Home Explore Blog CI



nixpkgs
16th chunk of `nixos/doc/manual/release-notes/rl-2505.section.md`
d7930d8b51f04e3bfd3e13cf63b70f9adee69934d7d2af6b0000000100000fc3
- The `nixos-generate-config` command now supports a optional `--flake` option, which will generate a flake.nix file alongside the `configuration.nix` and `hardware-configuration.nix`, providing an easy introduction into flake-based system configurations.

- [`system.stateVersion`](#opt-system.stateVersion) is now validated and must be in the `"YY.MM"` format, ideally corresponding to a prior NixOS release.

- [`hardware.xone`](#opt-hardware.xone.enable) will also enable [`hardware.xpad-noone`](#opt-hardware.xpad-noone.enable) to provide Xbox 360 driver by default.

- `services.mysql` now supports easy cluster setup via [`services.mysql.galeraCluster`](#opt-services.mysql.galeraCluster.enable) option.

  Example:

  ```nix
  services.mysql = {
    enable = true;
    galeraCluster = {
      enable = true;
      localName = "Node 1";
      localAddress = "galera_01";
      nodeAddresses = [ "galera_01" "galera_02" "galera_03"];
    };
  };
  ```

- systemd's {manpage}`systemd-ssh-generator(8)` now works out of the box on NixOS.
  - You can ssh into VMs without any networking configuration if your hypervisor configures the vm to support AF_VSOCK.
    It still requires the usual ssh authentication methods.
  - An SSH key for the root user can be provisioned using the `ssh.authorized_keys.root` systemd credential.
    This can be useful for booting an installation image and providing the SSH key with an smbios string.
  - SSH can be used for suid-less privilege escalation on the local system without having to rely on networking:
    ```shell
    ssh root@.host
    ```
  - systemd's {manpage}`systemd-ssh-proxy(1)` is enabled by default. It can be disabled using [`programs.ssh.systemd-ssh-proxy.enable`](#opt-programs.ssh.systemd-ssh-proxy.enable).

- SSH host key generation has been separated into the dedicated systemd service sshd-keygen.service.

- [`services.dex`](#opt-services.dex.enable) now restarts upon changes to the [`.environmentFile`](#opt-services.dex.environmentFile) option or `path` type entries in `.settings.staticClients[].secretFile`.

- [`services.geoclue2`](#opt-services.geoclue2.enable) now has an `enableStatic` option, which allows the NixOS configuration to specify a fixed location for GeoClue to use.

- [`services.mongodb`](#opt-services.mongodb.enable) is now compatible with the `mongodb-ce` binary package. To make use of it, set [`services.mongodb.package`](#opt-services.mongodb.package) to `pkgs.mongodb-ce`.

- [`services.jupyter`](#opt-services.jupyter.enable) is now compatible with `Jupyter Notebook 7`. See [the migration guide](https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html) for details.

- `networking.wireguard` now has an optional networkd backend. It is enabled by default when `networking.useNetworkd` is enabled, and it can be enabled alongside scripted networking with `networking.wireguard.useNetworkd`. Some `networking.wireguard` options have slightly different behavior with the networkd and script-based backends, documented in each option.

- `services.rss-bridge` now has a `package` option as well as support for `caddy` as reverse proxy.

- `services.avahi.ipv6` now defaults to true.

- In the `services.xserver.displayManager.startx` module, two new options [generateScript](#opt-services.xserver.displayManager.startx.generateScript) and [extraCommands](#opt-services.xserver.displayManager.startx.extraCommands) have been added to to declaratively configure the .xinitrc script.

- All services that require a root certificate bundle now use the value of a new read-only option, `security.pki.caBundle`.

- [`services.hddfancontrol`](#opt-services.hddfancontrol.enable) has been modified to use an attribute set for settings, enabling configurations with multiple instances of the daemon running at once (e.g., for two separate drive bays).

- `services.cloudflared` now uses a dynamic user, and its `user` and `group` options have been removed. If the user or group is still necessary, they can be created manually.
Title: NixOS 25.05: Miscellaneous Updates - Flakes, System Versions, Networking, and Service Enhancements
Summary
This section details updates in NixOS 25.05, including: `nixos-generate-config` now supporting `--flake`, validation of `system.stateVersion`, enabling `hardware.xpad-noone` with `hardware.xone`, easy `services.mysql` cluster setup, systemd's `systemd-ssh-generator(8)` enhancements (VM SSH via AF_VSOCK), and SSH host key generation in `sshd-keygen.service`. Also, `services.dex` restarts on environment file changes, `services.geoclue2` has `enableStatic`, `services.mongodb` is compatible with `mongodb-ce`, `services.jupyter` with Notebook 7, `networking.wireguard` has networkd backend, `services.rss-bridge` adds package option and Caddy support, `services.avahi.ipv6` is true by default, `services.xserver.displayManager.startx` gains script options, services use `security.pki.caBundle`, `services.hddfancontrol` uses an attribute set, and `services.cloudflared` uses a dynamic user.