Home Explore Blog CI



nixpkgs
12th chunk of `nixos/doc/manual/release-notes/rl-2505.section.md`
126afb7a0513074e91280756198d9a4887d7e5aa54237dd0000000010000100c
  - Mattermost now supports peer authentication on both MySQL and Postgres database backends. Updating [](#opt-system.stateVersion) to 25.05 or later will result in peer authentication being used by default if the Mattermost server would otherwise be connecting to localhost. This is the recommended configuration.
  - Note that the Mattermost module will create an account _without_ a well-known UID if the username differs from the default (`mattermost`). If you used Mattermost with a nonstandard username, you may want to review the module changes before upgrading.

- DokuWiki with the Caddy webserver (`services.dokuwiki.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.
  If you set custom Caddy options for a DokuWiki site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.

- Wordpress with the Caddy webserver (`services.wordpress.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
  Given a site example.com, http://example.com now 301 redirects to https://example.com.
  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.

- The behavior of `services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers` was changed to not include `CCMP-256` anymore.
  Since all configured pairwise ciphers have to be supported by the radio, this caused startup failures on many devices which is hard to debug in hostapd.

- The `hardware.gkraken` module has been removed. The recommended alternative is [`programs.coolercontrol`](#opt-programs.coolercontrol.enable).

- To avoid delaying user logins unnecessarily the `multi-user.target` is no longer ordered after `network-online.target`.
  System services requiring a connection to start correctly must explicitly state so, i.e.
  ```nix
  systemd.services.<name> = {
    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];
  };
  ```
  This changed follows a deprecation period of one year started in NixOS 24.05 (see [PR #283818](https://github.com/NixOS/nixpkgs/pull/283818)).

- The values of `services.borgbackup.jobs.*.extraArgs` and other `extra*Args` options are now represented as Bash arrays. If these arguments were modified using `services.borgbackup.jobs.*.preHook`, they will need to be adjusted to append to these arrays, i.e.
  ```diff
  -extraCreateArgs="$extraCreateArgs --exclude /some/path"
  +extraCreateArgs+=("--exclude" "/some/path")
  ```

- `programs.xonsh.package` now gets overridden internally with `extraPackages` to support `programs.xonsh.extraPackages`. See `programs.xonsh.extraPackages` for more details.

- `services.nitter.guestAccounts` has been renamed to `services.nitter.sessionsFile`, for consistency with upstream. The file format is unchanged.

- `virtualisation.azure.agent` option provided by `azure-agent.nix` is replaced by `services.waagent`, and will be removed in a future release.

- The ZFS import service now respects `fileSystems.*.options = [ "noauto" ];` and does not add that pool's import service to `zfs-import.target`, meaning it will not be automatically imported at boot.

- Default file names of images generated by several builders in `system.build` have been changed as outlined in the table below.

  Names are now known at evaluation time and customizable via the new options `image.baseName`, `image.extension`, `image.fileName` and `image.filePath` with the latter returning a path relative to the derivations out path (e.g. `iso/${image.fileName` for iso images).

  | `system.build` Option    | Old Filename                                               | New Filename                                                    |
  | ------------------------ | ---------------------------------------------------------- | ----------------------------------------------------------------|
Title: NixOS 25.05: Updates to Mattermost, DokuWiki, WordPress, hostapd, GKraken, systemd, BorgBackup, Xonsh, Nitter, Azure Agent, ZFS, and System Builds
Summary
This section summarizes updates to various NixOS modules and options. Mattermost introduces peer authentication and potential user account changes. DokuWiki and WordPress on Caddy now default to HTTPS. hostapd's cipher configuration is adjusted, and the GKraken module is removed. systemd's target ordering is modified to improve login times. BorgBackup's extraArgs are now Bash arrays. Xonsh's package management is updated. Nitter's guestAccounts is renamed to sessionsFile. The Azure agent option is replaced, and ZFS import behavior is altered. Finally, default filenames for images generated by system builds are updated.