Release 2025_009 (2025-04-07)¶

Impact¶

docker: enable IP forwarding when the docker role is enabled, in order to allow containers to access external services. (PL-133589)
Remove SSL Stapling from the default Nginx configuration since the default CA for NixOS provisioned certificates (Let’s Encrypt) is ending OCSP support in 2025 (PL-133259)
Make managing the IPMI admin username optional. Some machines do not support changing the name. (PL-133561)
postgresql: pgvectorscale extension is now available as a package
Pull upstream NixOS changes, security fixes and package updates:
- auditbeat7-oss: 7.17.16 -> 7.17.27
- chromedriver: 134.0.6998.88 -> 134.0.6998.165
- chromium: 134.0.6998.88 -> 134.0.6998.165
- filebeat7-oss: 7.17.16 -> 7.17.27
- firefox: 136.0.2 -> 136.0.3
- gitaly: 17.9.2 -> 17.9.3
- gitlab: 17.9.2 -> 17.9.3
- gitlab-container-registry: 4.17.1 -> 4.19.0
- gitlab-ee: 17.9.2 -> 17.9.3
- gitlab-pages: 17.9.2 -> 17.9.3
- gitlab-workhorse: 17.9.2 -> 17.9.3
- k3s: 1.31.6+k3s1 -> 1.31.7+k3s1
- k3s_1_29: 1.29.14+k3s1 -> 1.29.15+k3s1
- k3s_1_30: 1.30.10+k3s1 -> 1.30.11+k3s1
- k3s_1_31: 1.31.6+k3s1 -> 1.31.7+k3s1
- linuxKernelStable: 6.6.83 -> 6.6.85
- linuxKernelVerify: 6.6.83 -> 6.6.85
- mastodon: 4.3.4 -> 4.3.6
- matrix-synapse: 1.126.0 -> 1.127.1
- nix: 2.24.12 -> 2.24.13
- percona-server: 8.4.3-3 -> 8.4.4-4
- strace: 6.13 -> 6.14