Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.11] nginx changes for 24.11 #1145

Open
wants to merge 30 commits into
base: fc-24.11-dev
Choose a base branch
from
Open

[24.11] nginx changes for 24.11 #1145

wants to merge 30 commits into from

Commits on Oct 30, 2024

  1. Start 24.11 development

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    1add6d3 View commit details
    Browse the repository at this point in the history

  2. Switch nixpkgs to current nixos-unstable (24.11)

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    a81bbf7 View commit details
    Browse the repository at this point in the history

  3. sound.enable does not exist anymore

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    f8436e7 View commit details
    Browse the repository at this point in the history

  4. java test: remove obsolete openjdk19

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    fe82dfd View commit details
    Browse the repository at this point in the history

  5. Remove jitsi-meet temporarily, marked insecure

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    a0446a3 View commit details
    Browse the repository at this point in the history

  6. Update vendored nix-phps

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    2af7413 View commit details
    Browse the repository at this point in the history

  7. nginx, test: fix acme assert

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    4b6b2e1 View commit details
    Browse the repository at this point in the history

  8. Remove outdated and unneeded packages

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    d63efda View commit details
    Browse the repository at this point in the history

  9. jitsi-meet: marked as insecure, temp disable

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    12393a4 View commit details
    Browse the repository at this point in the history

  10. images.fc: fix build

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    fe094c6 View commit details
    Browse the repository at this point in the history

  11. jibri: remove sound.enable

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    31ef8dd View commit details
    Browse the repository at this point in the history

  12. Make beats work 

    - -oss seems to be broken at the moment due to a failing test relying on
  x-pack. We have to re-check this later.
- Use upstream packages.
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    c1892ec View commit details
    Browse the repository at this point in the history

  13. Update nixpkgs (2024-09-07) 

    Pull upstream NixOS changes, security fixes and package updates:

- awscli2: 2.17.18 -> 2.17.42
- containerd: 1.7.20 -> 1.7.21
- haproxy: 3.0.3 -> 3.0.4
- imagemagick: 7.1.1-37 -> 7.1.1-38
- imagemagick: add willow to passthru.tests
- k3s_1_30: 1.30.3+k3s1 -> 1.30.4+k3s1
- libmodsecurity: 3.0.12 -> 3.0.13
- linux_5_15: 5.15.165 -> 5.15.166
- mongodb-5_0: 5.0.28 -> 5.0.29
- nss_latest: 3.103 -> 3.104
- php82: 8.2.22 -> 8.2.23
- php83: 8.3.10 -> 8.3.11
- prometheus: 2.53.1 → 2.54.1
- qemu: 9.0.2 -> 9.1.0
- roundcube: 1.6.8 -> 1.6.9
- runc: 1.1.13 -> 1.1.14
- unifi8: 8.3.32 -> 8.4.59
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    de41629 View commit details
    Browse the repository at this point in the history

  14. release: add releaseSmall and releaseUntested jobs 

    This way we get to a channel faster that we can use for development.

Before, we used to disable tests and packages to keep `release` green
which is error-prone and takes away the feedback we get from failing
tests in Hydra.
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    bc74421 View commit details
    Browse the repository at this point in the history

  15. Replace deprecated cargoSha256

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    8fe4746 View commit details
    Browse the repository at this point in the history

  16. Remove vendored opensearch service 

    This was taken from NixOS 23.05 and is obsolete now.

Had to remove the code that depends on cfgUpstream.configFile but
it's just for informational purposes and we can fix that later.
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    15abaa0 View commit details
    Browse the repository at this point in the history

  17. php81: fix php81 build, pick up missing patches for others 

    Our patch logic used for adding our log patch to older PHP versions
left out `patches` which skipped a patch needed for building 8.1.
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    71447a7 View commit details
    Browse the repository at this point in the history

  18. Downgrade slurm to 23.11, known to work with pyslurm 

    slurm 24.05 doesn't work with pyslurm at the moment and there's
no visible work going on in the repo to make it compatible. Go
back to slurm 23.11 in the meantime. If the problem still persists
in 1-2 months, we should think about how we can resolve this properly.
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    83bc2fe View commit details
    Browse the repository at this point in the history

  19. Update nixpkgs 

    Pull upstream NixOS changes, security fixes and package updates:

- asterisk: 20.9.2 -> 20.9.3
- curl: enable configure flag `--enable-versioned-symbols`
- curl: enable flag `--enable-versioned-symbols` (#336712)
- nodejs_20: 20.16.0 -> 20.17.0, (#336388)
- nodejs_22: 22.6.0 -> 22.8.0, (#336556)
- podman: drop slirp4netns which has been replaced by passt
- postgresql: move dynamic modules to default output
- postgresql: move libecpq to lib output
- postgresql: refactor removal of references in bitcode files
- postgresql: refactor to simplify condition
- postgresql: remove references to llvm-dev on darwin as well
- postgresql: split dev output
- postgresql: use systemdLibs (#337441)
- unifi7: mark insecure due to CVE-2024-42025 (#340341)
- vim: 9.1.0689 -> 9.1.0707
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    0538c27 View commit details
    Browse the repository at this point in the history

  20. Remove unifi7 and unifi8 from important packages

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    94b73f1 View commit details
    Browse the repository at this point in the history

  21. Update nixpkgs 

    Pull upstream NixOS changes, security fixes and package updates:

- calibre: enable tests (#338867)
- containerd: 1.7.21 -> 1.7.22, (#340887)
- gitlab-container-registry: 4.7.0 -> 4.9.0
- gitlab: 17.2.4 -> 17.2.5, (#341398)
- keycloak: 25.0.4 -> 25.0.5, (#341062)
- openssl: expose 'enable-md2' option (#337885)
- python39: 3.9.19 -> 3.9.20; python310: 3.10.14 -> 3.10.15; python313: 3.13.0rc1 -> 3.13.0rc2, (#340330)
- rabbitmq-server: 3.13.6 -> 3.13.7, (#337489)
- subversion: fix darwin (#341232)
- telegraf: 1.31.3 -> 1.32.0, (#341515)
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    e3fdb87 View commit details
    Browse the repository at this point in the history

  22. Add buildbot to important packages

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    77c52c8 View commit details
    Browse the repository at this point in the history

  23. security.acme.defaults.server: customise only for stateVersion <= 24.05 

    In PL-132659, we've decided to override security.acme.defaults.server from the upstream value to avoid triggering mass letsencrypt account re-registrations.

**Re-**registrations are only an issue for existing machines. Freshly bootstrapped systems won't cause any problems. As we cannot be certain that our workaround is going to work for all future NixOS releases, I propose to make this conditional on the VM state version <= 24.05. If ever necessary, this reduces the number of VMs in need of a state migration for the account in the future.

PL-133038
    @osnyx @ctheune
    osnyx authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    1c3b0aa View commit details
    Browse the repository at this point in the history

  24. pre-commit fixes

    @osnyx @ctheune
    osnyx authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    c09ed6c View commit details
    Browse the repository at this point in the history

  25. agent: log name of dropped cmd log file

    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    3dc9261 View commit details
    Browse the repository at this point in the history

  26. Update nixpkgs (2024-09-25) 

    Pull upstream NixOS changes, security fixes and package updates:

- calibre: exclude test test_websocket_basic (#341843)
- clamav: 1.4.0 -> 1.4.1 (#341437)
- curl: apply patch for CVE-2024-8096 (#342030)
- docker-compose: 2.29.2 -> 2.29.3, (#341583)
- keycloak: 25.0.5 -> 25.0.6 (#343113)
- kubernetes-helm: 3.15.4 -> 3.16.1 (#341294)
- nix: 2.18 -> 2.24 (#335342)
- strace: 6.10 -> 6.11
- tomcat9: 9.0.93 -> 9.0.94
- tomcat10: 10.1.28 -> 10.1.29 (#341440)
    @dpausp @ctheune
    dpausp authored and ctheune committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    62ba7b6 View commit details
    Browse the repository at this point in the history

  27. nginx: remove JSON config 

    PL-131381
    Philipp Neumann committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    8ee0207 View commit details
    Browse the repository at this point in the history

  28. nginx: remove masterUser option 

    The masterUser option is remove since it caused many problems and brings
us closer to upstream.

PL-131381
    Philipp Neumann committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    fe2f427 View commit details
    Browse the repository at this point in the history

  29. nginx: pull in upstream changes 

    This is done to reduce the diff once we switch to the upstream module.
It is also part of the preparations for 24.11

PL-131381
    Philipp Neumann committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    a18b990 View commit details
    Browse the repository at this point in the history

  30. pre-commit fixup

    Philipp Neumann committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    ed72765 View commit details
    Browse the repository at this point in the history