From 2bde9aa8f814c016e2ba9d2decb16b5e5cf14db9 Mon Sep 17 00:00:00 2001 From: David Knaack Date: Sun, 31 Mar 2024 16:11:40 +0200 Subject: [PATCH] nixos/kavita: document new `tokenKeyFile` requirements --- nixos/doc/manual/release-notes/rl-2405.section.md | 3 ++- nixos/modules/services/web-apps/kavita.nix | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index d9e066ffad61..3519f08a389a 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -468,7 +468,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `services.kavita` now uses the freeform option `services.kavita.settings` for the application settings file. The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses` - and `services.kavita.settings.IpAddresses`. + and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with + 512+ bits instead of 128+ bits. - The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. diff --git a/nixos/modules/services/web-apps/kavita.nix b/nixos/modules/services/web-apps/kavita.nix index c90697bcfa8b..81b8edc5e006 100644 --- a/nixos/modules/services/web-apps/kavita.nix +++ b/nixos/modules/services/web-apps/kavita.nix @@ -34,8 +34,8 @@ in tokenKeyFile = lib.mkOption { type = lib.types.path; description = lib.mdDoc '' - A file containing the TokenKey, a secret with at 128+ bits. - It can be generated with `head -c 32 /dev/urandom | base64`. + A file containing the TokenKey, a secret with at 512+ bits. + It can be generated with `head -c 64 /dev/urandom | base64 --wrap=0`. ''; };