diff options
author | Mikaela Allan <me@mikaela.ca> | 2023-05-03 16:11:45 -0400 |
---|---|---|
committer | Mikaela Allan <me@mikaela.ca> | 2023-05-05 13:36:42 -0400 |
commit | 21b6bec0ff14f55c37a655529d6ad2e81f1c4212 (patch) | |
tree | 14754f355dfb847c5393271e35bfec5853c516ce /nixos/doc | |
parent | 982a15389b13058eb93e46208d0925f19338b776 (diff) | |
download | nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar.gz nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar.bz2 nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar.lz nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar.xz nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.tar.zst nixlib-21b6bec0ff14f55c37a655529d6ad2e81f1c4212.zip |
nixos/config/swap: improve randomEncrytion
* add sector size parameter to swap randomEncryption * add key size parameter to swap randomEncryption * allow deviceName to be overridden for encrypted swap * create test for swap random encryption * update release notes
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 51d8136e203a..25d60402cb97 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -363,6 +363,26 @@ In addition to numerous new and upgraded packages, this release has the followin - `nextcloud` has an option to enable SSE-C in S3. +- NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the + underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so: + + ```nix + { + swapDevices = [ + { + device = "/dev/disk/by-partlabel/swapspace"; + + randomEncryption = { + enable = true; + cipher = "aes-xts-plain64"; + keySize = 512; + sectorSize = 4096; + }; + } + ]; + } + ``` + - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`. Before upgrading, read the release notes for PeerTube: - [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0) |