From 3a17a9b05eec0189d82ebb84f327f386727474cd Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Sat, 7 Nov 2020 02:33:03 +0100
Subject: [PATCH] nixos/docs: add uWSGI changes to the relase notes

---
 nixos/doc/manual/release-notes/rl-2103.xml | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index 05daca1d710..68d98ffad5e 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -176,6 +176,30 @@
        with <literal>mkfs.xfs -m reflink=0</literal>.
      </para>
    </listitem>
+   <listitem>
+    <para>
+      The uWSGI server is now built with POSIX capabilities. As a consequence,
+      root is no longer required in emperor mode and the service defaults to
+      running as the unprivileged <literal>uwsgi</literal> user. Any additional
+      capability can be added via the new option
+      <xref linkend="opt-services.uwsgi.capabilities"/>.
+      The previous behaviour can be restored by setting:
+<programlisting>
+  <xref linkend="opt-services.uwsgi.user"/> = "root";
+  <xref linkend="opt-services.uwsgi.group"/> = "root";
+  <xref linkend="opt-services.uwsgi.instance"/> =
+    {
+      uid = "uwsgi";
+      gid = "uwsgi";
+    };
+</programlisting>
+    </para>
+    <para>
+      Another incompatibility from the previous release is that vassals running under a
+      different user or group need to use <literal>immediate-{uid,gid}</literal>
+      instead of the usual <literal>uid,gid</literal> options.
+    </para>
+   </listitem>
    <listitem>
     <para>
     <package>btc1</package> has been abandoned upstream, and removed.