about summary refs log tree commit diff
path: root/nixos/doc/manual/release-notes/rl-1909.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-1909.xml')
-rw-r--r--nixos/doc/manual/release-notes/rl-1909.xml106
1 files changed, 85 insertions, 21 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml
index 6493bb9959675..560b319851761 100644
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -48,6 +48,15 @@
      To gain root privileges use <literal>sudo -i</literal> without a password.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      We've updated to Xfce 4.14, which brings a new module <option>services.xserver.desktopManager.xfce4-14</option>.
+      If you'd like to upgrade, please switch from the <option>services.xserver.desktopManager.xfce</option> module as it
+      will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support
+      <option>thunarPlugins</option> and it isn't recommended to use <option>services.xserver.desktopManager.xfce</option>
+      and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 
@@ -291,6 +300,55 @@
        configuration while being better type-checked and mergeable.
      </para>
    </listitem>
+   <listitem>
+    <para>
+     No service depends on <literal>keys.target</literal> anymore which is a systemd
+     target that indicates if all <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps keys</link> were successfully uploaded.
+     Instead, <literal>&lt;key-name&gt;-key.service</literal> should be used to define
+     a dependency of a key in a service. The full issue behind the <literal>keys.target</literal>
+     dependency is described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>.
+    </para>
+    <para>
+     The following services are affected by this:
+     <itemizedlist>
+      <listitem><para><link linkend="opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.nsd.enable"><literal>services.nsd</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.softether.enable"><literal>services.softether</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.strongswan.enable"><literal>services.strongswan</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.httpd.enable"><literal>services.httpd</literal></link></para></listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+     <para>
+       The <option>security.acme.directory</option> option has been replaced by a read-only <option>security.acme.certs.&lt;cert&gt;.directory</option> option for each certificate you define. This will be
+       a subdirectory of <literal>/var/lib/acme</literal>. You can use this read-only option to figure out where the certificates are stored for a specific certificate. For example,
+       the <option>services.nginx.virtualhosts.&lt;name&gt;.enableACME</option>  option will use this directory option to find the certs for the virtual host.
+     </para>
+     <para>
+       <option>security.acme.preDelay</option> and <option>security.acme.activationDelay</option> options have been removed. To execute a service before certificates
+       are provisioned or renewed add a <literal>RequiredBy=acme-${cert}.service</literal> to any service.
+     </para>
+     <para>
+       Furthermore, the acme module will not automatically add a dependency on <literal>lighttpd.service</literal> anymore. If you are using certficates provided by letsencrypt
+       for lighttpd, then you should depend on the certificate service <literal>acme-${cert}.service></literal> manually.
+     </para>
+     <para>
+       For nginx, the dependencies are still automatically managed when <option>services.nginx.virtualhosts.&lt;name&gt;.enableACME</option> is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs,
+       instead of depending on the catch-all <literal>acme-certificates.target</literal>. This target unit was also removed from the codebase.
+       This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal
+       ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at
+        <link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>.
+     </para>
+   </listitem>
+   <listitem>
+     <para>
+       The old deprecated <literal>emacs</literal> package sets have been dropped.
+       What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
+     </para>
+   </listitem>
+
   </itemizedlist>
  </section>
 
@@ -506,27 +564,33 @@
       <option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>.
     </para>
    </listitem>
-  <listitem>
-   <para>
-    <literal>systemd.packages</literal> option now also supports generators and
-    shutdown scripts. Old <literal>systemd.generator-packages</literal> option has
-    been removed.
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
-    Use <literal>rspamd</literal> in proxy mode instead.
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-     systemd cgroup accounting via the
-     <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link>
-     option is now enabled by default. It now also enables the more recent Block IO and IP accounting
-     features.
-   </para>
-  </listitem>
+   <listitem>
+    <para>
+     <literal>systemd.packages</literal> option now also supports generators and
+     shutdown scripts. Old <literal>systemd.generator-packages</literal> option has
+     been removed.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
+     Use <literal>rspamd</literal> in proxy mode instead.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+      systemd cgroup accounting via the
+      <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link>
+      option is now enabled by default. It now also enables the more recent Block IO and IP accounting
+      features.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     We no longer enable custom font rendering settings with <option>fonts.fontconfig.penultimate.enable</option> by default.
+     The defaults from fontconfig are sufficient.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-08 15:37:03 +0000