Release 2020_022 (2020-07-27)

Impact

  • [NixOS 19.03] Almost all services will be restarted due to the pcre security update.

NixOS 19.03 platform

  • Fix problems with future platform release updates (stuck ‘next’ channel) if the last update has failed (#110203).

  • Security updates: adns 1.5.1 -> 1.5.2 and pcre 8.42 -> 8.44.

  • Security updates: sysstat 12.1.2 -> 12.2.0 and tcpdump: 4.9.2 -> 4.9.3.

  • Provide PostgreSQL 12 role, remove unused 9.5 role. The new role for 12 uses /run/postgresql as socket dir and replaces the deprecated temporal_tables extension with the periods extension (#126897).

  • Reduce swappiness to 1. Our overall experience shows that applications in our environment really want to stay in RAM. The perfomance penalty of swapping applications also seems worse than thrashing VFS caches (under pressure). We now much more strongly recommend adding memory when applications start getting swapped as the performance penalties can become critical in undue situations (#127498).

  • Add a new role “LAMP” to provide an easy-to-use and managed version of an Apache server (not intended to run on the frontend network) with PHP that only needs to be pointed at a service-user’s docroot.

    Also includes support for the Tideways APM service, only the API key needs to be added (#126611).

Documentation

  • Separate logging documentation per platform.

  • Update Kubernetes for version 1.18.

  • Add docker, elasticsearch and kibana role documentation for NixOS 19.03.

  • Mail server: Example for users.json