nixos/acme: Update release notes

3 years ago · 07c1583309
parent 377c6bcefc
commit 07c1583309
2 changed files with 36 additions and 1 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -14,7 +14,17 @@
  </itemizedlist>
  <section xml:id="sec-release-22.05-highlights">
    <title>Highlights</title>
-    <itemizedlist spacing="compact">
+    <itemizedlist>
+      <listitem>
+        <para>
+          <literal>security.acme.defaults</literal> has been added to
+          simplify configuring settings for many certificates at once.
+          This also opens up the the option to use DNS-01 validation
+          when using <literal>enableACME</literal> on web server virtual
+          hosts (e.g.
+          <literal>services.nginx.virtualHosts.*.enableACME</literal>).
+        </para>
+      </listitem>
      <listitem>
        <para>
          PHP 8.1 is now available
@ -180,6 +190,20 @@
          using this default will print a warning when rebuilt.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <literal>security.acme</literal> certificates will now
+          correctly check for CA revokation before reaching their
+          minimum age.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Removing domains from
+          <literal>security.acme.certs._name_.extraDomainNames</literal>
+          will now correctly remove those domains during rebuild/renew.
+        </para>
+      </listitem>
      <listitem>
        <para>
          The option
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -6,6 +6,11 @@ In addition to numerous new and upgraded packages, this release has the followin

 ## Highlights {#sec-release-22.05-highlights}

+- `security.acme.defaults` has been added to simplify configuring
+  settings for many certificates at once. This also opens up the
+  the option to use DNS-01 validation when using `enableACME` on
+  web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`).
+
 - PHP 8.1 is now available

 ## New Services {#sec-release-22.05-new-services}
@ -73,6 +78,12 @@ In addition to numerous new and upgraded packages, this release has the followin
 - The `services.unifi.openPorts` option default value of `true` is now deprecated and will be changed to `false` in 22.11.
  Configurations using this default will print a warning when rebuilt.

+- `security.acme` certificates will now correctly check for CA
+  revokation before reaching their minimum age.
+
+- Removing domains from `security.acme.certs._name_.extraDomainNames`
+  will now correctly remove those domains during rebuild/renew.
+
 - The option
  [services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
  added, decoupling the setting of `SSH_ASKPASS` from