Release 2021_039 (2021-12-06)

Impact

  • [NixOS 21.05] Most services will be restarted. VMs will schedule a reboot to activate the new kernel version.

NixOS 21.05 platform

  • MySQL: rotate slow log when file size is greater than 2GB and compress, at least once a week (#PL-130221).

  • OpenVPN: client example config is now accessible for users with login permissions.

  • Kubernetes: replace old implementation based on NixOS k8s support with a k3s-based solution which is easier to manage and has some improvements like proper support for services of type LoadBalancer, a local path provisioner and pre-installed helm for package management, a metrics-server, and traefik for ingress. The roles k3s-server and k3s-agent replace kubernetes-master and kubernetes-node, respectively. The kubernetes-frontend role was removed, webgateway now automatically activates Kubernetes support when it’s running in a project with a k3s-server. The k3s roles are currently in beta state. Documentation has been updated to reflect the changes and give more frontend configuration examples (#PL-130215).

  • kubernetes/k3s: speed up kubectl startup by using a separate binary instead of aliasing k3s kubectl (#PL-130240).

  • Gitlab: upgrade to 14.4.1. The upgrade was already rolled out manually before this release (#PL-130156).

  • devhost: various improvements (#PL-129841):

    • Use platform default timezone “Europe/Berlin” as default for containers, too.

    • Fix use of NFS roles (single container only).

    • Start dev containers automatically when the devhost ist rebooted.

    • Properly handle disabled containers for startup and with existing nginx configurations.

  • Pull upstream NixOS changes that include security fixes and other updates (#PL-130230):

    • gd: 2.3.0 -> 2.3.2, add patch for partial CVE-2021-40812 fix

    • go_1_17: 1.17.2 -> 1.17.3

    • imagemagick: 7.1.0-9 -> 7.1.0-13

    • linux: 5.10.79 -> 5.10.81

    • nginxStable: 1.20.1 -> 1.20.2

    • openssh: Fix CVE-2021-41617

    • php74: 7.4.25 -> 7.4.26 (CVE-2021-21707)

    • php80: 8.0.12 -> 8.0.13 (CVE-2021-21707)

    • vim: 8.2.2567 -> 8.2.3451

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/118848/download/1/nixexprs.tar.xz

Detailed Changes