From 02e05becea5b115a0ef7b48f52f51d232e494087 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:39:46 +0000 Subject: [PATCH 1/9] linux: 5.10.66 -> 5.10.67 (cherry picked from commit 66760dcbd5e30eb8950f79be847c052fe5de51f2) --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 41a58eea9f8..764ba4da61f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.66"; + version = "5.10.67"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "19y8zh6wvjzj55kynfpgm3zbapyhwsqkgilycvmbjr6ipfxhdyjx"; + sha256 = "10lap66d84s1cfakbgfsbabgxm42060c4wcvpzxbi4r5g2m40mwc"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; From 4dcfb252994689eb212e22e481dd7d9720203fd7 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:40:00 +0000 Subject: [PATCH 2/9] linux: 5.13.18 -> 5.13.19 (cherry picked from commit 748679c0d3ab550ce8dbac4e5797e3b5d0064c76) --- pkgs/os-specific/linux/kernel/linux-5.13.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix index 347467106f9..04526dad25d 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.13.18"; + version = "5.13.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0iqz34yjbk5zg8wc9majq7afg34nsgi0yxn0j4k3xrn22kyl2dm2"; + sha256 = "0yxbcd1k4l4cmdn0hzcck4s0yvhvq9fpwp120dv9cz4i9rrfqxz8"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; From 76bdc20f22a0586a31f0d80ec75c5acf9e083145 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:40:12 +0000 Subject: [PATCH 3/9] linux: 5.14.5 -> 5.14.6 (cherry picked from commit 51b0e44980a4939b21a6431d652169426840a335) --- pkgs/os-specific/linux/kernel/linux-5.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.14.nix b/pkgs/os-specific/linux/kernel/linux-5.14.nix index 46c34a4b51b..66c23ec1617 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.14.5"; + version = "5.14.6"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1zbcai5q1b5hjc3xhg05pghj5iyb0xsvrqyrazzmhrfbsqf8s5k5"; + sha256 = "1v6cicakpg0fdp74r2a4h46sj7rzpjdf4cscbr8y67kpd098r12l"; }; } // (args.argsOverride or { })) From 16e4fb1aad3bf82b4ee3029c5715dc89828ba019 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:40:48 +0000 Subject: [PATCH 4/9] linux-rt_5_10: 5.10.59-rt52 -> 5.10.65-rt53 (cherry picked from commit 3e87ddbf57a85ca4f06f10f8579ed9c4a54768b0) --- pkgs/os-specific/linux/kernel/linux-rt-5.10.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index a00e7ad33a9..7368f77c4d3 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.59-rt52"; # updated by ./update-rt.sh + version = "5.10.65-rt53"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "107anv16khx055rpkvfd532rdcfg4ffbs7bhp45hdqi3bz0ssg1k"; + sha256 = "0riyq1gdm18642fpnhpcw8hspcjqzprzhqnygjxabjjvrvdxxlzd"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0i66z1njppn9qvl8msarcgbvmgby6hv8w0k0rmlizwj09i1pmwdx"; + sha256 = "1sxyic3895dch3x7cabiip5lxv9wqypn22hcy02jg9825260cmd3"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; From 174c38c553cdc89d99c97a0967d4a4e8b3eb6061 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:41:37 +0000 Subject: [PATCH 5/9] linux/hardened/patches/5.10: 5.10.66-hardened1 -> 5.10.67-hardened1 (cherry picked from commit 4a9ffb82aedee82a456268e402c714966adbbf2e) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 3f2cd554067..0f17e125dfc 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.66-hardened1.patch", - "sha256": "0pj5ja28byaxgfvlwsljfha5a3ihg9s0cy4lpzxmagvz00nhbpvf", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.66-hardened1/linux-hardened-5.10.66-hardened1.patch" + "name": "linux-hardened-5.10.67-hardened1.patch", + "sha256": "1yvfqkcffrva9hf4ns0jkksnvkj58h87msim0yhanlyp5jyz3l1p", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.67-hardened1/linux-hardened-5.10.67-hardened1.patch" }, "5.13": { "extra": "-hardened1", From 0731d03f57113e3cdc98b3f18695c28262e51d18 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:41:38 +0000 Subject: [PATCH 6/9] linux/hardened/patches/5.13: 5.13.18-hardened1 -> 5.13.19-hardened1 (cherry picked from commit a41022ed40d070bb23a365e4c3ee80618a3bb2cd) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 0f17e125dfc..fe50c06a1ed 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.13": { "extra": "-hardened1", - "name": "linux-hardened-5.13.18-hardened1.patch", - "sha256": "1cdr6l5c4j6666lvkxv30bfkhnf9sf5j7kqwc37pjk9kqmwnfbz1", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.18-hardened1/linux-hardened-5.13.18-hardened1.patch" + "name": "linux-hardened-5.13.19-hardened1.patch", + "sha256": "1cj99y2xn7l89lf4mn7arp0r98r4nmvql3ffjpngzv8hsf79xgg7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.19-hardened1/linux-hardened-5.13.19-hardened1.patch" }, "5.14": { "extra": "-hardened1", From b752e7829b25164e682ff48f59985a5099d8e58e Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 20 Sep 2021 21:41:39 +0000 Subject: [PATCH 7/9] linux/hardened/patches/5.14: 5.14.5-hardened1 -> 5.14.6-hardened1 (cherry picked from commit b8b772a1da76d38e3c4446c875326fa939d815e1) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index fe50c06a1ed..832e516e6ef 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,9 +25,9 @@ }, "5.14": { "extra": "-hardened1", - "name": "linux-hardened-5.14.5-hardened1.patch", - "sha256": "0qx7i9clxla2g59mcncg1wf07kvb5lpqkhdrc66xzpci65rq0qpd", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.5-hardened1/linux-hardened-5.14.5-hardened1.patch" + "name": "linux-hardened-5.14.6-hardened1.patch", + "sha256": "0db5jvbvrk93x745ylxwnmx6ldwhmaqdnb2hfa35j0i2xjaw4hxx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.6-hardened1/linux-hardened-5.14.6-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 4f8927c417df17c1eaf0a6fe5d84f14ebc08f56a Mon Sep 17 00:00:00 2001 From: embr Date: Sat, 4 Sep 2021 10:53:09 +0200 Subject: [PATCH 8/9] nixos/mastodon: Fix sidekiq's DB_POOL, add configurable concurrency The `services.mastodon` module currently hardcodes sidekiq's concurrency to 25, but doesn't set a DB pool size, which defaults to 5 or the number of configured web threads. (This behaviour is very strange, and arguably a mastodon bug.) This also makes sidekiq's concurrency configurable, because 25 is a tad high for the hardware I'm running it on. (cherry picked from commit e8fd7792d1eeb4ea4943cc34525da1159ab50bc9) --- nixos/modules/services/web-apps/mastodon.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index 5e24bd06ffd..e3bc70791cf 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -154,10 +154,15 @@ in { }; sidekiqPort = lib.mkOption { - description = "TCP port used by the mastodon-sidekiq service"; + description = "TCP port used by the mastodon-sidekiq service."; type = lib.types.port; default = 55002; }; + sidekiqThreads = lib.mkOption { + description = "Worker threads used by the mastodon-sidekiq service."; + type = lib.types.int; + default = 25; + }; vapidPublicKeyFile = lib.mkOption { description = '' @@ -524,9 +529,10 @@ in { wantedBy = [ "multi-user.target" ]; environment = env // { PORT = toString(cfg.sidekiqPort); + DB_POOL = toString cfg.sidekiqThreads; }; serviceConfig = { - ExecStart = "${cfg.package}/bin/sidekiq -c 25 -r ${cfg.package}"; + ExecStart = "${cfg.package}/bin/sidekiq -c ${toString cfg.sidekiqThreads} -r ${cfg.package}"; Restart = "always"; RestartSec = 20; EnvironmentFile = "/var/lib/mastodon/.secrets_env"; From 04c2339cc1179cf8e0d70227f2272b1fcd94d09d Mon Sep 17 00:00:00 2001 From: embr Date: Sat, 4 Sep 2021 11:07:04 +0200 Subject: [PATCH 9/9] nixos/mastodon: Add configurable web- and streaming concurrency Might as well do this while I'm at it. (cherry picked from commit 0d719125baee88e2e8d29e6bb2ff3100ba1b2da0) --- nixos/modules/services/web-apps/mastodon.nix | 25 ++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index e3bc70791cf..5bda7d5a5dd 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -9,6 +9,13 @@ let RAILS_ENV = "production"; NODE_ENV = "production"; + # mastodon-web concurrency. + WEB_CONCURRENCY = toString cfg.webProcesses; + MAX_THREADS = toString cfg.webThreads; + + # mastodon-streaming concurrency. + STREAMING_CLUSTER_NUM = toString cfg.streamingProcesses; + DB_USER = cfg.database.user; REDIS_HOST = cfg.redis.host; @@ -146,12 +153,30 @@ in { type = lib.types.port; default = 55000; }; + streamingProcesses = lib.mkOption { + description = '' + Processes used by the mastodon-streaming service. + Defaults to the number of CPU cores minus one. + ''; + type = lib.types.nullOr lib.types.int; + default = null; + }; webPort = lib.mkOption { description = "TCP port used by the mastodon-web service."; type = lib.types.port; default = 55001; }; + webProcesses = lib.mkOption { + description = "Processes used by the mastodon-web service."; + type = lib.types.int; + default = 2; + }; + webThreads = lib.mkOption { + description = "Threads per process used by the mastodon-web service."; + type = lib.types.int; + default = 5; + }; sidekiqPort = lib.mkOption { description = "TCP port used by the mastodon-sidekiq service.";