Release 2024_009 (2024-03-11)

Impact

• [NixOS 23.11] Gitlab and phpfpm-* services (including Matomo) will be restarted.

NixOS 23.11 platform

• agent: check free disk space before preparing a system update. At least the size of the current system plus a fixed value must be available. A Sensu check warns before the limit is reached and becomes critical if updates cannot run anymore. The default fixed value of 5 GiB can be configured using the flyingcircus.agent.diskKeepFree option (PL-131859).

• docker: the firewall should now continue to function properly after the Docker role is removed (PL-131699).

• gitlab security update (PL-132277):

  • gitlab: 16.7.6 -> 16.7.7 (CVE-2024-0199, CVE-2024-1299)

  • gitlab-container-registry: 3.88.1 -> 3.90.0

• lamp: ensure read access to /var/log/httpd/* files for users from sudo-srv and services groups (PL-131938).

• opensearch: check cluster redundancy before running automated maintenance activities to avoid an impact on availability. The cluster must be in state green and other nodes must not be in maintenance at the same time (PL-132247).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/390433/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.11: platform code, nixpkgs/upstream changes