nixos/vaultwarden: harden systemd unit

Drops the capability to bind to privileged ports.
author: Martin Weinelt <hexa@darmstadt.ccc.de> 2024-06-11 02:42:39 +0200
committer: Sandro Jäckel <sandro.jaeckel@gmail.com> 2024-06-16 01:33:12 +0200
commit: be53df7236663eda1fc4fed4461813289872745c (patch)
tree: 77a62ede9858390238d543257f026e832299f80b /nixos/doc/manual/release-notes
parent: d8c8faf8c3966456d63794e7d4685def105d36f9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index 7777df071b182..077712be52e0c 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -35,6 +35,10 @@
 
 - `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead.
 
+- `vaultwarden` lost the capability to bind to privileged ports. If you rely on
+   this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in
+   your local configuration.
+
 - The Invoiceplane module now only accepts the structured `settings` option.
   `extraConfig` is now removed.
author	Martin Weinelt <hexa@darmstadt.ccc.de>	2024-06-11 02:42:39 +0200
committer	Sandro Jäckel <sandro.jaeckel@gmail.com>	2024-06-16 01:33:12 +0200
commit	be53df7236663eda1fc4fed4461813289872745c (patch)
tree	77a62ede9858390238d543257f026e832299f80b /nixos/doc/manual/release-notes
parent	d8c8faf8c3966456d63794e7d4685def105d36f9 (diff)