diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index 01f113198eb..5845cc48c54 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -885,6 +885,17 @@ php.override {
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
+
+ Nginx is also started with the systemd option ProtectHome = mkDefault true;
+ which forbids it to read anything from /home, /root
+ and /run/user (see
+ ProtectHome docs
+ for details).
+ If you require serving files from home directories, you may choose to set e.g.
+
+systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
+
+