Release 2025_009 (2025-04-07)¶
Impact¶
24.11¶
Machines will schedule a maintenance reboot to activate the changed kernel.
NixOS 24.11 platform¶
docker: enable IP forwarding when the docker role is enabled, in order to allow containers to access external services. (PL-133589)
Remove SSL Stapling from the default Nginx configuration since the default CA for NixOS provisioned certificates (Let’s Encrypt) is ending OCSP support in 2025 (PL-133259)
Make managing the IPMI admin username optional. Some machines do not support changing the name. (PL-133561)
postgresql: pgvectorscale extension is now available as a package
Pull upstream NixOS changes, security fixes and package updates:
auditbeat7-oss: 7.17.16 -> 7.17.27
chromedriver: 134.0.6998.88 -> 134.0.6998.165
chromium: 134.0.6998.88 -> 134.0.6998.165
filebeat7-oss: 7.17.16 -> 7.17.27
firefox: 136.0.2 -> 136.0.3
gitaly: 17.9.2 -> 17.9.3
gitlab: 17.9.2 -> 17.9.3
gitlab-container-registry: 4.17.1 -> 4.19.0
gitlab-ee: 17.9.2 -> 17.9.3
gitlab-pages: 17.9.2 -> 17.9.3
gitlab-workhorse: 17.9.2 -> 17.9.3
k3s: 1.31.6+k3s1 -> 1.31.7+k3s1
k3s_1_29: 1.29.14+k3s1 -> 1.29.15+k3s1
k3s_1_30: 1.30.10+k3s1 -> 1.30.11+k3s1
k3s_1_31: 1.31.6+k3s1 -> 1.31.7+k3s1
linuxKernelStable: 6.6.83 -> 6.6.85
linuxKernelVerify: 6.6.83 -> 6.6.85
mastodon: 4.3.4 -> 4.3.6
matrix-synapse: 1.126.0 -> 1.127.1
nix: 2.24.12 -> 2.24.13
percona-server: 8.4.3-3 -> 8.4.4-4
strace: 6.13 -> 6.14
Detailed Changes¶
NixOS 24.11: platform code, nixpkgs/upstream changes, metadata, channel url