Release 2025_006 (2025-03-10)

Impact

24.11

• Restart of nix-daemon.

• machines will schedule a maintenance reboot to activate the changed kernel

NixOS 24.05 platform

• Remove anti-spam DNS blacklist Manitu, which has been discontinued. (PL-133519)

  • released ahead of schedule as hotfix on affected mailserver hosts

NixOS 24.11 platform

• Add 24.11 to our physical installer and improve IPXE settings editor.

• matomo: improve cleanup of unwanted files after upgrading from matomo4 to matomo5 (PL-133012)

• install python-3.11 by default in addition to the default python-3.12

• fc-ipmitool: use shell as the default command.

• devhost: fix cleanup of old development VMs (PL-133467)

• Nix: downgrade production VMs to 2.18 (and upgrade the rest to 2.25).

  Due to a significant performance regression in 2.24, Nix will be rolled back to 2.18, the default from 24.05 and 23.11. Staging machines will get Nix 2.25 as a preparation for upgrading the entire platform to 2.25.

• Pull upstream NixOS changes, security fixes and package updates:

  • cacert: 3.107 -> 3.108

  • chromedriver: 133.0.6943.98 -> 133.0.6943.141

  • chromium: 133.0.6943.98 -> 133.0.6943.141

  • curl: 8.11.1 -> 8.12.1

  • firefox: 135.0 -> 135.0.1

  • gitaly: 17.8.2 -> 17.9.1

  • gitlab: 17.8.2 -> 17.9.1

  • gitlab-container-registry: 4.15.2 -> 4.16.0

  • gitlab-ee: 17.8.2 -> 17.9.1

  • gitlab-pages: 17.8.2 -> 17.9.1

  • gitlab-workhorse: 17.8.2 -> 17.9.1

  • go: 1.23.5 -> 1.23.6

  • go_1_23: 1.23.5 -> 1.23.6

  • grafana: 11.3.3 -> 11.3.4

  • imagemagick: 7.1.1-40 -> 7.1.1-43

  • iperf3: 3.17.1 -> 3.18

  • k3s: 1.31.4+k3s1 -> 1.31.6+k3s1

  • k3s_1_29: 1.29.12+k3s1 -> 1.29.14+k3s1

  • k3s_1_30: 1.30.8+k3s1 -> 1.30.10+k3s1

  • k3s_1_31: 1.31.4+k3s1 -> 1.31.6+k3s1

  • keycloak: 26.1.2 -> 26.1.3

  • libxml2: 2.13.5 -> 2.13.6

  • linuxKernelStable: 6.6.77 -> 6.6.80

  • linuxKernelVerify: 6.6.77 -> 6.6.80

  • mastodon: 4.3.3 -> 4.3.4

  • matrix-synapse: 1.124.0 -> 1.125.0

  • nodejs: 20.18.1 -> 20.18.3

  • nodejs_18: 18.20.6 -> 18.20.7

  • nodejs_20: 20.18.1 -> 20.18.3

  • openssh: 9.9p1 -> 9.9p2

  • openssl: 3.3.2 -> 3.3.3

  • openssl_3: 3.0.15 -> 3.0.16

  • php83: 8.3.16 -> 8.3.17

  • php84: 8.4.3 -> 8.4.4

  • postfix: 3.9.1 -> 3.9.3

  • postgresql: 16.6 -> 16.8

  • postgresql_13: 13.18 -> 13.20

  • postgresql_14: 14.15 -> 14.17

  • postgresql_15: 15.10 -> 15.12

  • postgresql_16: 16.6 -> 16.8

  • postgresql_17: 17.2 -> 17.4

  • vim: 9.1.0787 -> 9.1.1046

• routers: fix traffic accounting with pmacctd by binding to correct interface again (PL-133497)

  • this was already released as a hotfix ahead of schedule on all affected machines

• Remove anti-spam DNS blacklist ix.dnsbl.manitu.net Manitu, which has been discontinued. (PL-133519)

  • released ahead of schedule as hotfix on affected mailserver hosts

Detailed Changes

• NixOS 24.05: platform code, metadata, channel url

• NixOS 24.11: platform code, metadata, channel url