diff options
| author | aszlig <aszlig@nix.build> | 2018-05-07 05:02:41 +0200 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2018-05-07 05:02:41 +0200 |
| commit | a8b7372380725af56c213cdb01893640d5097c16 (patch) | |
| tree | b66c163a2fa41af06c9efe2ca57b8a8ee583b302 | |
| parent | 81fc2c35097f81ecb29a576148486cc1ce5a5bcc (diff) | |
| download | nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar.gz nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar.bz2 nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar.lz nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar.xz nixlib-a8b7372380725af56c213cdb01893640d5097c16.tar.zst nixlib-a8b7372380725af56c213cdb01893640d5097c16.zip | |
nixos: Add release notes about dhparams changes
This is not only to make users aware of the changes but also to give a heads up to developers which are using the module. Specifically if they rely on security.dhparams.path only. Signed-off-by: aszlig <aszlig@nix.build>
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1809.xml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 61f9ec8ba995..acf9db8f3e3f 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -77,7 +77,57 @@ following incompatible changes:</para> <itemizedlist> <listitem> <para> + The module for <option>security.dhparams</option> has two new options + now: </para> + + <variablelist> + <varlistentry> + <term><option>security.dhparams.stateless</option></term> + <listitem><para> + Puts the generated Diffie-Hellman parameters into the Nix store + instead of managing them in a stateful manner in + <filename class="directory">/var/lib/dhparams</filename>. + </para></listitem> + </varlistentry> + <varlistentry> + <term><option>security.dhparams.defaultBitSize</option></term> + <listitem><para> + The default bit size to use for the generated Diffie-Hellman + parameters. + </para></listitem> + </varlistentry> + </variablelist> + + <note><para> + The path to the actual generated parameter files should now be queried + using + <literal>config.security.dhparams.params.<replaceable>name</replaceable>.path</literal> + because it might be either in the Nix store or in a directory configured + by <option>security.dhparams.path</option>. + </para></note> + + <note> + <title>For developers:</title> + <para> + Module implementers should not set a specific bit size in order to let + users configure it by themselves if they want to have a different bit + size than the default (2048). + </para> + <para> + An example usage of this would be: +<programlisting> +{ config, ... }: + +{ + security.dhparams.params.myservice = {}; + environment.etc."myservice.conf".text = '' + dhparams = ${config.security.dhparams.params.myservice.path} + ''; +} +</programlisting> + </para> + </note> </listitem> </itemizedlist> |