Release 2021_026 (2021-08-09)

NixOS 21.05 is our default platform version starting with this release. 21.05 will be used for new VMs created via the self-service UI at my.flyingcircus.io.

Impact

  • [NixOS 21.05] Most services will be restarted due to a core dependency update. VMs will schedule a reboot to activate the new kernel version.

NixOS 21.05 platform

  • Mailserver: merge in upstream updates for nixos-mailserver (#PL-129997).

  • Mailserver: The domains option now allows switching off mail client autoconfiguration per domain and setting the primary domain. The old config style of just specifying a list of domain names is still supported but should be converted to the new form. See the mailserver role documentation for details (#PL-130003).

  • Mailserver: make roundcube (webmail) listen on frontend network interface only (#PL-130021).

  • external_net/openvpn: remove deprecated cipher option in server and generated client config (#PL-129937).

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-130014):

    • containerd: 1.5.1 -> 1.5.2

    • docker: 20.10.2 -> 20.10.7, bump runc to 1.0-rc95, fixing CVE-2021-30465

    • exif: add patches for CVE-2021-27815

    • fetchmail: 6.4.16 -> 6.4.20 (CVE-2021-36386)

    • imagemagick6: 6.9.12-17 -> 6.9.12-19

    • imagemagick: 7.1.0-2 -> 7.1.0-4

    • libgcrypt: 1.9.2 -> 1.9.3

    • linux: 5.10.50 -> 5.10.52

    • matrix-synapse: 1.38.0 -> 1.39.0

    • nixStable: 2.3.12 -> 2.3.15

    • nodejs-12_x: 12.22.2 -> 12.22.4

    • nodejs-14_x: 14.17.2 -> 14.17.4

    • openjdk: 11.0.10+11 -> 11.0.11+9

    • openjdk: 11.0.11+9 -> 11.0.12+7

    • phpPackages.composer: 2.1.3 -> 2.1.5

    • systemd: Patch CVE-2021-33910

    • varnish: add patch for CVE-2021-36740

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/99480/download/1/nixexprs.tar.xz

Documentation

  • nothing yet

Detailed Changes