separate Nix expression, e.g. = [ (import ./my-hello.nix) ]; -where my-hello.nix contains: + where my-hello.nix contains: with import <nixpkgs> {}; # bring all of Nixpkgs into scope @@ -71,14 +63,11 @@ stdenv.mkDerivation rec { }; } - -This allows testing the package easily: + This allows testing the package easily: $ nix-build my-hello.nix $ ./result/bin/hello Hello, world! - - - + diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index d4ca15bb3e7..a9420b3fc92 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -3,28 +3,25 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-configuration-file"> + NixOS Configuration File -NixOS Configuration File - -The NixOS configuration file generally looks like this: - + + The NixOS configuration file generally looks like this: { config, pkgs, ... }: { option definitions } - -The first line ({ config, pkgs, ... }:) denotes -that this is actually a function that takes at least the two arguments - config and pkgs. (These are -explained later.) The function returns a set of -option definitions ({ ... }). These definitions have the -form name = -value, where -name is the name of an option and -value is its value. For example, - + The first line ({ config, pkgs, ... }:) denotes that this + is actually a function that takes at least the two arguments + config and pkgs. (These are explained + later.) The function returns a set of option definitions + ({ ... }). These definitions + have the form name = + value, where + name is the name of an option and + value is its value. For example, { config, pkgs, ... }: @@ -33,19 +30,19 @@ form name = = "/webroot"; } + defines a configuration with three option definitions that together enable + the Apache HTTP Server with /webroot as the document + root. + -defines a configuration with three option definitions that together -enable the Apache HTTP Server with /webroot as -the document root. - -Sets can be nested, and in fact dots in option names are -shorthand for defining a set containing another set. For instance, - defines a set named -services that contains a set named -httpd, which in turn contains an option definition -named enable with value true. -This means that the example above can also be written as: - + + Sets can be nested, and in fact dots in option names are shorthand for + defining a set containing another set. For instance, + defines a set named + services that contains a set named + httpd, which in turn contains an option definition named + enable with value true. This means that + the example above can also be written as: { config, pkgs, ... }: @@ -58,46 +55,44 @@ This means that the example above can also be written as: }; } + which may be more convenient if you have lots of option definitions that + share the same prefix (such as services.httpd). + -which may be more convenient if you have lots of option definitions -that share the same prefix (such as -services.httpd). - -NixOS checks your option definitions for correctness. For -instance, if you try to define an option that doesn’t exist (that is, -doesn’t have a corresponding option declaration), -nixos-rebuild will give an error like: + + NixOS checks your option definitions for correctness. For instance, if you + try to define an option that doesn’t exist (that is, doesn’t have a + corresponding option declaration), + nixos-rebuild will give an error like: The option `services.httpd.enable' defined in `/etc/nixos/configuration.nix' does not exist. -Likewise, values in option definitions must have a correct type. For -instance, must be a Boolean -(true or false). Trying to give -it a value of another type, such as a string, will cause an error: + Likewise, values in option definitions must have a correct type. For + instance, must be a Boolean + (true or false). Trying to give it a + value of another type, such as a string, will cause an error: The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is not a boolean. + - - -Options have various types of values. The most important are: - - - + + Options have various types of values. The most important are: + + Strings - Strings are enclosed in double quotes, e.g. - + + Strings are enclosed in double quotes, e.g. = "dexter"; - - Special characters can be escaped by prefixing them with a - backslash (e.g. \"). - - Multi-line strings can be enclosed in double - single quotes, e.g. - + Special characters can be escaped by prefixing them with a backslash + (e.g. \"). + + + Multi-line strings can be enclosed in double single + quotes, e.g. = '' @@ -105,58 +100,52 @@ The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is no 10.0.0.1 server ''; - - The main difference is that it strips from each line - a number of spaces equal to the minimal indentation of - the string as a whole (disregarding the indentation of - empty lines), and that characters like - " and \ are not special - (making it more convenient for including things like shell - code). - See more info about this in the Nix manual here. + The main difference is that it strips from each line a number of spaces + equal to the minimal indentation of the string as a whole (disregarding + the indentation of empty lines), and that characters like + " and \ are not special (making it + more convenient for including things like shell code). See more info + about this in the Nix manual + here. + - - - + + Booleans - These can be true or - false, e.g. - + + These can be true or false, e.g. = true; = false; - + - - - + + Integers - For example, - + + For example, ."net.ipv4.tcp_keepalive_time" = 60; - (Note that here the attribute name - net.ipv4.tcp_keepalive_time is enclosed in - quotes to prevent it from being interpreted as a set named - net containing a set named - ipv4, and so on. This is because it’s not a - NixOS option but the literal name of a Linux kernel - setting.) + net.ipv4.tcp_keepalive_time is enclosed in quotes to + prevent it from being interpreted as a set named net + containing a set named ipv4, and so on. This is + because it’s not a NixOS option but the literal name of a Linux kernel + setting.) + - - - + + Sets - Sets were introduced above. They are name/value pairs - enclosed in braces, as in the option definition - + + Sets were introduced above. They are name/value pairs enclosed in braces, + as in the option definition ."/boot" = { device = "/dev/sda1"; @@ -164,36 +153,32 @@ The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is no options = [ "rw" "data=ordered" "relatime" ]; }; - + - - - + + Lists - The important thing to note about lists is that list - elements are separated by whitespace, like this: - + + The important thing to note about lists is that list elements are + separated by whitespace, like this: = [ "fuse" "kvm-intel" "coretemp" ]; - List elements can be any other type, e.g. sets: - swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - + - - - + + Packages - Usually, the packages you need are already part of the Nix - Packages collection, which is a set that can be accessed through - the function argument pkgs. Typical uses: - + + Usually, the packages you need are already part of the Nix Packages + collection, which is a set that can be accessed through the function + argument pkgs. Typical uses: = [ pkgs.thunderbird @@ -202,16 +187,12 @@ swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; = pkgs.postgresql90; - - The latter option definition changes the default PostgreSQL - package used by NixOS’s PostgreSQL service to 9.0. For more - information on packages, including how to add new ones, see - . + The latter option definition changes the default PostgreSQL package used + by NixOS’s PostgreSQL service to 9.0. For more information on packages, + including how to add new ones, see . + - - - - - - + + + diff --git a/nixos/doc/manual/configuration/config-syntax.xml b/nixos/doc/manual/configuration/config-syntax.xml index 87847f8451e..5ef498cf9ae 100644 --- a/nixos/doc/manual/configuration/config-syntax.xml +++ b/nixos/doc/manual/configuration/config-syntax.xml @@ -3,25 +3,23 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-configuration-syntax"> - -Configuration Syntax - -The NixOS configuration file -/etc/nixos/configuration.nix is actually a -Nix expression, which is the Nix package -manager’s purely functional language for describing how to build -packages and configurations. This means you have all the expressive -power of that language at your disposal, including the ability to -abstract over common patterns, which is very useful when managing -complex systems. The syntax and semantics of the Nix language are -fully described in the Configuration Syntax + + The NixOS configuration file + /etc/nixos/configuration.nix is actually a Nix + expression, which is the Nix package manager’s purely functional + language for describing how to build packages and configurations. This means + you have all the expressive power of that language at your disposal, + including the ability to abstract over common patterns, which is very useful + when managing complex systems. The syntax and semantics of the Nix language + are fully described in the + Nix -manual, but here we give a short overview of the most important -constructs useful in NixOS configuration files. - - - - - - + manual, but here we give a short overview of the most important + constructs useful in NixOS configuration files. + + + + + diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml index f092c7e207f..8d05dcd34b4 100644 --- a/nixos/doc/manual/configuration/configuration.xml +++ b/nixos/doc/manual/configuration/configuration.xml @@ -3,30 +3,24 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-configuration"> - -Configuration - - - -This chapter describes how to configure various aspects of a -NixOS machine through the configuration file -/etc/nixos/configuration.nix. As described in -, changes to this file only take -effect after you run nixos-rebuild. - - - - - - - - - - - - - - + Configuration + + + This chapter describes how to configure various aspects of a NixOS machine + through the configuration file + /etc/nixos/configuration.nix. As described in + , changes to this file only take + effect after you run nixos-rebuild. + + + + + + + + + + + - diff --git a/nixos/doc/manual/configuration/customizing-packages.xml b/nixos/doc/manual/configuration/customizing-packages.xml index 8b7654e9b42..03b5bb53197 100644 --- a/nixos/doc/manual/configuration/customizing-packages.xml +++ b/nixos/doc/manual/configuration/customizing-packages.xml @@ -3,53 +3,50 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-customising-packages"> + Customising Packages -Customising Packages + + Some packages in Nixpkgs have options to enable or disable optional + functionality or change other aspects of the package. For instance, the + Firefox wrapper package (which provides Firefox with a set of plugins such as + the Adobe Flash player) has an option to enable the Google Talk plugin. It + can be set in configuration.nix as follows: + nixpkgs.config.firefox.enableGoogleTalkPlugin = true; + -Some packages in Nixpkgs have options to enable or disable -optional functionality or change other aspects of the package. For -instance, the Firefox wrapper package (which provides Firefox with a -set of plugins such as the Adobe Flash player) has an option to enable -the Google Talk plugin. It can be set in -configuration.nix as follows: - - -nixpkgs.config.firefox.enableGoogleTalkPlugin = true; - - - -Unfortunately, Nixpkgs currently lacks a way to query -available configuration options. - -Apart from high-level options, it’s possible to tweak a package -in almost arbitrary ways, such as changing or disabling dependencies -of a package. For instance, the Emacs package in Nixpkgs by default -has a dependency on GTK+ 2. If you want to build it against GTK+ 3, -you can specify that as follows: + + + Unfortunately, Nixpkgs currently lacks a way to query available + configuration options. + + + + Apart from high-level options, it’s possible to tweak a package in almost + arbitrary ways, such as changing or disabling dependencies of a package. For + instance, the Emacs package in Nixpkgs by default has a dependency on GTK+ 2. + If you want to build it against GTK+ 3, you can specify that as follows: = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; + The function override performs the call to the Nix + function that produces Emacs, with the original arguments amended by the set + of arguments specified by you. So here the function argument + gtk gets the value pkgs.gtk3, causing + Emacs to depend on GTK+ 3. (The parentheses are necessary because in Nix, + function application binds more weakly than list construction, so without + them, would be a list with + two elements.) + -The function override performs the call to the Nix -function that produces Emacs, with the original arguments amended by -the set of arguments specified by you. So here the function argument -gtk gets the value pkgs.gtk3, -causing Emacs to depend on GTK+ 3. (The parentheses are necessary -because in Nix, function application binds more weakly than list -construction, so without them, - would be a list with two -elements.) - -Even greater customisation is possible using the function -overrideAttrs. While the -override mechanism above overrides the arguments of -a package function, overrideAttrs allows -changing the attributes passed to mkDerivation. -This permits changing any aspect of the package, such as the source code. -For instance, if you want to override the source code of Emacs, you -can say: - + + Even greater customisation is possible using the function + overrideAttrs. While the override + mechanism above overrides the arguments of a package function, + overrideAttrs allows changing the + attributes passed to mkDerivation. + This permits changing any aspect of the package, such as the source code. For + instance, if you want to override the source code of Emacs, you can say: = [ (pkgs.emacs.overrideAttrs (oldAttrs: { @@ -58,36 +55,32 @@ can say: })) ]; + Here, overrideAttrs takes the Nix derivation specified by + pkgs.emacs and produces a new derivation in which the + original’s name and src attribute + have been replaced by the given values by re-calling + stdenv.mkDerivation. The original attributes are + accessible via the function argument, which is conventionally named + oldAttrs. + -Here, overrideAttrs takes the Nix derivation -specified by pkgs.emacs and produces a new -derivation in which the original’s name and -src attribute have been replaced by the given -values by re-calling stdenv.mkDerivation. -The original attributes are accessible via the function argument, -which is conventionally named oldAttrs. - -The overrides shown above are not global. They do not affect -the original package; other packages in Nixpkgs continue to depend on -the original rather than the customised package. This means that if -another package in your system depends on the original package, you -end up with two instances of the package. If you want to have -everything depend on your customised instance, you can apply a -global override as follows: - + + The overrides shown above are not global. They do not affect the original + package; other packages in Nixpkgs continue to depend on the original rather + than the customised package. This means that if another package in your + system depends on the original package, you end up with two instances of the + package. If you want to have everything depend on your customised instance, + you can apply a global override as follows: nixpkgs.config.packageOverrides = pkgs: { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; }; }; - -The effect of this definition is essentially equivalent to modifying -the emacs attribute in the Nixpkgs source tree. -Any package in Nixpkgs that depends on emacs will -be passed your customised instance. (However, the value -pkgs.emacs in -nixpkgs.config.packageOverrides refers to the -original rather than overridden instance, to prevent an infinite -recursion.) - + The effect of this definition is essentially equivalent to modifying the + emacs attribute in the Nixpkgs source tree. Any package in + Nixpkgs that depends on emacs will be passed your + customised instance. (However, the value pkgs.emacs in + nixpkgs.config.packageOverrides refers to the original + rather than overridden instance, to prevent an infinite recursion.) + diff --git a/nixos/doc/manual/configuration/declarative-packages.xml b/nixos/doc/manual/configuration/declarative-packages.xml index 4c875e6f037..be9884fe9dc 100644 --- a/nixos/doc/manual/configuration/declarative-packages.xml +++ b/nixos/doc/manual/configuration/declarative-packages.xml @@ -3,41 +3,41 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-declarative-package-mgmt"> + Declarative Package Management -Declarative Package Management - -With declarative package management, you specify which packages -you want on your system by setting the option -. For instance, adding the -following line to configuration.nix enables the -Mozilla Thunderbird email application: - + + With declarative package management, you specify which packages you want on + your system by setting the option + . For instance, adding the + following line to configuration.nix enables the Mozilla + Thunderbird email application: = [ pkgs.thunderbird ]; + The effect of this specification is that the Thunderbird package from Nixpkgs + will be built or downloaded as part of the system when you run + nixos-rebuild switch. + -The effect of this specification is that the Thunderbird package from -Nixpkgs will be built or downloaded as part of the system when you run -nixos-rebuild switch. - -You can get a list of the available packages as follows: + + You can get a list of the available packages as follows: $ nix-env -qaP '*' --description nixos.firefox firefox-23.0 Mozilla Firefox - the browser, reloaded ... + The first column in the output is the attribute name, + such as nixos.thunderbird. (The nixos + prefix allows distinguishing between different channels that you might have.) + -The first column in the output is the attribute -name, such as -nixos.thunderbird. (The -nixos prefix allows distinguishing between -different channels that you might have.) + + To “uninstall” a package, simply remove it from + and run + nixos-rebuild switch. + -To “uninstall” a package, simply remove it from - and run -nixos-rebuild switch. - - - + + diff --git a/nixos/doc/manual/configuration/file-systems.xml b/nixos/doc/manual/configuration/file-systems.xml index 0ff37c38d8b..e4c03de71b7 100644 --- a/nixos/doc/manual/configuration/file-systems.xml +++ b/nixos/doc/manual/configuration/file-systems.xml @@ -3,44 +3,44 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-file-systems"> - -File Systems - -You can define file systems using the - configuration option. For instance, the -following definition causes NixOS to mount the Ext4 file system on -device /dev/disk/by-label/data onto the mount -point /data: - + File Systems + + You can define file systems using the + configuration option. For instance, the following definition causes NixOS to + mount the Ext4 file system on device + /dev/disk/by-label/data onto the mount point + /data: ."/data" = { device = "/dev/disk/by-label/data"; fsType = "ext4"; }; - -Mount points are created automatically if they don’t already exist. -For , it’s best to use the topology-independent -device aliases in /dev/disk/by-label and -/dev/disk/by-uuid, as these don’t change if the -topology changes (e.g. if a disk is moved to another IDE -controller). - -You can usually omit the file system type -(), since mount can usually -detect the type and load the necessary kernel module automatically. -However, if the file system is needed at early boot (in the initial -ramdisk) and is not ext2, ext3 -or ext4, then it’s best to specify - to ensure that the kernel module is -available. - -System startup will fail if any of the filesystems fails to mount, -dropping you to the emergency shell. -You can make a mount asynchronous and non-critical by adding -options = [ "nofail" ];. - - - - + Mount points are created automatically if they don’t already exist. For + , + it’s best to use the topology-independent device aliases in + /dev/disk/by-label and + /dev/disk/by-uuid, as these don’t change if the + topology changes (e.g. if a disk is moved to another IDE controller). + + + You can usually omit the file system type + (), + since mount can usually detect the type and load the + necessary kernel module automatically. However, if the file system is needed + at early boot (in the initial ramdisk) and is not ext2, + ext3 or ext4, then it’s best to + specify to ensure that the kernel module is + available. + + + + System startup will fail if any of the filesystems fails to mount, dropping + you to the emergency shell. You can make a mount asynchronous and + non-critical by adding + options = [ + "nofail" ];. + + + diff --git a/nixos/doc/manual/configuration/firewall.xml b/nixos/doc/manual/configuration/firewall.xml index ecc21a3bdf5..b66adcedce6 100644 --- a/nixos/doc/manual/configuration/firewall.xml +++ b/nixos/doc/manual/configuration/firewall.xml @@ -3,49 +3,44 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-firewall"> + Firewall -Firewall - -NixOS has a simple stateful firewall that blocks incoming -connections and other unexpected packets. The firewall applies to -both IPv4 and IPv6 traffic. It is enabled by default. It can be -disabled as follows: - + + NixOS has a simple stateful firewall that blocks incoming connections and + other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. + It is enabled by default. It can be disabled as follows: = false; - -If the firewall is enabled, you can open specific TCP ports to the -outside world: - + If the firewall is enabled, you can open specific TCP ports to the outside + world: = [ 80 443 ]; + Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is + enabled (). UDP ports can be opened through + . + -Note that TCP port 22 (ssh) is opened automatically if the SSH daemon -is enabled (). UDP -ports can be opened through -. - -To open ranges of TCP ports: - + + To open ranges of TCP ports: = [ { from = 4000; to = 4007; } { from = 8000; to = 8010; } ]; + Similarly, UDP port ranges can be opened through + . + -Similarly, UDP port ranges can be opened through -. - -Also of interest is - + + Also of interest is = true; - -to allow the machine to respond to ping requests. (ICMPv6 pings are -always allowed.) - + to allow the machine to respond to ping requests. (ICMPv6 pings are always + allowed.) + diff --git a/nixos/doc/manual/configuration/ipv4-config.xml b/nixos/doc/manual/configuration/ipv4-config.xml index fbc9695c601..71ddf41491b 100644 --- a/nixos/doc/manual/configuration/ipv4-config.xml +++ b/nixos/doc/manual/configuration/ipv4-config.xml @@ -3,45 +3,41 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-ipv4"> + IPv4 Configuration -IPv4 Configuration - -By default, NixOS uses DHCP (specifically, -dhcpcd) to automatically configure network -interfaces. However, you can configure an interface manually as -follows: - + + By default, NixOS uses DHCP (specifically, dhcpcd) to + automatically configure network interfaces. However, you can configure an + interface manually as follows: networking.interfaces.eth0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; - -Typically you’ll also want to set a default gateway and set of name -servers: - + Typically you’ll also want to set a default gateway and set of name + servers: = "192.168.1.1"; = [ "8.8.8.8" ]; + - - -Statically configured interfaces are set up by the systemd -service -interface-name-cfg.service. -The default gateway and name server configuration is performed by -network-setup.service. - -The host name is set using : + + + Statically configured interfaces are set up by the systemd service + interface-name-cfg.service. + The default gateway and name server configuration is performed by + network-setup.service. + + + + The host name is set using : = "cartman"; - -The default host name is nixos. Set it to the -empty string ("") to allow the DHCP server to -provide the host name. - + The default host name is nixos. Set it to the empty string + ("") to allow the DHCP server to provide the host name. + diff --git a/nixos/doc/manual/configuration/ipv6-config.xml b/nixos/doc/manual/configuration/ipv6-config.xml index e8960dc8930..e9ab7cce4eb 100644 --- a/nixos/doc/manual/configuration/ipv6-config.xml +++ b/nixos/doc/manual/configuration/ipv6-config.xml @@ -3,47 +3,48 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-ipv6"> + IPv6 Configuration -IPv6 Configuration - -IPv6 is enabled by default. Stateless address autoconfiguration -is used to automatically assign IPv6 addresses to all interfaces. You -can disable IPv6 support globally by setting: - + + IPv6 is enabled by default. Stateless address autoconfiguration is used to + automatically assign IPv6 addresses to all interfaces. You can disable IPv6 + support globally by setting: = false; - - -You can disable IPv6 on a single interface using a normal sysctl (in this -example, we use interface eth0): + + + + You can disable IPv6 on a single interface using a normal sysctl (in this + example, we use interface eth0): ."net.ipv6.conf.eth0.disable_ipv6" = true; - - -As with IPv4 networking interfaces are automatically configured via -DHCPv6. You can configure an interface manually: + + + As with IPv4 networking interfaces are automatically configured via DHCPv6. + You can configure an interface manually: networking.interfaces.eth0.ipv6.addresses = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ]; - - -For configuring a gateway, optionally with explicitly specified interface: + + + For configuring a gateway, optionally with explicitly specified interface: = { address = "fe00::1"; interface = "enp0s3"; } - - -See for similar examples and additional information. - + + + See for similar examples and additional + information. + diff --git a/nixos/doc/manual/configuration/linux-kernel.xml b/nixos/doc/manual/configuration/linux-kernel.xml index b9325629256..0990e9d932b 100644 --- a/nixos/doc/manual/configuration/linux-kernel.xml +++ b/nixos/doc/manual/configuration/linux-kernel.xml @@ -3,29 +3,29 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-kernel-config"> - -Linux Kernel - -You can override the Linux kernel and associated packages using -the option . For instance, this -selects the Linux 3.10 kernel: + Linux Kernel + + You can override the Linux kernel and associated packages using the option + . For instance, this selects the Linux + 3.10 kernel: = pkgs.linuxPackages_3_10; -Note that this not only replaces the kernel, but also packages that -are specific to the kernel version, such as the NVIDIA video drivers. -This ensures that driver packages are consistent with the -kernel. - -The default Linux kernel configuration should be fine for most users. You can see the configuration of your current kernel with the following command: + Note that this not only replaces the kernel, but also packages that are + specific to the kernel version, such as the NVIDIA video drivers. This + ensures that driver packages are consistent with the kernel. + + + The default Linux kernel configuration should be fine for most users. You can + see the configuration of your current kernel with the following command: zcat /proc/config.gz -If you want to change the kernel configuration, you can use the - feature (see ). For instance, to enable -support for the kernel debugger KGDB: - + If you want to change the kernel configuration, you can use the + feature (see + ). For instance, to enable support + for the kernel debugger KGDB: nixpkgs.config.packageOverrides = pkgs: { linux_3_4 = pkgs.linux_3_4.override { @@ -36,47 +36,46 @@ nixpkgs.config.packageOverrides = pkgs: }; }; - -extraConfig takes a list of Linux kernel -configuration options, one per line. The name of the option should -not include the prefix CONFIG_. The option value -is typically y, n or -m (to build something as a kernel module). - -Kernel modules for hardware devices are generally loaded -automatically by udev. You can force a module to -be loaded via , e.g. + extraConfig takes a list of Linux kernel configuration + options, one per line. The name of the option should not include the prefix + CONFIG_. The option value is typically + y, n or m (to build + something as a kernel module). + + + Kernel modules for hardware devices are generally loaded automatically by + udev. You can force a module to be loaded via + , e.g. = [ "fuse" "kvm-intel" "coretemp" ]; -If the module is required early during the boot (e.g. to mount the -root file system), you can use -: + If the module is required early during the boot (e.g. to mount the root file + system), you can use : = [ "cifs" ]; -This causes the specified modules and their dependencies to be added -to the initial ramdisk. - -Kernel runtime parameters can be set through -, e.g. + This causes the specified modules and their dependencies to be added to the + initial ramdisk. + + + Kernel runtime parameters can be set through + , e.g. ."net.ipv4.tcp_keepalive_time" = 120; -sets the kernel’s TCP keepalive time to 120 seconds. To see the -available parameters, run sysctl -a. - -
+ sets the kernel’s TCP keepalive time to 120 seconds. To see the available + parameters, run sysctl -a. + +
Developing kernel modules - When developing kernel modules it's often convenient to run - edit-compile-run loop as quickly as possible. - - See below snippet as an example of developing mellanox - drivers. + + When developing kernel modules it's often convenient to run edit-compile-run + loop as quickly as possible. See below snippet as an example of developing + mellanox drivers. - ' -A linuxPackages.kernel.dev $ nix-shell '' -A linuxPackages.kernel $ unpackPhase @@ -84,7 +83,5 @@ $ cd linux-* $ make -C $dev/lib/modules/*/build M=$(pwd)/drivers/net/ethernet/mellanox modules # insmod ./drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko ]]> - -
- +
diff --git a/nixos/doc/manual/configuration/luks-file-systems.xml b/nixos/doc/manual/configuration/luks-file-systems.xml index 6c2b4cc60b5..8a2b107e0ee 100644 --- a/nixos/doc/manual/configuration/luks-file-systems.xml +++ b/nixos/doc/manual/configuration/luks-file-systems.xml @@ -3,14 +3,13 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-luks-file-systems"> + LUKS-Encrypted File Systems -LUKS-Encrypted File Systems - -NixOS supports file systems that are encrypted using -LUKS (Linux Unified Key Setup). For example, -here is how you create an encrypted Ext4 file system on the device -/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: - + + NixOS supports file systems that are encrypted using + LUKS (Linux Unified Key Setup). For example, here is how + you create an encrypted Ext4 file system on the device + /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: # cryptsetup luksFormat /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d @@ -27,20 +26,15 @@ Enter passphrase for /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: *** # mkfs.ext4 /dev/mapper/crypted - -To ensure that this file system is automatically mounted at boot time -as /, add the following to -configuration.nix: - + To ensure that this file system is automatically mounted at boot time as + /, add the following to + configuration.nix: boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; ."/".device = "/dev/mapper/crypted"; - -Should grub be used as bootloader, and /boot is located -on an encrypted partition, it is necessary to add the following grub option: + Should grub be used as bootloader, and /boot is located + on an encrypted partition, it is necessary to add the following grub option: = true; - - - + diff --git a/nixos/doc/manual/configuration/modularity.xml b/nixos/doc/manual/configuration/modularity.xml index 2f76459a24e..3ff96f719ec 100644 --- a/nixos/doc/manual/configuration/modularity.xml +++ b/nixos/doc/manual/configuration/modularity.xml @@ -3,21 +3,21 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-modularity"> + Modularity -Modularity - -The NixOS configuration mechanism is modular. If your -configuration.nix becomes too big, you can split -it into multiple files. Likewise, if you have multiple NixOS -configurations (e.g. for different computers) with some commonality, -you can move the common configuration into a shared file. - -Modules have exactly the same syntax as -configuration.nix. In fact, -configuration.nix is itself a module. You can -use other modules by including them from -configuration.nix, e.g.: + + The NixOS configuration mechanism is modular. If your + configuration.nix becomes too big, you can split it into + multiple files. Likewise, if you have multiple NixOS configurations (e.g. for + different computers) with some commonality, you can move the common + configuration into a shared file. + + + Modules have exactly the same syntax as + configuration.nix. In fact, + configuration.nix is itself a module. You can use other + modules by including them from configuration.nix, e.g.: { config, pkgs, ... }: @@ -27,11 +27,9 @@ use other modules by including them from ... } - -Here, we include two modules from the same directory, -vpn.nix and kde.nix. The -latter might look like this: - + Here, we include two modules from the same directory, + vpn.nix and kde.nix. The latter + might look like this: { config, pkgs, ... }: @@ -40,59 +38,55 @@ latter might look like this: = true; } - -Note that both configuration.nix and -kde.nix define the option -. When multiple modules -define an option, NixOS will try to merge the -definitions. In the case of -, that’s easy: the lists of -packages can simply be concatenated. The value in -configuration.nix is merged last, so for -list-type options, it will appear at the end of the merged list. If -you want it to appear first, you can use mkBefore: - + Note that both configuration.nix and + kde.nix define the option + . When multiple modules + define an option, NixOS will try to merge the + definitions. In the case of , + that’s easy: the lists of packages can simply be concatenated. The value in + configuration.nix is merged last, so for list-type + options, it will appear at the end of the merged list. If you want it to + appear first, you can use mkBefore: = mkBefore [ "kvm-intel" ]; + This causes the kvm-intel kernel module to be loaded + before any other kernel modules. + -This causes the kvm-intel kernel module to be -loaded before any other kernel modules. - -For other types of options, a merge may not be possible. For -instance, if two modules define -, -nixos-rebuild will give an error: - + + For other types of options, a merge may not be possible. For instance, if two + modules define , + nixos-rebuild will give an error: The unique option `services.httpd.adminAddr' is defined multiple times, in `/etc/nixos/httpd.nix' and `/etc/nixos/configuration.nix'. - -When that happens, it’s possible to force one definition take -precedence over the others: - + When that happens, it’s possible to force one definition take precedence + over the others: = pkgs.lib.mkForce "bob@example.org"; + - - -When using multiple modules, you may need to access -configuration values defined in other modules. This is what the -config function argument is for: it contains the -complete, merged system configuration. That is, -config is the result of combining the -configurations returned by every moduleIf you’re -wondering how it’s possible that the (indirect) -result of a function is passed as an -input to that same function: that’s because Nix -is a “lazy” language — it only computes values when they are needed. -This works as long as no individual configuration value depends on -itself.. For example, here is a module that adds -some packages to only if - is set to -true somewhere else: - + + When using multiple modules, you may need to access configuration values + defined in other modules. This is what the config function + argument is for: it contains the complete, merged system configuration. That + is, config is the result of combining the configurations + returned by every module + + + If you’re wondering how it’s possible that the (indirect) + result of a function is passed as an + input to that same function: that’s because Nix is a + “lazy” language — it only computes values when they are needed. This + works as long as no individual configuration value depends on itself. + + + . For example, here is a module that adds some packages to + only if + is set to + true somewhere else: { config, pkgs, ... }: @@ -105,13 +99,12 @@ some packages to only if [ ]; } + - - -With multiple modules, it may not be obvious what the final -value of a configuration option is. The command - allows you to find out: - + + With multiple modules, it may not be obvious what the final value of a + configuration option is. The command allows you + to find out: $ nixos-option true @@ -119,14 +112,11 @@ true $ nixos-option [ "tun" "ipv6" "loop" ... ] - -Interactive exploration of the configuration is possible using -nix-repl, -a read-eval-print loop for Nix expressions. It’s not installed by -default; run nix-env -i nix-repl to get it. A -typical use: - + a read-eval-print loop for Nix expressions. It’s not installed by default; + run nix-env -i nix-repl to get it. A typical use: $ nix-repl '<nixpkgs/nixos>' @@ -136,7 +126,5 @@ nix-repl> config. nix-repl> map (x: x.hostName) config. [ "example.org" "example.gov" ] - - - + diff --git a/nixos/doc/manual/configuration/network-manager.xml b/nixos/doc/manual/configuration/network-manager.xml index bbbee3a52ed..e217a99148b 100644 --- a/nixos/doc/manual/configuration/network-manager.xml +++ b/nixos/doc/manual/configuration/network-manager.xml @@ -3,39 +3,42 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-networkmanager"> + NetworkManager -NetworkManager - -To facilitate network configuration, some desktop environments -use NetworkManager. You can enable NetworkManager by setting: - + + To facilitate network configuration, some desktop environments use + NetworkManager. You can enable NetworkManager by setting: = true; + some desktop managers (e.g., GNOME) enable NetworkManager automatically for + you. + -some desktop managers (e.g., GNOME) enable NetworkManager -automatically for you. - -All users that should have permission to change network settings must -belong to the networkmanager group: - + + All users that should have permission to change network settings must belong + to the networkmanager group: users.extraUsers.youruser.extraGroups = [ "networkmanager" ]; - + -NetworkManager is controlled using either nmcli or -nmtui (curses-based terminal user interface). See their -manual pages for details on their usage. Some desktop environments (GNOME, KDE) -have their own configuration tools for NetworkManager. On XFCE, there is no -configuration tool for NetworkManager by default: by adding -networkmanagerapplet to the list of system packages, the graphical -applet will be installed and will launch automatically when XFCE is starting -(and will show in the status tray). - -networking.networkmanager and -networking.wireless (WPA Supplicant) cannot be enabled at the same -time: you can still connect to the wireless networks using -NetworkManager. + + NetworkManager is controlled using either nmcli or + nmtui (curses-based terminal user interface). See their + manual pages for details on their usage. Some desktop environments (GNOME, + KDE) have their own configuration tools for NetworkManager. On XFCE, there is + no configuration tool for NetworkManager by default: by adding + networkmanagerapplet to the list of system packages, the + graphical applet will be installed and will launch automatically when XFCE is + starting (and will show in the status tray). + + + + networking.networkmanager and networking.wireless + (WPA Supplicant) cannot be enabled at the same time: you can still connect + to the wireless networks using NetworkManager. + + diff --git a/nixos/doc/manual/configuration/networking.xml b/nixos/doc/manual/configuration/networking.xml index 5f08bc1f127..02cf811e0bd 100644 --- a/nixos/doc/manual/configuration/networking.xml +++ b/nixos/doc/manual/configuration/networking.xml @@ -3,20 +3,17 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-networking"> - -Networking - -This section describes how to configure networking components on -your NixOS machine. - - - - - - - - - + Networking + + This section describes how to configure networking components on your NixOS + machine. + + + + + + + + - diff --git a/nixos/doc/manual/configuration/package-mgmt.xml b/nixos/doc/manual/configuration/package-mgmt.xml index 73c1722da02..e8ac5d0681a 100644 --- a/nixos/doc/manual/configuration/package-mgmt.xml +++ b/nixos/doc/manual/configuration/package-mgmt.xml @@ -3,32 +3,29 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-package-management"> - -Package Management - -This section describes how to add additional packages to your -system. NixOS has two distinct styles of package management: - - - - Declarative, where you declare - what packages you want in your - configuration.nix. Every time you run - nixos-rebuild, NixOS will ensure that you get a - consistent set of binaries corresponding to your - specification. - - Ad hoc, where you install, - upgrade and uninstall packages via the nix-env - command. This style allows mixing packages from different Nixpkgs - versions. It’s the only choice for non-root - users. - - - - - - - - + Package Management + + This section describes how to add additional packages to your system. NixOS + has two distinct styles of package management: + + + + Declarative, where you declare what packages you want + in your configuration.nix. Every time you run + nixos-rebuild, NixOS will ensure that you get a + consistent set of binaries corresponding to your specification. + + + + + Ad hoc, where you install, upgrade and uninstall + packages via the nix-env command. This style allows + mixing packages from different Nixpkgs versions. It’s the only choice + for non-root users. + + + + + + diff --git a/nixos/doc/manual/configuration/ssh.xml b/nixos/doc/manual/configuration/ssh.xml index 7dbe598cffe..6e883e3fbbc 100644 --- a/nixos/doc/manual/configuration/ssh.xml +++ b/nixos/doc/manual/configuration/ssh.xml @@ -3,30 +3,25 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-ssh"> + Secure Shell Access -Secure Shell Access - -Secure shell (SSH) access to your machine can be enabled by -setting: - + + Secure shell (SSH) access to your machine can be enabled by setting: = true; + By default, root logins using a password are disallowed. They can be disabled + entirely by setting to + "no". + -By default, root logins using a password are disallowed. They can be -disabled entirely by setting - to -"no". - -You can declaratively specify authorised RSA/DSA public keys for -a user as follows: - + + You can declaratively specify authorised RSA/DSA public keys for a user as + follows: users.extraUsers.alice.openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; - - - + diff --git a/nixos/doc/manual/configuration/summary.xml b/nixos/doc/manual/configuration/summary.xml index 38032c5d9dc..ea980254a8f 100644 --- a/nixos/doc/manual/configuration/summary.xml +++ b/nixos/doc/manual/configuration/summary.xml @@ -3,190 +3,225 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-nix-syntax-summary"> + Syntax Summary -Syntax Summary - -Below is a summary of the most important syntactic constructs in -the Nix expression language. It’s not complete. In particular, there -are many other built-in functions. See the + Below is a summary of the most important syntactic constructs in the Nix + expression language. It’s not complete. In particular, there are many other + built-in functions. See the + Nix -manual for the rest. + manual for the rest. + - + - - - - - Example - Description - - - - - - Basic values - - - "Hello world" - A string - - - "${pkgs.bash}/bin/sh" - A string containing an expression (expands to "/nix/store/hash-bash-version/bin/sh") - - - true, false - Booleans - - - 123 - An integer - - - ./foo.png - A path (relative to the containing Nix expression) - - - - Compound values - - - { x = 1; y = 2; } - A set with attributes named x and y - - - { foo.bar = 1; } - A nested set, equivalent to { foo = { bar = 1; }; } - - - rec { x = "foo"; y = x + "bar"; } - A recursive set, equivalent to { x = "foo"; y = "foobar"; } - - - [ "foo" "bar" ] - A list with two elements - - - - Operators - - - "foo" + "bar" - String concatenation - - - 1 + 2 - Integer addition - - - "foo" == "f" + "oo" - Equality test (evaluates to true) - - - "foo" != "bar" - Inequality test (evaluates to true) - - - !true - Boolean negation - - - { x = 1; y = 2; }.x - Attribute selection (evaluates to 1) - - - { x = 1; y = 2; }.z or 3 - Attribute selection with default (evaluates to 3) - - - { x = 1; y = 2; } // { z = 3; } - Merge two sets (attributes in the right-hand set taking precedence) - - - - Control structures - - - if 1 + 1 == 2 then "yes!" else "no!" - Conditional expression - - - assert 1 + 1 == 2; "yes!" - Assertion check (evaluates to "yes!"). See + + + + Example + Description + + + + + Basic values + + + + "Hello world" + + A string + + + "${pkgs.bash}/bin/sh" + + A string containing an expression (expands to "/nix/store/hash-bash-version/bin/sh") + + + true, false + + Booleans + + + 123 + + An integer + + + ./foo.png + + A path (relative to the containing Nix expression) + + + Compound values + + + + { x = 1; y = 2; } + + A set with attributes named x and y + + + + { foo.bar = 1; } + + A nested set, equivalent to { foo = { bar = 1; }; } + + + + rec { x = "foo"; y = x + "bar"; } + + A recursive set, equivalent to { x = "foo"; y = "foobar"; } + + + + [ "foo" "bar" ] + + A list with two elements + + + Operators + + + + "foo" + "bar" + + String concatenation + + + 1 + 2 + + Integer addition + + + "foo" == "f" + "oo" + + Equality test (evaluates to true) + + + "foo" != "bar" + + Inequality test (evaluates to true) + + + !true + + Boolean negation + + + { x = 1; y = 2; }.x + + Attribute selection (evaluates to 1) + + + { x = 1; y = 2; }.z or 3 + + Attribute selection with default (evaluates to 3) + + + { x = 1; y = 2; } // { z = 3; } + + Merge two sets (attributes in the right-hand set taking precedence) + + + Control structures + + + + if 1 + 1 == 2 then "yes!" else "no!" + + Conditional expression + + + assert 1 + 1 == 2; "yes!" + + Assertion check (evaluates to "yes!"). See for using assertions in modules - - - let x = "foo"; y = "bar"; in x + y - Variable definition - - - with pkgs.lib; head [ 1 2 3 ] - Add all attributes from the given set to the scope + + + let x = "foo"; y = "bar"; in x + y + + Variable definition + + + with pkgs.lib; head [ 1 2 3 ] + + Add all attributes from the given set to the scope (evaluates to 1) - - - - Functions (lambdas) - - - x: x + 1 - A function that expects an integer and returns it increased by 1 - - - (x: x + 1) 100 - A function call (evaluates to 101) - - - let inc = x: x + 1; in inc (inc (inc 100)) - A function bound to a variable and subsequently called by name (evaluates to 103) - - - { x, y }: x + y - A function that expects a set with required attributes + + + Functions (lambdas) + + + + x: x + 1 + + A function that expects an integer and returns it increased by 1 + + + (x: x + 1) 100 + + A function call (evaluates to 101) + + + let inc = x: x + 1; in inc (inc (inc 100)) + + A function bound to a variable and subsequently called by name (evaluates to 103) + + + { x, y }: x + y + + A function that expects a set with required attributes x and y and concatenates them - - - { x, y ? "bar" }: x + y - A function that expects a set with required attribute + + + { x, y ? "bar" }: x + y + + A function that expects a set with required attribute x and optional y, using "bar" as default value for - y - - - { x, y, ... }: x + y - A function that expects a set with required attributes + y + + + + { x, y, ... }: x + y + + A function that expects a set with required attributes x and y and ignores any other attributes - - - { x, y } @ args: x + y - A function that expects a set with required attributes + + + { x, y } @ args: x + y + + A function that expects a set with required attributes x and y, and binds the - whole set to args - - - - Built-in functions - - - import ./foo.nix - Load and return Nix expression in given file - - - map (x: x + x) [ 1 2 3 ] - Apply a function to every element of a list (evaluates to [ 2 4 6 ]) - - - - + - - + diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index 1456a589411..66c1c6eb3a1 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -3,14 +3,12 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-user-management"> - -User Management - -NixOS supports both declarative and imperative styles of user -management. In the declarative style, users are specified in -configuration.nix. For instance, the following -states that a user account named alice shall exist: - + User Management + + NixOS supports both declarative and imperative styles of user management. In + the declarative style, users are specified in + configuration.nix. For instance, the following states + that a user account named alice shall exist: .alice = { isNormalUser = true; @@ -20,81 +18,71 @@ states that a user account named alice shall exist: openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; - -Note that alice is a member of the -wheel and networkmanager groups, -which allows her to use sudo to execute commands as -root and to configure the network, respectively. -Also note the SSH public key that allows remote logins with the -corresponding private key. Users created in this way do not have a -password by default, so they cannot log in via mechanisms that require -a password. However, you can use the passwd program -to set a password, which is retained across invocations of -nixos-rebuild. - -If you set to false, then the contents of -/etc/passwd and /etc/group will be congruent to -your NixOS configuration. For instance, if you remove a user from -and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users -and groups, such as useradd, are no longer available. Passwords may still be -assigned by setting the user's hashedPassword -option. A hashed password can be generated using mkpasswd -m sha-512 -after installing the mkpasswd package. - -A user ID (uid) is assigned automatically. You can also specify -a uid manually by adding - + Note that alice is a member of the + wheel and networkmanager groups, which + allows her to use sudo to execute commands as + root and to configure the network, respectively. Also note + the SSH public key that allows remote logins with the corresponding private + key. Users created in this way do not have a password by default, so they + cannot log in via mechanisms that require a password. However, you can use + the passwd program to set a password, which is retained + across invocations of nixos-rebuild. + + + If you set to false, then the + contents of /etc/passwd and /etc/group + will be congruent to your NixOS configuration. For instance, if you remove a + user from and run nixos-rebuild, the user + account will cease to exist. Also, imperative commands for managing users and + groups, such as useradd, are no longer available. Passwords may still be + assigned by setting the user's + hashedPassword + option. A hashed password can be generated using mkpasswd -m + sha-512 after installing the mkpasswd package. + + + A user ID (uid) is assigned automatically. You can also specify a uid + manually by adding uid = 1000; - -to the user specification. - -Groups can be specified similarly. The following states that a -group named students shall exist: - + to the user specification. + + + Groups can be specified similarly. The following states that a group named + students shall exist: .students.gid = 1000; - -As with users, the group ID (gid) is optional and will be assigned -automatically if it’s missing. - -In the imperative style, users and groups are managed by -commands such as useradd, -groupmod and so on. For instance, to create a user -account named alice: - + As with users, the group ID (gid) is optional and will be assigned + automatically if it’s missing. + + + In the imperative style, users and groups are managed by commands such as + useradd, groupmod and so on. For + instance, to create a user account named alice: # useradd -m alice - -To make all nix tools available to this new user use `su - USER` which -opens a login shell (==shell that loads the profile) for given user. -This will create the ~/.nix-defexpr symlink. So run: - + To make all nix tools available to this new user use `su - USER` which opens + a login shell (==shell that loads the profile) for given user. This will + create the ~/.nix-defexpr symlink. So run: # su - alice -c "true" - - -The flag causes the creation of a home directory -for the new user, which is generally what you want. The user does not -have an initial password and therefore cannot log in. A password can -be set using the passwd utility: - + The flag causes the creation of a home directory for the + new user, which is generally what you want. The user does not have an initial + password and therefore cannot log in. A password can be set using the + passwd utility: # passwd alice Enter new UNIX password: *** Retype new UNIX password: *** - -A user can be deleted using userdel: - + A user can be deleted using userdel: # userdel -r alice - -The flag deletes the user’s home directory. -Accounts can be modified using usermod. Unix -groups can be managed using groupadd, -groupmod and groupdel. - + The flag deletes the user’s home directory. Accounts + can be modified using usermod. Unix groups can be managed + using groupadd, groupmod and + groupdel. + diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml index 6ce43a43700..999447234ad 100644 --- a/nixos/doc/manual/configuration/wireless.xml +++ b/nixos/doc/manual/configuration/wireless.xml @@ -3,22 +3,20 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-wireless"> + Wireless Networks -Wireless Networks - -For a desktop installation using NetworkManager (e.g., GNOME), -you just have to make sure the user is in the -networkmanager group and you can skip the rest of this -section on wireless networks. - - -NixOS will start wpa_supplicant for you if you enable this setting: + + For a desktop installation using NetworkManager (e.g., GNOME), you just have + to make sure the user is in the networkmanager group and you can + skip the rest of this section on wireless networks. + + + NixOS will start wpa_supplicant for you if you enable this setting: = true; - -NixOS lets you specify networks for wpa_supplicant declaratively: + NixOS lets you specify networks for wpa_supplicant declaratively: = { echelon = { @@ -27,27 +25,21 @@ NixOS lets you specify networks for wpa_supplicant declaratively: "free.wifi" = {}; } + Be aware that keys will be written to the nix store in plaintext! When no + networks are set, it will default to using a configuration file at + /etc/wpa_supplicant.conf. You should edit this file + yourself to define wireless networks, WPA keys and so on (see + wpa_supplicant.conf(5)). + -Be aware that keys will be written to the nix store in plaintext! - -When no networks are set, it will default to using a configuration file at -/etc/wpa_supplicant.conf. You should edit this file -yourself to define wireless networks, WPA keys and so on (see -wpa_supplicant.conf(5)). - - - -If you are using WPA2 the wpa_passphrase tool might be useful -to generate the wpa_supplicant.conf. - + + If you are using WPA2 the wpa_passphrase tool might be + useful to generate the wpa_supplicant.conf. # wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf - -After you have edited the wpa_supplicant.conf, -you need to restart the wpa_supplicant service. - + After you have edited the wpa_supplicant.conf, you need to + restart the wpa_supplicant service. # systemctl restart wpa_supplicant.service - - + diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index fd0daf6c6e5..9a0969ad635 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -3,27 +3,25 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-x11"> - -X Window System - -The X Window System (X11) provides the basis of NixOS’ graphical -user interface. It can be enabled as follows: + X Window System + + The X Window System (X11) provides the basis of NixOS’ graphical user + interface. It can be enabled as follows: = true; -The X server will automatically detect and use the appropriate video -driver from a set of X.org drivers (such as vesa -and intel). You can also specify a driver -manually, e.g. + The X server will automatically detect and use the appropriate video driver + from a set of X.org drivers (such as vesa and + intel). You can also specify a driver manually, e.g. = [ "r128" ]; -to enable X.org’s xf86-video-r128 driver. - -You also need to enable at least one desktop or window manager. -Otherwise, you can only log into a plain undecorated -xterm window. Thus you should pick one or more of -the following lines: + to enable X.org’s xf86-video-r128 driver. + + + You also need to enable at least one desktop or window manager. Otherwise, + you can only log into a plain undecorated xterm window. + Thus you should pick one or more of the following lines: = true; = true; @@ -33,108 +31,105 @@ the following lines: = true; = true; - - -NixOS’s default display manager (the -program that provides a graphical login prompt and manages the X -server) is SLiM. You can select an alternative one by picking one -of the following lines: + + + NixOS’s default display manager (the program that + provides a graphical login prompt and manages the X server) is SLiM. You can + select an alternative one by picking one of the following lines: = true; = true; - - -You can set the keyboard layout (and optionally the layout variant): + + + You can set the keyboard layout (and optionally the layout variant): = "de"; = "neo"; - - -The X server is started automatically at boot time. If you -don’t want this to happen, you can set: + + + The X server is started automatically at boot time. If you don’t want this + to happen, you can set: = false; -The X server can then be started manually: + The X server can then be started manually: # systemctl start display-manager.service - - - -NVIDIA Graphics Cards - -NVIDIA provides a proprietary driver for its graphics cards that -has better 3D performance than the X.org drivers. It is not enabled -by default because it’s not free software. You can enable it as follows: + + + NVIDIA Graphics Cards + + NVIDIA provides a proprietary driver for its graphics cards that has better + 3D performance than the X.org drivers. It is not enabled by default because + it’s not free software. You can enable it as follows: = [ "nvidia" ]; -Or if you have an older card, you may have to use one of the legacy drivers: + Or if you have an older card, you may have to use one of the legacy drivers: = [ "nvidiaLegacy340" ]; = [ "nvidiaLegacy304" ]; = [ "nvidiaLegacy173" ]; -You may need to reboot after enabling this driver to prevent a clash -with other kernel modules. - -On 64-bit systems, if you want full acceleration for 32-bit -programs such as Wine, you should also set the following: + You may need to reboot after enabling this driver to prevent a clash with + other kernel modules. + + + On 64-bit systems, if you want full acceleration for 32-bit programs such as + Wine, you should also set the following: = true; - - - - -AMD Graphics Cards - -AMD provides a proprietary driver for its graphics cards that -has better 3D performance than the X.org drivers. It is not enabled -by default because it’s not free software. You can enable it as follows: + + + + AMD Graphics Cards + + AMD provides a proprietary driver for its graphics cards that has better 3D + performance than the X.org drivers. It is not enabled by default because + it’s not free software. You can enable it as follows: = [ "ati_unfree" ]; -You will need to reboot after enabling this driver to prevent a clash -with other kernel modules. - -On 64-bit systems, if you want full acceleration for 32-bit -programs such as Wine, you should also set the following: + You will need to reboot after enabling this driver to prevent a clash with + other kernel modules. + + + On 64-bit systems, if you want full acceleration for 32-bit programs such as + Wine, you should also set the following: = true; - - - - -Touchpads - -Support for Synaptics touchpads (found in many laptops such as -the Dell Latitude series) can be enabled as follows: + + + + Touchpads + + Support for Synaptics touchpads (found in many laptops such as the Dell + Latitude series) can be enabled as follows: = true; -The driver has many options (see ). For -instance, the following disables tap-to-click behavior: + The driver has many options (see ). For + instance, the following disables tap-to-click behavior: = false; -Note: the use of services.xserver.synaptics is deprecated since NixOS 17.09. - - - - -GTK/Qt themes - -GTK themes can be installed either to user profile or system-wide (via -environment.systemPackages). To make Qt 5 applications look similar -to GTK2 ones, you can install qt5.qtbase.gtk package into your -system environment. It should work for all Qt 5 library versions. - - - - + Note: the use of services.xserver.synaptics is deprecated + since NixOS 17.09. + + + + GTK/Qt themes + + GTK themes can be installed either to user profile or system-wide (via + environment.systemPackages). To make Qt 5 applications + look similar to GTK2 ones, you can install qt5.qtbase.gtk + package into your system environment. It should work for all Qt 5 library + versions. + + diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 8cb592faed5..40e61d2bd69 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -3,23 +3,20 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-xfce"> - - Xfce Desktop Environment - - - To enable the Xfce Desktop Environment, set - + Xfce Desktop Environment + + To enable the Xfce Desktop Environment, set + services.xserver.desktopManager = { xfce.enable = true; default = "xfce"; }; - - - - Optionally, compton - can be enabled for nice graphical effects, some example settings: - + + + Optionally, compton can be enabled for nice graphical + effects, some example settings: + services.compton = { enable = true; fade = true; @@ -28,67 +25,48 @@ fadeDelta = 4; }; - - - - Some Xfce programs are not installed automatically. - To install them manually (system wide), put them into your - . - - - - Thunar Volume Support - - - To enable - Thunar - volume support, put - + + + Some Xfce programs are not installed automatically. To install them manually + (system wide), put them into your + . + + + Thunar Volume Support + + To enable Thunar volume support, put + = true; - into your configuration.nix. - - - - - - Polkit Authentication Agent - - - There is no authentication agent automatically installed alongside - Xfce. To allow mounting of local (non-removable) filesystems, you - will need to install one. - - Installing polkit_gnome, a rebuild, logout and - login did the trick. - - - - - - Troubleshooting - - - Even after enabling udisks2, volume management might not work. - Thunar and/or the desktop takes time to show up. - - Thunar will spit out this kind of message on start - (look at journalctl --user -b). - - + into your configuration.nix. + + + + Polkit Authentication Agent + + There is no authentication agent automatically installed alongside Xfce. To + allow mounting of local (non-removable) filesystems, you will need to + install one. Installing polkit_gnome, a rebuild, logout + and login did the trick. + + + + Troubleshooting + + Even after enabling udisks2, volume management might not work. Thunar and/or + the desktop takes time to show up. Thunar will spit out this kind of message + on start (look at journalctl --user -b). + Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported - - This is caused by some needed GNOME services not running. - This is all fixed by enabling "Launch GNOME services on startup" in - the Advanced tab of the Session and Startup settings panel. - Alternatively, you can run this command to do the same thing. - + This is caused by some needed GNOME services not running. This is all fixed + by enabling "Launch GNOME services on startup" in the Advanced tab of the + Session and Startup settings panel. Alternatively, you can run this command + to do the same thing. + $ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true - A log-out and re-log will be needed for this to take effect. - - - - + A log-out and re-log will be needed for this to take effect. + + diff --git a/nixos/doc/manual/development/assertions.xml b/nixos/doc/manual/development/assertions.xml index d3434e1f112..17c38ffcc71 100644 --- a/nixos/doc/manual/development/assertions.xml +++ b/nixos/doc/manual/development/assertions.xml @@ -3,30 +3,29 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-assertions"> + Warnings and Assertions -Warnings and Assertions + + When configuration problems are detectable in a module, it is a good idea to + write an assertion or warning. Doing so provides clear feedback to the user + and prevents errors after the build. + - - When configuration problems are detectable in a module, it is a good - idea to write an assertion or warning. Doing so provides clear - feedback to the user and prevents errors after the build. - - - + Although Nix has the abort and - builtins.trace functions to perform such tasks, - they are not ideally suited for NixOS modules. Instead of these - functions, you can declare your warnings and assertions using the + builtins.trace + functions + to perform such tasks, they are not ideally suited for NixOS modules. Instead + of these functions, you can declare your warnings and assertions using the NixOS module system. - + -
+
+ Warnings -Warnings - - - This is an example of using warnings. - + + This is an example of using warnings. + +
-
+
+ Assertions -
- -Assertions - - - - This example, extracted from the - - syslogd module - shows how to use assertions. Since there - can only be one active syslog daemon at a time, an assertion is useful to - prevent such a broken system from being built. - + + This example, extracted from the + + syslogd module shows how to use + assertions. Since there can only be one active syslog + daemon at a time, an assertion is useful to prevent such a broken system + from being built. + - -
- +
diff --git a/nixos/doc/manual/development/building-nixos.xml b/nixos/doc/manual/development/building-nixos.xml index 2f963f8666f..23d9ddf88a7 100644 --- a/nixos/doc/manual/development/building-nixos.xml +++ b/nixos/doc/manual/development/building-nixos.xml @@ -3,30 +3,25 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-building-cd"> - -Building Your Own NixOS CD - -Building a NixOS CD is as easy as configuring your own computer. The -idea is to use another module which will replace -your configuration.nix to configure the system that -would be installed on the CD. - -Default CD/DVD configurations are available -inside nixos/modules/installer/cd-dvd. - + Building Your Own NixOS CD + + Building a NixOS CD is as easy as configuring your own computer. The idea is + to use another module which will replace your + configuration.nix to configure the system that would be + installed on the CD. + + + Default CD/DVD configurations are available inside + nixos/modules/installer/cd-dvd. $ git clone https://github.com/NixOS/nixpkgs.git $ cd nixpkgs/nixos $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix - - - -Before burning your CD/DVD, you can check the content of the image by mounting anywhere like -suggested by the following command: - + + + Before burning your CD/DVD, you can check the content of the image by + mounting anywhere like suggested by the following command: # mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso - - - + diff --git a/nixos/doc/manual/development/building-parts.xml b/nixos/doc/manual/development/building-parts.xml index 09a40114f02..031048aaa37 100644 --- a/nixos/doc/manual/development/building-parts.xml +++ b/nixos/doc/manual/development/building-parts.xml @@ -3,111 +3,110 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-building-parts"> - -Building Specific Parts of NixOS - -With the command nix-build, you can build -specific parts of your NixOS configuration. This is done as follows: - + Building Specific Parts of NixOS + + With the command nix-build, you can build specific parts + of your NixOS configuration. This is done as follows: $ cd /path/to/nixpkgs/nixos $ nix-build -A config.option - -where option is a NixOS option with type -“derivation” (i.e. something that can be built). Attributes of -interest include: - - - - - system.build.toplevel + where option is a NixOS option with type + “derivation” (i.e. something that can be built). Attributes of interest + include: + + + system.build.toplevel + - The top-level option that builds the entire NixOS system. - Everything else in your configuration is indirectly pulled in by - this option. This is what nixos-rebuild - builds and what /run/current-system points - to afterwards. - - A shortcut to build this is: - + + The top-level option that builds the entire NixOS system. Everything else + in your configuration is indirectly pulled in by this option. This is + what nixos-rebuild builds and what + /run/current-system points to afterwards. + + + A shortcut to build this is: $ nix-build -A system - + - - - - system.build.manual.manual - The NixOS manual. - - - - system.build.etc - A tree of symlinks that form the static parts of - /etc. - - - - system.build.initialRamdisk - system.build.kernel + + + system.build.manual.manual + - The initial ramdisk and kernel of the system. This allows - a quick way to test whether the kernel and the initial ramdisk - boot correctly, by using QEMU’s and - options: - + + The NixOS manual. + + + + + system.build.etc + + + + A tree of symlinks that form the static parts of + /etc. + + + + + system.build.initialRamdisk + + system.build.kernel + + + + The initial ramdisk and kernel of the system. This allows a quick way to + test whether the kernel and the initial ramdisk boot correctly, by using + QEMU’s and options: $ nix-build -A config.system.build.initialRamdisk -o initrd $ nix-build -A config.system.build.kernel -o kernel $ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null - - + - - - - system.build.nixos-rebuild - system.build.nixos-install - system.build.nixos-generate-config + + + system.build.nixos-rebuild + + system.build.nixos-install + + system.build.nixos-generate-config + - These build the corresponding NixOS commands. + + These build the corresponding NixOS commands. + - - - - systemd.units.unit-name.unit + + + systemd.units.unit-name.unit + - This builds the unit with the specified name. Note that - since unit names contain dots - (e.g. httpd.service), you need to put them - between quotes, like this: - + + This builds the unit with the specified name. Note that since unit names + contain dots (e.g. httpd.service), you need to put + them between quotes, like this: $ nix-build -A 'config.systemd.units."httpd.service".unit' - - You can also test individual units, without rebuilding the whole - system, by putting them in - /run/systemd/system: - + You can also test individual units, without rebuilding the whole system, + by putting them in /run/systemd/system: $ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \ /run/systemd/system/tmp-httpd.service # systemctl daemon-reload # systemctl start tmp-httpd.service - Note that the unit must not have the same name as any unit in - /etc/systemd/system since those take - precedence over /run/systemd/system. - That’s why the unit is installed as - tmp-httpd.service here. + /etc/systemd/system since those take precedence over + /run/systemd/system. That’s why the unit is + installed as tmp-httpd.service here. + - - - - - - + + + diff --git a/nixos/doc/manual/development/development.xml b/nixos/doc/manual/development/development.xml index 47343d93cde..03dee6ff09b 100644 --- a/nixos/doc/manual/development/development.xml +++ b/nixos/doc/manual/development/development.xml @@ -3,21 +3,18 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-development"> - -Development - - -This chapter describes how you can modify and extend -NixOS. - - - - - - - - - - - + Development + + + This chapter describes how you can modify and extend NixOS. + + + + + + + + + + diff --git a/nixos/doc/manual/development/importing-modules.xml b/nixos/doc/manual/development/importing-modules.xml index ec1da09b950..1c6a5671eda 100644 --- a/nixos/doc/manual/development/importing-modules.xml +++ b/nixos/doc/manual/development/importing-modules.xml @@ -3,13 +3,12 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-importing-modules"> + Importing Modules -Importing Modules - - - Sometimes NixOS modules need to be used in configuration but exist - outside of Nixpkgs. These modules can be imported: - + + Sometimes NixOS modules need to be used in configuration but exist outside of + Nixpkgs. These modules can be imported: + { config, lib, pkgs, ... }: @@ -25,12 +24,11 @@ } - - The environment variable NIXOS_EXTRA_MODULE_PATH is - an absolute path to a NixOS module that is included alongside the - Nixpkgs NixOS modules. Like any NixOS module, this module can import - additional modules: - + + The environment variable NIXOS_EXTRA_MODULE_PATH is an + absolute path to a NixOS module that is included alongside the Nixpkgs NixOS + modules. Like any NixOS module, this module can import additional modules: + # ./module-list/default.nix @@ -55,5 +53,4 @@ services.exampleModule1.enable = true; } - diff --git a/nixos/doc/manual/development/meta-attributes.xml b/nixos/doc/manual/development/meta-attributes.xml index de0870314dc..3d019a4987e 100644 --- a/nixos/doc/manual/development/meta-attributes.xml +++ b/nixos/doc/manual/development/meta-attributes.xml @@ -3,22 +3,26 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-meta-attributes"> + Meta Attributes -Meta Attributes - -Like Nix packages, NixOS modules can declare meta-attributes to provide - extra information. Module meta attributes are defined in the + + Like Nix packages, NixOS modules can declare meta-attributes to provide extra + information. Module meta attributes are defined in the meta.nix - special module. + special module. + -meta is a top level attribute like + + meta is a top level attribute like options and config. Available meta-attributes are maintainers and - doc. + doc. + -Each of the meta-attributes must be defined at most once per module - file. + + Each of the meta-attributes must be defined at most once per module file. + { config, lib, pkgs, ... }: @@ -39,24 +43,21 @@ } - - - + + + maintainers contains a list of the module maintainers. - - - - - + + + + doc points to a valid DocBook file containing the module - documentation. Its contents is automatically added to . - Changes to a module documentation have to be checked to not break - building the NixOS manual: - - $ nix-build nixos/release.nix -A manual - - - - + documentation. Its contents is automatically added to + . Changes to a module documentation + have to be checked to not break building the NixOS manual: + +$ nix-build nixos/release.nix -A manual + + diff --git a/nixos/doc/manual/development/nixos-tests.xml b/nixos/doc/manual/development/nixos-tests.xml index c09c41ea3bd..2695082e386 100644 --- a/nixos/doc/manual/development/nixos-tests.xml +++ b/nixos/doc/manual/development/nixos-tests.xml @@ -3,18 +3,17 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-nixos-tests"> - -NixOS Tests - -When you add some feature to NixOS, you should write a test for -it. NixOS tests are kept in the directory NixOS Tests + + When you add some feature to NixOS, you should write a test for it. NixOS + tests are kept in the directory + nixos/tests, -and are executed (using Nix) by a testing framework that automatically -starts one or more virtual machines containing the NixOS system(s) -required for the test. - - - - - + and are executed (using Nix) by a testing framework that automatically starts + one or more virtual machines containing the NixOS system(s) required for the + test. + + + + diff --git a/nixos/doc/manual/development/option-declarations.xml b/nixos/doc/manual/development/option-declarations.xml index ed718c89eb7..a8f528a0a80 100644 --- a/nixos/doc/manual/development/option-declarations.xml +++ b/nixos/doc/manual/development/option-declarations.xml @@ -3,14 +3,12 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-option-declarations"> + Option Declarations -Option Declarations - -An option declaration specifies the name, type and description -of a NixOS configuration option. It is invalid to define an option -that hasn’t been declared in any module. An option declaration -generally looks like this: - + + An option declaration specifies the name, type and description of a NixOS + configuration option. It is invalid to define an option that hasn’t been + declared in any module. An option declaration generally looks like this: options = { name = mkOption { @@ -21,146 +19,177 @@ options = { }; }; - -The attribute names within the name -attribute path must be camel cased in general but should, as an -exception, match the -name attribute path + must be camel cased in general but should, as an exception, match the + -package attribute name when referencing a Nixpkgs package. For -example, the option services.nix-serve.bindAddress -references the nix-serve Nixpkgs package. + package attribute name when referencing a Nixpkgs package. For + example, the option services.nix-serve.bindAddress + references the nix-serve Nixpkgs package. + - - -The function mkOption accepts the following arguments. - - - - - type + + The function mkOption accepts the following arguments. + + + type + - The type of the option (see ). - It may be omitted, but that’s not advisable since it may lead to errors - that are hard to diagnose. + + The type of the option (see ). It may + be omitted, but that’s not advisable since it may lead to errors that + are hard to diagnose. + - - - - default + + + default + - The default value used if no value is defined by any - module. A default is not required; but if a default is not given, - then users of the module will have to define the value of the - option, otherwise an error will be thrown. + + The default value used if no value is defined by any module. A default is + not required; but if a default is not given, then users of the module + will have to define the value of the option, otherwise an error will be + thrown. + - - - - example + + + example + - An example value that will be shown in the NixOS manual. + + An example value that will be shown in the NixOS manual. + - - - - description + + + description + - A textual description of the option, in DocBook format, - that will be included in the NixOS manual. + + A textual description of the option, in DocBook format, that will be + included in the NixOS manual. + - + + + - +
+ Extensible Option Types - - -
Extensible Option - Types - - Extensible option types is a feature that allow to extend certain types - declaration through multiple module files. - This feature only work with a restricted set of types, namely - enum and submodules and any composed - forms of them. - - Extensible option types can be used for enum options - that affects multiple modules, or as an alternative to related - enable options. - - As an example, we will take the case of display managers. There is a - central display manager module for generic display manager options and a - module file per display manager backend (slim, sddm, gdm ...). + + Extensible option types is a feature that allow to extend certain types + declaration through multiple module files. This feature only work with a + restricted set of types, namely enum and + submodules and any composed forms of them. - There are two approach to this module structure: - - - Managing the display managers independently by adding an - enable option to every display manager module backend. (NixOS) - - Managing the display managers in the central module by - adding an option to select which display manager backend to use. - - + + Extensible option types can be used for enum options that + affects multiple modules, or as an alternative to related + enable options. - Both approaches have problems. + + As an example, we will take the case of display managers. There is a central + display manager module for generic display manager options and a module file + per display manager backend (slim, sddm, gdm ...). + - Making backends independent can quickly become hard to manage. For - display managers, there can be only one enabled at a time, but the type - system can not enforce this restriction as there is no relation between - each backend enable option. As a result, this restriction - has to be done explicitely by adding assertions in each display manager - backend module. + + There are two approach to this module structure: + + + + Managing the display managers independently by adding an enable option to + every display manager module backend. (NixOS) + + + + + Managing the display managers in the central module by adding an option + to select which display manager backend to use. + + + + - On the other hand, managing the display managers backends in the - central module will require to change the central module option every time - a new backend is added or removed. + + Both approaches have problems. + - By using extensible option types, it is possible to create a placeholder - option in the central module (), and to extend it in each backend module (, ). + + Making backends independent can quickly become hard to manage. For display + managers, there can be only one enabled at a time, but the type system can + not enforce this restriction as there is no relation between each backend + enable option. As a result, this restriction has to be + done explicitely by adding assertions in each display manager backend + module. + - As a result, displayManager.enable option values can - be added without changing the main service module file and the type system - automatically enforce that there can only be a single display manager - enabled. + + On the other hand, managing the display managers backends in the central + module will require to change the central module option every time a new + backend is added or removed. + -Extensible type - placeholder in the service module + + By using extensible option types, it is possible to create a placeholder + option in the central module + (), and to extend + it in each backend module + (, + ). + + + + As a result, displayManager.enable option values can be + added without changing the main service module file and the type system + automatically enforce that there can only be a single display manager + enabled. + + + + Extensible type placeholder in the service module services.xserver.displayManager.enable = mkOption { description = "Display manager to use"; type = with types; nullOr (enum [ ]); -}; +}; + -Extending - <literal>services.xserver.displayManager.enable</literal> in the - <literal>slim</literal> module + + Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>slim</literal> module services.xserver.displayManager.enable = mkOption { type = with types; nullOr (enum [ "slim" ]); -}; +}; + -Extending - <literal>services.xserver.displayManager.enable</literal> in the - <literal>sddm</literal> module + + Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>sddm</literal> module services.xserver.displayManager.enable = mkOption { type = with types; nullOr (enum [ "sddm" ]); -}; +}; + -The placeholder declaration is a standard mkOption - declaration, but it is important that extensible option declarations only use - the type argument. - -Extensible option types work with any of the composed variants of - enum such as - with types; nullOr (enum [ "foo" "bar" ]) - or with types; listOf (enum [ "foo" "bar" ]). + + The placeholder declaration is a standard mkOption + declaration, but it is important that extensible option declarations only + use the type argument. + -
+ + Extensible option types work with any of the composed variants of + enum such as with types; nullOr (enum [ "foo" + "bar" ]) or with types; listOf (enum [ "foo" "bar" + ]). + +
diff --git a/nixos/doc/manual/development/option-def.xml b/nixos/doc/manual/development/option-def.xml index 4e267ecfd1e..580a5afd58c 100644 --- a/nixos/doc/manual/development/option-def.xml +++ b/nixos/doc/manual/development/option-def.xml @@ -3,39 +3,36 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-option-definitions"> + Option Definitions -Option Definitions - -Option definitions are generally straight-forward bindings of values to option names, like - + + Option definitions are generally straight-forward bindings of values to + option names, like config = { services.httpd.enable = true; }; + However, sometimes you need to wrap an option definition or set of option + definitions in a property to achieve certain effects: + -However, sometimes you need to wrap an option definition or set of -option definitions in a property to achieve -certain effects: - -Delaying Conditionals - -If a set of option definitions is conditional on the value of -another option, you may need to use mkIf. -Consider, for instance: - + + Delaying Conditionals + + If a set of option definitions is conditional on the value of another + option, you may need to use mkIf. Consider, for instance: config = if config.services.httpd.enable then { environment.systemPackages = [ ... ]; ... } else {}; - -This definition will cause Nix to fail with an “infinite recursion” -error. Why? Because the value of - depends on the value -being constructed here. After all, you could also write the clearly -circular and contradictory: + This definition will cause Nix to fail with an “infinite recursion” + error. Why? Because the value of + depends on the value being + constructed here. After all, you could also write the clearly circular and + contradictory: config = if config.services.httpd.enable then { services.httpd.enable = false; @@ -43,56 +40,49 @@ config = if config.services.httpd.enable then { services.httpd.enable = true; }; - -The solution is to write: - + The solution is to write: config = mkIf config.services.httpd.enable { environment.systemPackages = [ ... ]; ... }; - -The special function mkIf causes the evaluation of -the conditional to be “pushed down” into the individual definitions, -as if you had written: - + The special function mkIf causes the evaluation of the + conditional to be “pushed down” into the individual definitions, as if + you had written: config = { environment.systemPackages = if config.services.httpd.enable then [ ... ] else []; ... }; + + - - - - -Setting Priorities - -A module can override the definitions of an option in other -modules by setting a priority. All option -definitions that do not have the lowest priority value are discarded. -By default, option definitions have priority 1000. You can specify an -explicit priority by using mkOverride, e.g. - + + Setting Priorities + + A module can override the definitions of an option in other modules by + setting a priority. All option definitions that do not + have the lowest priority value are discarded. By default, option definitions + have priority 1000. You can specify an explicit priority by using + mkOverride, e.g. services.openssh.enable = mkOverride 10 false; + This definition causes all other definitions with priorities above 10 to be + discarded. The function mkForce is equal to + mkOverride 50. + + -This definition causes all other definitions with priorities above 10 -to be discarded. The function mkForce is -equal to mkOverride 50. - - - -Merging Configurations - -In conjunction with mkIf, it is sometimes -useful for a module to return multiple sets of option definitions, to -be merged together as if they were declared in separate modules. This -can be done using mkMerge: - + + Merging Configurations + + In conjunction with mkIf, it is sometimes useful for a + module to return multiple sets of option definitions, to be merged together + as if they were declared in separate modules. This can be done using + mkMerge: config = mkMerge [ # Unconditional stuff. @@ -104,9 +94,6 @@ config = mkMerge }) ]; - - - - - - \ No newline at end of file + + + diff --git a/nixos/doc/manual/development/option-types.xml b/nixos/doc/manual/development/option-types.xml index 13fa8d1e114..7969d812473 100644 --- a/nixos/doc/manual/development/option-types.xml +++ b/nixos/doc/manual/development/option-types.xml @@ -3,241 +3,346 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-option-types"> + Options Types -Options Types + + Option types are a way to put constraints on the values a module option can + take. Types are also responsible of how values are merged in case of multiple + value definitions. + - Option types are a way to put constraints on the values a module option - can take. - Types are also responsible of how values are merged in case of multiple - value definitions. -
Basic Types +
+ Basic Types - Basic types are the simplest available types in the module system. - Basic types include multiple string types that mainly differ in how - definition merging is handled. + + Basic types are the simplest available types in the module system. Basic + types include multiple string types that mainly differ in how definition + merging is handled. + - - - types.bool - A boolean, its values can be true or - false. - - - types.path - A filesystem path, defined as anything that when coerced to - a string starts with a slash. Even if derivations can be considered as - path, the more specific types.package should be - preferred. - - - types.package - A derivation or a store path. - - - -Integer-related types: - - - - types.int - A signed integer. - - - - types.ints.{s8, s16, s32} + + + types.bool - Signed integers with a fixed length (8, 16 or 32 bits). - They go from - −2n/2 - to - 2n/2−1 - - respectively (e.g. −128 to 127 - for 8 bits). - - - - - types.ints.unsigned - - An unsigned integer (that is >= 0). - - - - - types.ints.{u8, u16, u32} + + A boolean, its values can be true or + false. + + + + + types.path - Unsigned integers with a fixed length (8, 16 or 32 bits). - They go from - 0 to - 2n−1 - - respectively (e.g. 0 to 255 - for 8 bits). - - - - - types.ints.positive + + A filesystem path, defined as anything that when coerced to a string + starts with a slash. Even if derivations can be considered as path, the + more specific types.package should be preferred. + + + + + types.package - A positive integer (that is > 0). - - - + + + A derivation or a store path. + + + + -String-related types: + + Integer-related types: + - - - types.str - A string. Multiple definitions cannot be - merged. - - - types.lines - A string. Multiple definitions are concatenated with a new - line "\n". - - - types.commas - A string. Multiple definitions are concatenated with a comma - ",". - - - types.envVar - A string. Multiple definitions are concatenated with a - collon ":". - - - types.strMatching - A string matching a specific regular expression. Multiple - definitions cannot be merged. The regular expression is processed using - builtins.match. - - + + + types.int + + + + A signed integer. + + + + + types.ints.{s8, s16, s32} + + + + Signed integers with a fixed length (8, 16 or 32 bits). They go from + −2n/2 + to + 2n/2−1 + respectively (e.g. −128 to + 127 for 8 bits). + + + + + types.ints.unsigned + + + + An unsigned integer (that is >= 0). + + + + + types.ints.{u8, u16, u32} + + + + Unsigned integers with a fixed length (8, 16 or 32 bits). They go from + 0 to + + 2n−1 + respectively (e.g. 0 to + 255 for 8 bits). + + + + + types.ints.positive + + + + A positive integer (that is > 0). + + + + + + String-related types: + + + + + types.str + + + + A string. Multiple definitions cannot be merged. + + + + + types.lines + + + + A string. Multiple definitions are concatenated with a new line + "\n". + + + + + types.commas + + + + A string. Multiple definitions are concatenated with a comma + ",". + + + + + types.envVar + + + + A string. Multiple definitions are concatenated with a collon + ":". + + + + + types.strMatching + + + + A string matching a specific regular expression. Multiple definitions + cannot be merged. The regular expression is processed using + builtins.match. + + + +
-
Value Types +
+ Value Types - Value types are types that take a value parameter. + + Value types are types that take a value parameter. + - - - types.enum l - One element of the list l, e.g. - types.enum [ "left" "right" ]. Multiple definitions - cannot be merged. - - - types.separatedString - sep - A string with a custom separator - sep, e.g. types.separatedString - "|". - - - - types.ints.between - lowest - highest + + + types.enuml - An integer between lowest - and highest (both inclusive). - Useful for creating types like types.port. - - - - types.submodule o - A set of sub options o. - o can be an attribute set or a function - returning an attribute set. Submodules are used in composed types to - create modular options. Submodule are detailed in . - - + + + One element of the list l, e.g. + types.enum [ "left" "right" ]. Multiple definitions + cannot be merged. + + + + + types.separatedStringsep + + + + A string with a custom separator sep, e.g. + types.separatedString "|". + + + + + types.ints.betweenlowesthighest + + + + An integer between lowest and + highest (both inclusive). Useful for creating + types like types.port. + + + + + types.submoduleo + + + + A set of sub options o. + o can be an attribute set or a function + returning an attribute set. Submodules are used in composed types to + create modular options. Submodule are detailed in + . + + + +
-
Composed Types +
+ Composed Types - Composed types are types that take a type as parameter. listOf - int and either int str are examples of - composed types. + + Composed types are types that take a type as parameter. listOf + int and either int str are examples of composed + types. + - - - types.listOf t - A list of t type, e.g. - types.listOf int. Multiple definitions are merged - with list concatenation. - - - types.attrsOf t - An attribute set of where all the values are of - t type. Multiple definitions result in the - joined attribute set. - - - types.loaOf t - An attribute set or a list of t - type. Multiple definitions are merged according to the - value. - - - types.nullOr t - null or type - t. Multiple definitions are merged according - to type t. - - - types.uniq t - Ensures that type t cannot be - merged. It is used to ensure option definitions are declared only - once. - - - types.either t1 - t2 - Type t1 or type - t2, e.g. with types; either int - str. Multiple definitions cannot be - merged. - - - types.coercedTo from - f to - Type to or type - from which will be coerced to - type to using function - f which takes an argument of type - from and return a value of type - to. Can be used to preserve backwards - compatibility of an option if its type was changed. - - + + + types.listOft + + + + A list of t type, e.g. types.listOf + int. Multiple definitions are merged with list concatenation. + + + + + types.attrsOft + + + + An attribute set of where all the values are of + t type. Multiple definitions result in the + joined attribute set. + + + + + types.loaOft + + + + An attribute set or a list of t type. Multiple + definitions are merged according to the value. + + + + + types.nullOrt + + + + null or type t. Multiple + definitions are merged according to type t. + + + + + types.uniqt + + + + Ensures that type t cannot be merged. It is + used to ensure option definitions are declared only once. + + + + + types.eithert1t2 + + + + Type t1 or type t2, + e.g. with types; either int str. Multiple definitions + cannot be merged. + + + + + types.coercedTofromfto + + + + Type to or type + from which will be coerced to type + to using function f + which takes an argument of type from and + return a value of type to. Can be used to + preserve backwards compatibility of an option if its type was changed. + + + + +
-
+
+ Submodule -
Submodule + + submodule is a very powerful type that defines a set of + sub-options that are handled like a separate module. + - submodule is a very powerful type that defines a set - of sub-options that are handled like a separate module. + + It takes a parameter o, that should be a set, or + a function returning a set with an options key defining + the sub-options. Submodule option definitions are type-checked accordingly + to the options declarations. Of course, you can nest + submodule option definitons for even higher modularity. + - It takes a parameter o, that should be a set, - or a function returning a set with an options key - defining the sub-options. - Submodule option definitions are type-checked accordingly to the - options declarations. - Of course, you can nest submodule option definitons for even higher - modularity. + + The option set can be defined directly + () or as reference + (). + - The option set can be defined directly - () or as reference - (). - -Directly defined submodule + + Directly defined submodule options.mod = mkOption { description = "submodule example"; @@ -251,10 +356,11 @@ options.mod = mkOption { }; }; }; -}; +}; + -Submodule defined as a - reference + + Submodule defined as a reference let modOptions = { @@ -271,19 +377,20 @@ in options.mod = mkOption { description = "submodule example"; type = with types; submodule modOptions; -}; +}; + - The submodule type is especially interesting when - used with composed types like attrsOf or - listOf. - When composed with listOf - (), - submodule allows multiple definitions of the submodule - option set (). - + + The submodule type is especially interesting when used + with composed types like attrsOf or + listOf. When composed with listOf + (), + submodule allows multiple definitions of the submodule + option set (). + -Declaration of a list - of submodules + + Declaration of a list of submodules options.mod = mkOption { description = "submodule example"; @@ -297,24 +404,27 @@ options.mod = mkOption { }; }; }); -}; +}; + -Definition of a list of - submodules + + Definition of a list of submodules config.mod = [ { foo = 1; bar = "one"; } { foo = 2; bar = "two"; } -]; +]; + - When composed with attrsOf - (), - submodule allows multiple named definitions of the - submodule option set (). + + When composed with attrsOf + (), + submodule allows multiple named definitions of the + submodule option set (). -Declaration of - attribute sets of submodules + + Declaration of attribute sets of submodules options.mod = mkOption { description = "submodule example"; @@ -328,194 +438,281 @@ options.mod = mkOption { }; }; }); -}; +}; + -Declaration of - attribute sets of submodules + + Declaration of attribute sets of submodules config.mod.one = { foo = 1; bar = "one"; }; -config.mod.two = { foo = 2; bar = "two"; }; +config.mod.two = { foo = 2; bar = "two"; }; + +
-
+
+ Extending types -
Extending types + + Types are mainly characterized by their check and + merge functions. + - Types are mainly characterized by their check and - merge functions. - - - - check - The function to type check the value. Takes a value as - parameter and return a boolean. - It is possible to extend a type check with the - addCheck function (), or to fully override the - check function (). - -Adding a type check + + + check + + + + The function to type check the value. Takes a value as parameter and + return a boolean. It is possible to extend a type check with the + addCheck function + (), or to fully + override the check function + (). + + + Adding a type check byte = mkOption { description = "An integer between 0 and 255."; type = addCheck types.int (x: x >= 0 && x <= 255); -}; - -Overriding a type - check +}; + + + Overriding a type check nixThings = mkOption { description = "words that start with 'nix'"; type = types.str // { check = (x: lib.hasPrefix "nix" x) }; -}; +}; + - - - merge - Function to merge the options values when multiple values - are set. -The function takes two parameters, loc the option path as a -list of strings, and defs the list of defined values as a -list. -It is possible to override a type merge function for custom -needs. - - + + + merge + + + + Function to merge the options values when multiple values are set. The + function takes two parameters, loc the option path as + a list of strings, and defs the list of defined values + as a list. It is possible to override a type merge function for custom + needs. + + + + +
-
- -
Custom Types - -Custom types can be created with the mkOptionType - function. -As type creation includes some more complex topics such as submodule handling, -it is recommended to get familiar with types.nix -code before creating a new type. - -The only required parameter is name. - - - - name - A string representation of the type function - name. - - - definition - Description of the type used in documentation. Give - information of the type and any of its arguments. - - - check - A function to type check the definition value. Takes the - definition value as a parameter and returns a boolean indicating the - type check result, true for success and - false for failure. - - - merge - A function to merge multiple definitions values. Takes two - parameters: - - - loc - The option path as a list of strings, e.g. - ["boot" "loader "grub" - "enable"]. - - - defs - The list of sets of defined value - and file where the value was defined, e.g. - [ { file = "/foo.nix"; value = 1; } { file = "/bar.nix"; - value = 2 } ]. The merge function - should return the merged value or throw an error in case the - values are impossible or not meant to be merged. - - - - - - getSubOptions - For composed types that can take a submodule as type - parameter, this function generate sub-options documentation. It takes - the current option prefix as a list and return the set of sub-options. - Usually defined in a recursive manner by adding a term to the prefix, - e.g. prefix: elemType.getSubOptions (prefix ++ - ["prefix"]) where - "prefix" is the newly added - prefix. - - - getSubModules - For composed types that can take a submodule as type - parameter, this function should return the type parameters submodules. - If the type parameter is called elemType, the - function should just recursively look into submodules by returning - elemType.getSubModules;. - - - substSubModules - For composed types that can take a submodule as type - parameter, this function can be used to substitute the parameter of a - submodule type. It takes a module as parameter and return the type with - the submodule options substituted. It is usually defined as a type - function call with a recursive call to - substSubModules, e.g for a type - composedType that take an elemtype - type parameter, this function should be defined as m: - composedType (elemType.substSubModules m). - - - typeMerge - A function to merge multiple type declarations. Takes the - type to merge functor as parameter. A - null return value means that type cannot be - merged. - - - f - The type to merge - functor. - - - Note: There is a generic defaultTypeMerge that - work with most of value and composed types. - - - - functor - An attribute set representing the type. It is used for type - operations and has the following keys: - - - type - The type function. - - - wrapped - Holds the type parameter for composed types. - - - - payload - Holds the value parameter for value types. - The types that have a payload are the - enum, separatedString and - submodule types. - - - binOp - A binary operation that can merge the payloads of two - same types. Defined as a function that take two payloads as - parameters and return the payloads merged. - - - - - - -
+
+ Custom Types + + + Custom types can be created with the mkOptionType + function. As type creation includes some more complex topics such as + submodule handling, it is recommended to get familiar with + types.nix + code before creating a new type. + + + + The only required parameter is name. + + + + + name + + + + A string representation of the type function name. + + + + + definition + + + + Description of the type used in documentation. Give information of the + type and any of its arguments. + + + + + check + + + + A function to type check the definition value. Takes the definition value + as a parameter and returns a boolean indicating the type check result, + true for success and false for + failure. + + + + + merge + + + + A function to merge multiple definitions values. Takes two parameters: + + + + loc + + + + The option path as a list of strings, e.g. ["boot" "loader + "grub" "enable"]. + + + + + defs + + + + The list of sets of defined value and + file where the value was defined, e.g. [ { + file = "/foo.nix"; value = 1; } { file = "/bar.nix"; value = 2 } + ]. The merge function should return the + merged value or throw an error in case the values are impossible or + not meant to be merged. + + + + + + + + getSubOptions + + + + For composed types that can take a submodule as type parameter, this + function generate sub-options documentation. It takes the current option + prefix as a list and return the set of sub-options. Usually defined in a + recursive manner by adding a term to the prefix, e.g. prefix: + elemType.getSubOptions (prefix ++ + ["prefix"]) where + "prefix" is the newly added prefix. + + + + + getSubModules + + + + For composed types that can take a submodule as type parameter, this + function should return the type parameters submodules. If the type + parameter is called elemType, the function should just + recursively look into submodules by returning + elemType.getSubModules;. + + + + + substSubModules + + + + For composed types that can take a submodule as type parameter, this + function can be used to substitute the parameter of a submodule type. It + takes a module as parameter and return the type with the submodule + options substituted. It is usually defined as a type function call with a + recursive call to substSubModules, e.g for a type + composedType that take an elemtype + type parameter, this function should be defined as m: + composedType (elemType.substSubModules m). + + + + + typeMerge + + + + A function to merge multiple type declarations. Takes the type to merge + functor as parameter. A null return + value means that type cannot be merged. + + + + f + + + + The type to merge functor. + + + + + + Note: There is a generic defaultTypeMerge that work + with most of value and composed types. + + + + + functor + + + + An attribute set representing the type. It is used for type operations + and has the following keys: + + + + type + + + + The type function. + + + + + wrapped + + + + Holds the type parameter for composed types. + + + + + payload + + + + Holds the value parameter for value types. The types that have a + payload are the enum, + separatedString and submodule + types. + + + + + binOp + + + + A binary operation that can merge the payloads of two same types. + Defined as a function that take two payloads as parameters and return + the payloads merged. + + + + + + + +
diff --git a/nixos/doc/manual/development/releases.xml b/nixos/doc/manual/development/releases.xml index afcb970ed70..d4e5ff3f431 100755 --- a/nixos/doc/manual/development/releases.xml +++ b/nixos/doc/manual/development/releases.xml @@ -3,252 +3,258 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-releases"> - -Releases - -
+ Releases +
Release process - Going through an example of releasing NixOS 17.09: + Going through an example of releasing NixOS 17.09:
- One month before the beta - - - - Send an email to the nix-devel mailinglist as a warning about upcoming beta "feature freeze" in a month. - - - - - Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline. - Any issue or Pull Request targeting the release should be included in the release milestone. - - - -
-
- At beta release time - - - - Create - an issue for tracking Zero Hydra Failures progress. ZHF is an effort - to get build failures down to zero. - - - - - git tag -a -s -m "Release 17.09-beta" 17.09-beta && git push --tags - - - - - From the master branch run git checkout -B release-17.09. - - - - - - Make sure a channel is created at http://nixos.org/channels/. - - - - - - - Let a GitHub nixpkgs admin lock the branch on github for you. - (so developers can’t force push) - - - - - - - Bump the system.defaultChannel attribute in - nixos/modules/misc/version.nix - - - - - - - Update versionSuffix in - nixos/release.nix, use - git log --format=%an|wc -l to get the commit - count - - - - - echo -n "18.03" > .version on - master. - - - - - - Pick a new name for the unstable branch. - - - - - - Create a new release notes file for the upcoming release + 1, in this - case rl-1803.xml. - - - - - Create two Hydra jobsets: release-17.09 and release-17.09-small with stableBranch set to false. - - - - - Edit changelog at - nixos/doc/manual/release-notes/rl-1709.xml - (double check desktop versions are noted) - - - - - Get all new NixOS modules - git diff release-17.03..release-17.09 nixos/modules/module-list.nix|grep ^+ - - - - - Note systemd, kernel, glibc and Nix upgrades. - - - - - -
-
- During Beta - - - - Monitor the master branch for bugfixes and minor updates - and cherry-pick them to the release branch. - - - -
-
- Before the final release - - - - Re-check that the release notes are complete. - - - - - Release Nix (currently only Eelco Dolstra can do that). - - Make sure fallback is updated. - - - - - - - Update README.md with new stable NixOS version information. - - - - - - Change stableBranch to true and wait for channel to update. - - - -
-
- At final release time - - - - git tag -s -a -m "Release 15.09" 15.09 - - - - - Update http://nixos.org/nixos/download.html and http://nixos.org/nixos/manual in https://github.com/NixOS/nixos-org-configurations - - - - - Get number of commits for the release: - git log release-14.04..release-14.12 --format=%an|wc -l - - - - - Commits by contributor: - git log release-14.04..release-14.12 --format=%an|sort|uniq -c|sort -rn - - - - - Send an email to nix-dev to announce the release with above information. Best to check how previous email was formulated - to see what needs to be included. - - - -
-
+ One month before the beta -
+ + + + Send an email to the nix-devel mailinglist as a warning about upcoming + beta "feature freeze" in a month. + + + + + Discuss with Eelco Dolstra and the community (via IRC, ML) about what + will reach the deadline. Any issue or Pull Request targeting the release + should be included in the release milestone. + + + +
+ +
+ At beta release time + + + + + Create + an issue for tracking Zero Hydra Failures progress. ZHF is an effort to + get build failures down to zero. + + + + + git tag -a -s -m "Release 17.09-beta" 17.09-beta + && git push --tags + + + + + From the master branch run git checkout -B + release-17.09. + + + + + + Make sure a channel is created at http://nixos.org/channels/. + + + + + + Let a GitHub nixpkgs admin lock the branch on github for you. (so + developers can’t force push) + + + + + + Bump the system.defaultChannel attribute in + nixos/modules/misc/version.nix + + + + + + Update versionSuffix in + nixos/release.nix, use git log + --format=%an|wc -l to get the commit count + + + + + echo -n "18.03" > .version on master. + + + + + + Pick a new name for the unstable branch. + + + + + Create a new release notes file for the upcoming release + 1, in this + case rl-1803.xml. + + + + + Create two Hydra jobsets: release-17.09 and release-17.09-small with + stableBranch set to false. + + + + + Edit changelog at + nixos/doc/manual/release-notes/rl-1709.xml (double + check desktop versions are noted) + + + + + Get all new NixOS modules git diff + release-17.03..release-17.09 nixos/modules/module-list.nix|grep + ^+ + + + + + Note systemd, kernel, glibc and Nix upgrades. + + + + + +
+ +
+ During Beta + + + + + Monitor the master branch for bugfixes and minor updates and cherry-pick + them to the release branch. + + + +
+ +
+ Before the final release + + + + + Re-check that the release notes are complete. + + + + + Release Nix (currently only Eelco Dolstra can do that). + + Make sure fallback is updated. + + + + + + Update README.md with new stable NixOS version information. + + + + + Change stableBranch to true and wait for channel to + update. + + + +
+ +
+ At final release time + + + + + git tag -s -a -m "Release 15.09" 15.09 + + + + + Update http://nixos.org/nixos/download.html and + http://nixos.org/nixos/manual in + https://github.com/NixOS/nixos-org-configurations + + + + + Get number of commits for the release: git log + release-14.04..release-14.12 --format=%an|wc -l + + + + + Commits by contributor: git log release-14.04..release-14.12 + --format=%an|sort|uniq -c|sort -rn + + + + + Send an email to nix-dev to announce the release with above information. + Best to check how previous email was formulated to see what needs to be + included. + + + +
+
+
Release schedule - - - - - - + + + + + + Date - + Event - - - - - + + + + + 2016-07-25 - + Send email to nix-dev about upcoming branch-off - - - + + + 2016-09-01 - - release-16.09 branch and corresponding jobsets are created, + release-16.09 branch and corresponding jobsets are created, change freeze - - - + + + 2016-09-30 - + NixOS 16.09 released - - - + + + -
- +
diff --git a/nixos/doc/manual/development/replace-modules.xml b/nixos/doc/manual/development/replace-modules.xml index cc0539ec510..7b103c36d90 100644 --- a/nixos/doc/manual/development/replace-modules.xml +++ b/nixos/doc/manual/development/replace-modules.xml @@ -3,27 +3,31 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-replace-modules"> + Replace Modules -Replace Modules + + Modules that are imported can also be disabled. The option declarations and + config implementation of a disabled module will be ignored, allowing another + to take it's place. This can be used to import a set of modules from another + channel while keeping the rest of the system on a stable release. + -Modules that are imported can also be disabled. The option - declarations and config implementation of a disabled module will be - ignored, allowing another to take it's place. This can be used to - import a set of modules from another channel while keeping the rest - of the system on a stable release. -disabledModules is a top level attribute like + + disabledModules is a top level attribute like imports, options and - config. It contains a list of modules that will - be disabled. This can either be the full path to the module or a - string with the filename relative to the modules path - (eg. <nixpkgs/nixos/modules> for nixos). - + config. It contains a list of modules that will be + disabled. This can either be the full path to the module or a string with the + filename relative to the modules path (eg. <nixpkgs/nixos/modules> for + nixos). + -This example will replace the existing postgresql module with - the version defined in the nixos-unstable channel while keeping the - rest of the modules and packages from the original nixos channel. - This only overrides the module definition, this won't use postgresql - from nixos-unstable unless explicitly configured to do so. + + This example will replace the existing postgresql module with the version + defined in the nixos-unstable channel while keeping the rest of the modules + and packages from the original nixos channel. This only overrides the module + definition, this won't use postgresql from nixos-unstable unless explicitly + configured to do so. + { config, lib, pkgs, ... }: @@ -41,10 +45,11 @@ } -This example shows how to define a custom module as a - replacement for an existing module. Importing this module will - disable the original module without having to know it's - implementation details. + + This example shows how to define a custom module as a replacement for an + existing module. Importing this module will disable the original module + without having to know it's implementation details. + { config, lib, pkgs, ... }: @@ -71,5 +76,4 @@ in }; } - diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.xml b/nixos/doc/manual/development/running-nixos-tests-interactively.xml index e4749077781..862b364a6d7 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.xml +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.xml @@ -3,41 +3,38 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-running-nixos-tests"> -Running Tests interactively - -The test itself can be run interactively. This is -particularly useful when developing or debugging a test: + Running Tests interactively + + The test itself can be run interactively. This is particularly useful when + developing or debugging a test: $ nix-build nixos/tests/login.nix -A driver $ ./result/bin/nixos-test-driver starting VDE switch for network 1 > - -You can then take any Perl statement, e.g. - + You can then take any Perl statement, e.g. > startAll > testScript > $machine->succeed("touch /tmp/foo") + The function testScript executes the entire test script + and drops you back into the test driver command line upon its completion. + This allows you to inspect the state of the VMs after the test (e.g. to debug + the test script). + -The function testScript executes the entire test -script and drops you back into the test driver command line upon its -completion. This allows you to inspect the state of the VMs after the -test (e.g. to debug the test script). - -To just start and experiment with the VMs, run: - + + To just start and experiment with the VMs, run: $ nix-build nixos/tests/login.nix -A driver $ ./result/bin/nixos-run-vms - -The script nixos-run-vms starts the virtual -machines defined by test. The root file system of the VMs is created -on the fly and kept across VM restarts in -./hostname.qcow2. - + The script nixos-run-vms starts the virtual machines + defined by test. The root file system of the VMs is created on the fly and + kept across VM restarts in + ./hostname.qcow2. + diff --git a/nixos/doc/manual/development/running-nixos-tests.xml b/nixos/doc/manual/development/running-nixos-tests.xml index 908c0a66a32..eadbe1ea4f2 100644 --- a/nixos/doc/manual/development/running-nixos-tests.xml +++ b/nixos/doc/manual/development/running-nixos-tests.xml @@ -3,20 +3,18 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-running-nixos-tests-interactively"> + Running Tests -Running Tests - -You can run tests using nix-build. For -example, to run the test + You can run tests using nix-build. For example, to run the + test + login.nix, -you just do: - + you just do: $ nix-build '<nixpkgs/nixos/tests/login.nix>' - -or, if you don’t want to rely on NIX_PATH: - + or, if you don’t want to rely on NIX_PATH: $ cd /my/nixpkgs/nixos/tests $ nix-build login.nix @@ -26,16 +24,13 @@ machine: QEMU running (pid 8841) … 6 out of 6 tests succeeded - -After building/downloading all required dependencies, this will -perform a build that starts a QEMU/KVM virtual machine containing a -NixOS system. The virtual machine mounts the Nix store of the host; -this makes VM creation very fast, as no disk image needs to be -created. Afterwards, you can view a pretty-printed log of the test: - + After building/downloading all required dependencies, this will perform a + build that starts a QEMU/KVM virtual machine containing a NixOS system. The + virtual machine mounts the Nix store of the host; this makes VM creation very + fast, as no disk image needs to be created. Afterwards, you can view a + pretty-printed log of the test: $ firefox result/log.html - - + diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml index a2896cd7a13..c7b64cb84be 100644 --- a/nixos/doc/manual/development/sources.xml +++ b/nixos/doc/manual/development/sources.xml @@ -3,101 +3,84 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-getting-sources"> - -Getting the Sources - -By default, NixOS’s nixos-rebuild command -uses the NixOS and Nixpkgs sources provided by the -nixos channel (kept in -/nix/var/nix/profiles/per-user/root/channels/nixos). -To modify NixOS, however, you should check out the latest sources from -Git. This is as follows: - + Getting the Sources + + By default, NixOS’s nixos-rebuild command uses the NixOS + and Nixpkgs sources provided by the nixos channel (kept in + /nix/var/nix/profiles/per-user/root/channels/nixos). To + modify NixOS, however, you should check out the latest sources from Git. This + is as follows: $ git clone git://github.com/NixOS/nixpkgs.git $ cd nixpkgs $ git remote add channels git://github.com/NixOS/nixpkgs-channels.git $ git remote update channels - -This will check out the latest Nixpkgs sources to -./nixpkgs the NixOS sources to -./nixpkgs/nixos. (The NixOS source tree lives in -a subdirectory of the Nixpkgs repository.) The remote -channels refers to a read-only repository that -tracks the Nixpkgs/NixOS channels (see -for more information about channels). Thus, the Git branch -channels/nixos-17.03 will contain the latest built -and tested version available in the nixos-17.03 -channel. - -It’s often inconvenient to develop directly on the master -branch, since if somebody has just committed (say) a change to GCC, -then the binary cache may not have caught up yet and you’ll have to -rebuild everything from source. So you may want to create a local -branch based on your current NixOS version: - + This will check out the latest Nixpkgs sources to + ./nixpkgs the NixOS sources to + ./nixpkgs/nixos. (The NixOS source tree lives in a + subdirectory of the Nixpkgs repository.) The remote + channels refers to a read-only repository that tracks the + Nixpkgs/NixOS channels (see for more + information about channels). Thus, the Git branch + channels/nixos-17.03 will contain the latest built and + tested version available in the nixos-17.03 channel. + + + It’s often inconvenient to develop directly on the master branch, since if + somebody has just committed (say) a change to GCC, then the binary cache may + not have caught up yet and you’ll have to rebuild everything from source. + So you may want to create a local branch based on your current NixOS version: $ nixos-version 17.09pre104379.6e0b727 (Hummingbird) $ git checkout -b local 6e0b727 - -Or, to base your local branch on the latest version available in a -NixOS channel: - + Or, to base your local branch on the latest version available in a NixOS + channel: $ git remote update channels $ git checkout -b local channels/nixos-17.03 - -(Replace nixos-17.03 with the name of the channel -you want to use.) You can use git merge or -git rebase to keep your local branch in sync with -the channel, e.g. - + (Replace nixos-17.03 with the name of the channel you want + to use.) You can use git merge or git + rebase to keep your local branch in sync with the channel, e.g. $ git remote update channels $ git merge channels/nixos-17.03 - -You can use git cherry-pick to copy commits from -your local branch to the upstream branch. - -If you want to rebuild your system using your (modified) -sources, you need to tell nixos-rebuild about them -using the flag: - + You can use git cherry-pick to copy commits from your + local branch to the upstream branch. + + + If you want to rebuild your system using your (modified) sources, you need to + tell nixos-rebuild about them using the + flag: # nixos-rebuild switch -I nixpkgs=/my/sources/nixpkgs - - - -If you want nix-env to use the expressions in -/my/sources, use nix-env -f -/my/sources/nixpkgs, or change -the default by adding a symlink in -~/.nix-defexpr: - + + + If you want nix-env to use the expressions in + /my/sources, use nix-env -f + /my/sources/nixpkgs, or change the + default by adding a symlink in ~/.nix-defexpr: $ ln -s /my/sources/nixpkgs ~/.nix-defexpr/nixpkgs - -You may want to delete the symlink -~/.nix-defexpr/channels_root to prevent root’s -NixOS channel from clashing with your own tree (this may break the -command-not-found utility though). If you want to go back to the default -state, you may just remove the ~/.nix-defexpr -directory completely, log out and log in again and it should have been -recreated with a link to the root channels. - + You may want to delete the symlink + ~/.nix-defexpr/channels_root to prevent root’s NixOS + channel from clashing with your own tree (this may break the + command-not-found utility though). If you want to go back to the default + state, you may just remove the ~/.nix-defexpr directory + completely, log out and log in again and it should have been recreated with a + link to the root channels. + - diff --git a/nixos/doc/manual/development/testing-installer.xml b/nixos/doc/manual/development/testing-installer.xml index 16bc8125d9f..63f5f3de7f4 100644 --- a/nixos/doc/manual/development/testing-installer.xml +++ b/nixos/doc/manual/development/testing-installer.xml @@ -3,27 +3,20 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-testing-installer"> - -Testing the Installer - -Building, burning, and booting from an installation CD is rather -tedious, so here is a quick way to see if the installer works -properly: - + Testing the Installer + + Building, burning, and booting from an installation CD is rather tedious, so + here is a quick way to see if the installer works properly: # mount -t tmpfs none /mnt # nixos-generate-config --root /mnt $ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-install # ./result/bin/nixos-install - -To start a login shell in the new NixOS installation in -/mnt: - + To start a login shell in the new NixOS installation in + /mnt: $ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-enter # ./result/bin/nixos-enter - - - + diff --git a/nixos/doc/manual/development/writing-documentation.xml b/nixos/doc/manual/development/writing-documentation.xml index 8b787fae1fe..8ecdd1c770f 100644 --- a/nixos/doc/manual/development/writing-documentation.xml +++ b/nixos/doc/manual/development/writing-documentation.xml @@ -3,157 +3,147 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-writing-documentation"> + Writing NixOS Documentation + + As NixOS grows, so too does the need for a catalogue and explanation of its + extensive functionality. Collecting pertinent information from disparate + sources and presenting it in an accessible style would be a worthy + contribution to the project. + +
+ Building the Manual -Writing NixOS Documentation + + The DocBook sources of the are in the + nixos/doc/manual + subdirectory of the Nixpkgs repository. + - - As NixOS grows, so too does the need for a catalogue and explanation - of its extensive functionality. Collecting pertinent information - from disparate sources and presenting it in an accessible style - would be a worthy contribution to the project. - - -
-Building the Manual - - The DocBook sources of the are in the - nixos/doc/manual - subdirectory of the Nixpkgs repository. - - - - You can quickly validate your edits with make: - + + You can quickly validate your edits with make: + $ cd /path/to/nixpkgs/nixos/doc/manual $ make - - Once you are done making modifications to the manual, it's important - to build it before committing. You can do that as follows: - + + Once you are done making modifications to the manual, it's important to + build it before committing. You can do that as follows: + nix-build nixos/release.nix -A manual.x86_64-linux - - When this command successfully finishes, it will tell you where the - manual got generated. The HTML will be accessible through the - result symlink at - ./result/share/doc/nixos/index.html. - -
+ + When this command successfully finishes, it will tell you where the manual + got generated. The HTML will be accessible through the + result symlink at + ./result/share/doc/nixos/index.html. + +
+
+ Editing DocBook XML -
-Editing DocBook XML + + For general information on how to write in DocBook, see + DocBook + 5: The Definitive Guide. + - - For general information on how to write in DocBook, see - - DocBook 5: The Definitive Guide. - + + Emacs nXML Mode is very helpful for editing DocBook XML because it validates + the document as you write, and precisely locates errors. To use it, see + . + - - Emacs nXML Mode is very helpful for editing DocBook XML because it - validates the document as you write, and precisely locates - errors. To use it, see . - - - - Pandoc can generate - DocBook XML from a multitude of formats, which makes a good starting - point. - - + + Pandoc can generate DocBook XML + from a multitude of formats, which makes a good starting point. + Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML - pandoc -f markdown_github -t docbook5 docs.md -o my-section.md - +pandoc -f markdown_github -t docbook5 docs.md -o my-section.md + + Pandoc can also quickly convert a single section.xml to + HTML, which is helpful when drafting. + - Pandoc can also quickly convert a single - section.xml to HTML, which is helpful when - drafting. - - - - Sometimes writing valid DocBook is simply too difficult. In this - case, submit your documentation updates in a + Sometimes writing valid DocBook is simply too difficult. In this case, + submit your documentation updates in a + GitHub - Issue and someone will handle the conversion to XML for you. - -
+ Issue and someone will handle the conversion to XML for you. + +
+
+ Creating a Topic -
-Creating a Topic + + You can use an existing topic as a basis for the new topic or create a topic + from scratch. + - - You can use an existing topic as a basis for the new topic or create a topic from scratch. - + + Keep the following guidelines in mind when you create and add a topic: + + + + The NixOS + book + element is in nixos/doc/manual/manual.xml. It + includes several + parts + which are in subdirectories. + + + + + Store the topic file in the same directory as the part to + which it belongs. If your topic is about configuring a NixOS module, then + the XML file can be stored alongside the module definition + nix file. + + + + + If you include multiple words in the file name, separate the words with a + dash. For example: ipv6-config.xml. + + + + + Make sure that the xml:id value is unique. You can use + abbreviations if the ID is too long. For example: + nixos-config. + + + + + Determine whether your topic is a chapter or a section. If you are + unsure, open an existing topic file and check whether the main element is + chapter or section. + + + + +
+
+ Adding a Topic to the Book - -Keep the following guidelines in mind when you create and add a topic: + + Open the parent XML file and add an xi:include element to + the list of chapters with the file name of the topic that you created. If + you created a section, you add the file to the chapter + file. If you created a chapter, you add the file to the + part file. + - - - The NixOS book - element is in nixos/doc/manual/manual.xml. - It includes several - parts - which are in subdirectories. - - - - Store the topic file in the same directory as the part - to which it belongs. If your topic is about configuring a NixOS - module, then the XML file can be stored alongside the module - definition nix file. - - - - If you include multiple words in the file name, separate the words - with a dash. For example: ipv6-config.xml. - - - - Make sure that the xml:id value is unique. You can use - abbreviations if the ID is too long. For example: - nixos-config. - - - - Determine whether your topic is a chapter or a section. If you are - unsure, open an existing topic file and check whether the main - element is chapter or section. - - - - - -
- -
-Adding a Topic to the Book - - - Open the parent XML file and add an xi:include - element to the list of chapters with the file name of the topic that - you created. If you created a section, you add the file to - the chapter file. If you created a chapter, you - add the file to the part file. - - - - If the topic is about configuring a NixOS module, it can be - automatically included in the manual by using the - meta.doc attribute. See + If the topic is about configuring a NixOS module, it can be automatically + included in the manual by using the meta.doc attribute. + See for an explanation. - - -
- - - - - - + +
diff --git a/nixos/doc/manual/development/writing-modules.xml b/nixos/doc/manual/development/writing-modules.xml index a49f99cb266..bbf793bb0be 100644 --- a/nixos/doc/manual/development/writing-modules.xml +++ b/nixos/doc/manual/development/writing-modules.xml @@ -3,52 +3,54 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-writing-modules"> - -Writing NixOS Modules - -NixOS has a modular system for declarative configuration. This -system combines multiple modules to produce the -full system configuration. One of the modules that constitute the -configuration is /etc/nixos/configuration.nix. -Most of the others live in the Writing NixOS Modules + + NixOS has a modular system for declarative configuration. This system + combines multiple modules to produce the full system + configuration. One of the modules that constitute the configuration is + /etc/nixos/configuration.nix. Most of the others live in + the + nixos/modules -subdirectory of the Nixpkgs tree. - -Each NixOS module is a file that handles one logical aspect of -the configuration, such as a specific kind of hardware, a service, or -network settings. A module configuration does not have to handle -everything from scratch; it can use the functionality provided by -other modules for its implementation. Thus a module can -declare options that can be used by other -modules, and conversely can define options -provided by other modules in its own implementation. For example, the -module + + Each NixOS module is a file that handles one logical aspect of the + configuration, such as a specific kind of hardware, a service, or network + settings. A module configuration does not have to handle everything from + scratch; it can use the functionality provided by other modules for its + implementation. Thus a module can declare options that + can be used by other modules, and conversely can define + options provided by other modules in its own implementation. For example, the + module + pam.nix -declares the option that allows -other modules (e.g. security.pam.services that allows other + modules (e.g. + sshd.nix) -to define PAM services; and it defines the option - (declared by environment.etc (declared by + etc.nix) -to cause files to be created in -/etc/pam.d. - -In /etc/pam.d. + + + In , we saw the following structure -of NixOS modules: - + of NixOS modules: { config, pkgs, ... }: { option definitions } - -This is actually an abbreviated form of module -that only defines options, but does not declare any. The structure of -full NixOS modules is shown in . - -Structure of NixOS Modules + This is actually an abbreviated form of module that only + defines options, but does not declare any. The structure of full NixOS + modules is shown in . + + + Structure of NixOS Modules { config, pkgs, ... }: @@ -65,56 +67,56 @@ full NixOS modules is shown in . option definitions }; } - - -The meaning of each part is as follows. - - - - This line makes the current Nix expression a function. The - variable pkgs contains Nixpkgs, while - config contains the full system configuration. - This line can be omitted if there is no reference to - pkgs and config inside the - module. - - - - This list enumerates the paths to other NixOS modules that - should be included in the evaluation of the system configuration. - A default set of modules is defined in the file - modules/module-list.nix. These don't need to - be added in the import list. - - - - The attribute options is a nested set of - option declarations (described below). - - - - The attribute config is a nested set of - option definitions (also described - below). - - - - - - shows a module that handles -the regular update of the “locate” database, an index of all files in -the file system. This module declares two options that can be defined -by other modules (typically the user’s -configuration.nix): - (whether the database should -be updated) and (when the -update should be done). It implements its functionality by defining -two options declared by other modules: - (the set of all systemd services) -and (the list of commands to be -executed periodically by systemd). - -NixOS Module for the “locate” Service + + + The meaning of each part is as follows. + + + + This line makes the current Nix expression a function. The variable + pkgs contains Nixpkgs, while config + contains the full system configuration. This line can be omitted if there + is no reference to pkgs and config + inside the module. + + + + + This list enumerates the paths to other NixOS modules that should be + included in the evaluation of the system configuration. A default set of + modules is defined in the file + modules/module-list.nix. These don't need to be added + in the import list. + + + + + The attribute options is a nested set of + option declarations (described below). + + + + + The attribute config is a nested set of + option definitions (also described below). + + + + + + shows a module that handles the regular + update of the “locate” database, an index of all files in the file + system. This module declares two options that can be defined by other modules + (typically the user’s configuration.nix): + (whether the database should be + updated) and (when the update + should be done). It implements its functionality by defining two options + declared by other modules: (the set of all + systemd services) and (the list of commands + to be executed periodically by systemd). + + + NixOS Module for the “locate” Service { config, lib, pkgs, ... }: @@ -173,14 +175,12 @@ in { }; } - - - - - - - - - - + + + + + + + + diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml index a8f6aa00858..89a6a442362 100644 --- a/nixos/doc/manual/development/writing-nixos-tests.xml +++ b/nixos/doc/manual/development/writing-nixos-tests.xml @@ -3,11 +3,10 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-writing-nixos-tests"> + Writing Tests -Writing Tests - -A NixOS test is a Nix expression that has the following structure: - + + A NixOS test is a Nix expression that has the following structure: import ./make-test.nix { @@ -32,277 +31,364 @@ import ./make-test.nix { ''; } - -The attribute testScript is a bit of Perl code that -executes the test (described below). During the test, it will start -one or more virtual machines, the configuration of which is described -by the attribute machine (if you need only one -machine in your test) or by the attribute nodes (if -you need multiple machines). For instance, testScript is a bit of Perl code that + executes the test (described below). During the test, it will start one or + more virtual machines, the configuration of which is described by the + attribute machine (if you need only one machine in your + test) or by the attribute nodes (if you need multiple + machines). For instance, + login.nix -only needs a single machine to test whether users can log in on the -virtual console, whether device ownership is correctly maintained when -switching between consoles, and so on. On the other hand, nfs.nix, -which tests NFS client and server functionality in the Linux kernel -(including whether locks are maintained across server crashes), -requires three machines: a server and two clients. - -There are a few special NixOS configuration options for test -VMs: + which tests NFS client and server functionality in the Linux kernel + (including whether locks are maintained across server crashes), requires + three machines: a server and two clients. + + + There are a few special NixOS configuration options for test VMs: - - - - - - The memory of the VM in - megabytes. - - - - - The virtual networks to which the VM is - connected. See + + + + + + The memory of the VM in megabytes. + + + + + + + + + The virtual networks to which the VM is connected. See + nat.nix - for an example. - - - - - By default, the Nix store in the VM is not - writable. If you enable this option, a writable union file system - is mounted on top of the Nix store to make it appear - writable. This is necessary for tests that run Nix operations that - modify the store. - - - - -For more options, see the module qemu-vm.nix. - -The test script is a sequence of Perl statements that perform -various actions, such as starting VMs, executing commands in the VMs, -and so on. Each virtual machine is represented as an object stored in -the variable $name, -where name is the identifier of the machine -(which is just machine if you didn’t specify -multiple machines using the nodes attribute). For -instance, the following starts the machine, waits until it has -finished booting, then executes a command and checks that the output -is more-or-less correct: + for an example. + + + + + + + + + By default, the Nix store in the VM is not writable. If you enable this + option, a writable union file system is mounted on top of the Nix store + to make it appear writable. This is necessary for tests that run Nix + operations that modify the store. + + + + + For more options, see the module + qemu-vm.nix. + + + The test script is a sequence of Perl statements that perform various + actions, such as starting VMs, executing commands in the VMs, and so on. Each + virtual machine is represented as an object stored in the variable + $name, where + name is the identifier of the machine (which is + just machine if you didn’t specify multiple machines + using the nodes attribute). For instance, the following + starts the machine, waits until it has finished booting, then executes a + command and checks that the output is more-or-less correct: $machine->start; $machine->waitForUnit("default.target"); $machine->succeed("uname") =~ /Linux/; - -The first line is actually unnecessary; machines are implicitly -started when you first execute an action on them (such as -waitForUnit or succeed). If you -have multiple machines, you can speed up the test by starting them in -parallel: - + The first line is actually unnecessary; machines are implicitly started when + you first execute an action on them (such as waitForUnit + or succeed). If you have multiple machines, you can speed + up the test by starting them in parallel: startAll; + - - -The following methods are available on machine objects: - - - - - start - Start the virtual machine. This method is - asynchronous — it does not wait for the machine to finish - booting. - - - - shutdown - Shut down the machine, waiting for the VM to - exit. - - - - crash - Simulate a sudden power failure, by telling the VM - to exit immediately. - - - - block - Simulate unplugging the Ethernet cable that - connects the machine to the other machines. - - - - unblock - Undo the effect of - block. - - - - screenshot - Take a picture of the display of the virtual - machine, in PNG format. The screenshot is linked from the HTML - log. - - - - getScreenText - Return a textual representation of what is currently - visible on the machine's screen using optical character - recognition. - This requires passing to the test - attribute set. - - - - sendMonitorCommand - Send a command to the QEMU monitor. This is rarely - used, but allows doing stuff such as attaching virtual USB disks - to a running machine. - - - - sendKeys - Simulate pressing keys on the virtual keyboard, - e.g., sendKeys("ctrl-alt-delete"). - - - - sendChars - Simulate typing a sequence of characters on the - virtual keyboard, e.g., sendKeys("foobar\n") - will type the string foobar followed by the - Enter key. - - - - execute - Execute a shell command, returning a list - (status, - stdout). - - - - succeed - Execute a shell command, raising an exception if - the exit status is not zero, otherwise returning the standard - output. - - - - fail - Like succeed, but raising - an exception if the command returns a zero status. - - - - waitUntilSucceeds - Repeat a shell command with 1-second intervals - until it succeeds. - - - - waitUntilFails - Repeat a shell command with 1-second intervals - until it fails. - - - - waitForUnit - Wait until the specified systemd unit has reached - the “active” state. - - - - waitForFile - Wait until the specified file - exists. - - - - waitForOpenPort - Wait until a process is listening on the given TCP - port (on localhost, at least). - - - - waitForClosedPort - Wait until nobody is listening on the given TCP - port. - - - - waitForX - Wait until the X11 server is accepting - connections. - - - - waitForText - Wait until the supplied regular expressions matches - the textual contents of the screen by using optical character recognition - (see getScreenText). - This requires passing to the test - attribute set. - - - - waitForWindow - Wait until an X11 window has appeared whose name - matches the given regular expression, e.g., - waitForWindow(qr/Terminal/). - - - - copyFileFromHost - Copies a file from host to machine, e.g., - copyFileFromHost("myfile", "/etc/my/important/file"). - The first argument is the file on the host. The file needs to be - accessible while building the nix derivation. The second argument is - the location of the file on the machine. - - - - - systemctl + + The following methods are available on machine objects: + + + start + - Runs systemctl commands with optional support for - systemctl --user - - + + Start the virtual machine. This method is asynchronous — it does not + wait for the machine to finish booting. + + + + + shutdown + + + + Shut down the machine, waiting for the VM to exit. + + + + + crash + + + + Simulate a sudden power failure, by telling the VM to exit immediately. + + + + + block + + + + Simulate unplugging the Ethernet cable that connects the machine to the + other machines. + + + + + unblock + + + + Undo the effect of block. + + + + + screenshot + + + + Take a picture of the display of the virtual machine, in PNG format. The + screenshot is linked from the HTML log. + + + + + getScreenText + + + + Return a textual representation of what is currently visible on the + machine's screen using optical character recognition. + + + + This requires passing to the test attribute + set. + + + + + + sendMonitorCommand + + + + Send a command to the QEMU monitor. This is rarely used, but allows doing + stuff such as attaching virtual USB disks to a running machine. + + + + + sendKeys + + + + Simulate pressing keys on the virtual keyboard, e.g., + sendKeys("ctrl-alt-delete"). + + + + + sendChars + + + + Simulate typing a sequence of characters on the virtual keyboard, e.g., + sendKeys("foobar\n") will type the string + foobar followed by the Enter key. + + + + + execute + + + + Execute a shell command, returning a list + (status, + stdout). + + + + + succeed + + + + Execute a shell command, raising an exception if the exit status is not + zero, otherwise returning the standard output. + + + + + fail + + + + Like succeed, but raising an exception if the + command returns a zero status. + + + + + waitUntilSucceeds + + + + Repeat a shell command with 1-second intervals until it succeeds. + + + + + waitUntilFails + + + + Repeat a shell command with 1-second intervals until it fails. + + + + + waitForUnit + + + + Wait until the specified systemd unit has reached the “active” state. + + + + + waitForFile + + + + Wait until the specified file exists. + + + + + waitForOpenPort + + + + Wait until a process is listening on the given TCP port (on + localhost, at least). + + + + + waitForClosedPort + + + + Wait until nobody is listening on the given TCP port. + + + + + waitForX + + + + Wait until the X11 server is accepting connections. + + + + + waitForText + + + + Wait until the supplied regular expressions matches the textual contents + of the screen by using optical character recognition (see + getScreenText). + + + + This requires passing to the test attribute + set. + + + + + + waitForWindow + + + + Wait until an X11 window has appeared whose name matches the given + regular expression, e.g., waitForWindow(qr/Terminal/). + + + + + copyFileFromHost + + + + Copies a file from host to machine, e.g., + copyFileFromHost("myfile", "/etc/my/important/file"). + + + The first argument is the file on the host. The file needs to be + accessible while building the nix derivation. The second argument is the + location of the file on the machine. + + + + + systemctl + + + + Runs systemctl commands with optional support for + systemctl --user + + + $machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager` $machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager` - + - + + + - - - - - - To test user units declared by systemd.user.services the optional $user - argument can be used: - - + + To test user units declared by systemd.user.services the + optional $user argument can be used: + $machine->start; $machine->waitForX; $machine->waitForUnit("xautolock.service", "x-session-user"); - This applies to systemctl, getUnitInfo, - waitForUnit, startJob - and stopJob. - - + waitForUnit, startJob and + stopJob. + diff --git a/nixos/doc/manual/installation/changing-config.xml b/nixos/doc/manual/installation/changing-config.xml index 52d8a292f8b..680160a3cb7 100644 --- a/nixos/doc/manual/installation/changing-config.xml +++ b/nixos/doc/manual/installation/changing-config.xml @@ -2,101 +2,84 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="sec-changing-config"> - -Changing the Configuration - -The file /etc/nixos/configuration.nix -contains the current configuration of your machine. Whenever you’ve -changed something in that file, you should do - + Changing the Configuration + + The file /etc/nixos/configuration.nix contains the + current configuration of your machine. Whenever you’ve + changed something in that file, you + should do # nixos-rebuild switch - -to build the new configuration, make it the default configuration for -booting, and try to realise the configuration in the running system -(e.g., by restarting system services). - -These commands must be executed as root, so you should -either run them from a root shell or by prefixing them with -sudo -i. - -You can also do - + to build the new configuration, make it the default configuration for + booting, and try to realise the configuration in the running system (e.g., by + restarting system services). + + + + These commands must be executed as root, so you should either run them from + a root shell or by prefixing them with sudo -i. + + + + You can also do # nixos-rebuild test - -to build the configuration and switch the running system to it, but -without making it the boot default. So if (say) the configuration -locks up your machine, you can just reboot to get back to a working -configuration. - -There is also - + to build the configuration and switch the running system to it, but without + making it the boot default. So if (say) the configuration locks up your + machine, you can just reboot to get back to a working configuration. + + + There is also # nixos-rebuild boot - -to build the configuration and make it the boot default, but not -switch to it now (so it will only take effect after the next -reboot). - -You can make your configuration show up in a different submenu -of the GRUB 2 boot screen by giving it a different profile -name, e.g. - + to build the configuration and make it the boot default, but not switch to it + now (so it will only take effect after the next reboot). + + + You can make your configuration show up in a different submenu of the GRUB 2 + boot screen by giving it a different profile name, e.g. # nixos-rebuild switch -p test - -which causes the new configuration (and previous ones created using --p test) to show up in the GRUB submenu “NixOS - -Profile 'test'”. This can be useful to separate test configurations -from “stable” configurations. - -Finally, you can do - + which causes the new configuration (and previous ones created using + -p test) to show up in the GRUB submenu “NixOS - Profile + 'test'”. This can be useful to separate test configurations from + “stable” configurations. + + + Finally, you can do $ nixos-rebuild build - -to build the configuration but nothing more. This is useful to see -whether everything compiles cleanly. - -If you have a machine that supports hardware virtualisation, you -can also test the new configuration in a sandbox by building and -running a QEMU virtual machine that contains the -desired configuration. Just do - + to build the configuration but nothing more. This is useful to see whether + everything compiles cleanly. + + + If you have a machine that supports hardware virtualisation, you can also + test the new configuration in a sandbox by building and running a QEMU + virtual machine that contains the desired configuration. + Just do $ nixos-rebuild build-vm $ ./result/bin/run-*-vm - -The VM does not have any data from your host system, so your existing -user accounts and home directories will not be available unless you -have set mutableUsers = false. Another way is to -temporarily add the following to your configuration: - + The VM does not have any data from your host system, so your existing user + accounts and home directories will not be available unless you have set + mutableUsers = false. Another way is to temporarily add + the following to your configuration: users.extraUsers.your-user.initialHashedPassword = "test"; - -Important: delete the $hostname.qcow2 file if you -have started the virtual machine at least once without the right -users, otherwise the changes will not get picked up. - -You can forward ports on the host to the guest. For -instance, the following will forward host port 2222 to guest port 22 -(SSH): - + Important: delete the $hostname.qcow2 file if you have + started the virtual machine at least once without the right users, otherwise + the changes will not get picked up. You can forward ports on the host to the + guest. For instance, the following will forward host port 2222 to guest port + 22 (SSH): $ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm - -allowing you to log in via SSH (assuming you have set the appropriate -passwords or SSH authorized keys): - + allowing you to log in via SSH (assuming you have set the appropriate + passwords or SSH authorized keys): $ ssh -p 2222 localhost - - - + diff --git a/nixos/doc/manual/installation/installation.xml b/nixos/doc/manual/installation/installation.xml index ee61bedc418..d4276be95d6 100644 --- a/nixos/doc/manual/installation/installation.xml +++ b/nixos/doc/manual/installation/installation.xml @@ -3,19 +3,15 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-installation"> - -Installation - - - -This section describes how to obtain, install, and configure -NixOS for first-time use. - - - - - - - - + Installation + + + This section describes how to obtain, install, and configure NixOS for + first-time use. + + + + + + diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml index e8afb97bcde..8b0c350b064 100644 --- a/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -5,284 +5,325 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-installing-from-other-distro"> + Installing from another Linux distribution - Installing from another Linux distribution + + Because Nix (the package manager) & Nixpkgs (the Nix packages collection) + can both be installed on any (most?) Linux distributions, they can be used to + install NixOS in various creative ways. You can, for instance: + - - Because Nix (the package manager) & Nixpkgs (the Nix packages - collection) can both be installed on any (most?) Linux distributions, - they can be used to install NixOS in various creative ways. You can, - for instance: - + + + + Install NixOS on another partition, from your existing Linux distribution + (without the use of a USB or optical device!) + + + + + Install NixOS on the same partition (in place!), from your existing + non-NixOS Linux distribution using NIXOS_LUSTRATE. + + + + + Install NixOS on your hard drive from the Live CD of any Linux + distribution. + + + - - Install NixOS on another partition, from your existing - Linux distribution (without the use of a USB or optical - device!) + + The first steps to all these are the same: + - Install NixOS on the same partition (in place!), from - your existing non-NixOS Linux distribution using - NIXOS_LUSTRATE. - - Install NixOS on your hard drive from the Live CD of - any Linux distribution. - - - The first steps to all these are the same: - - - - Install the Nix package manager: - - Short version: - - + + + + Install the Nix package manager: + + + Short version: + + $ bash <(curl https://nixos.org/nix/install) $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell - - More details in the + More details in the + - Nix manual - - - - Switch to the NixOS channel: - - If you've just installed Nix on a non-NixOS distribution, you - will be on the nixpkgs channel by - default. - - + Nix manual + + + + + Switch to the NixOS channel: + + + If you've just installed Nix on a non-NixOS distribution, you will be on + the nixpkgs channel by default. + + $ nix-channel --list nixpkgs https://nixos.org/channels/nixpkgs-unstable - - As that channel gets released without running the NixOS - tests, it will be safer to use the nixos-* - channels instead: - - + + As that channel gets released without running the NixOS tests, it will be + safer to use the nixos-* channels instead: + + $ nix-channel --add https://nixos.org/channels/nixos-version nixpkgs - - You may want to throw in a nix-channel - --update for good measure. - - - - Install the NixOS installation tools: - - You'll need nixos-generate-config and - nixos-install and we'll throw in some man - pages and nixos-enter just in case you want - to chroot into your NixOS partition. They are installed by - default on NixOS, but you don't have NixOS yet.. - - $ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]" - - - - The following 5 steps are only for installing NixOS to - another partition. For installing NixOS in place using - NIXOS_LUSTRATE, skip ahead. - - Prepare your target partition: - - At this point it is time to prepare your target partition. - Please refer to the partitioning, file-system creation, and - mounting steps of - - If you're about to install NixOS in place using - NIXOS_LUSTRATE there is nothing to do for - this step. - - - - Generate your NixOS configuration: - - $ sudo `which nixos-generate-config` --root /mnt - - You'll probably want to edit the configuration files. Refer - to the nixos-generate-config step in for more information. - - Consider setting up the NixOS bootloader to give you the - ability to boot on your existing Linux partition. For instance, - if you're using GRUB and your existing distribution is running - Ubuntu, you may want to add something like this to your - configuration.nix: - - + + You may want to throw in a nix-channel --update for good + measure. + + + + + Install the NixOS installation tools: + + + You'll need nixos-generate-config and + nixos-install and we'll throw in some man pages and + nixos-enter just in case you want to chroot into your + NixOS partition. They are installed by default on NixOS, but you don't have + NixOS yet.. + +$ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]" + + + + + The following 5 steps are only for installing NixOS to another partition. + For installing NixOS in place using NIXOS_LUSTRATE, + skip ahead. + + + + Prepare your target partition: + + + At this point it is time to prepare your target partition. Please refer to + the partitioning, file-system creation, and mounting steps of + + + + If you're about to install NixOS in place using + NIXOS_LUSTRATE there is nothing to do for this step. + + + + + Generate your NixOS configuration: + +$ sudo `which nixos-generate-config` --root /mnt + + You'll probably want to edit the configuration files. Refer to the + nixos-generate-config step in + for more + information. + + + Consider setting up the NixOS bootloader to give you the ability to boot on + your existing Linux partition. For instance, if you're using GRUB and your + existing distribution is running Ubuntu, you may want to add something like + this to your configuration.nix: + + = '' menuentry "Ubuntu" { search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e configfile "($ubuntu)/boot/grub/grub.cfg" } ''; - - (You can find the appropriate UUID for your partition in - /dev/disk/by-uuid) - - - - Create the nixbld group and user on your - original distribution: - - + + (You can find the appropriate UUID for your partition in + /dev/disk/by-uuid) + + + + + Create the nixbld group and user on your original + distribution: + + $ sudo groupadd -g 30000 nixbld $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld - - - - Download/build/install NixOS: - - Once you complete this step, you might no longer be - able to boot on existing systems without the help of a - rescue USB drive or similar. - - $ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt - - Again, please refer to the nixos-install - step in for more - information. - - That should be it for installation to another partition! - - - - Optionally, you may want to clean up your non-NixOS distribution: - - + + + + Download/build/install NixOS: + + + + Once you complete this step, you might no longer be able to boot on + existing systems without the help of a rescue USB drive or similar. + + +$ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt + + Again, please refer to the nixos-install step in + for more information. + + + That should be it for installation to another partition! + + + + + Optionally, you may want to clean up your non-NixOS distribution: + + $ sudo userdel nixbld $ sudo groupdel nixbld - - If you do not wish to keep the Nix package manager - installed either, run something like sudo rm -rv - ~/.nix-* /nix and remove the line that the Nix - installer added to your ~/.profile. - - - - The following steps are only for installing NixOS in - place using - NIXOS_LUSTRATE: - - Generate your NixOS configuration: - - $ sudo `which nixos-generate-config` --root / - - Note that this will place the generated configuration files - in /etc/nixos. You'll probably want to edit - the configuration files. Refer to the - nixos-generate-config step in for more information. - - You'll likely want to set a root password for your first boot - using the configuration files because you won't have a chance - to enter a password until after you reboot. You can initalize - the root password to an empty one with this line: (and of course - don't forget to set one once you've rebooted or to lock the - account with sudo passwd -l root if you use - sudo) - - + + If you do not wish to keep the Nix package manager installed either, run + something like sudo rm -rv ~/.nix-* /nix and remove the + line that the Nix installer added to your ~/.profile. + + + + + + The following steps are only for installing NixOS in place using + NIXOS_LUSTRATE: + + + + Generate your NixOS configuration: + +$ sudo `which nixos-generate-config` --root / + + Note that this will place the generated configuration files in + /etc/nixos. You'll probably want to edit the + configuration files. Refer to the nixos-generate-config + step in for more + information. + + + You'll likely want to set a root password for your first boot using the + configuration files because you won't have a chance to enter a password + until after you reboot. You can initalize the root password to an empty one + with this line: (and of course don't forget to set one once you've rebooted + or to lock the account with sudo passwd -l root if you + use sudo) + + users.extraUsers.root.initialHashedPassword = ""; - - - - Build the NixOS closure and install it in the - system profile: - - $ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system - - - - Change ownership of the /nix tree to root - (since your Nix install was probably single user): - - $ sudo chown -R 0.0 /nix - - - - Set up the /etc/NIXOS and - /etc/NIXOS_LUSTRATE files: - - /etc/NIXOS officializes that this is now a - NixOS partition (the bootup scripts require its presence). - - /etc/NIXOS_LUSTRATE tells the NixOS bootup - scripts to move everything that's in the - root partition to /old-root. This will move - your existing distribution out of the way in the very early - stages of the NixOS bootup. There are exceptions (we do need to - keep NixOS there after all), so the NixOS lustrate process will - not touch: - - - The /nix - directory - - The /boot - directory - - Any file or directory listed in - /etc/NIXOS_LUSTRATE (one per - line) - - - Support for NIXOS_LUSTRATE was added - in NixOS 16.09. The act of "lustrating" refers to the - wiping of the existing distribution. Creating - /etc/NIXOS_LUSTRATE can also be used on - NixOS to remove all mutable files from your root partition - (anything that's not in /nix or - /boot gets "lustrated" on the next - boot. - lustrate /ˈlʌstreɪt/ verb. - purify by expiatory sacrifice, ceremonial washing, or - some other ritual action. - - Let's create the files: - - + + + + Build the NixOS closure and install it in the system + profile: + +$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system + + + + Change ownership of the /nix tree to root (since your + Nix install was probably single user): + +$ sudo chown -R 0.0 /nix + + + + Set up the /etc/NIXOS and + /etc/NIXOS_LUSTRATE files: + + + /etc/NIXOS officializes that this is now a NixOS + partition (the bootup scripts require its presence). + + + /etc/NIXOS_LUSTRATE tells the NixOS bootup scripts to + move everything that's in the root partition to + /old-root. This will move your existing distribution out + of the way in the very early stages of the NixOS bootup. There are + exceptions (we do need to keep NixOS there after all), so the NixOS + lustrate process will not touch: + + + + + The /nix directory + + + + + The /boot directory + + + + + Any file or directory listed in /etc/NIXOS_LUSTRATE + (one per line) + + + + + + Support for NIXOS_LUSTRATE was added in NixOS 16.09. + The act of "lustrating" refers to the wiping of the existing distribution. + Creating /etc/NIXOS_LUSTRATE can also be used on NixOS + to remove all mutable files from your root partition (anything that's not + in /nix or /boot gets "lustrated" on + the next boot. + + + lustrate /ˈlʌstreɪt/ verb. + + + purify by expiatory sacrifice, ceremonial washing, or some other ritual + action. + + + + Let's create the files: + + $ sudo touch /etc/NIXOS $ sudo touch /etc/NIXOS_LUSTRATE - - Let's also make sure the NixOS configuration files are kept - once we reboot on NixOS: - - + + Let's also make sure the NixOS configuration files are kept once we reboot + on NixOS: + + $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE - - - - Finally, move the /boot directory of your - current distribution out of the way (the lustrate process will - take care of the rest once you reboot, but this one must be - moved out now because NixOS needs to install its own boot - files: - - Once you complete this step, your current - distribution will no longer be bootable! If you didn't get - all the NixOS configuration right, especially those - settings pertaining to boot loading and root partition, - NixOS may not be bootable either. Have a USB rescue device - ready in case this happens. - - + + + + Finally, move the /boot directory of your current + distribution out of the way (the lustrate process will take care of the + rest once you reboot, but this one must be moved out now because NixOS + needs to install its own boot files: + + + + Once you complete this step, your current distribution will no longer be + bootable! If you didn't get all the NixOS configuration right, especially + those settings pertaining to boot loading and root partition, NixOS may + not be bootable either. Have a USB rescue device ready in case this + happens. + + + $ sudo mv -v /boot /boot.bak && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot - - Cross your fingers, reboot, hopefully you should get a NixOS - prompt! - - - If for some reason you want to revert to the old - distribution, you'll need to boot on a USB rescue disk and do - something along these lines: - - + + Cross your fingers, reboot, hopefully you should get a NixOS prompt! + + + + + If for some reason you want to revert to the old distribution, you'll need + to boot on a USB rescue disk and do something along these lines: + + # mkdir root # mount /dev/sdaX root # mkdir root/nixos-root @@ -291,23 +332,25 @@ $ sudo mv -v /boot /boot.bak && # mv -v root/boot.bak root/boot # We had renamed this by hand earlier # umount root # reboot - - This may work as is or you might also need to reinstall the - boot loader - - And of course, if you're happy with NixOS and no longer need - the old distribution: - - sudo rm -rf /old-root - - - - It's also worth noting that this whole process can be - automated. This is especially useful for Cloud VMs, where - provider do not provide NixOS. For instance, + This may work as is or you might also need to reinstall the boot loader + + + And of course, if you're happy with NixOS and no longer need the old + distribution: + +sudo rm -rf /old-root + + + + It's also worth noting that this whole process can be automated. This is + especially useful for Cloud VMs, where provider do not provide NixOS. For + instance, + nixos-infect - uses the lustrate process to convert Digital Ocean droplets to - NixOS from other distributions automatically. - - + uses the lustrate process to convert Digital Ocean droplets to NixOS from + other distributions automatically. + + + diff --git a/nixos/doc/manual/installation/installing-pxe.xml b/nixos/doc/manual/installation/installing-pxe.xml index 7b7597c9162..94199e5e028 100644 --- a/nixos/doc/manual/installation/installing-pxe.xml +++ b/nixos/doc/manual/installation/installing-pxe.xml @@ -3,46 +3,48 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-booting-from-pxe"> + Booting from the <quote>netboot</quote> media (PXE) -Booting from the <quote>netboot</quote> media (PXE) - - Advanced users may wish to install NixOS using an existing PXE or - iPXE setup. - - + + Advanced users may wish to install NixOS using an existing PXE or iPXE setup. + + + These instructions assume that you have an existing PXE or iPXE - infrastructure and simply want to add the NixOS installer as another - option. To build the necessary files from a recent version of - nixpkgs, you can run: - + infrastructure and simply want to add the NixOS installer as another option. + To build the necessary files from a recent version of nixpkgs, you can run: + + nix-build -A netboot nixos/release.nix - - This will create a result directory containing: * - bzImage – the Linux kernel * - initrd – the initrd file * - netboot.ipxe – an example ipxe script - demonstrating the appropriate kernel command line arguments for this - image - - - If you’re using plain PXE, configure your boot loader to use the - bzImage and initrd files and - have it provide the same kernel command line arguments found in - netboot.ipxe. - - - If you’re using iPXE, depending on how your HTTP/FTP/etc. server is - configured you may be able to use netboot.ipxe - unmodified, or you may need to update the paths to the files to - match your server’s directory layout - - - In the future we may begin making these files available as build - products from hydra at which point we will update this documentation - with instructions on how to obtain them either for placing on a - dedicated TFTP server or to boot them directly over the internet. - + + This will create a result directory containing: * + bzImage – the Linux kernel * initrd + – the initrd file * netboot.ipxe – an example ipxe + script demonstrating the appropriate kernel command line arguments for this + image + + + + If you’re using plain PXE, configure your boot loader to use the + bzImage and initrd files and have it + provide the same kernel command line arguments found in + netboot.ipxe. + + + + If you’re using iPXE, depending on how your HTTP/FTP/etc. server is + configured you may be able to use netboot.ipxe unmodified, + or you may need to update the paths to the files to match your server’s + directory layout + + + + In the future we may begin making these files available as build products + from hydra at which point we will update this documentation with instructions + on how to obtain them either for placing on a dedicated TFTP server or to + boot them directly over the internet. + diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index d68cd616263..c5934111749 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -3,17 +3,19 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-booting-from-usb"> + Booting from a USB Drive -Booting from a USB Drive + + For systems without CD drive, the NixOS live CD can be booted from a USB + stick. You can use the dd utility to write the image: + dd if=path-to-image + of=/dev/sdb. Be careful about specifying + the correct drive; you can use the lsblk command to get a + list of block devices. + -For systems without CD drive, the NixOS live CD can be booted from -a USB stick. You can use the dd utility to write the image: -dd if=path-to-image -of=/dev/sdb. Be careful about specifying the -correct drive; you can use the lsblk command to get a list of -block devices. - -On macOS: + + On macOS: $ diskutil list [..] @@ -24,36 +26,43 @@ $ diskutil unmountDisk diskN Unmount of all volumes on diskN was successful $ sudo dd bs=1m if=nix.iso of=/dev/rdiskN -Using the 'raw' rdiskN device instead of diskN -completes in minutes instead of hours. After dd completes, a GUI -dialog "The disk you inserted was not readable by this computer" will pop up, which -can be ignored. - -The dd utility will write the image verbatim to the drive, -making it the recommended option for both UEFI and non-UEFI installations. For -non-UEFI installations, you can alternatively use -unetbootin. If you -cannot use dd for a UEFI installation, you can also mount the -ISO, copy its contents verbatim to your drive, then either: - - - - Change the label of the disk partition to the label of the ISO - (visible with the blkid command), or - - - Edit loader/entries/nixos-livecd.conf on the drive - and change the root= field in the options - line to point to your drive (see the documentation on root= - in - the kernel documentation for more details). - - - If you want to load the contents of the ISO to ram after bootin - (So you can remove the stick after bootup) you can append the parameter - copytoram to the options field. - - - + Using the 'raw' rdiskN device instead of + diskN completes in minutes instead of hours. After + dd completes, a GUI dialog "The disk you inserted was not + readable by this computer" will pop up, which can be ignored. + + + The dd utility will write the image verbatim to the drive, + making it the recommended option for both UEFI and non-UEFI installations. + For non-UEFI installations, you can alternatively use + unetbootin. If + you cannot use dd for a UEFI installation, you can also + mount the ISO, copy its contents verbatim to your drive, then either: + + + + Change the label of the disk partition to the label of the ISO (visible + with the blkid command), or + + + + + Edit loader/entries/nixos-livecd.conf on the drive + and change the root= field in the + options line to point to your drive (see the + documentation on root= in + + the kernel documentation for more details). + + + + + If you want to load the contents of the ISO to ram after bootin (So you + can remove the stick after bootup) you can append the parameter + copytoram to the options field. + + + + diff --git a/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixos/doc/manual/installation/installing-virtualbox-guest.xml index 2b31b7ed315..da78b480f5a 100644 --- a/nixos/doc/manual/installation/installing-virtualbox-guest.xml +++ b/nixos/doc/manual/installation/installing-virtualbox-guest.xml @@ -3,63 +3,82 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-instaling-virtualbox-guest"> + Installing in a VirtualBox guest -Installing in a VirtualBox guest - + Installing NixOS into a VirtualBox guest is convenient for users who want to try NixOS without installing it on bare metal. If you want to use a pre-made - VirtualBox appliance, it is available at the downloads page. - If you want to set up a VirtualBox guest manually, follow these instructions: - + VirtualBox appliance, it is available at + the downloads + page. If you want to set up a VirtualBox guest manually, follow these + instructions: + - + + + + Add a New Machine in VirtualBox with OS Type "Linux / Other Linux" + + + + + Base Memory Size: 768 MB or higher. + + + + + New Hard Disk of 8 GB or higher. + + + + + Mount the CD-ROM with the NixOS ISO (by clicking on CD/DVD-ROM) + + + + + Click on Settings / System / Processor and enable PAE/NX + + + + + Click on Settings / System / Acceleration and enable "VT-x/AMD-V" + acceleration + + + + + Save the settings, start the virtual machine, and continue installation + like normal + + + - Add a New Machine in VirtualBox with OS Type "Linux / Other - Linux" - - Base Memory Size: 768 MB or higher. - - New Hard Disk of 8 GB or higher. - - Mount the CD-ROM with the NixOS ISO (by clicking on - CD/DVD-ROM) - - Click on Settings / System / Processor and enable - PAE/NX - - Click on Settings / System / Acceleration and enable - "VT-x/AMD-V" acceleration - - Save the settings, start the virtual machine, and continue - installation like normal - - - - - There are a few modifications you should make in configuration.nix. - Enable booting: - + + There are a few modifications you should make in configuration.nix. Enable + booting: + = "/dev/sda"; - + Also remove the fsck that runs at startup. It will always fail to run, stopping your boot until you press *. - + = false; - + Shared folders can be given a name and a path in the host system in the VirtualBox settings (Machine / Settings / Shared Folders, then click on the "Add" icon). Add the following to the /etc/nixos/configuration.nix to auto-mount them: - + { config, pkgs, ...} : @@ -74,8 +93,7 @@ } - + The folder will be available directly under the root directory. - - + diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 6b08bdb318b..4e1fde662d6 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -3,66 +3,92 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-installation"> - -Installing NixOS - -NixOS can be installed on BIOS or UEFI systems. The procedure -for a UEFI installation is by and large the same as a BIOS installation. The differences are mentioned in the steps that follow. - - - - Boot from the CD. - - UEFI systems - You should boot the live CD in UEFI mode - (consult your specific hardware's documentation for instructions). - You may find the rEFInd boot - manager useful. - - The CD contains a basic NixOS installation. (It - also contains Memtest86+, useful if you want to test new hardware). - When it’s finished booting, it should have detected most of your - hardware. - - The NixOS manual is available on virtual console 8 - (press Alt+F8 to access) or by running nixos-help. - - - You get logged in as root - (with empty password). - - If you downloaded the graphical ISO image, you can - run systemctl start display-manager to start KDE. If you - want to continue on the terminal, you can use - loadkeys to switch to your preferred keyboard layout. - (We even provide neo2 via loadkeys de neo!) - - The boot process should have brought up networking (check - ip a). Networking is necessary for the - installer, since it will download lots of stuff (such as source - tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP - server on your network. Otherwise configure networking manually - using ifconfig. - To manually configure the network on the graphical installer, - first disable network-manager with - systemctl stop network-manager. - To manually configure the wifi on the minimal installer, run - wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key'). - - - If you would like to continue the installation from a different - machine you need to activate the SSH daemon via systemctl start sshd. - In order to be able to login you also need to set a password for - root using passwd. - - The NixOS installer doesn’t do any partitioning or - formatting yet, so you need to do that yourself. Use the following - commands: - - - - For partitioning: - fdisk. + Installing NixOS + + NixOS can be installed on BIOS or UEFI systems. The procedure for a UEFI + installation is by and large the same as a BIOS installation. The differences + are mentioned in the steps that follow. + + + + + Boot from the CD. + + + + UEFI systems + + + You should boot the live CD in UEFI mode (consult your specific + hardware's documentation for instructions). You may find the + rEFInd boot + manager useful. + + + + + + + + The CD contains a basic NixOS installation. (It also contains Memtest86+, + useful if you want to test new hardware). When it’s finished booting, it + should have detected most of your hardware. + + + + + The NixOS manual is available on virtual console 8 (press Alt+F8 to access) + or by running nixos-help. + + + + + You get logged in as root (with empty password). + + + + + If you downloaded the graphical ISO image, you can run systemctl + start display-manager to start KDE. If you want to continue on + the terminal, you can use loadkeys to switch to your + preferred keyboard layout. (We even provide neo2 via loadkeys de + neo!) + + + + + The boot process should have brought up networking (check ip + a). Networking is necessary for the installer, since it will + download lots of stuff (such as source tarballs or Nixpkgs channel + binaries). It’s best if you have a DHCP server on your network. Otherwise + configure networking manually using ifconfig. + + + To manually configure the network on the graphical installer, first disable + network-manager with systemctl stop network-manager. + + + To manually configure the wifi on the minimal installer, run + wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' + 'key'). + + + + + If you would like to continue the installation from a different machine you + need to activate the SSH daemon via systemctl start + sshd. In order to be able to login you also need to set a + password for root using passwd. + + + + + The NixOS installer doesn’t do any partitioning or formatting yet, so you + need to do that yourself. Use the following commands: + + + + For partitioning: fdisk. # fdisk /dev/sda # (or whatever device you want to install on) -- for UEFI systems only @@ -86,257 +112,266 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif > x # (enter expert mode) > f # (fix up the partition ordering) > r # (exit expert mode) -> w # (write the partition table to disk and exit) - - For initialising Ext4 partitions: - mkfs.ext4. It is recommended that you assign a - unique symbolic label to the file system using the option - , since this - makes the file system configuration independent from device - changes. For example: - +> w # (write the partition table to disk and exit) + + + + + For initialising Ext4 partitions: mkfs.ext4. It is + recommended that you assign a unique symbolic label to the file system + using the option , + since this makes the file system configuration independent from device + changes. For example: # mkfs.ext4 -L nixos /dev/sda1 - - - - For creating swap partitions: - mkswap. Again it’s recommended to assign a - label to the swap partition: . For example: - + + + + + For creating swap partitions: mkswap. Again it’s + recommended to assign a label to the swap partition: . For example: # mkswap -L swap /dev/sda2 - - - - - - UEFI systems - For creating boot partitions: - mkfs.fat. Again it’s recommended to assign a - label to the boot partition: . For example: - + + + + + + UEFI systems + + + For creating boot partitions: mkfs.fat. Again + it’s recommended to assign a label to the boot partition: + . For example: # mkfs.fat -F 32 -n boot /dev/sda3 - - - - For creating LVM volumes, the LVM commands, e.g., - pvcreate, vgcreate, and - lvcreate. - - For creating software RAID devices, use - mdadm. - - - - - - Mount the target file system on which NixOS should - be installed on /mnt, e.g. - + + + + + + + + For creating LVM volumes, the LVM commands, e.g., + pvcreate, vgcreate, and + lvcreate. + + + + + For creating software RAID devices, use mdadm. + + + + + + + + Mount the target file system on which NixOS should be installed on + /mnt, e.g. # mount /dev/disk/by-label/nixos /mnt - - - + + - - UEFI systems - Mount the boot file system on /mnt/boot, e.g. - + + + UEFI systems + + + Mount the boot file system on /mnt/boot, e.g. # mkdir -p /mnt/boot # mount /dev/disk/by-label/boot /mnt/boot - - - - If your machine has a limited amount of memory, you - may want to activate swap devices now (swapon - device). The installer (or - rather, the build actions that it may spawn) may need quite a bit of - RAM, depending on your configuration. - + + + + + + + + If your machine has a limited amount of memory, you may want to activate + swap devices now (swapon + device). The installer (or rather, the + build actions that it may spawn) may need quite a bit of RAM, depending on + your configuration. # swapon /dev/sda2 - - - + + - - You now need to create a file - /mnt/etc/nixos/configuration.nix that - specifies the intended configuration of the system. This is - because NixOS has a declarative configuration - model: you create or edit a description of the desired - configuration of your system, and then NixOS takes care of making - it happen. The syntax of the NixOS configuration file is - described in , while a - list of available configuration options appears in . A minimal example is shown in . - - The command nixos-generate-config can - generate an initial configuration file for you: - + + You now need to create a file + /mnt/etc/nixos/configuration.nix that specifies the + intended configuration of the system. This is because NixOS has a + declarative configuration model: you create or edit a + description of the desired configuration of your system, and then NixOS + takes care of making it happen. The syntax of the NixOS configuration file + is described in , while a list of + available configuration options appears in + . A minimal example is shown in + . + + + The command nixos-generate-config can generate an + initial configuration file for you: # nixos-generate-config --root /mnt - - You should then edit - /mnt/etc/nixos/configuration.nix to suit your - needs: - + You should then edit /mnt/etc/nixos/configuration.nix + to suit your needs: # nano /mnt/etc/nixos/configuration.nix - - If you’re using the graphical ISO image, other editors may be - available (such as vim). If you have network - access, you can also install other editors — for instance, you can - install Emacs by running nix-env -i - emacs. - - - - BIOS systems - You must set the option - to specify on which disk - the GRUB boot loader is to be installed. Without it, NixOS cannot - boot. - - UEFI systems - You must set the option - to true. - nixos-generate-config should do this automatically for new - configurations when booted in - UEFI mode. - You may want to look at the options starting with - and - as well. - - - - - - - If there are other operating systems running on the machine before - installing NixOS, the - option can be set to - true to automatically add them to the grub menu. - - Another critical option is , - specifying the file systems that need to be mounted by NixOS. - However, you typically don’t need to set it yourself, because + If you’re using the graphical ISO image, other editors may be available + (such as vim). If you have network access, you can also + install other editors — for instance, you can install Emacs by running + nix-env -i emacs. + + + + BIOS systems + + + You must set the option + to specify on which disk + the GRUB boot loader is to be installed. Without it, NixOS cannot boot. + + + + + UEFI systems + + + You must set the option + to + true. nixos-generate-config should + do this automatically for new configurations when booted in UEFI mode. + + + You may want to look at the options starting with + + and + + as well. + + + + + + If there are other operating systems running on the machine before + installing NixOS, the + option can be set to true to automatically add them to + the grub menu. + + + Another critical option is , specifying the + file systems that need to be mounted by NixOS. However, you typically + don’t need to set it yourself, because nixos-generate-config sets it automatically in - /mnt/etc/nixos/hardware-configuration.nix - from your currently mounted file systems. (The configuration file + /mnt/etc/nixos/hardware-configuration.nix from your + currently mounted file systems. (The configuration file hardware-configuration.nix is included from - configuration.nix and will be overwritten by - future invocations of nixos-generate-config; - thus, you generally should not modify it.) - - Depending on your hardware configuration or type of - file system, you may need to set the option - to include the kernel - modules that are necessary for mounting the root file system, - otherwise the installed system will not be able to boot. (If this - happens, boot from the CD again, mount the target file system on - /mnt, fix - /mnt/etc/nixos/configuration.nix and rerun - nixos-install.) In most cases, - nixos-generate-config will figure out the - required modules. - + configuration.nix and will be overwritten by future + invocations of nixos-generate-config; thus, you + generally should not modify it.) + + + + Depending on your hardware configuration or type of file system, you may + need to set the option to + include the kernel modules that are necessary for mounting the root file + system, otherwise the installed system will not be able to boot. (If this + happens, boot from the CD again, mount the target file system on + /mnt, fix + /mnt/etc/nixos/configuration.nix and rerun + nixos-install.) In most cases, + nixos-generate-config will figure out the required + modules. + + - - Do the installation: - + + + Do the installation: # nixos-install - - Cross fingers. If this fails due to a temporary problem (such as - a network issue while downloading binaries from the NixOS binary - cache), you can just re-run nixos-install. - Otherwise, fix your configuration.nix and - then re-run nixos-install. - - As the last step, nixos-install will ask - you to set the password for the root user, e.g. - - + Cross fingers. If this fails due to a temporary problem (such as a network + issue while downloading binaries from the NixOS binary cache), you can just + re-run nixos-install. Otherwise, fix your + configuration.nix and then re-run + nixos-install. + + + As the last step, nixos-install will ask you to set the + password for the root user, e.g. + setting root password... Enter new UNIX password: *** Retype new UNIX password: *** - - - To prevent the password prompt, set = false; in - configuration.nix, which allows unattended installation - necessary in automation. - + + To prevent the password prompt, set + = false; in + configuration.nix, which allows unattended + installation necessary in automation. + - - - + - - If everything went well: - - + + If everything went well: + # reboot - - - + + - - You should now be able to boot into the installed NixOS. The - GRUB boot menu shows a list of available - configurations (initially just one). Every time you - change the NixOS configuration (see Changing Configuration ), a - new item is added to the menu. This allows you to easily roll back - to a previous configuration if something goes wrong. - - You should log in and change the root - password with passwd. - - You’ll probably want to create some user accounts as well, - which can be done with useradd: - + + You should now be able to boot into the installed NixOS. The GRUB boot menu + shows a list of available configurations (initially + just one). Every time you change the NixOS configuration (see + Changing Configuration + ), a new item is added to the menu. This allows you to easily roll back to + a previous configuration if something goes wrong. + + + You should log in and change the root password with + passwd. + + + You’ll probably want to create some user accounts as well, which can be + done with useradd: $ useradd -c 'Eelco Dolstra' -m eelco $ passwd eelco - - - - You may also want to install some software. For instance, - + + + You may also want to install some software. For instance, $ nix-env -qa \* - shows what packages are available, and - $ nix-env -i w3m - - install the w3m browser. - + install the w3m browser. + - - - -To summarise, shows a -typical sequence of commands for installing NixOS on an empty hard -drive (here /dev/sda). shows a corresponding configuration Nix expression. - -Commands for Installing NixOS on <filename>/dev/sda</filename> + + + To summarise, shows a typical sequence + of commands for installing NixOS on an empty hard drive (here + /dev/sda). shows a + corresponding configuration Nix expression. + + + Commands for Installing NixOS on <filename>/dev/sda</filename> # fdisk /dev/sda # (or whatever device you want to install on) -- for UEFI systems only @@ -372,10 +407,10 @@ drive (here /dev/sda). - - -NixOS Configuration - + + + NixOS Configuration + { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. @@ -394,11 +429,9 @@ drive (here /dev/sda). - - - - - - - + + + + + diff --git a/nixos/doc/manual/installation/obtaining.xml b/nixos/doc/manual/installation/obtaining.xml index 9b2b474c60c..56af5c0e25a 100644 --- a/nixos/doc/manual/installation/obtaining.xml +++ b/nixos/doc/manual/installation/obtaining.xml @@ -3,46 +3,52 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-obtaining"> - -Obtaining NixOS - -NixOS ISO images can be downloaded from the NixOS -download page. There are a number of installation options. If -you happen to have an optical drive and a spare CD, burning the -image to CD and booting from that is probably the easiest option. -Most people will need to prepare a USB stick to boot from. - describes the preferred method -to prepare a USB stick. -A number of alternative methods are presented in the Obtaining NixOS + + NixOS ISO images can be downloaded from the + NixOS download + page. There are a number of installation options. If you happen to + have an optical drive and a spare CD, burning the image to CD and booting + from that is probably the easiest option. Most people will need to prepare a + USB stick to boot from. describes the + preferred method to prepare a USB stick. A number of alternative methods are + presented in the + NixOS -Wiki. - -As an alternative to installing NixOS yourself, you can get a -running NixOS system through several other means: - - - - Using virtual appliances in Open Virtualization Format (OVF) - that can be imported into VirtualBox. These are available from - the NixOS - download page. - - - Using AMIs for Amazon’s EC2. To find one for your region - and instance type, please refer to the . + + + As an alternative to installing NixOS yourself, you can get a running NixOS + system through several other means: + + + + Using virtual appliances in Open Virtualization Format (OVF) that can be + imported into VirtualBox. These are available from the + NixOS download + page. + + + + + Using AMIs for Amazon’s EC2. To find one for your region and instance + type, please refer to the + list - of most recent AMIs. - - - Using NixOps, the NixOS-based cloud deployment tool, which - allows you to provision VirtualBox and EC2 NixOS instances from - declarative specifications. Check out the . + + + + + Using NixOps, the NixOS-based cloud deployment tool, which allows you to + provision VirtualBox and EC2 NixOS instances from declarative + specifications. Check out the + NixOps homepage for - details. - - - - - + details. + + + + diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml index 24881c8fec0..20355812ec6 100644 --- a/nixos/doc/manual/installation/upgrading.xml +++ b/nixos/doc/manual/installation/upgrading.xml @@ -2,140 +2,130 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="sec-upgrading"> - -Upgrading NixOS - -The best way to keep your NixOS installation up to date is to -use one of the NixOS channels. A channel is a -Nix mechanism for distributing Nix expressions and associated -binaries. The NixOS channels are updated automatically from NixOS’s -Git repository after certain tests have passed and all packages have -been built. These channels are: - - - - Stable channels, such as Upgrading NixOS + + The best way to keep your NixOS installation up to date is to use one of the + NixOS channels. A channel is a Nix mechanism for + distributing Nix expressions and associated binaries. The NixOS channels are + updated automatically from NixOS’s Git repository after certain tests have + passed and all packages have been built. These channels are: + + + + Stable channels, such as + nixos-17.03. - These only get conservative bug fixes and package upgrades. For - instance, a channel update may cause the Linux kernel on your - system to be upgraded from 4.9.16 to 4.9.17 (a minor bug fix), but - not from 4.9.x to - 4.11.x (a major change that has the - potential to break things). Stable channels are generally - maintained until the next stable branch is created. + These only get conservative bug fixes and package upgrades. For instance, + a channel update may cause the Linux kernel on your system to be upgraded + from 4.9.16 to 4.9.17 (a minor bug fix), but not from + 4.9.x to 4.11.x (a + major change that has the potential to break things). Stable channels are + generally maintained until the next stable branch is created. + - - - The unstable channel, + + + The unstable channel, + nixos-unstable. - This corresponds to NixOS’s main development branch, and may thus - see radical changes between channel updates. It’s not recommended - for production systems. - - - Small channels, such as + + + + Small channels, such as + nixos-17.03-small - or nixos-unstable-small. These - are identical to the stable and unstable channels described above, - except that they contain fewer binary packages. This means they - get updated faster than the regular channels (for instance, when a - critical security patch is committed to NixOS’s source tree), but - may require more packages to be built from source than - usual. They’re mostly intended for server environments and as such - contain few GUI applications. - - - -To see what channels are available, go to . (Note that the URIs of the -various channels redirect to a directory that contains the channel’s -latest version and includes ISO images and VirtualBox -appliances.) - -When you first install NixOS, you’re automatically subscribed to -the NixOS channel that corresponds to your installation source. For -instance, if you installed from a 17.03 ISO, you will be subscribed to -the nixos-17.03 channel. To see which NixOS -channel you’re subscribed to, run the following as root: - + or + nixos-unstable-small. + These are identical to the stable and unstable channels described above, + except that they contain fewer binary packages. This means they get + updated faster than the regular channels (for instance, when a critical + security patch is committed to NixOS’s source tree), but may require + more packages to be built from source than usual. They’re mostly + intended for server environments and as such contain few GUI applications. + + + + To see what channels are available, go to + . (Note that the URIs of the + various channels redirect to a directory that contains the channel’s latest + version and includes ISO images and VirtualBox appliances.) + + + When you first install NixOS, you’re automatically subscribed to the NixOS + channel that corresponds to your installation source. For instance, if you + installed from a 17.03 ISO, you will be subscribed to the + nixos-17.03 channel. To see which NixOS channel you’re + subscribed to, run the following as root: # nix-channel --list | grep nixos nixos https://nixos.org/channels/nixos-unstable - -To switch to a different NixOS channel, do - + To switch to a different NixOS channel, do # nix-channel --add https://nixos.org/channels/channel-name nixos - -(Be sure to include the nixos parameter at the -end.) For instance, to use the NixOS 17.03 stable channel: - + (Be sure to include the nixos parameter at the end.) For + instance, to use the NixOS 17.03 stable channel: # nix-channel --add https://nixos.org/channels/nixos-17.03 nixos - -If you have a server, you may want to use the “small” channel instead: - + If you have a server, you may want to use the “small” channel instead: # nix-channel --add https://nixos.org/channels/nixos-17.03-small nixos - -And if you want to live on the bleeding edge: - + And if you want to live on the bleeding edge: # nix-channel --add https://nixos.org/channels/nixos-unstable nixos - - - -You can then upgrade NixOS to the latest version in your chosen -channel by running - + + + You can then upgrade NixOS to the latest version in your chosen channel by + running # nixos-rebuild switch --upgrade + which is equivalent to the more verbose nix-channel --update nixos; + nixos-rebuild switch. + + + + Channels are set per user. This means that running nix-channel + --add as a non root user (or without sudo) will not affect + configuration in /etc/nixos/configuration.nix + + + + + It is generally safe to switch back and forth between channels. The only + exception is that a newer NixOS may also have a newer Nix version, which may + involve an upgrade of Nix’s database schema. This cannot be undone easily, + so in that case you will not be able to go back to your original channel. + + +
+ Automatic Upgrades -which is equivalent to the more verbose nix-channel --update -nixos; nixos-rebuild switch. - -Channels are set per user. This means that running -nix-channel --add as a non root user (or without sudo) will not -affect configuration in /etc/nixos/configuration.nix - - -It is generally safe to switch back and forth between -channels. The only exception is that a newer NixOS may also have a -newer Nix version, which may involve an upgrade of Nix’s database -schema. This cannot be undone easily, so in that case you will not be -able to go back to your original channel. - - -
Automatic Upgrades - -You can keep a NixOS system up-to-date automatically by adding -the following to configuration.nix: - + + You can keep a NixOS system up-to-date automatically by adding the following + to configuration.nix: = true; - -This enables a periodically executed systemd service named -nixos-upgrade.service. It runs -nixos-rebuild switch --upgrade to upgrade NixOS to -the latest version in the current channel. (To see when the service -runs, see systemctl list-timers.) You can also -specify a channel explicitly, e.g. - + This enables a periodically executed systemd service named + nixos-upgrade.service. It runs nixos-rebuild + switch --upgrade to upgrade NixOS to the latest version in the + current channel. (To see when the service runs, see systemctl + list-timers.) You can also specify a channel explicitly, e.g. = https://nixos.org/channels/nixos-17.03; - - - -
- - + +
diff --git a/nixos/doc/manual/man-configuration.xml b/nixos/doc/manual/man-configuration.xml index 37ffb9d648a..9f30b792510 100644 --- a/nixos/doc/manual/man-configuration.xml +++ b/nixos/doc/manual/man-configuration.xml @@ -1,39 +1,31 @@ - - - configuration.nix - 5 + + configuration.nix + 5 NixOS - - - - - configuration.nix - NixOS system configuration specification - - - -Description - -The file /etc/nixos/configuration.nix -contains the declarative specification of your NixOS system -configuration. The command nixos-rebuild takes -this file and realises the system configuration specified -therein. - - - - -Options - -You can use the following options in -configuration.nix. - - --> + + + configuration.nix + NixOS system configuration specification + + + Description + + The file /etc/nixos/configuration.nix contains the + declarative specification of your NixOS system configuration. The command + nixos-rebuild takes this file and realises the system + configuration specified therein. + + + + Options + + You can use the following options in configuration.nix. + + - - - + diff --git a/nixos/doc/manual/man-nixos-build-vms.xml b/nixos/doc/manual/man-nixos-build-vms.xml index f4b59a7c6d4..02dad4c548b 100644 --- a/nixos/doc/manual/man-nixos-build-vms.xml +++ b/nixos/doc/manual/man-nixos-build-vms.xml @@ -1,40 +1,39 @@ - - - nixos-build-vms - 8 + + nixos-build-vms + 8 NixOS - - - - - nixos-build-vms - build a network of virtual machines from a network of NixOS configurations - - - - - nixos-build-vms - - - - network.nix + + + + nixos-build-vms + build a network of virtual machines from a network of NixOS configurations + + + nixos-build-vms + + + + + + + network.nix + - - -Description - -This command builds a network of QEMU-KVM virtual machines of a Nix expression -specifying a network of NixOS machines. The virtual network can be started by -executing the bin/run-vms shell script that is generated by -this command. By default, a result symlink is produced that -points to the generated virtual network. - - -A network Nix expression has the following structure: - + + + Description + + This command builds a network of QEMU-KVM virtual machines of a Nix + expression specifying a network of NixOS machines. The virtual network can + be started by executing the bin/run-vms shell script + that is generated by this command. By default, a result + symlink is produced that points to the generated virtual network. + + + A network Nix expression has the following structure: { test1 = {pkgs, config, ...}: @@ -58,53 +57,53 @@ points to the generated virtual network. }; } - -Each attribute in the expression represents a machine in the network -(e.g. test1 and test2) -referring to a function defining a NixOS configuration. -In each NixOS configuration, two attributes have a special meaning. -The deployment.targetHost specifies the address -(domain name or IP address) -of the system which is used by ssh to perform -remote deployment operations. The nixpkgs.localSystem.system -attribute can be used to specify an architecture for the target machine, -such as i686-linux which builds a 32-bit NixOS -configuration. Omitting this property will build the configuration -for the same architecture as the host system. - - - - -Options - -This command accepts the following options: - - - - - + Each attribute in the expression represents a machine in the network (e.g. + test1 and test2) referring to a + function defining a NixOS configuration. In each NixOS configuration, two + attributes have a special meaning. The + deployment.targetHost specifies the address (domain name + or IP address) of the system which is used by ssh to + perform remote deployment operations. The + nixpkgs.localSystem.system attribute can be used to + specify an architecture for the target machine, such as + i686-linux which builds a 32-bit NixOS configuration. + Omitting this property will build the configuration for the same + architecture as the host system. + + + + Options + + This command accepts the following options: + + + + + - Shows a trace of the output. + + Shows a trace of the output. + - - - - + + + + - Do not create a 'result' symlink. + + Do not create a 'result' symlink. + - - - - , + + + , + - Shows the usage of this command to the user. + + Shows the usage of this command to the user. + - - - - - - - + + + diff --git a/nixos/doc/manual/man-nixos-enter.xml b/nixos/doc/manual/man-nixos-enter.xml index a2fbe07961d..7db4b72ee36 100644 --- a/nixos/doc/manual/man-nixos-enter.xml +++ b/nixos/doc/manual/man-nixos-enter.xml @@ -1,119 +1,119 @@ - - - nixos-enter - 8 + + nixos-enter + 8 NixOS - - - - - nixos-enter - run a command in a NixOS chroot environment - - - - - nixos-enter - - - root - - - - system - - - - shell-command - - - - - - - arguments + + + + nixos-enter + run a command in a NixOS chroot environment + + + nixos-enter + + + root + + + + system + + + + shell-command + + + + + + + arguments + - - - -Description - -This command runs a command in a NixOS chroot environment, that -is, in a filesystem hierarchy previously prepared using -nixos-install. - - - -Options - -This command accepts the following options: - - - - - + + + Description + + This command runs a command in a NixOS chroot environment, that is, in a + filesystem hierarchy previously prepared using + nixos-install. + + + + Options + + This command accepts the following options: + + + + + - The path to the NixOS system you want to enter. It defaults to /mnt. + + The path to the NixOS system you want to enter. It defaults to + /mnt. + - - - - + + + + - The NixOS system configuration to use. It defaults to - /nix/var/nix/profiles/system. You can enter - a previous NixOS configuration by specifying a path such as - /nix/var/nix/profiles/system-106-link. + + The NixOS system configuration to use. It defaults to + /nix/var/nix/profiles/system. You can enter a + previous NixOS configuration by specifying a path such as + /nix/var/nix/profiles/system-106-link. + - - - - - + + + + + + - The bash command to execute. + + The bash command to execute. + - - - - - - Interpret the remaining arguments as the program - name and arguments to be invoked. The program is not executed in a - shell. - - - - - - - - -Examples - -Start an interactive shell in the NixOS installation in -/mnt: - + + + + + + + Interpret the remaining arguments as the program name and arguments to be + invoked. The program is not executed in a shell. + + + + + + + Examples + + Start an interactive shell in the NixOS installation in + /mnt: + # nixos-enter /mnt - -Run a shell command: - + + Run a shell command: + # nixos-enter -c 'ls -l /; cat /proc/mounts' - -Run a non-shell command: - + + Run a non-shell command: + # nixos-enter -- cat /proc/mounts - - - + diff --git a/nixos/doc/manual/man-nixos-generate-config.xml b/nixos/doc/manual/man-nixos-generate-config.xml index 993a932ddfb..8bf90f452db 100644 --- a/nixos/doc/manual/man-nixos-generate-config.xml +++ b/nixos/doc/manual/man-nixos-generate-config.xml @@ -1,152 +1,149 @@ - - - nixos-generate-config - 8 + + nixos-generate-config + 8 NixOS - - - - - nixos-generate-config - generate NixOS configuration modules - - - - - nixos-generate-config - - - - root - - - - dir - + + + + nixos-generate-config + generate NixOS configuration modules + + + nixos-generate-config + + + + + root + + + + dir + - - - -Description - -This command writes two NixOS configuration modules: - - - - - + + + Description + + This command writes two NixOS configuration modules: + + + + + + + This module sets NixOS configuration options based on your current + hardware configuration. In particular, it sets the + option to reflect all currently mounted file + systems, the option to reflect active swap + devices, and the options to ensure that + the initial ramdisk contains any kernel modules necessary for mounting + the root file system. + + + If this file already exists, it is overwritten. Thus, you should not + modify it manually. Rather, you should include it from your + /etc/nixos/configuration.nix, and re-run + nixos-generate-config to update it whenever your + hardware configuration changes. + + + + + + + + + This is the main NixOS system configuration module. If it already + exists, it’s left unchanged. Otherwise, + nixos-generate-config will write a template for you + to customise. + + + + + + + + Options + + This command accepts the following options: + + + + + - This module sets NixOS configuration options based on your - current hardware configuration. In particular, it sets the - option to reflect all currently - mounted file systems, the option to - reflect active swap devices, and the - options to ensure that the - initial ramdisk contains any kernel modules necessary for - mounting the root file system. - - If this file already exists, it is overwritten. Thus, you - should not modify it manually. Rather, you should include it - from your /etc/nixos/configuration.nix, and - re-run nixos-generate-config to update it - whenever your hardware configuration changes. + + If this option is given, treat the directory + root as the root of the file system. This + means that configuration files will be written to + root/etc/nixos, and that + any file systems outside of root are ignored + for the purpose of generating the option. + - - - - + + + + - This is the main NixOS system configuration module. If it - already exists, it’s left unchanged. Otherwise, - nixos-generate-config will write a template - for you to customise. + + If this option is given, write the configuration files to the directory + dir instead of + /etc/nixos. + - - - - - - - - - -Options - -This command accepts the following options: - - - - - + + + + - If this option is given, treat the directory - root as the root of the file system. - This means that configuration files will be written to - root/etc/nixos, - and that any file systems outside of - root are ignored for the purpose of - generating the option. + + Overwrite /etc/nixos/configuration.nix if it already + exists. + - - - - + + + + - If this option is given, write the configuration files to - the directory dir instead of - /etc/nixos. + + Omit everything concerning file systems and swap devices from the + hardware configuration. + - - - - + + + + - Overwrite - /etc/nixos/configuration.nix if it already - exists. + + Don't generate configuration.nix or + hardware-configuration.nix and print the hardware + configuration to stdout only. + - - - - - - Omit everything concerning file systems and swap devices - from the hardware configuration. - - - - - - - Don't generate configuration.nix or - hardware-configuration.nix and print the - hardware configuration to stdout only. - - - - - - - - -Examples - -This command is typically used during NixOS installation to -write initial configuration modules. For example, if you created and -mounted the target file systems on /mnt and -/mnt/boot, you would run: - + + + + + Examples + + This command is typically used during NixOS installation to write initial + configuration modules. For example, if you created and mounted the target + file systems on /mnt and + /mnt/boot, you would run: $ nixos-generate-config --root /mnt - -The resulting file -/mnt/etc/nixos/hardware-configuration.nix might -look like this: - + The resulting file + /mnt/etc/nixos/hardware-configuration.nix might look + like this: # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes @@ -181,28 +178,22 @@ look like this: nix.maxJobs = 8; } - -It will also create a basic -/mnt/etc/nixos/configuration.nix, which you -should edit to customise the logical configuration of your system. -This file includes the result of the hardware scan as follows: - + It will also create a basic + /mnt/etc/nixos/configuration.nix, which you should edit + to customise the logical configuration of your system. This file includes + the result of the hardware scan as follows: imports = [ ./hardware-configuration.nix ]; - - -After installation, if your hardware configuration changes, you -can run: - + + + After installation, if your hardware configuration changes, you can run: $ nixos-generate-config - -to update /etc/nixos/hardware-configuration.nix. -Your /etc/nixos/configuration.nix will -not be overwritten. - - - + to update /etc/nixos/hardware-configuration.nix. Your + /etc/nixos/configuration.nix will + not be overwritten. + + diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml index d6e70d16098..2d45e83a863 100644 --- a/nixos/doc/manual/man-nixos-install.xml +++ b/nixos/doc/manual/man-nixos-install.xml @@ -1,201 +1,221 @@ - - - nixos-install - 8 + + nixos-install + 8 NixOS - - - - - nixos-install - install bootloader and NixOS - - - - - nixos-install - - - path + + + + nixos-install + install bootloader and NixOS + + + nixos-install + + + path + + + + root + + + + path + + + - - - root + + + - - - path + + + - - + + + - - + + number + + number + + namevalue + + + - - - - - - - - - number - - - - number - - - - name - value - - - - - - + + + + - - - -Description - -This command installs NixOS in the file system mounted on -/mnt, based on the NixOS configuration specified -in /mnt/etc/nixos/configuration.nix. It performs -the following steps: - - - - It copies Nix and its dependencies to - /mnt/nix/store. - - It runs Nix in /mnt to build - the NixOS configuration specified in - /mnt/etc/nixos/configuration.nix. - - It installs the GRUB boot loader on the device - specified in the option - (unless is specified), - and generates a GRUB configuration file that boots into the NixOS - configuration just installed. - - It prompts you for a password for the root account - (unless is specified). - - - - - -This command is idempotent: if it is interrupted or fails due to -a temporary problem (e.g. a network issue), you can safely re-run -it. - - - -Options - -This command accepts the following options: - - - - - + + + Description + + This command installs NixOS in the file system mounted on + /mnt, based on the NixOS configuration specified in + /mnt/etc/nixos/configuration.nix. It performs the + following steps: + - Defaults to /mnt. If this option is given, treat the directory - root as the root of the NixOS installation. - + + It copies Nix and its dependencies to + /mnt/nix/store. + - - - - - If this option is provided, nixos-install will install the specified closure - rather than attempt to build one from /mnt/etc/nixos/configuration.nix. - - The closure must be an appropriately configured NixOS system, with boot loader and partition - configuration that fits the target host. Such a closure is typically obtained with a command such as - nix-build -I nixos-config=./configuration.nix '<nixos>' -A system --no-out-link - + + It runs Nix in /mnt to build the NixOS configuration + specified in /mnt/etc/nixos/configuration.nix. + - - - - - Add a path to the Nix expression search path. This option may be given multiple times. - See the NIX_PATH environment variable for information on the semantics of the Nix search path. - Paths added through -I take precedence over NIX_PATH. + + It installs the GRUB boot loader on the device specified in the option + (unless + is specified), and generates a GRUB + configuration file that boots into the NixOS configuration just + installed. + - - - - - - Sets the maximum number of build jobs that Nix will - perform in parallel to the specified number. The default is 1. - A higher value is useful on SMP systems or to exploit I/O latency. - - - - - - - Sets the value of the NIX_BUILD_CORES - environment variable in the invocation of builders. Builders can - use this variable at their discretion to control the maximum amount - of parallelism. For instance, in Nixpkgs, if the derivation - attribute enableParallelBuilding is set to - true, the builder passes the - flag to GNU Make. - The value 0 means that the builder should use all - available CPU cores in the system. - - - - name value - - Set the Nix configuration option - name to value. - - - - - - Causes Nix to print out a stack trace in case of Nix expression evaluation errors. + + It prompts you for a password for the root account (unless + is specified). + - - - - + + + + This command is idempotent: if it is interrupted or fails due to a temporary + problem (e.g. a network issue), you can safely re-run it. + + + + Options + + This command accepts the following options: + + + + + - Synonym for man nixos-install. + + Defaults to /mnt. If this option is given, treat the + directory root as the root of the NixOS + installation. + - - - - - - - -Examples - -A typical NixOS installation is done by creating and mounting a -file system on /mnt, generating a NixOS -configuration in -/mnt/etc/nixos/configuration.nix, and running -nixos-install. For instance, if we want to install -NixOS on an ext4 file system created in -/dev/sda1: - + + + + + + + If this option is provided, nixos-install will install + the specified closure rather than attempt to build one from + /mnt/etc/nixos/configuration.nix. + + + The closure must be an appropriately configured NixOS system, with boot + loader and partition configuration that fits the target host. Such a + closure is typically obtained with a command such as nix-build + -I nixos-config=./configuration.nix '<nixos>' -A system + --no-out-link + + + + + + + + + Add a path to the Nix expression search path. This option may be given + multiple times. See the NIX_PATH environment variable for information on + the semantics of the Nix search path. Paths added through + -I take precedence over NIX_PATH. + + + + + + + + + + + Sets the maximum number of build jobs that Nix will perform in parallel + to the specified number. The default is 1. A higher + value is useful on SMP systems or to exploit I/O latency. + + + + + + + + + Sets the value of the NIX_BUILD_CORES environment variable + in the invocation of builders. Builders can use this variable at their + discretion to control the maximum amount of parallelism. For instance, in + Nixpkgs, if the derivation attribute + enableParallelBuilding is set to + true, the builder passes the + flag to GNU Make. The + value 0 means that the builder should use all + available CPU cores in the system. + + + + + namevalue + + + + Set the Nix configuration option name to + value. + + + + + + + + + Causes Nix to print out a stack trace in case of Nix expression + evaluation errors. + + + + + + + + + Synonym for man nixos-install. + + + + + + + Examples + + A typical NixOS installation is done by creating and mounting a file system + on /mnt, generating a NixOS configuration in + /mnt/etc/nixos/configuration.nix, and running + nixos-install. For instance, if we want to install NixOS + on an ext4 file system created in + /dev/sda1: $ mkfs.ext4 /dev/sda1 $ mount /dev/sda1 /mnt @@ -204,9 +224,6 @@ $ # edit /mnt/etc/nixos/configuration.nix $ nixos-install $ reboot - - - - - + + diff --git a/nixos/doc/manual/man-nixos-option.xml b/nixos/doc/manual/man-nixos-option.xml index d2b2d5b7965..c22c3811ded 100644 --- a/nixos/doc/manual/man-nixos-option.xml +++ b/nixos/doc/manual/man-nixos-option.xml @@ -1,103 +1,96 @@ - - - nixos-option - 8 + + nixos-option + 8 NixOS - - - - - nixos-option - inspect a NixOS configuration - - - - - nixos-option - - - path - - - - option.name + + + + nixos-option + inspect a NixOS configuration + + + nixos-option + path + + + + + + option.name + - - -Description - -This command evaluates the configuration specified in -/etc/nixos/configuration.nix and returns the properties -of the option name given as argument. - -When the option name is not an option, the command prints the list of -attributes contained in the attribute set. - - - -Options - -This command accepts the following options: - - - - - path + + + Description + + This command evaluates the configuration specified in + /etc/nixos/configuration.nix and returns the properties + of the option name given as argument. + + + When the option name is not an option, the command prints the list of + attributes contained in the attribute set. + + + + Options + + This command accepts the following options: + + + + path + - - This option is passed to the underlying - nix-instantiate invocation. - + + This option is passed to the underlying + nix-instantiate invocation. + - - - - + + + + - - This option enables verbose mode, which currently is just - the Bash set debug mode. - + + This option enables verbose mode, which currently is just the Bash + set debug mode. + - - - - + + + + - - This option causes the output to be rendered as XML. - + + This option causes the output to be rendered as XML. + - - - - - - -Environment - - - - - NIXOS_CONFIG + + + + + Environment + + + NIXOS_CONFIG + - Path to the main NixOS configuration module. Defaults to - /etc/nixos/configuration.nix. + + Path to the main NixOS configuration module. Defaults to + /etc/nixos/configuration.nix. + - - - - - - - -Examples - -Investigate option values: - + + + + + Examples + + Investigate option values: $ nixos-option boot.loader This attribute set contains: generationsDir @@ -119,16 +112,14 @@ Declared by: Defined by: "/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix" - - - - -Bugs - -The author listed in the following section is wrong. If there is any - other bug, please report to Nicolas Pierron. - - - - + + + + + Bugs + + The author listed in the following section is wrong. If there is any other + bug, please report to Nicolas Pierron. + + diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml index f74788353e6..e1a2c7108d1 100644 --- a/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixos/doc/manual/man-nixos-rebuild.xml @@ -1,399 +1,415 @@ - - - nixos-rebuild - 8 + + nixos-rebuild + 8 NixOS - - - - - nixos-rebuild - reconfigure a NixOS machine - - - - - nixos-rebuild - - - - - - - - - - - - - - - - - - - - - - - name + + + + nixos-rebuild + reconfigure a NixOS machine + + + nixos-rebuild + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + name + + + + - - - -Description - -This command updates the system so that it corresponds to the -configuration specified in -/etc/nixos/configuration.nix. Thus, every time -you modify /etc/nixos/configuration.nix or any -NixOS module, you must run nixos-rebuild to make -the changes take effect. It builds the new system in -/nix/store, runs its activation script, and stop -and (re)starts any system services if needed. - -This command has one required argument, which specifies the -desired operation. It must be one of the following: - - - - - - - Build and activate the new configuration, and make it the - boot default. That is, the configuration is added to the GRUB - boot menu as the default menu entry, so that subsequent reboots - will boot the system into the new configuration. Previous - configurations activated with nixos-rebuild - switch or nixos-rebuild boot remain - available in the GRUB menu. - - - - - - - Build the new configuration and make it the boot default - (as with nixos-rebuild switch), but do not - activate it. That is, the system continues to run the previous - configuration until the next reboot. - - - - - - - Build and activate the new configuration, but do not add - it to the GRUB boot menu. Thus, if you reboot the system (or if - it crashes), you will automatically revert to the default - configuration (i.e. the configuration resulting from the last - call to nixos-rebuild switch or - nixos-rebuild boot). - - - - - - - Build the new configuration, but neither activate it nor - add it to the GRUB boot menu. It leaves a symlink named - result in the current directory, which - points to the output of the top-level “system” derivation. This - is essentially the same as doing + + + Description + + This command updates the system so that it corresponds to the configuration + specified in /etc/nixos/configuration.nix. Thus, every + time you modify /etc/nixos/configuration.nix or any + NixOS module, you must run nixos-rebuild to make the + changes take effect. It builds the new system in + /nix/store, runs its activation script, and stop and + (re)starts any system services if needed. + + + This command has one required argument, which specifies the desired + operation. It must be one of the following: + + + + + + + Build and activate the new configuration, and make it the boot default. + That is, the configuration is added to the GRUB boot menu as the default + menu entry, so that subsequent reboots will boot the system into the new + configuration. Previous configurations activated with + nixos-rebuild switch or nixos-rebuild + boot remain available in the GRUB menu. + + + + + + + + + Build the new configuration and make it the boot default (as with + nixos-rebuild switch), but do not activate it. That + is, the system continues to run the previous configuration until the + next reboot. + + + + + + + + + Build and activate the new configuration, but do not add it to the GRUB + boot menu. Thus, if you reboot the system (or if it crashes), you will + automatically revert to the default configuration (i.e. the + configuration resulting from the last call to nixos-rebuild + switch or nixos-rebuild boot). + + + + + + + + + Build the new configuration, but neither activate it nor add it to the + GRUB boot menu. It leaves a symlink named result in + the current directory, which points to the output of the top-level + “system” derivation. This is essentially the same as doing $ nix-build /path/to/nixpkgs/nixos -A system - Note that you do not need to be root to run - nixos-rebuild build. - - - - - - - Show what store paths would be built or downloaded by any - of the operations above, but otherwise do nothing. - - - - - - - Build the new configuration, but instead of activating it, - show what changes would be performed by the activation (i.e. by - nixos-rebuild test). For - instance, this command will print which systemd units would be - restarted. The list of changes is not guaranteed to be - complete. - - - - - - - Build a script that starts a NixOS virtual machine with - the desired configuration. It leaves a symlink - result in the current directory that points - (under - result/bin/run-hostname-vm) - at the script that starts the VM. Thus, to test a NixOS - configuration in a virtual machine, you should do the following: + Note that you do not need to be root to run + nixos-rebuild build. + + + + + + + + + Show what store paths would be built or downloaded by any of the + operations above, but otherwise do nothing. + + + + + + + + + Build the new configuration, but instead of activating it, show what + changes would be performed by the activation (i.e. by + nixos-rebuild test). For instance, this command will + print which systemd units would be restarted. The list of changes is not + guaranteed to be complete. + + + + + + + + + Build a script that starts a NixOS virtual machine with the desired + configuration. It leaves a symlink result in the + current directory that points (under + result/bin/run-hostname-vm) + at the script that starts the VM. Thus, to test a NixOS configuration in + a virtual machine, you should do the following: $ nixos-rebuild build-vm $ ./result/bin/run-*-vm - - - The VM is implemented using the qemu - package. For best performance, you should load the - kvm-intel or kvm-amd - kernel modules to get hardware virtualisation. - - The VM mounts the Nix store of the host through the 9P - file system. The host Nix store is read-only, so Nix commands - that modify the Nix store will not work in the VM. This - includes commands such as nixos-rebuild; to - change the VM’s configuration, you must halt the VM and re-run - the commands above. + - - The VM has its own ext3 root file - system, which is automatically created when the VM is first - started, and is persistent across reboots of the VM. It is - stored in - ./hostname.qcow2. - - - - - - - - Like , but boots using the - regular boot loader of your configuration (e.g., GRUB 1 or 2), - rather than booting directly into the kernel and initial ramdisk - of the system. This allows you to test whether the boot loader - works correctly. However, it does not guarantee that your NixOS - configuration will boot successfully on the host hardware (i.e., - after running nixos-rebuild switch), because - the hardware and boot loader configuration in the VM are - different. The boot loader is installed on an automatically - generated virtual disk containing a /boot - partition, which is mounted read-only in the VM. - - - - - - - - - - - -Options - -This command accepts the following options: - - - - - - - Fetch the latest version of NixOS from the NixOS - channel. - - - - - - - Causes the boot loader to be (re)installed on the - device specified by the relevant configuration options. + + The VM is implemented using the qemu package. For + best performance, you should load the kvm-intel or + kvm-amd kernel modules to get hardware + virtualisation. - - - - - + + The VM mounts the Nix store of the host through the 9P file system. The + host Nix store is read-only, so Nix commands that modify the Nix store + will not work in the VM. This includes commands such as + nixos-rebuild; to change the VM’s configuration, + you must halt the VM and re-run the commands above. + + + The VM has its own ext3 root file system, which is + automatically created when the VM is first started, and is persistent + across reboots of the VM. It is stored in + ./hostname.qcow2. + + + + + + + + + + Like , but boots using the regular boot loader + of your configuration (e.g., GRUB 1 or 2), rather than booting directly + into the kernel and initial ramdisk of the system. This allows you to + test whether the boot loader works correctly. However, it does not + guarantee that your NixOS configuration will boot successfully on the + host hardware (i.e., after running nixos-rebuild + switch), because the hardware and boot loader configuration in + the VM are different. The boot loader is installed on an automatically + generated virtual disk containing a /boot + partition, which is mounted read-only in the VM. + + + + + + + + Options + + This command accepts the following options: + + + + + - Normally, nixos-rebuild first builds - the nixUnstable attribute in Nixpkgs, and - uses the resulting instance of the Nix package manager to build - the new system configuration. This is necessary if the NixOS - modules use features not provided by the currently installed - version of Nix. This option disables building a new Nix. + + Fetch the latest version of NixOS from the NixOS channel. + - - - - + + + + - Equivalent to - . This option is useful if you - call nixos-rebuild frequently (e.g. if you’re - hacking on a NixOS module). + + Causes the boot loader to be (re)installed on the device specified by the + relevant configuration options. + - - - - + + + + - Instead of building a new configuration as specified by - /etc/nixos/configuration.nix, roll back to - the previous configuration. (The previous configuration is - defined as the one before the “current” generation of the - Nix profile /nix/var/nix/profiles/system.) + + Normally, nixos-rebuild first builds the + nixUnstable attribute in Nixpkgs, and uses the + resulting instance of the Nix package manager to build the new system + configuration. This is necessary if the NixOS modules use features not + provided by the currently installed version of Nix. This option disables + building a new Nix. + - - - - - + + + + - Instead of using the Nix profile - /nix/var/nix/profiles/system to keep track - of the current and previous system configurations, use + + Equivalent to + . This option is useful if you call + nixos-rebuild frequently (e.g. if you’re hacking on + a NixOS module). + + + + + + + + + Instead of building a new configuration as specified by + /etc/nixos/configuration.nix, roll back to the + previous configuration. (The previous configuration is defined as the one + before the “current” generation of the Nix profile + /nix/var/nix/profiles/system.) + + + + + + + + + + + Instead of using the Nix profile + /nix/var/nix/profiles/system to keep track of the + current and previous system configurations, use /nix/var/nix/profiles/system-profiles/name. - When you use GRUB 2, for every system profile created with this - flag, NixOS will create a submenu named “NixOS - Profile - 'name'” in GRUB’s boot menu, - containing the current and previous configurations of this - profile. - - For instance, if you want to test a configuration file - named test.nix without affecting the - default system profile, you would do: - + When you use GRUB 2, for every system profile created with this flag, + NixOS will create a submenu named “NixOS - Profile + 'name'” in GRUB’s boot menu, containing + the current and previous configurations of this profile. + + + For instance, if you want to test a configuration file named + test.nix without affecting the default system + profile, you would do: $ nixos-rebuild switch -p test -I nixos-config=./test.nix - - The new configuration will appear in the GRUB 2 submenu “NixOS - Profile - 'test'”. + The new configuration will appear in the GRUB 2 submenu “NixOS - + Profile 'test'”. + - - - - + + + + - Instead of building the new configuration locally, use the - specified host to perform the build. The host needs to be accessible - with ssh, and must be able to perform Nix builds. If the option + + Instead of building the new configuration locally, use the specified host + to perform the build. The host needs to be accessible with ssh, and must + be able to perform Nix builds. If the option is not set, the build will be copied back - to the local machine when done. - - Note that, if is not specified, - Nix will be built both locally and remotely. This is because the - configuration will always be evaluated locally even though the building - might be performed remotely. - - You can include a remote user name in - the host name (user@host). You can also set - ssh options by defining the NIX_SSHOPTS environment - variable. + to the local machine when done. + + + Note that, if is not specified, Nix will + be built both locally and remotely. This is because the configuration + will always be evaluated locally even though the building might be + performed remotely. + + + You can include a remote user name in the host name + (user@host). You can also set ssh options by + defining the NIX_SSHOPTS environment variable. + - - - - + + + + - Specifies the NixOS target host. By setting this to something other - than localhost, the system activation will - happen on the remote host instead of the local machine. The remote host - needs to be accessible over ssh, and for the commands - , and - you need root access. - - If is not explicitly - specified, will implicitly be set to the - same value as . So, if you only specify + + Specifies the NixOS target host. By setting this to something other than + localhost, the system activation will happen + on the remote host instead of the local machine. The remote host needs to + be accessible over ssh, and for the commands , + and you need root access. + + + If is not explicitly specified, + will implicitly be set to the same value as + . So, if you only specify both building and activation will take place remotely (and no build artifacts will be copied to the local - machine). - - You can include a remote user name in - the host name (user@host). You can also set - ssh options by defining the NIX_SSHOPTS environment - variable. + machine). + + + You can include a remote user name in the host name + (user@host). You can also set ssh options by + defining the NIX_SSHOPTS environment variable. + - - - - -In addition, nixos-rebuild accepts various -Nix-related flags, including / -, , -, and - / . See -the Nix manual for details. - - - - -Environment - - - - - NIXOS_CONFIG + + + + In addition, nixos-rebuild accepts various Nix-related + flags, including / , + , , + and / + . See the Nix manual for details. + + + + Environment + + + NIXOS_CONFIG + - Path to the main NixOS configuration module. Defaults to - /etc/nixos/configuration.nix. + + Path to the main NixOS configuration module. Defaults to + /etc/nixos/configuration.nix. + - - - NIX_SSHOPTS - - Additional options to be passed to - ssh on the command line. - - - - - - - - -Files - - - - - /run/current-system + + + NIX_SSHOPTS + - A symlink to the currently active system configuration in - the Nix store. + + Additional options to be passed to ssh on the command + line. + - - - - /nix/var/nix/profiles/system + + + + + Files + + + /run/current-system + - The Nix profile that contains the current and previous - system configurations. Used to generate the GRUB boot - menu. + + A symlink to the currently active system configuration in the Nix store. + - - - - - - - -Bugs - -This command should be renamed to something more -descriptive. - - - - - + + + /nix/var/nix/profiles/system + + + + The Nix profile that contains the current and previous system + configurations. Used to generate the GRUB boot menu. + + + + + + + Bugs + + This command should be renamed to something more descriptive. + + diff --git a/nixos/doc/manual/man-nixos-version.xml b/nixos/doc/manual/man-nixos-version.xml index 615d74f9090..c173bce1913 100644 --- a/nixos/doc/manual/man-nixos-version.xml +++ b/nixos/doc/manual/man-nixos-version.xml @@ -1,97 +1,102 @@ - - - nixos-version - 8 + + nixos-version + 8 NixOS - - - - nixos-version - show the NixOS version - - - - - nixos-version - - + + + nixos-version + show the NixOS version + + + nixos-version + + + + - - -Description - -This command shows the version of the currently active NixOS -configuration. For example: - + + + Description + + This command shows the version of the currently active NixOS configuration. + For example: $ nixos-version 16.03.1011.6317da4 (Emu) - -The version consists of the following elements: - - - - - 16.03 - The NixOS release, indicating the year and month - in which it was released (e.g. March 2016). - - - - 1011 - The number of commits in the Nixpkgs Git - repository between the start of the release branch and the commit - from which this version was built. This ensures that NixOS - versions are monotonically increasing. It is - git when the current NixOS configuration was - built from a checkout of the Nixpkgs Git repository rather than - from a NixOS channel. - - - - 6317da4 - The first 7 characters of the commit in the - Nixpkgs Git repository from which this version was - built. - - - - Emu - The code name of the NixOS release. The first - letter of the code name indicates that this is the N'th stable - NixOS release; for example, Emu is the fifth - release. - - - - - - - - - -Options - -This command accepts the following options: - - - - - - + The version consists of the following elements: + + + 16.03 + + + + The NixOS release, indicating the year and month in which it was + released (e.g. March 2016). + + + + + 1011 + + + + The number of commits in the Nixpkgs Git repository between the start of + the release branch and the commit from which this version was built. + This ensures that NixOS versions are monotonically increasing. It is + git when the current NixOS configuration was built + from a checkout of the Nixpkgs Git repository rather than from a NixOS + channel. + + + + + 6317da4 + + + + The first 7 characters of the commit in the Nixpkgs Git repository from + which this version was built. + + + + + Emu + + + + The code name of the NixOS release. The first letter of the code name + indicates that this is the N'th stable NixOS release; for example, Emu + is the fifth release. + + + + + + + + Options + + This command accepts the following options: + + + + + + + - Show the full SHA1 hash of the Git commit from which this - configuration was built, e.g. + + Show the full SHA1 hash of the Git commit from which this configuration + was built, e.g. $ nixos-version --hash 6317da40006f6bc2480c6781999c52d88dde2acf - + - - - - + + + diff --git a/nixos/doc/manual/man-pages.xml b/nixos/doc/manual/man-pages.xml index 80a8458fbfe..0390dda6468 100644 --- a/nixos/doc/manual/man-pages.xml +++ b/nixos/doc/manual/man-pages.xml @@ -1,33 +1,20 @@ - - NixOS Reference Pages - - - - - - Eelco - Dolstra - - Author - - - - 2007-2018 - Eelco Dolstra - - - - - - - - - - - - - + NixOS Reference Pages + + EelcoDolstra + Author + + 2007-2018Eelco Dolstra + + + + + + + + + + diff --git a/nixos/doc/manual/manual.xml b/nixos/doc/manual/manual.xml index 676924e5c8b..61b21203f50 100644 --- a/nixos/doc/manual/manual.xml +++ b/nixos/doc/manual/manual.xml @@ -3,46 +3,46 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="book-nixos-manual"> - - - NixOS Manual - Version - - - - Preface - - This manual describes how to install, use and extend NixOS, - a Linux distribution based on the purely functional package - management system Nix. - - If you encounter problems, please report them on the - + NixOS Manual + Version + + + + Preface + + This manual describes how to install, use and extend NixOS, a Linux + distribution based on the purely functional package management system Nix. + + + If you encounter problems, please report them on the + nix-devel - mailing list or on the - #nixos channel on Freenode. Bugs should - be reported in NixOS’ GitHub - issue tracker. - - Commands prefixed with # have to be run as - root, either requiring to login as root user or temporarily switching - to it using sudo for example. - - - - - - - - - - Configuration Options - #nixos channel on Freenode. Bugs should be + reported in + NixOS’ + GitHub issue tracker. + + + + Commands prefixed with # have to be run as root, either + requiring to login as root user or temporarily switching to it using + sudo for example. + + + + + + + + + + Configuration Options + - - - - + + diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index b7f9fab44f3..94f176186b6 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -3,21 +3,19 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="ch-release-notes"> - -Release Notes - -This section lists the release notes for each stable version of NixOS -and current unstable revision. - - - - - - - - - - - - + Release Notes + + This section lists the release notes for each stable version of NixOS and + current unstable revision. + + + + + + + + + + + diff --git a/nixos/doc/manual/release-notes/rl-1310.xml b/nixos/doc/manual/release-notes/rl-1310.xml index 583912d7073..248bab70c36 100644 --- a/nixos/doc/manual/release-notes/rl-1310.xml +++ b/nixos/doc/manual/release-notes/rl-1310.xml @@ -3,9 +3,9 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-13.10"> + Release 13.10 (“Aardvark”, 2013/10/31) -Release 13.10 (“Aardvark”, 2013/10/31) - -This is the first stable release branch of NixOS. - + + This is the first stable release branch of NixOS. + diff --git a/nixos/doc/manual/release-notes/rl-1404.xml b/nixos/doc/manual/release-notes/rl-1404.xml index 137caf14cba..8d8cea4303a 100644 --- a/nixos/doc/manual/release-notes/rl-1404.xml +++ b/nixos/doc/manual/release-notes/rl-1404.xml @@ -3,158 +3,177 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-14.04"> + Release 14.04 (“Baboon”, 2014/04/30) -Release 14.04 (“Baboon”, 2014/04/30) - -This is the second stable release branch of NixOS. In addition -to numerous new and upgraded packages and modules, this release has -the following highlights: - - - - Installation on UEFI systems is now supported. See - for - details. - - Systemd has been updated to version 212, which has - numerous - improvements. NixOS now automatically starts systemd user - instances when you log in. You can define global user units through - the options. - - NixOS is now based on Glibc 2.19 and GCC - 4.8. - - The default Linux kernel has been updated to - 3.12. - - KDE has been updated to 4.12. - - GNOME 3.10 experimental support has been added. - - Nix has been updated to 1.7 (details). - - NixOS now supports fully declarative management of - users and groups. If you set to - false, then the contents of - /etc/passwd and /etc/group - will be + This is the second stable release branch of NixOS. In addition to numerous + new and upgraded packages and modules, this release has the following + highlights: + + + + Installation on UEFI systems is now supported. See + for details. + + + + + Systemd has been updated to version 212, which has + numerous + improvements. NixOS now automatically starts systemd user instances + when you log in. You can define global user units through the + options. + + + + + NixOS is now based on Glibc 2.19 and GCC 4.8. + + + + + The default Linux kernel has been updated to 3.12. + + + + + KDE has been updated to 4.12. + + + + + GNOME 3.10 experimental support has been added. + + + + + Nix has been updated to 1.7 + (details). + + + + + NixOS now supports fully declarative management of users and groups. If + you set to false, + then the contents of /etc/passwd and + /etc/group will be + congruent - to your NixOS configuration. For instance, if you remove a user from - and run - nixos-rebuild, the user account will cease to - exist. Also, imperative commands for managing users and groups, such - as useradd, are no longer available. If - is true (the - default), then behaviour is unchanged from NixOS - 13.10. - - NixOS now has basic container support, meaning you - can easily run a NixOS instance as a container in a NixOS host - system. These containers are suitable for testing and - experimentation but not production use, since they’re not fully - isolated from the host. See for - details. - - Systemd units provided by packages can now be - overridden from the NixOS configuration. For instance, if a package - foo provides systemd units, you can say: - + to your NixOS configuration. For instance, if you remove a user from + and run + nixos-rebuild, the user account will cease to exist. + Also, imperative commands for managing users and groups, such as + useradd, are no longer available. If + is true (the + default), then behaviour is unchanged from NixOS 13.10. + + + + + NixOS now has basic container support, meaning you can easily run a NixOS + instance as a container in a NixOS host system. These containers are + suitable for testing and experimentation but not production use, since + they’re not fully isolated from the host. See + for details. + + + + + Systemd units provided by packages can now be overridden from the NixOS + configuration. For instance, if a package foo provides + systemd units, you can say: systemd.packages = [ pkgs.foo ]; - - to enable those units. You can then set or override unit options in - the usual way, e.g. - + to enable those units. You can then set or override unit options in the + usual way, e.g. systemd.services.foo.wantedBy = [ "multi-user.target" ]; systemd.services.foo.serviceConfig.MemoryLimit = "512M"; + + + + - - - - - - -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - - Nixpkgs no longer exposes unfree packages by - default. If your NixOS configuration requires unfree packages from - Nixpkgs, you need to enable support for them explicitly by setting: - + + When upgrading from a previous release, please be aware of the following + incompatible changes: + + + + Nixpkgs no longer exposes unfree packages by default. If your NixOS + configuration requires unfree packages from Nixpkgs, you need to enable + support for them explicitly by setting: nixpkgs.config.allowUnfree = true; - - Otherwise, you get an error message such as: - + Otherwise, you get an error message such as: error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’ has an unfree license, refusing to evaluate - - - - The Adobe Flash player is no longer enabled by - default in the Firefox and Chromium wrappers. To enable it, you must - set: - + + + + + The Adobe Flash player is no longer enabled by default in the Firefox and + Chromium wrappers. To enable it, you must set: nixpkgs.config.allowUnfree = true; nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium - - - - The firewall is now enabled by default. If you don’t - want this, you need to disable it explicitly: - + + + + + The firewall is now enabled by default. If you don’t want this, you need + to disable it explicitly: networking.firewall.enable = false; - - - - The option - has been renamed to - . - - The mysql55 service has been - merged into the mysql service, which no longer - sets a default for the option - . - - Package variants are now differentiated by suffixing - the name, rather than the version. For instance, - sqlite-3.8.4.3-interactive is now called - sqlite-interactive-3.8.4.3. This ensures that - nix-env -i sqlite is unambiguous, and that - nix-env -u won’t “upgrade” - sqlite to sqlite-interactive - or vice versa. Notably, this change affects the Firefox wrapper - (which provides plugins), as it is now called - firefox-wrapper. So when using - nix-env, you should do nix-env -e - firefox; nix-env -i firefox-wrapper if you want to keep - using the wrapper. This change does not affect declarative package - management, since attribute names like - pkgs.firefoxWrapper were already - unambiguous. - - The symlink /etc/ca-bundle.crt - is gone. Programs should instead use the environment variable - OPENSSL_X509_CERT_FILE (which points to - /etc/ssl/certs/ca-bundle.crt). - - - - - + + + + + The option has been renamed to + . + + + + + The mysql55 service has been merged into the + mysql service, which no longer sets a default for the + option . + + + + + Package variants are now differentiated by suffixing the name, rather than + the version. For instance, sqlite-3.8.4.3-interactive + is now called sqlite-interactive-3.8.4.3. This + ensures that nix-env -i sqlite is unambiguous, and that + nix-env -u won’t “upgrade” + sqlite to sqlite-interactive or vice + versa. Notably, this change affects the Firefox wrapper (which provides + plugins), as it is now called firefox-wrapper. So when + using nix-env, you should do nix-env -e + firefox; nix-env -i firefox-wrapper if you want to keep using + the wrapper. This change does not affect declarative package management, + since attribute names like pkgs.firefoxWrapper were + already unambiguous. + + + + + The symlink /etc/ca-bundle.crt is gone. Programs + should instead use the environment variable + OPENSSL_X509_CERT_FILE (which points to + /etc/ssl/certs/ca-bundle.crt). + + + + diff --git a/nixos/doc/manual/release-notes/rl-1412.xml b/nixos/doc/manual/release-notes/rl-1412.xml index 42b51cd4a8e..4d93aa644c1 100644 --- a/nixos/doc/manual/release-notes/rl-1412.xml +++ b/nixos/doc/manual/release-notes/rl-1412.xml @@ -3,175 +3,465 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-14.12"> + Release 14.12 (“Caterpillar”, 2014/12/30) -Release 14.12 (“Caterpillar”, 2014/12/30) + + In addition to numerous new and upgraded packages, this release has the + following highlights: + + + + Systemd has been updated to version 217, which has numerous + improvements. + + + + + + Nix has been updated to 1.8. + + + + + NixOS is now based on Glibc 2.20. + + + + + KDE has been updated to 4.14. + + + + + The default Linux kernel has been updated to 3.14. + + + + + If is enabled (the default), changes + made to the declaration of a user or group will be correctly realised when + running nixos-rebuild. For instance, removing a user + specification from configuration.nix will cause the + actual user account to be deleted. If + is disabled, it is no longer necessary to specify UIDs or GIDs; if + omitted, they are allocated dynamically. + + + + -In addition to numerous new and upgraded packages, this release has the following highlights: + + Following new services were added since the last release: + + + + atftpd + + + + + bosun + + + + + bspwm + + + + + chronos + + + + + collectd + + + + + consul + + + + + cpuminer-cryptonight + + + + + crashplan + + + + + dnscrypt-proxy + + + + + docker-registry + + + + + docker + + + + + etcd + + + + + fail2ban + + + + + fcgiwrap + + + + + fleet + + + + + fluxbox + + + + + gdm + + + + + geoclue2 + + + + + gitlab + + + + + gitolite + + + + + gnome3.gnome-documents + + + + + gnome3.gnome-online-miners + + + + + gnome3.gvfs + + + + + gnome3.seahorse + + + + + hbase + + + + + i2pd + + + + + influxdb + + + + + kubernetes + + + + + liquidsoap + + + + + lxc + + + + + mailpile + + + + + mesos + + + + + mlmmj + + + + + monetdb + + + + + mopidy + + + + + neo4j + + + + + nsd + + + + + openntpd + + + + + opentsdb + + + + + openvswitch + + + + + parallels-guest + + + + + peerflix + + + + + phd + + + + + polipo + + + + + prosody + + + + + radicale + + + + + redmine + + + + + riemann + + + + + scollector + + + + + seeks + + + + + siproxd + + + + + strongswan + + + + + tcsd + + + + + teamspeak3 + + + + + thermald + + + + + torque/mrom + + + + + torque/server + + + + + uhub + + + + + unifi + + + + + znc + + + + + zookeeper + + + + - - -Systemd has been updated to version 217, which has numerous -improvements. - - -Nix has been updated to 1.8. - -NixOS is now based on Glibc 2.20. - -KDE has been updated to 4.14. - -The default Linux kernel has been updated to 3.14. - -If is enabled (the -default), changes made to the declaration of a user or group will be -correctly realised when running nixos-rebuild. For -instance, removing a user specification from -configuration.nix will cause the actual user -account to be deleted. If is -disabled, it is no longer necessary to specify UIDs or GIDs; if -omitted, they are allocated dynamically. - - - -Following new services were added since the last release: - - -atftpd -bosun -bspwm -chronos -collectd -consul -cpuminer-cryptonight -crashplan -dnscrypt-proxy -docker-registry -docker -etcd -fail2ban -fcgiwrap -fleet -fluxbox -gdm -geoclue2 -gitlab -gitolite -gnome3.gnome-documents -gnome3.gnome-online-miners -gnome3.gvfs -gnome3.seahorse -hbase -i2pd -influxdb -kubernetes -liquidsoap -lxc -mailpile -mesos -mlmmj -monetdb -mopidy -neo4j -nsd -openntpd -opentsdb -openvswitch -parallels-guest -peerflix -phd -polipo -prosody -radicale -redmine -riemann -scollector -seeks -siproxd -strongswan -tcsd -teamspeak3 -thermald -torque/mrom -torque/server -uhub -unifi -znc -zookeeper - - - -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - -The default version of Apache httpd is now 2.4. If -you use the option to pass literal -Apache configuration text, you may need to update it — see + When upgrading from a previous release, please be aware of the following + incompatible changes: + + + + The default version of Apache httpd is now 2.4. If you use the + option to pass literal Apache configuration + text, you may need to update it — see + Apache’s -documentation for details. If you wish to continue to use -httpd 2.2, add the following line to your NixOS configuration: - + documentation for details. If you wish to continue to use httpd + 2.2, add the following line to your NixOS configuration: services.httpd.package = pkgs.apacheHttpd_2_2; - - - -PHP 5.3 has been removed because it is no longer -supported by the PHP project. A migration guide is -available. - -The host side of a container virtual Ethernet pair -is now called ve-container-name -rather than c-container-name. - -GNOME 3.10 support has been dropped. The default GNOME version is now 3.12. - -VirtualBox has been upgraded to 4.3.20 release. Users -may be required to run rm -rf /tmp/.vbox*. The line -imports = [ <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is -no longer necessary, use services.virtualboxHost.enable = -true instead. - -Also, hardening mode is now enabled by default, which means that unless you want to use -USB support, you no longer need to be a member of the vboxusers group. - - -Chromium has been updated to 39.0.2171.65. is now enabled by default. -chromium*Wrapper packages no longer exist, because upstream removed NSAPI support. -chromium-stable has been renamed to chromium. - - -Python packaging documentation is now part of nixpkgs manual. To override -the python packages available to a custom python you now use pkgs.pythonFull.buildEnv.override -instead of pkgs.pythonFull.override. - - -boot.resumeDevice = "8:6" is no longer supported. Most users will -want to leave it undefined, which takes the swap partitions automatically. There is an evaluation -assertion to ensure that the string starts with a slash. - - -The system-wide default timezone for NixOS installations -changed from CET to UTC. To choose -a different timezone for your system, configure -time.timeZone in -configuration.nix. A fairly complete list of possible -values for that setting is available at . - -GNU screen has been updated to 4.2.1, which breaks -the ability to connect to sessions created by older versions of -screen. - -The Intel GPU driver was updated to the 3.x prerelease -version (used by most distributions) and supports DRI3 -now. - - - - - + + + + + PHP 5.3 has been removed because it is no longer supported by the PHP + project. A migration + guide is available. + + + + + The host side of a container virtual Ethernet pair is now called + ve-container-name rather + than c-container-name. + + + + + GNOME 3.10 support has been dropped. The default GNOME version is now + 3.12. + + + + + VirtualBox has been upgraded to 4.3.20 release. Users may be required to + run rm -rf /tmp/.vbox*. The line imports = [ + <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is no + longer necessary, use services.virtualboxHost.enable = + true instead. + + + Also, hardening mode is now enabled by default, which means that unless + you want to use USB support, you no longer need to be a member of the + vboxusers group. + + + + + Chromium has been updated to 39.0.2171.65. + is now enabled by default. + chromium*Wrapper packages no longer exist, because + upstream removed NSAPI support. chromium-stable has + been renamed to chromium. + + + + + Python packaging documentation is now part of nixpkgs manual. To override + the python packages available to a custom python you now use + pkgs.pythonFull.buildEnv.override instead of + pkgs.pythonFull.override. + + + + + boot.resumeDevice = "8:6" is no longer supported. Most + users will want to leave it undefined, which takes the swap partitions + automatically. There is an evaluation assertion to ensure that the string + starts with a slash. + + + + + The system-wide default timezone for NixOS installations changed from + CET to UTC. To choose a different + timezone for your system, configure time.timeZone in + configuration.nix. A fairly complete list of possible + values for that setting is available at + . + + + + + GNU screen has been updated to 4.2.1, which breaks the ability to connect + to sessions created by older versions of screen. + + + + + The Intel GPU driver was updated to the 3.x prerelease version (used by + most distributions) and supports DRI3 now. + + + + diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index 6c1c46844cc..e500c9d6342 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -3,375 +3,640 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-15.09"> + Release 15.09 (“Dingo”, 2015/09/30) -Release 15.09 (“Dingo”, 2015/09/30) - -In addition to numerous new and upgraded packages, this release -has the following highlights: - - + + In addition to numerous new and upgraded packages, this release has the + following highlights: + + - The Haskell - packages infrastructure has been re-designed from the ground up - ("Haskell NG"). NixOS now distributes the latest version - of every single package registered on Hackage -- well in - excess of 8,000 Haskell packages. Detailed instructions on how to - use that infrastructure can be found in the + The Haskell packages + infrastructure has been re-designed from the ground up ("Haskell + NG"). NixOS now distributes the latest version of every single package + registered on + Hackage -- well + in excess of 8,000 Haskell packages. Detailed instructions on how to use + that infrastructure can be found in the + User's - Guide to the Haskell Infrastructure. Users migrating from an - earlier release may find helpful information below, in the list of - backwards-incompatible changes. Furthermore, we distribute 51(!) - additional Haskell package sets that provide every single . Users migrating from an earlier + release may find helpful information below, in the list of + backwards-incompatible changes. Furthermore, we distribute 51(!) additional + Haskell package sets that provide every single + LTS Haskell release - since version 0.0 as well as the most recent Stackage Nightly - snapshot. The announcement "Full - Stackage Support in Nixpkgs" gives additional - details. + Stackage Support in Nixpkgs" gives additional details. + - - Nix has been updated to version 1.10, which among other - improvements enables cryptographic signatures on binary caches for - improved security. + + Nix has been updated to version 1.10, which among other improvements + enables cryptographic signatures on binary caches for improved security. + - - You can now keep your NixOS system up to date automatically - by setting - + + You can now keep your NixOS system up to date automatically by setting system.autoUpgrade.enable = true; - - This will cause the system to periodically check for updates in - your current channel and run nixos-rebuild. + This will cause the system to periodically check for updates in your + current channel and run nixos-rebuild. + - - This release is based on Glibc 2.21, GCC 4.9 and Linux - 3.18. + + This release is based on Glibc 2.21, GCC 4.9 and Linux 3.18. + - - GNOME has been upgraded to 3.16. - + + GNOME has been upgraded to 3.16. + - - Xfce has been upgraded to 4.12. - + + Xfce has been upgraded to 4.12. + - - KDE 5 has been upgraded to KDE Frameworks 5.10, - Plasma 5.3.2 and Applications 15.04.3. - KDE 4 has been updated to kdelibs-4.14.10. - + + KDE 5 has been upgraded to KDE Frameworks 5.10, Plasma 5.3.2 and + Applications 15.04.3. KDE 4 has been updated to kdelibs-4.14.10. + - - E19 has been upgraded to 0.16.8.15. - + + E19 has been upgraded to 0.16.8.15. + + - - - -The following new services were added since the last release: - + + The following new services were added since the last release: - services/mail/exim.nix - services/misc/apache-kafka.nix - services/misc/canto-daemon.nix - services/misc/confd.nix - services/misc/devmon.nix - services/misc/gitit.nix - services/misc/ihaskell.nix - services/misc/mbpfan.nix - services/misc/mediatomb.nix - services/misc/mwlib.nix - services/misc/parsoid.nix - services/misc/plex.nix - services/misc/ripple-rest.nix - services/misc/ripple-data-api.nix - services/misc/subsonic.nix - services/misc/sundtek.nix - services/monitoring/cadvisor.nix - services/monitoring/das_watchdog.nix - services/monitoring/grafana.nix - services/monitoring/riemann-tools.nix - services/monitoring/teamviewer.nix - services/network-filesystems/u9fs.nix - services/networking/aiccu.nix - services/networking/asterisk.nix - services/networking/bird.nix - services/networking/charybdis.nix - services/networking/docker-registry-server.nix - services/networking/fan.nix - services/networking/firefox/sync-server.nix - services/networking/gateone.nix - services/networking/heyefi.nix - services/networking/i2p.nix - services/networking/lambdabot.nix - services/networking/mstpd.nix - services/networking/nix-serve.nix - services/networking/nylon.nix - services/networking/racoon.nix - services/networking/skydns.nix - services/networking/shout.nix - services/networking/softether.nix - services/networking/sslh.nix - services/networking/tinc.nix - services/networking/tlsdated.nix - services/networking/tox-bootstrapd.nix - services/networking/tvheadend.nix - services/networking/zerotierone.nix - services/scheduling/marathon.nix - services/security/fprintd.nix - services/security/hologram.nix - services/security/munge.nix - services/system/cloud-init.nix - services/web-servers/shellinabox.nix - services/web-servers/uwsgi.nix - services/x11/unclutter.nix - services/x11/display-managers/sddm.nix - system/boot/coredump.nix - system/boot/loader/loader.nix - system/boot/loader/generic-extlinux-compatible - system/boot/networkd.nix - system/boot/resolved.nix - system/boot/timesyncd.nix - tasks/filesystems/exfat.nix - tasks/filesystems/ntfs.nix - tasks/filesystems/vboxsf.nix - virtualisation/virtualbox-host.nix - virtualisation/vmware-guest.nix - virtualisation/xen-dom0.nix + + + services/mail/exim.nix + + + + + services/misc/apache-kafka.nix + + + + + services/misc/canto-daemon.nix + + + + + services/misc/confd.nix + + + + + services/misc/devmon.nix + + + + + services/misc/gitit.nix + + + + + services/misc/ihaskell.nix + + + + + services/misc/mbpfan.nix + + + + + services/misc/mediatomb.nix + + + + + services/misc/mwlib.nix + + + + + services/misc/parsoid.nix + + + + + services/misc/plex.nix + + + + + services/misc/ripple-rest.nix + + + + + services/misc/ripple-data-api.nix + + + + + services/misc/subsonic.nix + + + + + services/misc/sundtek.nix + + + + + services/monitoring/cadvisor.nix + + + + + services/monitoring/das_watchdog.nix + + + + + services/monitoring/grafana.nix + + + + + services/monitoring/riemann-tools.nix + + + + + services/monitoring/teamviewer.nix + + + + + services/network-filesystems/u9fs.nix + + + + + services/networking/aiccu.nix + + + + + services/networking/asterisk.nix + + + + + services/networking/bird.nix + + + + + services/networking/charybdis.nix + + + + + services/networking/docker-registry-server.nix + + + + + services/networking/fan.nix + + + + + services/networking/firefox/sync-server.nix + + + + + services/networking/gateone.nix + + + + + services/networking/heyefi.nix + + + + + services/networking/i2p.nix + + + + + services/networking/lambdabot.nix + + + + + services/networking/mstpd.nix + + + + + services/networking/nix-serve.nix + + + + + services/networking/nylon.nix + + + + + services/networking/racoon.nix + + + + + services/networking/skydns.nix + + + + + services/networking/shout.nix + + + + + services/networking/softether.nix + + + + + services/networking/sslh.nix + + + + + services/networking/tinc.nix + + + + + services/networking/tlsdated.nix + + + + + services/networking/tox-bootstrapd.nix + + + + + services/networking/tvheadend.nix + + + + + services/networking/zerotierone.nix + + + + + services/scheduling/marathon.nix + + + + + services/security/fprintd.nix + + + + + services/security/hologram.nix + + + + + services/security/munge.nix + + + + + services/system/cloud-init.nix + + + + + services/web-servers/shellinabox.nix + + + + + services/web-servers/uwsgi.nix + + + + + services/x11/unclutter.nix + + + + + services/x11/display-managers/sddm.nix + + + + + system/boot/coredump.nix + + + + + system/boot/loader/loader.nix + + + + + system/boot/loader/generic-extlinux-compatible + + + + + system/boot/networkd.nix + + + + + system/boot/resolved.nix + + + + + system/boot/timesyncd.nix + + + + + tasks/filesystems/exfat.nix + + + + + tasks/filesystems/ntfs.nix + + + + + tasks/filesystems/vboxsf.nix + + + + + virtualisation/virtualbox-host.nix + + + + + virtualisation/vmware-guest.nix + + + + + virtualisation/xen-dom0.nix + + - - - -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - -sshd no longer supports DSA and ECDSA -host keys by default. If you have existing systems with such host keys -and want to continue to use them, please set + + + When upgrading from a previous release, please be aware of the following + incompatible changes: + + + + sshd no longer supports DSA and ECDSA host keys by + default. If you have existing systems with such host keys and want to + continue to use them, please set system.stateVersion = "14.12"; - -The new option ensures that -certain configuration changes that could break existing systems (such -as the sshd host key setting) will maintain -compatibility with the specified NixOS release. NixOps sets the state -version of existing deployments automatically. - -cron is no longer enabled by -default, unless you have a non-empty -. To force -cron to be enabled, set -. - -Nix now requires binary caches to be cryptographically -signed. If you have unsigned binary caches that you want to continue -to use, you should set . - -Steam now doesn't need root rights to work. Instead of using -*-steam-chrootenv, you should now just run steam. -steamChrootEnv package was renamed to steam, -and old steam package -- to steamOriginal. - - -CMPlayer has been renamed to bomi upstream. Package -cmplayer was accordingly renamed to -bomi - -Atom Shell has been renamed to Electron upstream. Package atom-shell -was accordingly renamed to electron - - -Elm is not released on Hackage anymore. You should now use elmPackages.elm -which contains the latest Elm platform. - - - The CUPS printing service has been updated to version - 2.0.2. Furthermore its systemd service has been - renamed to cups.service. - - Local printers are no longer shared or advertised by - default. This behavior can be changed by enabling - or - respectively. - - - - - The VirtualBox host and guest options have been named more - consistently. They can now found in - instead of - and - instead of - . - - - - Also, there now is support for the vboxsf file - system using the configuration - attribute. An example of how this can be used in a configuration: - + The new option ensures that certain + configuration changes that could break existing systems (such as the + sshd host key setting) will maintain compatibility with + the specified NixOS release. NixOps sets the state version of existing + deployments automatically. + + + + + cron is no longer enabled by default, unless you have a + non-empty . To force + cron to be enabled, set . + + + + + Nix now requires binary caches to be cryptographically signed. If you have + unsigned binary caches that you want to continue to use, you should set + . + + + + + Steam now doesn't need root rights to work. Instead of using + *-steam-chrootenv, you should now just run + steam. steamChrootEnv package was + renamed to steam, and old steam + package -- to steamOriginal. + + + + + CMPlayer has been renamed to bomi upstream. Package + cmplayer was accordingly renamed to + bomi + + + + + Atom Shell has been renamed to Electron upstream. Package + atom-shell was accordingly renamed to + electron + + + + + Elm is not released on Hackage anymore. You should now use + elmPackages.elm which contains the latest Elm platform. + + + + + The CUPS printing service has been updated to version + 2.0.2. Furthermore its systemd service has been renamed + to cups.service. + + + Local printers are no longer shared or advertised by default. This + behavior can be changed by enabling + or + respectively. + + + + + The VirtualBox host and guest options have been named more consistently. + They can now found in + instead of and + instead of + . + + + Also, there now is support for the vboxsf file system + using the configuration attribute. An example + of how this can be used in a configuration: fileSystems."/shiny" = { device = "myshinysharedfolder"; fsType = "vboxsf"; }; - - - - - - - "nix-env -qa" no longer discovers - Haskell packages by name. The only packages visible in the global - scope are ghc, cabal-install, - and stack, but all other packages are hidden. The - reason for this inconvenience is the sheer size of the Haskell - package set. Name-based lookups are expensive, and most - nix-env -qa operations would become much slower - if we'd add the entire Hackage database into the top level attribute - set. Instead, the list of Haskell packages can be displayed by - running: - - + + + + + "nix-env -qa" no longer discovers Haskell + packages by name. The only packages visible in the global scope are + ghc, cabal-install, and + stack, but all other packages are hidden. The reason + for this inconvenience is the sheer size of the Haskell package set. + Name-based lookups are expensive, and most nix-env -qa + operations would become much slower if we'd add the entire Hackage + database into the top level attribute set. Instead, the list of Haskell + packages can be displayed by running: + + nix-env -f "<nixpkgs>" -qaP -A haskellPackages - - Executable programs written in Haskell can be installed with: - - + + Executable programs written in Haskell can be installed with: + + nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc - - Installing Haskell libraries this way, however, is no - longer supported. See the next item for more details. - - - - - - Previous versions of NixOS came with a feature called - ghc-wrapper, a small script that allowed GHC to - transparently pick up on libraries installed in the user's profile. This - feature has been deprecated; ghc-wrapper was removed - from the distribution. The proper way to register Haskell libraries with - the compiler now is the haskellPackages.ghcWithPackages - function. The + Installing Haskell libraries this way, however, is no + longer supported. See the next item for more details. + + + + + Previous versions of NixOS came with a feature called + ghc-wrapper, a small script that allowed GHC to + transparently pick up on libraries installed in the user's profile. This + feature has been deprecated; ghc-wrapper was removed + from the distribution. The proper way to register Haskell libraries with + the compiler now is the haskellPackages.ghcWithPackages + function. The + User's - Guide to the Haskell Infrastructure provides more information about - this subject. - - - - - - All Haskell builds that have been generated with version 1.x of - the cabal2nix utility are now invalid and need - to be re-generated with a current version of - cabal2nix to function. The most recent version - of this tool can be installed by running - nix-env -i cabal2nix. - - - - - - The haskellPackages set in Nixpkgs used to have a - function attribute called extension that users - could override in their ~/.nixpkgs/config.nix - files to configure additional attributes, etc. That function still - exists, but it's now called overrides. - - - - - - The OpenBLAS library has been updated to version - 0.2.14. Support for the - x86_64-darwin platform was added. Dynamic - architecture detection was enabled; OpenBLAS now selects - microarchitecture-optimized routines at runtime, so optimal - performance is achieved without the need to rebuild OpenBLAS - locally. OpenBLAS has replaced ATLAS in most packages which use an - optimized BLAS or LAPACK implementation. - - - - - - The phpfpm is now using the default PHP version - (pkgs.php) instead of PHP 5.4 (pkgs.php54). - - - - - - The locate service no longer indexes the Nix store - by default, preventing packages with potentially numerous versions from - cluttering the output. Indexing the store can be activated by setting - . - - - - - - The Nix expression search path (NIX_PATH) no longer - contains /etc/nixos/nixpkgs by default. You - can override NIX_PATH by setting - . - - - - - - Python 2.6 has been marked as broken (as it no longer receives - security updates from upstream). - - - - - - Any use of module arguments such as pkgs to access - library functions, or to define imports attributes - will now lead to an infinite loop at the time of the evaluation. - - - - In case of an infinite loop, use the --show-trace - command line argument and read the line just above the error message. - + Guide to the Haskell Infrastructure provides more information about + this subject. + + + + + All Haskell builds that have been generated with version 1.x of the + cabal2nix utility are now invalid and need to be + re-generated with a current version of cabal2nix to + function. The most recent version of this tool can be installed by running + nix-env -i cabal2nix. + + + + + The haskellPackages set in Nixpkgs used to have a + function attribute called extension that users could + override in their ~/.nixpkgs/config.nix files to + configure additional attributes, etc. That function still exists, but it's + now called overrides. + + + + + The OpenBLAS library has been updated to version + 0.2.14. Support for the + x86_64-darwin platform was added. Dynamic architecture + detection was enabled; OpenBLAS now selects microarchitecture-optimized + routines at runtime, so optimal performance is achieved without the need + to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages + which use an optimized BLAS or LAPACK implementation. + + + + + The phpfpm is now using the default PHP version + (pkgs.php) instead of PHP 5.4 + (pkgs.php54). + + + + + The locate service no longer indexes the Nix store by + default, preventing packages with potentially numerous versions from + cluttering the output. Indexing the store can be activated by setting + . + + + + + The Nix expression search path (NIX_PATH) no longer + contains /etc/nixos/nixpkgs by default. You can + override NIX_PATH by setting . + + + + + Python 2.6 has been marked as broken (as it no longer receives security + updates from upstream). + + + + + Any use of module arguments such as pkgs to access + library functions, or to define imports attributes will + now lead to an infinite loop at the time of the evaluation. + + + In case of an infinite loop, use the --show-trace + command line argument and read the line just above the error message. $ nixos-rebuild build --show-trace … while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix": infinite recursion encountered - - - - - Any use of pkgs.lib, should be replaced by - lib, after adding it as argument of the module. The - following module - + + + Any use of pkgs.lib, should be replaced by + lib, after adding it as argument of the module. The + following module { config, pkgs, ... }: @@ -384,9 +649,7 @@ with pkgs.lib; config = mkIf config.foo { … }; } - - should be modified to look like: - + should be modified to look like: { config, pkgs, lib, ... }: @@ -399,13 +662,11 @@ with lib; config = mkIf config.foo { option definition }; } - - - - When pkgs is used to download other projects to - import their modules, and only in such cases, it should be replaced by - (import <nixpkgs> {}). The following module - + + + When pkgs is used to download other projects to import + their modules, and only in such cases, it should be replaced by + (import <nixpkgs> {}). The following module { config, pkgs, ... }: @@ -420,9 +681,7 @@ in imports = [ "${myProject}/module.nix" ]; } - - should be modified to look like: - + should be modified to look like: { config, pkgs, ... }: @@ -437,55 +696,55 @@ in imports = [ "${myProject}/module.nix" ]; } - + + + + - - - - - - -Other notable improvements: - - - - The nixos and nixpkgs channels were unified, - so one can use nix-env -iA nixos.bash - instead of nix-env -iA nixos.pkgs.bash. - See the commit for details. - - - + + Other notable improvements: + + - Users running an SSH server who worry about the quality of their - /etc/ssh/moduli file with respect to the - can use nix-env -iA nixos.bash + instead of nix-env -iA nixos.pkgs.bash. See + the + commit for details. + + + + + Users running an SSH server who worry about the quality of their + /etc/ssh/moduli file with respect to the + vulnerabilities - discovered in the Diffie-Hellman key exchange can now - replace OpenSSH's default version with one they generated - themselves using the new - option. - - - - - A newly packaged TeX Live 2015 is provided in pkgs.texlive, - split into 6500 nix packages. For basic user documentation see - the source. - Beware of an issue when installing a too large package set. - - The plan is to deprecate and maybe delete the original TeX packages - until the next release. - - - - on all Python interpreters - is now available for nix-shell interoperability. - - - - - + discovered in the Diffie-Hellman key exchange can now replace + OpenSSH's default version with one they generated themselves using the new + option. + + + + + A newly packaged TeX Live 2015 is provided in + pkgs.texlive, split into 6500 nix packages. For basic + user documentation see + the + source. Beware of + an + issue when installing a too large package set. The plan is to + deprecate and maybe delete the original TeX packages until the next + release. + + + + + on all Python interpreters is now available + for nix-shell interoperability. + + + + diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index 7279dd05827..9b512c4b1e5 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -3,250 +3,471 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-16.03"> + Release 16.03 (“Emu”, 2016/03/31) -Release 16.03 (“Emu”, 2016/03/31) - -In addition to numerous new and upgraded packages, this release -has the following highlights: - - + + In addition to numerous new and upgraded packages, this release has the + following highlights: + + - Systemd 229, bringing + Systemd 229, bringing + numerous - improvements over 217. + improvements over 217. + - - Linux 4.4 (was 3.18). + + Linux 4.4 (was 3.18). + - - GCC 5.3 (was 4.9). Note that GCC 5 + GCC 5.3 (was 4.9). Note that GCC 5 + changes - the C++ ABI in an incompatible way; this may cause problems - if you try to link objects compiled with different versions of - GCC. + the C++ ABI in an incompatible way; this may cause problems if you + try to link objects compiled with different versions of GCC. + - - Glibc 2.23 (was 2.21). + + Glibc 2.23 (was 2.21). + - - Binutils 2.26 (was 2.23.1). See #909 + + Binutils 2.26 (was 2.23.1). See #909 + - - Improved support for ensuring bitwise reproducible - builds. For example, stdenv now sets the - environment variable + Improved support for ensuring + bitwise + reproducible builds. For example, stdenv now sets + the environment variable + SOURCE_DATE_EPOCH - to a deterministic value, and Nix has gained - an option to repeat a build a number of times to test - determinism. An ongoing project, the goal of exact reproducibility - is to allow binaries to be verified independently (e.g., a user - might only trust binaries that appear in three independent binary - caches). + an option to repeat a build a number of times to test determinism. + An ongoing project, the goal of exact reproducibility is to allow binaries + to be verified independently (e.g., a user might only trust binaries that + appear in three independent binary caches). + - - Perl 5.22. + + Perl 5.22. + + - - -The following new services were added since the last release: - + + The following new services were added since the last release: - services/monitoring/longview.nix - hardware/video/webcam/facetimehd.nix - i18n/input-method/default.nix - i18n/input-method/fcitx.nix - i18n/input-method/ibus.nix - i18n/input-method/nabi.nix - i18n/input-method/uim.nix - programs/fish.nix - security/acme.nix - security/audit.nix - security/oath.nix - services/hardware/irqbalance.nix - services/mail/dspam.nix - services/mail/opendkim.nix - services/mail/postsrsd.nix - services/mail/rspamd.nix - services/mail/rmilter.nix - services/misc/autofs.nix - services/misc/bepasty.nix - services/misc/calibre-server.nix - services/misc/cfdyndns.nix - services/misc/gammu-smsd.nix - services/misc/mathics.nix - services/misc/matrix-synapse.nix - services/misc/octoprint.nix - services/monitoring/hdaps.nix - services/monitoring/heapster.nix - services/monitoring/longview.nix - services/network-filesystems/netatalk.nix - services/network-filesystems/xtreemfs.nix - services/networking/autossh.nix - services/networking/dnschain.nix - services/networking/gale.nix - services/networking/miniupnpd.nix - services/networking/namecoind.nix - services/networking/ostinato.nix - services/networking/pdnsd.nix - services/networking/shairport-sync.nix - services/networking/supplicant.nix - services/search/kibana.nix - services/security/haka.nix - services/security/physlock.nix - services/web-apps/pump.io.nix - services/x11/hardware/libinput.nix - services/x11/window-managers/windowlab.nix - system/boot/initrd-network.nix - system/boot/initrd-ssh.nix - system/boot/loader/loader.nix - system/boot/networkd.nix - system/boot/resolved.nix - virtualisation/lxd.nix - virtualisation/rkt.nix - - - -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - - - We no longer produce graphical ISO images and VirtualBox - images for i686-linux. A minimal ISO image is - still provided. - - - - Firefox and similar browsers are now wrapped by default. - The package and attribute names are plain firefox - or midori, etc. Backward-compatibility attributes were set up, - but note that nix-env -u will not update - your current firefox-with-plugins; - you have to uninstall it and install firefox instead. - - - - wmiiSnap has been replaced with - wmii_hg, but - services.xserver.windowManager.wmii.enable has - been updated respectively so this only affects you if you have - explicitly installed wmiiSnap. + + + services/monitoring/longview.nix - + + + + hardware/video/webcam/facetimehd.nix + + + + + i18n/input-method/default.nix + + + + + i18n/input-method/fcitx.nix + + + + + i18n/input-method/ibus.nix + + + + + i18n/input-method/nabi.nix + + + + + i18n/input-method/uim.nix + + + + + programs/fish.nix + + + + + security/acme.nix + + + + + security/audit.nix + + + + + security/oath.nix + + + + + services/hardware/irqbalance.nix + + + + + services/mail/dspam.nix + + + + + services/mail/opendkim.nix + + + + + services/mail/postsrsd.nix + + + + + services/mail/rspamd.nix + + + + + services/mail/rmilter.nix + + + + + services/misc/autofs.nix + + + + + services/misc/bepasty.nix + + + + + services/misc/calibre-server.nix + + + + + services/misc/cfdyndns.nix + + + + + services/misc/gammu-smsd.nix + + + + + services/misc/mathics.nix + + + + + services/misc/matrix-synapse.nix + + + + + services/misc/octoprint.nix + + + + + services/monitoring/hdaps.nix + + + + + services/monitoring/heapster.nix + + + + + services/monitoring/longview.nix + + + + + services/network-filesystems/netatalk.nix + + + + + services/network-filesystems/xtreemfs.nix + + + + + services/networking/autossh.nix + + + + + services/networking/dnschain.nix + + + + + services/networking/gale.nix + + + + + services/networking/miniupnpd.nix + + + + + services/networking/namecoind.nix + + + + + services/networking/ostinato.nix + + + + + services/networking/pdnsd.nix + + + + + services/networking/shairport-sync.nix + + + + + services/networking/supplicant.nix + + + + + services/search/kibana.nix + + + + + services/security/haka.nix + + + + + services/security/physlock.nix + + + + + services/web-apps/pump.io.nix + + + + + services/x11/hardware/libinput.nix + + + + + services/x11/window-managers/windowlab.nix + + + + + system/boot/initrd-network.nix + + + + + system/boot/initrd-ssh.nix + + + + + system/boot/loader/loader.nix + + + + + system/boot/networkd.nix + + + + + system/boot/resolved.nix + + + + + virtualisation/lxd.nix + + + + + virtualisation/rkt.nix + + + + + + When upgrading from a previous release, please be aware of the following + incompatible changes: + + + - jobs NixOS option has been removed. It served as + + We no longer produce graphical ISO images and VirtualBox images for + i686-linux. A minimal ISO image is still provided. + + + + + Firefox and similar browsers are now wrapped by + default. The package and attribute names are plain + firefox or midori, etc. + Backward-compatibility attributes were set up, but note that + nix-env -u will not update your + current firefox-with-plugins; you have to uninstall it + and install firefox instead. + + + + + wmiiSnap has been replaced with + wmii_hg, but + services.xserver.windowManager.wmii.enable has been + updated respectively so this only affects you if you have explicitly + installed wmiiSnap. + + + + + jobs NixOS option has been removed. It served as compatibility layer between Upstart jobs and SystemD services. All services - have been rewritten to use systemd.services + have been rewritten to use systemd.services + - - wmiimenu is removed, as it has been - removed by the developers upstream. Use wimenu - from the wmii-hg package. + + wmiimenu is removed, as it has been removed by the + developers upstream. Use wimenu from the + wmii-hg package. + - - Gitit is no longer automatically added to the module list in - NixOS and as such there will not be any manual entries for it. You - will need to add an import statement to your NixOS configuration - in order to use it, e.g. - + + Gitit is no longer automatically added to the module list in NixOS and as + such there will not be any manual entries for it. You will need to add an + import statement to your NixOS configuration in order to use it, e.g. ]; } ]]> - - will include the Gitit service configuration options. + will include the Gitit service configuration options. + - - nginx does not accept flags for enabling and - disabling modules anymore. Instead it accepts modules - argument, which is a list of modules to be built in. All modules now - reside in nginxModules set. Example configuration: - + + nginx does not accept flags for enabling and disabling + modules anymore. Instead it accepts modules argument, + which is a list of modules to be built in. All modules now reside in + nginxModules set. Example configuration: - + - - s3sync is removed, as it hasn't been - developed by upstream for 4 years and only runs with ruby 1.8. - For an actively-developer alternative look at - tarsnap and others. - + + s3sync is removed, as it hasn't been developed by + upstream for 4 years and only runs with ruby 1.8. For an actively-developer + alternative look at tarsnap and others. + - - ruby_1_8 has been removed as it's not - supported from upstream anymore and probably contains security - issues. - + + ruby_1_8 has been removed as it's not supported from + upstream anymore and probably contains security issues. + - - tidy-html5 package is removed. - Upstream only provided (lib)tidy5 during development, - and now they went back to (lib)tidy to work as a drop-in - replacement of the original package that has been unmaintained for years. - You can (still) use the html-tidy package, which got updated - to a stable release from this new upstream. + + tidy-html5 package is removed. Upstream only provided + (lib)tidy5 during development, and now they went back to + (lib)tidy to work as a drop-in replacement of the + original package that has been unmaintained for years. You can (still) use + the html-tidy package, which got updated to a stable + release from this new upstream. + - - extraDeviceOptions argument is removed - from bumblebee package. Instead there are - now two separate arguments: extraNvidiaDeviceOptions - and extraNouveauDeviceOptions for setting - extra X11 options for nvidia and nouveau drivers, respectively. - + + extraDeviceOptions argument is removed from + bumblebee package. Instead there are now two separate + arguments: extraNvidiaDeviceOptions and + extraNouveauDeviceOptions for setting extra X11 options + for nvidia and nouveau drivers, respectively. + - - The Ctrl+Alt+Backspace key combination - no longer kills the X server by default. - There's a new option - allowing to enable the combination again. - + + The Ctrl+Alt+Backspace key combination no longer kills + the X server by default. There's a new option + allowing to enable + the combination again. + - - emacsPackagesNg now contains all packages - from the ELPA, MELPA, and MELPA Stable repositories. - + + emacsPackagesNg now contains all packages from the ELPA, + MELPA, and MELPA Stable repositories. + - - Data directory for Postfix MTA server is moved from + + Data directory for Postfix MTA server is moved from /var/postfix to /var/lib/postfix. - Old configurations are migrated automatically. service.postfix - module has also received many improvements, such as correct directories' access - rights, new aliasFiles and mapFiles - options and more. + Old configurations are migrated automatically. + service.postfix module has also received many + improvements, such as correct directories' access rights, new + aliasFiles and mapFiles options and + more. + - - Filesystem options should now be configured as a list of strings, not - a comma-separated string. The old style will continue to work, but print a + + Filesystem options should now be configured as a list of strings, not a + comma-separated string. The old style will continue to work, but print a warning, until the 16.09 release. An example of the new style: - fileSystems."/example" = { device = "/dev/sdc"; @@ -254,103 +475,103 @@ fileSystems."/example" = { options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ]; }; - + - - CUPS, installed by services.printing module, now - has its data directory in /var/lib/cups. Old - configurations from /etc/cups are moved there - automatically, but there might be problems. Also configuration options + + CUPS, installed by services.printing module, now has its + data directory in /var/lib/cups. Old configurations + from /etc/cups are moved there automatically, but + there might be problems. Also configuration options services.printing.cupsdConf and - services.printing.cupsdFilesConf were removed - because they had been allowing one to override configuration variables - required for CUPS to work at all on NixOS. For most use cases, + services.printing.cupsdFilesConf were removed because + they had been allowing one to override configuration variables required for + CUPS to work at all on NixOS. For most use cases, services.printing.extraConf and new option - services.printing.extraFilesConf should be enough; - if you encounter a situation when they are not, please file a bug. - - There are also Gutenprint improvements; in particular, a new option - services.printing.gutenprint is added to enable automatic - updating of Gutenprint PPMs; it's greatly recommended to enable it instead - of adding gutenprint to the drivers list. - + services.printing.extraFilesConf should be enough; if + you encounter a situation when they are not, please file a bug. + + + There are also Gutenprint improvements; in particular, a new option + services.printing.gutenprint is added to enable + automatic updating of Gutenprint PPMs; it's greatly recommended to enable + it instead of adding gutenprint to the + drivers list. + - - services.xserver.vaapiDrivers has been removed. Use - hardware.opengl.extraPackages{,32} instead. You can - also specify VDPAU drivers there. + + services.xserver.vaapiDrivers has been removed. Use + hardware.opengl.extraPackages{,32} instead. You can also + specify VDPAU drivers there. + - - - programs.ibus moved to i18n.inputMethod.ibus. - The option programs.ibus.plugins changed to i18n.inputMethod.ibus.engines - and the option to enable ibus changed from programs.ibus.enable to + + programs.ibus moved to + i18n.inputMethod.ibus. The option + programs.ibus.plugins changed to + i18n.inputMethod.ibus.engines and the option to enable + ibus changed from programs.ibus.enable to i18n.inputMethod.enabled. - i18n.inputMethod.enabled should be set to the used input method name, - "ibus" for ibus. - An example of the new style: - + i18n.inputMethod.enabled should be set to the used input + method name, "ibus" for ibus. An example of the new + style: i18n.inputMethod.enabled = "ibus"; i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ]; - -That is equivalent to the old version: - + That is equivalent to the old version: programs.ibus.enable = true; programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ]; - - + - - services.udev.extraRules option now writes rules - to 99-local.rules instead of 10-local.rules. - This makes all the user rules apply after others, so their results wouldn't be - overriden by anything else. + + services.udev.extraRules option now writes rules to + 99-local.rules instead of + 10-local.rules. This makes all the user rules apply + after others, so their results wouldn't be overriden by anything else. + - - Large parts of the services.gitlab module has been - been rewritten. There are new configuration options available. The + + Large parts of the services.gitlab module has been been + rewritten. There are new configuration options available. The stateDir option was renamned to - statePath and the satellitesDir option - was removed. Please review the currently available options. + statePath and the satellitesDir + option was removed. Please review the currently available options. + - - - The option no - longer interpret the dollar sign ($) as a shell variable, as such it - should not be escaped anymore. Thus the following zone data: - - + + The option no longer + interpret the dollar sign ($) as a shell variable, as such it should not be + escaped anymore. Thus the following zone data: + + \$ORIGIN example.com. \$TTL 1800 @ IN SOA ns1.vpn.nbp.name. admin.example.com. ( - + Should modified to look like the actual file expected by nsd: - - + + $ORIGIN example.com. $TTL 1800 @ IN SOA ns1.vpn.nbp.name. admin.example.com. ( - - - service.syncthing.dataDir options now has to point - to exact folder where syncthing is writing to. Example configuration should + + service.syncthing.dataDir options now has to point to + exact folder where syncthing is writing to. Example configuration should look something like: - - + + services.syncthing = { enable = true; dataDir = "/home/somebody/.syncthing"; @@ -358,76 +579,73 @@ services.syncthing = { }; - - - networking.firewall.allowPing is now enabled by - default. Users are encouraged to configure an appropriate rate limit for - their machines using the Kernel interface at - /proc/sys/net/ipv4/icmp_ratelimit and - /proc/sys/net/ipv6/icmp/ratelimit or using the - firewall itself, i.e. by setting the NixOS option - networking.firewall.pingLimit. - + + networking.firewall.allowPing is now enabled by default. + Users are encouraged to configure an appropriate rate limit for their + machines using the Kernel interface at + /proc/sys/net/ipv4/icmp_ratelimit and + /proc/sys/net/ipv6/icmp/ratelimit or using the + firewall itself, i.e. by setting the NixOS option + networking.firewall.pingLimit. + - - - Systems with some broadcom cards used to result into a generated config - that is no longer accepted. If you get errors like - error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created - you should either re-run nixos-generate-config or manually replace - "${config.boot.kernelPackages.broadcom_sta}" - by - config.boot.kernelPackages.broadcom_sta - in your /etc/nixos/hardware-configuration.nix. - More discussion is on - the github issue. - + + Systems with some broadcom cards used to result into a generated config + that is no longer accepted. If you get errors like +error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created + you should either re-run nixos-generate-config or + manually replace + "${config.boot.kernelPackages.broadcom_sta}" by + config.boot.kernelPackages.broadcom_sta in your + /etc/nixos/hardware-configuration.nix. More discussion + is on the + github issue. + - - - The services.xserver.startGnuPGAgent option has been removed. - GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no - longer requires (or even supports) the "start everything as a child of the - agent" scheme we've implemented in NixOS for older versions. - To configure the gpg-agent for your X session, add the following code to - ~/.bashrc or some file that’s sourced when your shell is started: - + + The services.xserver.startGnuPGAgent option has been + removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new + approach no longer requires (or even supports) the "start everything as a + child of the agent" scheme we've implemented in NixOS for older versions. + To configure the gpg-agent for your X session, add the following code to + ~/.bashrc or some file that’s sourced when your + shell is started: + GPG_TTY=$(tty) export GPG_TTY - If you want to use gpg-agent for SSH, too, add the following to your session - initialization (e.g. displayManager.sessionCommands) - + If you want to use gpg-agent for SSH, too, add the following to your + session initialization (e.g. + displayManager.sessionCommands) + gpg-connect-agent /bye unset SSH_AGENT_PID export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh" - and make sure that - + and make sure that + enable-ssh-support - is included in your ~/.gnupg/gpg-agent.conf. - You will need to use ssh-add to re-add your ssh keys. - If gpg’s automatic transformation of the private keys to the new format fails, - you will need to re-import your private keyring as well: - + is included in your ~/.gnupg/gpg-agent.conf. You will + need to use ssh-add to re-add your ssh keys. If gpg’s + automatic transformation of the private keys to the new format fails, you + will need to re-import your private keyring as well: + gpg --import ~/.gnupg/secring.gpg - The gpg-agent(1) man page has more details about this subject, - i.e. in the "EXAMPLES" section. - + The gpg-agent(1) man page has more details about this + subject, i.e. in the "EXAMPLES" section. + - + - -Other notable improvements: - - - - - - - ejabberd module is brought back and now works on - NixOS. - - - - Input method support was improved. New NixOS modules (fcitx, nabi and uim), - fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n) - have been added. - - - - + + + ejabberd module is brought back and now works on NixOS. + + + + + Input method support was improved. New NixOS modules (fcitx, nabi and + uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus + engines (hangul and m17n) have been added. + + + + diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml index 893f894f42f..4a2343edc97 100644 --- a/nixos/doc/manual/release-notes/rl-1609.xml +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -3,237 +3,275 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-16.09"> + Release 16.09 (“Flounder”, 2016/09/30) -Release 16.09 (“Flounder”, 2016/09/30) - -In addition to numerous new and upgraded packages, this release -has the following highlights: - - + + In addition to numerous new and upgraded packages, this release has the + following highlights: + + - Many NixOS configurations and Nix packages now use - significantly less disk space, thanks to the + Many NixOS configurations and Nix packages now use significantly less disk + space, thanks to the + extensive - work on closure size reduction. For example, the closure - size of a minimal NixOS container went down from ~424 MiB in 16.03 - to ~212 MiB in 16.09, while the closure size of Firefox went from - ~651 MiB to ~259 MiB. + work on closure size reduction. For example, the closure size of a + minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in + 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB. + - - To improve security, packages are now + To improve security, packages are now + built - using various hardening features. See the Nixpkgs manual - for more information. + using various hardening features. See the Nixpkgs manual for more + information. + - - Support for PXE netboot. See for documentation. + + Support for PXE netboot. See + for documentation. + - - X.org server 1.18. If you use the - ati_unfree driver, 1.17 is still used due to an - ABI incompatibility. + + X.org server 1.18. If you use the ati_unfree driver, + 1.17 is still used due to an ABI incompatibility. + - - This release is based on Glibc 2.24, GCC 5.4.0 and systemd - 231. The default Linux kernel remains 4.4. + + This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default + Linux kernel remains 4.4. + + - - -The following new services were added since the last release: - - - (this will get automatically generated at release time) - - -When upgrading from a previous release, please be aware of the -following incompatible changes: - - + + The following new services were added since the last release: + + - A large number of packages have been converted to use the multiple outputs feature - of Nix to greatly reduce the amount of required disk space, as - mentioned above. This may require changes - to any custom packages to make them build again; see the relevant chapter in the - Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions - related to multiple-output packages - were changed - late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.) - + + (this will get automatically generated at release time) + + + + When upgrading from a previous release, please be aware of the following + incompatible changes: + + + - Previous versions of Nixpkgs had support for all versions of the LTS + + A large number of packages have been converted to use the multiple outputs + feature of Nix to greatly reduce the amount of required disk space, as + mentioned above. This may require changes to any custom packages to make + them build again; see the relevant chapter in the Nixpkgs manual for more + information. (Additional caveat to packagers: some packaging conventions + related to multiple-output packages + were + changed late (August 2016) in the release cycle and differ from the + initial introduction of multiple outputs.) + + + + + Previous versions of Nixpkgs had support for all versions of the LTS Haskell package set. That support has been dropped. The previously provided haskell.packages.lts-x_y package sets still exist in name to aviod breaking user code, but these package sets don't actually contain the versions mandated by the corresponding LTS release. Instead, our package set it loosely based on the latest available LTS release, i.e. LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will - drop those old names entirely. The motivation for this change has been discussed at length on the - nix-dev mailing list and in Github issue - #14897. Development strategies for Haskell hackers who want to rely - on Nix and NixOS have been described in nix-dev mailing list and in + Github + issue #14897. Development strategies for Haskell hackers who want to + rely on Nix and NixOS have been described in + another - nix-dev article. + nix-dev article. + - - Shell aliases for systemd sub-commands - were dropped: - start, stop, - restart, status. + + Shell aliases for systemd sub-commands + were + dropped: start, stop, + restart, status. + - - Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default - behavior of Redis 3.2 + + Redis now binds to 127.0.0.1 only instead of listening to all network + interfaces. This is the default behavior of Redis 3.2 + - - - /var/empty is now immutable. Activation script runs chattr +i - to forbid any modifications inside the folder. See - the pull request for what bugs this caused. - + + /var/empty is now immutable. Activation script runs + chattr +i to forbid any modifications inside the folder. + See the + pull request for what bugs this caused. + - - Gitlab's maintainance script - gitlab-runner was removed and split up into the - more clearer gitlab-run and + + Gitlab's maintainance script gitlab-runner was removed + and split up into the more clearer gitlab-run and gitlab-rake scripts, because - gitlab-runner is a component of Gitlab - CI. + gitlab-runner is a component of Gitlab CI. + - - services.xserver.libinput.accelProfile default - changed from flat to adaptive, - as per - official documentation. + + services.xserver.libinput.accelProfile default changed + from flat to adaptive, as per + + official documentation. + - - fonts.fontconfig.ultimate.rendering was removed - because our presets were obsolete for some time. New presets are hardcoded - into FreeType; you can select a preset via fonts.fontconfig.ultimate.preset. - You can customize those presets via ordinary environment variables, using - environment.variables. + + fonts.fontconfig.ultimate.rendering was removed because + our presets were obsolete for some time. New presets are hardcoded into + FreeType; you can select a preset via + fonts.fontconfig.ultimate.preset. You can customize + those presets via ordinary environment variables, using + environment.variables. + - - The audit service is no longer enabled by default. - Use security.audit.enable = true to explicitly enable it. + + The audit service is no longer enabled by default. Use + security.audit.enable = true to explicitly enable it. + - - - pkgs.linuxPackages.virtualbox now contains only the - kernel modules instead of the VirtualBox user space binaries. - If you want to reference the user space binaries, you have to use the new - pkgs.virtualbox instead. - + + pkgs.linuxPackages.virtualbox now contains only the + kernel modules instead of the VirtualBox user space binaries. If you want + to reference the user space binaries, you have to use the new + pkgs.virtualbox instead. + - - goPackages was replaced with separated Go - applications in appropriate nixpkgs - categories. Each Go package uses its own dependency set. There's - also a new go2nix tool introduced to generate a - Go package definition from its Go source automatically. + + goPackages was replaced with separated Go applications + in appropriate nixpkgs categories. Each Go package uses + its own dependency set. There's also a new go2nix tool + introduced to generate a Go package definition from its Go source + automatically. + - - services.mongodb.extraConfig configuration format - was changed to YAML. + + services.mongodb.extraConfig configuration format was + changed to YAML. + - - - PHP has been upgraded to 7.0 - + + PHP has been upgraded to 7.0 + - + + + Other notable improvements: + -Other notable improvements: - - - - Revamped grsecurity/PaX support. There is now only a single - general-purpose distribution kernel and the configuration interface has been - streamlined. Desktop users should be able to simply set - security.grsecurity.enable = true to get - a reasonably secure system without having to sacrifice too much - functionality. - - - Special filesystems, like /proc, - /run and others, now have the same mount options - as recommended by systemd and are unified across different places in - NixOS. Mount options are updated during nixos-rebuild - switch if possible. One benefit from this is improved - security — most such filesystems are now mounted with - noexec, nodev and/or - nosuid options. - - The reverse path filter was interfering with DHCPv4 server - operation in the past. An exception for DHCPv4 and a new option to log - packets that were dropped due to the reverse path filter was added - (networking.firewall.logReversePathDrops) for easier - debugging. - - Containers configuration within - containers.<name>.config is + + + Revamped grsecurity/PaX support. There is now only a single general-purpose + distribution kernel and the configuration interface has been streamlined. + Desktop users should be able to simply set +security.grsecurity.enable = true + to get a reasonably secure system without having to sacrifice too much + functionality. + + + + + Special filesystems, like /proc, /run + and others, now have the same mount options as recommended by systemd and + are unified across different places in NixOS. Mount options are updated + during nixos-rebuild switch if possible. One benefit + from this is improved security — most such filesystems are now mounted + with noexec, nodev and/or + nosuid options. + + + + + The reverse path filter was interfering with DHCPv4 server operation in the + past. An exception for DHCPv4 and a new option to log packets that were + dropped due to the reverse path filter was added + (networking.firewall.logReversePathDrops) for easier + debugging. + + + + + Containers configuration within + containers.<name>.config is + now - properly typed and checked. In particular, partial - configurations are merged correctly. - + properly typed and checked. In particular, partial configurations + are merged correctly. + + - The directory container setuid wrapper programs, - /var/setuid-wrappers, + The directory container setuid wrapper programs, + /var/setuid-wrappers, + is now - updated atomically to prevent failures if the switch to a new - configuration is interrupted. + updated atomically to prevent failures if the switch to a new configuration + is interrupted. + - - services.xserver.startGnuPGAgent - has been removed due to GnuPG 2.1.x bump. See + services.xserver.startGnuPGAgent has been removed due to + GnuPG 2.1.x bump. See + - how to achieve similar behavior. You might need to - pkill gpg-agent after the upgrade - to prevent a stale agent being in the way. - + how to achieve similar behavior. You might need to pkill + gpg-agent after the upgrade to prevent a stale agent being in the + way. + - - + + - Declarative users could share the uid due to the bug in - the script handling conflict resolution. - - - - + Declarative users could share the uid due to the bug in the script handling + conflict resolution. + + + + Gummi boot has been replaced using systemd-boot. - - - + + + + Hydra package and NixOS module were added for convenience. - - - - - + + + diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 6147b983013..6ca79e2bc00 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -3,259 +3,588 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-17.03"> + Release 17.03 (“Gorilla”, 2017/03/31) -Release 17.03 (“Gorilla”, 2017/03/31) - -
+ Highlights -Highlights + + In addition to numerous new and upgraded packages, this release has the + following highlights: + -In addition to numerous new and upgraded packages, this release -has the following highlights: - - - - Nixpkgs is now extensible through overlays. See the Nixpkgs - manual for more information. - - - - This release is based on Glibc 2.25, GCC 5.4.0 and systemd - 232. The default Linux kernel is 4.9 and Nix is at 1.11.8. - - - - The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed - - - - The setuid wrapper functionality now supports setting - capabilities. - - - - X.org server uses branch 1.19. Due to ABI incompatibilities, - ati_unfree keeps forcing 1.17 - and amdgpu-pro starts forcing 1.18. - - - + + - Cross compilation has been rewritten. See the nixpkgs manual for - details. The most obvious breaking change is that in derivations there is no - .nativeDrv nor .crossDrv are now - cross by default, not native. + Nixpkgs is now extensible through overlays. See the + Nixpkgs + manual for more information. - - - - The overridePackages function has been rewritten - to be replaced by + + + This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The + default Linux kernel is 4.9 and Nix is at 1.11.8. + + + + + The default desktop environment now is KDE's Plasma 5. KDE 4 has been + removed + + + + + The setuid wrapper functionality now supports setting capabilities. + + + + + X.org server uses branch 1.19. Due to ABI incompatibilities, + ati_unfree keeps forcing 1.17 and + amdgpu-pro starts forcing 1.18. + + + + + Cross compilation has been rewritten. See the nixpkgs manual for details. + The most obvious breaking change is that in derivations there is no + .nativeDrv nor .crossDrv are now + cross by default, not native. + + + + + The overridePackages function has been rewritten to be + replaced by + - overlays - - - - Packages in nixpkgs can be marked as insecure through listed - vulnerabilities. See the + + + + + Packages in nixpkgs can be marked as insecure through listed + vulnerabilities. See the + Nixpkgs - manual for more information. - + manual for more information. + + + + + PHP now defaults to PHP 7.1 + + + +
- - PHP now defaults to PHP 7.1 - - - - - -
+ New Services -New Services + + The following new services were added since the last release: + -The following new services were added since the last release: + + + + hardware/ckb.nix + + + + + hardware/mcelog.nix + + + + + hardware/usb-wwan.nix + + + + + hardware/video/capture/mwprocapture.nix + + + + + programs/adb.nix + + + + + programs/chromium.nix + + + + + programs/gphoto2.nix + + + + + programs/java.nix + + + + + programs/mtr.nix + + + + + programs/oblogout.nix + + + + + programs/vim.nix + + + + + programs/wireshark.nix + + + + + security/dhparams.nix + + + + + services/audio/ympd.nix + + + + + services/computing/boinc/client.nix + + + + + services/continuous-integration/buildbot/master.nix + + + + + services/continuous-integration/buildbot/worker.nix + + + + + services/continuous-integration/gitlab-runner.nix + + + + + services/databases/riak-cs.nix + + + + + services/databases/stanchion.nix + + + + + services/desktops/gnome3/gnome-terminal-server.nix + + + + + services/editors/infinoted.nix + + + + + services/hardware/illum.nix + + + + + services/hardware/trezord.nix + + + + + services/logging/journalbeat.nix + + + + + services/mail/offlineimap.nix + + + + + services/mail/postgrey.nix + + + + + services/misc/couchpotato.nix + + + + + services/misc/docker-registry.nix + + + + + services/misc/errbot.nix + + + + + services/misc/geoip-updater.nix + + + + + services/misc/gogs.nix + + + + + services/misc/leaps.nix + + + + + services/misc/nix-optimise.nix + + + + + services/misc/ssm-agent.nix + + + + + services/misc/sssd.nix + + + + + services/monitoring/arbtt.nix + + + + + services/monitoring/netdata.nix + + + + + services/monitoring/prometheus/default.nix + + + + + services/monitoring/prometheus/alertmanager.nix + + + + + services/monitoring/prometheus/blackbox-exporter.nix + + + + + services/monitoring/prometheus/json-exporter.nix + + + + + services/monitoring/prometheus/nginx-exporter.nix + + + + + services/monitoring/prometheus/node-exporter.nix + + + + + services/monitoring/prometheus/snmp-exporter.nix + + + + + services/monitoring/prometheus/unifi-exporter.nix + + + + + services/monitoring/prometheus/varnish-exporter.nix + + + + + services/monitoring/sysstat.nix + + + + + services/monitoring/telegraf.nix + + + + + services/monitoring/vnstat.nix + + + + + services/network-filesystems/cachefilesd.nix + + + + + services/network-filesystems/glusterfs.nix + + + + + services/network-filesystems/ipfs.nix + + + + + services/networking/dante.nix + + + + + services/networking/dnscrypt-wrapper.nix + + + + + services/networking/fakeroute.nix + + + + + services/networking/flannel.nix + + + + + services/networking/htpdate.nix + + + + + services/networking/miredo.nix + + + + + services/networking/nftables.nix + + + + + services/networking/powerdns.nix + + + + + services/networking/pdns-recursor.nix + + + + + services/networking/quagga.nix + + + + + services/networking/redsocks.nix + + + + + services/networking/wireguard.nix + + + + + services/system/cgmanager.nix + + + + + services/torrent/opentracker.nix + + + + + services/web-apps/atlassian/confluence.nix + + + + + services/web-apps/atlassian/crowd.nix + + + + + services/web-apps/atlassian/jira.nix + + + + + services/web-apps/frab.nix + + + + + services/web-apps/nixbot.nix + + + + + services/web-apps/selfoss.nix + + + + + services/web-apps/quassel-webserver.nix + + + + + services/x11/unclutter-xfixes.nix + + + + + services/x11/urxvtd.nix + + + + + system/boot/systemd-nspawn.nix + + + + + virtualisation/ecs-agent.nix + + + + + virtualisation/lxcfs.nix + + + + + virtualisation/openstack/keystone.nix + + + + + virtualisation/openstack/glance.nix + + + +
- - hardware/ckb.nix - hardware/mcelog.nix - hardware/usb-wwan.nix - hardware/video/capture/mwprocapture.nix - programs/adb.nix - programs/chromium.nix - programs/gphoto2.nix - programs/java.nix - programs/mtr.nix - programs/oblogout.nix - programs/vim.nix - programs/wireshark.nix - security/dhparams.nix - services/audio/ympd.nix - services/computing/boinc/client.nix - services/continuous-integration/buildbot/master.nix - services/continuous-integration/buildbot/worker.nix - services/continuous-integration/gitlab-runner.nix - services/databases/riak-cs.nix - services/databases/stanchion.nix - services/desktops/gnome3/gnome-terminal-server.nix - services/editors/infinoted.nix - services/hardware/illum.nix - services/hardware/trezord.nix - services/logging/journalbeat.nix - services/mail/offlineimap.nix - services/mail/postgrey.nix - services/misc/couchpotato.nix - services/misc/docker-registry.nix - services/misc/errbot.nix - services/misc/geoip-updater.nix - services/misc/gogs.nix - services/misc/leaps.nix - services/misc/nix-optimise.nix - services/misc/ssm-agent.nix - services/misc/sssd.nix - services/monitoring/arbtt.nix - services/monitoring/netdata.nix - services/monitoring/prometheus/default.nix - services/monitoring/prometheus/alertmanager.nix - services/monitoring/prometheus/blackbox-exporter.nix - services/monitoring/prometheus/json-exporter.nix - services/monitoring/prometheus/nginx-exporter.nix - services/monitoring/prometheus/node-exporter.nix - services/monitoring/prometheus/snmp-exporter.nix - services/monitoring/prometheus/unifi-exporter.nix - services/monitoring/prometheus/varnish-exporter.nix - services/monitoring/sysstat.nix - services/monitoring/telegraf.nix - services/monitoring/vnstat.nix - services/network-filesystems/cachefilesd.nix - services/network-filesystems/glusterfs.nix - services/network-filesystems/ipfs.nix - services/networking/dante.nix - services/networking/dnscrypt-wrapper.nix - services/networking/fakeroute.nix - services/networking/flannel.nix - services/networking/htpdate.nix - services/networking/miredo.nix - services/networking/nftables.nix - services/networking/powerdns.nix - services/networking/pdns-recursor.nix - services/networking/quagga.nix - services/networking/redsocks.nix - services/networking/wireguard.nix - services/system/cgmanager.nix - services/torrent/opentracker.nix - services/web-apps/atlassian/confluence.nix - services/web-apps/atlassian/crowd.nix - services/web-apps/atlassian/jira.nix - services/web-apps/frab.nix - services/web-apps/nixbot.nix - services/web-apps/selfoss.nix - services/web-apps/quassel-webserver.nix - services/x11/unclutter-xfixes.nix - services/x11/urxvtd.nix - system/boot/systemd-nspawn.nix - virtualisation/ecs-agent.nix - virtualisation/lxcfs.nix - virtualisation/openstack/keystone.nix - virtualisation/openstack/glance.nix - - - -
+ Backward Incompatibilities -Backward Incompatibilities + + When upgrading from a previous release, please be aware of the following + incompatible changes: + -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - + + - Derivations have no .nativeDrv nor .crossDrv - and are now cross by default, not native. + Derivations have no .nativeDrv nor + .crossDrv and are now cross by default, not native. - - - + + - stdenv.overrides is now expected to take self - and super arguments. See lib.trivial.extends - for what those parameters represent. + stdenv.overrides is now expected to take + self and super arguments. See + lib.trivial.extends for what those parameters + represent. - - - + + - ansible now defaults to ansible version 2 as version 1 - has been removed due to a serious ansible now defaults to ansible version 2 as version 1 + has been removed due to a serious + - vulnerability unpatched by upstream. + vulnerability unpatched by upstream. - - - + + - gnome alias has been removed along with - gtk, gtkmm and several others. - Now you need to use versioned attributes, like gnome3. + gnome alias has been removed along with + gtk, gtkmm and several others. Now + you need to use versioned attributes, like gnome3. - - - + + - The attribute name of the Radicale daemon has been changed from - pythonPackages.radicale to - radicale. + The attribute name of the Radicale daemon has been changed from + pythonPackages.radicale to radicale. - - - + + - The stripHash bash function in stdenv - changed according to its documentation; it now outputs the stripped name to - stdout instead of putting it in the variable - strippedName. + The stripHash bash function in + stdenv changed according to its documentation; it now + outputs the stripped name to stdout instead of putting + it in the variable strippedName. - - - - PHP now scans for extra configuration .ini files in /etc/php.d - instead of /etc. This prevents accidentally loading non-PHP .ini files - that may be in /etc. - - - - + + - Two lone top-level dict dbs moved into dictdDBs. This - affects: dictdWordnet which is now at - dictdDBs.wordnet and dictdWiktionary - which is now at dictdDBs.wiktionary + PHP now scans for extra configuration .ini files in /etc/php.d instead of + /etc. This prevents accidentally loading non-PHP .ini files that may be in + /etc. - - - + + - Parsoid service now uses YAML configuration format. + Two lone top-level dict dbs moved into dictdDBs. This + affects: dictdWordnet which is now at + dictdDBs.wordnet and dictdWiktionary + which is now at dictdDBs.wiktionary + + + + + Parsoid service now uses YAML configuration format. service.parsoid.interwikis is now called service.parsoid.wikis and is a list of either API URLs or attribute sets as specified in parsoid's documentation. - - - + + Ntpd was replaced by systemd-timesyncd as the default service to synchronize @@ -263,14 +592,12 @@ following incompatible changes: setting services.ntp.enable to true. Upstream time servers for all NTP implementations are now configured using networking.timeServers. - - - - + + + - service.nylon is now declared using named instances. - As an example: - + service.nylon is now declared using named instances. As + an example: services.nylon = { enable = true; @@ -279,9 +606,7 @@ following incompatible changes: port = 5912; }; - - should be replaced with: - + should be replaced with: services.nylon.myvpn = { enable = true; @@ -290,225 +615,203 @@ following incompatible changes: port = 5912; }; - - this enables you to declare a SOCKS proxy for each uplink. - + this enables you to declare a SOCKS proxy for each uplink. - - - - overridePackages function no longer exists. - It is replaced by + + + overridePackages function no longer exists. It is + replaced by + - overlays. For example, the following code: - + overlays. For example, the following code: let pkgs = import <nixpkgs> {}; in pkgs.overridePackages (self: super: ...) - - should be replaced by: - + should be replaced by: let pkgs = import <nixpkgs> {}; in import pkgs.path { overlays = [(self: super: ...)]; } - - - - + + - Autoloading connection tracking helpers is now disabled by default. - This default was also changed in the Linux kernel and is considered - insecure if not configured properly in your firewall. If you need - connection tracking helpers (i.e. for active FTP) please enable - networking.firewall.autoLoadConntrackHelpers and - tune networking.firewall.connectionTrackingModules - to suit your needs. + Autoloading connection tracking helpers is now disabled by default. This + default was also changed in the Linux kernel and is considered insecure if + not configured properly in your firewall. If you need connection tracking + helpers (i.e. for active FTP) please enable + networking.firewall.autoLoadConntrackHelpers and tune + networking.firewall.connectionTrackingModules to suit + your needs. - - - + + - local_recipient_maps is not set to empty value by - Postfix service. It's an insecure default as stated by Postfix - documentation. Those who want to retain this setting need to set it via - services.postfix.extraConfig. + local_recipient_maps is not set to empty value by + Postfix service. It's an insecure default as stated by Postfix + documentation. Those who want to retain this setting need to set it via + services.postfix.extraConfig. - - - + + - Iputils no longer provide ping6 and traceroute6. The functionality of - these tools has been integrated into ping and traceroute respectively. To - enforce an address family the new flags -4 and - -6 have been added. One notable incompatibility is that - specifying an interface (for link-local IPv6 for instance) is no longer done - with the -I flag, but by encoding the interface into the - address (ping fe80::1%eth0). + Iputils no longer provide ping6 and traceroute6. The functionality of + these tools has been integrated into ping and traceroute respectively. To + enforce an address family the new flags -4 and + -6 have been added. One notable incompatibility is that + specifying an interface (for link-local IPv6 for instance) is no longer + done with the -I flag, but by encoding the interface + into the address (ping fe80::1%eth0). - - - + + - The socket handling of the services.rmilter module - has been fixed and refactored. As rmilter doesn't support binding to - more than one socket, the options bindUnixSockets - and bindInetSockets have been replaced by - services.rmilter.bindSocket.*. The default is still - a unix socket in /run/rmilter/rmilter.sock. Refer to - the options documentation for more information. + The socket handling of the services.rmilter module has + been fixed and refactored. As rmilter doesn't support binding to more than + one socket, the options bindUnixSockets and + bindInetSockets have been replaced by + services.rmilter.bindSocket.*. The default is still a + unix socket in /run/rmilter/rmilter.sock. Refer to the + options documentation for more information. - - - + + - The fetch* functions no longer support md5, - please use sha256 instead. + The fetch* functions no longer support md5, please use + sha256 instead. - - - + + - The dnscrypt-proxy module interface has been streamlined around the - option. Where possible, legacy option - declarations are mapped to but will emit - warnings. The has been outright - removed: to use an unlisted resolver, use the - option. + The dnscrypt-proxy module interface has been streamlined around the + option. Where possible, legacy option + declarations are mapped to but will emit + warnings. The has been outright removed: to + use an unlisted resolver, use the option. - - - + + - torbrowser now stores local state under - ~/.local/share/tor-browser by default. Any - browser profile data from the old location, - ~/.torbrowser4, must be migrated manually. + torbrowser now stores local state under + ~/.local/share/tor-browser by default. Any browser + profile data from the old location, ~/.torbrowser4, + must be migrated manually. - - - + + - The ihaskell, monetdb, offlineimap and sitecopy services have been removed. + The ihaskell, monetdb, offlineimap and sitecopy services have been + removed. - - + + +
- -
+ Other Notable Changes -Other Notable Changes - - - - - Module type system have a new extensible option types feature that - allow to extend certain types, such as enum, through multiple option - declarations of the same option across multiple modules. - - - - + + - jre now defaults to GTK+ UI by default. This - improves visual consistency and makes Java follow system font style, - improving the situation on HighDPI displays. This has a cost of increased - closure size; for server and other headless workloads it's recommended to - use jre_headless. + Module type system have a new extensible option types feature that allow + to extend certain types, such as enum, through multiple option + declarations of the same option across multiple modules. - - - - Python 2.6 interpreter and package set have been removed. - - - + + - The Python 2.7 interpreter does not use modules anymore. Instead, all - CPython interpreters now include the whole standard library except for `tkinter`, - which is available in the Python package set. + jre now defaults to GTK+ UI by default. This improves + visual consistency and makes Java follow system font style, improving the + situation on HighDPI displays. This has a cost of increased closure size; + for server and other headless workloads it's recommended to use + jre_headless. - - - + + - Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. - Minor modifications had to be made to the interpreters in order to generate - deterministic bytecode. This has security implications and is relevant for - those using Python in a nix-shell. See the Nixpkgs manual - for details. + Python 2.6 interpreter and package set have been removed. - - - + + - The Python package sets now use a fixed-point combinator and the sets are - available as attributes of the interpreters. + The Python 2.7 interpreter does not use modules anymore. Instead, all + CPython interpreters now include the whole standard library except for + `tkinter`, which is available in the Python package set. - - - + + - The Python function buildPythonPackage has been improved and can be - used to build from Setuptools source, Flit source, and precompiled Wheels. + Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. + Minor modifications had to be made to the interpreters in order to + generate deterministic bytecode. This has security implications and is + relevant for those using Python in a nix-shell. See the + Nixpkgs manual for details. - - - + + - When adding new or updating current Python libraries, the expressions should be put - in separate files in pkgs/development/python-modules and - called from python-packages.nix. + The Python package sets now use a fixed-point combinator and the sets are + available as attributes of the interpreters. - - - + + - The dnscrypt-proxy service supports synchronizing the list of public - resolvers without working DNS resolution. This fixes issues caused by the - resolver list becoming outdated. It also improves the viability of - DNSCrypt only configurations. + The Python function buildPythonPackage has been + improved and can be used to build from Setuptools source, Flit source, and + precompiled Wheels. - - - + + - Containers using bridged networking no longer lose their connection after - changes to the host networking. + When adding new or updating current Python libraries, the expressions + should be put in separate files in + pkgs/development/python-modules and called from + python-packages.nix. - - - + + - ZFS supports pool auto scrubbing. + The dnscrypt-proxy service supports synchronizing the list of public + resolvers without working DNS resolution. This fixes issues caused by the + resolver list becoming outdated. It also improves the viability of + DNSCrypt only configurations. - - - + + - The bind DNS utilities (e.g. dig) have been split into their own output and - are now also available in pkgs.dnsutils and it is no longer - necessary to pull in all of bind to use them. + Containers using bridged networking no longer lose their connection after + changes to the host networking. - - - + + - Per-user configuration was moved from ~/.nixpkgs to - ~/.config/nixpkgs. The former is still valid for - config.nix for backwards compatibility. + ZFS supports pool auto scrubbing. - - -
+ + + + The bind DNS utilities (e.g. dig) have been split into their own output + and are now also available in pkgs.dnsutils and it is + no longer necessary to pull in all of bind to use them. + + + + + Per-user configuration was moved from ~/.nixpkgs to + ~/.config/nixpkgs. The former is still valid for + config.nix for backwards compatibility. + + + + diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index 66f7b01db72..795c51d2923 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -3,40 +3,40 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-17.09"> + Release 17.09 (“Hummingbird”, 2017/09/??) -Release 17.09 (“Hummingbird”, 2017/09/??) - -
+ Highlights -Highlights + + In addition to numerous new and upgraded packages, this release has the + following highlights: + -In addition to numerous new and upgraded packages, this release -has the following highlights: - - - + + - The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, - KDE Applications to 17.08.1 and KDE Frameworks to 5.37. + The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE + Applications to 17.08.1 and KDE Frameworks to 5.37. - - + + - The user handling now keeps track of deallocated UIDs/GIDs. When a user - or group is revived, this allows it to be allocated the UID/GID it had before. - A consequence is that UIDs and GIDs are no longer reused. + The user handling now keeps track of deallocated UIDs/GIDs. When a user or + group is revived, this allows it to be allocated the UID/GID it had + before. A consequence is that UIDs and GIDs are no longer reused. - - + + - The module option now - causes the first head specified in this list to be set as the primary - head. Apart from that, it's now possible to also set additional options - by using an attribute set, for example: + The module option now causes + the first head specified in this list to be set as the primary head. Apart + from that, it's now possible to also set additional options by using an + attribute set, for example: { services.xserver.xrandrHeads = [ "HDMI-0" @@ -50,365 +50,664 @@ has the following highlights: ]; } - This will set the DVI-0 output to be the primary head, - even though HDMI-0 is the first head in the list. + This will set the DVI-0 output to be the primary head, + even though HDMI-0 is the first head in the list. - - + + - The handling of SSL in the services.nginx module has - been cleaned up, renaming the misnamed enableSSL to - onlySSL which reflects its original intention. This - is not to be used with the already existing forceSSL - which creates a second non-SSL virtual host redirecting to the SSL - virtual host. This by chance had worked earlier due to specific - implementation details. In case you had specified both please remove - the enableSSL option to keep the previous behaviour. + The handling of SSL in the services.nginx module has + been cleaned up, renaming the misnamed enableSSL to + onlySSL which reflects its original intention. This is + not to be used with the already existing forceSSL which + creates a second non-SSL virtual host redirecting to the SSL virtual host. + This by chance had worked earlier due to specific implementation details. + In case you had specified both please remove the + enableSSL option to keep the previous behaviour. - Another addSSL option has been introduced to configure - both a non-SSL virtual host and an SSL virtual host with the same - configuration. + Another addSSL option has been introduced to configure + both a non-SSL virtual host and an SSL virtual host with the same + configuration. - Options to configure resolver options and - upstream blocks have been introduced. See their information - for further details. + Options to configure resolver options and + upstream blocks have been introduced. See their + information for further details. - The port option has been replaced by a more generic - listen option which makes it possible to specify - multiple addresses, ports and SSL configs dependant on the new SSL - handling mentioned above. + The port option has been replaced by a more generic + listen option which makes it possible to specify + multiple addresses, ports and SSL configs dependant on the new SSL + handling mentioned above. - - + + +
- -
+ New Services -New Services + + The following new services were added since the last release: + -The following new services were added since the last release: + + + + config/fonts/fontconfig-penultimate.nix + + + + + config/fonts/fontconfig-ultimate.nix + + + + + config/terminfo.nix + + + + + hardware/sensor/iio.nix + + + + + hardware/nitrokey.nix + + + + + hardware/raid/hpsa.nix + + + + + programs/browserpass.nix + + + + + programs/gnupg.nix + + + + + programs/qt5ct.nix + + + + + programs/slock.nix + + + + + programs/thefuck.nix + + + + + security/auditd.nix + + + + + security/lock-kernel-modules.nix + + + + + service-managers/docker.nix + + + + + service-managers/trivial.nix + + + + + services/admin/salt/master.nix + + + + + services/admin/salt/minion.nix + + + + + services/audio/slimserver.nix + + + + + services/cluster/kubernetes/default.nix + + + + + services/cluster/kubernetes/dns.nix + + + + + services/cluster/kubernetes/dashboard.nix + + + + + services/continuous-integration/hail.nix + + + + + services/databases/clickhouse.nix + + + + + services/databases/postage.nix + + + + + services/desktops/gnome3/gnome-disks.nix + + + + + services/desktops/gnome3/gpaste.nix + + + + + services/logging/SystemdJournal2Gelf.nix + + + + + services/logging/heartbeat.nix + + + + + services/logging/journalwatch.nix + + + + + services/logging/syslogd.nix + + + + + services/mail/mailhog.nix + + + + + services/mail/nullmailer.nix + + + + + services/misc/airsonic.nix + + + + + services/misc/autorandr.nix + + + + + services/misc/exhibitor.nix + + + + + services/misc/fstrim.nix + + + + + services/misc/gollum.nix + + + + + services/misc/irkerd.nix + + + + + services/misc/jackett.nix + + + + + services/misc/radarr.nix + + + + + services/misc/snapper.nix + + + + + services/monitoring/osquery.nix + + + + + services/monitoring/prometheus/collectd-exporter.nix + + + + + services/monitoring/prometheus/fritzbox-exporter.nix + + + + + services/network-filesystems/kbfs.nix + + + + + services/networking/dnscache.nix + + + + + services/networking/fireqos.nix + + + + + services/networking/iwd.nix + + + + + services/networking/keepalived/default.nix + + + + + services/networking/keybase.nix + + + + + services/networking/lldpd.nix + + + + + services/networking/matterbridge.nix + + + + + services/networking/squid.nix + + + + + services/networking/tinydns.nix + + + + + services/networking/xrdp.nix + + + + + services/security/shibboleth-sp.nix + + + + + services/security/sks.nix + + + + + services/security/sshguard.nix + + + + + services/security/torify.nix + + + + + services/security/usbguard.nix + + + + + services/security/vault.nix + + + + + services/system/earlyoom.nix + + + + + services/system/saslauthd.nix + + + + + services/web-apps/nexus.nix + + + + + services/web-apps/pgpkeyserver-lite.nix + + + + + services/web-apps/piwik.nix + + + + + services/web-servers/lighttpd/collectd.nix + + + + + services/web-servers/minio.nix + + + + + services/x11/display-managers/xpra.nix + + + + + services/x11/xautolock.nix + + + + + tasks/filesystems/bcachefs.nix + + + + + tasks/powertop.nix + + + +
- - config/fonts/fontconfig-penultimate.nix - config/fonts/fontconfig-ultimate.nix - config/terminfo.nix - hardware/sensor/iio.nix - hardware/nitrokey.nix - hardware/raid/hpsa.nix - programs/browserpass.nix - programs/gnupg.nix - programs/qt5ct.nix - programs/slock.nix - programs/thefuck.nix - security/auditd.nix - security/lock-kernel-modules.nix - service-managers/docker.nix - service-managers/trivial.nix - services/admin/salt/master.nix - services/admin/salt/minion.nix - services/audio/slimserver.nix - services/cluster/kubernetes/default.nix - services/cluster/kubernetes/dns.nix - services/cluster/kubernetes/dashboard.nix - services/continuous-integration/hail.nix - services/databases/clickhouse.nix - services/databases/postage.nix - services/desktops/gnome3/gnome-disks.nix - services/desktops/gnome3/gpaste.nix - services/logging/SystemdJournal2Gelf.nix - services/logging/heartbeat.nix - services/logging/journalwatch.nix - services/logging/syslogd.nix - services/mail/mailhog.nix - services/mail/nullmailer.nix - services/misc/airsonic.nix - services/misc/autorandr.nix - services/misc/exhibitor.nix - services/misc/fstrim.nix - services/misc/gollum.nix - services/misc/irkerd.nix - services/misc/jackett.nix - services/misc/radarr.nix - services/misc/snapper.nix - services/monitoring/osquery.nix - services/monitoring/prometheus/collectd-exporter.nix - services/monitoring/prometheus/fritzbox-exporter.nix - services/network-filesystems/kbfs.nix - services/networking/dnscache.nix - services/networking/fireqos.nix - services/networking/iwd.nix - services/networking/keepalived/default.nix - services/networking/keybase.nix - services/networking/lldpd.nix - services/networking/matterbridge.nix - services/networking/squid.nix - services/networking/tinydns.nix - services/networking/xrdp.nix - services/security/shibboleth-sp.nix - services/security/sks.nix - services/security/sshguard.nix - services/security/torify.nix - services/security/usbguard.nix - services/security/vault.nix - services/system/earlyoom.nix - services/system/saslauthd.nix - services/web-apps/nexus.nix - services/web-apps/pgpkeyserver-lite.nix - services/web-apps/piwik.nix - services/web-servers/lighttpd/collectd.nix - services/web-servers/minio.nix - services/x11/display-managers/xpra.nix - services/x11/xautolock.nix - tasks/filesystems/bcachefs.nix - tasks/powertop.nix - - - -
+ Backward Incompatibilities -Backward Incompatibilities + + When upgrading from a previous release, please be aware of the following + incompatible changes: + -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - + + - - In an Qemu-based virtualization environment, the network interface - names changed from i.e. enp0s3 to - ens3. - + In an Qemu-based virtualization environment, the + network interface names changed from i.e. enp0s3 to + ens3. - This is due to a kernel configuration change. The new naming - is consistent with those of other Linux distributions with - systemd. See - #29197 - for more information. + This is due to a kernel configuration change. The new naming is consistent + with those of other Linux distributions with systemd. See + #29197 + for more information. - A machine is affected if the virt-what tool - either returns qemu or - kvm and has - interface names used in any part of its NixOS configuration, - in particular if a static network configuration with - networking.interfaces is used. + A machine is affected if the virt-what tool either + returns qemu or kvm + and has interface names used in any part of its NixOS + configuration, in particular if a static network configuration with + networking.interfaces is used. - Before rebooting affected machines, please ensure: - - - - Change the interface names in your NixOS configuration. - The first interface will be called ens3, - the second one ens8 and starting from there - incremented by 1. - - - - - After changing the interface names, rebuild your system with - nixos-rebuild boot to activate the new - configuration after a reboot. If you switch to the new - configuration right away you might lose network connectivity! - If using nixops, deploy with - nixops deploy --force-reboot. - - - + Before rebooting affected machines, please ensure: + + + + Change the interface names in your NixOS configuration. The first + interface will be called ens3, the second one + ens8 and starting from there incremented by 1. + + + + + After changing the interface names, rebuild your system with + nixos-rebuild boot to activate the new configuration + after a reboot. If you switch to the new configuration right away you + might lose network connectivity! If using nixops, + deploy with nixops deploy --force-reboot. + + + - - + + - The following changes apply if the stateVersion is changed to 17.09 or higher. - For stateVersion = "17.03" or lower the old behavior is preserved. + The following changes apply if the stateVersion is + changed to 17.09 or higher. For stateVersion = "17.03" + or lower the old behavior is preserved. - - - The postgres default version was changed from 9.5 to 9.6. - - - - - The postgres superuser name has changed from root to postgres to more closely follow what other Linux distributions are doing. - - - - - The postgres default dataDir has changed from /var/db/postgres to /var/lib/postgresql/$psqlSchema where $psqlSchema is 9.6 for example. - - - - - The mysql default dataDir has changed from /var/mysql to /var/lib/mysql. - - - - - Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found here . It is also possible to use the newer version by setting the package to radicale2, which is done automatically when stateVersion is 17.09 or higher. The extraArgs option has been added to allow passing the data migration arguments specified in the instructions; see the radicale.nix NixOS test for an example migration. - - + + + The postgres default version was changed from 9.5 to + 9.6. + + + + + The postgres superuser name has changed from + root to postgres to more closely + follow what other Linux distributions are doing. + + + + + The postgres default dataDir has + changed from /var/db/postgres to + /var/lib/postgresql/$psqlSchema where $psqlSchema is + 9.6 for example. + + + + + The mysql default dataDir has + changed from /var/mysql to + /var/lib/mysql. + + + + + Radicale's default package has changed from 1.x to 2.x. Instructions to + migrate can be found here + . It is also possible to use the newer version by setting the + package to radicale2, which is + done automatically when stateVersion is 17.09 or + higher. The extraArgs option has been added to allow + passing the data migration arguments specified in the instructions; see + the + radicale.nix + NixOS test for an example migration. + + - - + + - The aiccu package was removed. This is due to SixXS - sunsetting its IPv6 tunnel. + The aiccu package was removed. This is due to SixXS + sunsetting its IPv6 + tunnel. - - + + - The fanctl package and fan module - have been removed due to the developers not upstreaming their iproute2 - patches and lagging with compatibility to recent iproute2 versions. + The fanctl package and fan module + have been removed due to the developers not upstreaming their iproute2 + patches and lagging with compatibility to recent iproute2 versions. - - + + - Top-level idea package collection was renamed. - All JetBrains IDEs are now at jetbrains. + Top-level idea package collection was renamed. All + JetBrains IDEs are now at jetbrains. - - + + - flexget's state database cannot be upgraded to its - new internal format, requiring removal of any existing - db-config.sqlite which will be automatically recreated. + flexget's state database cannot be upgraded to its new + internal format, requiring removal of any existing + db-config.sqlite which will be automatically recreated. - - + + - The ipfs service now doesn't ignore the dataDir option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with + The ipfs service now doesn't ignore the + dataDir option anymore. If you've ever set this option + to anything other than the default you'll have to either unset it (so the + default gets used) or migrate the old data manually with dataDir=<valueOfDataDir> mv /var/lib/ipfs/.ipfs/* $dataDir rmdir /var/lib/ipfs/.ipfs - - + + - The caddy service was previously using an extra - .caddy directory in the data directory specified - with the dataDir option. The contents of the - .caddy directory are now expected to be in the - dataDir. + The caddy service was previously using an extra + .caddy directory in the data directory specified with + the dataDir option. The contents of the + .caddy directory are now expected to be in the + dataDir. - - + + - The ssh-agent user service is not started by default - anymore. Use programs.ssh.startAgent to enable it if - needed. There is also a new programs.gnupg.agent - module that creates a gpg-agent user service. It can - also serve as a SSH agent if enableSSHSupport is set. + The ssh-agent user service is not started by default + anymore. Use programs.ssh.startAgent to enable it if + needed. There is also a new programs.gnupg.agent module + that creates a gpg-agent user service. It can also + serve as a SSH agent if enableSSHSupport is set. - - + + - The services.tinc.networks.<name>.listenAddress - option had a misleading name that did not correspond to its behavior. It - now correctly defines the ip to listen for incoming connections on. To - keep the previous behaviour, use - services.tinc.networks.<name>.bindToAddress - instead. Refer to the description of the options for more details. + The services.tinc.networks.<name>.listenAddress + option had a misleading name that did not correspond to its behavior. It + now correctly defines the ip to listen for incoming connections on. To + keep the previous behaviour, use + services.tinc.networks.<name>.bindToAddress + instead. Refer to the description of the options for more details. - - + + - tlsdate package and module were removed. This is due to the project - being dead and not building with openssl 1.1. + tlsdate package and module were removed. This is due to + the project being dead and not building with openssl 1.1. - - + + - wvdial package and module were removed. This is due to the project - being dead and not building with openssl 1.1. + wvdial package and module were removed. This is due to + the project being dead and not building with openssl 1.1. - - + + - cc-wrapper's setup-hook now exports a number of - environment variables corresponding to binutils binaries, - (e.g. LD, STRIP, RANLIB, - etc). This is done to prevent packages' build systems guessing, which is - harder to predict, especially when cross-compiling. However, some packages - have broken due to this—their build systems either not supporting, or - claiming to support without adequate testing, taking such environment - variables as parameters. + cc-wrapper's setup-hook now exports a number of + environment variables corresponding to binutils binaries, (e.g. + LD, STRIP, RANLIB, etc). This + is done to prevent packages' build systems guessing, which is harder to + predict, especially when cross-compiling. However, some packages have + broken due to this—their build systems either not supporting, or + claiming to support without adequate testing, taking such environment + variables as parameters. - - + + - services.firefox.syncserver now runs by default as a - non-root user. To accomodate this change, the default sqlite database - location has also been changed. Migration should work automatically. - Refer to the description of the options for more details. + services.firefox.syncserver now runs by default as a + non-root user. To accomodate this change, the default sqlite database + location has also been changed. Migration should work automatically. Refer + to the description of the options for more details. - - + + - The compiz window manager and package was - removed. The system support had been broken for several years. + The compiz window manager and package was removed. The + system support had been broken for several years. - - + + - Touchpad support should now be enabled through - libinput as synaptics is - now deprecated. See the option - services.xserver.libinput.enable. + Touchpad support should now be enabled through libinput + as synaptics is now deprecated. See the option + services.xserver.libinput.enable. - - + + - grsecurity/PaX support has been dropped, following upstream's - decision to cease free support. See - - upstream's announcement for more information. - No complete replacement for grsecurity/PaX is available presently. + grsecurity/PaX support has been dropped, following upstream's decision to + cease free support. See + + upstream's announcement for more information. No complete + replacement for grsecurity/PaX is available presently. - - + + - services.mysql now has declarative - configuration of databases and users with the ensureDatabases and - ensureUsers options. + services.mysql now has declarative configuration of + databases and users with the ensureDatabases and + ensureUsers options. - - These options will never delete existing databases and users, - especially not when the value of the options are changed. + These options will never delete existing databases and users, especially + not when the value of the options are changed. - - The MySQL users will be identified using - - Unix socket authentication. This authenticates the - Unix user with the same name only, and that without the need - for a password. + The MySQL users will be identified using + + Unix socket authentication. This authenticates the Unix user with + the same name only, and that without the need for a password. - - If you have previously created a MySQL root - user with a password, you will need to add - root user for unix socket authentication - before using the new options. This can be done by running the - following SQL script: - + If you have previously created a MySQL root user + with a password, you will need to add + root user for unix socket authentication before using + the new options. This can be done by running the following SQL script: CREATE USER 'root'@'%' IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; @@ -418,194 +717,183 @@ FLUSH PRIVILEGES; -- DROP USER 'root'@'localhost'; - - - + + - services.mysqlBackup now works by default - without any user setup, including for users other than - mysql. + services.mysqlBackup now works by default without any + user setup, including for users other than mysql. - - By default, the mysql user is no longer the - user which performs the backup. Instead a system account - mysqlbackup is used. + By default, the mysql user is no longer the user which + performs the backup. Instead a system account + mysqlbackup is used. - - The mysqlBackup service is also now using - systemd timers instead of cron. + The mysqlBackup service is also now using systemd + timers instead of cron. - - Therefore, the services.mysqlBackup.period - option no longer exists, and has been replaced with - services.mysqlBackup.calendar, which is in - the format of services.mysqlBackup.period option no + longer exists, and has been replaced with + services.mysqlBackup.calendar, which is in the format + of + systemd.time(7). - - If you expect to be sent an e-mail when the backup fails, - consider using a script which monitors the systemd journal for - errors. Regretfully, at present there is no built-in - functionality for this. + If you expect to be sent an e-mail when the backup fails, consider using a + script which monitors the systemd journal for errors. Regretfully, at + present there is no built-in functionality for this. - - You can check that backups still work by running - systemctl start mysql-backup then - systemctl status mysql-backup. + You can check that backups still work by running systemctl start + mysql-backup then systemctl status + mysql-backup. - - - + + - Templated systemd services e.g container@name are - now handled currectly when switching to a new configuration, resulting - in them being reloaded. + Templated systemd services e.g container@name are now + handled currectly when switching to a new configuration, resulting in them + being reloaded. - - - - Steam: the newStdcpp parameter - was removed and should not be needed anymore. - - - + + - Redis has been updated to version 4 which mandates a cluster - mass-restart, due to changes in the network handling, in order - to ensure compatibility with networks NATing traffic. + Steam: the newStdcpp parameter was removed and should + not be needed anymore. - - + + + + Redis has been updated to version 4 which mandates a cluster mass-restart, + due to changes in the network handling, in order to ensure compatibility + with networks NATing traffic. + + + +
- -
+ Other Notable Changes -Other Notable Changes - - - - + + - Modules can now be disabled by using - disabledModules, allowing another to take it's place. This can be - used to import a set of modules from another channel while keeping the - rest of the system on a stable release. + disabledModules, allowing another to take it's place. This can be + used to import a set of modules from another channel while keeping the + rest of the system on a stable release. - - + + - Updated to FreeType 2.7.1, including a new TrueType engine. - The new engine replaces the Infinality engine which was the default in - NixOS. The default font rendering settings are now provided by - fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults - are less invasive and provide rendering that is more consistent with - other systems and hopefully with each font designer's intent. Some - system-wide configuration has been removed from the Fontconfig NixOS - module where user Fontconfig settings are available. + Updated to FreeType 2.7.1, including a new TrueType engine. The new engine + replaces the Infinality engine which was the default in NixOS. The default + font rendering settings are now provided by fontconfig-penultimate, + replacing fontconfig-ultimate; the new defaults are less invasive and + provide rendering that is more consistent with other systems and hopefully + with each font designer's intent. Some system-wide configuration has been + removed from the Fontconfig NixOS module where user Fontconfig settings + are available. - - + + - ZFS/SPL have been updated to 0.7.0, zfsUnstable, splUnstable - have therefore been removed. + ZFS/SPL have been updated to 0.7.0, zfsUnstable, + splUnstable have therefore been removed. - - + + - The option now allows the value - null in addition to timezone strings. This value - allows changing the timezone of a system imperatively using - timedatectl set-timezone. The default timezone - is still UTC. + The option now allows the value + null in addition to timezone strings. This value allows + changing the timezone of a system imperatively using timedatectl + set-timezone. The default timezone is still UTC. - - + + - Nixpkgs overlays may now be specified with a file as well as a directory. The - value of <nixpkgs-overlays> may be a file, and - ~/.config/nixpkgs/overlays.nix can be used instead of the - ~/.config/nixpkgs/overlays directory. + Nixpkgs overlays may now be specified with a file as well as a directory. + The value of <nixpkgs-overlays> may be a file, and + ~/.config/nixpkgs/overlays.nix can be used instead of + the ~/.config/nixpkgs/overlays directory. - See the overlays chapter of the Nixpkgs manual for more details. + See the overlays chapter of the Nixpkgs manual for more details. - - + + - Definitions for /etc/hosts can now be specified - declaratively with networking.hosts. + Definitions for /etc/hosts can now be specified + declaratively with networking.hosts. - - + + - Two new options have been added to the installer loader, in addition - to the default having changed. The kernel log verbosity has been lowered - to the upstream default for the default options, in order to not spam - the console when e.g. joining a network. + Two new options have been added to the installer loader, in addition to + the default having changed. The kernel log verbosity has been lowered to + the upstream default for the default options, in order to not spam the + console when e.g. joining a network. - This therefore leads to adding a new debug option - to set the log level to the previous verbose mode, to make debugging - easier, but still accessible easily. + This therefore leads to adding a new debug option to + set the log level to the previous verbose mode, to make debugging easier, + but still accessible easily. - Additionally a copytoram option has been added, - which makes it possible to remove the install medium after booting. - This allows tethering from your phone after booting from it. + Additionally a copytoram option has been added, which + makes it possible to remove the install medium after booting. This allows + tethering from your phone after booting from it. - - + + - services.gitlab-runner.configOptions has been added - to specify the configuration of gitlab-runners declaratively. + services.gitlab-runner.configOptions has been added to + specify the configuration of gitlab-runners declaratively. - - + + - services.jenkins.plugins has been added - to install plugins easily, this can be generated with jenkinsPlugins2nix. + services.jenkins.plugins has been added to install + plugins easily, this can be generated with jenkinsPlugins2nix. - - + + - services.postfix.config has been added - to specify the main.cf with NixOS options. Additionally other options - have been added to the postfix module and has been improved further. + services.postfix.config has been added to specify the + main.cf with NixOS options. Additionally other options have been added to + the postfix module and has been improved further. - - + + - The GitLab package and module have been updated to the latest 10.0 - release. + The GitLab package and module have been updated to the latest 10.0 + release. - - + + - The systemd-boot boot loader now lists the NixOS - version, kernel version and build date of all bootable generations. + The systemd-boot boot loader now lists the NixOS + version, kernel version and build date of all bootable generations. - - + + - The dnscrypt-proxy service now defaults to using a random upstream resolver, - selected from the list of public non-logging resolvers with DNSSEC support. - Existing configurations can be migrated to this mode of operation by - omitting the option - or setting it to "random". + The dnscrypt-proxy service now defaults to using a random upstream + resolver, selected from the list of public non-logging resolvers with + DNSSEC support. Existing configurations can be migrated to this mode of + operation by omitting the + option or setting it + to "random". - - - - -
+ + + diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 9221c2951ed..c14679eea07 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -3,532 +3,822 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-18.03"> + Release 18.03 (“Impala”, 2018/04/04) -Release 18.03 (“Impala”, 2018/04/04) - -
+ Highlights -Highlights + + In addition to numerous new and upgraded packages, this release has the + following highlights: + -In addition to numerous new and upgraded packages, this release -has the following highlights: - - - - + + - End of support is planned for end of October 2018, handing over to 18.09. + End of support is planned for end of October 2018, handing over to 18.09. - - - + + - Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really). - Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc. + Platform support: x86_64-linux and x86_64-darwin since release time (the + latter isn't NixOS, really). Binaries for aarch64-linux are available, but + no channel exists yet, as it's waiting for some test fixes, etc. - - - + + - Nix now defaults to 2.0; see its - release notes. + Nix now defaults to 2.0; see its + release + notes. - - - + + - Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237. + Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> + 7, systemd: 234 -> 237. - - - + + - Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12. + Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 + -> 5.12. - - - + + - MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes - have been made to the infrastructure involved: - - - - libmysql has been deprecated, please use mysql.connector-c - instead, a compatibility passthru has been added to the MySQL packages. - - - - - The mysql57 package has a new static output containing - the static libraries including libmysqld.a - - - + MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. + While upgrading a few changes have been made to the infrastructure + involved: + + + + libmysql has been deprecated, please use + mysql.connector-c instead, a compatibility passthru + has been added to the MySQL packages. + + + + + The mysql57 package has a new + static output containing the static libraries + including libmysqld.a + + + - + + + + PHP now defaults to PHP 7.2, updated from 7.1. + + + +
- - PHP now defaults to PHP 7.2, updated from 7.1. - - - - -
+ New Services -New Services + + The following new services were added since the last release: + -The following new services were added since the last release: + + + + ./config/krb5/default.nix + + + + + ./hardware/digitalbitbox.nix + + + + + ./misc/label.nix + + + + + ./programs/ccache.nix + + + + + ./programs/criu.nix + + + + + ./programs/digitalbitbox/default.nix + + + + + ./programs/less.nix + + + + + ./programs/npm.nix + + + + + ./programs/plotinus.nix + + + + + ./programs/rootston.nix + + + + + ./programs/systemtap.nix + + + + + ./programs/sway.nix + + + + + ./programs/udevil.nix + + + + + ./programs/way-cooler.nix + + + + + ./programs/yabar.nix + + + + + ./programs/zsh/zsh-autoenv.nix + + + + + ./services/backup/borgbackup.nix + + + + + ./services/backup/crashplan-small-business.nix + + + + + ./services/desktops/dleyna-renderer.nix + + + + + ./services/desktops/dleyna-server.nix + + + + + ./services/desktops/pipewire.nix + + + + + ./services/desktops/gnome3/chrome-gnome-shell.nix + + + + + ./services/desktops/gnome3/tracker-miners.nix + + + + + ./services/hardware/fwupd.nix + + + + + ./services/hardware/interception-tools.nix + + + + + ./services/hardware/u2f.nix + + + + + ./services/hardware/usbmuxd.nix + + + + + ./services/mail/clamsmtp.nix + + + + + ./services/mail/dkimproxy-out.nix + + + + + ./services/mail/pfix-srsd.nix + + + + + ./services/misc/gitea.nix + + + + + ./services/misc/home-assistant.nix + + + + + ./services/misc/ihaskell.nix + + + + + ./services/misc/logkeys.nix + + + + + ./services/misc/novacomd.nix + + + + + ./services/misc/osrm.nix + + + + + ./services/misc/plexpy.nix + + + + + ./services/misc/pykms.nix + + + + + ./services/misc/tzupdate.nix + + + + + ./services/monitoring/fusion-inventory.nix + + + + + ./services/monitoring/prometheus/exporters.nix + + + + + ./services/network-filesystems/beegfs.nix + + + + + ./services/network-filesystems/davfs2.nix + + + + + ./services/network-filesystems/openafs/client.nix + + + + + ./services/network-filesystems/openafs/server.nix + + + + + ./services/network-filesystems/ceph.nix + + + + + ./services/networking/aria2.nix + + + + + ./services/networking/monero.nix + + + + + ./services/networking/nghttpx/default.nix + + + + + ./services/networking/nixops-dns.nix + + + + + ./services/networking/rxe.nix + + + + + ./services/networking/stunnel.nix + + + + + ./services/web-apps/matomo.nix + + + + + ./services/web-apps/restya-board.nix + + + + + ./services/web-servers/mighttpd2.nix + + + + + ./services/x11/fractalart.nix + + + + + ./system/boot/binfmt.nix + + + + + ./system/boot/grow-partition.nix + + + + + ./tasks/filesystems/ecryptfs.nix + + + + + ./virtualisation/hyperv-guest.nix + + + +
- - ./config/krb5/default.nix - ./hardware/digitalbitbox.nix - ./misc/label.nix - ./programs/ccache.nix - ./programs/criu.nix - ./programs/digitalbitbox/default.nix - ./programs/less.nix - ./programs/npm.nix - ./programs/plotinus.nix - ./programs/rootston.nix - ./programs/systemtap.nix - ./programs/sway.nix - ./programs/udevil.nix - ./programs/way-cooler.nix - ./programs/yabar.nix - ./programs/zsh/zsh-autoenv.nix - ./services/backup/borgbackup.nix - ./services/backup/crashplan-small-business.nix - ./services/desktops/dleyna-renderer.nix - ./services/desktops/dleyna-server.nix - ./services/desktops/pipewire.nix - ./services/desktops/gnome3/chrome-gnome-shell.nix - ./services/desktops/gnome3/tracker-miners.nix - ./services/hardware/fwupd.nix - ./services/hardware/interception-tools.nix - ./services/hardware/u2f.nix - ./services/hardware/usbmuxd.nix - ./services/mail/clamsmtp.nix - ./services/mail/dkimproxy-out.nix - ./services/mail/pfix-srsd.nix - ./services/misc/gitea.nix - ./services/misc/home-assistant.nix - ./services/misc/ihaskell.nix - ./services/misc/logkeys.nix - ./services/misc/novacomd.nix - ./services/misc/osrm.nix - ./services/misc/plexpy.nix - ./services/misc/pykms.nix - ./services/misc/tzupdate.nix - ./services/monitoring/fusion-inventory.nix - ./services/monitoring/prometheus/exporters.nix - ./services/network-filesystems/beegfs.nix - ./services/network-filesystems/davfs2.nix - ./services/network-filesystems/openafs/client.nix - ./services/network-filesystems/openafs/server.nix - ./services/network-filesystems/ceph.nix - ./services/networking/aria2.nix - ./services/networking/monero.nix - ./services/networking/nghttpx/default.nix - ./services/networking/nixops-dns.nix - ./services/networking/rxe.nix - ./services/networking/stunnel.nix - ./services/web-apps/matomo.nix - ./services/web-apps/restya-board.nix - ./services/web-servers/mighttpd2.nix - ./services/x11/fractalart.nix - ./system/boot/binfmt.nix - ./system/boot/grow-partition.nix - ./tasks/filesystems/ecryptfs.nix - ./virtualisation/hyperv-guest.nix - - - -
+ Backward Incompatibilities -Backward Incompatibilities + + When upgrading from a previous release, please be aware of the following + incompatible changes: + -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - + + - sound.enable now defaults to false. + sound.enable now defaults to false. - - + + - Dollar signs in options under are - passed verbatim to Postfix, which will interpret them as the beginning of - a parameter expression. This was already true for string-valued options - in the previous release, but not for list-valued options. If you need to - pass literal dollar signs through Postfix, double them. + Dollar signs in options under are passed + verbatim to Postfix, which will interpret them as the beginning of a + parameter expression. This was already true for string-valued options in + the previous release, but not for list-valued options. If you need to pass + literal dollar signs through Postfix, double them. - - + + - The postage package (for web-based PostgreSQL - administration) has been renamed to pgmanage. The - corresponding module has also been renamed. To migrate please rename all - options to - . + The postage package (for web-based PostgreSQL + administration) has been renamed to pgmanage. The + corresponding module has also been renamed. To migrate please rename all + options to + . - - + + - Package attributes starting with a digit have been prefixed with an - underscore sign. This is to avoid quoting in the configuration and - other issues with command-line tools like nix-env. - The change affects the following packages: - - - 2048-in-terminal_2048-in-terminal - - - 90secondportraits_90secondportraits - - - 2bwm_2bwm - - - 389-ds-base_389-ds-base - - + Package attributes starting with a digit have been prefixed with an + underscore sign. This is to avoid quoting in the configuration and other + issues with command-line tools like nix-env. The change + affects the following packages: + + + + 2048-in-terminal → + _2048-in-terminal + + + + + 90secondportraits → + _90secondportraits + + + + + 2bwm_2bwm + + + + + 389-ds-base_389-ds-base + + + - - + + - - The OpenSSH service no longer enables support for DSA keys by default, - which could cause a system lock out. Update your keys or, unfavorably, - re-enable DSA support manually. - + The OpenSSH service no longer enables support for + DSA keys by default, which could cause a system lock out. Update your keys + or, unfavorably, re-enable DSA support manually. - - DSA support was - deprecated in OpenSSH 7.0, - due to it being too weak. To re-enable support, add - PubkeyAcceptedKeyTypes +ssh-dss to the end of your - . + DSA support was + deprecated in + OpenSSH 7.0, due to it being too weak. To re-enable support, add + PubkeyAcceptedKeyTypes +ssh-dss to the end of your + . - - After updating the keys to be stronger, anyone still on a pre-17.03 - version is safe to jump to 17.03, as vetted - here. + After updating the keys to be stronger, anyone still on a pre-17.03 + version is safe to jump to 17.03, as vetted + here. - - + + - The openssh package - now includes Kerberos support by default; - the openssh_with_kerberos package - is now a deprecated alias. - If you do not want Kerberos support, - you can do openssh.override { withKerberos = false; }. - Note, this also applies to the openssh_hpn package. + The openssh package now includes Kerberos support by + default; the openssh_with_kerberos package is now a + deprecated alias. If you do not want Kerberos support, you can do + openssh.override { withKerberos = false; }. Note, this + also applies to the openssh_hpn package. - - + + - cc-wrapper has been split in two; there is now also a bintools-wrapper. - The most commonly used files in nix-support are now split between the two wrappers. - Some commonly used ones, like nix-support/dynamic-linker, are duplicated for backwards compatability, even though they rightly belong only in bintools-wrapper. - Other more obscure ones are just moved. + cc-wrapper has been split in two; there is now also a + bintools-wrapper. The most commonly used files in + nix-support are now split between the two wrappers. + Some commonly used ones, like + nix-support/dynamic-linker, are duplicated for + backwards compatability, even though they rightly belong only in + bintools-wrapper. Other more obscure ones are just + moved. - - + + - The propagation logic has been changed. - The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual. - - The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what. - In practice, that means that many propagatedNativeBuildInputs should instead be propagatedBuildInputs. - Thankfully, that was and is the least used type of dependency. - Also, it means that some propagatedBuildInputs should instead be depsTargetTargetPropagated. - Other types dependencies should be unaffected. + The propagation logic has been changed. The new logic, along with new + types of dependencies that go with, is thoroughly documented in the + "Specifying dependencies" section of the "Standard Environment" chapter of + the nixpkgs manual. + + The old logic isn't but is easy to describe: dependencies were propagated + as the same type of dependency no matter what. In practice, that means + that many propagatedNativeBuildInputs should instead + be propagatedBuildInputs. Thankfully, that was and is + the least used type of dependency. Also, it means that some + propagatedBuildInputs should instead be + depsTargetTargetPropagated. Other types dependencies + should be unaffected. - - + + - lib.addPassthru drv passthru is removed. Use lib.extendDerivation true passthru drv instead. + lib.addPassthru drv passthru is removed. Use + lib.extendDerivation true passthru drv instead. - - + + - The memcached service no longer accept dynamic socket - paths via . Unix sockets can be - still enabled by and - will be accessible at /run/memcached/memcached.sock. + The memcached service no longer accept dynamic socket + paths via . Unix sockets can be + still enabled by and + will be accessible at /run/memcached/memcached.sock. - - + + - The hardware.amdHybridGraphics.disable option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports. + The hardware.amdHybridGraphics.disable option was + removed for lack of a maintainer. If you still need this module, you may + wish to include a copy of it from an older version of nixos in your + imports. - - + + - The merging of config options for services.postfix.config - was buggy. Previously, if other options in the Postfix module like - services.postfix.useSrs were set and the user set config - options that were also set by such options, the resulting config wouldn't - include all options that were needed. They are now merged correctly. If - config options need to be overridden, lib.mkForce or - lib.mkOverride can be used. + The merging of config options for + services.postfix.config was buggy. Previously, if other + options in the Postfix module like + services.postfix.useSrs were set and the user set + config options that were also set by such options, the resulting config + wouldn't include all options that were needed. They are now merged + correctly. If config options need to be overridden, + lib.mkForce or lib.mkOverride can be + used. - - + + - The following changes apply if the stateVersion is changed to 18.03 or higher. - For stateVersion = "17.09" or lower the old behavior is preserved. + The following changes apply if the stateVersion is + changed to 18.03 or higher. For stateVersion = "17.09" + or lower the old behavior is preserved. - - - matrix-synapse uses postgresql by default instead of sqlite. - Migration instructions can be found here . - - + + + matrix-synapse uses postgresql by default instead of + sqlite. Migration instructions can be found + + here . + + - - + + - The jid package has been removed, due to maintenance - overhead of a go package having non-versioned dependencies. + The jid package has been removed, due to maintenance + overhead of a go package having non-versioned dependencies. - - + + - When using (enabled by default in GNOME), - it now handles all input devices, not just touchpads. As a result, you might need to - re-evaluate any custom Xorg configuration. In particular, - Option "XkbRules" "base" may result in broken keyboard layout. + When using (enabled by default + in GNOME), it now handles all input devices, not just touchpads. As a + result, you might need to re-evaluate any custom Xorg configuration. In + particular, Option "XkbRules" "base" may result in + broken keyboard layout. - - + + - The attic package was removed. A maintained fork called - Borg should be used instead. - Migration instructions can be found - here. + The attic package was removed. A maintained fork called + Borg should be used + instead. Migration instructions can be found + here. - - + + - The Piwik analytics software was renamed to Matomo: - - - The package pkgs.piwik was renamed to pkgs.matomo. - - - The service services.piwik was renamed to services.matomo. - - - - The data directory /var/lib/piwik was renamed to /var/lib/matomo. - All files will be moved automatically on first startup, but you might need to adjust your backup scripts. - - - - - The default for the nginx configuration changed from - piwik.${config.networking.hostName} to - matomo.${config.networking.hostName}.${config.networking.domain} - if is set, - matomo.${config.networking.hostName} if it is not set. - If you change your , remember you'll need to update the - trustedHosts[] array in /var/lib/matomo/config/config.ini.php - as well. - - - - - The piwik user was renamed to matomo. - The service will adjust ownership automatically for files in the data directory. - If you use unix socket authentication, remember to give the new matomo user - access to the database and to change the username to matomo - in the [database] section of /var/lib/matomo/config/config.ini.php. - - - - - If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean, - but this is neither enforced nor required. - - - + The Piwik analytics software was renamed to Matomo: + + + + The package pkgs.piwik was renamed to + pkgs.matomo. + + + + + The service services.piwik was renamed to + services.matomo. + + + + + The data directory /var/lib/piwik was renamed to + /var/lib/matomo. All files will be moved + automatically on first startup, but you might need to adjust your + backup scripts. + + + + + The default for the nginx configuration + changed from piwik.${config.networking.hostName} to + matomo.${config.networking.hostName}.${config.networking.domain} + if is set, + matomo.${config.networking.hostName} if it is not + set. If you change your , remember you'll + need to update the trustedHosts[] array in + /var/lib/matomo/config/config.ini.php as well. + + + + + The piwik user was renamed to + matomo. The service will adjust ownership + automatically for files in the data directory. If you use unix socket + authentication, remember to give the new matomo user + access to the database and to change the username to + matomo in the [database] section + of /var/lib/matomo/config/config.ini.php. + + + + + If you named your database `piwik`, you might want to rename it to + `matomo` to keep things clean, but this is neither enforced nor + required. + + + - - + + - nodejs-4_x is end-of-life. - nodejs-4_x, nodejs-slim-4_x and nodePackages_4_x are removed. + nodejs-4_x is end-of-life. + nodejs-4_x, nodejs-slim-4_x and + nodePackages_4_x are removed. - - + + - The pump.io NixOS module was removed. - It is now maintained as an - external module. + The pump.io NixOS module was removed. It is now + maintained as an + external + module. - - + + - The Prosody XMPP server has received a major update. The following modules were renamed: - - - - is now - - - - - is now - - - + The Prosody XMPP server has received a major update. The following modules + were renamed: + + + + is now + + + + + + is now + + + + + + Many new modules are now core modules, most notably + and + . + + + The better-performing libevent backend is now enabled + by default. + + + withCommunityModules now passes through the modules to + . Use + withOnlyInstalledCommunityModules for modules that + should not be enabled directly, e.g lib_ldap. + + + + + All prometheus exporter modules are now defined as submodules. The + exporters are configured using + services.prometheus.exporters. + + + +
- - Many new modules are now core modules, most notably - and . - - - - The better-performing libevent backend is now enabled by default. - - - - withCommunityModules now passes through the modules to . - Use withOnlyInstalledCommunityModules for modules that should not be enabled directly, e.g lib_ldap. - - - - - All prometheus exporter modules are now defined as submodules. - The exporters are configured using services.prometheus.exporters. - - - - - -
+ Other Notable Changes -Other Notable Changes - - - + + - ZNC option now defaults to - true. That means that old configuration is not - overwritten by default when update to the znc options are made. + ZNC option now defaults to + true. That means that old configuration is not + overwritten by default when update to the znc options are made. - - + + - The option - has been added for wireless networks with WPA-Enterprise authentication. - There is also a new option to directly - configure wpa_supplicant and - to connect to hidden networks. + The option + has been added for wireless networks with WPA-Enterprise authentication. + There is also a new option to directly + configure wpa_supplicant and to + connect to hidden networks. - - + + - In the module the - following options have been removed: - - - - - - - - - - - - - - - - - - To assign static addresses to an interface the options - and - should be used instead. - The options and have been - renamed to - respectively. - The new options and - have been added to set up static routing. + In the module the + following options have been removed: + + + + + + + + + + + + + + + + + + + + + + + + + + + + To assign static addresses to an interface the options + and should + be used instead. The options and + have been renamed to + respectively. The new options + and have been + added to set up static routing. - - + + - The option is now 127.0.0.1 by default. - Previously the default behaviour was to listen on all interfaces. + The option is now + 127.0.0.1 by default. Previously the default behaviour + was to listen on all interfaces. - - + + - services.btrfs.autoScrub has been added, to - periodically check btrfs filesystems for data corruption. - If there's a correct copy available, it will automatically repair - corrupted blocks. + services.btrfs.autoScrub has been added, to + periodically check btrfs filesystems for data corruption. If there's a + correct copy available, it will automatically repair corrupted blocks. - - + + - displayManager.lightdm.greeters.gtk.clock-format. - has been added, the clock format string (as expected by - strftime, e.g. %H:%M) to use with the lightdm - gtk greeter panel. + displayManager.lightdm.greeters.gtk.clock-format. has + been added, the clock format string (as expected by strftime, e.g. + %H:%M) to use with the lightdm gtk greeter panel. - If set to null the default clock format is used. + If set to null the default clock format is used. - - + + - displayManager.lightdm.greeters.gtk.indicators - has been added, a list of allowed indicator modules to use with - the lightdm gtk greeter panel. + displayManager.lightdm.greeters.gtk.indicators has been + added, a list of allowed indicator modules to use with the lightdm gtk + greeter panel. - Built-in indicators include ~a11y, - ~language, ~session, - ~power, ~clock, - ~host, ~spacer. Unity - indicators can be represented by short name - (e.g. sound, power), - service file name, or absolute path. + Built-in indicators include ~a11y, + ~language, ~session, + ~power, ~clock, + ~host, ~spacer. Unity indicators can + be represented by short name (e.g. sound, + power), service file name, or absolute path. - If set to null the default indicators are - used. + If set to null the default indicators are used. - In order to have the previous default configuration add + In order to have the previous default configuration add services.xserver.displayManager.lightdm.greeters.gtk.indicators = [ "~host" "~spacer" @@ -539,24 +829,27 @@ following incompatible changes: "~power" ]; - to your configuration.nix. + to your configuration.nix. - - + + - The NixOS test driver supports user services declared by systemd.user.services. - The methods waitForUnit, getUnitInfo, startJob - and stopJob provide an optional $user argument for that purpose. + The NixOS test driver supports user services declared by + systemd.user.services. The methods + waitForUnit, getUnitInfo, + startJob and stopJob provide an + optional $user argument for that purpose. - - + + - Enabling bash completion on NixOS, programs.bash.enableCompletion, will now also enable - completion for the Nix command line tools by installing the - nix-bash-completions package. + Enabling bash completion on NixOS, + programs.bash.enableCompletion, will now also enable + completion for the Nix command line tools by installing the + nix-bash-completions + package. - - - -
+ + + diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 0743a05ba38..47b54a411ef 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -3,153 +3,158 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-18.09"> + Release 18.09 (“Jellyfish”, 2018/09/??) -Release 18.09 (“Jellyfish”, 2018/09/??) - -
+ Highlights -Highlights + + In addition to numerous new and upgraded packages, this release has the + following highlights: + -In addition to numerous new and upgraded packages, this release -has the following highlights: - - - + + - User channels are now in the default NIX_PATH, - allowing users to use their personal nix-channel - defined channels in nix-build and - nix-shell commands, as well as in imports like - import <mychannel>. + User channels are now in the default NIX_PATH, allowing + users to use their personal nix-channel defined + channels in nix-build and nix-shell + commands, as well as in imports like import + <mychannel>. - For example - + + For example + + $ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable $ nix-channel --update $ nix-build '<nixpkgsunstable>' -A gitFull $ nix run -f '<nixpkgsunstable>' gitFull $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' - - + + +
- -
+ New Services -New Services + + The following new services were added since the last release: + -The following new services were added since the last release: - - - + + - - + + +
- -
+ Backward Incompatibilities -Backward Incompatibilities + + When upgrading from a previous release, please be aware of the following + incompatible changes: + -When upgrading from a previous release, please be aware of the -following incompatible changes: - - - + + - lib.strict is removed. Use builtins.seq instead. + lib.strict is removed. Use + builtins.seq instead. - - + + - The clementine package points now to the free derivation. - clementineFree is removed now and clementineUnfree - points to the package which is bundled with the unfree libspotify package. + The clementine package points now to the free + derivation. clementineFree is removed now and + clementineUnfree points to the package which is bundled + with the unfree libspotify package. - - + + - The netcat package is now taken directly from OpenBSD's - libressl, instead of relying on Debian's fork. The new - version should be very close to the old version, but there are some minor - differences. Importantly, flags like -b, -q, -C, and -Z are no longer - accepted by the nc command. + The netcat package is now taken directly from OpenBSD's + libressl, instead of relying on Debian's fork. The new + version should be very close to the old version, but there are some minor + differences. Importantly, flags like -b, -q, -C, and -Z are no longer + accepted by the nc command. - - + + +
- -
+ Other Notable Changes -Other Notable Changes - - - + + - lib.attrNamesToStr has been deprecated. Use - more specific concatenation (lib.concat(Map)StringsSep) - instead. + lib.attrNamesToStr has been deprecated. Use more + specific concatenation (lib.concat(Map)StringsSep) + instead. - - + + - lib.addErrorContextToAttrs has been deprecated. Use - builtins.addErrorContext directly. + lib.addErrorContextToAttrs has been deprecated. Use + builtins.addErrorContext directly. - - + + - lib.showVal has been deprecated. Use - lib.traceSeqN instead. + lib.showVal has been deprecated. Use + lib.traceSeqN instead. - - + + - lib.traceXMLVal has been deprecated. Use - lib.traceValFn builtins.toXml instead. + lib.traceXMLVal has been deprecated. Use + lib.traceValFn builtins.toXml instead. - - + + - lib.traceXMLValMarked has been deprecated. Use - lib.traceValFn (x: str + builtins.toXML x) instead. + lib.traceXMLValMarked has been deprecated. Use + lib.traceValFn (x: str + builtins.toXML x) instead. - - + + - lib.traceValIfNot has been deprecated. Use - if/then/else and lib.traceValSeq - instead. + lib.traceValIfNot has been deprecated. Use + if/then/else and lib.traceValSeq + instead. - - + + - lib.traceCallXml has been deprecated. Please complain - if you use the function regularly. + lib.traceCallXml has been deprecated. Please complain + if you use the function regularly. - The attribute lib.nixpkgsVersion has been deprecated in favor of - lib.version. Please refer to the discussion in - NixOS/nixpkgs#39416 for further reference. + The attribute lib.nixpkgsVersion has been deprecated in + favor of lib.version. Please refer to the discussion in + NixOS/nixpkgs#39416 + for further reference. - - - -
+ + +