nixos/config/swap: improve randomEncrytion

  * add sector size parameter to swap randomEncryption
  * add key size parameter to swap randomEncryption
  * allow deviceName to be overridden for encrypted swap
  * create test for swap random encryption
  * update release notes

1 files changed, 20 insertions, 0 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md
index 51d8136e203a..25d60402cb97 100644
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@@ -363,6 +363,26 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - `nextcloud` has an option to enable SSE-C in S3.
 
+- NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the
+  underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so:
+
+  ```nix
+  {
+    swapDevices = [
+      {
+        device = "/dev/disk/by-partlabel/swapspace";
+
+        randomEncryption = {
+          enable = true;
+          cipher = "aes-xts-plain64";
+          keySize = 512;
+          sectorSize = 4096;
+        };
+      }
+    ];
+  }
+  ```
+
 - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`.
   Before upgrading, read the release notes for PeerTube:
     - [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0)