Release 2025_047 (2025-12-15)¶

Impact¶

s3users: eliminate “–gen-secret” invocation. This further reduces failure potential in our internal S3 user handling (PL-133656)
nixos/mail: correct dns.zone file with a non-default dkimSelector (PL-134262)
devhost: start VMs only after network setup ran (PL-134208)
installer: ignore failures when setting IPMI usernames
KVM hosts: fix a regression in maintenance handling (PL-134247) fc.qemu accidentally scrapped return codes set via sys.exit and replaced them with a 0, rendering maintenance guards ineffective.
Has been released as a hotfix to affected hosts ahead of schedule.
mail: fix roundcube with STARTTLS deprecation (PL-134260)

Roundcube instances on 25.11 had problems with connecting to the mail server. This change fixes this.
Pull upstream NixOS changes, security fixes, and package updates:
- chromedriver: 142.0.7444.175 -> 143.0.7499.40
- chromium: 142.0.7444.175 -> 143.0.7499.40
- element-web: 1.12.3 -> 1.12.6
- github-runner: 2.329.0 -> 2.330.0
- keycloak: 26.4.5 -> 26.4.7
- linuxKernelStable: 6.12.59 -> 6.12.60
- linuxKernelVerify: 6.12.59 -> 6.12.60
- nginxMainline: 1.29.2 -> 1.29.3
- nodejs_20: 20.19.5 -> 20.19.6
- promtail: 3.5.8 -> 3.6.2
- uv: 0.9.13 -> 0.9.15