Home Explore Blog CI



nixpkgs
5th chunk of `nixos/doc/manual/release-notes/rl-1809.section.md`
f3ecd47f82e99544c92ce1a92685a8ad5c359ba151e491cf00000001000009b7
  This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays.

- `lib.traceValIfNot` has been deprecated. Use `if/then/else` and `lib.traceValSeq` instead.

- `lib.traceCallXml` has been deprecated. Please complain if you use the function regularly.

- The attribute `lib.nixpkgsVersion` has been deprecated in favor of `lib.version`. Please refer to the discussion in [NixOS/nixpkgs\#39416](https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745) for further reference.

- `lib.recursiveUpdateUntil` was not acting according to its specification. It has been fixed to act according to the docstring, and a test has been added.

- The module for `security.dhparams` has two new options now:

  `security.dhparams.stateless`

  : Puts the generated Diffie-Hellman parameters into the Nix store instead of managing them in a stateful manner in `/var/lib/dhparams`.

  `security.dhparams.defaultBitSize`

  : The default bit size to use for the generated Diffie-Hellman parameters.

  ::: {.note}
  The path to the actual generated parameter files should now be queried using `config.security.dhparams.params.name.path` because it might be either in the Nix store or in a directory configured by `security.dhparams.path`.
  :::

  ::: {.note}
  **For developers:**

  Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048).

  An example usage of this would be:

  ```nix
  { config, ... }:

  {
    security.dhparams.params.myservice = {};
    environment.etc."myservice.conf".text = ''
      dhparams = ${config.security.dhparams.params.myservice.path}
    '';
  }
  ```

  :::

- `networking.networkmanager.useDnsmasq` has been deprecated. Use `networking.networkmanager.dns` instead.

- The Kubernetes package has been bumped to major version 1.11. Please consult the [release notes](https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md) for details on new features and api changes.

- The option `services.kubernetes.apiserver.admissionControl` was renamed to `services.kubernetes.apiserver.enableAdmissionPlugins`.

- Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS) Therefore; public service port for the dashboard has changed to 443 (container port 8443) and scheme to https.
Title: NixOS 18.09: Further Deprecations, Security Updates, and Kubernetes Changes
Summary
This section details further changes in NixOS 18.09, including the deprecation of `lib.traceValIfNot` and `lib.traceCallXml`, the replacement of `lib.nixpkgsVersion` with `lib.version`, and a fix to `lib.recursiveUpdateUntil`. It also introduces new options for `security.dhparams`, deprecates `networking.networkmanager.useDnsmasq`, and updates the Kubernetes package to version 1.11 with associated changes to its API and configuration options. The recommended access to the Kubernetes Dashboard is now via HTTPS on port 443.