From a874a8a98b5cd197acf9b2a40b71107db3718f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= <mail@nh2.me>
Date: Fri, 30 Apr 2021 19:28:04 +0200
Subject: [PATCH] release notes: Mention wireguard `generatePrivateKeyFile`
 permission changes

---
 nixos/doc/manual/release-notes/rl-2105.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 6e4a9e7114b..4b7d71147b4 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -333,6 +333,17 @@
       <literal>vim</literal> switched to Python 3, dropping all Python 2 support.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     <link linkend="opt-networking.wireguard.interfaces">networking.wireguard.interfaces.&lt;name&gt;.generatePrivateKeyFile</link>,
+     which is off by default, had a <literal>chmod</literal> race condition
+     fixed. As an aside, the parent directory's permissions were widened,
+     and the key files were made owner-writable.
+     This only affects newly created keys.
+     However, if the exact permissions are important for your setup, read
+     <link xlink:href="https://github.com/NixOS/nixpkgs/pull/121294">#121294</link>.
+    </para>
+   </listitem>
    <listitem>
      <para>
       <link linkend="opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link>