Release 2022_022 (2022-08-30)

NixOS 22.05 platform

• This is the first production release of the 22.05 platform. Default version for new production VMs is still 21.11.

• Significant package updates, compared to 21.11:

  • glibc 2.33 -> 2.34

  • haproxy: 2.3.x -> 2.5.x

    • Note that haproxy 2.5 now rejects GET requests with a request body when using HTTP/1.0, responding with a HTTP 413 status. This is a problem if your nginx configuration still uses proxy_http_version 1.0 talking to a haproxy upstream, for example. Change to version 1.1 if you expect such GET requests.

  • nginx: 1.20.2 -> 1.22

  • nix: 2.3 -> 2.8

  • php 8.1: new

  • openssh: 8.8 -> 9.0

  • redis: 6.2.x -> 7.0.x

  • systemd: 249 -> 250

  • varnish: 7.0.x -> 7.1.x

• Significant behaviour change in the handling of SystemD unit restarts: NixOS automatically restarts units when meaningful changes to the unit are detected. Note that changes to comments or whitespace don’t trigger a restart. This behaviour changed compared to versions before 22.05 where every content change triggered a restart. If you have some value that should restart the unit when it changes, add it to the X-Restart-Triggers directive in the [Unit] section when using plain config or restartTriggers when using NixOS config. See the NixOS Manual/Unit handling section for details.

• Pull upstream NixOS changes that include security fixes and other updates (#PL-130858):

  • discourse: 2.9.0.beta4 -> 2.9.0.beta9

  • github-runner: 2.294.0 -> 2.295.0

  • gitlab: 15.1.4 -> 15.2.2

  • gnutls: patch CVE-2022-2509

  • imagemagick: 7.1.0-44 -> 7.1.0-46

  • libtiff: add patch for CVE-2022-34526

  • linux: 5.10.134 -> 5.10.136

  • matrix-synapse: 1.64.0 -> 1.65.0

  • nodejs-16_x: 16.15.0 -> 16.16.0

  • nodejs-18_x: 18.2.0 -> 18.7.0

  • nspr: 4.34 -> 4.34.1

  • php80: 8.0.21 -> 8.0.22

  • php81: 8.1.8 -> 8.1.9

  • strace: 5.18 -> 5.19

  • varnish71: 7.1.0 -> 7.1.1

  • zlib: add fixed patch for CVE-2022-37434

• Go back to Linux 5.10 kernel which we also use on the 21.11 platform. We have seen problems with hanging file system freezes on 22.05 using Linux 5.15 when mysql/percona/mariadb is running and our backup system tries to take a snapshot (#PL-130833).

• loghost: fixed various config problems which were discovered after the latest elasticsearch role changes (#PL-130815).

• filebeat-journal: set log level to error because warning still produced too much noise (#PL-130817).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/182987/download/1/nixexprs.tar.xz

NixOS 21.11 platform

• filebeat-journal: set log level to error because warning still produced too much noise (#PL-130817).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/183583/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• Various internal changes that only affect our physical hosts.

Documentation

• Converted all documentation to MyST Markdown.

Detailed Changes

• NixOS 21.11: platform code.