The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)
Also update description to the wording of the sshd_config man page.
`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.
The docs are updated accordingly.
3.2 KiB
Release 21.11 (“?”, 2021.11/??)
In addition to numerous new and upgraded packages, this release has the following highlights:
- Support is planned until the end of April 2022, handing over to 22.05.
Highlights
- PHP now defaults to PHP 8.0, updated from 7.4.
New Services
-
geoipupdate, a GeoIP database updater from MaxMind. Available as services.geoipupdate.
-
sourcehut, a collection of tools useful for software development. Available as services.sourcehut.
-
ucarp, an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as networking.ucarp.
Backward Incompatibilities
-
The
staticjinja
package has been upgraded from 1.0.4 to 2.0.0 -
services.geoip-updater
was broken and has been replaced by services.geoipupdate. -
PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release.
-
Those making use of
buildBazelPackage
will need to regenerate the fetch hashes (preferred), or setfetchConfigured = false;
. -
fsharp41 has been removed in preference to use the latest dotnet-sdk
-
The following F#-related packages have been removed for being unmaintaned. Please use
fetchNuGet
for specific packages.- ExtCore
- Fake
- Fantomas
- FsCheck
- FsCheck262
- FsCheckNunit
- FSharpAutoComplete
- FSharpCompilerCodeDom
- FSharpCompilerService
- FSharpCompilerTools
- FSharpCore302
- FSharpCore3125
- FSharpCore4001
- FSharpCore4117
- FSharpData
- FSharpData225
- FSharpDataSQLProvider
- FSharpFormatting
- FsLexYacc
- FsLexYacc706
- FsLexYaccRuntime
- FsPickler
- FsUnit
- Projekt
- Suave
- UnionArgParser
- ExcelDnaRegistration
- MathNetNumerics
-
programs.x2goserver
is nowservices.x2goserver
-
The following dotnet-related packages have been removed for being unmaintaned. Please use
fetchNuGet
for specific packages.- Autofac
- SystemValueTuple
- MicrosoftDiaSymReader
- MicrosoftDiaSymReaderPortablePdb
- SystemCollectionsImmutable
- SystemCollectionsImmutable131
- SystemReflectionMetadata
- NUnit350
- Deedle
- ExcelDna
- GitVersionTree
- NDeskOptions
- The
antlr
package now defaults to the 4.x release instead of the old 2.7.7 version.
Other Notable Changes
-
The setting
services.openssh.logLevel
"VERBOSE"
"INFO"
. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.However, if
services.fail2ban.enable
istrue
, thefail2ban
will override the verbosity to"VERBOSE"
, so thatfail2ban
can observe the failed login attempts from the SSH logs.