mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 09:53:10 +00:00
nixos: Add release notes about dhparams changes
This is not only to make users aware of the changes but also to give a heads up to developers which are using the module. Specifically if they rely on security.dhparams.path only. Signed-off-by: aszlig <aszlig@nix.build>
This commit is contained in:
parent
81fc2c3509
commit
a8b7372380
@ -77,7 +77,57 @@ following incompatible changes:</para>
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
|
The module for <option>security.dhparams</option> has two new options
|
||||||
|
now:
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>security.dhparams.stateless</option></term>
|
||||||
|
<listitem><para>
|
||||||
|
Puts the generated Diffie-Hellman parameters into the Nix store
|
||||||
|
instead of managing them in a stateful manner in
|
||||||
|
<filename class="directory">/var/lib/dhparams</filename>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>security.dhparams.defaultBitSize</option></term>
|
||||||
|
<listitem><para>
|
||||||
|
The default bit size to use for the generated Diffie-Hellman
|
||||||
|
parameters.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
<note><para>
|
||||||
|
The path to the actual generated parameter files should now be queried
|
||||||
|
using
|
||||||
|
<literal>config.security.dhparams.params.<replaceable>name</replaceable>.path</literal>
|
||||||
|
because it might be either in the Nix store or in a directory configured
|
||||||
|
by <option>security.dhparams.path</option>.
|
||||||
|
</para></note>
|
||||||
|
|
||||||
|
<note>
|
||||||
|
<title>For developers:</title>
|
||||||
|
<para>
|
||||||
|
Module implementers should not set a specific bit size in order to let
|
||||||
|
users configure it by themselves if they want to have a different bit
|
||||||
|
size than the default (2048).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
An example usage of this would be:
|
||||||
|
<programlisting>
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.dhparams.params.myservice = {};
|
||||||
|
environment.etc."myservice.conf".text = ''
|
||||||
|
dhparams = ${config.security.dhparams.params.myservice.path}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</note>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user