diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2003.xml')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index d7614cd3488..31f08d9da34 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -440,15 +440,19 @@ users.users.me = </listitem> <listitem> <para> - The <link linkend="opt-services.buildkite-agent.enable">Buildkite Agent</link> - module and corresponding packages have been updated to 3.x. - While doing so, the following options have been changed: + The <link linkend="opt-services.buildkite-agents">Buildkite + Agent</link> module and corresponding packages have been updated to + 3.x, and to support multiple instances of the agent running at the + same time. This means you will have to rename + <literal>services.buildkite-agent</literal> to + <literal>services.buildkite-agents.<name></literal>. Furthermore, + the following options have been changed: </para> <itemizedlist> <listitem> <para> <literal>services.buildkite-agent.meta-data</literal> has been renamed to - <link linkend="opt-services.buildkite-agent.tags">services.buildkite-agent.tags</link>, + <link linkend="opt-services.buildkite-agents">services.buildkite-agents.<name>.tags</link>, to match upstreams naming for 3.x. Its type has also changed - it now accepts an attrset of strings. </para> @@ -464,13 +468,13 @@ users.users.me = <para> <literal>services.buildkite-agent.openssh.privateKeyPath</literal> has been renamed to - <link linkend="opt-services.buildkite-agent.privateSshKeyPath">buildkite-agent.privateSshKeyPath</link>, + <link linkend="opt-services.buildkite-agents">buildkite-agents.<name>.privateSshKeyPath</link>, as the whole <literal>openssh</literal> now only contained that single option. </para> </listitem> <listitem> <para> - <link linkend="opt-services.buildkite-agent.shell">services.buildkite-agent.shell</link> + <link linkend="opt-services.buildkite-agents">services.buildkite-agents.<name>.shell</link> has been introduced, allowing to specify a custom shell to be used. </para> </listitem> @@ -621,6 +625,12 @@ auth required pam_succeed_if.so uid >= 1000 quiet to a fairly old snapshot from the <package>gcc7</package>-branch. </para> </listitem> + <listitem> + <para> + The <citerefentry><refentrytitle>nixos-build-vms</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>-script now uses the python test-driver. + </para> + </listitem> </itemizedlist> </section> @@ -661,7 +671,23 @@ auth required pam_succeed_if.so uid >= 1000 quiet now uses the short rather than full version string. </para> </listitem> - <listitem> + <listitem> + <para> + The ACME module has switched from simp-le to <link xlink:href="https://github.com/go-acme/lego">lego</link> + which allows us to support DNS-01 challenges and wildcard certificates. The following options have been added: + <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsProvider</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.credentialsFile</link>, + <link linkend="opt-security.acme.certs">security.acme.certs.<name>.dnsPropagationCheck</link>. + As well as this, the options <literal>security.acme.acceptTerms</literal> and either + <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> + must be set in order to use the ACME module. + Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are + preserved and thus it is possible to roll back to previous versions without breaking certificate + generation. + </para> + </listitem> + <listitem> <para> It is now possible to unlock LUKS-Encrypted file systems using a FIDO2 token via <option>boot.initrd.luks.fido2Support</option>. |