Release 2021_034 (2021-10-25)

Impact

  • [NixOS 21.05] Mysql, redis, httpd and other services depending on network will be restarted.

  • [NixOS 21.05] Jitsi will be restarted and unavailable for a short amount of time.

  • [NixOS 21.05] VMs will schedule a reboot to activate the new kernel version.

NixOS 21.05 platform

  • The ACME cert renewal service now tries to run three times per hour on failure to avoid hitting the Letsencrypt rate limit (5 failed authorizations per hour) (#PL-130150).

  • Install upstream PHP (currently 7.4) globally on machines instead of lamp_php73 and drop composer to reduce installation size and speed up updates. Machines using the lamp role are not affected, they still install the PHP package used by lamp and composer with matching versions globally (#PL-130145).

  • MySQL/Percona: increase start and stop timeout to 15 minutes to avoid interrupting recovery or flushing of dirty pages (#PL-130155).

  • Pull in upstream NixOS changes that include security fixes and other updates (#PL-130159):

    • ffmpeg: patch CVE-2021-38171 and CVE-2021-38291

    • github-runner: 2.282.0 -> 2.283.3

    • grafana: 7.5.10 -> 7.5.11, fix CVE-2021-39226

    • linux: 5.10.70 -> 5.10.71

    • matrix-synapse: 1.43.0 -> 1.44.0

    • nodejs-12_x: 12.22.6 -> 12.22.7

    • nodejs-16_x: 16.10.0 -> 16.11.0

    • nodejs: 14.17.6 -> 14.18.1

  • Ensure proper order of startup and shutdown for services that are likely to access NFS shares. This affects mainly LAMP stacks and nginx from a platform perspective. Customer applications should adapt their own service units - when relying on NFS - as well (#PL-129954).

  • Jitsi: update jitsi-videobridge, jicofo and jitsi-meet to latest stable versions (#PL-130164).

  • Add routes for all known subnets to all interfaces. This avoids problems with traffic using the wrong interface after we disabled policy routing (#PL-130130).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/105628/download/1/nixexprs.tar.xz

Detailed Changes