| openstackImage           | nixos.qcow2                                                | nixos-image-openstack-25.05pre-git-x86_64-linux.qcow2           |
  | sdImage                  | nixos-sd-image-25.05pre-git-x86_64-linux.img.zst           | nixos-image-sd-card-25.05pre-git-x86_64-linux.img.zst           |
  | tarball (lxc-container)  | nixos-system-x86_64-linux.tar.xz                           | nixos-image-lxc-25.05pre-git-x86_64-linux.tar.xz                |
  | tarball (proxmox-lxc)    | nixos-system-x86_64-linux.tar.xz                           | nixos-image-lxc-proxmox-25.05pre-git-x86_64-linux.tar.xz        |
  | vagrantVirtualbox        | nixos-25.05pre-git-x86_64-linux.ova                        | nixos-image-virtualbox-25.05pre-git-x86_64-linux.ova            |
  | virtualBoxOVA            | virtualbox-vagrant.box                                     | nixos-image-vagrant-virtualbox-25.05pre-git-x86_64-linux.ova    |
  | vmwareImage              | nixos-25.05pre-git-x86_64-linux.vmdk                       | nixos-image-vmware-25.05pre-git-x86_64-linux.vmdk               |

- `security.apparmor.policies.<name>.enforce` and `security.apparmor.policies.<name>.enable` were removed.
  Configuring the state of apparmor policies must now be done using `security.apparmor.policies.<name>.state` tristate option.

- `services.graylog.package` now defaults to `graylog-6_0` as previous default `graylog-5_1` is EOL and therefore removed.
  Check the migration guides on [5.1→5.2](https://go2docs.graylog.org/5-2/upgrading_graylog/upgrading_to_graylog_5.2.x.htm) and [5.2→6.0](https://go2docs.graylog.org/6-0/upgrading_graylog/upgrading_to_graylog_6.0.x.html) for breaking changes.

- `programs.clash-verge.tunMode` was deprecated and removed because now service mode is necessary to start program. Without `programs.clash-verge.enable`, clash-verge-rev will refuse to start.
- `services.discourse` now requires PostgreSQL 15 per default. Please update before upgrading.

- `services.homepage-dashboard` now requires the `allowedHosts` option to be set in accordance with the [documentation](https://gethomepage.dev/installation/#homepage_allowed_hosts).

- `luakit` has been updated to 2.4.0. If you use any website which uses IndexedDB or local storage and wish to retain the saved information, [some manual intervention may be required](https://luakit.github.io/news/luakit-2.4.0.html)

- `services.netbird.tunnels` was renamed to [`services.netbird.clients`](#opt-services.netbird.clients),
  hardened (using dedicated less-privileged users) and significantly extended.

- `services.rsyncd.settings` now supports only two attributes `sections` and `globalSection`.
  As a result, all sections previously defined under `services.rsyncd.settings` must now be put in `services.rsyncd.settings.sections`.
  Global settings must now be placed in `services.rsyncd.settings.globalSection` instead of `services.rsyncd.settings.global`.

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

## Other Notable Changes {#sec-release-25.05-notable-changes}

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

- `virtualisation.containers` with backend "podman" now supports rootless containers and `sd_notify(3)`-integration
  based on container healthchecks.

- Cinnamon has been updated to 6.4, please check the [upstream announcement](https://www.linuxmint.com/rel_xia_whatsnew.php) for more details.
  - Following [changes in Mint 22](https://github.com/linuxmint/mintupgrade/commit/f239cde908288b8c250f938e7311c7ffbc16bd59) we are no longer overriding Qt application styles. You can still restore the previous default with `qt.style = "gtk2"` and `qt.platformTheme = "gtk2"`.
  - Following [changes in Mint 20](https://github.com/linuxmint/mintupgrade-legacy/commit/ce15d946ed9a8cb8444abd25088edd824bfb18f6) we are replacing xplayer with celluloid since xplayer is no longer maintained.