Release 2025_009 (2025-04-07)

Impact

24.11

  • Machines will schedule a maintenance reboot to activate the changed kernel.

NixOS 24.11 platform

  • docker: enable IP forwarding when the docker role is enabled, in order to allow containers to access external services. (PL-133589)

  • Remove SSL Stapling from the default Nginx configuration since the default CA for NixOS provisioned certificates (Let’s Encrypt) is ending OCSP support in 2025 (PL-133259)

  • Make managing the IPMI admin username optional. Some machines do not support changing the name. (PL-133561)

  • postgresql: pgvectorscale extension is now available as a package

  • Pull upstream NixOS changes, security fixes and package updates:

    • auditbeat7-oss: 7.17.16 -> 7.17.27

    • chromedriver: 134.0.6998.88 -> 134.0.6998.165

    • chromium: 134.0.6998.88 -> 134.0.6998.165

    • filebeat7-oss: 7.17.16 -> 7.17.27

    • firefox: 136.0.2 -> 136.0.3

    • gitaly: 17.9.2 -> 17.9.3

    • gitlab: 17.9.2 -> 17.9.3

    • gitlab-container-registry: 4.17.1 -> 4.19.0

    • gitlab-ee: 17.9.2 -> 17.9.3

    • gitlab-pages: 17.9.2 -> 17.9.3

    • gitlab-workhorse: 17.9.2 -> 17.9.3

    • k3s: 1.31.6+k3s1 -> 1.31.7+k3s1

    • k3s_1_29: 1.29.14+k3s1 -> 1.29.15+k3s1

    • k3s_1_30: 1.30.10+k3s1 -> 1.30.11+k3s1

    • k3s_1_31: 1.31.6+k3s1 -> 1.31.7+k3s1

    • linuxKernelStable: 6.6.83 -> 6.6.85

    • linuxKernelVerify: 6.6.83 -> 6.6.85

    • mastodon: 4.3.4 -> 4.3.6

    • matrix-synapse: 1.126.0 -> 1.127.1

    • nix: 2.24.12 -> 2.24.13

    • percona-server: 8.4.3-3 -> 8.4.4-4

    • strace: 6.13 -> 6.14

Detailed Changes