staging-nixos merge for 2026-04-14 (#509851) (ec5a6e22) · Commits · nix / nixpkgs

doc/release-notes/rl-2605.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -337,6 +337,8 @@ gnuradioMinimal.override {

		- The `neovim` package and module now disable by default the `python3` and `ruby` providers, unused by most users and reducing closure size from 365MiB to 240MiB. Host provider executables are not exposed anymore along with the neovim wrapper. You can still refer to those using the neovim provider variables (e.g., `python3_host_prog`).

		- `canokey-qemu` support for `qemu` was restored (although disabled by default), after being marked as broken since nixpkgs 25.11. Please note that the format of canokey files has changed, and that some data created with older canokey-qemu release cannot be read by the current version. See the [documentation](https://github.com/canokeys/canokey-qemu/tree/v1?tab=readme-ov-file#compatibility-warning) for details.

		### Deprecations {#sec-nixpkgs-release-26.05-lib-deprecations}

		- `mpv-unwrapped.scripts` and `mpv-unwrapped.wrapper` have been removed. Please use `mpvScripts` and `mpv.override` accordingly.

+6 −0

Original line number	Diff line number	Diff line
		@@ -361,6 +361,12 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.

		- `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options.

		- The `networking.firewall.logRefusedConnections` option now defaults to
		`false`. Logging of refused or dropped incoming connections can generate a
		very high volume of kernel log messages on internet-facing systems, causing
		the kernel ring buffer (dmesg) to rotate quickly and potentially discard more
		relevant diagnostic information.

		- The `services.calibre-web` systemd service has been hardened with additional sandboxing restrictions.

		- `services.kanidm` options for server, client and unix were moved under dedicated namespaces.

+6 −6

Original line number	Diff line number	Diff line
		{
		x86_64-linux = "/nix/store/vals1fs2rl6yn5f8gbqj9mvly4r27shs-nix-2.31.4";
		i686-linux = "/nix/store/fyrlz8cdzvf5csdh5885wifpxc8ywdii-nix-2.31.4";
		aarch64-linux = "/nix/store/19p3nc892m7idfg2ngd1614660xqbhnm-nix-2.31.4";
		riscv64-linux = "/nix/store/x1isvq0xnyrg0l29qk2xlp929cgjsmqy-nix-riscv64-unknown-linux-gnu-2.31.4";
		x86_64-darwin = "/nix/store/4gqxzd5zkxcq271wi5saml4zd92rdkws-nix-2.31.4";
		aarch64-darwin = "/nix/store/r3gz609kdqchxcmil7dhbravbq8kwm93-nix-2.31.4";
		x86_64-linux = "/nix/store/q7f0d4m54yj98fcjmbkscw83j82fypnd-nix-2.34.6";
		i686-linux = "/nix/store/mlv349bmjjx34p50idp54rg0wsm44hws-nix-2.34.6";
		aarch64-linux = "/nix/store/wlcv2ymswfgwv1cj1q29p26rh26xj3nd-nix-2.34.6";
		riscv64-linux = "/nix/store/000b0vjlhw359rl82p8pld00g6363c78-nix-riscv64-unknown-linux-gnu-2.34.6";
		x86_64-darwin = "/nix/store/mqvv503c5l9kgjvc7vyxj3rdx5a71c11-nix-2.34.6";
		aarch64-darwin = "/nix/store/hcgga2smfm8lqirshrbfpk5j1my1wh4j-nix-2.34.6";
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -118,7 +118,7 @@ in

		logRefusedConnections = lib.mkOption {
		type = lib.types.bool;
		default = true;
		default = false;
		description = ''
		Whether to log rejected or dropped incoming connections.
		Note: The logs are found in the kernel logs, i.e. dmesg

+8 −5

Original line number	Diff line number	Diff line
		{ lib, pkgs, ... }:
		{
		lib,
		pkgs,
		hostPkgs,
		...
		}:
		{
		name = "systemd-initrd-luks-fido2";

		meta = {
		# `canokey-qemu` is marked broken.
		broken = true;
		};
		qemu.package = hostPkgs.qemu_test.override { canokeySupport = true; };

		nodes.machine =
		{ pkgs, config, ... }:
		@@ -22,6 +24,7 @@
		"-device canokey,bus=usb-bus.0,file=/tmp/canokey-file"
		];
		};

		boot.loader.systemd-boot.enable = true;

		boot.initrd.systemd.enable = true;