NixOS 18.09: Kubernetes Updates, Module Changes, and Deprecations (Continued)

Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). An example usage of this would be: ```nix { config, ... }: { security.dhparams.params.myservice = {}; environment.etc."myservice.conf".text = '' dhparams = ${config.security.dhparams.params.myservice.path} ''; } ``` ::: - `networking.networkmanager.useDnsmasq` has been deprecated. Use `networking.networkmanager.dns` instead. - The Kubernetes package has been bumped to major version 1.11. Please consult the [release notes](https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md) for details on new features and api changes. - The option `services.kubernetes.apiserver.admissionControl` was renamed to `services.kubernetes.apiserver.enableAdmissionPlugins`. - Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) Therefore; public service port for the dashboard has changed to 443 (container port 8443) and scheme to https. - The option `services.kubernetes.apiserver.address` was renamed to `services.kubernetes.apiserver.bindAddress`. Note that the default value has changed from 127.0.0.1 to 0.0.0.0. - The option `services.kubernetes.apiserver.publicAddress` was not used and thus has been removed. - The option `services.kubernetes.addons.dashboard.enableRBAC` was renamed to `services.kubernetes.addons.dashboard.rbac.enable`. - The Kubernetes Dashboard now has only minimal RBAC permissions by default. If dashboard cluster-admin rights are desired, set `services.kubernetes.addons.dashboard.rbac.clusterAdmin` to true. On existing clusters, in order for the revocation of privileges to take effect, the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: `kubectl delete clusterrolebinding kubernetes-dashboard` - The `programs.screen` module provides allows to configure `/etc/screenrc`, however the module behaved fairly counterintuitive as the config exists, but the package wasn't available. Since 18.09 `pkgs.screen` will be added to `environment.systemPackages`. - The module `services.networking.hostapd` now uses WPA2 by default. - `s6Dns`, `s6Networking`, `s6LinuxUtils` and `s6PortableUtils` renamed to `s6-dns`, `s6-networking`, `s6-linux-utils` and `s6-portable-utils` respectively. - The module option `nix.useSandbox` is now defaulted to `true`. - The config activation script of `nixos-rebuild` now [reloads](https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands) all user units for each authenticated user. - The default display manager is now LightDM. To use SLiM set `services.xserver.displayManager.slim.enable` to `true`. - NixOS option descriptions are now automatically broken up into individual paragraphs if the text contains two consecutive newlines, so it's no longer necessary to use `</para><para>` to start a new paragraph. - Top-level `buildPlatform`, `hostPlatform`, and `targetPlatform` in Nixpkgs are deprecated. Please use their equivalents in `stdenv` instead: `stdenv.buildPlatform`, `stdenv.hostPlatform`, and `stdenv.targetPlatform`.

Continuation of NixOS 18.09 changes including Kubernetes updates, such as renaming options (`services.kubernetes.apiserver.admissionControl`, `services.kubernetes.apiserver.address`, `services.kubernetes.addons.dashboard.enableRBAC`), limiting Dashboard RBAC permissions, and updates to module behavior including the automatic addition of `pkgs.screen`, WPA2 as the default for `services.networking.hostapd`, renaming of s6 packages, and enabling `nix.useSandbox` by default. Also includes updates to `nixos-rebuild` activation script, LightDM as the default display manager, changes to NixOS option descriptions, and deprecation of top-level platform attributes in Nixpkgs.