nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-26 00:43:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc/release-notes: Add note about backwards compatibility in ACME module

Browse Source 
Co-authored-by: Stéphan Kochen <git@stephank.nl>
This commit is contained in:
Arian van Putten 2024-06-04 20:07:14 +02:00
parent d1f07e6382
commit f8439331dc
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -429,6 +429,16 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment.
- `security.acme.defaults.server` now has a default value instead of `null`.
This effectively uses the same server, the Let's Encrypt production server,
but makes the default explicit, instead of relying on the Lego default.
A side effect of this is that the directory in which account data is stored
changes and the ACME module will request a new account and new certificates
for all domains. This may cause issues if you pin an `acccounturl` in a CAA
DNS record. To avoid this, you
may set `security.acme.defaults.server = null` to keep the old hashes.
- `security.pam.sshAgentAuth.enable` now requires `services.openssh.authorizedKeysFiles` to be non-empty,
which is the case when `services.openssh.enable` is true. Previously, `pam_ssh_agent_auth` silently failed to work.