dhcpcd: bring back enablePrivSep option, nixos/release-notes: remove duplicate note (#347578)

- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.

- `services.dhcpcd` is now started with additional systemd sandbox/hardening options for better security. When using `networking.dhcpcd.runHook` these settings are not applied.

- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.

- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations.

, runtimeShellPackage

, runtimeShell

, nixosTests

, enablePrivSep ? false

}:

stdenv.mkDerivation rec {

    "--localstatedir=/var"

    "--disable-privsep"

    "--dbdir=/var/lib/dhcpcd"

  ];

    (lib.enableFeature enablePrivSep "privsep")

  ] ++ lib.optional enablePrivSep "--privsepuser=dhcpcd";

  makeFlags = [ "PREFIX=${placeholder "out"}" ];