nixos/acme: Update release notes

This commit is contained in:
Lucas Savva 2021-12-04 17:32:17 +00:00
parent 377c6bcefc
commit 07c1583309
No known key found for this signature in database
GPG Key ID: E4EC5BF2E2F116A2
2 changed files with 36 additions and 1 deletions

View File

@ -14,7 +14,17 @@
</itemizedlist>
<section xml:id="sec-release-22.05-highlights">
<title>Highlights</title>
<itemizedlist spacing="compact">
<itemizedlist>
<listitem>
<para>
<literal>security.acme.defaults</literal> has been added to
simplify configuring settings for many certificates at once.
This also opens up the the option to use DNS-01 validation
when using <literal>enableACME</literal> on web server virtual
hosts (e.g.
<literal>services.nginx.virtualHosts.*.enableACME</literal>).
</para>
</listitem>
<listitem>
<para>
PHP 8.1 is now available
@ -180,6 +190,20 @@
using this default will print a warning when rebuilt.
</para>
</listitem>
<listitem>
<para>
<literal>security.acme</literal> certificates will now
correctly check for CA revokation before reaching their
minimum age.
</para>
</listitem>
<listitem>
<para>
Removing domains from
<literal>security.acme.certs._name_.extraDomainNames</literal>
will now correctly remove those domains during rebuild/renew.
</para>
</listitem>
<listitem>
<para>
The option

View File

@ -6,6 +6,11 @@ In addition to numerous new and upgraded packages, this release has the followin
## Highlights {#sec-release-22.05-highlights}
- `security.acme.defaults` has been added to simplify configuring
settings for many certificates at once. This also opens up the
the option to use DNS-01 validation when using `enableACME` on
web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`).
- PHP 8.1 is now available
## New Services {#sec-release-22.05-new-services}
@ -73,6 +78,12 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
Configurations using this default will print a warning when rebuilt.
- `security.acme` certificates will now correctly check for CA
revokation before reaching their minimum age.
- Removing domains from `security.acme.certs._name_.extraDomainNames`
will now correctly remove those domains during rebuild/renew.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from