Release 2025_036 (2025-10-06)¶
Impact¶
25.05¶
grafana.service will be restarted
NixOS 25.05 platform¶
loghost/graylog: Fix LDAP by pinning Java to a known good version. (PL-133980)
hardware: remove settings for aggressive filesystem caching which are no longer appropriate with widespread adoption of SSD-backed storage from the default hardware profile.
Add a NixOS option
increaseVfsCacheWeight
in the backyserver role to allow enabling the previous behaviour on old HDD-based backup servers which may still benefit from increased caching. (PL-133712)nixos/nginx: add deprecation warning for
virtualHosts.<name>.emailACME
as this option is deprecated and will be removed with fc-nixos 25.11 (PL-131381)nixos/statshost: Disable default insecure admin user (PL-134036)
Currently, we have an insecure default admin activated, as this is the grafana default. With this change, this user is disabled on new installations and our AppOps team will disable the user on existing instances.
nixos/nginx: Add warning for implicitly enabled
flyingcircus.services.nginx.virtualHosts.<name>.enableACME
as this behavior is deprecated and will be removed with fc-nixos 25.11 (PL-131381)Pull upstream NixOS changes, security fixes, and package updates:
chromedriver: 140.0.7339.185 -> 140.0.7339.207
chromium: 140.0.7339.185 -> 140.0.7339.207
firefox: 143.0 -> 143.0.1
gitaly: 18.3.2 -> 18.4.0
gitlab: 18.3.2 -> 18.4.0
gitlab-ee: 18.3.2 -> 18.4.0
gitlab-pages: 18.3.2 -> 18.4.0
gitlab-workhorse: 18.3.2 -> 18.4.0
mastodon: 4.3.12 -> 4.3.13
phpPackages.composer: 2.8.11 -> 2.8.12
Detailed Changes¶
NixOS 25.05: platform code, nixpkgs/upstream changes, metadata, channel url