Release 2022_004 (2022-02-07)

Impact

• [NixOS 21.05]: Many services will be restarted because of a core dependency change.

NixOS 21.05 platform

• Increase neighbor discovery tables for IPv4 and IPv6 on all nodes to ensure services that talk to a lot of neighbors on a single LAN work properly with at least multiple hundreds of neighbors (#PL-130380).

• K3s/Kubernetes frontend improvements (#PL-130265):

  • VM now adds cluster DNS to resolv.conf so names like web-service.namespace.svc.cluster.local can be resolved now. Before, only haproxy could resolve internal DNS names.

  • Added option sslBackend to use SSL for the backend pod connection from haproxy to the backend pod.

  • Added new option extraPodTemplateOptions to add options to the generated server-template line.

• Pull upstream NixOS changes that include security fixes and other updates (#PL-130353):

  • binutils: 2.35.1 -> 2.35.2 (CVE-2020-35448, CVE-2021-20284, CVE-2021-20294)

  • gegl_0_4: patch https://github.com/advisories/GHSA-g9gv-9646-jvp8

  • unicorn: add patch for https://github.com/advisories/GHSA-rmvm-v6m6-87vr

• Fix memcached’s localhost dualstack binding when running in a devhost container (#FC-21094).

• Our Ceph infrastructure has been fully ported to NixOS now (#PL-127635).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/132731/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 21.05: platform code, upstream changes