Release 2025_007 (2025-03-24)

Impact

24.05

• rabbitmq users: When running multiple VMs with the rabbitmq role in the same RG, feature flags need to be enabled manually after the upgrade to prepare for later updates.

• rabbitmq will be restarted due to a version upgrade

24.11

• rabbitmqadmin-ng is now installed by default on machines with the rabbitmq role.

• Devhost VMs get restarted

• machines will schedule a maintennace reboot to activate the changed kernel

NixOS 24.05 platform

• rabbitmq-server: 3.12.13 -> 3.13.7

  • necessary preparation for the update to rabbitmq-server 4.x in NixOS 24.11

NixOS 24.11 platform

• nginx, monitoring: also check validity of ACME (Letsencrypt) certificates that are not used for nginx HTTPS. There are two separate checks now: all ACME certs are checked via the local file system. Certificates used for nginx HTTPS get an additional check that works like the previous one, using HTTPS requests. We still assume here that nginx is listening for HTTPS on port 443. For special configurations, the sensu check command has to be overridden manually.

• devhost: stop VMs gracefully (PL-133536)

• percona83: bring back role to allow upgrading existing VMs from platform 24.05

  • percona-8.3.x is already end-of-life, we do not recommend adopting this role for new VMs

  • percona80 continues to be supported as a long-term support release thoughout the 24.11 platform version

• hardware: unload the XHCI USB driver at shutdown to work around a problem with certain kernel and hardware combinations improperly deconfiguring USB devices at shutdown (PL-133421).

• varnish: fix varnish_http sensu check execution, also check IPv6 bind addresses (PL-133554)

• issue trace messages when nixpkgs-21.05 is evaluated (PL-33522)

  • We still use parts of nixpkgs-21.05 for certain hardware and infrastructure features. As we generally do not expect it to be used in virtual machines though, emit a trace during evaluation to discover cases that differ.

• Monitoring for network interface speed: remove the limit for maximum speeds and make a more differentiated expectation around where we expect 1G or 10G+ links. (PL-133472)

• devhost: improve error handling in image download (PL-133539)

• Pull upstream NixOS changes, security fixes and package updates:

  • chromedriver: 133.0.6943.141 -> 134.0.6998.88

  • chromium: 133.0.6943.141 -> 134.0.6998.88

  • element-web: 1.11.91 -> 1.11.95

  • erlang: 25.3.2.16 -> 25.3.2.18

  • firefox: 135.0.1 -> 136.0.1

  • gitaly: 17.9.1 -> 17.9.2

  • gitlab: 17.9.1 -> 17.9.2

  • gitlab-container-registry: 4.16.0 -> 4.17.1

  • gitlab-ee: 17.9.1 -> 17.9.2

  • gitlab-pages: 17.9.1 -> 17.9.2

  • gitlab-workhorse: 17.9.1 -> 17.9.2

  • imagemagick: 7.1.1-43 -> 7.1.1-45

  • keycloak: 26.1.3 -> 26.1.4

  • linuxKernelStable: 6.6.80 -> 6.6.83

  • linuxKernelVerify: 6.6.80 -> 6.6.83

  • matrix-synapse: 1.125.0 -> 1.126.0

  • nss_latest: 3.108 -> 3.109

  • percona: 8.0.40-31 -> 8.0.41-32

  • percona-server_8_0: 8.0.40-31 -> 8.0.41-32

  • percona80: 8.0.40-31 -> 8.0.41-32

  • php81: 8.1.31 -> 8.1.32

  • php82: 8.2.27 -> 8.2.28

  • php83: 8.3.17 -> 8.3.19

  • php84: 8.4.4 -> 8.4.5

Detailed Changes

• NixOS 24.05: platform code, nixpkgs/upstream changes, metadata, channel url

• NixOS 24.11: platform code, nixpkgs/upstream changes, metadata, channel url