the initial change was already made ad hoc in 10a75ab, in response to the recently introduced enforced redirects mapping that is supposed to keep stable URLs.
due to the redirect mechanism's current limitation to locations within
the same site (that is, either the Nixpkgs xor the NixOS manual), and
the observation that noteworthy Nixpkgs changes tend to be
self-contained, it seemed reasonable to introduce a seperate release
notes document. it also has the advantage that users of only Nixpkgs
don't have to deal with release notes that are only relevant for NixOS.
the original change was already lossless for NixOS users, since the
Nixpkgs release notes are appended to the NixOS release notes.
this change moves the pre-existing Nixpkgs notes to the new dedicated page.
Co-authored-by: Gagarin Valentin Gagarin <valentin@gagarin.work>
Previously, `http://` scheme was hard coded into the caddy config if
`webserver = "caddy"` was chosen. This is fine for local testing, but is
problematic if you want your nixos host to be public facing.
In the public facing case, you generally want to be using TLS. But since
the wordpress module generates the caddyfile rule, the user's nixos
config cannot easily change it to also allow https.
An alternative would be to reverse proxy an https rule to the generated
http rule, but that's somewhat questionable as there's not an internal
http endpoint to proxy to. It might be possible but I couldn't figure
it out.
So simplify by omitting the scheme. This causes caddy to use https by
default and 301 redirect any http requests to the https endpoint. Caddy
will just do the right thing if it's being hosted on a local/internal
hostname (self sign certificates).
This should be backwards compatible with previous default if users are
using reasonable browsers/tools.
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Previously, this option was supposed to be a file of the form
`CLOUDFLARE_API_TOKEN=...`, which has a few problems:
- That's not an api token. It's an env file fit for passing to systemd's
`EnvironmentFile` option. The user could typo the variable name, or
intentionally/unintentionally include unrelated environment variables.
- It's not how secret files usually work in NixOS. Secret files are
usually just the secret, and don't leak details about how the secret
is passed to the service.
- This increases friction for people switching between cloudflare dyndns
services, such as `services.cloudflare-dyndns` and
`services.cfdyndns`, which both have a `apiToken` option, but (before
this change) with different semantics.
