diff options
Diffstat (limited to 'nixos/doc/manual')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 12 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 29 |
2 files changed, 36 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index b0940391b56b..393a9286ca4f 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -935,8 +935,8 @@ services.dnsmasq.servers = [ "127.0.0.1#43" ]; </listitem> <listitem> <para> - Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organized dependencies the same way as regular builds. - In particular, rather than receiving all the different lists of dependencies master together as one big lists, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. + Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organize dependencies the same way as regular builds. + In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. </para> <para> This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a <varname>buildDepends</varname> or run-time Haskell dependency as a <varname>setupDepends</varname>, whereas things would have worked before they may not work now. @@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root"; As well as this, the options <literal>security.acme.acceptTerms</literal> and either <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> must be set in order to use the ACME module. - Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are - preserved and thus it is possible to roll back to previous versions without breaking certificate - generation. + Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. + In particular private keys will not be preserved. However, the credentials for simp-le are preserved and + thus it is possible to roll back to previous versions without breaking certificate generation. + Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can + have consequences if you embed your public key in apps. </para> </listitem> <listitem> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index e886091d53b0..1cf7c977eeb0 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -45,6 +45,16 @@ make use of these new options instead. </para> </listitem> + <listitem> + <para> + There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. + </para> + </listitem> + <listitem> + <para> + The new <varname>virtualisation.containers</varname> module manages configuration shared by the CRI-O and Podman modules. + </para> + </listitem> </itemizedlist> </section> @@ -261,6 +271,25 @@ environment.systemPackages = [ </programlisting> </para> </listitem> + <listitem> + <para> + The httpd web server previously started its main process as root + privileged, then ran worker processes as a less privileged identity user. + This was changed to start all of httpd as a less privileged user (defined by + <xref linkend="opt-services.httpd.user"/> and + <xref linkend="opt-services.httpd.group"/>). As a consequence, all files that + are needed for httpd to run (included configuration fragments, SSL + certificates and keys, etc.) must now be readable by this less privileged + user/group. + </para> + <para> + The default value for <xref linkend="opt-services.httpd.mpm"/> + has been changed from <literal>prefork</literal> to <literal>event</literal>. Along with + this change the default value for + <link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.http2</link> + has been set to <literal>true</literal>. + </para> + </listitem> </itemizedlist> </section> |