Merge release-21.05 into staging-next-21.05

2021-09-21 18:02:23 +00:00 · 2021-09-21 18:02:23 +00:00 · 045a7ba01b
commit 045a7ba01b
parent 199a113b66 04c2339cc1
6 changed files with 51 additions and 20 deletions
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@ -9,6 +9,13 @@ let
    RAILS_ENV = "production";
    NODE_ENV = "production";

+    # mastodon-web concurrency.
+    WEB_CONCURRENCY = toString cfg.webProcesses;
+    MAX_THREADS = toString cfg.webThreads;
+
+    # mastodon-streaming concurrency.
+    STREAMING_CLUSTER_NUM = toString cfg.streamingProcesses;
+
    DB_USER = cfg.database.user;

    REDIS_HOST = cfg.redis.host;
@ -146,18 +153,41 @@ in {
        type = lib.types.port;
        default = 55000;
      };
+      streamingProcesses = lib.mkOption {
+        description = ''
+          Processes used by the mastodon-streaming service.
+          Defaults to the number of CPU cores minus one.
+        '';
+        type = lib.types.nullOr lib.types.int;
+        default = null;
+      };

      webPort = lib.mkOption {
        description = "TCP port used by the mastodon-web service.";
        type = lib.types.port;
        default = 55001;
      };
+      webProcesses = lib.mkOption {
+        description = "Processes used by the mastodon-web service.";
+        type = lib.types.int;
+        default = 2;
+      };
+      webThreads = lib.mkOption {
+        description = "Threads per process used by the mastodon-web service.";
+        type = lib.types.int;
+        default = 5;
+      };

      sidekiqPort = lib.mkOption {
-        description = "TCP port used by the mastodon-sidekiq service";
+        description = "TCP port used by the mastodon-sidekiq service.";
        type = lib.types.port;
        default = 55002;
      };
+      sidekiqThreads = lib.mkOption {
+        description = "Worker threads used by the mastodon-sidekiq service.";
+        type = lib.types.int;
+        default = 25;
+      };

      vapidPublicKeyFile = lib.mkOption {
        description = ''
@ -524,9 +554,10 @@ in {
      wantedBy = [ "multi-user.target" ];
      environment = env // {
        PORT = toString(cfg.sidekiqPort);
+        DB_POOL = toString cfg.sidekiqThreads;
      };
      serviceConfig = {
-        ExecStart = "${cfg.package}/bin/sidekiq -c 25 -r ${cfg.package}";
+        ExecStart = "${cfg.package}/bin/sidekiq -c ${toString cfg.sidekiqThreads} -r ${cfg.package}";
        Restart = "always";
        RestartSec = 20;
        EnvironmentFile = "/var/lib/mastodon/.secrets_env";
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@ -13,21 +13,21 @@
    },
    "5.10": {
        "extra": "-hardened1",
-        "name": "linux-hardened-5.10.66-hardened1.patch",
-        "sha256": "0pj5ja28byaxgfvlwsljfha5a3ihg9s0cy4lpzxmagvz00nhbpvf",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.66-hardened1/linux-hardened-5.10.66-hardened1.patch"
+        "name": "linux-hardened-5.10.67-hardened1.patch",
+        "sha256": "1yvfqkcffrva9hf4ns0jkksnvkj58h87msim0yhanlyp5jyz3l1p",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.67-hardened1/linux-hardened-5.10.67-hardened1.patch"
    },
    "5.13": {
        "extra": "-hardened1",
-        "name": "linux-hardened-5.13.18-hardened1.patch",
-        "sha256": "1cdr6l5c4j6666lvkxv30bfkhnf9sf5j7kqwc37pjk9kqmwnfbz1",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.18-hardened1/linux-hardened-5.13.18-hardened1.patch"
+        "name": "linux-hardened-5.13.19-hardened1.patch",
+        "sha256": "1cj99y2xn7l89lf4mn7arp0r98r4nmvql3ffjpngzv8hsf79xgg7",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.19-hardened1/linux-hardened-5.13.19-hardened1.patch"
    },
    "5.14": {
        "extra": "-hardened1",
-        "name": "linux-hardened-5.14.5-hardened1.patch",
-        "sha256": "0qx7i9clxla2g59mcncg1wf07kvb5lpqkhdrc66xzpci65rq0qpd",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.5-hardened1/linux-hardened-5.14.5-hardened1.patch"
+        "name": "linux-hardened-5.14.6-hardened1.patch",
+        "sha256": "0db5jvbvrk93x745ylxwnmx6ldwhmaqdnb2hfa35j0i2xjaw4hxx",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.6-hardened1/linux-hardened-5.14.6-hardened1.patch"
    },
    "5.4": {
        "extra": "-hardened1",
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@ -3,7 +3,7 @@
 with lib;

 buildLinux (args // rec {
-  version = "5.10.66";
+  version = "5.10.67";

  # modDirVersion needs to be x.y.z, will automatically add .0 if needed
  modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,7 +13,7 @@ buildLinux (args // rec {

  src = fetchurl {
    url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "19y8zh6wvjzj55kynfpgm3zbapyhwsqkgilycvmbjr6ipfxhdyjx";
+    sha256 = "10lap66d84s1cfakbgfsbabgxm42060c4wcvpzxbi4r5g2m40mwc";
  };

  kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ];
--- a/pkgs/os-specific/linux/kernel/linux-5.13.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix
@ -3,7 +3,7 @@
 with lib;

 buildLinux (args // rec {
-  version = "5.13.18";
+  version = "5.13.19";

  # modDirVersion needs to be x.y.z, will automatically add .0 if needed
  modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,7 +13,7 @@ buildLinux (args // rec {

  src = fetchurl {
    url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0iqz34yjbk5zg8wc9majq7afg34nsgi0yxn0j4k3xrn22kyl2dm2";
+    sha256 = "0yxbcd1k4l4cmdn0hzcck4s0yvhvq9fpwp120dv9cz4i9rrfqxz8";
  };

  kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ];
--- a/pkgs/os-specific/linux/kernel/linux-5.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix
@ -3,7 +3,7 @@
 with lib;

 buildLinux (args // rec {
-  version = "5.14.5";
+  version = "5.14.6";

  # modDirVersion needs to be x.y.z, will automatically add .0 if needed
  modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {

  src = fetchurl {
    url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1zbcai5q1b5hjc3xhg05pghj5iyb0xsvrqyrazzmhrfbsqf8s5k5";
+    sha256 = "1v6cicakpg0fdp74r2a4h46sj7rzpjdf4cscbr8y67kpd098r12l";
  };
 } // (args.argsOverride or { }))
--- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
@ -6,7 +6,7 @@
 , ... } @ args:

 let
-  version = "5.10.59-rt52"; # updated by ./update-rt.sh
+  version = "5.10.65-rt53"; # updated by ./update-rt.sh
  branch = lib.versions.majorMinor version;
  kversion = builtins.elemAt (lib.splitString "-" version) 0;
 in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {

  src = fetchurl {
    url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
-    sha256 = "107anv16khx055rpkvfd532rdcfg4ffbs7bhp45hdqi3bz0ssg1k";
+    sha256 = "0riyq1gdm18642fpnhpcw8hspcjqzprzhqnygjxabjjvrvdxxlzd";
  };

  kernelPatches = let rt-patch = {
    name = "rt";
    patch = fetchurl {
      url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
-      sha256 = "0i66z1njppn9qvl8msarcgbvmgby6hv8w0k0rmlizwj09i1pmwdx";
+      sha256 = "1sxyic3895dch3x7cabiip5lxv9wqypn22hcy02jg9825260cmd3";
    };
  }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;