Release 2022_024 (2022-10-10)

NixOS 22.05 is now our recommendation for production systems to get all security updates and bug fixes provided by NixOS. The 21.11 platform version is in maintenance mode now and will only get critical fixes.

The default for new VMs created via the customer self-service portal my.flyingcircus.io will be changed to fc-22.05-production with the next Directory release.

Impact

  • [NixOS 22.05] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

NixOS 22.05 platform

  • postgresql: Add fc-postgresql with various sub-commands for listing data directories for all major versions of PostgreSQL and upgrading database clusters. The command has to be run as postgres user. We also add options for automated database upgrades which are experimental and are meant for internal use only in platform code at the moment (#PL-130197).

  • Kubernetes/k3s: fix frontend setup issues in some networking scenarios. Load-balancing between pods in HAProxy didn’t work anymore with the old setup because CoreDNS doesn’t allow wildcard DNS queries anymore. To see how the frontend has to be configured now for load-balancing, look at the first networking scenario and the configuration reference in the updated Kubernetes/k3s role documentation (#PL-130916).

  • mailserver: require explicit PostgreSQL version setting if Roundcube web mailer is enabled and enable auto-upgrades: changing to a higher major PostgreSQL version will automatically upgrade and migrate existing data. Note that it will only work by default when no other databases than roundcube are present in the database cluster. If there are more databases, add them to the list of expected databases, like: flyingcircus.postgresql.autoUpgrade.expectedDatabases =[ "anotherdb" ]; (#PL-130600).

  • Pull upstream NixOS changes, security fixes and package updates (#PL-130958):

    • bind: 9.18.3 -> 9.18.7

    • cacert: 3.80 -> 3.83

    • consul: 1.12.1 -> 1.12.5

    • discourse: 2.9.0.beta9 -> 2.9.0.beta10

    • docker: 20.10.17 -> 20.10.18

    • docker: fix build by using go 1.18

    • element-web: 1.11.5 -> 1.11.8

    • gitlab: 15.3.3 -> 15.4.2

    • grafana: 8.5.11 -> 8.5.13, fix CVE-2022-35957 & CVE-2022-36062

    • libtiff: add patch for CVE-2022-2953

    • linux: 5.10.143 -> 5.10.146

    • matrix-synapse: 1.67.0 -> 1.68.0

    • mediawiki: 1.37.4 -> 1.37.6

    • nodejs-14_x: 14.20.0 -> 14.20.1

    • nodejs-16_x: 16.16.0 -> 16.17.1

    • nodejs-18_x: 18.7.0 -> 18.9.1

    • nspr: 4.34.1 -> 4.35

    • php74: 7.4.30 -> 7.4.32

    • php80: 8.0.23 -> 8.0.24

    • php81: 8.1.10 -> 8.1.11

    • redis: 7.0.4 -> 7.0.5

  • loghost docs: clarify ports for graylog inputs

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/194205/download/1/nixexprs.tar.xz

Detailed Changes