- The Factor programming language packages were reworked. `factor-lang-scope` is now named `factorPackages` and provides a `buildFactorApplication` function to deploy Factor programs as binaries. It has also received proper documentation in the Nixpkgs manual.
- The packaging of Mesa graphics drivers has been significantly reworked, in particular:
- Applications linked against different Mesa versions than installed on the system should now work correctly going forward (however, applications against older Mesa, e.g. from Nixpkgs releases before 25.05, remain broken)
- Packages that used to depend on Mesa for libgbm or libdri should use `libgbm` or `dri-pkgconfig-stub` as inputs, respectively
- OpenSSH has been updated from 9.9p2 to 10.0p2, dropping support for DSA keys and adding a new `ssh-auth` binary to handle user authentication in a different address space from unauthenticated sessions. Additionally, we now enable a configure option by default that attempts to lock sshd into RAM to prevent it from being swapped out, which may improve performance if the system is under memory pressure. See the [full changelog](https://www.openwall.com/lists/oss-security/2025/04/09/1) for more details.
- Emacs has been updated to 30.1.
This introduces some backwards‐incompatible changes; see the NEWS for details.
NEWS can been viewed from Emacs by typing `C-h n`, or by clicking `Help->Emacs News` from the menu bar.
It can also be browsed [online](https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30).
- The `intel` video driver for X.org (from the xf86-video-intel package, which was previously removed because it was non-functional) has been fixed and the driver has been re-introduced.
- The default openexr version has been updated to 3.2.4.
- The default PHP version has been updated to 8.4.
@@ -56,6 +64,8 @@
The hook can be disabled by providing `dontCheckForBrokenSymlinks = true;` as an argument to `mkDerivation`.
For more information, [check the docs](https://nixos.org/manual/nixpkgs/unstable/#no-broken-symlinks.sh) or [see this PR](https://github.com/NixOS/nixpkgs/pull/370750).
-`gkraken` has been removed. The recommended alternative is `coolercontrol`.
-`opensmtpd-extras` has been deprecated by upstream and is not compatible with
OpenSMTPD 7.6.0 or later. The package has been removed in favor of a set of new
`opensmtpd-table-*` packages.
@@ -64,20 +74,42 @@
configuration settings. Notably, it now defaults to listening on a socket
rather than a port. See [Migrating from version 1.x](https://github.com/roehling/postsrsd/blob/2.0.10/README.rst#migrating-from-version-1x) and [Postfix Setup](https://github.com/roehling/postsrsd?tab=readme-ov-file#postfix-setup) for details.
-`renovate` was updated to v39. See the [upstream release notes](https://docs.renovatebot.com/release-notes-for-major-versions/#version-39) for breaking changes.
Like upstream's docker images, renovate now runs on NodeJS 22.
- The hand written `perlPackages.SearchXapian` bindings have been dropped in favor of the (mostly compatible)
`perlPackages.Xapian`.
-`varnish` was updated from 7.5.0 to 7.7.0, see [Varnish 7.6.0 upgrade guide](https://varnish-cache.org/docs/7.6/whats-new/upgrading-7.6.html) and
- The `config` triple for `aarch64-darwin` has been changed from `aarch64-apple-darwin` to `arm64-apple-darwin` to match the Apple toolchain and LLVM’s expectations.
- The `electron` packages will now provide their headers (available via `electron.headers`) in extracted form instead of in a tarball.
- The udev rules of the `libjaylink` package require users to be in the `jlink` instead of `plugdev` group now, since the `plugdev` group is very uncommon for NixOS. Alternatively, access is granted to seat sessions.
- The `ephemeral` package was removed due to upstream archival in early 2022.
- The `gotenberg` package has been updated to 8.16.0, which brings breaking changes to the configuration from version 8.13.0. See the [upstream release notes](https://github.com/gotenberg/gotenberg/releases/tag/v8.13.0) for that release to get all the details.
-`zammad` has had its support for MySQL removed, since it was never working correctly and is now deprecated upstream. Check the [migration guide](https://docs.zammad.org/en/latest/appendix/migrate-to-postgresql.html) for how to convert your database to PostgreSQL.
- The `vocal` package was removed due to upstream archival. The upstream developer suggests using `gnome-podcasts` or `kasts` instead.
-`timescaledb` requires manual upgrade steps.
After you run ALTER EXTENSION, you must run [this SQL script](https://github.com/timescale/timescaledb-extras/blob/master/utils/2.15.X-fix_hypertable_foreign_keys.sql). For more details, see the following pull requests [#6797](https://github.com/timescale/timescaledb/pull/6797).
PostgreSQL 13 is no longer supported in TimescaleDB v2.16.
-`paperless-ngx` has been updated to minor version 2.15 which switched the web server from Gunicorn to Granian. If you set Gunicorn specific envs (usually contain GUNICORN) they must be updated.
-[testers.shellcheck](https://nixos.org/manual/nixpkgs/unstable/#tester-shellcheck) now warns when `name` is not provided.
The `name` argument will become mandatory in a future release.
-`tauon` 7.9.0+ when launched for the first time, migrates its database to a new schema that is not backwards compatible. Older versions will refuse to start at all with that database afterwards. If you need to still use older tauon versions, make sure to back up `~/.local/share/TauonMusicBox`.
-`aws-workspaces` has dropped support for PCoiP networking.
-[GIMP 3.0](https://www.gimp.org/news/2025/03/16/gimp-3-0-released/) available as `gimp3`.
-`grafana-agent` and `services.grafana-agent` have been removed in favor of
@@ -86,10 +118,35 @@
Grafana recommends migrating to `grafana-alloy` (`services.alloy`).
See https://grafana.com/docs/alloy/latest/set-up/migrate/ for details.
-`slskd` has been updated to v0.22.3, which includes breaking changes to `script` integrations. Please review the [changelog](https://github.com/slskd/slskd/releases/tag/0.22.3)
and the accompanying [pull request](https://github.com/slskd/slskd/pull/1292).
-`forgejo` and `forgejo-lts` have been updated to v11.
See upstreams [release blog post](https://forgejo.org/2025-04-release-v11-0/) for more information.
-`unifi` has been updated to v9.1.
This version should be backward compatible with v8.x, however as a result, `unifi8` package has been removed.
-`xdragon` package has been renamed to `dragon-drop`.
`xdragon` is an alias to `dragon-drop` and the package still provides `bin/xdragon`.
`bin/dragon` is no longer supplied.
-`python3Packages.bpycv` has been removed due to being incompatible with Blender 4 and unmaintained.
-`python3Packages.jaeger-client` was removed because it was deprecated upstream. [OpenTelemetry](https://opentelemetry.io) is the recommended replacement.
-`rocmPackages_6` has been updated to ROCm 6.3.
-`rocmPackages_5` has been removed.
-`rocmPackages.rocm-thunk` has been removed and its functionality has been integrated with the ROCm CLR. Use `rocmPackages.clr` instead.
-`rocmPackages.clang-ocl` has been removed. [It was deprecated by AMD in 2023.](https://github.com/ROCm/clang-ocl)
-`nodePackages.meshcommander` has been removed, as the package was deprecated by Intel.
- The default version of `z3` has been updated from 4.8 to 4.13. There are still a few packages that need specific older versions; those will continue to be maintained as long as other packages depend on them but may be removed in the future.
- The `nixLog*` family of functions made available through the standard environment have been rewritten to prefix messages with both the debug level and the function name of the caller.
The `nixLog` function, which logs unconditionally, was also re-introduced and modified to prefix messages with the function name of the caller.
For more information, [see this PR](https://github.com/NixOS/nixpkgs/pull/370742).
@@ -112,6 +169,10 @@
and the [4.2 release](https://github.com/netbox-community/netbox/releases/tag/v4.2.0),
make the required changes to your database, if needed, then upgrade by setting `services.netbox.package = pkgs.netbox_4_2;` in your configuration.
-`nodePackages.expo-cli` has been removed, as it was deprecated by upstream. The suggested replacement is the `npx expo` command.
- The `conduwuit` matrix server implementation has officially been discontinued by upstream and the package has thus been marked as vulnerable, as it is a security-sensitive package that has reached EOL.
- NetBox version 4.0.X available as `netbox_4_0` was removed. Please upgrade to `4.2`.
-`golangci-lint` has reached `v2`. Please read the changes and view the migration guide [here](https://golangci-lint.run/product/changelog/#200).
@@ -331,6 +392,7 @@
-`docker_24` has been removed, as it was EOL with vulnerabilities since June 08, 2024.
- Emacs 28 and 29 have been removed.
- Emacs 28 Macport has been removed, while CVEs of Emacs 29 Macport are patched.
-`containerd` has been updated to v2, which contains breaking changes. See the [containerd
@@ -381,6 +443,8 @@
-`titaniumenv`, `titanium`, and `titanium-alloy` have been removed due to lack of maintenance in Nixpkgs []{#sec-nixpkgs-release-25.05-incompatibilities-titanium-removed}.
-`octave` (and `octaveFull`) was updated to version `10.x`. The update broke a few `octavePackages`, and `librsb`. See [the PR's commits](https://github.com/NixOS/nixpkgs/pull/394495/commits) for more details.
- androidenv has been improved:
- All versions specified in composeAndroidPackages now track the latest. Android packages are automatically updated on unstable, and run the androidenv test suite on every update.
- Many androidenv packages are now searchable on [search.nixos.org](https://search.nixos.org).
@@ -390,14 +454,71 @@
-`gerbera` now has wavpack support.
-`buildPythonPackage`, `buildPythonApplication` and the Python building setup hooks now support both `__structuredAttrs = true` and `__structuredAttrs = false`.
-`buildGoModule` now supports a self-referencing `finalAttrs:` parameter
containing the final arguments including overrides.
This allows packaging configuration to be overridden in a consistent manner by
providing an alternative to `rec {}` syntax.
- Caddy can now be built with plugins by using `caddy.withPlugins`, a `passthru` function that accepts an attribute set as a parameter. The `plugins` argument represents a list of Caddy plugins, with each Caddy plugin being a versioned module. The `hash` argument represents the `vendorHash` of the resulting Caddy source code with the plugins added.
To get the necessary hash of the vendored dependencies, omit `hash`. The build will fail and tell you the correct value.
Note that all provided plugins must have versions/tags (string after `@`), even if upstream repo does not tag each release. For untagged plugins, you can either create an empty Go project and run `go get <plugin>` and see changes in `go.mod` to get the pseudo-version number, or provide a commit hash in place of version/tag for the first run, and update the plugin string based on the error output.
- GOverlay has been updated to 1.2, please check the [upstream changelog](https://github.com/benjamimgois/goverlay/releases) for more details.
-`tpm2-pkcs11` now has the variant `tpm2-pkcs11-fapi`, which has been patched to default to the Feature API backend. It has also been split into `tpm2-pkcs11-esapi`, which _only_ supports the older Enhanced System API backend. Note the [differences](https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.1/docs/FAPI.md), and that `tpm2-pkcs11` itself still needs `TPM2_PKCS11_BACKEND=fapi` exported in order to use the Feature API, whereas `tpm2-pkcs11-fapi` does not, and `tpm2-pkcs11-esapi` just does not support fapi entirely.
- For matrix homeserver Synapse we are now following the upstream recommendation to enable jemalloc as the memory allocator by default.
- Mattermost, a self-hosted chat collaboration platform supporting calls, playbooks, and boards, has been updated. It now has multiple versions, disabled telemetry, and a native frontend build in nixpkgs, removing all upstream prebuilt blobs.
- A new `pkgs.mattermost.buildPlugin` function has been added, which allows plugins to be built from source, including webapp frontends with a supported package-lock.json. See the Mattermost NixOS test and [manual](https://nixos.org/manual/nixos/unstable#sec-mattermost-plugins-build) for an example.
- The Mattermost frontend is now built from source and can be overridden. Note that the Mattermost derivation containing both the webapp and server is now wrapped to allow them to be built independently, so overrides to both webapp and server look like `mattermost.overrideAttrs (prev: { webapp = prev.webapp.override { ... }; server = prev.server.override { ... }; })` now.
-`pkgs.mattermost` has been updated from 9.11 to 10.5 to track the latest extended support release, since 9.11 will become end-of-life during the lifetime of NixOS 25.05.
-`pkgs.mattermostLatest` is now an option to track the latest (non-prerelease) Mattermost release. We test upgrade migrations from ESR releases (`pkgs.mattermost`) to `pkgs.mattermostLatest`.
- A new hardening flag, `nostrictaliasing` was made available, corresponding to the gcc/clang option `-fno-strict-aliasing`.
- The `stackclashprotection` hardening flag has been enabled by default on compilers that support it.
- In `dovecot` package removed hard coding path to module directory.
-`authelia` version 4.39.0 has made some changes which deprecate older configurations.
They are still expected to be working until future version 5.0.0, but will generate warnings in logs.
Read the [release notes](https://www.authelia.com/blog/4.39-release-notes/) for human readable summaries of the changes.
-`hddfancontrol` has been updated to major release 2. See the [migration guide](https://github.com/desbma/hddfancontrol/tree/master?tab=readme-ov-file#migrating-from-v1x), as there are breaking changes.
-`nextcloud-news-updater` is unmaintained and was removed from nixpkgs.
- KDE Partition Manager `partitionmanager`'s support for ReiserFS is removed.
ReiserFS has not been actively maintained for many years. It has been marked as obsolete since Linux 6.6, and
-`signal-desktop` has been migrated to a from source build. No state migration is necessary. In case there's no working source build available (like on Darwin), the the binary build is still available at `signal-desktop-bin`.
-`ddclient` was updated from 3.11.2 to 4.0.0 [Release notes](https://github.com/ddclient/ddclient/releases/tag/v4.0.0)
