From a8b7372380725af56c213cdb01893640d5097c16 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 7 May 2018 05:02:41 +0200 Subject: [PATCH] nixos: Add release notes about dhparams changes This is not only to make users aware of the changes but also to give a heads up to developers which are using the module. Specifically if they rely on security.dhparams.path only. Signed-off-by: aszlig --- nixos/doc/manual/release-notes/rl-1809.xml | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 61f9ec8ba995..acf9db8f3e3f 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -77,7 +77,57 @@ following incompatible changes: + The module for has two new options + now: + + + + + + Puts the generated Diffie-Hellman parameters into the Nix store + instead of managing them in a stateful manner in + /var/lib/dhparams. + + + + + + The default bit size to use for the generated Diffie-Hellman + parameters. + + + + + + The path to the actual generated parameter files should now be queried + using + config.security.dhparams.params.name.path + because it might be either in the Nix store or in a directory configured + by . + + + + For developers: + + Module implementers should not set a specific bit size in order to let + users configure it by themselves if they want to have a different bit + size than the default (2048). + + + An example usage of this would be: + +{ config, ... }: + +{ + security.dhparams.params.myservice = {}; + environment.etc."myservice.conf".text = '' + dhparams = ${config.security.dhparams.params.myservice.path} + ''; +} + + +