public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge release-21.05 into staging-next-21.05

Browse Source
This commit is contained in:
github-actions[bot] 2021-09-21 18:02:23 +00:00 committed by GitHub
commit 045a7ba01b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 51 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
nixos/modules/services/web-apps/mastodon.nix
View File

@ -9,6 +9,13 @@ let
RAILS_ENV = "production"; RAILS_ENV = "production";
NODE_ENV = "production"; NODE_ENV = "production";
# mastodon-web concurrency.
WEB_CONCURRENCY = toString cfg.webProcesses;
MAX_THREADS = toString cfg.webThreads;
# mastodon-streaming concurrency.
STREAMING_CLUSTER_NUM = toString cfg.streamingProcesses;
DB_USER = cfg.database.user; DB_USER = cfg.database.user;
REDIS_HOST = cfg.redis.host; REDIS_HOST = cfg.redis.host;
@ -146,18 +153,41 @@ in {
type = lib.types.port; type = lib.types.port;
default = 55000; default = 55000;
}; };
streamingProcesses = lib.mkOption {
description = ''
Processes used by the mastodon-streaming service.
Defaults to the number of CPU cores minus one.
'';
type = lib.types.nullOr lib.types.int;
default = null;
};
webPort = lib.mkOption { webPort = lib.mkOption {
description = "TCP port used by the mastodon-web service."; description = "TCP port used by the mastodon-web service.";
type = lib.types.port; type = lib.types.port;
default = 55001; default = 55001;
}; };
webProcesses = lib.mkOption {
description = "Processes used by the mastodon-web service.";
type = lib.types.int;
default = 2;
};
webThreads = lib.mkOption {
description = "Threads per process used by the mastodon-web service.";
type = lib.types.int;
default = 5;
};
sidekiqPort = lib.mkOption { sidekiqPort = lib.mkOption {
description = "TCP port used by the mastodon-sidekiq service"; description = "TCP port used by the mastodon-sidekiq service.";
type = lib.types.port; type = lib.types.port;
default = 55002; default = 55002;
}; };
sidekiqThreads = lib.mkOption {
description = "Worker threads used by the mastodon-sidekiq service.";
type = lib.types.int;
default = 25;
};
vapidPublicKeyFile = lib.mkOption { vapidPublicKeyFile = lib.mkOption {
description = '' description = ''
@ -524,9 +554,10 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = env // { environment = env // {
PORT = toString(cfg.sidekiqPort); PORT = toString(cfg.sidekiqPort);
DB_POOL = toString cfg.sidekiqThreads;
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/sidekiq -c 25 -r ${cfg.package}"; ExecStart = "${cfg.package}/bin/sidekiq -c ${toString cfg.sidekiqThreads} -r ${cfg.package}";
Restart = "always"; Restart = "always";
RestartSec = 20; RestartSec = 20;
EnvironmentFile = "/var/lib/mastodon/.secrets_env"; EnvironmentFile = "/var/lib/mastodon/.secrets_env";

18
pkgs/os-specific/linux/kernel/hardened/patches.json
View File

@ -13,21 +13,21 @@
}, },
"5.10": { "5.10": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-5.10.66-hardened1.patch", "name": "linux-hardened-5.10.67-hardened1.patch",
"sha256": "0pj5ja28byaxgfvlwsljfha5a3ihg9s0cy4lpzxmagvz00nhbpvf", "sha256": "1yvfqkcffrva9hf4ns0jkksnvkj58h87msim0yhanlyp5jyz3l1p",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.66-hardened1/linux-hardened-5.10.66-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.67-hardened1/linux-hardened-5.10.67-hardened1.patch"
}, },
"5.13": { "5.13": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-5.13.18-hardened1.patch", "name": "linux-hardened-5.13.19-hardened1.patch",
"sha256": "1cdr6l5c4j6666lvkxv30bfkhnf9sf5j7kqwc37pjk9kqmwnfbz1", "sha256": "1cj99y2xn7l89lf4mn7arp0r98r4nmvql3ffjpngzv8hsf79xgg7",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.18-hardened1/linux-hardened-5.13.18-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.13.19-hardened1/linux-hardened-5.13.19-hardened1.patch"
}, },
"5.14": { "5.14": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-5.14.5-hardened1.patch", "name": "linux-hardened-5.14.6-hardened1.patch",
"sha256": "0qx7i9clxla2g59mcncg1wf07kvb5lpqkhdrc66xzpci65rq0qpd", "sha256": "0db5jvbvrk93x745ylxwnmx6ldwhmaqdnb2hfa35j0i2xjaw4hxx",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.5-hardened1/linux-hardened-5.14.5-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.6-hardened1/linux-hardened-5.14.6-hardened1.patch"
}, },
"5.4": { "5.4": {
"extra": "-hardened1", "extra": "-hardened1",

4
pkgs/os-specific/linux/kernel/linux-5.10.nix
View File

@ -3,7 +3,7 @@
with lib; with lib;
buildLinux (args // rec { buildLinux (args // rec {
version = "5.10.66"; version = "5.10.67";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed # modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,7 +13,7 @@ buildLinux (args // rec {
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "19y8zh6wvjzj55kynfpgm3zbapyhwsqkgilycvmbjr6ipfxhdyjx"; sha256 = "10lap66d84s1cfakbgfsbabgxm42060c4wcvpzxbi4r5g2m40mwc";
}; };
kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ];

4
pkgs/os-specific/linux/kernel/linux-5.13.nix
View File

@ -3,7 +3,7 @@
with lib; with lib;
buildLinux (args // rec { buildLinux (args // rec {
version = "5.13.18"; version = "5.13.19";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed # modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,7 +13,7 @@ buildLinux (args // rec {
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0iqz34yjbk5zg8wc9majq7afg34nsgi0yxn0j4k3xrn22kyl2dm2"; sha256 = "0yxbcd1k4l4cmdn0hzcck4s0yvhvq9fpwp120dv9cz4i9rrfqxz8";
}; };
kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ];

4
pkgs/os-specific/linux/kernel/linux-5.14.nix
View File

@ -3,7 +3,7 @@
with lib; with lib;
buildLinux (args // rec { buildLinux (args // rec {
version = "5.14.5"; version = "5.14.6";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed # modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1zbcai5q1b5hjc3xhg05pghj5iyb0xsvrqyrazzmhrfbsqf8s5k5"; sha256 = "1v6cicakpg0fdp74r2a4h46sj7rzpjdf4cscbr8y67kpd098r12l";
}; };
} // (args.argsOverride or { })) } // (args.argsOverride or { }))

6
pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
View File

@ -6,7 +6,7 @@
, ... } @ args: , ... } @ args:
let let
version = "5.10.59-rt52"; # updated by ./update-rt.sh version = "5.10.65-rt53"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version; branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0; kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // { in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "107anv16khx055rpkvfd532rdcfg4ffbs7bhp45hdqi3bz0ssg1k"; sha256 = "0riyq1gdm18642fpnhpcw8hspcjqzprzhqnygjxabjjvrvdxxlzd";
}; };
kernelPatches = let rt-patch = { kernelPatches = let rt-patch = {
name = "rt"; name = "rt";
patch = fetchurl { patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "0i66z1njppn9qvl8msarcgbvmgby6hv8w0k0rmlizwj09i1pmwdx"; sha256 = "1sxyic3895dch3x7cabiip5lxv9wqypn22hcy02jg9825260cmd3";
}; };
}; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;