This release was cancelled and will be merged into the next upcoming one.

Release 2026_004 (cancelled)

Impact

25.11

• Machines will reboot to activate a changed kernel.

NixOS 25.11 platform

• fc.check-ceph: check_snapshot_restore_fill ignores certain edge cases about empty pools or missing fill stats (PL-134230)

• fc.check-ceph: check_snapshot_restore_fill refactoring away from librados python bindings (PL-131408)

• k3s: allow service users to access the default Kubernetes config file and interact with the cluster. (PL-134284)

• ceph: stagger unset of “noup” flag at maintenance leave to reduce peering storm impact (PL-133952)

• k3s: ensure that the frontend role does not set conflicting global mode options in the haproxy configuration. This should avoid issues when enabling the k3s roles in resource groups with existing haproxy configuration. (PL-135086)

• nginx/webgateway: all TLS certificates are monitored for expiration now, by connecting to the HTTPS endpoint (check names nginx_https_*) and checking the certificate file directly: ssl_cert_acme_* (as before) or ssl_cert_nginx_* (added for non-ACME certs). Before, we only generated monitoring checks for ACME certs. (PL-134018)

• k3s: introduce a new NixOS option flyingcircus.kubernetes.network.enableIPv6 for creating Kubernetes clusters with IPv6 and dual-stack networking enabled. Note that this option should only be set when creating new clusters, and should not be set for existing clusters. For further information, please see the role documentation. (PL-133774)

• Pull upstream NixOS changes, security fixes, and package updates:

  • chromedriver: 144.0.7559.59 -> 144.0.7559.96

  • chromium: 144.0.7559.59 -> 144.0.7559.96

  • element-web: 1.12.7 -> 1.12.8

  • gitaly: 18.6.3 -> 18.6.4

  • github-runner: 2.330.0 -> 2.331.0

  • gitlab: 18.6.3 -> 18.6.4

  • gitlab-container-registry: 4.33.0 -> 4.34.0

  • gitlab-ee: 18.6.3 -> 18.6.4

  • gitlab-pages: 18.6.3 -> 18.6.4

  • gitlab-workhorse: 18.6.3 -> 18.6.4

  • imagemagick6: 6.9.13-10 -> 6.9.13-38

  • k3s: 1.34.2+k3s1 -> 1.34.3+k3s1

  • k3s_1_32: 1.32.10+k3s1 -> 1.32.11+k3s1

  • k3s_1_33: 1.33.6+k3s1 -> 1.33.7+k3s1

  • linuxKernelStable: 6.12.66 -> 6.12.67

  • linuxKernelVerify: 6.12.66 -> 6.12.67

  • mastodon: 4.5.4 -> 4.5.5

Detailed Changes

• NixOS 25.11: platform code, nixpkgs/upstream changes, metadata, channel url