Release 2023_006 (2023-03-27)

Impact

  • [NixOS 22.11] docker, elasticsearch, httpd/phpfpm-lamp, openvpn-access, postgresql, rabbitmq and redis services will be restarted. Machines will schedule a reboot to activate the changed kernel.

  • [NixOS 22.05] postgresql will be restarted.

  • [NixOS 21.11] postgresql will be restarted.

  • [NixOS 21.05] Most services will be restarted due to a core dependency change.

NixOS 22.11 platform

  • Pull upstream NixOS changes, security fixes and package updates (PL-131136):

    • github-runner: 2.302.1 -> 2.303.0

    • imagemagick: 7.1.0-62 -> 7.1.1-2

    • libX11: 1.8.3 -> 1.8.4

    • linux: 5.15.97 -> 5.15.103

    • matrix-synapse: 1.78.0 -> 1.79.0

    • nss_latest: 3.88.1 -> 3.89

    • redis: 7.0.8 -> 7.0.9 (CVE-2023-25155, CVE-2022-36021)

    • sudo: 1.9.13 -> 1.9.13p3

  • Add slurm-* roles. Slurm is a highly scalable cluster management and job scheduling system (PL-131067).

  • postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

    The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

  • postgresql docs: when upgrading from a version before 12 with enabled PostGIS extension, dump/restore has to be used (PL-131271).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/242270/download/1/nixexprs.tar.xz

NixOS 22.05 platform

  • Pre-build nodejs-* packages so machines don’t have to do it. We saw this taking a long time and even hitting the management task timeout (PL-131331).

  • postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

    The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

  • postgresql docs: when upgrading from a version before 12 with enabled PostGIS extension, dump/restore has to be used (PL-131271).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/241578/download/1/nixexprs.tar.xz

NixOS 21.11 platform

  • postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

    The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/241562/download/1/nixexprs.tar.xz

NixOS 21.05 platform

  • postgresql: improve monitoring, auto-restart when postgresql service is inactive (PL-131358).

    The database user fcio_monitoring can only be accessed using the local UNIX socket by the system users for monitoring (sensuclient and telegraf). There’s now a postgresql-alive UNIX socket database connection check and the existing postgresql-listen-* checks are changed to simple TCP connection checks.

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/241702/download/1/nixexprs.tar.xz

Detailed Changes