Release 2022_031 (2022-12-19)

Impact

• [NixOS 22.05] MySQL/Percona and PHP-FPM services will be restarted.

NixOS 22.05 platform

• postgresql: warn about legacy plain config in /etc/local/postgresql/version/*. This config style doesn’t work properly anymore and must be replaced by custom NixOS config. See https://doc.flyingcircus.io/roles/fc-22.05-production/postgresql.html for details. Add a command fc-postgresql show-config to show the postgresql.conf for the running postgresql service (#PL-131136).

• mysql/percona: set binlog duration to 3 days (72 hours) by default and make it configurable via flyingcircus.mysql.binlogExpireDays. The MySQL default of 30 days is way too long and consumes a lot of space on busy instances (#PL-131092).

• statshost-relay: fix log rotation on machines that don’t have the webgateway role (#PL-131140).

• Pull upstream NixOS changes, security fixes and package updates (#PL-131134):

  • discourse: 2.9.0.beta10 -> 2.9.0.beta14 (CVE-2022-41921, CVE-2022-41944, CVE-2022-46150, CVE-2022-46159)

  • gitlab: 15.4.4 -> 15.4.6

  • imagemagick6: 6.9.12-26 -> 6.9.12-68 (CVE-2022-1114, CVE-2022-1115, CVE-2022-3213, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

  • imagemagick: 7.1.0-52 -> 7.1.0-53

  • linux: 5.10.155 -> 5.10.158

  • matrix-synapse: 1.72.0 -> 1.73.0

  • python311: 3.11.0 -> 3.11.1 (CVE-2022-45061)

  • python38: 3.8.15 -> 3.8.16 (CVE-2022-37454, CVE-2022-45061, CVE-2015-20107)

• Production channel URL for this release: https://hydra.flyingcircus.io/build/212976/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.05: platform code, upstream changes