diff options
author | Morgan Jones <me@numin.it> | 2022-12-28 19:48:59 -0800 |
---|---|---|
committer | Morgan Jones <me@numin.it> | 2023-02-04 16:24:45 -0800 |
commit | 90581c977ff1dc2442a79fd9d173ae1e307f6e53 (patch) | |
tree | e68e7be619006213ac9913bfaa12a053dbdd73b5 /nixos/doc/manual/from_md/release-notes | |
parent | 9f7227625987ef43f6881ea8905c85f02f057da6 (diff) | |
download | nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar.gz nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar.bz2 nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar.lz nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar.xz nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.tar.zst nixpkgs-90581c977ff1dc2442a79fd9d173ae1e307f6e53.zip |
nixos/nebula: don't run as root; support relays
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 2fd0d01abef..4ab4f6aab5d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -414,6 +414,16 @@ </listitem> <listitem> <para> + Nebula now runs as a system user and group created for each + nebula network, using the <literal>CAP_NET_ADMIN</literal> + ambient capability on launch rather than starting as root. + Ensure that any files each Nebula instance needs to access are + owned by the correct user and group, by default + <literal>nebula-${networkName}</literal>. + </para> + </listitem> + <listitem> + <para> In <literal>mastodon</literal> it is now necessary to specify location of file with <literal>PostgreSQL</literal> database password. In @@ -796,6 +806,18 @@ </listitem> <listitem> <para> + Nebula now supports the + <literal>services.nebula.networks.<name>.isRelay</literal> + and + <literal>services.nebula.networks.<name>.relays</literal> + configuration options for setting up or allowing traffic + relaying. See the + <link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link> + for more details about relays. + </para> + </listitem> + <listitem> + <para> <literal>hip</literal> has been separated into <literal>hip</literal>, <literal>hip-common</literal> and <literal>hipcc</literal>. |