From 2f845dccbf525cbf79ac64629e9eb932f56dc86f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 8 Nov 2020 16:58:58 +0100 Subject: manual: nginx: Mention ProtectHome in release notes. See #85567. See https://github.com/NixOS/nixpkgs/pull/85567#pullrequestreview-525820684 --- nixos/doc/manual/release-notes/rl-2009.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'nixos/doc/manual/release-notes/rl-2009.xml') diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 01f113198eb9..5845cc48c545 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -885,6 +885,17 @@ php.override { systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; + + Nginx is also started with the systemd option ProtectHome = mkDefault true; + which forbids it to read anything from /home, /root + and /run/user (see + ProtectHome docs + for details). + If you require serving files from home directories, you may choose to set e.g. + +systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; + + -- cgit v1.2.3 From 2e7b320931a1bf2a8b7f1dd2f2ee4343a8dc0847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 8 Nov 2020 17:55:11 +0100 Subject: manual: nginx: Remove reference to `stateDir` from release notes. Fixes #102211. Fixed wording taken from: https://github.com/NixOS/nixpkgs/issues/102211#issuecomment-719976230 --- nixos/doc/manual/release-notes/rl-2009.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/doc/manual/release-notes/rl-2009.xml') diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 5845cc48c545..75c8adbf45ed 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -879,7 +879,7 @@ php.override { Nginx web server now starting with additional sandbox/hardening options. By default, write access - to services.nginx.stateDir is allowed. To allow writing to other folders, + to /var/log/nginx and /var/cache/nginx is allowed. To allow writing to other folders, use systemd.services.nginx.serviceConfig.ReadWritePaths systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; -- cgit v1.2.3 From f72a3142f07352b326906a2cd609e311d77ef555 Mon Sep 17 00:00:00 2001 From: Scott Worley Date: Wed, 11 Nov 2020 11:27:46 -0800 Subject: doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo Since https://github.com/NixOS/nixos-channel-scripts/commit/7c442a2f67c77344a71e5aae7e4cd2a1554420a9 for https://github.com/NixOS/nixpkgs/issues/99257 --- nixos/doc/manual/release-notes/rl-2009.xml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'nixos/doc/manual/release-notes/rl-2009.xml') diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 75c8adbf45ed..75358835baa9 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -234,7 +234,17 @@ - + + + Starting with this release, the hydra-build-result + nixos-YY.MM + branches no longer exist in the deprecated + nixpkgs-channels repository. These branches are now in + the main nixpkgs + repository. + + -- cgit v1.2.3 From 31051812bc4117d394966f5df240de531a747809 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 11 Nov 2020 10:26:18 +1000 Subject: nixos/doc/*: fix indentation --- nixos/doc/manual/release-notes/rl-2009.xml | 48 +++++++++++++++--------------- 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'nixos/doc/manual/release-notes/rl-2009.xml') diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 75c8adbf45ed..881a95a78225 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -1593,30 +1593,30 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0"; Agda has been heavily reworked. - - - agda.mkDerivation has been heavily changed and - is now located at agdaPackages.mkDerivation. - - - - - New top-level packages agda and - agda.withPackages have been added, the second - of which sets up agda with access to chosen libraries. - - - - - All agda libraries now live under - agdaPackages. - - - - - Many broken libraries have been removed. - - + + + agda.mkDerivation has been heavily changed and + is now located at agdaPackages.mkDerivation. + + + + + New top-level packages agda and + agda.withPackages have been added, the second + of which sets up agda with access to chosen libraries. + + + + + All agda libraries now live under + agdaPackages. + + + + + Many broken libraries have been removed. + + See the new -- cgit v1.2.3