Release 2023_006 (2023-03-27)

Impact

• [NixOS 22.11] docker, elasticsearch, httpd/phpfpm-lamp, openvpn-access, postgresql, rabbitmq and redis services will be restarted. Machines will schedule a reboot to activate the changed kernel.

• [NixOS 22.05] postgresql will be restarted.

• [NixOS 21.11] postgresql will be restarted.

• [NixOS 21.05] Most services will be restarted due to a core dependency change.

NixOS 22.11 platform

• Pull upstream NixOS changes, security fixes and package updates (PL-131136):

  • github-runner: 2.302.1 -> 2.303.0

  • imagemagick: 7.1.0-62 -> 7.1.1-2

  • libX11: 1.8.3 -> 1.8.4

  • linux: 5.15.97 -> 5.15.103

  • matrix-synapse: 1.78.0 -> 1.79.0

  • nss_latest: 3.88.1 -> 3.89

  • redis: 7.0.8 -> 7.0.9 (CVE-2023-25155, CVE-2022-36021)

  • sudo: 1.9.13 -> 1.9.13p3

• Add slurm-* roles. Slurm is a highly scalable cluster management and job scheduling system (PL-131067).

• postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

  The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

• postgresql docs: when upgrading from a version before 12 with enabled PostGIS extension, dump/restore has to be used (PL-131271).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/242270/download/1/nixexprs.tar.xz

NixOS 22.05 platform

• Pre-build nodejs-* packages so machines don’t have to do it. We saw this taking a long time and even hitting the management task timeout (PL-131331).

• postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

  The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

• postgresql docs: when upgrading from a version before 12 with enabled PostGIS extension, dump/restore has to be used (PL-131271).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/241578/download/1/nixexprs.tar.xz

NixOS 21.11 platform

• postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

  The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

• Production channel URL for this release: https://hydra.flyingcircus.io/build/241562/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

  The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

• Production channel URL for this release: https://hydra.flyingcircus.io/build/241702/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.11: platform code, upstream changes

• NixOS 22.05: platform code

• NixOS 21.11: platform code

• NixOS 21.05: platform code